From ed0177f958f112c057156e675bfe24ada97b4561 Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Mon, 23 Jul 2018 14:49:25 -0700 Subject: [PATCH 01/43] WIP[SPIKE]: Create project token and policies --- Procfile | 2 +- cmd/argocd/commands/project.go | 87 ++ pkg/apis/application/v1alpha1/generated.pb.go | 585 ++++++++---- pkg/apis/application/v1alpha1/generated.proto | 12 + pkg/apis/application/v1alpha1/types.go | 28 +- .../v1alpha1/zz_generated.deepcopy.go | 28 + server/project/project.go | 83 +- server/project/project.pb.go | 903 +++++++++++++++++- server/project/project.pb.gw.go | 92 ++ server/project/project.proto | 40 + server/server.go | 4 +- server/session/session.pb.go | 95 +- server/session/session.proto | 1 + server/swagger.json | 126 +++ util/rbac/builtin-policy.csv | 1 + util/rbac/rbac.go | 38 +- util/session/sessionmanager.go | 15 + util/settings/settings.go | 2 + 18 files changed, 1903 insertions(+), 239 deletions(-) diff --git a/Procfile b/Procfile index 78946f4c275b6..17370eee6e7bf 100644 --- a/Procfile +++ b/Procfile @@ -1,4 +1,4 @@ controller: go run ./cmd/argocd-application-controller/main.go -api-server: go run ./cmd/argocd-server/main.go --insecure --disable-auth +api-server: go run ./cmd/argocd-server/main.go --insecure repo-server: go run ./cmd/argocd-repo-server/main.go --loglevel debug dex: sh -c "go run ./cmd/argocd-util/main.go gendexcfg -o `pwd`/dist/dex.yaml && docker run --rm -p 5556:5556 -p 5557:5557 -v `pwd`/dist/dex.yaml:/dex.yaml quay.io/coreos/dex:v2.10.0 serve /dex.yaml" diff --git a/cmd/argocd/commands/project.go b/cmd/argocd/commands/project.go index 0285322804f46..680a285ec440e 100644 --- a/cmd/argocd/commands/project.go +++ b/cmd/argocd/commands/project.go @@ -2,6 +2,7 @@ package commands import ( "os" + "time" log "github.com/sirupsen/logrus" "github.com/spf13/cobra" @@ -29,6 +30,12 @@ type projectOpts struct { sources []string } +type policyOpts struct { + action string + permission string + object string +} + func (opts *projectOpts) GetDestinations() []v1alpha1.ApplicationDestination { destinations := make([]v1alpha1.ApplicationDestination, 0) for _, destStr := range opts.destinations { @@ -55,6 +62,8 @@ func NewProjectCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { os.Exit(1) }, } + //TODO: Refector into token sub-command + command.AddCommand(NewProjectCreateTokenCommand(clientOpts)) command.AddCommand(NewProjectCreateCommand(clientOpts)) command.AddCommand(NewProjectDeleteCommand(clientOpts)) command.AddCommand(NewProjectListCommand(clientOpts)) @@ -63,6 +72,7 @@ func NewProjectCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { command.AddCommand(NewProjectRemoveDestinationCommand(clientOpts)) command.AddCommand(NewProjectAddSourceCommand(clientOpts)) command.AddCommand(NewProjectRemoveSourceCommand(clientOpts)) + command.AddCommand(NewProjectCreateTokenPolicyCommand(clientOpts)) return command } @@ -73,6 +83,83 @@ func addProjFlags(command *cobra.Command, opts *projectOpts) { command.Flags().StringArrayVarP(&opts.sources, "src", "s", []string{}, "Allowed deployment source repository URL.") } +func addPolicyFlags(command *cobra.Command, opts *policyOpts) { + command.Flags().StringVarP(&opts.action, "action", "a", "", "Action to grant/deny permission on") + command.Flags().StringVarP(&opts.permission, "permission", "p", "allow", "Whether to allow or deny access to object with the action. This can only be 'allow' or 'deny'") + command.Flags().StringVarP(&opts.object, "object", "o", "", "Object within the project to grant/deny access. Use '*' for a wildcard. Will want access to '/'") +} + +// NewProjectCreateTokenPolicyCommand returns a new instance of an `argocd proj token create-policy` command +func NewProjectCreateTokenPolicyCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { + var ( + opts policyOpts + ) + var command = &cobra.Command{ + //TODO: Change to `token add-policy` + Use: "create-token-policy PROJECT TOKEN-NAME", + Short: "Create a policy for a project token", + Run: func(c *cobra.Command, args []string) { + if len(args) != 2 { + c.HelpFunc()(c, args) + os.Exit(1) + } + //TODO: Check if this logic can be pushed into the flags library + if opts.permission != "allow" && opts.permission != "deny" { + log.Fatal("Permission flag can only have the values 'allow' or 'deny'") + } + + projName := args[0] + tokenName := args[1] + conn, projIf := argocdclient.NewClientOrDie(clientOpts).NewProjectClientOrDie() + defer util.Close(conn) + + proj, err := projIf.Get(context.Background(), &project.ProjectQuery{Name: projName}) + errors.CheckError(err) + + //TODO: Check if this project has token + + //TODO: Change to input an array of policies instead of just one? + _, err = projIf.CreateTokenPolicy(context.Background(), &project.ProjectTokenPolicyCreateRequest{Project: proj, Token: tokenName, Action: opts.action, Permission: opts.permission, Object: opts.object}) + errors.CheckError(err) + }, + } + addPolicyFlags(command, &opts) + return command +} + +// NewProjectCreateTokenCommand returns a new instance of an `argocd proj token create` command +func NewProjectCreateTokenCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { + var command = &cobra.Command{ + //TODO: Change to `token create` + Use: "create-token PROJECT TOKEN-NAME", + Short: "Create a project token", + Run: func(c *cobra.Command, args []string) { + if len(args) != 2 { + c.HelpFunc()(c, args) + os.Exit(1) + } + //TODO: Make validUntil configuriable + validUntil := time.Now().Add(time.Hour * 24).Unix() + projName := args[0] + tokenName := args[1] + conn, projIf := argocdclient.NewClientOrDie(clientOpts).NewProjectClientOrDie() + defer util.Close(conn) + + proj, err := projIf.Get(context.Background(), &project.ProjectQuery{Name: projName}) + errors.CheckError(err) + + token, err := projIf.CreateToken(context.Background(), &project.ProjectTokenCreateRequest{Project: proj, Token: &v1alpha1.ProjectToken{Name: tokenName, ValidUntil: validUntil}}) + errors.CheckError(err) + w := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0) + //TODO: Clean up message and think about how it should formatted + fmt.Fprintf(w, "New token for %s-%s:'%s'", projName, tokenName, token) + fmt.Fprintf(w, "Make sure to save token as it is not stored.") + _ = w.Flush() + }, + } + return command +} + // NewProjectCreateCommand returns a new instance of an `argocd proj create` command func NewProjectCreateCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { var ( diff --git a/pkg/apis/application/v1alpha1/generated.pb.go b/pkg/apis/application/v1alpha1/generated.pb.go index a72ea8c8b7867..35a73b5ac6cca 100644 --- a/pkg/apis/application/v1alpha1/generated.pb.go +++ b/pkg/apis/application/v1alpha1/generated.pb.go @@ -30,6 +30,7 @@ HookStatus Operation OperationState + ProjectToken Repository RepositoryList ResourceDetails @@ -157,53 +158,57 @@ func (m *OperationState) Reset() { *m = OperationState{} } func (*OperationState) ProtoMessage() {} func (*OperationState) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{21} } +func (m *ProjectToken) Reset() { *m = ProjectToken{} } +func (*ProjectToken) ProtoMessage() {} +func (*ProjectToken) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{22} } + func (m *Repository) Reset() { *m = Repository{} } func (*Repository) ProtoMessage() {} -func (*Repository) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{22} } +func (*Repository) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{23} } func (m *RepositoryList) Reset() { *m = RepositoryList{} } func (*RepositoryList) ProtoMessage() {} -func (*RepositoryList) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{23} } +func (*RepositoryList) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{24} } func (m *ResourceDetails) Reset() { *m = ResourceDetails{} } func (*ResourceDetails) ProtoMessage() {} -func (*ResourceDetails) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{24} } +func (*ResourceDetails) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{25} } func (m *ResourceNode) Reset() { *m = ResourceNode{} } func (*ResourceNode) ProtoMessage() {} -func (*ResourceNode) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{25} } +func (*ResourceNode) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{26} } func (m *ResourceState) Reset() { *m = ResourceState{} } func (*ResourceState) ProtoMessage() {} -func (*ResourceState) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{26} } +func (*ResourceState) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{27} } func (m *RollbackOperation) Reset() { *m = RollbackOperation{} } func (*RollbackOperation) ProtoMessage() {} -func (*RollbackOperation) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{27} } +func (*RollbackOperation) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{28} } func (m *SyncOperation) Reset() { *m = SyncOperation{} } func (*SyncOperation) ProtoMessage() {} -func (*SyncOperation) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{28} } +func (*SyncOperation) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{29} } func (m *SyncOperationResult) Reset() { *m = SyncOperationResult{} } func (*SyncOperationResult) ProtoMessage() {} -func (*SyncOperationResult) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{29} } +func (*SyncOperationResult) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{30} } func (m *SyncStrategy) Reset() { *m = SyncStrategy{} } func (*SyncStrategy) ProtoMessage() {} -func (*SyncStrategy) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{30} } +func (*SyncStrategy) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{31} } func (m *SyncStrategyApply) Reset() { *m = SyncStrategyApply{} } func (*SyncStrategyApply) ProtoMessage() {} -func (*SyncStrategyApply) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{31} } +func (*SyncStrategyApply) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{32} } func (m *SyncStrategyHook) Reset() { *m = SyncStrategyHook{} } func (*SyncStrategyHook) ProtoMessage() {} -func (*SyncStrategyHook) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{32} } +func (*SyncStrategyHook) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{33} } func (m *TLSClientConfig) Reset() { *m = TLSClientConfig{} } func (*TLSClientConfig) ProtoMessage() {} -func (*TLSClientConfig) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{33} } +func (*TLSClientConfig) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{34} } func init() { proto.RegisterType((*AppProject)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.AppProject") @@ -228,6 +233,7 @@ func init() { proto.RegisterType((*HookStatus)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.HookStatus") proto.RegisterType((*Operation)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.Operation") proto.RegisterType((*OperationState)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.OperationState") + proto.RegisterType((*ProjectToken)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.ProjectToken") proto.RegisterType((*Repository)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.Repository") proto.RegisterType((*RepositoryList)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.RepositoryList") proto.RegisterType((*ResourceDetails)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.ResourceDetails") @@ -359,6 +365,18 @@ func (m *AppProjectSpec) MarshalTo(dAtA []byte) (int, error) { i++ i = encodeVarintGenerated(dAtA, i, uint64(len(m.Description))) i += copy(dAtA[i:], m.Description) + if len(m.Tokens) > 0 { + for _, msg := range m.Tokens { + dAtA[i] = 0x22 + i++ + i = encodeVarintGenerated(dAtA, i, uint64(msg.Size())) + n, err := msg.MarshalTo(dAtA[i:]) + if err != nil { + return 0, err + } + i += n + } + } return i, nil } @@ -1182,6 +1200,46 @@ func (m *OperationState) MarshalTo(dAtA []byte) (int, error) { return i, nil } +func (m *ProjectToken) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *ProjectToken) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + dAtA[i] = 0xa + i++ + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Name))) + i += copy(dAtA[i:], m.Name) + if len(m.Policies) > 0 { + for _, s := range m.Policies { + dAtA[i] = 0x12 + i++ + l = len(s) + for l >= 1<<7 { + dAtA[i] = uint8(uint64(l)&0x7f | 0x80) + l >>= 7 + i++ + } + dAtA[i] = uint8(l) + i++ + i += copy(dAtA[i:], s) + } + } + dAtA[i] = 0x18 + i++ + i = encodeVarintGenerated(dAtA, i, uint64(m.ValidUntil)) + return i, nil +} + func (m *Repository) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -1703,6 +1761,12 @@ func (m *AppProjectSpec) Size() (n int) { } l = len(m.Description) n += 1 + l + sovGenerated(uint64(l)) + if len(m.Tokens) > 0 { + for _, e := range m.Tokens { + l = e.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + } return n } @@ -2013,6 +2077,21 @@ func (m *OperationState) Size() (n int) { return n } +func (m *ProjectToken) Size() (n int) { + var l int + _ = l + l = len(m.Name) + n += 1 + l + sovGenerated(uint64(l)) + if len(m.Policies) > 0 { + for _, s := range m.Policies { + l = len(s) + n += 1 + l + sovGenerated(uint64(l)) + } + } + n += 1 + sovGenerated(uint64(m.ValidUntil)) + return n +} + func (m *Repository) Size() (n int) { var l int _ = l @@ -2229,6 +2308,7 @@ func (this *AppProjectSpec) String() string { `SourceRepos:` + fmt.Sprintf("%v", this.SourceRepos) + `,`, `Destinations:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Destinations), "ApplicationDestination", "ApplicationDestination", 1), `&`, ``, 1) + `,`, `Description:` + fmt.Sprintf("%v", this.Description) + `,`, + `Tokens:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Tokens), "ProjectToken", "ProjectToken", 1), `&`, ``, 1) + `,`, `}`, }, "") return s @@ -2473,6 +2553,18 @@ func (this *OperationState) String() string { }, "") return s } +func (this *ProjectToken) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&ProjectToken{`, + `Name:` + fmt.Sprintf("%v", this.Name) + `,`, + `Policies:` + fmt.Sprintf("%v", this.Policies) + `,`, + `ValidUntil:` + fmt.Sprintf("%v", this.ValidUntil) + `,`, + `}`, + }, "") + return s +} func (this *Repository) String() string { if this == nil { return "nil" @@ -2966,6 +3058,37 @@ func (m *AppProjectSpec) Unmarshal(dAtA []byte) error { } m.Description = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Tokens", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Tokens = append(m.Tokens, ProjectToken{}) + if err := m.Tokens[len(m.Tokens)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -5996,6 +6119,133 @@ func (m *OperationState) Unmarshal(dAtA []byte) error { } return nil } +func (m *ProjectToken) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ProjectToken: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ProjectToken: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Name = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Policies", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Policies = append(m.Policies, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + case 3: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field ValidUntil", wireType) + } + m.ValidUntil = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.ValidUntil |= (int64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func (m *Repository) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 @@ -7776,158 +8026,163 @@ func init() { } var fileDescriptorGenerated = []byte{ - // 2446 bytes of a gzipped FileDescriptorProto + // 2522 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xd4, 0x59, 0x4b, 0x8c, 0x1c, 0x47, - 0x19, 0x76, 0xcf, 0x6b, 0x67, 0xfe, 0xd9, 0x87, 0x5d, 0x79, 0x30, 0x38, 0xd2, 0xee, 0xaa, 0xc3, - 0xc3, 0xa0, 0x64, 0x06, 0x1b, 0x02, 0xe6, 0x21, 0x24, 0xcf, 0xae, 0x1d, 0x6f, 0xd6, 0x8f, 0xa5, - 0x66, 0x13, 0xa4, 0x10, 0x05, 0xda, 0x3d, 0xb5, 0x33, 0xed, 0x99, 0xe9, 0xee, 0x74, 0xd5, 0x8c, - 0x35, 0x12, 0x41, 0x41, 0x08, 0x29, 0xbc, 0x24, 0x10, 0x42, 0x5c, 0x39, 0x70, 0x42, 0x48, 0x48, - 0x88, 0x13, 0x12, 0x07, 0x38, 0x20, 0x1f, 0x73, 0x00, 0x11, 0x05, 0xb4, 0xc2, 0x9b, 0x4b, 0x24, - 0x0e, 0xdc, 0x73, 0x42, 0xf5, 0xe8, 0xae, 0xea, 0x9e, 0x5d, 0x76, 0xed, 0x69, 0x1b, 0x72, 0xeb, - 0xfe, 0xff, 0xbf, 0xff, 0xef, 0xaf, 0xbf, 0xfe, 0xfa, 0x1f, 0xd5, 0xb0, 0xd5, 0xf3, 0x58, 0x7f, - 0x7c, 0xab, 0xe9, 0x06, 0xa3, 0x96, 0x13, 0xf5, 0x82, 0x30, 0x0a, 0x6e, 0x8b, 0x87, 0x67, 0xdd, - 0x6e, 0x2b, 0x1c, 0xf4, 0x5a, 0x4e, 0xe8, 0xd1, 0x96, 0x13, 0x86, 0x43, 0xcf, 0x75, 0x98, 0x17, - 0xf8, 0xad, 0xc9, 0x79, 0x67, 0x18, 0xf6, 0x9d, 0xf3, 0xad, 0x1e, 0xf1, 0x49, 0xe4, 0x30, 0xd2, - 0x6d, 0x86, 0x51, 0xc0, 0x02, 0xf4, 0x79, 0xad, 0xaa, 0x19, 0xab, 0x12, 0x0f, 0x5f, 0x77, 0xbb, - 0xcd, 0x70, 0xd0, 0x6b, 0x72, 0x55, 0x4d, 0x43, 0x55, 0x33, 0x56, 0x75, 0xf6, 0x59, 0xc3, 0x8a, - 0x5e, 0xd0, 0x0b, 0x5a, 0x42, 0xe3, 0xad, 0xf1, 0x9e, 0x78, 0x13, 0x2f, 0xe2, 0x49, 0x22, 0x9d, - 0xfd, 0xcc, 0xe0, 0x22, 0x6d, 0x7a, 0x01, 0xb7, 0x6d, 0xe4, 0xb8, 0x7d, 0xcf, 0x27, 0xd1, 0x54, - 0x1b, 0x3b, 0x22, 0xcc, 0x69, 0x4d, 0x66, 0xec, 0x3b, 0xdb, 0x3a, 0xea, 0xab, 0x68, 0xec, 0x33, - 0x6f, 0x44, 0x66, 0x3e, 0xf8, 0xec, 0x71, 0x1f, 0x50, 0xb7, 0x4f, 0x46, 0xce, 0xcc, 0x77, 0x9f, - 0x3e, 0xea, 0xbb, 0x31, 0xf3, 0x86, 0x2d, 0xcf, 0x67, 0x94, 0x45, 0xd9, 0x8f, 0xec, 0xbf, 0x5b, - 0x00, 0x97, 0xc2, 0x70, 0x27, 0x0a, 0x6e, 0x13, 0x97, 0xa1, 0x6f, 0x40, 0x95, 0xaf, 0xa3, 0xeb, - 0x30, 0xa7, 0x61, 0xad, 0x5b, 0xe7, 0xea, 0x17, 0x3e, 0xd5, 0x94, 0x6a, 0x9b, 0xa6, 0x5a, 0xed, - 0x57, 0x2e, 0xdd, 0x9c, 0x9c, 0x6f, 0xde, 0xbc, 0xc5, 0xbf, 0xbf, 0x4e, 0x98, 0xd3, 0x46, 0x77, - 0xf7, 0xd7, 0x4e, 0x1d, 0xec, 0xaf, 0x81, 0xa6, 0xe1, 0x44, 0x2b, 0x1a, 0x40, 0x89, 0x86, 0xc4, - 0x6d, 0x14, 0x84, 0xf6, 0xad, 0xe6, 0x03, 0xef, 0x5e, 0x53, 0x9b, 0xdd, 0x09, 0x89, 0xdb, 0x5e, - 0x54, 0xb0, 0x25, 0xfe, 0x86, 0x05, 0x88, 0xfd, 0x8e, 0x05, 0xcb, 0x5a, 0xec, 0x9a, 0x47, 0x19, - 0x7a, 0x65, 0x66, 0x85, 0xcd, 0x93, 0xad, 0x90, 0x7f, 0x2d, 0xd6, 0x77, 0x5a, 0x01, 0x55, 0x63, - 0x8a, 0xb1, 0xba, 0xdb, 0x50, 0xf6, 0x18, 0x19, 0xd1, 0x46, 0x61, 0xbd, 0x78, 0xae, 0x7e, 0xe1, - 0x72, 0x2e, 0xcb, 0x6b, 0x2f, 0x29, 0xc4, 0xf2, 0x16, 0xd7, 0x8d, 0x25, 0x84, 0xfd, 0x66, 0xc1, - 0x5c, 0x1c, 0x5f, 0x35, 0x3a, 0x0f, 0x75, 0x1a, 0x8c, 0x23, 0x97, 0x60, 0x12, 0x06, 0xb4, 0x61, - 0xad, 0x17, 0xcf, 0xd5, 0xda, 0x2b, 0x07, 0xfb, 0x6b, 0xf5, 0x8e, 0x26, 0x63, 0x53, 0x06, 0xfd, - 0xc0, 0x82, 0xc5, 0x2e, 0xa1, 0xcc, 0xf3, 0x05, 0x7e, 0x6c, 0xf9, 0x57, 0xe6, 0xb3, 0x3c, 0x26, - 0x6e, 0x6a, 0xcd, 0xed, 0xc7, 0xd5, 0x2a, 0x16, 0x0d, 0x22, 0xc5, 0x29, 0x70, 0xf4, 0x1c, 0xd4, - 0xbb, 0x84, 0xba, 0x91, 0x17, 0xf2, 0xf7, 0x46, 0x71, 0xdd, 0x3a, 0x57, 0x6b, 0x3f, 0xa6, 0x3e, - 0xac, 0x6f, 0x6a, 0x16, 0x36, 0xe5, 0xec, 0x3f, 0x17, 0xa1, 0x6e, 0xa0, 0x3e, 0x82, 0x30, 0x1e, - 0xa6, 0xc2, 0xf8, 0x85, 0x7c, 0xbc, 0x75, 0x54, 0x1c, 0x23, 0x06, 0x15, 0xca, 0x1c, 0x36, 0xa6, - 0xc2, 0x23, 0xf5, 0x0b, 0xd7, 0x72, 0xc2, 0x13, 0x3a, 0xdb, 0xcb, 0x0a, 0xb1, 0x22, 0xdf, 0xb1, - 0xc2, 0x42, 0xaf, 0x41, 0x2d, 0x08, 0x79, 0xb6, 0xe0, 0x5b, 0x51, 0x12, 0xc0, 0x9b, 0x73, 0x00, - 0xdf, 0x8c, 0x75, 0xb5, 0x97, 0x0e, 0xf6, 0xd7, 0x6a, 0xc9, 0x2b, 0xd6, 0x28, 0xb6, 0x0b, 0x8f, - 0x1b, 0xf6, 0x6d, 0x04, 0x7e, 0xd7, 0x13, 0x1b, 0xba, 0x0e, 0x25, 0x36, 0x0d, 0x89, 0xd8, 0xcc, - 0x9a, 0x76, 0xd1, 0xee, 0x34, 0x24, 0x58, 0x70, 0xd0, 0x27, 0x60, 0x61, 0x44, 0x28, 0x75, 0x7a, - 0x44, 0xec, 0x49, 0xad, 0xbd, 0xa2, 0x84, 0x16, 0xae, 0x4b, 0x32, 0x8e, 0xf9, 0xf6, 0x6b, 0xf0, - 0xe4, 0xe1, 0x21, 0x8a, 0x3e, 0x06, 0x15, 0x4a, 0xa2, 0x09, 0x89, 0x14, 0x90, 0xf6, 0x8c, 0xa0, - 0x62, 0xc5, 0x45, 0x2d, 0xa8, 0xf9, 0xce, 0x88, 0xd0, 0xd0, 0x71, 0x63, 0xb8, 0x33, 0x4a, 0xb4, - 0x76, 0x23, 0x66, 0x60, 0x2d, 0x63, 0xff, 0xc3, 0x82, 0x15, 0x03, 0xf3, 0x11, 0x64, 0xa2, 0x41, - 0x3a, 0x13, 0x5d, 0xc9, 0x27, 0x62, 0x8e, 0x48, 0x45, 0x7f, 0x2c, 0xc2, 0x19, 0x33, 0xae, 0x44, - 0x7e, 0xe1, 0x5b, 0x12, 0x91, 0x30, 0x78, 0x11, 0x5f, 0x53, 0xee, 0x4c, 0xb6, 0x04, 0x4b, 0x32, - 0x8e, 0xf9, 0x7c, 0x7f, 0x43, 0x87, 0xf5, 0x95, 0x2f, 0x93, 0xfd, 0xdd, 0x71, 0x58, 0x1f, 0x0b, - 0x0e, 0xcf, 0x0c, 0xc4, 0x9f, 0x78, 0x51, 0xe0, 0x8f, 0x88, 0xcf, 0xb2, 0x99, 0xe1, 0xb2, 0x66, - 0x61, 0x53, 0x0e, 0x7d, 0x19, 0x96, 0x99, 0x13, 0xf5, 0x08, 0xc3, 0x64, 0xe2, 0xd1, 0x38, 0x90, - 0x6b, 0xed, 0x27, 0xd5, 0x97, 0xcb, 0xbb, 0x29, 0x2e, 0xce, 0x48, 0xa3, 0xdf, 0x59, 0xf0, 0x94, - 0x1b, 0x8c, 0xc2, 0xc0, 0x27, 0x3e, 0xdb, 0x71, 0x22, 0x67, 0x44, 0x18, 0x89, 0x6e, 0x4e, 0x48, - 0x14, 0x79, 0x5d, 0x42, 0x1b, 0x65, 0xe1, 0xdd, 0xeb, 0x73, 0x78, 0x77, 0x63, 0x46, 0x7b, 0xfb, - 0x69, 0x65, 0xdc, 0x53, 0x1b, 0x47, 0x23, 0xe3, 0xff, 0x66, 0x16, 0x2f, 0x04, 0x13, 0x67, 0x38, - 0x26, 0xf4, 0x8a, 0x37, 0x24, 0xb4, 0x51, 0xd1, 0x85, 0xe0, 0x25, 0x4d, 0xc6, 0xa6, 0x8c, 0xfd, - 0x87, 0x42, 0x2a, 0x44, 0x3b, 0x71, 0xde, 0x11, 0x7b, 0xa9, 0x02, 0x34, 0xaf, 0xbc, 0x23, 0x74, - 0x1a, 0xa7, 0x4b, 0xd6, 0x23, 0x85, 0x85, 0xde, 0xb4, 0x44, 0x15, 0x88, 0x4f, 0xa5, 0xca, 0xb1, - 0x0f, 0xa1, 0x22, 0x99, 0x85, 0x25, 0x26, 0x62, 0x13, 0x9a, 0x87, 0x70, 0x28, 0xeb, 0xab, 0x8a, - 0xb8, 0x24, 0x84, 0x55, 0xd9, 0xc5, 0x31, 0xdf, 0xfe, 0x45, 0x25, 0x7d, 0x06, 0x64, 0x0e, 0xfd, - 0x89, 0x05, 0xa7, 0xf9, 0x46, 0x39, 0x91, 0x47, 0x03, 0x1f, 0x13, 0x3a, 0x1e, 0x32, 0xe5, 0xcc, - 0xed, 0x39, 0x83, 0xc6, 0x54, 0xd9, 0x6e, 0x28, 0xbb, 0x4e, 0x67, 0x39, 0x78, 0x06, 0x1e, 0x31, - 0x58, 0xe8, 0x7b, 0x94, 0x05, 0xd1, 0x54, 0x25, 0x87, 0x79, 0xba, 0xb0, 0x4d, 0x12, 0x0e, 0x83, - 0x29, 0x3f, 0x6b, 0x5b, 0xfe, 0x5e, 0xa0, 0xfd, 0x73, 0x55, 0x22, 0xe0, 0x18, 0x0a, 0x7d, 0xdb, - 0x02, 0x08, 0xe3, 0x48, 0xe5, 0x85, 0xec, 0x21, 0x1c, 0x9c, 0xa4, 0x66, 0x27, 0x24, 0x8a, 0x0d, - 0x50, 0x14, 0x40, 0xa5, 0x4f, 0x9c, 0x21, 0xeb, 0xab, 0x72, 0xf6, 0xfc, 0x1c, 0xf0, 0x57, 0x85, - 0xa2, 0x6c, 0x09, 0x95, 0x54, 0xac, 0x60, 0xd0, 0x77, 0x2d, 0x58, 0x4e, 0xaa, 0x1b, 0x97, 0x25, - 0x8d, 0xf2, 0xdc, 0x8d, 0xef, 0xcd, 0x94, 0xc2, 0x36, 0xe2, 0x69, 0x2c, 0x4d, 0xc3, 0x19, 0x50, - 0xf4, 0x1d, 0x0b, 0xc0, 0x8d, 0xab, 0xa9, 0xcc, 0x07, 0xf5, 0x0b, 0x37, 0xf3, 0x39, 0x51, 0x49, - 0x95, 0xd6, 0xee, 0x4f, 0x48, 0x14, 0x1b, 0xb0, 0xf6, 0xbb, 0x16, 0x3c, 0x61, 0x7c, 0xf8, 0x55, - 0x87, 0xb9, 0xfd, 0xcb, 0x13, 0x9e, 0xa6, 0xb7, 0x53, 0xf5, 0xfd, 0x73, 0x66, 0x7d, 0x7f, 0x7f, - 0x7f, 0xed, 0xe3, 0x47, 0x4d, 0x36, 0x77, 0xb8, 0x86, 0xa6, 0x50, 0x61, 0xb4, 0x02, 0xaf, 0x43, - 0xdd, 0xb0, 0x59, 0xa5, 0x8f, 0xbc, 0x0a, 0x60, 0x92, 0x33, 0x0c, 0x22, 0x36, 0xf1, 0xec, 0xbf, - 0x16, 0x60, 0x61, 0x63, 0x38, 0xa6, 0x8c, 0x44, 0x27, 0x6e, 0x28, 0xd6, 0xa1, 0xc4, 0x9b, 0x85, - 0x6c, 0xfd, 0xe3, 0xbd, 0x04, 0x16, 0x1c, 0x14, 0x42, 0xc5, 0x0d, 0xfc, 0x3d, 0xaf, 0xa7, 0x5a, - 0xc0, 0xab, 0xf3, 0x9c, 0x1c, 0x69, 0xdd, 0x86, 0xd0, 0xa7, 0x6d, 0x92, 0xef, 0x58, 0xe1, 0xa0, - 0x1f, 0x59, 0xb0, 0xe2, 0x06, 0xbe, 0x4f, 0x5c, 0x1d, 0xbc, 0xa5, 0xb9, 0xdb, 0xdd, 0x8d, 0xb4, - 0xc6, 0xf6, 0x87, 0x14, 0xfa, 0x4a, 0x86, 0x81, 0xb3, 0xd8, 0xf6, 0x6f, 0x0b, 0xb0, 0x94, 0xb2, - 0x1c, 0x3d, 0x03, 0xd5, 0x31, 0x25, 0x91, 0xf0, 0x9c, 0xf4, 0x6f, 0xd2, 0x11, 0xbd, 0xa8, 0xe8, - 0x38, 0x91, 0xe0, 0xd2, 0xa1, 0x43, 0xe9, 0x9d, 0x20, 0xea, 0x2a, 0x3f, 0x27, 0xd2, 0x3b, 0x8a, - 0x8e, 0x13, 0x09, 0xde, 0x6f, 0xdc, 0x22, 0x4e, 0x44, 0xa2, 0xdd, 0x60, 0x40, 0x66, 0x26, 0x91, - 0xb6, 0x66, 0x61, 0x53, 0x4e, 0x38, 0x8d, 0x0d, 0xe9, 0xc6, 0xd0, 0x23, 0x3e, 0x93, 0x66, 0xe6, - 0xe0, 0xb4, 0xdd, 0x6b, 0x1d, 0x53, 0xa3, 0x76, 0x5a, 0x86, 0x81, 0xb3, 0xd8, 0xf6, 0x5f, 0x2c, - 0xa8, 0x2b, 0xa7, 0x3d, 0x82, 0xa6, 0xb3, 0x97, 0x6e, 0x3a, 0xdb, 0xf3, 0xc7, 0xe8, 0x11, 0x0d, - 0xe7, 0xaf, 0x8b, 0x30, 0x53, 0xe9, 0xd0, 0xab, 0x3c, 0xc7, 0x71, 0x1a, 0xe9, 0x5e, 0x8a, 0x8b, - 0xec, 0x27, 0x4f, 0xb6, 0xba, 0x5d, 0x6f, 0x44, 0xcc, 0xf4, 0x15, 0x6b, 0xc1, 0x86, 0x46, 0xf4, - 0x86, 0xa5, 0x01, 0x76, 0x03, 0x95, 0x57, 0xf2, 0x6d, 0x89, 0x66, 0x4c, 0xd8, 0x0d, 0xb0, 0x81, - 0x89, 0xbe, 0x90, 0x0c, 0x82, 0x65, 0x11, 0x90, 0x76, 0x7a, 0x74, 0x7b, 0x3f, 0xd5, 0x00, 0x64, - 0xc6, 0xb9, 0x29, 0xd4, 0x22, 0x22, 0x5b, 0xac, 0xb8, 0x02, 0xcc, 0x93, 0x44, 0xb0, 0xd2, 0x25, - 0x8f, 0x71, 0x32, 0xfe, 0xc4, 0x64, 0x8a, 0x35, 0x9a, 0xfd, 0x43, 0x0b, 0xd0, 0x6c, 0xb9, 0xe6, - 0x63, 0x54, 0xd2, 0xc4, 0xaa, 0x03, 0x9c, 0xe8, 0x49, 0xc4, 0xb1, 0x96, 0x39, 0x41, 0x9a, 0x7c, - 0x1a, 0xca, 0xa2, 0xa9, 0x55, 0x07, 0x36, 0x89, 0x1e, 0xd1, 0xf6, 0x62, 0xc9, 0xb3, 0xff, 0x64, - 0x41, 0x36, 0xdd, 0x88, 0x4c, 0x2d, 0x3d, 0x9b, 0xcd, 0xd4, 0x69, 0x2f, 0x9e, 0x7c, 0xce, 0x44, - 0xaf, 0x40, 0xdd, 0x61, 0x8c, 0x8c, 0x42, 0x26, 0x02, 0xb2, 0x78, 0xdf, 0x01, 0xb9, 0xcc, 0x23, - 0xe1, 0x7a, 0xd0, 0xf5, 0xf6, 0x3c, 0x11, 0x8c, 0xa6, 0x3a, 0xfb, 0xbd, 0x22, 0x2c, 0xa7, 0x9b, - 0x2f, 0x34, 0x86, 0x8a, 0x68, 0x76, 0xe4, 0xcd, 0x4f, 0xee, 0xdd, 0x55, 0xe2, 0x12, 0x41, 0xa2, - 0x58, 0x81, 0xf1, 0xc4, 0x1a, 0xc5, 0xd3, 0x55, 0x26, 0xb1, 0x26, 0x73, 0x55, 0x22, 0x71, 0xec, - 0x44, 0x55, 0xfc, 0xff, 0x9c, 0xa8, 0x5e, 0x05, 0xe8, 0x0a, 0x6f, 0x8b, 0xbd, 0x2c, 0x3d, 0x78, - 0x72, 0xd9, 0x4c, 0xb4, 0x60, 0x43, 0x23, 0x3a, 0x0b, 0x05, 0xaf, 0x2b, 0x4e, 0x75, 0xb1, 0x0d, - 0x4a, 0xb6, 0xb0, 0xb5, 0x89, 0x0b, 0x5e, 0xd7, 0xa6, 0xb0, 0x68, 0x76, 0x9b, 0x27, 0x8e, 0xd5, - 0x2f, 0xc2, 0x92, 0x7c, 0xda, 0x24, 0xcc, 0xf1, 0x86, 0x54, 0xed, 0xce, 0x13, 0x4a, 0x7c, 0xa9, - 0x63, 0x32, 0x71, 0x5a, 0xd6, 0xfe, 0x79, 0x01, 0xe0, 0x6a, 0x10, 0x0c, 0x14, 0x66, 0x7c, 0xf4, - 0xac, 0x23, 0x8f, 0xde, 0x3a, 0x94, 0x06, 0x9e, 0xdf, 0xcd, 0x1e, 0xce, 0x6d, 0xcf, 0xef, 0x62, - 0xc1, 0x41, 0x17, 0x00, 0x9c, 0xd0, 0x7b, 0x89, 0x44, 0x54, 0x5f, 0xee, 0x25, 0x7e, 0xb9, 0xb4, - 0xb3, 0xa5, 0x38, 0xd8, 0x90, 0x42, 0xcf, 0xa8, 0xce, 0x50, 0x8e, 0xed, 0x8d, 0x4c, 0x67, 0x58, - 0xe5, 0x16, 0x1a, 0xad, 0xdf, 0xc5, 0x4c, 0x7e, 0x5c, 0x9f, 0xc9, 0x8f, 0xba, 0x53, 0xde, 0xe9, - 0x3b, 0x94, 0x1c, 0x76, 0xae, 0x2b, 0xc7, 0xdc, 0x1f, 0xfd, 0xcb, 0x02, 0x7d, 0x7b, 0x85, 0xf6, - 0xa0, 0x44, 0xa7, 0xbe, 0xab, 0xea, 0xcd, 0x3c, 0x19, 0xb5, 0x33, 0xf5, 0x5d, 0x7d, 0x49, 0x56, - 0x15, 0x77, 0x80, 0x53, 0xdf, 0xc5, 0x42, 0x3f, 0x9a, 0x40, 0x35, 0x0a, 0x86, 0xc3, 0x5b, 0x8e, - 0x3b, 0xc8, 0xa1, 0xf4, 0x60, 0xa5, 0x4a, 0xe3, 0x2d, 0x8a, 0xf3, 0xaa, 0xc8, 0x38, 0xc1, 0xb2, - 0x7f, 0x53, 0x86, 0xcc, 0x74, 0x81, 0xc6, 0xe6, 0xc5, 0xa0, 0x95, 0xe3, 0xc5, 0x60, 0x92, 0xfd, - 0x0f, 0xbb, 0x1c, 0x44, 0xcf, 0x41, 0x39, 0xe4, 0x7b, 0xa6, 0x22, 0x6c, 0x2d, 0xce, 0xed, 0x62, - 0x23, 0x0f, 0xd9, 0x5a, 0x29, 0x6d, 0xee, 0x6c, 0xf1, 0x98, 0x8c, 0xfd, 0x2d, 0x00, 0xee, 0x6b, - 0x35, 0xa6, 0xcb, 0x43, 0x7e, 0x23, 0xaf, 0x1d, 0x55, 0x93, 0xba, 0x48, 0xea, 0x9d, 0x04, 0x05, - 0x1b, 0x88, 0xe8, 0xfb, 0x16, 0x2c, 0xc7, 0x8e, 0x57, 0x46, 0x94, 0x1f, 0x8a, 0x11, 0x62, 0x66, - 0xc4, 0x29, 0x24, 0x9c, 0x41, 0x46, 0x5f, 0x83, 0x1a, 0x65, 0x4e, 0x24, 0x8b, 0x57, 0xe5, 0xbe, - 0x13, 0x5e, 0xb2, 0x97, 0x9d, 0x58, 0x09, 0xd6, 0xfa, 0xd0, 0xcb, 0x00, 0x7b, 0x9e, 0xef, 0xd1, - 0xbe, 0xd0, 0xbe, 0xf0, 0x60, 0xa5, 0xf1, 0x4a, 0xa2, 0x01, 0x1b, 0xda, 0xec, 0xbf, 0x15, 0x00, - 0xc4, 0xcf, 0x0d, 0x4f, 0x5c, 0x3c, 0xac, 0x43, 0x29, 0x22, 0x61, 0x90, 0xcd, 0x5c, 0x5c, 0x02, - 0x0b, 0x4e, 0x6a, 0x8e, 0x28, 0xdc, 0xd7, 0x1c, 0x51, 0x3c, 0x76, 0x8e, 0xe0, 0x39, 0x98, 0xf6, - 0x77, 0x22, 0x6f, 0xe2, 0x30, 0xb2, 0x4d, 0xa6, 0x2a, 0x91, 0xe9, 0x1c, 0xdc, 0xb9, 0xaa, 0x99, - 0x38, 0x2d, 0x7b, 0xe8, 0x08, 0x56, 0xfe, 0x1f, 0x8e, 0x60, 0xef, 0x58, 0xb0, 0xac, 0x3d, 0xfb, - 0xc1, 0xfa, 0x9f, 0xa6, 0xed, 0x3e, 0x62, 0xa6, 0xf8, 0xb7, 0x05, 0x2b, 0x71, 0xf7, 0xaa, 0x8a, - 0x60, 0x2e, 0x55, 0x2f, 0xf5, 0xb3, 0xa0, 0x78, 0xfc, 0xcf, 0x02, 0x33, 0x61, 0x95, 0x8e, 0x49, - 0x58, 0x5f, 0xca, 0xd4, 0xbb, 0x8f, 0xcc, 0xd4, 0x3b, 0x94, 0xf4, 0xe9, 0x53, 0xdf, 0x4d, 0xf7, - 0x07, 0xf6, 0xaf, 0x2c, 0x58, 0x8c, 0xd9, 0x37, 0x82, 0xae, 0xe8, 0x9e, 0xa9, 0x08, 0x32, 0x2b, - 0xdd, 0x3d, 0xcb, 0x70, 0x90, 0x3c, 0x34, 0x86, 0xaa, 0xdb, 0xf7, 0x86, 0xdd, 0x88, 0xf8, 0x6a, - 0x5b, 0x9e, 0xcf, 0x61, 0x8c, 0xe0, 0xf8, 0x3a, 0x14, 0x36, 0x14, 0x00, 0x4e, 0xa0, 0xec, 0xdf, - 0x17, 0x61, 0x29, 0x35, 0x73, 0xf0, 0x11, 0x5d, 0xde, 0xd6, 0x77, 0x0c, 0x9b, 0x93, 0x11, 0x7d, - 0x57, 0xb3, 0xb0, 0x29, 0xc7, 0xf7, 0x63, 0xe8, 0x4d, 0xa4, 0x8e, 0xec, 0xcf, 0x9b, 0x6b, 0x31, - 0x03, 0x6b, 0x19, 0x63, 0xe8, 0x2a, 0xde, 0xf7, 0xd0, 0xf5, 0x53, 0x0b, 0x90, 0x58, 0x02, 0xd7, - 0x9c, 0xcc, 0x46, 0x8d, 0x52, 0xbe, 0x7e, 0x3b, 0xab, 0x2c, 0x42, 0x1b, 0x33, 0x50, 0xf8, 0x10, - 0x78, 0xe3, 0x1e, 0xb4, 0xfc, 0x48, 0xee, 0x41, 0xed, 0x6f, 0xc2, 0x99, 0x99, 0x8e, 0x43, 0xb5, - 0xbc, 0xd6, 0x61, 0x2d, 0x2f, 0x8f, 0xc4, 0x30, 0x1a, 0xfb, 0x72, 0x83, 0xaa, 0x3a, 0x12, 0x77, - 0x38, 0x11, 0x4b, 0x1e, 0xef, 0x83, 0xbb, 0xd1, 0x14, 0x8f, 0x65, 0x2f, 0x59, 0xd5, 0xe8, 0x9b, - 0x82, 0x8a, 0x15, 0xd7, 0xfe, 0x5e, 0x01, 0x96, 0x52, 0x55, 0x30, 0x35, 0xb2, 0x58, 0xc7, 0x8e, - 0x2c, 0x79, 0x1a, 0x83, 0x5e, 0x87, 0x45, 0x2a, 0x8e, 0x62, 0xe4, 0x30, 0xd2, 0x9b, 0xe6, 0x70, - 0x13, 0xdd, 0x31, 0xd4, 0xb5, 0x4f, 0x1f, 0xec, 0xaf, 0x2d, 0x9a, 0x14, 0x9c, 0x82, 0xb3, 0x7f, - 0x59, 0x80, 0xc7, 0x0e, 0xe9, 0x08, 0xd0, 0x1d, 0xf3, 0x76, 0x40, 0x8e, 0x8f, 0x2f, 0xe4, 0x10, - 0x9e, 0x2a, 0x91, 0xca, 0x5f, 0xbe, 0x87, 0xdd, 0x0d, 0xdc, 0xe7, 0xf4, 0xb8, 0x07, 0xe5, 0x7e, - 0x10, 0x0c, 0xe2, 0x31, 0x71, 0x9e, 0x82, 0xa0, 0x87, 0x9b, 0x76, 0x8d, 0xef, 0x26, 0x7f, 0xa7, - 0x58, 0xaa, 0xb7, 0xdf, 0xb3, 0x20, 0xe5, 0x45, 0x34, 0x82, 0x32, 0xd7, 0x32, 0xcd, 0xe1, 0x4f, - 0x98, 0xa9, 0xf7, 0x12, 0xd7, 0x29, 0xf1, 0xc5, 0x23, 0x96, 0x28, 0xc8, 0x83, 0x12, 0x37, 0x44, - 0x75, 0xfa, 0xdb, 0x39, 0xa1, 0xf1, 0x25, 0xca, 0xc1, 0x82, 0x3f, 0x61, 0x01, 0x61, 0x5f, 0x84, - 0x33, 0x33, 0x16, 0xf1, 0x90, 0xdf, 0x0b, 0xe2, 0x1f, 0x7f, 0x46, 0xc8, 0x5f, 0xe1, 0x44, 0x2c, - 0x79, 0xbc, 0x7e, 0x9c, 0xce, 0xaa, 0x47, 0x3f, 0xb3, 0xe0, 0x0c, 0xcd, 0xea, 0x7b, 0x28, 0x5e, - 0xfb, 0xb0, 0x32, 0x6a, 0xd6, 0x7c, 0x3c, 0x6b, 0x01, 0xdf, 0xd1, 0xec, 0x75, 0x29, 0x8f, 0x3d, - 0xcf, 0xa7, 0xc4, 0x1d, 0x47, 0xf1, 0x42, 0x93, 0xd8, 0xdb, 0x52, 0x74, 0x9c, 0x48, 0xf0, 0xf1, - 0x55, 0x5e, 0xd7, 0xdf, 0xd0, 0x8d, 0x62, 0x32, 0xbe, 0x76, 0x12, 0x0e, 0x36, 0xa4, 0xd0, 0x39, - 0xa8, 0xba, 0x24, 0x62, 0x9b, 0xbc, 0x3d, 0xe2, 0x79, 0x61, 0x51, 0xce, 0x59, 0x1b, 0x8a, 0x86, - 0x13, 0x2e, 0xfa, 0x28, 0x2c, 0x0c, 0xc8, 0x54, 0x08, 0x96, 0x84, 0x60, 0x9d, 0x57, 0xfc, 0x6d, - 0x49, 0xc2, 0x31, 0x0f, 0xd9, 0x50, 0x71, 0x1d, 0x21, 0x55, 0x16, 0x52, 0x20, 0x6e, 0xee, 0x2f, - 0x09, 0x21, 0xc5, 0x69, 0x37, 0xef, 0xde, 0x5b, 0x3d, 0xf5, 0xd6, 0xbd, 0xd5, 0x53, 0x6f, 0xdf, - 0x5b, 0x3d, 0xf5, 0xc6, 0xc1, 0xaa, 0x75, 0xf7, 0x60, 0xd5, 0x7a, 0xeb, 0x60, 0xd5, 0x7a, 0xfb, - 0x60, 0xd5, 0xfa, 0xe7, 0xc1, 0xaa, 0xf5, 0xe3, 0x77, 0x57, 0x4f, 0xbd, 0x5c, 0x8d, 0x5d, 0xfb, - 0x9f, 0x00, 0x00, 0x00, 0xff, 0xff, 0xf5, 0xd2, 0xa5, 0x7e, 0x8e, 0x27, 0x00, 0x00, + 0x19, 0x76, 0xcf, 0x63, 0x77, 0xe7, 0x9f, 0x7d, 0xd8, 0x95, 0x07, 0x83, 0x23, 0xed, 0xae, 0x3a, + 0x3c, 0x0c, 0x4a, 0x66, 0xb0, 0x21, 0x10, 0x1e, 0x42, 0xf2, 0xec, 0xc6, 0xf1, 0x66, 0xfd, 0x58, + 0x6a, 0xd6, 0x46, 0x0a, 0x51, 0xa0, 0xdd, 0x53, 0x3b, 0x53, 0x9e, 0x99, 0xee, 0x4e, 0x57, 0xcd, + 0x58, 0x23, 0x11, 0x14, 0x84, 0x90, 0x78, 0x0b, 0x84, 0x10, 0x57, 0x0e, 0x9c, 0x10, 0x12, 0x12, + 0xe2, 0x84, 0xc4, 0x01, 0x0e, 0xc8, 0xc7, 0x1c, 0x40, 0x44, 0x01, 0xad, 0xf0, 0xe6, 0x12, 0x89, + 0x03, 0x67, 0x72, 0x42, 0xf5, 0xe8, 0xae, 0xea, 0x9e, 0x5d, 0x76, 0xed, 0x19, 0x1b, 0xb8, 0x75, + 0xff, 0xff, 0xdf, 0xff, 0xf7, 0xd7, 0x5f, 0x7f, 0xfd, 0x8f, 0x6a, 0xd8, 0xea, 0x50, 0xde, 0x1d, + 0xde, 0xaa, 0xfb, 0xe1, 0xa0, 0xe1, 0xc5, 0x9d, 0x30, 0x8a, 0xc3, 0xdb, 0xf2, 0xe1, 0x59, 0xbf, + 0xdd, 0x88, 0x7a, 0x9d, 0x86, 0x17, 0x51, 0xd6, 0xf0, 0xa2, 0xa8, 0x4f, 0x7d, 0x8f, 0xd3, 0x30, + 0x68, 0x8c, 0xce, 0x7b, 0xfd, 0xa8, 0xeb, 0x9d, 0x6f, 0x74, 0x48, 0x40, 0x62, 0x8f, 0x93, 0x76, + 0x3d, 0x8a, 0x43, 0x1e, 0xa2, 0x4f, 0x1b, 0x55, 0xf5, 0x44, 0x95, 0x7c, 0xf8, 0xb2, 0xdf, 0xae, + 0x47, 0xbd, 0x4e, 0x5d, 0xa8, 0xaa, 0x5b, 0xaa, 0xea, 0x89, 0xaa, 0xb3, 0xcf, 0x5a, 0x56, 0x74, + 0xc2, 0x4e, 0xd8, 0x90, 0x1a, 0x6f, 0x0d, 0xf7, 0xe4, 0x9b, 0x7c, 0x91, 0x4f, 0x0a, 0xe9, 0xec, + 0x27, 0x7a, 0xcf, 0xb3, 0x3a, 0x0d, 0x85, 0x6d, 0x03, 0xcf, 0xef, 0xd2, 0x80, 0xc4, 0x63, 0x63, + 0xec, 0x80, 0x70, 0xaf, 0x31, 0x9a, 0xb0, 0xef, 0x6c, 0xe3, 0xa8, 0xaf, 0xe2, 0x61, 0xc0, 0xe9, + 0x80, 0x4c, 0x7c, 0xf0, 0xc9, 0xe3, 0x3e, 0x60, 0x7e, 0x97, 0x0c, 0xbc, 0x89, 0xef, 0x3e, 0x7e, + 0xd4, 0x77, 0x43, 0x4e, 0xfb, 0x0d, 0x1a, 0x70, 0xc6, 0xe3, 0xfc, 0x47, 0xee, 0x5f, 0x1d, 0x80, + 0x8b, 0x51, 0xb4, 0x13, 0x87, 0xb7, 0x89, 0xcf, 0xd1, 0x57, 0x60, 0x41, 0xac, 0xa3, 0xed, 0x71, + 0xaf, 0xe6, 0xac, 0x3b, 0xe7, 0xaa, 0x17, 0x3e, 0x56, 0x57, 0x6a, 0xeb, 0xb6, 0x5a, 0xe3, 0x57, + 0x21, 0x5d, 0x1f, 0x9d, 0xaf, 0x5f, 0xbf, 0x25, 0xbe, 0xbf, 0x4a, 0xb8, 0xd7, 0x44, 0x77, 0xf7, + 0xd7, 0x4e, 0x1d, 0xec, 0xaf, 0x81, 0xa1, 0xe1, 0x54, 0x2b, 0xea, 0x41, 0x89, 0x45, 0xc4, 0xaf, + 0x15, 0xa4, 0xf6, 0xad, 0xfa, 0x03, 0xef, 0x5e, 0xdd, 0x98, 0xdd, 0x8a, 0x88, 0xdf, 0x5c, 0xd4, + 0xb0, 0x25, 0xf1, 0x86, 0x25, 0x88, 0xfb, 0xb6, 0x03, 0xcb, 0x46, 0xec, 0x0a, 0x65, 0x1c, 0xbd, + 0x32, 0xb1, 0xc2, 0xfa, 0xc9, 0x56, 0x28, 0xbe, 0x96, 0xeb, 0x3b, 0xad, 0x81, 0x16, 0x12, 0x8a, + 0xb5, 0xba, 0xdb, 0x50, 0xa6, 0x9c, 0x0c, 0x58, 0xad, 0xb0, 0x5e, 0x3c, 0x57, 0xbd, 0xf0, 0xc2, + 0x4c, 0x96, 0xd7, 0x5c, 0xd2, 0x88, 0xe5, 0x2d, 0xa1, 0x1b, 0x2b, 0x08, 0xf7, 0x5f, 0x05, 0x7b, + 0x71, 0x62, 0xd5, 0xe8, 0x3c, 0x54, 0x59, 0x38, 0x8c, 0x7d, 0x82, 0x49, 0x14, 0xb2, 0x9a, 0xb3, + 0x5e, 0x3c, 0x57, 0x69, 0xae, 0x1c, 0xec, 0xaf, 0x55, 0x5b, 0x86, 0x8c, 0x6d, 0x19, 0xf4, 0x5d, + 0x07, 0x16, 0xdb, 0x84, 0x71, 0x1a, 0x48, 0xfc, 0xc4, 0xf2, 0x2f, 0x4c, 0x67, 0x79, 0x42, 0xdc, + 0x34, 0x9a, 0x9b, 0x8f, 0xeb, 0x55, 0x2c, 0x5a, 0x44, 0x86, 0x33, 0xe0, 0xe8, 0x39, 0xa8, 0xb6, + 0x09, 0xf3, 0x63, 0x1a, 0x89, 0xf7, 0x5a, 0x71, 0xdd, 0x39, 0x57, 0x69, 0x3e, 0xa6, 0x3f, 0xac, + 0x6e, 0x1a, 0x16, 0xb6, 0xe5, 0x50, 0x08, 0x73, 0x3c, 0xec, 0x91, 0x80, 0xd5, 0x4a, 0xd2, 0xfa, + 0x17, 0xa7, 0xb0, 0x5e, 0xfb, 0x73, 0x57, 0xe8, 0x6b, 0x2e, 0x6b, 0xe8, 0x39, 0xf9, 0xca, 0xb0, + 0x86, 0x71, 0xff, 0x58, 0x84, 0xaa, 0xb5, 0xcc, 0x47, 0x70, 0x6e, 0xfa, 0x99, 0x73, 0xf3, 0xd2, + 0x6c, 0xb6, 0xe7, 0xa8, 0x83, 0x83, 0x38, 0xcc, 0x31, 0xee, 0xf1, 0x21, 0x93, 0x5b, 0x50, 0xbd, + 0x70, 0x65, 0x46, 0x78, 0x52, 0xa7, 0xf1, 0xaa, 0x7a, 0xc7, 0x1a, 0x0b, 0xbd, 0x06, 0x95, 0x30, + 0x12, 0xe9, 0x49, 0xec, 0x7d, 0x49, 0x02, 0x6f, 0x4e, 0x01, 0x7c, 0x3d, 0xd1, 0xd5, 0x5c, 0x3a, + 0xd8, 0x5f, 0xab, 0xa4, 0xaf, 0xd8, 0xa0, 0xb8, 0x3e, 0x3c, 0x6e, 0xd9, 0xb7, 0x11, 0x06, 0x6d, + 0x2a, 0x37, 0x74, 0x1d, 0x4a, 0x7c, 0x1c, 0x11, 0xb9, 0x99, 0x15, 0xe3, 0xa2, 0xdd, 0x71, 0x44, + 0xb0, 0xe4, 0xa0, 0x8f, 0xc0, 0xfc, 0x80, 0x30, 0xe6, 0x75, 0x88, 0xdc, 0x93, 0x4a, 0x73, 0x45, + 0x0b, 0xcd, 0x5f, 0x55, 0x64, 0x9c, 0xf0, 0xdd, 0xd7, 0xe0, 0xc9, 0xc3, 0xcf, 0x04, 0xfa, 0x10, + 0xcc, 0x31, 0x12, 0x8f, 0x48, 0xac, 0x81, 0x8c, 0x67, 0x24, 0x15, 0x6b, 0x2e, 0x6a, 0x40, 0x25, + 0xf0, 0x06, 0x84, 0x45, 0x9e, 0x9f, 0xc0, 0x9d, 0xd1, 0xa2, 0x95, 0x6b, 0x09, 0x03, 0x1b, 0x19, + 0xf7, 0x6f, 0x0e, 0xac, 0x58, 0x98, 0x8f, 0x20, 0xf5, 0xf5, 0xb2, 0xa9, 0xef, 0xd2, 0x6c, 0x22, + 0xe6, 0x88, 0xdc, 0xf7, 0xfb, 0x22, 0x9c, 0xb1, 0xe3, 0x4a, 0x26, 0x34, 0xb1, 0x25, 0x31, 0x89, + 0xc2, 0x1b, 0xf8, 0x8a, 0x76, 0x67, 0xba, 0x25, 0x58, 0x91, 0x71, 0xc2, 0x17, 0xfb, 0x1b, 0x79, + 0xbc, 0xab, 0x7d, 0x99, 0xee, 0xef, 0x8e, 0xc7, 0xbb, 0x58, 0x72, 0x44, 0x2a, 0x22, 0xc1, 0x88, + 0xc6, 0x61, 0x30, 0x20, 0x01, 0xcf, 0xa7, 0xa2, 0x17, 0x0c, 0x0b, 0xdb, 0x72, 0xe8, 0xf3, 0xb0, + 0xcc, 0xbd, 0xb8, 0x43, 0x38, 0x26, 0x23, 0xca, 0x92, 0x40, 0xae, 0x34, 0x9f, 0xd4, 0x5f, 0x2e, + 0xef, 0x66, 0xb8, 0x38, 0x27, 0x8d, 0x7e, 0xe3, 0xc0, 0x53, 0x7e, 0x38, 0x88, 0xc2, 0x80, 0x04, + 0x7c, 0xc7, 0x8b, 0xbd, 0x01, 0xe1, 0x24, 0xbe, 0x3e, 0x22, 0x71, 0x4c, 0xdb, 0x84, 0xd5, 0xca, + 0xd2, 0xbb, 0x57, 0xa7, 0xf0, 0xee, 0xc6, 0x84, 0xf6, 0xe6, 0xd3, 0xda, 0xb8, 0xa7, 0x36, 0x8e, + 0x46, 0xc6, 0xff, 0xc9, 0x2c, 0x51, 0x79, 0x46, 0x5e, 0x7f, 0x48, 0xd8, 0x25, 0xda, 0x27, 0xac, + 0x36, 0x67, 0x2a, 0xcf, 0x4d, 0x43, 0xc6, 0xb6, 0x8c, 0xfb, 0xbb, 0x42, 0x26, 0x44, 0x5b, 0x49, + 0xde, 0x91, 0x7b, 0xa9, 0x03, 0x74, 0x56, 0x79, 0x47, 0xea, 0xb4, 0x4e, 0x97, 0x2a, 0x80, 0x1a, + 0x0b, 0x7d, 0xcb, 0x91, 0x65, 0x27, 0x39, 0x95, 0x3a, 0xc7, 0x3e, 0x84, 0x12, 0x68, 0x57, 0xb2, + 0x84, 0x88, 0x6d, 0x68, 0x11, 0xc2, 0x91, 0x2a, 0x40, 0x3a, 0xe2, 0xd2, 0x10, 0xd6, 0x75, 0x09, + 0x27, 0x7c, 0xf7, 0x67, 0x73, 0xd9, 0x33, 0xa0, 0x72, 0xe8, 0x8f, 0x1c, 0x38, 0x2d, 0x36, 0xca, + 0x8b, 0x29, 0x0b, 0x03, 0x4c, 0xd8, 0xb0, 0xcf, 0xb5, 0x33, 0xb7, 0xa7, 0x0c, 0x1a, 0x5b, 0x65, + 0xb3, 0xa6, 0xed, 0x3a, 0x9d, 0xe7, 0xe0, 0x09, 0x78, 0xc4, 0x61, 0xbe, 0x4b, 0x19, 0x0f, 0xe3, + 0xb1, 0x4e, 0x0e, 0xd3, 0xb4, 0x7d, 0x9b, 0x24, 0xea, 0x87, 0x63, 0x71, 0xd6, 0xb6, 0x82, 0xbd, + 0xd0, 0xf8, 0xe7, 0xb2, 0x42, 0xc0, 0x09, 0x14, 0xfa, 0xba, 0x03, 0x10, 0x25, 0x91, 0x2a, 0x0a, + 0xd9, 0x43, 0x38, 0x38, 0x69, 0xcd, 0x4e, 0x49, 0x0c, 0x5b, 0xa0, 0xa2, 0x31, 0xe9, 0x12, 0xaf, + 0xcf, 0xbb, 0xba, 0x9c, 0x4d, 0xd3, 0x98, 0x5c, 0x96, 0x8a, 0xf2, 0x25, 0x54, 0x51, 0xb1, 0x86, + 0x41, 0xdf, 0x74, 0x60, 0x39, 0xad, 0x6e, 0x42, 0x96, 0xd4, 0xca, 0x53, 0x77, 0xda, 0xd7, 0x33, + 0x0a, 0x9b, 0x48, 0xa4, 0xb1, 0x2c, 0x0d, 0xe7, 0x40, 0xd1, 0x37, 0x1c, 0x00, 0x3f, 0xa9, 0xa6, + 0x2a, 0x1f, 0x54, 0x2f, 0x5c, 0x9f, 0xcd, 0x89, 0x4a, 0xab, 0xb4, 0x71, 0x7f, 0x4a, 0x62, 0xd8, + 0x82, 0x75, 0xdf, 0x71, 0xe0, 0x09, 0xeb, 0xc3, 0x2f, 0x7a, 0xdc, 0xef, 0xbe, 0x30, 0x12, 0x69, + 0x7a, 0x3b, 0x53, 0xdf, 0x3f, 0x65, 0xd7, 0xf7, 0xf7, 0xf6, 0xd7, 0x3e, 0x7c, 0xd4, 0x28, 0x75, + 0x47, 0x68, 0xa8, 0x4b, 0x15, 0x56, 0x2b, 0xf0, 0x3a, 0x54, 0x2d, 0x9b, 0x75, 0xfa, 0x98, 0x55, + 0x01, 0x4c, 0x73, 0x86, 0x45, 0xc4, 0x36, 0x9e, 0xfb, 0xe7, 0x02, 0xcc, 0x6f, 0xf4, 0x87, 0x8c, + 0x93, 0xf8, 0xc4, 0x0d, 0xc5, 0x3a, 0x94, 0x44, 0xb3, 0x90, 0xaf, 0x7f, 0xa2, 0x97, 0xc0, 0x92, + 0x83, 0x22, 0x98, 0xf3, 0xc3, 0x60, 0x8f, 0x76, 0x74, 0x0b, 0x78, 0x79, 0x9a, 0x93, 0xa3, 0xac, + 0xdb, 0x90, 0xfa, 0x8c, 0x4d, 0xea, 0x1d, 0x6b, 0x1c, 0xf4, 0x7d, 0x07, 0x56, 0xfc, 0x30, 0x08, + 0x88, 0x6f, 0x82, 0xb7, 0x34, 0x75, 0xbb, 0xbb, 0x91, 0xd5, 0xd8, 0x7c, 0x9f, 0x46, 0x5f, 0xc9, + 0x31, 0x70, 0x1e, 0xdb, 0xfd, 0x75, 0x01, 0x96, 0x32, 0x96, 0xa3, 0x67, 0x60, 0x61, 0xc8, 0x48, + 0x2c, 0x3d, 0xa7, 0xfc, 0x9b, 0x76, 0x44, 0x37, 0x34, 0x1d, 0xa7, 0x12, 0x42, 0x3a, 0xf2, 0x18, + 0xbb, 0x13, 0xc6, 0x6d, 0xed, 0xe7, 0x54, 0x7a, 0x47, 0xd3, 0x71, 0x2a, 0x21, 0xfa, 0x8d, 0x5b, + 0xc4, 0x8b, 0x49, 0x2c, 0x47, 0x8d, 0x7c, 0xbf, 0xd1, 0x34, 0x2c, 0x6c, 0xcb, 0x49, 0xa7, 0xf1, + 0x3e, 0xdb, 0xe8, 0x53, 0x12, 0x70, 0x65, 0xe6, 0x0c, 0x9c, 0xb6, 0x7b, 0xa5, 0x65, 0x6b, 0x34, + 0x4e, 0xcb, 0x31, 0x70, 0x1e, 0xdb, 0xfd, 0x93, 0x03, 0x55, 0xed, 0xb4, 0x47, 0xd0, 0x74, 0x76, + 0xb2, 0x4d, 0x67, 0x73, 0xfa, 0x18, 0x3d, 0xa2, 0xe1, 0xfc, 0x65, 0x11, 0x26, 0x2a, 0x1d, 0x7a, + 0x55, 0xe4, 0x38, 0x41, 0x23, 0xed, 0x8b, 0x49, 0x91, 0xfd, 0xe8, 0xc9, 0x56, 0xb7, 0x4b, 0x07, + 0xc4, 0x4e, 0x5f, 0x89, 0x16, 0x6c, 0x69, 0x44, 0x6f, 0x38, 0x06, 0x60, 0x37, 0xd4, 0x79, 0x65, + 0xb6, 0x2d, 0xd1, 0x84, 0x09, 0xbb, 0x21, 0xb6, 0x30, 0xd1, 0x67, 0xd2, 0x41, 0xb0, 0x2c, 0x03, + 0xd2, 0xcd, 0x8e, 0x6e, 0xef, 0x65, 0x1a, 0x80, 0xdc, 0x38, 0x37, 0x86, 0x4a, 0x4c, 0x54, 0x8b, + 0x95, 0x54, 0x80, 0x69, 0x92, 0x08, 0xd6, 0xba, 0xd4, 0x31, 0x4e, 0xc7, 0x9f, 0x84, 0xcc, 0xb0, + 0x41, 0x73, 0xbf, 0xe7, 0x00, 0x9a, 0x2c, 0xd7, 0x62, 0x8c, 0x4a, 0x9b, 0x58, 0x7d, 0x80, 0x53, + 0x3d, 0xa9, 0x38, 0x36, 0x32, 0x27, 0x48, 0x93, 0x4f, 0x43, 0x59, 0x36, 0xb5, 0xfa, 0xc0, 0xa6, + 0xd1, 0x23, 0xdb, 0x5e, 0xac, 0x78, 0xee, 0x1f, 0x1c, 0xc8, 0xa7, 0x1b, 0x99, 0xa9, 0x95, 0x67, + 0xf3, 0x99, 0x3a, 0xeb, 0xc5, 0x93, 0xcf, 0x99, 0xe8, 0x15, 0xa8, 0x7a, 0x9c, 0x93, 0x41, 0xc4, + 0x65, 0x40, 0x16, 0xef, 0x3b, 0x20, 0x97, 0x45, 0x24, 0x5c, 0x0d, 0xdb, 0x74, 0x8f, 0xca, 0x60, + 0xb4, 0xd5, 0xb9, 0xef, 0x16, 0x61, 0x39, 0xdb, 0x7c, 0xa1, 0x21, 0xcc, 0xc9, 0x66, 0x47, 0x5d, + 0x35, 0xcd, 0xbc, 0xbb, 0x4a, 0x5d, 0x22, 0x49, 0x0c, 0x6b, 0x30, 0x91, 0x58, 0xe3, 0x64, 0xba, + 0xca, 0x25, 0xd6, 0x74, 0xae, 0x4a, 0x25, 0x8e, 0x9d, 0xa8, 0x8a, 0xff, 0x9b, 0x13, 0xd5, 0xab, + 0x00, 0x6d, 0xe9, 0x6d, 0xb9, 0x97, 0xa5, 0x07, 0x4f, 0x2e, 0x9b, 0xa9, 0x16, 0x6c, 0x69, 0x44, + 0x67, 0xa1, 0x40, 0xdb, 0xf2, 0x54, 0x17, 0x9b, 0xa0, 0x65, 0x0b, 0x5b, 0x9b, 0xb8, 0x40, 0xdb, + 0x2e, 0x83, 0x45, 0xbb, 0xdb, 0x3c, 0x71, 0xac, 0x7e, 0x16, 0x96, 0xd4, 0xd3, 0x26, 0xe1, 0x1e, + 0xed, 0x33, 0xbd, 0x3b, 0x4f, 0x68, 0xf1, 0xa5, 0x96, 0xcd, 0xc4, 0x59, 0x59, 0xf7, 0xa7, 0x05, + 0x80, 0xcb, 0x61, 0xd8, 0xd3, 0x98, 0xc9, 0xd1, 0x73, 0x8e, 0x3c, 0x7a, 0xeb, 0x50, 0xea, 0xd1, + 0xa0, 0x9d, 0x3f, 0x9c, 0xdb, 0x34, 0x68, 0x63, 0xc9, 0x41, 0x17, 0x00, 0xbc, 0x88, 0xde, 0x24, + 0x31, 0x33, 0xb7, 0x89, 0xa9, 0x5f, 0x2e, 0xee, 0x6c, 0x69, 0x0e, 0xb6, 0xa4, 0xd0, 0x33, 0xba, + 0x33, 0x54, 0x63, 0x7b, 0x2d, 0xd7, 0x19, 0x2e, 0x08, 0x0b, 0xad, 0xd6, 0xef, 0xf9, 0x5c, 0x7e, + 0x5c, 0x9f, 0xc8, 0x8f, 0xa6, 0x53, 0xde, 0xe9, 0x7a, 0x8c, 0x1c, 0x76, 0xae, 0xe7, 0x8e, 0xb9, + 0x3f, 0xfa, 0x87, 0x03, 0xe6, 0xf6, 0x0a, 0xed, 0x41, 0x89, 0x8d, 0x03, 0x5f, 0xd7, 0x9b, 0x69, + 0x32, 0x6a, 0x6b, 0x1c, 0xf8, 0xe6, 0x92, 0x6c, 0x41, 0xde, 0x01, 0x8e, 0x03, 0x1f, 0x4b, 0xfd, + 0x68, 0x04, 0x0b, 0x71, 0xd8, 0xef, 0xdf, 0xf2, 0xfc, 0xde, 0x0c, 0x4a, 0x0f, 0xd6, 0xaa, 0x0c, + 0xde, 0xa2, 0x3c, 0xaf, 0x9a, 0x8c, 0x53, 0x2c, 0xf7, 0x57, 0x65, 0xc8, 0x4d, 0x17, 0x68, 0x68, + 0x5f, 0x0c, 0x3a, 0x33, 0xbc, 0x18, 0x4c, 0xb3, 0xff, 0x61, 0x97, 0x83, 0xe8, 0x39, 0x28, 0x47, + 0x62, 0xcf, 0x74, 0x84, 0xad, 0x25, 0xb9, 0x5d, 0x6e, 0xe4, 0x21, 0x5b, 0xab, 0xa4, 0xed, 0x9d, + 0x2d, 0x1e, 0x93, 0xb1, 0xbf, 0x06, 0x20, 0x7c, 0xad, 0xc7, 0x74, 0x75, 0xc8, 0xaf, 0xcd, 0x6a, + 0x47, 0xf5, 0xa4, 0x2e, 0x93, 0x7a, 0x2b, 0x45, 0xc1, 0x16, 0x22, 0xfa, 0x8e, 0x03, 0xcb, 0x89, + 0xe3, 0xb5, 0x11, 0xe5, 0x87, 0x62, 0x84, 0x9c, 0x19, 0x71, 0x06, 0x09, 0xe7, 0x90, 0xd1, 0x97, + 0xa0, 0xc2, 0xb8, 0x17, 0xab, 0xe2, 0x35, 0x77, 0xdf, 0x09, 0x2f, 0xdd, 0xcb, 0x56, 0xa2, 0x04, + 0x1b, 0x7d, 0xe8, 0x65, 0x80, 0x3d, 0x1a, 0x50, 0xd6, 0x95, 0xda, 0xe7, 0x1f, 0xac, 0x34, 0x5e, + 0x4a, 0x35, 0x60, 0x4b, 0x9b, 0xfb, 0x03, 0x07, 0x16, 0xed, 0xdf, 0x06, 0x27, 0xc8, 0x5d, 0xe7, + 0x60, 0x21, 0x0a, 0xfb, 0xd4, 0xa7, 0x44, 0xf5, 0xae, 0x15, 0x75, 0x1c, 0x76, 0x34, 0x0d, 0xa7, + 0x5c, 0x91, 0xc3, 0x46, 0x5e, 0x9f, 0xb6, 0x6f, 0x04, 0x9c, 0xf6, 0x65, 0x40, 0x15, 0x4d, 0x0e, + 0xbb, 0x99, 0x72, 0xb0, 0x25, 0xe5, 0xfe, 0xa5, 0x00, 0x20, 0x7f, 0xef, 0x50, 0x79, 0x13, 0xb2, + 0x0e, 0xa5, 0x98, 0x44, 0x61, 0xde, 0x1c, 0x21, 0x81, 0x25, 0x27, 0x33, 0xd8, 0x14, 0xee, 0x6b, + 0xb0, 0x29, 0x1e, 0x3b, 0xd8, 0x88, 0xa2, 0xc0, 0xba, 0x3b, 0x31, 0x1d, 0x79, 0x9c, 0x6c, 0x93, + 0xb1, 0xce, 0xac, 0xa6, 0x28, 0xb4, 0x2e, 0x1b, 0x26, 0xce, 0xca, 0x1e, 0x3a, 0x13, 0x96, 0xff, + 0x8b, 0x33, 0xe1, 0xdb, 0x0e, 0x2c, 0x1b, 0xcf, 0xfe, 0x7f, 0xfd, 0x51, 0x34, 0x76, 0x1f, 0x31, + 0xe4, 0xfc, 0xd3, 0x81, 0x95, 0xa4, 0x9d, 0xd6, 0x55, 0x79, 0x26, 0x65, 0x38, 0xf3, 0xf7, 0xa2, + 0x78, 0xfc, 0xdf, 0x0b, 0x3b, 0x83, 0x96, 0x8e, 0xc9, 0xa0, 0x9f, 0xcb, 0x15, 0xe0, 0x0f, 0x4c, + 0x14, 0x60, 0x94, 0x0e, 0x0e, 0xe3, 0xc0, 0xcf, 0x36, 0x2c, 0xee, 0x2f, 0x1c, 0x58, 0x4c, 0xd8, + 0xd7, 0xc2, 0xb6, 0x6c, 0xe7, 0x99, 0x0c, 0x32, 0x27, 0xdb, 0xce, 0xab, 0x70, 0x50, 0x3c, 0x34, + 0x84, 0x05, 0xbf, 0x4b, 0xfb, 0xed, 0x98, 0x04, 0x7a, 0x5b, 0x5e, 0x9c, 0xc1, 0x5c, 0x23, 0xf0, + 0x4d, 0x28, 0x6c, 0x68, 0x00, 0x9c, 0x42, 0xb9, 0xbf, 0x2d, 0xc2, 0x52, 0x66, 0x08, 0x42, 0xcf, + 0x41, 0x55, 0xfd, 0x3e, 0x68, 0x59, 0x36, 0xa7, 0x77, 0x06, 0xbb, 0x86, 0x85, 0x6d, 0x39, 0xb1, + 0x1f, 0x7d, 0x3a, 0x52, 0x3a, 0xf2, 0x7f, 0x93, 0xae, 0x24, 0x0c, 0x6c, 0x64, 0xac, 0x29, 0xb0, + 0x78, 0xdf, 0x53, 0xe0, 0x8f, 0x1d, 0x40, 0x72, 0x09, 0x42, 0x73, 0x3a, 0xac, 0xcd, 0xe0, 0x47, + 0x6d, 0xc6, 0x6f, 0x67, 0xb5, 0x45, 0x68, 0x63, 0x02, 0x0a, 0x1f, 0x02, 0x6f, 0x5d, 0xcc, 0x96, + 0x1f, 0xc9, 0xc5, 0xac, 0xfb, 0x55, 0x38, 0x33, 0xd1, 0x02, 0xe9, 0x1e, 0xdc, 0x39, 0xac, 0x07, + 0x17, 0x91, 0x18, 0xc5, 0xc3, 0x40, 0x6d, 0xd0, 0x82, 0x89, 0xc4, 0x1d, 0x41, 0xc4, 0x8a, 0x27, + 0x1a, 0xf3, 0x76, 0x3c, 0xc6, 0x43, 0xd5, 0xdc, 0x2e, 0x18, 0xf4, 0x4d, 0x49, 0xc5, 0x9a, 0xeb, + 0x7e, 0xbb, 0x00, 0x4b, 0x99, 0xb2, 0x9c, 0x99, 0xa1, 0x9c, 0x63, 0x67, 0xa8, 0x59, 0x1a, 0x83, + 0x5e, 0x87, 0x45, 0x26, 0x8f, 0x62, 0xec, 0x71, 0xd2, 0x19, 0xcf, 0xe0, 0x6a, 0xbc, 0x65, 0xa9, + 0x6b, 0x9e, 0x3e, 0xd8, 0x5f, 0x5b, 0xb4, 0x29, 0x38, 0x03, 0xe7, 0xfe, 0xbc, 0x00, 0x8f, 0x1d, + 0xd2, 0xa2, 0xa0, 0x3b, 0xf6, 0x75, 0x85, 0x9a, 0x67, 0x5f, 0x9a, 0x41, 0x78, 0xea, 0x44, 0xaa, + 0xfe, 0x41, 0x1f, 0x76, 0x59, 0x71, 0x9f, 0xe3, 0xec, 0x1e, 0x94, 0xbb, 0x61, 0xd8, 0x4b, 0xe6, + 0xd6, 0x69, 0x0a, 0x82, 0x99, 0xb6, 0x9a, 0x15, 0xb1, 0x9b, 0xe2, 0x9d, 0x61, 0xa5, 0xde, 0x7d, + 0xd7, 0x81, 0x8c, 0x17, 0xd1, 0x00, 0xca, 0x42, 0xcb, 0x78, 0x06, 0xbf, 0xe6, 0x6c, 0xbd, 0x17, + 0x85, 0x4e, 0x85, 0x2f, 0x1f, 0xb1, 0x42, 0x41, 0x14, 0x4a, 0xc2, 0x10, 0x3d, 0x7a, 0x6c, 0xcf, + 0x08, 0x4d, 0x2c, 0x51, 0x4d, 0x3a, 0xe2, 0x09, 0x4b, 0x08, 0xf7, 0x79, 0x38, 0x33, 0x61, 0x91, + 0x08, 0xf9, 0xbd, 0x30, 0xf9, 0x13, 0x69, 0x85, 0xfc, 0x25, 0x41, 0xc4, 0x8a, 0x27, 0xea, 0xc7, + 0xe9, 0xbc, 0x7a, 0xf4, 0x13, 0x07, 0xce, 0xb0, 0xbc, 0xbe, 0x87, 0xe2, 0xb5, 0xf7, 0x6b, 0xa3, + 0x26, 0xcd, 0xc7, 0x93, 0x16, 0x88, 0x1d, 0xcd, 0xdf, 0xdf, 0x8a, 0xd8, 0xa3, 0x01, 0x23, 0xfe, + 0x30, 0x4e, 0x16, 0x9a, 0xc6, 0xde, 0x96, 0xa6, 0xe3, 0x54, 0x42, 0xf4, 0xa2, 0xea, 0xff, 0xc1, + 0x35, 0xd3, 0x28, 0xa6, 0xbd, 0x68, 0x2b, 0xe5, 0x60, 0x4b, 0x4a, 0x74, 0xba, 0x3e, 0x89, 0xf9, + 0xa6, 0x68, 0x8f, 0x44, 0x5e, 0x58, 0x54, 0x9d, 0xee, 0x86, 0xa6, 0xe1, 0x94, 0x8b, 0x3e, 0x08, + 0xf3, 0x3d, 0x32, 0x96, 0x82, 0x25, 0x29, 0x58, 0x15, 0x15, 0x7f, 0x5b, 0x91, 0x70, 0xc2, 0x43, + 0x2e, 0xcc, 0xf9, 0x9e, 0x94, 0x2a, 0x4b, 0x29, 0x90, 0xbf, 0x12, 0x2e, 0x4a, 0x21, 0xcd, 0x69, + 0xd6, 0xef, 0xde, 0x5b, 0x3d, 0xf5, 0xe6, 0xbd, 0xd5, 0x53, 0x6f, 0xdd, 0x5b, 0x3d, 0xf5, 0xc6, + 0xc1, 0xaa, 0x73, 0xf7, 0x60, 0xd5, 0x79, 0xf3, 0x60, 0xd5, 0x79, 0xeb, 0x60, 0xd5, 0xf9, 0xfb, + 0xc1, 0xaa, 0xf3, 0xc3, 0x77, 0x56, 0x4f, 0xbd, 0xbc, 0x90, 0xb8, 0xf6, 0xdf, 0x01, 0x00, 0x00, + 0xff, 0xff, 0xfb, 0x93, 0x3c, 0x8f, 0x90, 0x28, 0x00, 0x00, } diff --git a/pkg/apis/application/v1alpha1/generated.proto b/pkg/apis/application/v1alpha1/generated.proto index 509ac647d03e4..b2e7cf7890792 100644 --- a/pkg/apis/application/v1alpha1/generated.proto +++ b/pkg/apis/application/v1alpha1/generated.proto @@ -41,6 +41,8 @@ message AppProjectSpec { // Description contains optional project description optional string description = 3; + + repeated ProjectToken tokens = 4; } // Application is a definition of Application resource. @@ -283,6 +285,16 @@ message OperationState { optional k8s.io.apimachinery.pkg.apis.meta.v1.Time finishedAt = 7; } +// ProjectToken TODO: Check if everything should be capitalized +// ProjectToken contains metadata of a token for a project +message ProjectToken { + optional string name = 1; + + repeated string policies = 2; + + optional int64 validUntil = 3; +} + // Repository is a Git repository holding application configurations message Repository { optional string repo = 1; diff --git a/pkg/apis/application/v1alpha1/types.go b/pkg/apis/application/v1alpha1/types.go index b26efaf46b557..c8e88d8f7c8f0 100644 --- a/pkg/apis/application/v1alpha1/types.go +++ b/pkg/apis/application/v1alpha1/types.go @@ -183,7 +183,7 @@ type DeploymentInfo struct { // +genclient:noStatus // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object type Application struct { - metav1.TypeMeta `json:",inline"` + metav1.TypeMeta `json:",inline" protobuf:"bytes,5,opt,name=typeMeta"` metav1.ObjectMeta `json:"metadata" protobuf:"bytes,1,opt,name=metadata"` Spec ApplicationSpec `json:"spec" protobuf:"bytes,2,opt,name=spec"` Status ApplicationStatus `json:"status" protobuf:"bytes,3,opt,name=status"` @@ -205,7 +205,7 @@ type ApplicationWatchEvent struct { // ApplicationList is list of Application resources // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object type ApplicationList struct { - metav1.TypeMeta `json:",inline"` + metav1.TypeMeta `json:",inline" protobuf:"bytes,3,opt,name=typeMeta"` metav1.ListMeta `json:"metadata" protobuf:"bytes,1,opt,name=metadata"` Items []Application `json:"items" protobuf:"bytes,2,rep,name=items"` } @@ -428,7 +428,7 @@ type RepositoryList struct { // AppProjectList is list of AppProject resources // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object type AppProjectList struct { - metav1.TypeMeta `json:",inline"` + metav1.TypeMeta `json:",inline" protobuf:"bytes,3,opt,name=typeMeta"` metav1.ListMeta `json:"metadata" protobuf:"bytes,1,opt,name=metadata"` Items []AppProject `json:"items" protobuf:"bytes,2,rep,name=items"` } @@ -438,11 +438,20 @@ type AppProjectList struct { // +genclient:noStatus // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object type AppProject struct { - metav1.TypeMeta `json:",inline"` + metav1.TypeMeta `json:",inline" protobuf:"bytes,3,opt,name=typeMeta"` metav1.ObjectMeta `json:"metadata" protobuf:"bytes,1,opt,name=metadata"` Spec AppProjectSpec `json:"spec" protobuf:"bytes,2,opt,name=spec"` } +//TokenPoliciesString returns Casabin formated string of all the policies for each string +func (proj *AppProject) TokenPoliciesString() string { + var tokenPolicies []string + for _, token := range proj.Spec.Tokens { + tokenPolicies = append(tokenPolicies, token.Policies...) + } + return strings.Join(tokenPolicies, "\n") +} + // AppProjectSpec represents type AppProjectSpec struct { // SourceRepos contains list of git repository URLs which can be used for deployment @@ -453,6 +462,17 @@ type AppProjectSpec struct { // Description contains optional project description Description string `json:"description,omitempty" protobuf:"bytes,3,opt,name=description"` + + Tokens []ProjectToken `protobuf:"bytes,4,rep,name=tokens"` +} + +// ProjectToken TODO: Check if everything should be capitalized +// ProjectToken contains metadata of a token for a project +type ProjectToken struct { + Name string `json:"name" protobuf:"bytes,1,opt,name=name"` + Policies []string `protobuf:"bytes,2,rep,name=policies"` + ValidUntil int64 `json:"validUntil" protobuf:"int64,3,opt,name=validUntil"` + // ValidUntil timestamp.Timestamp `json:"validUntil" protobuf:"bytes,3,opt,name=validUntil"` } func GetDefaultProject(namespace string) AppProject { diff --git a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go index 8676cf022b16e..2619ef03fd186 100644 --- a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go @@ -82,6 +82,13 @@ func (in *AppProjectSpec) DeepCopyInto(out *AppProjectSpec) { *out = make([]ApplicationDestination, len(*in)) copy(*out, *in) } + if in.Tokens != nil { + in, out := &in.Tokens, &out.Tokens + *out = make([]ProjectToken, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } return } @@ -565,6 +572,27 @@ func (in *OperationState) DeepCopy() *OperationState { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ProjectToken) DeepCopyInto(out *ProjectToken) { + *out = *in + if in.Policies != nil { + in, out := &in.Policies, &out.Policies + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectToken. +func (in *ProjectToken) DeepCopy() *ProjectToken { + if in == nil { + return nil + } + out := new(ProjectToken) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Repository) DeepCopyInto(out *Repository) { *out = *in diff --git a/server/project/project.go b/server/project/project.go index d23c07e179866..91d77f183afe7 100644 --- a/server/project/project.go +++ b/server/project/project.go @@ -31,12 +31,91 @@ type Server struct { kubeclientset kubernetes.Interface auditLogger *argo.AuditLogger projectLock *util.KeyLock + sessionMgr *session.SessionManager } // NewServer returns a new instance of the Project service -func NewServer(ns string, kubeclientset kubernetes.Interface, appclientset appclientset.Interface, enf *rbac.Enforcer, projectLock *util.KeyLock) *Server { +func NewServer(ns string, kubeclientset kubernetes.Interface, appclientset appclientset.Interface, enf *rbac.Enforcer, projectLock *util.KeyLock, sessionMgr *session.SessionManager) *Server { auditLogger := argo.NewAuditLogger(ns, kubeclientset, "argocd-server") - return &Server{enf: enf, appclientset: appclientset, kubeclientset: kubeclientset, ns: ns, projectLock: projectLock, auditLogger: auditLogger} + return &Server{enf: enf, appclientset: appclientset, kubeclientset: kubeclientset, ns: ns, projectLock: projectLock, auditLogger: auditLogger, sessionMgr: sessionMgr} +} + +// CreateTokenPolicy creates a new policy for a specifc project token +func (s *Server) CreateTokenPolicy(ctx context.Context, q *ProjectTokenPolicyCreateRequest) (*ProjectTokenPolicyCreateResponse, error) { + //TODO: Grab the project here instead of the CLI. Do this everywhere else too + if !s.enf.EnforceClaims(ctx.Value("claims"), "projects", "update", q.Project.Name) { + return nil, grpc.ErrPermissionDenied + } + //TODO: Verify inputs (i.e. verify project has token) (i.e. / is prepended ) + err := validateProject(q.Project) + if err != nil { + return nil, err + } + //TODO: Confirm lock shouldn't be just before update + s.projectLock.Lock(q.Project.Name) + defer s.projectLock.Unlock(q.Project.Name) + //TODO: add check for action to be allow or deny + object := q.Object + if !strings.HasPrefix(object, q.Project.Name+"/") { + object = fmt.Sprintf("%s/%s", q.Project.Name, object) + } + //p, role:readonly, applications, get, */* + policy := fmt.Sprintf("p, proj:%s:%s, projects, %s, %s", q.Project.Name, q.Token, q.Action, object) + + for i, projectToken := range q.Project.Spec.Tokens { + if projectToken.Name == q.Token { + //TODO: Add check for confirming existing policy doesn't exist (what does this mean though?) + q.Project.Spec.Tokens[i].Policies = append(q.Project.Spec.Tokens[i].Policies, policy) + break + } + } + //TODO: Add exit if condition never turns true + + //TODO: Autoupdate RBAC Enforcer + _, err = s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Update(q.Project) + if err != nil { + return nil, err + } + return &ProjectTokenPolicyCreateResponse{}, nil + +} + +// CreateToken TODO: Add logging +// CreateToken TODO: Confirm deleting and recreating token doesn't work with old token +// CreateToken creates a new token to access a project +func (s *Server) CreateToken(ctx context.Context, q *ProjectTokenCreateRequest) (*ProjectTokenResponse, error) { + if !s.enf.EnforceClaims(ctx.Value("claims"), "projects", "update", q.Project.Name) { + return nil, grpc.ErrPermissionDenied + } + err := validateProject(q.Project) + if err != nil { + return nil, err + } + s.projectLock.Lock(q.Project.Name) + defer s.projectLock.Unlock(q.Project.Name) + //TODO: Verify inputs + + for _, projectToken := range q.Project.Spec.Tokens { + if projectToken.Name == q.Token.Name { + return nil, status.Errorf(codes.AlreadyExists, "'%s' token already exist for project '%s'", q.Token.Name, q.Project.Name) + } + } + //TODO: Move string somewhere common + roleName := fmt.Sprintf("proj:%s:%s", q.Project.Name, q.Token.Name) + //TODO: Confirm expired token doesn't work + token, err := s.sessionMgr.CreateToken(roleName, q.Token.ValidUntil) + if err != nil { + return nil, err + } + + q.Project.Spec.Tokens = append(q.Project.Spec.Tokens, *q.Token) + + _, err = s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Update(q.Project) + if err != nil { + return nil, err + } + return &ProjectTokenResponse{Token: token}, nil + } // Create a new project. diff --git a/server/project/project.pb.go b/server/project/project.pb.go index 6f12fe0ac2d03..fe4dc8390b72e 100644 --- a/server/project/project.pb.go +++ b/server/project/project.pb.go @@ -13,6 +13,10 @@ It has these top-level messages: ProjectCreateRequest + ProjectTokenCreateRequest + ProjectTokenPolicyCreateRequest + ProjectTokenPolicyCreateResponse + ProjectTokenResponse ProjectQuery ProjectUpdateRequest EmptyResponse @@ -61,6 +65,108 @@ func (m *ProjectCreateRequest) GetProject() *github_com_argoproj_argo_cd_pkg_api return nil } +// ProjectTokenCreateRequest defines project token creation parameters. +type ProjectTokenCreateRequest struct { + Project *github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.AppProject `protobuf:"bytes,1,opt,name=project" json:"project,omitempty"` + Token *github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.ProjectToken `protobuf:"bytes,2,opt,name=token" json:"token,omitempty"` +} + +func (m *ProjectTokenCreateRequest) Reset() { *m = ProjectTokenCreateRequest{} } +func (m *ProjectTokenCreateRequest) String() string { return proto.CompactTextString(m) } +func (*ProjectTokenCreateRequest) ProtoMessage() {} +func (*ProjectTokenCreateRequest) Descriptor() ([]byte, []int) { return fileDescriptorProject, []int{1} } + +func (m *ProjectTokenCreateRequest) GetProject() *github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.AppProject { + if m != nil { + return m.Project + } + return nil +} + +func (m *ProjectTokenCreateRequest) GetToken() *github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.ProjectToken { + if m != nil { + return m.Token + } + return nil +} + +type ProjectTokenPolicyCreateRequest struct { + Project *github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.AppProject `protobuf:"bytes,1,opt,name=project" json:"project,omitempty"` + Token string `protobuf:"bytes,2,opt,name=token,proto3" json:"token,omitempty"` + Action string `protobuf:"bytes,3,opt,name=action,proto3" json:"action,omitempty"` + Permission string `protobuf:"bytes,4,opt,name=permission,proto3" json:"permission,omitempty"` + Object string `protobuf:"bytes,5,opt,name=object,proto3" json:"object,omitempty"` +} + +func (m *ProjectTokenPolicyCreateRequest) Reset() { *m = ProjectTokenPolicyCreateRequest{} } +func (m *ProjectTokenPolicyCreateRequest) String() string { return proto.CompactTextString(m) } +func (*ProjectTokenPolicyCreateRequest) ProtoMessage() {} +func (*ProjectTokenPolicyCreateRequest) Descriptor() ([]byte, []int) { + return fileDescriptorProject, []int{2} +} + +func (m *ProjectTokenPolicyCreateRequest) GetProject() *github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.AppProject { + if m != nil { + return m.Project + } + return nil +} + +func (m *ProjectTokenPolicyCreateRequest) GetToken() string { + if m != nil { + return m.Token + } + return "" +} + +func (m *ProjectTokenPolicyCreateRequest) GetAction() string { + if m != nil { + return m.Action + } + return "" +} + +func (m *ProjectTokenPolicyCreateRequest) GetPermission() string { + if m != nil { + return m.Permission + } + return "" +} + +func (m *ProjectTokenPolicyCreateRequest) GetObject() string { + if m != nil { + return m.Object + } + return "" +} + +type ProjectTokenPolicyCreateResponse struct { +} + +func (m *ProjectTokenPolicyCreateResponse) Reset() { *m = ProjectTokenPolicyCreateResponse{} } +func (m *ProjectTokenPolicyCreateResponse) String() string { return proto.CompactTextString(m) } +func (*ProjectTokenPolicyCreateResponse) ProtoMessage() {} +func (*ProjectTokenPolicyCreateResponse) Descriptor() ([]byte, []int) { + return fileDescriptorProject, []int{3} +} + +// ProjectTokenResponse wraps the created token or returns an empty string if deleted. +type ProjectTokenResponse struct { + Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"` +} + +func (m *ProjectTokenResponse) Reset() { *m = ProjectTokenResponse{} } +func (m *ProjectTokenResponse) String() string { return proto.CompactTextString(m) } +func (*ProjectTokenResponse) ProtoMessage() {} +func (*ProjectTokenResponse) Descriptor() ([]byte, []int) { return fileDescriptorProject, []int{4} } + +func (m *ProjectTokenResponse) GetToken() string { + if m != nil { + return m.Token + } + return "" +} + // ProjectQuery is a query for Project resources type ProjectQuery struct { Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` @@ -69,7 +175,7 @@ type ProjectQuery struct { func (m *ProjectQuery) Reset() { *m = ProjectQuery{} } func (m *ProjectQuery) String() string { return proto.CompactTextString(m) } func (*ProjectQuery) ProtoMessage() {} -func (*ProjectQuery) Descriptor() ([]byte, []int) { return fileDescriptorProject, []int{1} } +func (*ProjectQuery) Descriptor() ([]byte, []int) { return fileDescriptorProject, []int{5} } func (m *ProjectQuery) GetName() string { if m != nil { @@ -85,7 +191,7 @@ type ProjectUpdateRequest struct { func (m *ProjectUpdateRequest) Reset() { *m = ProjectUpdateRequest{} } func (m *ProjectUpdateRequest) String() string { return proto.CompactTextString(m) } func (*ProjectUpdateRequest) ProtoMessage() {} -func (*ProjectUpdateRequest) Descriptor() ([]byte, []int) { return fileDescriptorProject, []int{2} } +func (*ProjectUpdateRequest) Descriptor() ([]byte, []int) { return fileDescriptorProject, []int{6} } func (m *ProjectUpdateRequest) GetProject() *github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.AppProject { if m != nil { @@ -100,10 +206,14 @@ type EmptyResponse struct { func (m *EmptyResponse) Reset() { *m = EmptyResponse{} } func (m *EmptyResponse) String() string { return proto.CompactTextString(m) } func (*EmptyResponse) ProtoMessage() {} -func (*EmptyResponse) Descriptor() ([]byte, []int) { return fileDescriptorProject, []int{3} } +func (*EmptyResponse) Descriptor() ([]byte, []int) { return fileDescriptorProject, []int{7} } func init() { proto.RegisterType((*ProjectCreateRequest)(nil), "project.ProjectCreateRequest") + proto.RegisterType((*ProjectTokenCreateRequest)(nil), "project.ProjectTokenCreateRequest") + proto.RegisterType((*ProjectTokenPolicyCreateRequest)(nil), "project.ProjectTokenPolicyCreateRequest") + proto.RegisterType((*ProjectTokenPolicyCreateResponse)(nil), "project.ProjectTokenPolicyCreateResponse") + proto.RegisterType((*ProjectTokenResponse)(nil), "project.ProjectTokenResponse") proto.RegisterType((*ProjectQuery)(nil), "project.ProjectQuery") proto.RegisterType((*ProjectUpdateRequest)(nil), "project.ProjectUpdateRequest") proto.RegisterType((*EmptyResponse)(nil), "project.EmptyResponse") @@ -120,6 +230,11 @@ const _ = grpc.SupportPackageIsVersion4 // Client API for ProjectService service type ProjectServiceClient interface { + // TODO: Is this the best endpoint for this? + // Create a new project token. + CreateTokenPolicy(ctx context.Context, in *ProjectTokenPolicyCreateRequest, opts ...grpc.CallOption) (*ProjectTokenPolicyCreateResponse, error) + // Create a new project token. + CreateToken(ctx context.Context, in *ProjectTokenCreateRequest, opts ...grpc.CallOption) (*ProjectTokenResponse, error) // Create a new project. Create(ctx context.Context, in *ProjectCreateRequest, opts ...grpc.CallOption) (*github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.AppProject, error) // List returns list of projects @@ -142,6 +257,24 @@ func NewProjectServiceClient(cc *grpc.ClientConn) ProjectServiceClient { return &projectServiceClient{cc} } +func (c *projectServiceClient) CreateTokenPolicy(ctx context.Context, in *ProjectTokenPolicyCreateRequest, opts ...grpc.CallOption) (*ProjectTokenPolicyCreateResponse, error) { + out := new(ProjectTokenPolicyCreateResponse) + err := grpc.Invoke(ctx, "/project.ProjectService/CreateTokenPolicy", in, out, c.cc, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *projectServiceClient) CreateToken(ctx context.Context, in *ProjectTokenCreateRequest, opts ...grpc.CallOption) (*ProjectTokenResponse, error) { + out := new(ProjectTokenResponse) + err := grpc.Invoke(ctx, "/project.ProjectService/CreateToken", in, out, c.cc, opts...) + if err != nil { + return nil, err + } + return out, nil +} + func (c *projectServiceClient) Create(ctx context.Context, in *ProjectCreateRequest, opts ...grpc.CallOption) (*github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.AppProject, error) { out := new(github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.AppProject) err := grpc.Invoke(ctx, "/project.ProjectService/Create", in, out, c.cc, opts...) @@ -199,6 +332,11 @@ func (c *projectServiceClient) ListEvents(ctx context.Context, in *ProjectQuery, // Server API for ProjectService service type ProjectServiceServer interface { + // TODO: Is this the best endpoint for this? + // Create a new project token. + CreateTokenPolicy(context.Context, *ProjectTokenPolicyCreateRequest) (*ProjectTokenPolicyCreateResponse, error) + // Create a new project token. + CreateToken(context.Context, *ProjectTokenCreateRequest) (*ProjectTokenResponse, error) // Create a new project. Create(context.Context, *ProjectCreateRequest) (*github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.AppProject, error) // List returns list of projects @@ -217,6 +355,42 @@ func RegisterProjectServiceServer(s *grpc.Server, srv ProjectServiceServer) { s.RegisterService(&_ProjectService_serviceDesc, srv) } +func _ProjectService_CreateTokenPolicy_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ProjectTokenPolicyCreateRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(ProjectServiceServer).CreateTokenPolicy(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/project.ProjectService/CreateTokenPolicy", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(ProjectServiceServer).CreateTokenPolicy(ctx, req.(*ProjectTokenPolicyCreateRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _ProjectService_CreateToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ProjectTokenCreateRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(ProjectServiceServer).CreateToken(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/project.ProjectService/CreateToken", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(ProjectServiceServer).CreateToken(ctx, req.(*ProjectTokenCreateRequest)) + } + return interceptor(ctx, in, info, handler) +} + func _ProjectService_Create_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(ProjectCreateRequest) if err := dec(in); err != nil { @@ -329,6 +503,14 @@ var _ProjectService_serviceDesc = grpc.ServiceDesc{ ServiceName: "project.ProjectService", HandlerType: (*ProjectServiceServer)(nil), Methods: []grpc.MethodDesc{ + { + MethodName: "CreateTokenPolicy", + Handler: _ProjectService_CreateTokenPolicy_Handler, + }, + { + MethodName: "CreateToken", + Handler: _ProjectService_CreateToken_Handler, + }, { MethodName: "Create", Handler: _ProjectService_Create_Handler, @@ -386,6 +568,138 @@ func (m *ProjectCreateRequest) MarshalTo(dAtA []byte) (int, error) { return i, nil } +func (m *ProjectTokenCreateRequest) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *ProjectTokenCreateRequest) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + if m.Project != nil { + dAtA[i] = 0xa + i++ + i = encodeVarintProject(dAtA, i, uint64(m.Project.Size())) + n2, err := m.Project.MarshalTo(dAtA[i:]) + if err != nil { + return 0, err + } + i += n2 + } + if m.Token != nil { + dAtA[i] = 0x12 + i++ + i = encodeVarintProject(dAtA, i, uint64(m.Token.Size())) + n3, err := m.Token.MarshalTo(dAtA[i:]) + if err != nil { + return 0, err + } + i += n3 + } + return i, nil +} + +func (m *ProjectTokenPolicyCreateRequest) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *ProjectTokenPolicyCreateRequest) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + if m.Project != nil { + dAtA[i] = 0xa + i++ + i = encodeVarintProject(dAtA, i, uint64(m.Project.Size())) + n4, err := m.Project.MarshalTo(dAtA[i:]) + if err != nil { + return 0, err + } + i += n4 + } + if len(m.Token) > 0 { + dAtA[i] = 0x12 + i++ + i = encodeVarintProject(dAtA, i, uint64(len(m.Token))) + i += copy(dAtA[i:], m.Token) + } + if len(m.Action) > 0 { + dAtA[i] = 0x1a + i++ + i = encodeVarintProject(dAtA, i, uint64(len(m.Action))) + i += copy(dAtA[i:], m.Action) + } + if len(m.Permission) > 0 { + dAtA[i] = 0x22 + i++ + i = encodeVarintProject(dAtA, i, uint64(len(m.Permission))) + i += copy(dAtA[i:], m.Permission) + } + if len(m.Object) > 0 { + dAtA[i] = 0x2a + i++ + i = encodeVarintProject(dAtA, i, uint64(len(m.Object))) + i += copy(dAtA[i:], m.Object) + } + return i, nil +} + +func (m *ProjectTokenPolicyCreateResponse) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *ProjectTokenPolicyCreateResponse) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + return i, nil +} + +func (m *ProjectTokenResponse) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *ProjectTokenResponse) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + if len(m.Token) > 0 { + dAtA[i] = 0xa + i++ + i = encodeVarintProject(dAtA, i, uint64(len(m.Token))) + i += copy(dAtA[i:], m.Token) + } + return i, nil +} + func (m *ProjectQuery) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -429,11 +743,11 @@ func (m *ProjectUpdateRequest) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0xa i++ i = encodeVarintProject(dAtA, i, uint64(m.Project.Size())) - n2, err := m.Project.MarshalTo(dAtA[i:]) + n5, err := m.Project.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n2 + i += n5 } return i, nil } @@ -475,6 +789,62 @@ func (m *ProjectCreateRequest) Size() (n int) { return n } +func (m *ProjectTokenCreateRequest) Size() (n int) { + var l int + _ = l + if m.Project != nil { + l = m.Project.Size() + n += 1 + l + sovProject(uint64(l)) + } + if m.Token != nil { + l = m.Token.Size() + n += 1 + l + sovProject(uint64(l)) + } + return n +} + +func (m *ProjectTokenPolicyCreateRequest) Size() (n int) { + var l int + _ = l + if m.Project != nil { + l = m.Project.Size() + n += 1 + l + sovProject(uint64(l)) + } + l = len(m.Token) + if l > 0 { + n += 1 + l + sovProject(uint64(l)) + } + l = len(m.Action) + if l > 0 { + n += 1 + l + sovProject(uint64(l)) + } + l = len(m.Permission) + if l > 0 { + n += 1 + l + sovProject(uint64(l)) + } + l = len(m.Object) + if l > 0 { + n += 1 + l + sovProject(uint64(l)) + } + return n +} + +func (m *ProjectTokenPolicyCreateResponse) Size() (n int) { + var l int + _ = l + return n +} + +func (m *ProjectTokenResponse) Size() (n int) { + var l int + _ = l + l = len(m.Token) + if l > 0 { + n += 1 + l + sovProject(uint64(l)) + } + return n +} + func (m *ProjectQuery) Size() (n int) { var l int _ = l @@ -597,6 +967,450 @@ func (m *ProjectCreateRequest) Unmarshal(dAtA []byte) error { } return nil } +func (m *ProjectTokenCreateRequest) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProject + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ProjectTokenCreateRequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ProjectTokenCreateRequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Project", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProject + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthProject + } + postIndex := iNdEx + msglen + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Project == nil { + m.Project = &github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.AppProject{} + } + if err := m.Project.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Token", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProject + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthProject + } + postIndex := iNdEx + msglen + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Token == nil { + m.Token = &github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.ProjectToken{} + } + if err := m.Token.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipProject(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthProject + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *ProjectTokenPolicyCreateRequest) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProject + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ProjectTokenPolicyCreateRequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ProjectTokenPolicyCreateRequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Project", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProject + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthProject + } + postIndex := iNdEx + msglen + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Project == nil { + m.Project = &github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.AppProject{} + } + if err := m.Project.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Token", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProject + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthProject + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Token = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Action", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProject + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthProject + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Action = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Permission", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProject + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthProject + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Permission = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Object", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProject + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthProject + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Object = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipProject(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthProject + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *ProjectTokenPolicyCreateResponse) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProject + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ProjectTokenPolicyCreateResponse: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ProjectTokenPolicyCreateResponse: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + default: + iNdEx = preIndex + skippy, err := skipProject(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthProject + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *ProjectTokenResponse) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProject + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ProjectTokenResponse: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ProjectTokenResponse: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Token", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProject + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthProject + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Token = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipProject(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthProject + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func (m *ProjectQuery) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 @@ -917,38 +1731,49 @@ var ( func init() { proto.RegisterFile("server/project/project.proto", fileDescriptorProject) } var fileDescriptorProject = []byte{ - // 524 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x94, 0xcf, 0x6b, 0x13, 0x41, - 0x14, 0xc7, 0x19, 0x2d, 0x11, 0xc7, 0x9f, 0x0c, 0xad, 0xd6, 0xb5, 0x8d, 0x65, 0x0f, 0x52, 0x0a, - 0x9d, 0x21, 0xad, 0x87, 0xe2, 0xcd, 0x1f, 0x41, 0x0a, 0x1e, 0x34, 0x22, 0x88, 0x97, 0x32, 0xdd, - 0x7d, 0x6c, 0x36, 0xc9, 0xee, 0x8c, 0x33, 0x93, 0x95, 0x20, 0x5e, 0x8a, 0x37, 0x8f, 0x82, 0xff, - 0x80, 0xff, 0x8c, 0x47, 0xc1, 0x7f, 0x40, 0x82, 0x7f, 0x88, 0xcc, 0xdb, 0x5d, 0xd3, 0x34, 0x5d, - 0x4f, 0xc1, 0x53, 0x5e, 0xde, 0xcc, 0xbc, 0xef, 0xe7, 0xfd, 0xd8, 0x47, 0x37, 0x2c, 0x98, 0x02, - 0x8c, 0xd0, 0x46, 0x0d, 0x20, 0x72, 0xf5, 0x2f, 0xd7, 0x46, 0x39, 0xc5, 0x2e, 0x55, 0x7f, 0x83, - 0xd5, 0x44, 0x25, 0x0a, 0x7d, 0xc2, 0x5b, 0xe5, 0x71, 0xb0, 0x91, 0x28, 0x95, 0x8c, 0x40, 0x48, - 0x9d, 0x0a, 0x99, 0xe7, 0xca, 0x49, 0x97, 0xaa, 0xdc, 0x56, 0xa7, 0xe1, 0xf0, 0xc0, 0xf2, 0x54, - 0xe1, 0x69, 0xa4, 0x0c, 0x88, 0xa2, 0x23, 0x12, 0xc8, 0xc1, 0x48, 0x07, 0x71, 0x75, 0xe7, 0xc1, - 0xec, 0x4e, 0x26, 0xa3, 0x7e, 0x9a, 0x83, 0x99, 0x08, 0x3d, 0x4c, 0xbc, 0xc3, 0x8a, 0x0c, 0x9c, - 0x3c, 0xef, 0xd5, 0x61, 0x92, 0xba, 0xfe, 0xf8, 0x98, 0x47, 0x2a, 0x13, 0xd2, 0x20, 0xd8, 0x00, - 0x8d, 0xdd, 0x28, 0x9e, 0xbd, 0x96, 0x5a, 0x8f, 0xd2, 0x08, 0x91, 0x44, 0xd1, 0x91, 0x23, 0xdd, - 0x97, 0x0b, 0xa1, 0xc2, 0xf7, 0x74, 0xf5, 0x45, 0x99, 0xe3, 0x13, 0x03, 0xd2, 0x41, 0x0f, 0xde, - 0x8d, 0xc1, 0x3a, 0x76, 0x44, 0xeb, 0xdc, 0xd7, 0xc9, 0x16, 0xd9, 0xbe, 0xb2, 0xd7, 0xe5, 0x33, - 0x51, 0x5e, 0x8b, 0xa2, 0x71, 0x14, 0xc5, 0x5c, 0x0f, 0x13, 0xee, 0x45, 0xf9, 0x29, 0x51, 0x5e, - 0x8b, 0xf2, 0x47, 0x5a, 0x57, 0x22, 0xbd, 0x3a, 0x6a, 0x18, 0xd2, 0xab, 0x95, 0xef, 0xe5, 0x18, - 0xcc, 0x84, 0x31, 0xba, 0x92, 0xcb, 0x0c, 0x50, 0xed, 0x72, 0x0f, 0xed, 0x53, 0x70, 0xaf, 0x75, - 0xfc, 0x3f, 0xe1, 0x6e, 0xd0, 0x6b, 0xdd, 0x4c, 0xbb, 0x49, 0x0f, 0xac, 0x56, 0xb9, 0x85, 0xbd, - 0xaf, 0x2d, 0x7a, 0xbd, 0xba, 0xf5, 0x0a, 0x4c, 0x91, 0x46, 0xc0, 0x3e, 0x13, 0xda, 0x2a, 0x6b, - 0xc6, 0x36, 0x79, 0x3d, 0x36, 0xe7, 0xd5, 0x32, 0x58, 0x0e, 0x5d, 0x78, 0xf7, 0xe4, 0xe7, 0xef, - 0x2f, 0x17, 0xd6, 0xc2, 0x9b, 0x38, 0x51, 0x45, 0xa7, 0x9e, 0x55, 0xfb, 0x90, 0xec, 0xb0, 0x13, - 0x42, 0x57, 0x9e, 0xa7, 0xd6, 0xb1, 0xb5, 0xb3, 0x2c, 0x58, 0xde, 0xe0, 0x70, 0x29, 0x0c, 0x5e, - 0x21, 0x5c, 0x47, 0x0e, 0xc6, 0x16, 0x38, 0xd8, 0x27, 0x42, 0x2f, 0x3e, 0x83, 0x46, 0x86, 0x25, - 0xd5, 0xe1, 0x1e, 0xea, 0xdf, 0x61, 0xb7, 0xcf, 0xea, 0x8b, 0x0f, 0x7e, 0x6a, 0x3e, 0xb2, 0x6f, - 0x84, 0xb6, 0xca, 0x81, 0x59, 0xec, 0xcc, 0xdc, 0x20, 0x2d, 0x8b, 0x68, 0x1f, 0x89, 0x76, 0x83, - 0xed, 0x45, 0xa2, 0x5a, 0xde, 0x7f, 0xca, 0xb1, 0x74, 0x92, 0x23, 0xa2, 0xef, 0xd8, 0x1b, 0xda, - 0x7a, 0x0a, 0x23, 0x70, 0xd0, 0x54, 0xae, 0x5b, 0x7f, 0xdd, 0x73, 0xb3, 0x58, 0xe7, 0xbf, 0xd3, - 0x98, 0xff, 0x80, 0x52, 0xdf, 0xa8, 0x6e, 0x01, 0xb9, 0xb3, 0x4d, 0xd1, 0x37, 0x79, 0xb9, 0x7a, - 0x7c, 0x86, 0xdc, 0xaf, 0x27, 0x5e, 0x74, 0x38, 0x3e, 0xc1, 0x26, 0xdf, 0x47, 0x91, 0x2d, 0xd6, - 0x6e, 0x10, 0x11, 0x80, 0xd1, 0x1f, 0x1f, 0x7c, 0x9f, 0xb6, 0xc9, 0x8f, 0x69, 0x9b, 0xfc, 0x9a, - 0xb6, 0xc9, 0xdb, 0x9d, 0x7f, 0x2d, 0xa6, 0xf9, 0x4d, 0x7b, 0xdc, 0xc2, 0x05, 0xb4, 0xff, 0x27, - 0x00, 0x00, 0xff, 0xff, 0x07, 0x9f, 0x39, 0xbd, 0x82, 0x05, 0x00, 0x00, + // 695 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x56, 0x4d, 0x6f, 0x13, 0x3d, + 0x10, 0x96, 0xfb, 0x91, 0xf7, 0x7d, 0xdd, 0x97, 0x2f, 0xab, 0x2d, 0x69, 0xda, 0xa6, 0xc5, 0x07, + 0x14, 0x2a, 0xea, 0x55, 0x5a, 0x0e, 0x15, 0x37, 0x3e, 0xaa, 0xaa, 0x12, 0x87, 0x52, 0x40, 0x42, + 0x48, 0xa8, 0x72, 0x37, 0xa3, 0xed, 0x36, 0xc9, 0xda, 0xac, 0xdd, 0x45, 0x11, 0xe2, 0x52, 0x71, + 0xe3, 0x06, 0x7f, 0x00, 0x89, 0x3f, 0xc3, 0x11, 0x89, 0x23, 0x17, 0x54, 0x71, 0xe0, 0x67, 0x20, + 0xcf, 0xee, 0x36, 0x9b, 0x26, 0x01, 0x24, 0xa2, 0x9e, 0xe2, 0x1d, 0xcf, 0xcc, 0xf3, 0x3c, 0x33, + 0xb6, 0x27, 0x74, 0xc1, 0x40, 0x9c, 0x40, 0xec, 0xe9, 0x58, 0x1d, 0x82, 0x6f, 0xf3, 0x5f, 0xa1, + 0x63, 0x65, 0x15, 0xfb, 0x27, 0xfb, 0xac, 0x4c, 0x07, 0x2a, 0x50, 0x68, 0xf3, 0xdc, 0x2a, 0xdd, + 0xae, 0x2c, 0x04, 0x4a, 0x05, 0x2d, 0xf0, 0xa4, 0x0e, 0x3d, 0x19, 0x45, 0xca, 0x4a, 0x1b, 0xaa, + 0xc8, 0x64, 0xbb, 0xbc, 0xb9, 0x61, 0x44, 0xa8, 0x70, 0xd7, 0x57, 0x31, 0x78, 0x49, 0xdd, 0x0b, + 0x20, 0x82, 0x58, 0x5a, 0x68, 0x64, 0x3e, 0xb7, 0xba, 0x3e, 0x6d, 0xe9, 0x1f, 0x84, 0x11, 0xc4, + 0x1d, 0x4f, 0x37, 0x03, 0x67, 0x30, 0x5e, 0x1b, 0xac, 0x1c, 0x14, 0xb5, 0x1d, 0x84, 0xf6, 0xe0, + 0x68, 0x5f, 0xf8, 0xaa, 0xed, 0xc9, 0x18, 0x89, 0x1d, 0xe2, 0x62, 0xd5, 0x6f, 0x74, 0xa3, 0xa5, + 0xd6, 0xad, 0xd0, 0x47, 0x4a, 0x5e, 0x52, 0x97, 0x2d, 0x7d, 0x20, 0xfb, 0x52, 0xf1, 0x97, 0x74, + 0x7a, 0x27, 0xd5, 0x78, 0x2f, 0x06, 0x69, 0x61, 0x17, 0x5e, 0x1c, 0x81, 0xb1, 0x6c, 0x8f, 0xe6, + 0xda, 0xcb, 0x64, 0x99, 0xd4, 0xa6, 0xd6, 0x36, 0x45, 0x17, 0x54, 0xe4, 0xa0, 0xb8, 0xd8, 0xf3, + 0x1b, 0x42, 0x37, 0x03, 0xe1, 0x40, 0x45, 0x01, 0x54, 0xe4, 0xa0, 0xe2, 0x8e, 0xd6, 0x19, 0xc8, + 0x6e, 0x9e, 0x95, 0x7f, 0x25, 0x74, 0x2e, 0x33, 0x3e, 0x56, 0x4d, 0x88, 0xce, 0x17, 0x9e, 0x3d, + 0xa7, 0x93, 0xd6, 0xc1, 0x96, 0xc7, 0x30, 0xfd, 0xd6, 0x5f, 0xa4, 0x2f, 0xaa, 0xd8, 0x4d, 0xb3, + 0xf2, 0x1f, 0x84, 0x2e, 0x15, 0xed, 0x3b, 0xaa, 0x15, 0xfa, 0x9d, 0x73, 0xd6, 0x38, 0x5d, 0xd4, + 0xf8, 0x5f, 0x46, 0x8d, 0xcd, 0xd2, 0x92, 0xf4, 0x5d, 0x70, 0x79, 0x1c, 0xcd, 0xd9, 0x17, 0xab, + 0x52, 0xaa, 0x21, 0x6e, 0x87, 0xc6, 0xb8, 0xbd, 0x09, 0xdc, 0x2b, 0x58, 0x5c, 0x9c, 0xda, 0x47, + 0xb6, 0x93, 0x69, 0x5c, 0xfa, 0xc5, 0x39, 0x5d, 0x1e, 0xae, 0xd4, 0x68, 0x15, 0x19, 0xe0, 0x37, + 0x4f, 0x4f, 0x59, 0x5a, 0xa5, 0xcc, 0xde, 0x65, 0x48, 0x0a, 0x0c, 0x39, 0xa7, 0xff, 0x67, 0xde, + 0x0f, 0x8f, 0x20, 0xee, 0x30, 0x46, 0x27, 0x22, 0xd9, 0x86, 0xcc, 0x09, 0xd7, 0x85, 0x73, 0xfb, + 0x44, 0x37, 0xce, 0xf3, 0xdc, 0x5e, 0xa2, 0x17, 0x36, 0xdb, 0xda, 0x76, 0x72, 0x0d, 0x6b, 0x1f, + 0xfe, 0xa5, 0x17, 0x33, 0xaf, 0x47, 0x10, 0x27, 0xa1, 0x0f, 0xec, 0x1d, 0xa1, 0x57, 0xd2, 0x0a, + 0x14, 0x4a, 0xc2, 0x6a, 0x22, 0x7f, 0x5c, 0x7e, 0x73, 0x32, 0x2a, 0x37, 0xfe, 0xc0, 0x33, 0xab, + 0x6c, 0xed, 0xf8, 0xcb, 0xf7, 0xf7, 0x63, 0x9c, 0x2f, 0xe2, 0x33, 0x93, 0xd4, 0xf3, 0x07, 0xcc, + 0x78, 0x58, 0x4b, 0x4f, 0x63, 0xd0, 0x6d, 0xb2, 0xc2, 0x0c, 0x9d, 0x2a, 0x70, 0x62, 0x7c, 0x20, + 0x46, 0x2f, 0x8f, 0xc5, 0x81, 0x3e, 0xa7, 0xd8, 0xd7, 0x10, 0x7b, 0x9e, 0xcf, 0x0e, 0xc6, 0x76, + 0xa0, 0x6f, 0x09, 0x2d, 0xa5, 0x39, 0x59, 0x5f, 0xb2, 0x5e, 0xac, 0xd1, 0xf4, 0x89, 0xcf, 0x23, + 0xa7, 0x19, 0x7e, 0xf9, 0x2c, 0x27, 0xc7, 0xe6, 0x98, 0xd0, 0x89, 0x07, 0xa1, 0xb1, 0x6c, 0xe6, + 0x2c, 0x17, 0x3c, 0x68, 0x95, 0xed, 0x91, 0x70, 0x70, 0x08, 0xbc, 0x8c, 0x3c, 0x18, 0xeb, 0xe3, + 0xc1, 0xde, 0x10, 0x3a, 0xbe, 0x05, 0x43, 0x39, 0x8c, 0xa8, 0x0e, 0x4b, 0x88, 0x3f, 0xc7, 0xae, + 0xf6, 0xf5, 0xe6, 0x95, 0xbb, 0x3f, 0xaf, 0xd9, 0x47, 0x42, 0x4b, 0xe9, 0xd5, 0xe9, 0xef, 0x4c, + 0xcf, 0x95, 0x1a, 0x15, 0xa3, 0x75, 0x64, 0xb4, 0x5a, 0xa9, 0xf5, 0x33, 0xca, 0xe1, 0xdd, 0xbc, + 0x6b, 0x48, 0x2b, 0x05, 0x52, 0x74, 0x1d, 0x7b, 0x4a, 0x4b, 0xf7, 0xa1, 0x05, 0x16, 0x86, 0x95, + 0x6b, 0xf6, 0xd4, 0xdc, 0x73, 0x2b, 0x73, 0xfd, 0x2b, 0x43, 0xf5, 0x1f, 0x52, 0xea, 0x1a, 0xb5, + 0x99, 0x40, 0x64, 0xcd, 0xb0, 0xec, 0x8b, 0x22, 0x9d, 0xcf, 0x4e, 0xa1, 0x70, 0x33, 0x5c, 0x24, + 0x75, 0x81, 0x21, 0xd8, 0xe4, 0xeb, 0x08, 0xb2, 0xcc, 0xaa, 0x43, 0x40, 0x3c, 0xc0, 0xec, 0x77, + 0x37, 0x3e, 0x9d, 0x54, 0xc9, 0xe7, 0x93, 0x2a, 0xf9, 0x76, 0x52, 0x25, 0xcf, 0x56, 0x7e, 0x35, + 0xbd, 0x7b, 0xff, 0x8e, 0xec, 0x97, 0x70, 0x4a, 0xaf, 0xff, 0x0c, 0x00, 0x00, 0xff, 0xff, 0x2a, + 0x84, 0x82, 0x37, 0xa7, 0x08, 0x00, 0x00, } diff --git a/server/project/project.pb.gw.go b/server/project/project.pb.gw.go index a1b8f016ef993..91b12d52809af 100644 --- a/server/project/project.pb.gw.go +++ b/server/project/project.pb.gw.go @@ -28,6 +28,32 @@ var _ status.Status var _ = runtime.String var _ = utilities.NewDoubleArray +func request_ProjectService_CreateTokenPolicy_0(ctx context.Context, marshaler runtime.Marshaler, client ProjectServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq ProjectTokenPolicyCreateRequest + var metadata runtime.ServerMetadata + + if err := marshaler.NewDecoder(req.Body).Decode(&protoReq); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := client.CreateTokenPolicy(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) + return msg, metadata, err + +} + +func request_ProjectService_CreateToken_0(ctx context.Context, marshaler runtime.Marshaler, client ProjectServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq ProjectTokenCreateRequest + var metadata runtime.ServerMetadata + + if err := marshaler.NewDecoder(req.Body).Decode(&protoReq); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := client.CreateToken(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) + return msg, metadata, err + +} + func request_ProjectService_Create_0(ctx context.Context, marshaler runtime.Marshaler, client ProjectServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { var protoReq ProjectCreateRequest var metadata runtime.ServerMetadata @@ -208,6 +234,64 @@ func RegisterProjectServiceHandler(ctx context.Context, mux *runtime.ServeMux, c // "ProjectServiceClient" to call the correct interceptors. func RegisterProjectServiceHandlerClient(ctx context.Context, mux *runtime.ServeMux, client ProjectServiceClient) error { + mux.Handle("POST", pattern_ProjectService_CreateTokenPolicy_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + if cn, ok := w.(http.CloseNotifier); ok { + go func(done <-chan struct{}, closed <-chan bool) { + select { + case <-done: + case <-closed: + cancel() + } + }(ctx.Done(), cn.CloseNotify()) + } + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := request_ProjectService_CreateTokenPolicy_0(rctx, inboundMarshaler, client, req, pathParams) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_ProjectService_CreateTokenPolicy_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + mux.Handle("POST", pattern_ProjectService_CreateToken_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + if cn, ok := w.(http.CloseNotifier); ok { + go func(done <-chan struct{}, closed <-chan bool) { + select { + case <-done: + case <-closed: + cancel() + } + }(ctx.Done(), cn.CloseNotify()) + } + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := request_ProjectService_CreateToken_0(rctx, inboundMarshaler, client, req, pathParams) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_ProjectService_CreateToken_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + mux.Handle("POST", pattern_ProjectService_Create_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { ctx, cancel := context.WithCancel(req.Context()) defer cancel() @@ -386,6 +470,10 @@ func RegisterProjectServiceHandlerClient(ctx context.Context, mux *runtime.Serve } var ( + pattern_ProjectService_CreateTokenPolicy_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3, 2, 4}, []string{"api", "v1", "projects", "token", "policy"}, "")) + + pattern_ProjectService_CreateToken_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"api", "v1", "projects", "token"}, "")) + pattern_ProjectService_Create_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"api", "v1", "projects"}, "")) pattern_ProjectService_List_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"api", "v1", "projects"}, "")) @@ -400,6 +488,10 @@ var ( ) var ( + forward_ProjectService_CreateTokenPolicy_0 = runtime.ForwardResponseMessage + + forward_ProjectService_CreateToken_0 = runtime.ForwardResponseMessage + forward_ProjectService_Create_0 = runtime.ForwardResponseMessage forward_ProjectService_List_0 = runtime.ForwardResponseMessage diff --git a/server/project/project.proto b/server/project/project.proto index af8ba0eb93918..cd3209337dfa1 100644 --- a/server/project/project.proto +++ b/server/project/project.proto @@ -18,6 +18,29 @@ message ProjectCreateRequest { github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.AppProject project = 1; } +// ProjectTokenCreateRequest defines project token creation parameters. +message ProjectTokenCreateRequest { + github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.AppProject project = 1; + github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.ProjectToken token = 2; +} + +message ProjectTokenPolicyCreateRequest { + github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.AppProject project = 1; + string token = 2; + string action = 3; + string permission = 4; + string object = 5; +} + +message ProjectTokenPolicyCreateResponse { +} + +// ProjectTokenResponse wraps the created token or returns an empty string if deleted. +message ProjectTokenResponse { + string token = 1; +} + + // ProjectQuery is a query for Project resources message ProjectQuery { string name = 1; @@ -32,6 +55,23 @@ message EmptyResponse {} // ProjectService service ProjectService { + // TODO: Is this the best endpoint for this? + // Create a new project token. + rpc CreateTokenPolicy(ProjectTokenPolicyCreateRequest) returns (ProjectTokenPolicyCreateResponse) { + option (google.api.http) = { + post: "/api/v1/projects/token/policy" + body: "*" + }; + } + + // Create a new project token. + rpc CreateToken(ProjectTokenCreateRequest) returns (ProjectTokenResponse) { + option (google.api.http) = { + post: "/api/v1/projects/token" + body: "*" + }; + } + // Create a new project. rpc Create(ProjectCreateRequest) returns (github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.AppProject) { option (google.api.http) = { diff --git a/server/server.go b/server/server.go index 7b0a9ac59f8e3..e48cf45ffaadf 100644 --- a/server/server.go +++ b/server/server.go @@ -131,7 +131,7 @@ func NewServer(opts ArgoCDServerOpts) *ArgoCDServer { errors.CheckError(err) sessionMgr := util_session.NewSessionManager(settings) - enf := rbac.NewEnforcer(opts.KubeClientset, opts.Namespace, common.ArgoCDRBACConfigMapName, nil) + enf := rbac.NewEnforcer(opts.KubeClientset, opts.AppClientset, opts.Namespace, common.ArgoCDRBACConfigMapName, nil) enf.EnableEnforce(!opts.DisableAuth) err = enf.SetBuiltinPolicy(builtinPolicy) errors.CheckError(err) @@ -340,7 +340,7 @@ func (a *ArgoCDServer) newGRPCServer() *grpc.Server { sessionService := session.NewServer(a.sessionMgr) projectLock := util.NewKeyLock() applicationService := application.NewServer(a.Namespace, a.KubeClientset, a.AppClientset, a.RepoClientset, db, a.enf, projectLock) - projectService := project.NewServer(a.Namespace, a.KubeClientset, a.AppClientset, a.enf, projectLock) + projectService := project.NewServer(a.Namespace, a.KubeClientset, a.AppClientset, a.enf, projectLock, a.sessionMgr) settingsService := settings.NewServer(a.settingsMgr) accountService := account.NewServer(a.sessionMgr, a.settingsMgr) version.RegisterVersionServiceServer(grpcS, &version.Server{}) diff --git a/server/session/session.pb.go b/server/session/session.pb.go index 7d5145f81d8bf..c05cb31a82741 100644 --- a/server/session/session.pb.go +++ b/server/session/session.pb.go @@ -47,6 +47,7 @@ type SessionCreateRequest struct { Username string `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"` Password string `protobuf:"bytes,2,opt,name=password,proto3" json:"password,omitempty"` Token string `protobuf:"bytes,3,opt,name=token,proto3" json:"token,omitempty"` + Project string `protobuf:"bytes,4,opt,name=project,proto3" json:"project,omitempty"` } func (m *SessionCreateRequest) Reset() { *m = SessionCreateRequest{} } @@ -75,6 +76,13 @@ func (m *SessionCreateRequest) GetToken() string { return "" } +func (m *SessionCreateRequest) GetProject() string { + if m != nil { + return m.Project + } + return "" +} + // SessionDeleteRequest is for logging out. type SessionDeleteRequest struct { } @@ -249,6 +257,12 @@ func (m *SessionCreateRequest) MarshalTo(dAtA []byte) (int, error) { i = encodeVarintSession(dAtA, i, uint64(len(m.Token))) i += copy(dAtA[i:], m.Token) } + if len(m.Project) > 0 { + dAtA[i] = 0x22 + i++ + i = encodeVarintSession(dAtA, i, uint64(len(m.Project))) + i += copy(dAtA[i:], m.Project) + } return i, nil } @@ -318,6 +332,10 @@ func (m *SessionCreateRequest) Size() (n int) { if l > 0 { n += 1 + l + sovSession(uint64(l)) } + l = len(m.Project) + if l > 0 { + n += 1 + l + sovSession(uint64(l)) + } return n } @@ -466,6 +484,35 @@ func (m *SessionCreateRequest) Unmarshal(dAtA []byte) error { } m.Token = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Project", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowSession + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthSession + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Project = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipSession(dAtA[iNdEx:]) @@ -724,28 +771,28 @@ var ( func init() { proto.RegisterFile("server/session/session.proto", fileDescriptorSession) } var fileDescriptorSession = []byte{ - // 356 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x7c, 0x92, 0xb1, 0x4e, 0xeb, 0x30, - 0x14, 0x86, 0xe5, 0x5e, 0xdd, 0xde, 0x7b, 0x3d, 0xdc, 0x8a, 0x28, 0x82, 0x28, 0x2a, 0x15, 0xca, - 0x02, 0xaa, 0x44, 0xac, 0xc2, 0x52, 0x31, 0x02, 0x0b, 0x6b, 0xbb, 0x55, 0x62, 0x70, 0x93, 0xa3, - 0xd4, 0x34, 0xf5, 0x31, 0xb6, 0x1b, 0x76, 0x5e, 0x81, 0x97, 0x42, 0x62, 0x41, 0xe2, 0x05, 0x50, - 0xc5, 0x83, 0xa0, 0x3a, 0x49, 0xa1, 0x2d, 0xea, 0x14, 0xff, 0xfe, 0x9d, 0xef, 0x3f, 0x3e, 0xc7, - 0xb4, 0x6d, 0x40, 0x17, 0xa0, 0x99, 0x01, 0x63, 0x04, 0xca, 0xfa, 0x1b, 0x2b, 0x8d, 0x16, 0xbd, - 0x3f, 0x95, 0x0c, 0xfd, 0x0c, 0x33, 0x74, 0x7b, 0x6c, 0xb9, 0x2a, 0xed, 0xb0, 0x9d, 0x21, 0x66, - 0x39, 0x30, 0xae, 0x04, 0xe3, 0x52, 0xa2, 0xe5, 0x56, 0xa0, 0x34, 0x95, 0x1b, 0x4d, 0xfb, 0x26, - 0x16, 0xe8, 0xdc, 0x04, 0x35, 0xb0, 0xa2, 0xc7, 0x32, 0x90, 0xa0, 0xb9, 0x85, 0xb4, 0x3a, 0x73, - 0x93, 0x09, 0x3b, 0x99, 0x8f, 0xe3, 0x04, 0x67, 0x8c, 0x6b, 0x17, 0x71, 0xe7, 0x16, 0xa7, 0x49, - 0xca, 0xd4, 0x34, 0x5b, 0xfe, 0x6c, 0x18, 0x57, 0x2a, 0x17, 0x89, 0x83, 0xb3, 0xa2, 0xc7, 0x73, - 0x35, 0xe1, 0x5b, 0xa8, 0x28, 0xa5, 0xfe, 0xb0, 0xac, 0xf6, 0x4a, 0x03, 0xb7, 0x30, 0x80, 0xfb, - 0x39, 0x18, 0xeb, 0x85, 0xf4, 0xef, 0xdc, 0x80, 0x96, 0x7c, 0x06, 0x01, 0x39, 0x22, 0x27, 0xff, - 0x06, 0x2b, 0xbd, 0xf4, 0x14, 0x37, 0xe6, 0x01, 0x75, 0x1a, 0x34, 0x4a, 0xaf, 0xd6, 0x9e, 0x4f, - 0x7f, 0x5b, 0x9c, 0x82, 0x0c, 0x7e, 0x39, 0xa3, 0x14, 0xd1, 0xfe, 0x2a, 0xe5, 0x1a, 0x72, 0x58, - 0xa5, 0x44, 0xc7, 0xb4, 0x55, 0xed, 0x0f, 0xc0, 0x28, 0x94, 0x06, 0xbe, 0x00, 0xe4, 0x1b, 0xe0, - 0xec, 0x85, 0xd0, 0xff, 0xd5, 0xc9, 0x21, 0xe8, 0x42, 0x24, 0xe0, 0xdd, 0xd2, 0x66, 0x59, 0xb2, - 0x77, 0x18, 0xd7, 0xfd, 0xff, 0xe9, 0x2a, 0x61, 0xb0, 0x69, 0xd7, 0x59, 0x51, 0xf8, 0xf8, 0xf6, - 0xf1, 0xd4, 0xf0, 0xa3, 0x96, 0xeb, 0x76, 0xd1, 0xab, 0xe7, 0x78, 0x41, 0xba, 0xde, 0x88, 0x36, - 0xcb, 0x5a, 0xb7, 0xf1, 0x6b, 0x77, 0xd8, 0x81, 0x3f, 0x70, 0xf8, 0xbd, 0xee, 0x26, 0xfe, 0xb2, - 0xff, 0xbc, 0xe8, 0x90, 0xd7, 0x45, 0x87, 0xbc, 0x2f, 0x3a, 0x64, 0xd4, 0xdd, 0x35, 0xcd, 0xf5, - 0x87, 0x36, 0x6e, 0xba, 0xa9, 0x9d, 0x7f, 0x06, 0x00, 0x00, 0xff, 0xff, 0x9e, 0x28, 0x53, 0xc6, - 0x81, 0x02, 0x00, 0x00, + // 368 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x7c, 0x92, 0xc1, 0x4a, 0xeb, 0x40, + 0x14, 0x86, 0x99, 0xde, 0x7b, 0xdb, 0xeb, 0x2c, 0x2c, 0x86, 0xa0, 0x21, 0xd4, 0x22, 0xd9, 0x28, + 0x05, 0x33, 0x54, 0x37, 0xc5, 0xa5, 0xba, 0x71, 0xdb, 0xee, 0x0a, 0x2e, 0xa6, 0xe9, 0x21, 0x8d, + 0x4d, 0xe7, 0x8c, 0x33, 0xd3, 0xb8, 0x73, 0xe1, 0x2b, 0xf8, 0x52, 0x82, 0x1b, 0xc1, 0x17, 0x90, + 0xe2, 0x83, 0x48, 0x26, 0x49, 0xb5, 0xad, 0x74, 0x95, 0xf9, 0xcf, 0x3f, 0xf9, 0xce, 0x39, 0xfc, + 0x43, 0x5b, 0x1a, 0x54, 0x06, 0x8a, 0x69, 0xd0, 0x3a, 0x41, 0x51, 0x7d, 0x43, 0xa9, 0xd0, 0xa0, + 0xd3, 0x28, 0xa5, 0xef, 0xc6, 0x18, 0xa3, 0xad, 0xb1, 0xfc, 0x54, 0xd8, 0x7e, 0x2b, 0x46, 0x8c, + 0x53, 0x60, 0x5c, 0x26, 0x8c, 0x0b, 0x81, 0x86, 0x9b, 0x04, 0x85, 0x2e, 0xdd, 0x60, 0xda, 0xd3, + 0x61, 0x82, 0xd6, 0x8d, 0x50, 0x01, 0xcb, 0xba, 0x2c, 0x06, 0x01, 0x8a, 0x1b, 0x18, 0x97, 0x77, + 0x6e, 0xe2, 0xc4, 0x4c, 0xe6, 0xa3, 0x30, 0xc2, 0x19, 0xe3, 0xca, 0xb6, 0xb8, 0xb3, 0x87, 0xd3, + 0x68, 0xcc, 0xe4, 0x34, 0xce, 0x7f, 0xd6, 0x8c, 0x4b, 0x99, 0x26, 0x91, 0x85, 0xb3, 0xac, 0xcb, + 0x53, 0x39, 0xe1, 0x1b, 0xa8, 0xe0, 0x91, 0xba, 0x83, 0x62, 0xda, 0x2b, 0x05, 0xdc, 0x40, 0x1f, + 0xee, 0xe7, 0xa0, 0x8d, 0xe3, 0xd3, 0xff, 0x73, 0x0d, 0x4a, 0xf0, 0x19, 0x78, 0xe4, 0x88, 0x9c, + 0xec, 0xf4, 0x97, 0x3a, 0xf7, 0x24, 0xd7, 0xfa, 0x01, 0xd5, 0xd8, 0xab, 0x15, 0x5e, 0xa5, 0x1d, + 0x97, 0xfe, 0x33, 0x38, 0x05, 0xe1, 0xfd, 0xb1, 0x46, 0x21, 0x1c, 0x8f, 0x36, 0xf2, 0x19, 0x21, + 0x32, 0xde, 0x5f, 0x5b, 0xaf, 0x64, 0xb0, 0xbf, 0xec, 0x7f, 0x0d, 0x29, 0x2c, 0xfb, 0x07, 0xc7, + 0xb4, 0x59, 0xd6, 0xfb, 0xa0, 0x25, 0x0a, 0x0d, 0xdf, 0x68, 0xf2, 0x03, 0x7d, 0xf6, 0x4a, 0xe8, + 0x6e, 0x79, 0x73, 0x00, 0x2a, 0x4b, 0x22, 0x70, 0x6e, 0x69, 0xbd, 0x58, 0xc6, 0x39, 0x0c, 0xab, + 0x64, 0x7e, 0x5b, 0xd2, 0xf7, 0xd6, 0xed, 0xaa, 0x57, 0xe0, 0x3f, 0xbd, 0x7f, 0x3e, 0xd7, 0xdc, + 0xa0, 0x69, 0x73, 0xc8, 0xba, 0x55, 0xc2, 0x17, 0xa4, 0xe3, 0x0c, 0x69, 0xbd, 0x98, 0x75, 0x13, + 0xbf, 0xb2, 0xc3, 0x16, 0xfc, 0x81, 0xc5, 0xef, 0x75, 0xd6, 0xf1, 0x97, 0xbd, 0x97, 0x45, 0x9b, + 0xbc, 0x2d, 0xda, 0xe4, 0x63, 0xd1, 0x26, 0xc3, 0xce, 0xb6, 0x9c, 0x57, 0x9f, 0xe0, 0xa8, 0x6e, + 0xf3, 0x3c, 0xff, 0x0a, 0x00, 0x00, 0xff, 0xff, 0x34, 0x26, 0xe2, 0x77, 0x9b, 0x02, 0x00, 0x00, } diff --git a/server/session/session.proto b/server/session/session.proto index 339cbd2c65c48..7ab22f20d26eb 100644 --- a/server/session/session.proto +++ b/server/session/session.proto @@ -17,6 +17,7 @@ message SessionCreateRequest { string username = 1; string password = 2; string token = 3; + string project = 4; } // SessionDeleteRequest is for logging out. diff --git a/server/swagger.json b/server/swagger.json index 1185e7649629f..7d008539e150a 100644 --- a/server/swagger.json +++ b/server/swagger.json @@ -695,6 +695,60 @@ } } }, + "/api/v1/projects/token": { + "post": { + "tags": [ + "ProjectService" + ], + "summary": "Create a new project token.", + "operationId": "CreateToken", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/projectProjectTokenCreateRequest" + } + } + ], + "responses": { + "200": { + "description": "(empty)", + "schema": { + "$ref": "#/definitions/projectProjectTokenResponse" + } + } + } + } + }, + "/api/v1/projects/token/policy": { + "post": { + "tags": [ + "ProjectService" + ], + "summary": "TODO: Is this the best endpoint for this?\nCreate a new project token.", + "operationId": "CreateTokenPolicy", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/projectProjectTokenPolicyCreateRequest" + } + } + ], + "responses": { + "200": { + "description": "(empty)", + "schema": { + "$ref": "#/definitions/projectProjectTokenPolicyCreateResponse" + } + } + } + } + }, "/api/v1/projects/{name}": { "get": { "tags": [ @@ -1335,6 +1389,50 @@ } } }, + "projectProjectTokenCreateRequest": { + "description": "ProjectTokenCreateRequest defines project token creation parameters.", + "type": "object", + "properties": { + "project": { + "$ref": "#/definitions/v1alpha1AppProject" + }, + "token": { + "$ref": "#/definitions/v1alpha1ProjectToken" + } + } + }, + "projectProjectTokenPolicyCreateRequest": { + "type": "object", + "properties": { + "action": { + "type": "string" + }, + "object": { + "type": "string" + }, + "permission": { + "type": "string" + }, + "project": { + "$ref": "#/definitions/v1alpha1AppProject" + }, + "token": { + "type": "string" + } + } + }, + "projectProjectTokenPolicyCreateResponse": { + "type": "object" + }, + "projectProjectTokenResponse": { + "description": "ProjectTokenResponse wraps the created token or returns an empty string if deleted.", + "type": "object", + "properties": { + "token": { + "type": "string" + } + } + }, "projectProjectUpdateRequest": { "type": "object", "properties": { @@ -1487,6 +1585,9 @@ "password": { "type": "string" }, + "project": { + "type": "string" + }, "token": { "type": "string" }, @@ -1882,6 +1983,12 @@ "items": { "type": "string" } + }, + "tokens": { + "type": "array", + "items": { + "$ref": "#/definitions/v1alpha1ProjectToken" + } } } }, @@ -2259,6 +2366,25 @@ } } }, + "v1alpha1ProjectToken": { + "type": "object", + "title": "ProjectToken TODO: Check if everything should be capitalized\nProjectToken contains metadata of a token for a project", + "properties": { + "name": { + "type": "string" + }, + "policies": { + "type": "array", + "items": { + "type": "string" + } + }, + "validUntil": { + "type": "string", + "format": "int64" + } + } + }, "v1alpha1Repository": { "type": "object", "title": "Repository is a Git repository holding application configurations", diff --git a/util/rbac/builtin-policy.csv b/util/rbac/builtin-policy.csv index 7acad3faf9d44..1a008c8b025f4 100644 --- a/util/rbac/builtin-policy.csv +++ b/util/rbac/builtin-policy.csv @@ -33,5 +33,6 @@ p, role:admin, projects, create, *, allow p, role:admin, projects, update, *, allow p, role:admin, projects, delete, *, allow + g, role:admin, role:readonly g, admin, role:admin diff --git a/util/rbac/rbac.go b/util/rbac/rbac.go index 0f45e3f32d565..fe4922809c1ad 100644 --- a/util/rbac/rbac.go +++ b/util/rbac/rbac.go @@ -3,6 +3,7 @@ package rbac import ( "context" "fmt" + "strings" "time" "github.com/casbin/casbin" @@ -19,6 +20,7 @@ import ( "k8s.io/client-go/kubernetes" "k8s.io/client-go/tools/cache" + appclientset "github.com/argoproj/argo-cd/pkg/client/clientset/versioned" jwtutil "github.com/argoproj/argo-cd/util/jwt" ) @@ -45,12 +47,17 @@ type Enforcer struct { defaultRole string builtinPolicy string userDefinedPolicy string + appclientset appclientset.Interface } -func NewEnforcer(clientset kubernetes.Interface, namespace, configmap string, claimsEnforcer ClaimsEnforcerFunc) *Enforcer { +func loadModel() model.Model { box := packr.NewBox(".") modelConf := box.String(builtinModelFile) - model := casbin.NewModel(modelConf) + return casbin.NewModel(modelConf) +} + +func NewEnforcer(clientset kubernetes.Interface, appclientset appclientset.Interface, namespace, configmap string, claimsEnforcer ClaimsEnforcerFunc) *Enforcer { + model := loadModel() adapter := scas.NewAdapter("") enf := casbin.NewEnforcer(model, adapter) enf.EnableLog(false) @@ -62,6 +69,7 @@ func NewEnforcer(clientset kubernetes.Interface, namespace, configmap string, cl configmap: configmap, model: model, claimsEnforcerFunc: claimsEnforcer, + appclientset: appclientset, } } @@ -109,6 +117,7 @@ func (e *Enforcer) defaultEnforceClaims(rvals ...interface{}) bool { } return e.Enforce(rvals...) } + mapClaims, err := jwtutil.MapClaims(claims) if err != nil { vals := append([]interface{}{""}, rvals[1:]...) @@ -122,10 +131,35 @@ func (e *Enforcer) defaultEnforceClaims(rvals ...interface{}) bool { } } user := jwtutil.GetField(mapClaims, "sub") + if strings.HasPrefix(user, "proj:") { + model := loadModel() + tokenPolicies, err := e.getProjectTokenPolices(user) + if err != nil { + return false + } + //TODO: Add verification of created at time + adapter := scas.NewAdapter(tokenPolicies) + enf := casbin.NewEnforcer(model, adapter) + enf.EnableLog(false) + vals := append([]interface{}{user}, rvals[1:]...) + return enf.Enforce(vals...) + + } vals := append([]interface{}{user}, rvals[1:]...) return e.Enforce(vals...) } +//TODO: Add tests for method +func (e *Enforcer) getProjectTokenPolices(user string) (string, error) { + projName := strings.Split(user, ":")[1] + proj, err := e.appclientset.ArgoprojV1alpha1().AppProjects(e.namespace).Get(projName, metav1.GetOptions{}) + if err != nil { + fmt.Print(err) + return "", err + } + return proj.TokenPoliciesString(), nil +} + // SetBuiltinPolicy sets a built-in policy, which augments any user defined policies func (e *Enforcer) SetBuiltinPolicy(policy string) error { e.builtinPolicy = policy diff --git a/util/session/sessionmanager.go b/util/session/sessionmanager.go index 38b627dd1e8a2..805a44c9956ed 100644 --- a/util/session/sessionmanager.go +++ b/util/session/sessionmanager.go @@ -70,6 +70,21 @@ func NewSessionManager(settings *settings.ArgoCDSettings) *SessionManager { return &s } +// CreateToken creates a new token for a given subject (user) and returns it as a string. +func (mgr *SessionManager) CreateToken(subject string, validUntil int64) (string, error) { + // Create a new token object, specifying signing method and the claims + // you would like it to contain. + now := time.Now().Unix() + claims := jwt.StandardClaims{ + ExpiresAt: validUntil, + IssuedAt: now, + Issuer: SessionManagerClaimsIssuer, + NotBefore: now, + Subject: subject, + } + return mgr.signClaims(claims) +} + // Create creates a new token for a given subject (user) and returns it as a string. // Passing a value of `0` for secondsBeforeExpiry creates a token that never expires. func (mgr *SessionManager) Create(subject string, secondsBeforeExpiry int) (string, error) { diff --git a/util/settings/settings.go b/util/settings/settings.go index 5a53ee53a6a72..724c4851d72f5 100644 --- a/util/settings/settings.go +++ b/util/settings/settings.go @@ -123,6 +123,7 @@ func updateSettingsFromSecret(settings *ArgoCDSettings, argoCDSecret *apiv1.Secr settings.AdminPasswordMtime = adminPasswordMtime } } + secretKey, ok := argoCDSecret.Data[settingServerSignatureKey] if !ok { return fmt.Errorf("server secret key not found") @@ -200,6 +201,7 @@ func (mgr *SettingsManager) SaveSettings(settings *ArgoCDSettings) error { } createSecret = true } + argoCDSecret.StringData = make(map[string]string) argoCDSecret.StringData[settingServerSignatureKey] = string(settings.ServerSignature) argoCDSecret.StringData[settingAdminPasswordHashKey] = settings.AdminPasswordHash From 63fecea28aca8beb8ec19fdd14ee7ceeb22b649b Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Sat, 28 Jul 2018 00:17:08 -0700 Subject: [PATCH 02/43] Accept proj tokens based on createdAt time --- cmd/argocd/commands/project.go | 15 +- pkg/apis/application/v1alpha1/generated.pb.go | 330 +++++++++--------- pkg/apis/application/v1alpha1/generated.proto | 2 +- pkg/apis/application/v1alpha1/types.go | 7 +- server/project/project.go | 7 +- server/project/project.pb.go | 131 ++++--- server/project/project.proto | 1 + server/session/session.go | 4 +- server/session/session.pb.go | 95 ++--- server/session/session.proto | 1 - server/swagger.json | 15 +- util/jwt/jwt.go | 10 + util/rbac/rbac.go | 29 +- util/session/sessionmanager.go | 30 +- 14 files changed, 348 insertions(+), 329 deletions(-) diff --git a/cmd/argocd/commands/project.go b/cmd/argocd/commands/project.go index 680a285ec440e..b8e4599ede503 100644 --- a/cmd/argocd/commands/project.go +++ b/cmd/argocd/commands/project.go @@ -2,7 +2,6 @@ package commands import ( "os" - "time" log "github.com/sirupsen/logrus" "github.com/spf13/cobra" @@ -36,6 +35,9 @@ type policyOpts struct { object string } +//Default expiration time to 3 months +const defaultSecondsBeforeExpiry = 60 * 60 * 24 * 3 + func (opts *projectOpts) GetDestinations() []v1alpha1.ApplicationDestination { destinations := make([]v1alpha1.ApplicationDestination, 0) for _, destStr := range opts.destinations { @@ -129,17 +131,18 @@ func NewProjectCreateTokenPolicyCommand(clientOpts *argocdclient.ClientOptions) // NewProjectCreateTokenCommand returns a new instance of an `argocd proj token create` command func NewProjectCreateTokenCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { + var ( + secondsBeforeExpiry int32 + ) var command = &cobra.Command{ //TODO: Change to `token create` - Use: "create-token PROJECT TOKEN-NAME", + Use: "create-token PROJECT TOKEN-NAME [--seconds seconds]", Short: "Create a project token", Run: func(c *cobra.Command, args []string) { if len(args) != 2 { c.HelpFunc()(c, args) os.Exit(1) } - //TODO: Make validUntil configuriable - validUntil := time.Now().Add(time.Hour * 24).Unix() projName := args[0] tokenName := args[1] conn, projIf := argocdclient.NewClientOrDie(clientOpts).NewProjectClientOrDie() @@ -148,7 +151,7 @@ func NewProjectCreateTokenCommand(clientOpts *argocdclient.ClientOptions) *cobra proj, err := projIf.Get(context.Background(), &project.ProjectQuery{Name: projName}) errors.CheckError(err) - token, err := projIf.CreateToken(context.Background(), &project.ProjectTokenCreateRequest{Project: proj, Token: &v1alpha1.ProjectToken{Name: tokenName, ValidUntil: validUntil}}) + token, err := projIf.CreateToken(context.Background(), &project.ProjectTokenCreateRequest{Project: proj, Token: &v1alpha1.ProjectToken{Name: tokenName}, SecondsBeforeExpiry: secondsBeforeExpiry}) errors.CheckError(err) w := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0) //TODO: Clean up message and think about how it should formatted @@ -157,6 +160,8 @@ func NewProjectCreateTokenCommand(clientOpts *argocdclient.ClientOptions) *cobra _ = w.Flush() }, } + command.Flags().Int32VarP(&secondsBeforeExpiry, "secondsBeforeExpiry", "s", defaultSecondsBeforeExpiry, "Number of seconds before the token will expire (Default: 3 months)") + return command } diff --git a/pkg/apis/application/v1alpha1/generated.pb.go b/pkg/apis/application/v1alpha1/generated.pb.go index 35a73b5ac6cca..158799af252c1 100644 --- a/pkg/apis/application/v1alpha1/generated.pb.go +++ b/pkg/apis/application/v1alpha1/generated.pb.go @@ -1236,7 +1236,7 @@ func (m *ProjectToken) MarshalTo(dAtA []byte) (int, error) { } dAtA[i] = 0x18 i++ - i = encodeVarintGenerated(dAtA, i, uint64(m.ValidUntil)) + i = encodeVarintGenerated(dAtA, i, uint64(m.CreatedAt)) return i, nil } @@ -2088,7 +2088,7 @@ func (m *ProjectToken) Size() (n int) { n += 1 + l + sovGenerated(uint64(l)) } } - n += 1 + sovGenerated(uint64(m.ValidUntil)) + n += 1 + sovGenerated(uint64(m.CreatedAt)) return n } @@ -2560,7 +2560,7 @@ func (this *ProjectToken) String() string { s := strings.Join([]string{`&ProjectToken{`, `Name:` + fmt.Sprintf("%v", this.Name) + `,`, `Policies:` + fmt.Sprintf("%v", this.Policies) + `,`, - `ValidUntil:` + fmt.Sprintf("%v", this.ValidUntil) + `,`, + `CreatedAt:` + fmt.Sprintf("%v", this.CreatedAt) + `,`, `}`, }, "") return s @@ -6208,9 +6208,9 @@ func (m *ProjectToken) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 3: if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field ValidUntil", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field CreatedAt", wireType) } - m.ValidUntil = 0 + m.CreatedAt = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowGenerated @@ -6220,7 +6220,7 @@ func (m *ProjectToken) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.ValidUntil |= (int64(b) & 0x7F) << shift + m.CreatedAt |= (int64(b) & 0x7F) << shift if b < 0x80 { break } @@ -8026,163 +8026,163 @@ func init() { } var fileDescriptorGenerated = []byte{ - // 2522 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xd4, 0x59, 0x4b, 0x8c, 0x1c, 0x47, - 0x19, 0x76, 0xcf, 0x63, 0x77, 0xe7, 0x9f, 0x7d, 0xd8, 0x95, 0x07, 0x83, 0x23, 0xed, 0xae, 0x3a, - 0x3c, 0x0c, 0x4a, 0x66, 0xb0, 0x21, 0x10, 0x1e, 0x42, 0xf2, 0xec, 0xc6, 0xf1, 0x66, 0xfd, 0x58, - 0x6a, 0xd6, 0x46, 0x0a, 0x51, 0xa0, 0xdd, 0x53, 0x3b, 0x53, 0x9e, 0x99, 0xee, 0x4e, 0x57, 0xcd, - 0x58, 0x23, 0x11, 0x14, 0x84, 0x90, 0x78, 0x0b, 0x84, 0x10, 0x57, 0x0e, 0x9c, 0x10, 0x12, 0x12, - 0xe2, 0x84, 0xc4, 0x01, 0x0e, 0xc8, 0xc7, 0x1c, 0x40, 0x44, 0x01, 0xad, 0xf0, 0xe6, 0x12, 0x89, - 0x03, 0x67, 0x72, 0x42, 0xf5, 0xe8, 0xae, 0xea, 0x9e, 0x5d, 0x76, 0xed, 0x19, 0x1b, 0xb8, 0x75, - 0xff, 0xff, 0xdf, 0xff, 0xf7, 0xd7, 0x5f, 0x7f, 0xfd, 0x8f, 0x6a, 0xd8, 0xea, 0x50, 0xde, 0x1d, - 0xde, 0xaa, 0xfb, 0xe1, 0xa0, 0xe1, 0xc5, 0x9d, 0x30, 0x8a, 0xc3, 0xdb, 0xf2, 0xe1, 0x59, 0xbf, - 0xdd, 0x88, 0x7a, 0x9d, 0x86, 0x17, 0x51, 0xd6, 0xf0, 0xa2, 0xa8, 0x4f, 0x7d, 0x8f, 0xd3, 0x30, - 0x68, 0x8c, 0xce, 0x7b, 0xfd, 0xa8, 0xeb, 0x9d, 0x6f, 0x74, 0x48, 0x40, 0x62, 0x8f, 0x93, 0x76, - 0x3d, 0x8a, 0x43, 0x1e, 0xa2, 0x4f, 0x1b, 0x55, 0xf5, 0x44, 0x95, 0x7c, 0xf8, 0xb2, 0xdf, 0xae, - 0x47, 0xbd, 0x4e, 0x5d, 0xa8, 0xaa, 0x5b, 0xaa, 0xea, 0x89, 0xaa, 0xb3, 0xcf, 0x5a, 0x56, 0x74, - 0xc2, 0x4e, 0xd8, 0x90, 0x1a, 0x6f, 0x0d, 0xf7, 0xe4, 0x9b, 0x7c, 0x91, 0x4f, 0x0a, 0xe9, 0xec, - 0x27, 0x7a, 0xcf, 0xb3, 0x3a, 0x0d, 0x85, 0x6d, 0x03, 0xcf, 0xef, 0xd2, 0x80, 0xc4, 0x63, 0x63, - 0xec, 0x80, 0x70, 0xaf, 0x31, 0x9a, 0xb0, 0xef, 0x6c, 0xe3, 0xa8, 0xaf, 0xe2, 0x61, 0xc0, 0xe9, - 0x80, 0x4c, 0x7c, 0xf0, 0xc9, 0xe3, 0x3e, 0x60, 0x7e, 0x97, 0x0c, 0xbc, 0x89, 0xef, 0x3e, 0x7e, - 0xd4, 0x77, 0x43, 0x4e, 0xfb, 0x0d, 0x1a, 0x70, 0xc6, 0xe3, 0xfc, 0x47, 0xee, 0x5f, 0x1d, 0x80, - 0x8b, 0x51, 0xb4, 0x13, 0x87, 0xb7, 0x89, 0xcf, 0xd1, 0x57, 0x60, 0x41, 0xac, 0xa3, 0xed, 0x71, - 0xaf, 0xe6, 0xac, 0x3b, 0xe7, 0xaa, 0x17, 0x3e, 0x56, 0x57, 0x6a, 0xeb, 0xb6, 0x5a, 0xe3, 0x57, - 0x21, 0x5d, 0x1f, 0x9d, 0xaf, 0x5f, 0xbf, 0x25, 0xbe, 0xbf, 0x4a, 0xb8, 0xd7, 0x44, 0x77, 0xf7, - 0xd7, 0x4e, 0x1d, 0xec, 0xaf, 0x81, 0xa1, 0xe1, 0x54, 0x2b, 0xea, 0x41, 0x89, 0x45, 0xc4, 0xaf, - 0x15, 0xa4, 0xf6, 0xad, 0xfa, 0x03, 0xef, 0x5e, 0xdd, 0x98, 0xdd, 0x8a, 0x88, 0xdf, 0x5c, 0xd4, - 0xb0, 0x25, 0xf1, 0x86, 0x25, 0x88, 0xfb, 0xb6, 0x03, 0xcb, 0x46, 0xec, 0x0a, 0x65, 0x1c, 0xbd, - 0x32, 0xb1, 0xc2, 0xfa, 0xc9, 0x56, 0x28, 0xbe, 0x96, 0xeb, 0x3b, 0xad, 0x81, 0x16, 0x12, 0x8a, - 0xb5, 0xba, 0xdb, 0x50, 0xa6, 0x9c, 0x0c, 0x58, 0xad, 0xb0, 0x5e, 0x3c, 0x57, 0xbd, 0xf0, 0xc2, - 0x4c, 0x96, 0xd7, 0x5c, 0xd2, 0x88, 0xe5, 0x2d, 0xa1, 0x1b, 0x2b, 0x08, 0xf7, 0x5f, 0x05, 0x7b, - 0x71, 0x62, 0xd5, 0xe8, 0x3c, 0x54, 0x59, 0x38, 0x8c, 0x7d, 0x82, 0x49, 0x14, 0xb2, 0x9a, 0xb3, - 0x5e, 0x3c, 0x57, 0x69, 0xae, 0x1c, 0xec, 0xaf, 0x55, 0x5b, 0x86, 0x8c, 0x6d, 0x19, 0xf4, 0x5d, - 0x07, 0x16, 0xdb, 0x84, 0x71, 0x1a, 0x48, 0xfc, 0xc4, 0xf2, 0x2f, 0x4c, 0x67, 0x79, 0x42, 0xdc, - 0x34, 0x9a, 0x9b, 0x8f, 0xeb, 0x55, 0x2c, 0x5a, 0x44, 0x86, 0x33, 0xe0, 0xe8, 0x39, 0xa8, 0xb6, - 0x09, 0xf3, 0x63, 0x1a, 0x89, 0xf7, 0x5a, 0x71, 0xdd, 0x39, 0x57, 0x69, 0x3e, 0xa6, 0x3f, 0xac, - 0x6e, 0x1a, 0x16, 0xb6, 0xe5, 0x50, 0x08, 0x73, 0x3c, 0xec, 0x91, 0x80, 0xd5, 0x4a, 0xd2, 0xfa, - 0x17, 0xa7, 0xb0, 0x5e, 0xfb, 0x73, 0x57, 0xe8, 0x6b, 0x2e, 0x6b, 0xe8, 0x39, 0xf9, 0xca, 0xb0, - 0x86, 0x71, 0xff, 0x58, 0x84, 0xaa, 0xb5, 0xcc, 0x47, 0x70, 0x6e, 0xfa, 0x99, 0x73, 0xf3, 0xd2, - 0x6c, 0xb6, 0xe7, 0xa8, 0x83, 0x83, 0x38, 0xcc, 0x31, 0xee, 0xf1, 0x21, 0x93, 0x5b, 0x50, 0xbd, - 0x70, 0x65, 0x46, 0x78, 0x52, 0xa7, 0xf1, 0xaa, 0x7a, 0xc7, 0x1a, 0x0b, 0xbd, 0x06, 0x95, 0x30, - 0x12, 0xe9, 0x49, 0xec, 0x7d, 0x49, 0x02, 0x6f, 0x4e, 0x01, 0x7c, 0x3d, 0xd1, 0xd5, 0x5c, 0x3a, - 0xd8, 0x5f, 0xab, 0xa4, 0xaf, 0xd8, 0xa0, 0xb8, 0x3e, 0x3c, 0x6e, 0xd9, 0xb7, 0x11, 0x06, 0x6d, - 0x2a, 0x37, 0x74, 0x1d, 0x4a, 0x7c, 0x1c, 0x11, 0xb9, 0x99, 0x15, 0xe3, 0xa2, 0xdd, 0x71, 0x44, - 0xb0, 0xe4, 0xa0, 0x8f, 0xc0, 0xfc, 0x80, 0x30, 0xe6, 0x75, 0x88, 0xdc, 0x93, 0x4a, 0x73, 0x45, - 0x0b, 0xcd, 0x5f, 0x55, 0x64, 0x9c, 0xf0, 0xdd, 0xd7, 0xe0, 0xc9, 0xc3, 0xcf, 0x04, 0xfa, 0x10, - 0xcc, 0x31, 0x12, 0x8f, 0x48, 0xac, 0x81, 0x8c, 0x67, 0x24, 0x15, 0x6b, 0x2e, 0x6a, 0x40, 0x25, - 0xf0, 0x06, 0x84, 0x45, 0x9e, 0x9f, 0xc0, 0x9d, 0xd1, 0xa2, 0x95, 0x6b, 0x09, 0x03, 0x1b, 0x19, - 0xf7, 0x6f, 0x0e, 0xac, 0x58, 0x98, 0x8f, 0x20, 0xf5, 0xf5, 0xb2, 0xa9, 0xef, 0xd2, 0x6c, 0x22, - 0xe6, 0x88, 0xdc, 0xf7, 0xfb, 0x22, 0x9c, 0xb1, 0xe3, 0x4a, 0x26, 0x34, 0xb1, 0x25, 0x31, 0x89, - 0xc2, 0x1b, 0xf8, 0x8a, 0x76, 0x67, 0xba, 0x25, 0x58, 0x91, 0x71, 0xc2, 0x17, 0xfb, 0x1b, 0x79, - 0xbc, 0xab, 0x7d, 0x99, 0xee, 0xef, 0x8e, 0xc7, 0xbb, 0x58, 0x72, 0x44, 0x2a, 0x22, 0xc1, 0x88, - 0xc6, 0x61, 0x30, 0x20, 0x01, 0xcf, 0xa7, 0xa2, 0x17, 0x0c, 0x0b, 0xdb, 0x72, 0xe8, 0xf3, 0xb0, - 0xcc, 0xbd, 0xb8, 0x43, 0x38, 0x26, 0x23, 0xca, 0x92, 0x40, 0xae, 0x34, 0x9f, 0xd4, 0x5f, 0x2e, - 0xef, 0x66, 0xb8, 0x38, 0x27, 0x8d, 0x7e, 0xe3, 0xc0, 0x53, 0x7e, 0x38, 0x88, 0xc2, 0x80, 0x04, - 0x7c, 0xc7, 0x8b, 0xbd, 0x01, 0xe1, 0x24, 0xbe, 0x3e, 0x22, 0x71, 0x4c, 0xdb, 0x84, 0xd5, 0xca, - 0xd2, 0xbb, 0x57, 0xa7, 0xf0, 0xee, 0xc6, 0x84, 0xf6, 0xe6, 0xd3, 0xda, 0xb8, 0xa7, 0x36, 0x8e, - 0x46, 0xc6, 0xff, 0xc9, 0x2c, 0x51, 0x79, 0x46, 0x5e, 0x7f, 0x48, 0xd8, 0x25, 0xda, 0x27, 0xac, - 0x36, 0x67, 0x2a, 0xcf, 0x4d, 0x43, 0xc6, 0xb6, 0x8c, 0xfb, 0xbb, 0x42, 0x26, 0x44, 0x5b, 0x49, - 0xde, 0x91, 0x7b, 0xa9, 0x03, 0x74, 0x56, 0x79, 0x47, 0xea, 0xb4, 0x4e, 0x97, 0x2a, 0x80, 0x1a, - 0x0b, 0x7d, 0xcb, 0x91, 0x65, 0x27, 0x39, 0x95, 0x3a, 0xc7, 0x3e, 0x84, 0x12, 0x68, 0x57, 0xb2, - 0x84, 0x88, 0x6d, 0x68, 0x11, 0xc2, 0x91, 0x2a, 0x40, 0x3a, 0xe2, 0xd2, 0x10, 0xd6, 0x75, 0x09, - 0x27, 0x7c, 0xf7, 0x67, 0x73, 0xd9, 0x33, 0xa0, 0x72, 0xe8, 0x8f, 0x1c, 0x38, 0x2d, 0x36, 0xca, - 0x8b, 0x29, 0x0b, 0x03, 0x4c, 0xd8, 0xb0, 0xcf, 0xb5, 0x33, 0xb7, 0xa7, 0x0c, 0x1a, 0x5b, 0x65, - 0xb3, 0xa6, 0xed, 0x3a, 0x9d, 0xe7, 0xe0, 0x09, 0x78, 0xc4, 0x61, 0xbe, 0x4b, 0x19, 0x0f, 0xe3, - 0xb1, 0x4e, 0x0e, 0xd3, 0xb4, 0x7d, 0x9b, 0x24, 0xea, 0x87, 0x63, 0x71, 0xd6, 0xb6, 0x82, 0xbd, - 0xd0, 0xf8, 0xe7, 0xb2, 0x42, 0xc0, 0x09, 0x14, 0xfa, 0xba, 0x03, 0x10, 0x25, 0x91, 0x2a, 0x0a, - 0xd9, 0x43, 0x38, 0x38, 0x69, 0xcd, 0x4e, 0x49, 0x0c, 0x5b, 0xa0, 0xa2, 0x31, 0xe9, 0x12, 0xaf, - 0xcf, 0xbb, 0xba, 0x9c, 0x4d, 0xd3, 0x98, 0x5c, 0x96, 0x8a, 0xf2, 0x25, 0x54, 0x51, 0xb1, 0x86, - 0x41, 0xdf, 0x74, 0x60, 0x39, 0xad, 0x6e, 0x42, 0x96, 0xd4, 0xca, 0x53, 0x77, 0xda, 0xd7, 0x33, - 0x0a, 0x9b, 0x48, 0xa4, 0xb1, 0x2c, 0x0d, 0xe7, 0x40, 0xd1, 0x37, 0x1c, 0x00, 0x3f, 0xa9, 0xa6, - 0x2a, 0x1f, 0x54, 0x2f, 0x5c, 0x9f, 0xcd, 0x89, 0x4a, 0xab, 0xb4, 0x71, 0x7f, 0x4a, 0x62, 0xd8, - 0x82, 0x75, 0xdf, 0x71, 0xe0, 0x09, 0xeb, 0xc3, 0x2f, 0x7a, 0xdc, 0xef, 0xbe, 0x30, 0x12, 0x69, - 0x7a, 0x3b, 0x53, 0xdf, 0x3f, 0x65, 0xd7, 0xf7, 0xf7, 0xf6, 0xd7, 0x3e, 0x7c, 0xd4, 0x28, 0x75, - 0x47, 0x68, 0xa8, 0x4b, 0x15, 0x56, 0x2b, 0xf0, 0x3a, 0x54, 0x2d, 0x9b, 0x75, 0xfa, 0x98, 0x55, - 0x01, 0x4c, 0x73, 0x86, 0x45, 0xc4, 0x36, 0x9e, 0xfb, 0xe7, 0x02, 0xcc, 0x6f, 0xf4, 0x87, 0x8c, - 0x93, 0xf8, 0xc4, 0x0d, 0xc5, 0x3a, 0x94, 0x44, 0xb3, 0x90, 0xaf, 0x7f, 0xa2, 0x97, 0xc0, 0x92, - 0x83, 0x22, 0x98, 0xf3, 0xc3, 0x60, 0x8f, 0x76, 0x74, 0x0b, 0x78, 0x79, 0x9a, 0x93, 0xa3, 0xac, - 0xdb, 0x90, 0xfa, 0x8c, 0x4d, 0xea, 0x1d, 0x6b, 0x1c, 0xf4, 0x7d, 0x07, 0x56, 0xfc, 0x30, 0x08, - 0x88, 0x6f, 0x82, 0xb7, 0x34, 0x75, 0xbb, 0xbb, 0x91, 0xd5, 0xd8, 0x7c, 0x9f, 0x46, 0x5f, 0xc9, - 0x31, 0x70, 0x1e, 0xdb, 0xfd, 0x75, 0x01, 0x96, 0x32, 0x96, 0xa3, 0x67, 0x60, 0x61, 0xc8, 0x48, - 0x2c, 0x3d, 0xa7, 0xfc, 0x9b, 0x76, 0x44, 0x37, 0x34, 0x1d, 0xa7, 0x12, 0x42, 0x3a, 0xf2, 0x18, - 0xbb, 0x13, 0xc6, 0x6d, 0xed, 0xe7, 0x54, 0x7a, 0x47, 0xd3, 0x71, 0x2a, 0x21, 0xfa, 0x8d, 0x5b, - 0xc4, 0x8b, 0x49, 0x2c, 0x47, 0x8d, 0x7c, 0xbf, 0xd1, 0x34, 0x2c, 0x6c, 0xcb, 0x49, 0xa7, 0xf1, - 0x3e, 0xdb, 0xe8, 0x53, 0x12, 0x70, 0x65, 0xe6, 0x0c, 0x9c, 0xb6, 0x7b, 0xa5, 0x65, 0x6b, 0x34, - 0x4e, 0xcb, 0x31, 0x70, 0x1e, 0xdb, 0xfd, 0x93, 0x03, 0x55, 0xed, 0xb4, 0x47, 0xd0, 0x74, 0x76, - 0xb2, 0x4d, 0x67, 0x73, 0xfa, 0x18, 0x3d, 0xa2, 0xe1, 0xfc, 0x65, 0x11, 0x26, 0x2a, 0x1d, 0x7a, - 0x55, 0xe4, 0x38, 0x41, 0x23, 0xed, 0x8b, 0x49, 0x91, 0xfd, 0xe8, 0xc9, 0x56, 0xb7, 0x4b, 0x07, - 0xc4, 0x4e, 0x5f, 0x89, 0x16, 0x6c, 0x69, 0x44, 0x6f, 0x38, 0x06, 0x60, 0x37, 0xd4, 0x79, 0x65, - 0xb6, 0x2d, 0xd1, 0x84, 0x09, 0xbb, 0x21, 0xb6, 0x30, 0xd1, 0x67, 0xd2, 0x41, 0xb0, 0x2c, 0x03, - 0xd2, 0xcd, 0x8e, 0x6e, 0xef, 0x65, 0x1a, 0x80, 0xdc, 0x38, 0x37, 0x86, 0x4a, 0x4c, 0x54, 0x8b, - 0x95, 0x54, 0x80, 0x69, 0x92, 0x08, 0xd6, 0xba, 0xd4, 0x31, 0x4e, 0xc7, 0x9f, 0x84, 0xcc, 0xb0, - 0x41, 0x73, 0xbf, 0xe7, 0x00, 0x9a, 0x2c, 0xd7, 0x62, 0x8c, 0x4a, 0x9b, 0x58, 0x7d, 0x80, 0x53, - 0x3d, 0xa9, 0x38, 0x36, 0x32, 0x27, 0x48, 0x93, 0x4f, 0x43, 0x59, 0x36, 0xb5, 0xfa, 0xc0, 0xa6, - 0xd1, 0x23, 0xdb, 0x5e, 0xac, 0x78, 0xee, 0x1f, 0x1c, 0xc8, 0xa7, 0x1b, 0x99, 0xa9, 0x95, 0x67, - 0xf3, 0x99, 0x3a, 0xeb, 0xc5, 0x93, 0xcf, 0x99, 0xe8, 0x15, 0xa8, 0x7a, 0x9c, 0x93, 0x41, 0xc4, - 0x65, 0x40, 0x16, 0xef, 0x3b, 0x20, 0x97, 0x45, 0x24, 0x5c, 0x0d, 0xdb, 0x74, 0x8f, 0xca, 0x60, - 0xb4, 0xd5, 0xb9, 0xef, 0x16, 0x61, 0x39, 0xdb, 0x7c, 0xa1, 0x21, 0xcc, 0xc9, 0x66, 0x47, 0x5d, - 0x35, 0xcd, 0xbc, 0xbb, 0x4a, 0x5d, 0x22, 0x49, 0x0c, 0x6b, 0x30, 0x91, 0x58, 0xe3, 0x64, 0xba, - 0xca, 0x25, 0xd6, 0x74, 0xae, 0x4a, 0x25, 0x8e, 0x9d, 0xa8, 0x8a, 0xff, 0x9b, 0x13, 0xd5, 0xab, - 0x00, 0x6d, 0xe9, 0x6d, 0xb9, 0x97, 0xa5, 0x07, 0x4f, 0x2e, 0x9b, 0xa9, 0x16, 0x6c, 0x69, 0x44, - 0x67, 0xa1, 0x40, 0xdb, 0xf2, 0x54, 0x17, 0x9b, 0xa0, 0x65, 0x0b, 0x5b, 0x9b, 0xb8, 0x40, 0xdb, - 0x2e, 0x83, 0x45, 0xbb, 0xdb, 0x3c, 0x71, 0xac, 0x7e, 0x16, 0x96, 0xd4, 0xd3, 0x26, 0xe1, 0x1e, - 0xed, 0x33, 0xbd, 0x3b, 0x4f, 0x68, 0xf1, 0xa5, 0x96, 0xcd, 0xc4, 0x59, 0x59, 0xf7, 0xa7, 0x05, - 0x80, 0xcb, 0x61, 0xd8, 0xd3, 0x98, 0xc9, 0xd1, 0x73, 0x8e, 0x3c, 0x7a, 0xeb, 0x50, 0xea, 0xd1, - 0xa0, 0x9d, 0x3f, 0x9c, 0xdb, 0x34, 0x68, 0x63, 0xc9, 0x41, 0x17, 0x00, 0xbc, 0x88, 0xde, 0x24, - 0x31, 0x33, 0xb7, 0x89, 0xa9, 0x5f, 0x2e, 0xee, 0x6c, 0x69, 0x0e, 0xb6, 0xa4, 0xd0, 0x33, 0xba, - 0x33, 0x54, 0x63, 0x7b, 0x2d, 0xd7, 0x19, 0x2e, 0x08, 0x0b, 0xad, 0xd6, 0xef, 0xf9, 0x5c, 0x7e, - 0x5c, 0x9f, 0xc8, 0x8f, 0xa6, 0x53, 0xde, 0xe9, 0x7a, 0x8c, 0x1c, 0x76, 0xae, 0xe7, 0x8e, 0xb9, - 0x3f, 0xfa, 0x87, 0x03, 0xe6, 0xf6, 0x0a, 0xed, 0x41, 0x89, 0x8d, 0x03, 0x5f, 0xd7, 0x9b, 0x69, - 0x32, 0x6a, 0x6b, 0x1c, 0xf8, 0xe6, 0x92, 0x6c, 0x41, 0xde, 0x01, 0x8e, 0x03, 0x1f, 0x4b, 0xfd, - 0x68, 0x04, 0x0b, 0x71, 0xd8, 0xef, 0xdf, 0xf2, 0xfc, 0xde, 0x0c, 0x4a, 0x0f, 0xd6, 0xaa, 0x0c, - 0xde, 0xa2, 0x3c, 0xaf, 0x9a, 0x8c, 0x53, 0x2c, 0xf7, 0x57, 0x65, 0xc8, 0x4d, 0x17, 0x68, 0x68, - 0x5f, 0x0c, 0x3a, 0x33, 0xbc, 0x18, 0x4c, 0xb3, 0xff, 0x61, 0x97, 0x83, 0xe8, 0x39, 0x28, 0x47, - 0x62, 0xcf, 0x74, 0x84, 0xad, 0x25, 0xb9, 0x5d, 0x6e, 0xe4, 0x21, 0x5b, 0xab, 0xa4, 0xed, 0x9d, - 0x2d, 0x1e, 0x93, 0xb1, 0xbf, 0x06, 0x20, 0x7c, 0xad, 0xc7, 0x74, 0x75, 0xc8, 0xaf, 0xcd, 0x6a, - 0x47, 0xf5, 0xa4, 0x2e, 0x93, 0x7a, 0x2b, 0x45, 0xc1, 0x16, 0x22, 0xfa, 0x8e, 0x03, 0xcb, 0x89, - 0xe3, 0xb5, 0x11, 0xe5, 0x87, 0x62, 0x84, 0x9c, 0x19, 0x71, 0x06, 0x09, 0xe7, 0x90, 0xd1, 0x97, - 0xa0, 0xc2, 0xb8, 0x17, 0xab, 0xe2, 0x35, 0x77, 0xdf, 0x09, 0x2f, 0xdd, 0xcb, 0x56, 0xa2, 0x04, - 0x1b, 0x7d, 0xe8, 0x65, 0x80, 0x3d, 0x1a, 0x50, 0xd6, 0x95, 0xda, 0xe7, 0x1f, 0xac, 0x34, 0x5e, - 0x4a, 0x35, 0x60, 0x4b, 0x9b, 0xfb, 0x03, 0x07, 0x16, 0xed, 0xdf, 0x06, 0x27, 0xc8, 0x5d, 0xe7, - 0x60, 0x21, 0x0a, 0xfb, 0xd4, 0xa7, 0x44, 0xf5, 0xae, 0x15, 0x75, 0x1c, 0x76, 0x34, 0x0d, 0xa7, - 0x5c, 0x91, 0xc3, 0x46, 0x5e, 0x9f, 0xb6, 0x6f, 0x04, 0x9c, 0xf6, 0x65, 0x40, 0x15, 0x4d, 0x0e, - 0xbb, 0x99, 0x72, 0xb0, 0x25, 0xe5, 0xfe, 0xa5, 0x00, 0x20, 0x7f, 0xef, 0x50, 0x79, 0x13, 0xb2, - 0x0e, 0xa5, 0x98, 0x44, 0x61, 0xde, 0x1c, 0x21, 0x81, 0x25, 0x27, 0x33, 0xd8, 0x14, 0xee, 0x6b, - 0xb0, 0x29, 0x1e, 0x3b, 0xd8, 0x88, 0xa2, 0xc0, 0xba, 0x3b, 0x31, 0x1d, 0x79, 0x9c, 0x6c, 0x93, - 0xb1, 0xce, 0xac, 0xa6, 0x28, 0xb4, 0x2e, 0x1b, 0x26, 0xce, 0xca, 0x1e, 0x3a, 0x13, 0x96, 0xff, - 0x8b, 0x33, 0xe1, 0xdb, 0x0e, 0x2c, 0x1b, 0xcf, 0xfe, 0x7f, 0xfd, 0x51, 0x34, 0x76, 0x1f, 0x31, - 0xe4, 0xfc, 0xd3, 0x81, 0x95, 0xa4, 0x9d, 0xd6, 0x55, 0x79, 0x26, 0x65, 0x38, 0xf3, 0xf7, 0xa2, - 0x78, 0xfc, 0xdf, 0x0b, 0x3b, 0x83, 0x96, 0x8e, 0xc9, 0xa0, 0x9f, 0xcb, 0x15, 0xe0, 0x0f, 0x4c, - 0x14, 0x60, 0x94, 0x0e, 0x0e, 0xe3, 0xc0, 0xcf, 0x36, 0x2c, 0xee, 0x2f, 0x1c, 0x58, 0x4c, 0xd8, - 0xd7, 0xc2, 0xb6, 0x6c, 0xe7, 0x99, 0x0c, 0x32, 0x27, 0xdb, 0xce, 0xab, 0x70, 0x50, 0x3c, 0x34, - 0x84, 0x05, 0xbf, 0x4b, 0xfb, 0xed, 0x98, 0x04, 0x7a, 0x5b, 0x5e, 0x9c, 0xc1, 0x5c, 0x23, 0xf0, - 0x4d, 0x28, 0x6c, 0x68, 0x00, 0x9c, 0x42, 0xb9, 0xbf, 0x2d, 0xc2, 0x52, 0x66, 0x08, 0x42, 0xcf, - 0x41, 0x55, 0xfd, 0x3e, 0x68, 0x59, 0x36, 0xa7, 0x77, 0x06, 0xbb, 0x86, 0x85, 0x6d, 0x39, 0xb1, - 0x1f, 0x7d, 0x3a, 0x52, 0x3a, 0xf2, 0x7f, 0x93, 0xae, 0x24, 0x0c, 0x6c, 0x64, 0xac, 0x29, 0xb0, - 0x78, 0xdf, 0x53, 0xe0, 0x8f, 0x1d, 0x40, 0x72, 0x09, 0x42, 0x73, 0x3a, 0xac, 0xcd, 0xe0, 0x47, - 0x6d, 0xc6, 0x6f, 0x67, 0xb5, 0x45, 0x68, 0x63, 0x02, 0x0a, 0x1f, 0x02, 0x6f, 0x5d, 0xcc, 0x96, - 0x1f, 0xc9, 0xc5, 0xac, 0xfb, 0x55, 0x38, 0x33, 0xd1, 0x02, 0xe9, 0x1e, 0xdc, 0x39, 0xac, 0x07, - 0x17, 0x91, 0x18, 0xc5, 0xc3, 0x40, 0x6d, 0xd0, 0x82, 0x89, 0xc4, 0x1d, 0x41, 0xc4, 0x8a, 0x27, - 0x1a, 0xf3, 0x76, 0x3c, 0xc6, 0x43, 0xd5, 0xdc, 0x2e, 0x18, 0xf4, 0x4d, 0x49, 0xc5, 0x9a, 0xeb, - 0x7e, 0xbb, 0x00, 0x4b, 0x99, 0xb2, 0x9c, 0x99, 0xa1, 0x9c, 0x63, 0x67, 0xa8, 0x59, 0x1a, 0x83, - 0x5e, 0x87, 0x45, 0x26, 0x8f, 0x62, 0xec, 0x71, 0xd2, 0x19, 0xcf, 0xe0, 0x6a, 0xbc, 0x65, 0xa9, - 0x6b, 0x9e, 0x3e, 0xd8, 0x5f, 0x5b, 0xb4, 0x29, 0x38, 0x03, 0xe7, 0xfe, 0xbc, 0x00, 0x8f, 0x1d, - 0xd2, 0xa2, 0xa0, 0x3b, 0xf6, 0x75, 0x85, 0x9a, 0x67, 0x5f, 0x9a, 0x41, 0x78, 0xea, 0x44, 0xaa, - 0xfe, 0x41, 0x1f, 0x76, 0x59, 0x71, 0x9f, 0xe3, 0xec, 0x1e, 0x94, 0xbb, 0x61, 0xd8, 0x4b, 0xe6, - 0xd6, 0x69, 0x0a, 0x82, 0x99, 0xb6, 0x9a, 0x15, 0xb1, 0x9b, 0xe2, 0x9d, 0x61, 0xa5, 0xde, 0x7d, - 0xd7, 0x81, 0x8c, 0x17, 0xd1, 0x00, 0xca, 0x42, 0xcb, 0x78, 0x06, 0xbf, 0xe6, 0x6c, 0xbd, 0x17, - 0x85, 0x4e, 0x85, 0x2f, 0x1f, 0xb1, 0x42, 0x41, 0x14, 0x4a, 0xc2, 0x10, 0x3d, 0x7a, 0x6c, 0xcf, - 0x08, 0x4d, 0x2c, 0x51, 0x4d, 0x3a, 0xe2, 0x09, 0x4b, 0x08, 0xf7, 0x79, 0x38, 0x33, 0x61, 0x91, - 0x08, 0xf9, 0xbd, 0x30, 0xf9, 0x13, 0x69, 0x85, 0xfc, 0x25, 0x41, 0xc4, 0x8a, 0x27, 0xea, 0xc7, - 0xe9, 0xbc, 0x7a, 0xf4, 0x13, 0x07, 0xce, 0xb0, 0xbc, 0xbe, 0x87, 0xe2, 0xb5, 0xf7, 0x6b, 0xa3, - 0x26, 0xcd, 0xc7, 0x93, 0x16, 0x88, 0x1d, 0xcd, 0xdf, 0xdf, 0x8a, 0xd8, 0xa3, 0x01, 0x23, 0xfe, - 0x30, 0x4e, 0x16, 0x9a, 0xc6, 0xde, 0x96, 0xa6, 0xe3, 0x54, 0x42, 0xf4, 0xa2, 0xea, 0xff, 0xc1, - 0x35, 0xd3, 0x28, 0xa6, 0xbd, 0x68, 0x2b, 0xe5, 0x60, 0x4b, 0x4a, 0x74, 0xba, 0x3e, 0x89, 0xf9, - 0xa6, 0x68, 0x8f, 0x44, 0x5e, 0x58, 0x54, 0x9d, 0xee, 0x86, 0xa6, 0xe1, 0x94, 0x8b, 0x3e, 0x08, - 0xf3, 0x3d, 0x32, 0x96, 0x82, 0x25, 0x29, 0x58, 0x15, 0x15, 0x7f, 0x5b, 0x91, 0x70, 0xc2, 0x43, - 0x2e, 0xcc, 0xf9, 0x9e, 0x94, 0x2a, 0x4b, 0x29, 0x90, 0xbf, 0x12, 0x2e, 0x4a, 0x21, 0xcd, 0x69, - 0xd6, 0xef, 0xde, 0x5b, 0x3d, 0xf5, 0xe6, 0xbd, 0xd5, 0x53, 0x6f, 0xdd, 0x5b, 0x3d, 0xf5, 0xc6, - 0xc1, 0xaa, 0x73, 0xf7, 0x60, 0xd5, 0x79, 0xf3, 0x60, 0xd5, 0x79, 0xeb, 0x60, 0xd5, 0xf9, 0xfb, - 0xc1, 0xaa, 0xf3, 0xc3, 0x77, 0x56, 0x4f, 0xbd, 0xbc, 0x90, 0xb8, 0xf6, 0xdf, 0x01, 0x00, 0x00, - 0xff, 0xff, 0xfb, 0x93, 0x3c, 0x8f, 0x90, 0x28, 0x00, 0x00, + // 2515 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xd4, 0x59, 0x4d, 0x8c, 0x1c, 0x47, + 0x15, 0x76, 0xcf, 0xdf, 0xce, 0xbc, 0xd9, 0x1f, 0xbb, 0xf2, 0xc3, 0xe0, 0x48, 0xbb, 0xab, 0x0e, + 0x3f, 0x06, 0x25, 0x33, 0xd8, 0x10, 0x30, 0x3f, 0x42, 0xf2, 0xec, 0xda, 0xf1, 0x66, 0xfd, 0xb3, + 0xd4, 0x6c, 0x82, 0x14, 0xa2, 0x40, 0xbb, 0xa7, 0x76, 0xa6, 0x3d, 0x33, 0xdd, 0x9d, 0xae, 0x9a, + 0xb1, 0x46, 0x22, 0x28, 0x08, 0x21, 0x01, 0x01, 0x09, 0x84, 0x10, 0x57, 0x0e, 0x9c, 0x10, 0x12, + 0x12, 0xe2, 0x84, 0xc4, 0x01, 0x0e, 0xc8, 0xc7, 0x1c, 0x40, 0x44, 0x01, 0xad, 0xf0, 0xe6, 0x12, + 0x89, 0x03, 0x67, 0x72, 0x42, 0xf5, 0xd3, 0x5d, 0xd5, 0x3d, 0xbb, 0xec, 0xda, 0xd3, 0x36, 0x70, + 0xeb, 0x7e, 0xef, 0xf5, 0xfb, 0x5e, 0xbd, 0x7a, 0xf5, 0x7e, 0xaa, 0x61, 0xab, 0xe7, 0xb1, 0xfe, + 0xf8, 0x56, 0xd3, 0x0d, 0x46, 0x2d, 0x27, 0xea, 0x05, 0x61, 0x14, 0xdc, 0x16, 0x0f, 0xcf, 0xba, + 0xdd, 0x56, 0x38, 0xe8, 0xb5, 0x9c, 0xd0, 0xa3, 0x2d, 0x27, 0x0c, 0x87, 0x9e, 0xeb, 0x30, 0x2f, + 0xf0, 0x5b, 0x93, 0xf3, 0xce, 0x30, 0xec, 0x3b, 0xe7, 0x5b, 0x3d, 0xe2, 0x93, 0xc8, 0x61, 0xa4, + 0xdb, 0x0c, 0xa3, 0x80, 0x05, 0xe8, 0xb3, 0x5a, 0x55, 0x33, 0x56, 0x25, 0x1e, 0xbe, 0xea, 0x76, + 0x9b, 0xe1, 0xa0, 0xd7, 0xe4, 0xaa, 0x9a, 0x86, 0xaa, 0x66, 0xac, 0xea, 0xec, 0xb3, 0x86, 0x15, + 0xbd, 0xa0, 0x17, 0xb4, 0x84, 0xc6, 0x5b, 0xe3, 0x3d, 0xf1, 0x26, 0x5e, 0xc4, 0x93, 0x44, 0x3a, + 0xfb, 0xa9, 0xc1, 0x45, 0xda, 0xf4, 0x02, 0x6e, 0xdb, 0xc8, 0x71, 0xfb, 0x9e, 0x4f, 0xa2, 0xa9, + 0x36, 0x76, 0x44, 0x98, 0xd3, 0x9a, 0xcc, 0xd8, 0x77, 0xb6, 0x75, 0xd4, 0x57, 0xd1, 0xd8, 0x67, + 0xde, 0x88, 0xcc, 0x7c, 0xf0, 0xe9, 0xe3, 0x3e, 0xa0, 0x6e, 0x9f, 0x8c, 0x9c, 0x99, 0xef, 0x3e, + 0x79, 0xd4, 0x77, 0x63, 0xe6, 0x0d, 0x5b, 0x9e, 0xcf, 0x28, 0x8b, 0xb2, 0x1f, 0xd9, 0x7f, 0xb5, + 0x00, 0x2e, 0x85, 0xe1, 0x4e, 0x14, 0xdc, 0x26, 0x2e, 0x43, 0x5f, 0x83, 0x2a, 0x5f, 0x47, 0xd7, + 0x61, 0x4e, 0xc3, 0x5a, 0xb7, 0xce, 0xd5, 0x2f, 0x7c, 0xa2, 0x29, 0xd5, 0x36, 0x4d, 0xb5, 0xda, + 0xaf, 0x5c, 0xba, 0x39, 0x39, 0xdf, 0xbc, 0x79, 0x8b, 0x7f, 0x7f, 0x9d, 0x30, 0xa7, 0x8d, 0xee, + 0xee, 0xaf, 0x9d, 0x3a, 0xd8, 0x5f, 0x03, 0x4d, 0xc3, 0x89, 0x56, 0x34, 0x80, 0x12, 0x0d, 0x89, + 0xdb, 0x28, 0x08, 0xed, 0x5b, 0xcd, 0x07, 0xde, 0xbd, 0xa6, 0x36, 0xbb, 0x13, 0x12, 0xb7, 0xbd, + 0xa8, 0x60, 0x4b, 0xfc, 0x0d, 0x0b, 0x10, 0xfb, 0x1d, 0x0b, 0x96, 0xb5, 0xd8, 0x35, 0x8f, 0x32, + 0xf4, 0xca, 0xcc, 0x0a, 0x9b, 0x27, 0x5b, 0x21, 0xff, 0x5a, 0xac, 0xef, 0xb4, 0x02, 0xaa, 0xc6, + 0x14, 0x63, 0x75, 0xb7, 0xa1, 0xec, 0x31, 0x32, 0xa2, 0x8d, 0xc2, 0x7a, 0xf1, 0x5c, 0xfd, 0xc2, + 0xe5, 0x5c, 0x96, 0xd7, 0x5e, 0x52, 0x88, 0xe5, 0x2d, 0xae, 0x1b, 0x4b, 0x08, 0xfb, 0x5f, 0x05, + 0x73, 0x71, 0x7c, 0xd5, 0xe8, 0x3c, 0xd4, 0x69, 0x30, 0x8e, 0x5c, 0x82, 0x49, 0x18, 0xd0, 0x86, + 0xb5, 0x5e, 0x3c, 0x57, 0x6b, 0xaf, 0x1c, 0xec, 0xaf, 0xd5, 0x3b, 0x9a, 0x8c, 0x4d, 0x19, 0xf4, + 0xa6, 0x05, 0x8b, 0x5d, 0x42, 0x99, 0xe7, 0x0b, 0xfc, 0xd8, 0xf2, 0x2f, 0xcd, 0x67, 0x79, 0x4c, + 0xdc, 0xd4, 0x9a, 0xdb, 0x8f, 0xab, 0x55, 0x2c, 0x1a, 0x44, 0x8a, 0x53, 0xe0, 0xe8, 0x39, 0xa8, + 0x77, 0x09, 0x75, 0x23, 0x2f, 0xe4, 0xef, 0x8d, 0xe2, 0xba, 0x75, 0xae, 0xd6, 0x7e, 0x4c, 0x7d, + 0x58, 0xdf, 0xd4, 0x2c, 0x6c, 0xca, 0xa1, 0x00, 0x2a, 0x2c, 0x18, 0x10, 0x9f, 0x36, 0x4a, 0xc2, + 0xfa, 0xe7, 0xe7, 0xb0, 0x5e, 0xf9, 0x73, 0x97, 0xeb, 0x6b, 0x2f, 0x2b, 0xe8, 0x8a, 0x78, 0xa5, + 0x58, 0xc1, 0xd8, 0x7f, 0x2c, 0x42, 0xdd, 0x58, 0xe6, 0x23, 0x38, 0x37, 0xc3, 0xd4, 0xb9, 0x79, + 0x21, 0x9f, 0xed, 0x39, 0xea, 0xe0, 0x20, 0x06, 0x15, 0xca, 0x1c, 0x36, 0xa6, 0x62, 0x0b, 0xea, + 0x17, 0xae, 0xe5, 0x84, 0x27, 0x74, 0x6a, 0xaf, 0xca, 0x77, 0xac, 0xb0, 0xd0, 0x6b, 0x50, 0x0b, + 0x42, 0x9e, 0x9e, 0xf8, 0xde, 0x97, 0x04, 0xf0, 0xe6, 0x1c, 0xc0, 0x37, 0x63, 0x5d, 0xed, 0xa5, + 0x83, 0xfd, 0xb5, 0x5a, 0xf2, 0x8a, 0x35, 0x8a, 0xed, 0xc2, 0xe3, 0x86, 0x7d, 0x1b, 0x81, 0xdf, + 0xf5, 0xc4, 0x86, 0xae, 0x43, 0x89, 0x4d, 0x43, 0x22, 0x36, 0xb3, 0xa6, 0x5d, 0xb4, 0x3b, 0x0d, + 0x09, 0x16, 0x1c, 0xf4, 0x31, 0x58, 0x18, 0x11, 0x4a, 0x9d, 0x1e, 0x11, 0x7b, 0x52, 0x6b, 0xaf, + 0x28, 0xa1, 0x85, 0xeb, 0x92, 0x8c, 0x63, 0xbe, 0xfd, 0x1a, 0x3c, 0x79, 0xf8, 0x99, 0x40, 0x1f, + 0x81, 0x0a, 0x25, 0xd1, 0x84, 0x44, 0x0a, 0x48, 0x7b, 0x46, 0x50, 0xb1, 0xe2, 0xa2, 0x16, 0xd4, + 0x7c, 0x67, 0x44, 0x68, 0xe8, 0xb8, 0x31, 0xdc, 0x19, 0x25, 0x5a, 0xbb, 0x11, 0x33, 0xb0, 0x96, + 0xb1, 0xff, 0x66, 0xc1, 0x8a, 0x81, 0xf9, 0x08, 0x52, 0xdf, 0x20, 0x9d, 0xfa, 0xae, 0xe4, 0x13, + 0x31, 0x47, 0xe4, 0xbe, 0xdf, 0x17, 0xe1, 0x8c, 0x19, 0x57, 0x22, 0xa1, 0xf1, 0x2d, 0x89, 0x48, + 0x18, 0xbc, 0x88, 0xaf, 0x29, 0x77, 0x26, 0x5b, 0x82, 0x25, 0x19, 0xc7, 0x7c, 0xbe, 0xbf, 0xa1, + 0xc3, 0xfa, 0xca, 0x97, 0xc9, 0xfe, 0xee, 0x38, 0xac, 0x8f, 0x05, 0x87, 0xa7, 0x22, 0xe2, 0x4f, + 0xbc, 0x28, 0xf0, 0x47, 0xc4, 0x67, 0xd9, 0x54, 0x74, 0x59, 0xb3, 0xb0, 0x29, 0x87, 0xbe, 0x08, + 0xcb, 0xcc, 0x89, 0x7a, 0x84, 0x61, 0x32, 0xf1, 0x68, 0x1c, 0xc8, 0xb5, 0xf6, 0x93, 0xea, 0xcb, + 0xe5, 0xdd, 0x14, 0x17, 0x67, 0xa4, 0xd1, 0x6f, 0x2c, 0x78, 0xca, 0x0d, 0x46, 0x61, 0xe0, 0x13, + 0x9f, 0xed, 0x38, 0x91, 0x33, 0x22, 0x8c, 0x44, 0x37, 0x27, 0x24, 0x8a, 0xbc, 0x2e, 0xa1, 0x8d, + 0xb2, 0xf0, 0xee, 0xf5, 0x39, 0xbc, 0xbb, 0x31, 0xa3, 0xbd, 0xfd, 0xb4, 0x32, 0xee, 0xa9, 0x8d, + 0xa3, 0x91, 0xf1, 0x7f, 0x32, 0x8b, 0x57, 0x9e, 0x89, 0x33, 0x1c, 0x13, 0x7a, 0xc5, 0x1b, 0x12, + 0xda, 0xa8, 0xe8, 0xca, 0xf3, 0x92, 0x26, 0x63, 0x53, 0xc6, 0xfe, 0x5d, 0x21, 0x15, 0xa2, 0x9d, + 0x38, 0xef, 0x88, 0xbd, 0x54, 0x01, 0x9a, 0x57, 0xde, 0x11, 0x3a, 0x8d, 0xd3, 0x25, 0x0b, 0xa0, + 0xc2, 0x42, 0xdf, 0xb1, 0x44, 0xd9, 0x89, 0x4f, 0xa5, 0xca, 0xb1, 0x0f, 0xa1, 0x04, 0x9a, 0x95, + 0x2c, 0x26, 0x62, 0x13, 0x9a, 0x87, 0x70, 0x28, 0x0b, 0x90, 0x8a, 0xb8, 0x24, 0x84, 0x55, 0x5d, + 0xc2, 0x31, 0xdf, 0xfe, 0x59, 0x25, 0x7d, 0x06, 0x64, 0x0e, 0xfd, 0x91, 0x05, 0xa7, 0xf9, 0x46, + 0x39, 0x91, 0x47, 0x03, 0x1f, 0x13, 0x3a, 0x1e, 0x32, 0xe5, 0xcc, 0xed, 0x39, 0x83, 0xc6, 0x54, + 0xd9, 0x6e, 0x28, 0xbb, 0x4e, 0x67, 0x39, 0x78, 0x06, 0x1e, 0x31, 0x58, 0xe8, 0x7b, 0x94, 0x05, + 0xd1, 0x54, 0x25, 0x87, 0x79, 0xda, 0xbe, 0x4d, 0x12, 0x0e, 0x83, 0x29, 0x3f, 0x6b, 0x5b, 0xfe, + 0x5e, 0xa0, 0xfd, 0x73, 0x55, 0x22, 0xe0, 0x18, 0x0a, 0x7d, 0xd3, 0x02, 0x08, 0xe3, 0x48, 0xe5, + 0x85, 0xec, 0x21, 0x1c, 0x9c, 0xa4, 0x66, 0x27, 0x24, 0x8a, 0x0d, 0x50, 0xde, 0x98, 0xf4, 0x89, + 0x33, 0x64, 0x7d, 0x55, 0xce, 0xe6, 0x69, 0x4c, 0xae, 0x0a, 0x45, 0xd9, 0x12, 0x2a, 0xa9, 0x58, + 0xc1, 0xa0, 0x6f, 0x5b, 0xb0, 0x9c, 0x54, 0x37, 0x2e, 0x4b, 0x1a, 0xe5, 0xb9, 0x3b, 0xed, 0x9b, + 0x29, 0x85, 0x6d, 0xc4, 0xd3, 0x58, 0x9a, 0x86, 0x33, 0xa0, 0xe8, 0x5b, 0x16, 0x80, 0x1b, 0x57, + 0x53, 0x99, 0x0f, 0xea, 0x17, 0x6e, 0xe6, 0x73, 0xa2, 0x92, 0x2a, 0xad, 0xdd, 0x9f, 0x90, 0x28, + 0x36, 0x60, 0xed, 0x77, 0x2d, 0x78, 0xc2, 0xf8, 0xf0, 0xcb, 0x0e, 0x73, 0xfb, 0x97, 0x27, 0x3c, + 0x4d, 0x6f, 0xa7, 0xea, 0xfb, 0x67, 0xcc, 0xfa, 0xfe, 0xfe, 0xfe, 0xda, 0x47, 0x8f, 0x1a, 0xa5, + 0xee, 0x70, 0x0d, 0x4d, 0xa1, 0xc2, 0x68, 0x05, 0x5e, 0x87, 0xba, 0x61, 0xb3, 0x4a, 0x1f, 0x79, + 0x15, 0xc0, 0x24, 0x67, 0x18, 0x44, 0x6c, 0xe2, 0xd9, 0x7f, 0x2e, 0xc0, 0xc2, 0xc6, 0x70, 0x4c, + 0x19, 0x89, 0x4e, 0xdc, 0x50, 0xac, 0x43, 0x89, 0x37, 0x0b, 0xd9, 0xfa, 0xc7, 0x7b, 0x09, 0x2c, + 0x38, 0x28, 0x84, 0x8a, 0x1b, 0xf8, 0x7b, 0x5e, 0x4f, 0xb5, 0x80, 0x57, 0xe7, 0x39, 0x39, 0xd2, + 0xba, 0x0d, 0xa1, 0x4f, 0xdb, 0x24, 0xdf, 0xb1, 0xc2, 0x41, 0x3f, 0xb0, 0x60, 0xc5, 0x0d, 0x7c, + 0x9f, 0xb8, 0x3a, 0x78, 0x4b, 0x73, 0xb7, 0xbb, 0x1b, 0x69, 0x8d, 0xed, 0x0f, 0x28, 0xf4, 0x95, + 0x0c, 0x03, 0x67, 0xb1, 0xed, 0x5f, 0x17, 0x60, 0x29, 0x65, 0x39, 0x7a, 0x06, 0xaa, 0x63, 0x4a, + 0x22, 0xe1, 0x39, 0xe9, 0xdf, 0xa4, 0x23, 0x7a, 0x51, 0xd1, 0x71, 0x22, 0xc1, 0xa5, 0x43, 0x87, + 0xd2, 0x3b, 0x41, 0xd4, 0x55, 0x7e, 0x4e, 0xa4, 0x77, 0x14, 0x1d, 0x27, 0x12, 0xbc, 0xdf, 0xb8, + 0x45, 0x9c, 0x88, 0x44, 0x62, 0xd4, 0xc8, 0xf6, 0x1b, 0x6d, 0xcd, 0xc2, 0xa6, 0x9c, 0x70, 0x1a, + 0x1b, 0xd2, 0x8d, 0xa1, 0x47, 0x7c, 0x26, 0xcd, 0xcc, 0xc1, 0x69, 0xbb, 0xd7, 0x3a, 0xa6, 0x46, + 0xed, 0xb4, 0x0c, 0x03, 0x67, 0xb1, 0xed, 0x3f, 0x59, 0x50, 0x57, 0x4e, 0x7b, 0x04, 0x4d, 0x67, + 0x2f, 0xdd, 0x74, 0xb6, 0xe7, 0x8f, 0xd1, 0x23, 0x1a, 0xce, 0x5f, 0x16, 0x61, 0xa6, 0xd2, 0xa1, + 0x57, 0x79, 0x8e, 0xe3, 0x34, 0xd2, 0xbd, 0x14, 0x17, 0xd9, 0x8f, 0x9f, 0x6c, 0x75, 0xbb, 0xde, + 0x88, 0x98, 0xe9, 0x2b, 0xd6, 0x82, 0x0d, 0x8d, 0xe8, 0x0d, 0x4b, 0x03, 0xec, 0x06, 0x2a, 0xaf, + 0xe4, 0xdb, 0x12, 0xcd, 0x98, 0xb0, 0x1b, 0x60, 0x03, 0x13, 0x7d, 0x2e, 0x19, 0x04, 0xcb, 0x22, + 0x20, 0xed, 0xf4, 0xe8, 0xf6, 0x7e, 0xaa, 0x01, 0xc8, 0x8c, 0x73, 0x53, 0xa8, 0x45, 0x44, 0xb6, + 0x58, 0x71, 0x05, 0x98, 0x27, 0x89, 0x60, 0xa5, 0x4b, 0x1e, 0xe3, 0x64, 0xfc, 0x89, 0xc9, 0x14, + 0x6b, 0x34, 0xfb, 0xfb, 0x16, 0xa0, 0xd9, 0x72, 0xcd, 0xc7, 0xa8, 0xa4, 0x89, 0x55, 0x07, 0x38, + 0xd1, 0x93, 0x88, 0x63, 0x2d, 0x73, 0x82, 0x34, 0xf9, 0x34, 0x94, 0x45, 0x53, 0xab, 0x0e, 0x6c, + 0x12, 0x3d, 0xa2, 0xed, 0xc5, 0x92, 0x67, 0xff, 0xc1, 0x82, 0x6c, 0xba, 0x11, 0x99, 0x5a, 0x7a, + 0x36, 0x9b, 0xa9, 0xd3, 0x5e, 0x3c, 0xf9, 0x9c, 0x89, 0x5e, 0x81, 0xba, 0xc3, 0x18, 0x19, 0x85, + 0x4c, 0x04, 0x64, 0xf1, 0xbe, 0x03, 0x72, 0x99, 0x47, 0xc2, 0xf5, 0xa0, 0xeb, 0xed, 0x79, 0x22, + 0x18, 0x4d, 0x75, 0xf6, 0x7b, 0x45, 0x58, 0x4e, 0x37, 0x5f, 0x68, 0x0c, 0x15, 0xd1, 0xec, 0xc8, + 0xab, 0xa6, 0xdc, 0xbb, 0xab, 0xc4, 0x25, 0x82, 0x44, 0xb1, 0x02, 0xe3, 0x89, 0x35, 0x8a, 0xa7, + 0xab, 0x4c, 0x62, 0x4d, 0xe6, 0xaa, 0x44, 0xe2, 0xd8, 0x89, 0xaa, 0xf8, 0xbf, 0x39, 0x51, 0xbd, + 0x0a, 0xd0, 0x15, 0xde, 0x16, 0x7b, 0x59, 0x7a, 0xf0, 0xe4, 0xb2, 0x99, 0x68, 0xc1, 0x86, 0x46, + 0x74, 0x16, 0x0a, 0x5e, 0x57, 0x9c, 0xea, 0x62, 0x1b, 0x94, 0x6c, 0x61, 0x6b, 0x13, 0x17, 0xbc, + 0xae, 0x4d, 0x61, 0xd1, 0xec, 0x36, 0x4f, 0x1c, 0xab, 0x9f, 0x87, 0x25, 0xf9, 0xb4, 0x49, 0x98, + 0xe3, 0x0d, 0xa9, 0xda, 0x9d, 0x27, 0x94, 0xf8, 0x52, 0xc7, 0x64, 0xe2, 0xb4, 0xac, 0xfd, 0xd3, + 0x02, 0xc0, 0xd5, 0x20, 0x18, 0x28, 0xcc, 0xf8, 0xe8, 0x59, 0x47, 0x1e, 0xbd, 0x75, 0x28, 0x0d, + 0x3c, 0xbf, 0x9b, 0x3d, 0x9c, 0xdb, 0x9e, 0xdf, 0xc5, 0x82, 0x83, 0x2e, 0x00, 0x38, 0xa1, 0xf7, + 0x12, 0x89, 0xa8, 0xbe, 0x4d, 0x4c, 0xfc, 0x72, 0x69, 0x67, 0x4b, 0x71, 0xb0, 0x21, 0x85, 0x9e, + 0x51, 0x9d, 0xa1, 0x1c, 0xdb, 0x1b, 0x99, 0xce, 0xb0, 0xca, 0x2d, 0x34, 0x5a, 0xbf, 0x8b, 0x99, + 0xfc, 0xb8, 0x3e, 0x93, 0x1f, 0x75, 0xa7, 0xbc, 0xd3, 0x77, 0x28, 0x39, 0xec, 0x5c, 0x57, 0x8e, + 0xb9, 0x3f, 0xfa, 0x87, 0x05, 0xfa, 0xf6, 0x0a, 0xed, 0x41, 0x89, 0x4e, 0x7d, 0x57, 0xd5, 0x9b, + 0x79, 0x32, 0x6a, 0x67, 0xea, 0xbb, 0xfa, 0x92, 0xac, 0x2a, 0xee, 0x00, 0xa7, 0xbe, 0x8b, 0x85, + 0x7e, 0x34, 0x81, 0x6a, 0x14, 0x0c, 0x87, 0xb7, 0x1c, 0x77, 0x90, 0x43, 0xe9, 0xc1, 0x4a, 0x95, + 0xc6, 0x5b, 0x14, 0xe7, 0x55, 0x91, 0x71, 0x82, 0x65, 0xff, 0xaa, 0x0c, 0x99, 0xe9, 0x02, 0x8d, + 0xcd, 0x8b, 0x41, 0x2b, 0xc7, 0x8b, 0xc1, 0x24, 0xfb, 0x1f, 0x76, 0x39, 0x88, 0x9e, 0x83, 0x72, + 0xc8, 0xf7, 0x4c, 0x45, 0xd8, 0x5a, 0x9c, 0xdb, 0xc5, 0x46, 0x1e, 0xb2, 0xb5, 0x52, 0xda, 0xdc, + 0xd9, 0xe2, 0x31, 0x19, 0xfb, 0x1b, 0x00, 0xdc, 0xd7, 0x6a, 0x4c, 0x97, 0x87, 0xfc, 0x46, 0x5e, + 0x3b, 0xaa, 0x26, 0x75, 0x91, 0xd4, 0x3b, 0x09, 0x0a, 0x36, 0x10, 0xd1, 0xf7, 0x2c, 0x58, 0x8e, + 0x1d, 0xaf, 0x8c, 0x28, 0x3f, 0x14, 0x23, 0xc4, 0xcc, 0x88, 0x53, 0x48, 0x38, 0x83, 0x8c, 0xbe, + 0x02, 0x35, 0xca, 0x9c, 0x48, 0x16, 0xaf, 0xca, 0x7d, 0x27, 0xbc, 0x64, 0x2f, 0x3b, 0xb1, 0x12, + 0xac, 0xf5, 0xa1, 0x97, 0x01, 0xf6, 0x3c, 0xdf, 0xa3, 0x7d, 0xa1, 0x7d, 0xe1, 0xc1, 0x4a, 0xe3, + 0x95, 0x44, 0x03, 0x36, 0xb4, 0xd9, 0x6f, 0x5a, 0xb0, 0x68, 0xfe, 0x36, 0x38, 0x41, 0xee, 0x3a, + 0x07, 0xd5, 0x30, 0x18, 0x7a, 0xae, 0x47, 0x64, 0xef, 0x5a, 0x93, 0xc7, 0x61, 0x47, 0xd1, 0x70, + 0xc2, 0x15, 0x3d, 0x4b, 0x44, 0x1c, 0x5d, 0xd2, 0x8b, 0x46, 0xcf, 0x12, 0x33, 0xb0, 0x96, 0xb1, + 0xff, 0x52, 0x00, 0x10, 0xff, 0x76, 0x3c, 0x71, 0x0d, 0xb2, 0x0e, 0xa5, 0x88, 0x84, 0x41, 0xd6, + 0x16, 0x2e, 0x81, 0x05, 0x27, 0x35, 0xd5, 0x14, 0xee, 0x6b, 0xaa, 0x29, 0x1e, 0x3b, 0xd5, 0xf0, + 0x8a, 0x40, 0xfb, 0x3b, 0x91, 0x37, 0x71, 0x18, 0xd9, 0x26, 0x53, 0x95, 0x56, 0x75, 0x45, 0xe8, + 0x5c, 0xd5, 0x4c, 0x9c, 0x96, 0x3d, 0x74, 0x20, 0x2c, 0xff, 0x17, 0x07, 0xc2, 0x77, 0x2c, 0x58, + 0xd6, 0x9e, 0xfd, 0xff, 0xfa, 0x9d, 0xa8, 0xed, 0x3e, 0x62, 0xc2, 0xf9, 0xa7, 0x05, 0x2b, 0x71, + 0x2f, 0xad, 0x4a, 0x72, 0x2e, 0x35, 0x38, 0xf5, 0xeb, 0xa2, 0x78, 0xfc, 0xaf, 0x0b, 0x33, 0x7d, + 0x96, 0x8e, 0x49, 0x9f, 0x5f, 0xc8, 0x54, 0xdf, 0x0f, 0xcd, 0x54, 0x5f, 0x94, 0x4c, 0x0d, 0x53, + 0xdf, 0x4d, 0x77, 0x2b, 0xf6, 0x2f, 0x2c, 0x58, 0x8c, 0xd9, 0x37, 0x82, 0xae, 0xe8, 0xe5, 0xa9, + 0x08, 0x32, 0x2b, 0xdd, 0xcb, 0xcb, 0x70, 0x90, 0x3c, 0x34, 0x86, 0xaa, 0xdb, 0xf7, 0x86, 0xdd, + 0x88, 0xf8, 0x6a, 0x5b, 0x9e, 0xcf, 0x61, 0xa8, 0xe1, 0xf8, 0x3a, 0x14, 0x36, 0x14, 0x00, 0x4e, + 0xa0, 0xec, 0xdf, 0x16, 0x61, 0x29, 0x35, 0x01, 0xa1, 0xe7, 0xa0, 0x2e, 0xff, 0x1d, 0x74, 0x0c, + 0x9b, 0x93, 0x0b, 0x83, 0x5d, 0xcd, 0xc2, 0xa6, 0x1c, 0xdf, 0x8f, 0xa1, 0x37, 0x91, 0x3a, 0xb2, + 0xbf, 0x92, 0xae, 0xc5, 0x0c, 0xac, 0x65, 0x8c, 0x11, 0xb0, 0x78, 0xdf, 0x23, 0xe0, 0x8f, 0x2d, + 0x40, 0x62, 0x09, 0x5c, 0x73, 0x32, 0xa9, 0xe5, 0xf0, 0x97, 0x36, 0xe5, 0xb7, 0xb3, 0xca, 0x22, + 0xb4, 0x31, 0x03, 0x85, 0x0f, 0x81, 0x37, 0x6e, 0x65, 0xcb, 0x8f, 0xe4, 0x56, 0xd6, 0xfe, 0x3a, + 0x9c, 0x99, 0xe9, 0x7f, 0x54, 0x03, 0x6e, 0x1d, 0xd6, 0x80, 0xf3, 0x48, 0x0c, 0xa3, 0xb1, 0x2f, + 0x37, 0xa8, 0xaa, 0x23, 0x71, 0x87, 0x13, 0xb1, 0xe4, 0xf1, 0xae, 0xbc, 0x1b, 0x4d, 0xf1, 0x58, + 0x76, 0xb6, 0x55, 0x8d, 0xbe, 0x29, 0xa8, 0x58, 0x71, 0xed, 0xef, 0x16, 0x60, 0x29, 0x55, 0x93, + 0x53, 0x03, 0x94, 0x75, 0xec, 0x00, 0x95, 0xa7, 0x31, 0xe8, 0x75, 0x58, 0xa4, 0xe2, 0x28, 0x46, + 0x0e, 0x23, 0xbd, 0x69, 0x0e, 0xf7, 0xe2, 0x1d, 0x43, 0x5d, 0xfb, 0xf4, 0xc1, 0xfe, 0xda, 0xa2, + 0x49, 0xc1, 0x29, 0x38, 0xfb, 0xe7, 0x05, 0x78, 0xec, 0x90, 0xfe, 0x04, 0xdd, 0x31, 0xef, 0x2a, + 0xe4, 0x30, 0xfb, 0x42, 0x0e, 0xe1, 0xa9, 0x12, 0xa9, 0xfc, 0x01, 0x7d, 0xd8, 0x4d, 0xc5, 0x7d, + 0xce, 0xb2, 0x7b, 0x50, 0xee, 0x07, 0xc1, 0x20, 0x1e, 0x5a, 0xe7, 0x29, 0x08, 0x7a, 0xd4, 0x6a, + 0xd7, 0xf8, 0x6e, 0xf2, 0x77, 0x8a, 0xa5, 0x7a, 0xfb, 0x3d, 0x0b, 0x52, 0x5e, 0x44, 0x23, 0x28, + 0x73, 0x2d, 0xd3, 0x1c, 0xfe, 0xcb, 0x99, 0x7a, 0x2f, 0x71, 0x9d, 0x12, 0x5f, 0x3c, 0x62, 0x89, + 0x82, 0x3c, 0x28, 0x71, 0x43, 0xd4, 0xdc, 0xb1, 0x9d, 0x13, 0x1a, 0x5f, 0xa2, 0x1c, 0x73, 0xf8, + 0x13, 0x16, 0x10, 0xf6, 0x45, 0x38, 0x33, 0x63, 0x11, 0x0f, 0xf9, 0xbd, 0x20, 0xfe, 0x0d, 0x69, + 0x84, 0xfc, 0x15, 0x4e, 0xc4, 0x92, 0xc7, 0xeb, 0xc7, 0xe9, 0xac, 0x7a, 0xf4, 0x13, 0x0b, 0xce, + 0xd0, 0xac, 0xbe, 0x87, 0xe2, 0xb5, 0x0f, 0x2a, 0xa3, 0x66, 0xcd, 0xc7, 0xb3, 0x16, 0xf0, 0x1d, + 0xcd, 0x5e, 0xde, 0xf2, 0xd8, 0xf3, 0x7c, 0x4a, 0xdc, 0x71, 0x14, 0x2f, 0x34, 0x89, 0xbd, 0x2d, + 0x45, 0xc7, 0x89, 0x04, 0x1f, 0xa6, 0xe5, 0xcf, 0x83, 0x1b, 0xba, 0x51, 0x4c, 0x86, 0xe9, 0x4e, + 0xc2, 0xc1, 0x86, 0x14, 0x6f, 0x73, 0x5d, 0x12, 0xb1, 0x4d, 0xde, 0x1e, 0xf1, 0xbc, 0xb0, 0x28, + 0xdb, 0xdc, 0x0d, 0x45, 0xc3, 0x09, 0x17, 0x7d, 0x18, 0x16, 0x06, 0x64, 0x2a, 0x04, 0x4b, 0x42, + 0xb0, 0xce, 0x2b, 0xfe, 0xb6, 0x24, 0xe1, 0x98, 0x87, 0x6c, 0xa8, 0xb8, 0x8e, 0x90, 0x2a, 0x0b, + 0x29, 0x10, 0xff, 0x11, 0x2e, 0x09, 0x21, 0xc5, 0x69, 0x37, 0xef, 0xde, 0x5b, 0x3d, 0xf5, 0xd6, + 0xbd, 0xd5, 0x53, 0x6f, 0xdf, 0x5b, 0x3d, 0xf5, 0xc6, 0xc1, 0xaa, 0x75, 0xf7, 0x60, 0xd5, 0x7a, + 0xeb, 0x60, 0xd5, 0x7a, 0xfb, 0x60, 0xd5, 0xfa, 0xfb, 0xc1, 0xaa, 0xf5, 0xc3, 0x77, 0x57, 0x4f, + 0xbd, 0x5c, 0x8d, 0x5d, 0xfb, 0xef, 0x00, 0x00, 0x00, 0xff, 0xff, 0x8d, 0x42, 0xe6, 0x06, 0x8d, + 0x28, 0x00, 0x00, } diff --git a/pkg/apis/application/v1alpha1/generated.proto b/pkg/apis/application/v1alpha1/generated.proto index b2e7cf7890792..5e3efa8596c5c 100644 --- a/pkg/apis/application/v1alpha1/generated.proto +++ b/pkg/apis/application/v1alpha1/generated.proto @@ -292,7 +292,7 @@ message ProjectToken { repeated string policies = 2; - optional int64 validUntil = 3; + optional int64 createdAt = 3; } // Repository is a Git repository holding application configurations diff --git a/pkg/apis/application/v1alpha1/types.go b/pkg/apis/application/v1alpha1/types.go index c8e88d8f7c8f0..a1c2363dbae6d 100644 --- a/pkg/apis/application/v1alpha1/types.go +++ b/pkg/apis/application/v1alpha1/types.go @@ -469,10 +469,9 @@ type AppProjectSpec struct { // ProjectToken TODO: Check if everything should be capitalized // ProjectToken contains metadata of a token for a project type ProjectToken struct { - Name string `json:"name" protobuf:"bytes,1,opt,name=name"` - Policies []string `protobuf:"bytes,2,rep,name=policies"` - ValidUntil int64 `json:"validUntil" protobuf:"int64,3,opt,name=validUntil"` - // ValidUntil timestamp.Timestamp `json:"validUntil" protobuf:"bytes,3,opt,name=validUntil"` + Name string `json:"name" protobuf:"bytes,1,opt,name=name"` + Policies []string `protobuf:"bytes,2,rep,name=policies"` + CreatedAt int64 `json:"createdAt" protobuf:"int64,3,opt,name=createdAt"` } func GetDefaultProject(namespace string) AppProject { diff --git a/server/project/project.go b/server/project/project.go index 91d77f183afe7..c43598a0eef69 100644 --- a/server/project/project.go +++ b/server/project/project.go @@ -102,19 +102,20 @@ func (s *Server) CreateToken(ctx context.Context, q *ProjectTokenCreateRequest) } //TODO: Move string somewhere common roleName := fmt.Sprintf("proj:%s:%s", q.Project.Name, q.Token.Name) - //TODO: Confirm expired token doesn't work - token, err := s.sessionMgr.CreateToken(roleName, q.Token.ValidUntil) + //Protobufforces SecondsBeforeExpiry to be a int32 instead of an int. We are converting it to a regular int here. + jwtToken, err := s.sessionMgr.Create(roleName, int(q.SecondsBeforeExpiry)) if err != nil { return nil, err } + q.Token.CreatedAt = jwtToken.IssuedAt q.Project.Spec.Tokens = append(q.Project.Spec.Tokens, *q.Token) _, err = s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Update(q.Project) if err != nil { return nil, err } - return &ProjectTokenResponse{Token: token}, nil + return &ProjectTokenResponse{Token: jwtToken.Token}, nil } diff --git a/server/project/project.pb.go b/server/project/project.pb.go index fe4dc8390b72e..0687f2ab6ca72 100644 --- a/server/project/project.pb.go +++ b/server/project/project.pb.go @@ -67,8 +67,9 @@ func (m *ProjectCreateRequest) GetProject() *github_com_argoproj_argo_cd_pkg_api // ProjectTokenCreateRequest defines project token creation parameters. type ProjectTokenCreateRequest struct { - Project *github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.AppProject `protobuf:"bytes,1,opt,name=project" json:"project,omitempty"` - Token *github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.ProjectToken `protobuf:"bytes,2,opt,name=token" json:"token,omitempty"` + Project *github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.AppProject `protobuf:"bytes,1,opt,name=project" json:"project,omitempty"` + Token *github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.ProjectToken `protobuf:"bytes,2,opt,name=token" json:"token,omitempty"` + SecondsBeforeExpiry int32 `protobuf:"varint,3,opt,name=secondsBeforeExpiry,proto3" json:"secondsBeforeExpiry,omitempty"` } func (m *ProjectTokenCreateRequest) Reset() { *m = ProjectTokenCreateRequest{} } @@ -90,6 +91,13 @@ func (m *ProjectTokenCreateRequest) GetToken() *github_com_argoproj_argo_cd_pkg_ return nil } +func (m *ProjectTokenCreateRequest) GetSecondsBeforeExpiry() int32 { + if m != nil { + return m.SecondsBeforeExpiry + } + return 0 +} + type ProjectTokenPolicyCreateRequest struct { Project *github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.AppProject `protobuf:"bytes,1,opt,name=project" json:"project,omitempty"` Token string `protobuf:"bytes,2,opt,name=token,proto3" json:"token,omitempty"` @@ -603,6 +611,11 @@ func (m *ProjectTokenCreateRequest) MarshalTo(dAtA []byte) (int, error) { } i += n3 } + if m.SecondsBeforeExpiry != 0 { + dAtA[i] = 0x18 + i++ + i = encodeVarintProject(dAtA, i, uint64(m.SecondsBeforeExpiry)) + } return i, nil } @@ -800,6 +813,9 @@ func (m *ProjectTokenCreateRequest) Size() (n int) { l = m.Token.Size() n += 1 + l + sovProject(uint64(l)) } + if m.SecondsBeforeExpiry != 0 { + n += 1 + sovProject(uint64(m.SecondsBeforeExpiry)) + } return n } @@ -1062,6 +1078,25 @@ func (m *ProjectTokenCreateRequest) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 3: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field SecondsBeforeExpiry", wireType) + } + m.SecondsBeforeExpiry = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProject + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.SecondsBeforeExpiry |= (int32(b) & 0x7F) << shift + if b < 0x80 { + break + } + } default: iNdEx = preIndex skippy, err := skipProject(dAtA[iNdEx:]) @@ -1731,49 +1766,51 @@ var ( func init() { proto.RegisterFile("server/project/project.proto", fileDescriptorProject) } var fileDescriptorProject = []byte{ - // 695 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x56, 0x4d, 0x6f, 0x13, 0x3d, - 0x10, 0x96, 0xfb, 0x91, 0xf7, 0x7d, 0xdd, 0x97, 0x2f, 0xab, 0x2d, 0x69, 0xda, 0xa6, 0xc5, 0x07, - 0x14, 0x2a, 0xea, 0x55, 0x5a, 0x0e, 0x15, 0x37, 0x3e, 0xaa, 0xaa, 0x12, 0x87, 0x52, 0x40, 0x42, - 0x48, 0xa8, 0x72, 0x37, 0xa3, 0xed, 0x36, 0xc9, 0xda, 0xac, 0xdd, 0x45, 0x11, 0xe2, 0x52, 0x71, - 0xe3, 0x06, 0x7f, 0x00, 0x89, 0x3f, 0xc3, 0x11, 0x89, 0x23, 0x17, 0x54, 0x71, 0xe0, 0x67, 0x20, - 0xcf, 0xee, 0x36, 0x9b, 0x26, 0x01, 0x24, 0xa2, 0x9e, 0xe2, 0x1d, 0xcf, 0xcc, 0xf3, 0x3c, 0x33, - 0xb6, 0x27, 0x74, 0xc1, 0x40, 0x9c, 0x40, 0xec, 0xe9, 0x58, 0x1d, 0x82, 0x6f, 0xf3, 0x5f, 0xa1, - 0x63, 0x65, 0x15, 0xfb, 0x27, 0xfb, 0xac, 0x4c, 0x07, 0x2a, 0x50, 0x68, 0xf3, 0xdc, 0x2a, 0xdd, - 0xae, 0x2c, 0x04, 0x4a, 0x05, 0x2d, 0xf0, 0xa4, 0x0e, 0x3d, 0x19, 0x45, 0xca, 0x4a, 0x1b, 0xaa, - 0xc8, 0x64, 0xbb, 0xbc, 0xb9, 0x61, 0x44, 0xa8, 0x70, 0xd7, 0x57, 0x31, 0x78, 0x49, 0xdd, 0x0b, - 0x20, 0x82, 0x58, 0x5a, 0x68, 0x64, 0x3e, 0xb7, 0xba, 0x3e, 0x6d, 0xe9, 0x1f, 0x84, 0x11, 0xc4, - 0x1d, 0x4f, 0x37, 0x03, 0x67, 0x30, 0x5e, 0x1b, 0xac, 0x1c, 0x14, 0xb5, 0x1d, 0x84, 0xf6, 0xe0, - 0x68, 0x5f, 0xf8, 0xaa, 0xed, 0xc9, 0x18, 0x89, 0x1d, 0xe2, 0x62, 0xd5, 0x6f, 0x74, 0xa3, 0xa5, - 0xd6, 0xad, 0xd0, 0x47, 0x4a, 0x5e, 0x52, 0x97, 0x2d, 0x7d, 0x20, 0xfb, 0x52, 0xf1, 0x97, 0x74, - 0x7a, 0x27, 0xd5, 0x78, 0x2f, 0x06, 0x69, 0x61, 0x17, 0x5e, 0x1c, 0x81, 0xb1, 0x6c, 0x8f, 0xe6, - 0xda, 0xcb, 0x64, 0x99, 0xd4, 0xa6, 0xd6, 0x36, 0x45, 0x17, 0x54, 0xe4, 0xa0, 0xb8, 0xd8, 0xf3, - 0x1b, 0x42, 0x37, 0x03, 0xe1, 0x40, 0x45, 0x01, 0x54, 0xe4, 0xa0, 0xe2, 0x8e, 0xd6, 0x19, 0xc8, - 0x6e, 0x9e, 0x95, 0x7f, 0x25, 0x74, 0x2e, 0x33, 0x3e, 0x56, 0x4d, 0x88, 0xce, 0x17, 0x9e, 0x3d, - 0xa7, 0x93, 0xd6, 0xc1, 0x96, 0xc7, 0x30, 0xfd, 0xd6, 0x5f, 0xa4, 0x2f, 0xaa, 0xd8, 0x4d, 0xb3, - 0xf2, 0x1f, 0x84, 0x2e, 0x15, 0xed, 0x3b, 0xaa, 0x15, 0xfa, 0x9d, 0x73, 0xd6, 0x38, 0x5d, 0xd4, - 0xf8, 0x5f, 0x46, 0x8d, 0xcd, 0xd2, 0x92, 0xf4, 0x5d, 0x70, 0x79, 0x1c, 0xcd, 0xd9, 0x17, 0xab, - 0x52, 0xaa, 0x21, 0x6e, 0x87, 0xc6, 0xb8, 0xbd, 0x09, 0xdc, 0x2b, 0x58, 0x5c, 0x9c, 0xda, 0x47, - 0xb6, 0x93, 0x69, 0x5c, 0xfa, 0xc5, 0x39, 0x5d, 0x1e, 0xae, 0xd4, 0x68, 0x15, 0x19, 0xe0, 0x37, - 0x4f, 0x4f, 0x59, 0x5a, 0xa5, 0xcc, 0xde, 0x65, 0x48, 0x0a, 0x0c, 0x39, 0xa7, 0xff, 0x67, 0xde, - 0x0f, 0x8f, 0x20, 0xee, 0x30, 0x46, 0x27, 0x22, 0xd9, 0x86, 0xcc, 0x09, 0xd7, 0x85, 0x73, 0xfb, - 0x44, 0x37, 0xce, 0xf3, 0xdc, 0x5e, 0xa2, 0x17, 0x36, 0xdb, 0xda, 0x76, 0x72, 0x0d, 0x6b, 0x1f, - 0xfe, 0xa5, 0x17, 0x33, 0xaf, 0x47, 0x10, 0x27, 0xa1, 0x0f, 0xec, 0x1d, 0xa1, 0x57, 0xd2, 0x0a, - 0x14, 0x4a, 0xc2, 0x6a, 0x22, 0x7f, 0x5c, 0x7e, 0x73, 0x32, 0x2a, 0x37, 0xfe, 0xc0, 0x33, 0xab, - 0x6c, 0xed, 0xf8, 0xcb, 0xf7, 0xf7, 0x63, 0x9c, 0x2f, 0xe2, 0x33, 0x93, 0xd4, 0xf3, 0x07, 0xcc, - 0x78, 0x58, 0x4b, 0x4f, 0x63, 0xd0, 0x6d, 0xb2, 0xc2, 0x0c, 0x9d, 0x2a, 0x70, 0x62, 0x7c, 0x20, - 0x46, 0x2f, 0x8f, 0xc5, 0x81, 0x3e, 0xa7, 0xd8, 0xd7, 0x10, 0x7b, 0x9e, 0xcf, 0x0e, 0xc6, 0x76, - 0xa0, 0x6f, 0x09, 0x2d, 0xa5, 0x39, 0x59, 0x5f, 0xb2, 0x5e, 0xac, 0xd1, 0xf4, 0x89, 0xcf, 0x23, - 0xa7, 0x19, 0x7e, 0xf9, 0x2c, 0x27, 0xc7, 0xe6, 0x98, 0xd0, 0x89, 0x07, 0xa1, 0xb1, 0x6c, 0xe6, - 0x2c, 0x17, 0x3c, 0x68, 0x95, 0xed, 0x91, 0x70, 0x70, 0x08, 0xbc, 0x8c, 0x3c, 0x18, 0xeb, 0xe3, - 0xc1, 0xde, 0x10, 0x3a, 0xbe, 0x05, 0x43, 0x39, 0x8c, 0xa8, 0x0e, 0x4b, 0x88, 0x3f, 0xc7, 0xae, - 0xf6, 0xf5, 0xe6, 0x95, 0xbb, 0x3f, 0xaf, 0xd9, 0x47, 0x42, 0x4b, 0xe9, 0xd5, 0xe9, 0xef, 0x4c, - 0xcf, 0x95, 0x1a, 0x15, 0xa3, 0x75, 0x64, 0xb4, 0x5a, 0xa9, 0xf5, 0x33, 0xca, 0xe1, 0xdd, 0xbc, - 0x6b, 0x48, 0x2b, 0x05, 0x52, 0x74, 0x1d, 0x7b, 0x4a, 0x4b, 0xf7, 0xa1, 0x05, 0x16, 0x86, 0x95, - 0x6b, 0xf6, 0xd4, 0xdc, 0x73, 0x2b, 0x73, 0xfd, 0x2b, 0x43, 0xf5, 0x1f, 0x52, 0xea, 0x1a, 0xb5, - 0x99, 0x40, 0x64, 0xcd, 0xb0, 0xec, 0x8b, 0x22, 0x9d, 0xcf, 0x4e, 0xa1, 0x70, 0x33, 0x5c, 0x24, - 0x75, 0x81, 0x21, 0xd8, 0xe4, 0xeb, 0x08, 0xb2, 0xcc, 0xaa, 0x43, 0x40, 0x3c, 0xc0, 0xec, 0x77, - 0x37, 0x3e, 0x9d, 0x54, 0xc9, 0xe7, 0x93, 0x2a, 0xf9, 0x76, 0x52, 0x25, 0xcf, 0x56, 0x7e, 0x35, - 0xbd, 0x7b, 0xff, 0x8e, 0xec, 0x97, 0x70, 0x4a, 0xaf, 0xff, 0x0c, 0x00, 0x00, 0xff, 0xff, 0x2a, - 0x84, 0x82, 0x37, 0xa7, 0x08, 0x00, 0x00, + // 721 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x56, 0xcb, 0x6e, 0x13, 0x3d, + 0x14, 0x96, 0x7b, 0xc9, 0xff, 0xd7, 0xfd, 0x7f, 0x2e, 0xa6, 0x2d, 0x69, 0xda, 0xa6, 0xc1, 0x0b, + 0x14, 0x2a, 0xea, 0x21, 0x2d, 0x8b, 0x8a, 0x1d, 0x85, 0xa8, 0xaa, 0xc4, 0xa2, 0x04, 0x90, 0x10, + 0x12, 0xaa, 0xdc, 0xc9, 0x61, 0x3a, 0x4d, 0x32, 0x36, 0xb6, 0x1b, 0x88, 0x10, 0x9b, 0x8a, 0x1d, + 0x62, 0x03, 0x2f, 0x80, 0xc4, 0xcb, 0xb0, 0x44, 0xe2, 0x05, 0x50, 0xc5, 0x82, 0xc7, 0x40, 0xf6, + 0xcc, 0x34, 0x93, 0x26, 0x01, 0x24, 0xa2, 0xae, 0xe2, 0x39, 0x97, 0xef, 0xfb, 0xce, 0x39, 0xbe, + 0x04, 0x2f, 0x6a, 0x50, 0x6d, 0x50, 0x9e, 0x54, 0xe2, 0x00, 0x7c, 0x93, 0xfe, 0x32, 0xa9, 0x84, + 0x11, 0xe4, 0x9f, 0xe4, 0xb3, 0x30, 0x13, 0x88, 0x40, 0x38, 0x9b, 0x67, 0x57, 0xb1, 0xbb, 0xb0, + 0x18, 0x08, 0x11, 0x34, 0xc1, 0xe3, 0x32, 0xf4, 0x78, 0x14, 0x09, 0xc3, 0x4d, 0x28, 0x22, 0x9d, + 0x78, 0x69, 0x63, 0x43, 0xb3, 0x50, 0x38, 0xaf, 0x2f, 0x14, 0x78, 0xed, 0x8a, 0x17, 0x40, 0x04, + 0x8a, 0x1b, 0xa8, 0x27, 0x31, 0x37, 0xbb, 0x31, 0x2d, 0xee, 0xef, 0x87, 0x11, 0xa8, 0x8e, 0x27, + 0x1b, 0x81, 0x35, 0x68, 0xaf, 0x05, 0x86, 0x0f, 0xca, 0xda, 0x0e, 0x42, 0xb3, 0x7f, 0xb8, 0xc7, + 0x7c, 0xd1, 0xf2, 0xb8, 0x72, 0xc2, 0x0e, 0xdc, 0x62, 0xd5, 0xaf, 0x77, 0xb3, 0xb9, 0x94, 0xcd, + 0xd0, 0x77, 0x92, 0xbc, 0x76, 0x85, 0x37, 0xe5, 0x3e, 0xef, 0x83, 0xa2, 0x2f, 0xf0, 0xcc, 0x4e, + 0x5c, 0xe3, 0x1d, 0x05, 0xdc, 0x40, 0x0d, 0x9e, 0x1f, 0x82, 0x36, 0x64, 0x17, 0xa7, 0xb5, 0xe7, + 0x51, 0x09, 0x95, 0xa7, 0xd7, 0xaa, 0xac, 0x4b, 0xca, 0x52, 0x52, 0xb7, 0xd8, 0xf5, 0xeb, 0x4c, + 0x36, 0x02, 0x66, 0x49, 0x59, 0x86, 0x94, 0xa5, 0xa4, 0xec, 0xb6, 0x94, 0x09, 0x49, 0x2d, 0x45, + 0xa5, 0xef, 0xc6, 0xf0, 0x7c, 0x62, 0x7c, 0x28, 0x1a, 0x10, 0x9d, 0x2d, 0x3d, 0x79, 0x8a, 0x27, + 0x8d, 0xa5, 0xcd, 0x8f, 0x39, 0xf8, 0xad, 0xbf, 0x80, 0xcf, 0x56, 0x51, 0x8b, 0x51, 0xc9, 0x0d, + 0x7c, 0x49, 0x83, 0x2f, 0xa2, 0xba, 0xde, 0x84, 0x67, 0x42, 0x41, 0xf5, 0xa5, 0x0c, 0x55, 0x27, + 0x3f, 0x5e, 0x42, 0xe5, 0xc9, 0xda, 0x20, 0x17, 0xfd, 0x81, 0xf0, 0x72, 0x16, 0x69, 0x47, 0x34, + 0x43, 0xbf, 0x73, 0xc6, 0x5d, 0x99, 0xc9, 0x76, 0x65, 0x2a, 0x2d, 0x66, 0x0e, 0xe7, 0xb8, 0x6f, + 0x93, 0x9d, 0xfe, 0xa9, 0x5a, 0xf2, 0x45, 0x8a, 0x18, 0x4b, 0x50, 0xad, 0x50, 0x6b, 0xeb, 0x9b, + 0x70, 0xbe, 0x8c, 0xc5, 0xe6, 0x89, 0x3d, 0xa7, 0x76, 0x32, 0xce, 0x8b, 0xbf, 0x28, 0xc5, 0xa5, + 0xe1, 0x95, 0x6a, 0x29, 0x22, 0x0d, 0xf4, 0xfa, 0xc9, 0xbe, 0x8c, 0xfb, 0x9a, 0xd8, 0xbb, 0x0a, + 0x51, 0x46, 0x21, 0xa5, 0xf8, 0xbf, 0x24, 0xfa, 0xfe, 0x21, 0xa8, 0x0e, 0x21, 0x78, 0x22, 0xe2, + 0x2d, 0x48, 0x82, 0xdc, 0x3a, 0xb3, 0xd3, 0x1f, 0xc9, 0xfa, 0x59, 0xee, 0xf4, 0xf3, 0xf8, 0xff, + 0x6a, 0x4b, 0x9a, 0x4e, 0x5a, 0xc3, 0xda, 0xc7, 0x7f, 0xf1, 0xb9, 0x24, 0xea, 0x01, 0xa8, 0x76, + 0xe8, 0x03, 0x79, 0x8f, 0xf0, 0xc5, 0xb8, 0x03, 0x99, 0x96, 0x90, 0x32, 0x4b, 0xaf, 0xa3, 0xdf, + 0xec, 0x8c, 0xc2, 0xb5, 0x3f, 0x88, 0x4c, 0x3a, 0x5b, 0x3e, 0xfa, 0xfa, 0xfd, 0xc3, 0x18, 0xa5, + 0x4b, 0xee, 0x62, 0x6a, 0x57, 0xd2, 0x2b, 0x4f, 0x7b, 0xae, 0x97, 0x9e, 0x74, 0x49, 0xb7, 0xd0, + 0x0a, 0xd1, 0x78, 0x3a, 0xa3, 0x89, 0xd0, 0x81, 0x1c, 0xbd, 0x3a, 0x96, 0x06, 0xc6, 0x9c, 0x70, + 0x5f, 0x71, 0xdc, 0x0b, 0x74, 0x6e, 0x30, 0xb7, 0x25, 0x7d, 0x8b, 0x70, 0x2e, 0xc6, 0x24, 0x7d, + 0x60, 0xbd, 0x5c, 0xa3, 0x99, 0x13, 0x5d, 0x70, 0x9a, 0x66, 0xe9, 0x85, 0xd3, 0x9a, 0xac, 0x9a, + 0x23, 0x84, 0x27, 0xee, 0x85, 0xda, 0x90, 0xd9, 0xd3, 0x5a, 0xdc, 0x46, 0x2b, 0x6c, 0x8f, 0x44, + 0x83, 0x65, 0xa0, 0x79, 0xa7, 0x83, 0x90, 0x3e, 0x1d, 0xe4, 0x0d, 0xc2, 0xe3, 0x5b, 0x30, 0x54, + 0xc3, 0x88, 0xfa, 0xb0, 0xec, 0xf8, 0xe7, 0xc9, 0xe5, 0xbe, 0xd9, 0xbc, 0xb2, 0xe7, 0xe7, 0x35, + 0xf9, 0x84, 0x70, 0x2e, 0x3e, 0x3a, 0xfd, 0x93, 0xe9, 0x39, 0x52, 0xa3, 0x52, 0xb4, 0xee, 0x14, + 0xad, 0x16, 0xca, 0xfd, 0x8a, 0x52, 0x7a, 0xfb, 0x42, 0xd6, 0xb9, 0xe1, 0xcc, 0x49, 0xb4, 0x13, + 0x7b, 0x8c, 0x73, 0x77, 0xa1, 0x09, 0x06, 0x86, 0xb5, 0x6b, 0xee, 0xc4, 0xdc, 0x73, 0x2a, 0xd3, + 0xfa, 0x57, 0x86, 0xd6, 0x7f, 0x80, 0xb1, 0x1d, 0x54, 0xb5, 0x0d, 0x91, 0xd1, 0xc3, 0xd0, 0x97, + 0x58, 0xfc, 0xa2, 0xdb, 0x0a, 0x99, 0x7d, 0xf5, 0x59, 0xbb, 0xc2, 0x5c, 0x8a, 0x1b, 0xf2, 0x55, + 0x47, 0x52, 0x22, 0xc5, 0x21, 0x24, 0x1e, 0x38, 0xf4, 0xcd, 0x8d, 0xcf, 0xc7, 0x45, 0xf4, 0xe5, + 0xb8, 0x88, 0xbe, 0x1d, 0x17, 0xd1, 0x93, 0x95, 0x5f, 0xbd, 0xf7, 0xbd, 0x7f, 0x60, 0xf6, 0x72, + 0xee, 0x5d, 0x5f, 0xff, 0x19, 0x00, 0x00, 0xff, 0xff, 0x57, 0x53, 0xb6, 0xf5, 0xd9, 0x08, 0x00, + 0x00, } diff --git a/server/project/project.proto b/server/project/project.proto index cd3209337dfa1..ab714aa4a95db 100644 --- a/server/project/project.proto +++ b/server/project/project.proto @@ -22,6 +22,7 @@ message ProjectCreateRequest { message ProjectTokenCreateRequest { github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.AppProject project = 1; github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.ProjectToken token = 2; + int32 secondsBeforeExpiry = 3; } message ProjectTokenPolicyCreateRequest { diff --git a/server/session/session.go b/server/session/session.go index 446ce72489701..bd92495495776 100644 --- a/server/session/session.go +++ b/server/session/session.go @@ -34,11 +34,11 @@ func (s *Server) Create(ctx context.Context, q *SessionCreateRequest) (*SessionR if err != nil { return nil, err } - tokenString, err := s.mgr.Create(q.Username, 0) + jwtToken, err := s.mgr.Create(q.Username, 0) if err != nil { return nil, err } - return &SessionResponse{Token: tokenString}, nil + return &SessionResponse{Token: jwtToken.Token}, nil } // Delete an authentication cookie from the client. This makes sense only for the Web client. diff --git a/server/session/session.pb.go b/server/session/session.pb.go index c05cb31a82741..7d5145f81d8bf 100644 --- a/server/session/session.pb.go +++ b/server/session/session.pb.go @@ -47,7 +47,6 @@ type SessionCreateRequest struct { Username string `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"` Password string `protobuf:"bytes,2,opt,name=password,proto3" json:"password,omitempty"` Token string `protobuf:"bytes,3,opt,name=token,proto3" json:"token,omitempty"` - Project string `protobuf:"bytes,4,opt,name=project,proto3" json:"project,omitempty"` } func (m *SessionCreateRequest) Reset() { *m = SessionCreateRequest{} } @@ -76,13 +75,6 @@ func (m *SessionCreateRequest) GetToken() string { return "" } -func (m *SessionCreateRequest) GetProject() string { - if m != nil { - return m.Project - } - return "" -} - // SessionDeleteRequest is for logging out. type SessionDeleteRequest struct { } @@ -257,12 +249,6 @@ func (m *SessionCreateRequest) MarshalTo(dAtA []byte) (int, error) { i = encodeVarintSession(dAtA, i, uint64(len(m.Token))) i += copy(dAtA[i:], m.Token) } - if len(m.Project) > 0 { - dAtA[i] = 0x22 - i++ - i = encodeVarintSession(dAtA, i, uint64(len(m.Project))) - i += copy(dAtA[i:], m.Project) - } return i, nil } @@ -332,10 +318,6 @@ func (m *SessionCreateRequest) Size() (n int) { if l > 0 { n += 1 + l + sovSession(uint64(l)) } - l = len(m.Project) - if l > 0 { - n += 1 + l + sovSession(uint64(l)) - } return n } @@ -484,35 +466,6 @@ func (m *SessionCreateRequest) Unmarshal(dAtA []byte) error { } m.Token = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Project", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowSession - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthSession - } - postIndex := iNdEx + intStringLen - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Project = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipSession(dAtA[iNdEx:]) @@ -771,28 +724,28 @@ var ( func init() { proto.RegisterFile("server/session/session.proto", fileDescriptorSession) } var fileDescriptorSession = []byte{ - // 368 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x7c, 0x92, 0xc1, 0x4a, 0xeb, 0x40, - 0x14, 0x86, 0x99, 0xde, 0x7b, 0xdb, 0xeb, 0x2c, 0x2c, 0x86, 0xa0, 0x21, 0xd4, 0x22, 0xd9, 0x28, - 0x05, 0x33, 0x54, 0x37, 0xc5, 0xa5, 0xba, 0x71, 0xdb, 0xee, 0x0a, 0x2e, 0xa6, 0xe9, 0x21, 0x8d, - 0x4d, 0xe7, 0x8c, 0x33, 0xd3, 0xb8, 0x73, 0xe1, 0x2b, 0xf8, 0x52, 0x82, 0x1b, 0xc1, 0x17, 0x90, - 0xe2, 0x83, 0x48, 0x26, 0x49, 0xb5, 0xad, 0x74, 0x95, 0xf9, 0xcf, 0x3f, 0xf9, 0xce, 0x39, 0xfc, - 0x43, 0x5b, 0x1a, 0x54, 0x06, 0x8a, 0x69, 0xd0, 0x3a, 0x41, 0x51, 0x7d, 0x43, 0xa9, 0xd0, 0xa0, - 0xd3, 0x28, 0xa5, 0xef, 0xc6, 0x18, 0xa3, 0xad, 0xb1, 0xfc, 0x54, 0xd8, 0x7e, 0x2b, 0x46, 0x8c, - 0x53, 0x60, 0x5c, 0x26, 0x8c, 0x0b, 0x81, 0x86, 0x9b, 0x04, 0x85, 0x2e, 0xdd, 0x60, 0xda, 0xd3, - 0x61, 0x82, 0xd6, 0x8d, 0x50, 0x01, 0xcb, 0xba, 0x2c, 0x06, 0x01, 0x8a, 0x1b, 0x18, 0x97, 0x77, - 0x6e, 0xe2, 0xc4, 0x4c, 0xe6, 0xa3, 0x30, 0xc2, 0x19, 0xe3, 0xca, 0xb6, 0xb8, 0xb3, 0x87, 0xd3, - 0x68, 0xcc, 0xe4, 0x34, 0xce, 0x7f, 0xd6, 0x8c, 0x4b, 0x99, 0x26, 0x91, 0x85, 0xb3, 0xac, 0xcb, - 0x53, 0x39, 0xe1, 0x1b, 0xa8, 0xe0, 0x91, 0xba, 0x83, 0x62, 0xda, 0x2b, 0x05, 0xdc, 0x40, 0x1f, - 0xee, 0xe7, 0xa0, 0x8d, 0xe3, 0xd3, 0xff, 0x73, 0x0d, 0x4a, 0xf0, 0x19, 0x78, 0xe4, 0x88, 0x9c, - 0xec, 0xf4, 0x97, 0x3a, 0xf7, 0x24, 0xd7, 0xfa, 0x01, 0xd5, 0xd8, 0xab, 0x15, 0x5e, 0xa5, 0x1d, - 0x97, 0xfe, 0x33, 0x38, 0x05, 0xe1, 0xfd, 0xb1, 0x46, 0x21, 0x1c, 0x8f, 0x36, 0xf2, 0x19, 0x21, - 0x32, 0xde, 0x5f, 0x5b, 0xaf, 0x64, 0xb0, 0xbf, 0xec, 0x7f, 0x0d, 0x29, 0x2c, 0xfb, 0x07, 0xc7, - 0xb4, 0x59, 0xd6, 0xfb, 0xa0, 0x25, 0x0a, 0x0d, 0xdf, 0x68, 0xf2, 0x03, 0x7d, 0xf6, 0x4a, 0xe8, - 0x6e, 0x79, 0x73, 0x00, 0x2a, 0x4b, 0x22, 0x70, 0x6e, 0x69, 0xbd, 0x58, 0xc6, 0x39, 0x0c, 0xab, - 0x64, 0x7e, 0x5b, 0xd2, 0xf7, 0xd6, 0xed, 0xaa, 0x57, 0xe0, 0x3f, 0xbd, 0x7f, 0x3e, 0xd7, 0xdc, - 0xa0, 0x69, 0x73, 0xc8, 0xba, 0x55, 0xc2, 0x17, 0xa4, 0xe3, 0x0c, 0x69, 0xbd, 0x98, 0x75, 0x13, - 0xbf, 0xb2, 0xc3, 0x16, 0xfc, 0x81, 0xc5, 0xef, 0x75, 0xd6, 0xf1, 0x97, 0xbd, 0x97, 0x45, 0x9b, - 0xbc, 0x2d, 0xda, 0xe4, 0x63, 0xd1, 0x26, 0xc3, 0xce, 0xb6, 0x9c, 0x57, 0x9f, 0xe0, 0xa8, 0x6e, - 0xf3, 0x3c, 0xff, 0x0a, 0x00, 0x00, 0xff, 0xff, 0x34, 0x26, 0xe2, 0x77, 0x9b, 0x02, 0x00, 0x00, + // 356 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x7c, 0x92, 0xb1, 0x4e, 0xeb, 0x30, + 0x14, 0x86, 0xe5, 0x5e, 0xdd, 0xde, 0x7b, 0x3d, 0xdc, 0x8a, 0x28, 0x82, 0x28, 0x2a, 0x15, 0xca, + 0x02, 0xaa, 0x44, 0xac, 0xc2, 0x52, 0x31, 0x02, 0x0b, 0x6b, 0xbb, 0x55, 0x62, 0x70, 0x93, 0xa3, + 0xd4, 0x34, 0xf5, 0x31, 0xb6, 0x1b, 0x76, 0x5e, 0x81, 0x97, 0x42, 0x62, 0x41, 0xe2, 0x05, 0x50, + 0xc5, 0x83, 0xa0, 0x3a, 0x49, 0xa1, 0x2d, 0xea, 0x14, 0xff, 0xfe, 0x9d, 0xef, 0x3f, 0x3e, 0xc7, + 0xb4, 0x6d, 0x40, 0x17, 0xa0, 0x99, 0x01, 0x63, 0x04, 0xca, 0xfa, 0x1b, 0x2b, 0x8d, 0x16, 0xbd, + 0x3f, 0x95, 0x0c, 0xfd, 0x0c, 0x33, 0x74, 0x7b, 0x6c, 0xb9, 0x2a, 0xed, 0xb0, 0x9d, 0x21, 0x66, + 0x39, 0x30, 0xae, 0x04, 0xe3, 0x52, 0xa2, 0xe5, 0x56, 0xa0, 0x34, 0x95, 0x1b, 0x4d, 0xfb, 0x26, + 0x16, 0xe8, 0xdc, 0x04, 0x35, 0xb0, 0xa2, 0xc7, 0x32, 0x90, 0xa0, 0xb9, 0x85, 0xb4, 0x3a, 0x73, + 0x93, 0x09, 0x3b, 0x99, 0x8f, 0xe3, 0x04, 0x67, 0x8c, 0x6b, 0x17, 0x71, 0xe7, 0x16, 0xa7, 0x49, + 0xca, 0xd4, 0x34, 0x5b, 0xfe, 0x6c, 0x18, 0x57, 0x2a, 0x17, 0x89, 0x83, 0xb3, 0xa2, 0xc7, 0x73, + 0x35, 0xe1, 0x5b, 0xa8, 0x28, 0xa5, 0xfe, 0xb0, 0xac, 0xf6, 0x4a, 0x03, 0xb7, 0x30, 0x80, 0xfb, + 0x39, 0x18, 0xeb, 0x85, 0xf4, 0xef, 0xdc, 0x80, 0x96, 0x7c, 0x06, 0x01, 0x39, 0x22, 0x27, 0xff, + 0x06, 0x2b, 0xbd, 0xf4, 0x14, 0x37, 0xe6, 0x01, 0x75, 0x1a, 0x34, 0x4a, 0xaf, 0xd6, 0x9e, 0x4f, + 0x7f, 0x5b, 0x9c, 0x82, 0x0c, 0x7e, 0x39, 0xa3, 0x14, 0xd1, 0xfe, 0x2a, 0xe5, 0x1a, 0x72, 0x58, + 0xa5, 0x44, 0xc7, 0xb4, 0x55, 0xed, 0x0f, 0xc0, 0x28, 0x94, 0x06, 0xbe, 0x00, 0xe4, 0x1b, 0xe0, + 0xec, 0x85, 0xd0, 0xff, 0xd5, 0xc9, 0x21, 0xe8, 0x42, 0x24, 0xe0, 0xdd, 0xd2, 0x66, 0x59, 0xb2, + 0x77, 0x18, 0xd7, 0xfd, 0xff, 0xe9, 0x2a, 0x61, 0xb0, 0x69, 0xd7, 0x59, 0x51, 0xf8, 0xf8, 0xf6, + 0xf1, 0xd4, 0xf0, 0xa3, 0x96, 0xeb, 0x76, 0xd1, 0xab, 0xe7, 0x78, 0x41, 0xba, 0xde, 0x88, 0x36, + 0xcb, 0x5a, 0xb7, 0xf1, 0x6b, 0x77, 0xd8, 0x81, 0x3f, 0x70, 0xf8, 0xbd, 0xee, 0x26, 0xfe, 0xb2, + 0xff, 0xbc, 0xe8, 0x90, 0xd7, 0x45, 0x87, 0xbc, 0x2f, 0x3a, 0x64, 0xd4, 0xdd, 0x35, 0xcd, 0xf5, + 0x87, 0x36, 0x6e, 0xba, 0xa9, 0x9d, 0x7f, 0x06, 0x00, 0x00, 0xff, 0xff, 0x9e, 0x28, 0x53, 0xc6, + 0x81, 0x02, 0x00, 0x00, } diff --git a/server/session/session.proto b/server/session/session.proto index 7ab22f20d26eb..339cbd2c65c48 100644 --- a/server/session/session.proto +++ b/server/session/session.proto @@ -17,7 +17,6 @@ message SessionCreateRequest { string username = 1; string password = 2; string token = 3; - string project = 4; } // SessionDeleteRequest is for logging out. diff --git a/server/swagger.json b/server/swagger.json index 7d008539e150a..4be99e0d31042 100644 --- a/server/swagger.json +++ b/server/swagger.json @@ -1396,6 +1396,10 @@ "project": { "$ref": "#/definitions/v1alpha1AppProject" }, + "secondsBeforeExpiry": { + "type": "integer", + "format": "int32" + }, "token": { "$ref": "#/definitions/v1alpha1ProjectToken" } @@ -1585,9 +1589,6 @@ "password": { "type": "string" }, - "project": { - "type": "string" - }, "token": { "type": "string" }, @@ -2370,6 +2371,10 @@ "type": "object", "title": "ProjectToken TODO: Check if everything should be capitalized\nProjectToken contains metadata of a token for a project", "properties": { + "createdAt": { + "type": "string", + "format": "int64" + }, "name": { "type": "string" }, @@ -2378,10 +2383,6 @@ "items": { "type": "string" } - }, - "validUntil": { - "type": "string", - "format": "int64" } } }, diff --git a/util/jwt/jwt.go b/util/jwt/jwt.go index 7e19664f10da5..21c913599ce52 100644 --- a/util/jwt/jwt.go +++ b/util/jwt/jwt.go @@ -30,6 +30,16 @@ func GetField(claims jwtgo.MapClaims, fieldName string) string { return "" } +// GetInt64Field extracts a field from the claims as a int64 +func GetInt64Field(claims jwtgo.MapClaims, fieldName string) int64 { + if fieldIf, ok := claims[fieldName]; ok { + if field, ok := fieldIf.(float64); ok { + return int64(field) + } + } + return 0 +} + // GetGroups extracts the groups from a claims func GetGroups(claims jwtgo.MapClaims) []string { groups := make([]string, 0) diff --git a/util/rbac/rbac.go b/util/rbac/rbac.go index fe4922809c1ad..c43c848c0765c 100644 --- a/util/rbac/rbac.go +++ b/util/rbac/rbac.go @@ -2,6 +2,7 @@ package rbac import ( "context" + "errors" "fmt" "strings" "time" @@ -133,12 +134,17 @@ func (e *Enforcer) defaultEnforceClaims(rvals ...interface{}) bool { user := jwtutil.GetField(mapClaims, "sub") if strings.HasPrefix(user, "proj:") { model := loadModel() - tokenPolicies, err := e.getProjectTokenPolices(user) + projPolicy, tokenCreationTime, err := e.getProjectTokenInfo(user) if err != nil { + log.Error(err) + return false + } + iat := jwtutil.GetInt64Field(mapClaims, "iat") + if tokenCreationTime != iat { return false } //TODO: Add verification of created at time - adapter := scas.NewAdapter(tokenPolicies) + adapter := scas.NewAdapter(projPolicy) enf := casbin.NewEnforcer(model, adapter) enf.EnableLog(false) vals := append([]interface{}{user}, rvals[1:]...) @@ -150,14 +156,25 @@ func (e *Enforcer) defaultEnforceClaims(rvals ...interface{}) bool { } //TODO: Add tests for method -func (e *Enforcer) getProjectTokenPolices(user string) (string, error) { - projName := strings.Split(user, ":")[1] +// Returns all the policies for a project and when the token was created. +func (e *Enforcer) getProjectTokenInfo(user string) (string, int64, error) { + userSplit := strings.Split(user, ":") + if len(userSplit) != 3 { + return "", -1, errors.New("incorrectly formated sub. Should follow proj:: format") + } + projName := userSplit[1] + tokenName := userSplit[2] proj, err := e.appclientset.ArgoprojV1alpha1().AppProjects(e.namespace).Get(projName, metav1.GetOptions{}) if err != nil { fmt.Print(err) - return "", err + return "", -1, err + } + for _, token := range proj.Spec.Tokens { + if token.Name == tokenName { + return proj.TokenPoliciesString(), token.CreatedAt, nil + } } - return proj.TokenPoliciesString(), nil + return "", -1, errors.New("project doesn't have token") } // SetBuiltinPolicy sets a built-in policy, which augments any user defined policies diff --git a/util/session/sessionmanager.go b/util/session/sessionmanager.go index 805a44c9956ed..594a6bcd0b160 100644 --- a/util/session/sessionmanager.go +++ b/util/session/sessionmanager.go @@ -43,6 +43,12 @@ const ( badUserError = "Bad local superuser username" ) +// JwtToken the metadata of a token +type JwtToken struct { + Token string + IssuedAt int64 +} + // NewSessionManager creates a new session manager from ArgoCD settings func NewSessionManager(settings *settings.ArgoCDSettings) *SessionManager { s := SessionManager{ @@ -70,24 +76,9 @@ func NewSessionManager(settings *settings.ArgoCDSettings) *SessionManager { return &s } -// CreateToken creates a new token for a given subject (user) and returns it as a string. -func (mgr *SessionManager) CreateToken(subject string, validUntil int64) (string, error) { - // Create a new token object, specifying signing method and the claims - // you would like it to contain. - now := time.Now().Unix() - claims := jwt.StandardClaims{ - ExpiresAt: validUntil, - IssuedAt: now, - Issuer: SessionManagerClaimsIssuer, - NotBefore: now, - Subject: subject, - } - return mgr.signClaims(claims) -} - // Create creates a new token for a given subject (user) and returns it as a string. // Passing a value of `0` for secondsBeforeExpiry creates a token that never expires. -func (mgr *SessionManager) Create(subject string, secondsBeforeExpiry int) (string, error) { +func (mgr *SessionManager) Create(subject string, secondsBeforeExpiry int) (*JwtToken, error) { // Create a new token object, specifying signing method and the claims // you would like it to contain. now := time.Now().UTC() @@ -101,7 +92,12 @@ func (mgr *SessionManager) Create(subject string, secondsBeforeExpiry int) (stri expires := now.Add(time.Duration(secondsBeforeExpiry) * time.Second) claims.ExpiresAt = expires.Unix() } - return mgr.signClaims(claims) + + token, err := mgr.signClaims(claims) + if err != nil { + return nil, err + } + return &JwtToken{Token: token, IssuedAt: now.Unix()}, nil } func (mgr *SessionManager) signClaims(claims jwt.Claims) (string, error) { From e8c18a00ae314a198a62c39a645d95d4ccdcdea6 Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Sun, 29 Jul 2018 07:39:23 -0700 Subject: [PATCH 03/43] Modify CLI to have token subcommand --- cmd/argocd/commands/project.go | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/cmd/argocd/commands/project.go b/cmd/argocd/commands/project.go index b8e4599ede503..b438a72b74893 100644 --- a/cmd/argocd/commands/project.go +++ b/cmd/argocd/commands/project.go @@ -64,8 +64,17 @@ func NewProjectCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { os.Exit(1) }, } - //TODO: Refector into token sub-command - command.AddCommand(NewProjectCreateTokenCommand(clientOpts)) + var tokenCommand = &cobra.Command{ + Use: "token", + Short: "Manage a project's token", + Run: func(c *cobra.Command, args []string) { + c.HelpFunc()(c, args) + os.Exit(1) + }, + } + tokenCommand.AddCommand(NewProjectCreateTokenCommand(clientOpts)) + tokenCommand.AddCommand(NewProjectAddTokenPolicyCommand(clientOpts)) + command.AddCommand(tokenCommand) command.AddCommand(NewProjectCreateCommand(clientOpts)) command.AddCommand(NewProjectDeleteCommand(clientOpts)) command.AddCommand(NewProjectListCommand(clientOpts)) @@ -74,7 +83,6 @@ func NewProjectCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { command.AddCommand(NewProjectRemoveDestinationCommand(clientOpts)) command.AddCommand(NewProjectAddSourceCommand(clientOpts)) command.AddCommand(NewProjectRemoveSourceCommand(clientOpts)) - command.AddCommand(NewProjectCreateTokenPolicyCommand(clientOpts)) return command } @@ -91,21 +99,19 @@ func addPolicyFlags(command *cobra.Command, opts *policyOpts) { command.Flags().StringVarP(&opts.object, "object", "o", "", "Object within the project to grant/deny access. Use '*' for a wildcard. Will want access to '/'") } -// NewProjectCreateTokenPolicyCommand returns a new instance of an `argocd proj token create-policy` command -func NewProjectCreateTokenPolicyCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { +// NewProjectAddTokenPolicyCommand returns a new instance of an `argocd proj token add-policy` command +func NewProjectAddTokenPolicyCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { var ( opts policyOpts ) var command = &cobra.Command{ - //TODO: Change to `token add-policy` - Use: "create-token-policy PROJECT TOKEN-NAME", - Short: "Create a policy for a project token", + Use: "add-policy PROJECT TOKEN-NAME", + Short: "Add a policy to a project token", Run: func(c *cobra.Command, args []string) { if len(args) != 2 { c.HelpFunc()(c, args) os.Exit(1) } - //TODO: Check if this logic can be pushed into the flags library if opts.permission != "allow" && opts.permission != "deny" { log.Fatal("Permission flag can only have the values 'allow' or 'deny'") } @@ -135,8 +141,7 @@ func NewProjectCreateTokenCommand(clientOpts *argocdclient.ClientOptions) *cobra secondsBeforeExpiry int32 ) var command = &cobra.Command{ - //TODO: Change to `token create` - Use: "create-token PROJECT TOKEN-NAME [--seconds seconds]", + Use: "create PROJECT TOKEN-NAME [--seconds seconds]", Short: "Create a project token", Run: func(c *cobra.Command, args []string) { if len(args) != 2 { From 66b5beb1d354c71c88d0b20df89a2c37702a3ba9 Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Mon, 30 Jul 2018 10:30:30 -0700 Subject: [PATCH 04/43] Add tests for create token and create token Policies --- server/project/project.go | 17 ++++---- server/project/project_test.go | 73 ++++++++++++++++++++++++++++++---- 2 files changed, 76 insertions(+), 14 deletions(-) diff --git a/server/project/project.go b/server/project/project.go index c43598a0eef69..a4689a721db26 100644 --- a/server/project/project.go +++ b/server/project/project.go @@ -55,6 +55,8 @@ func (s *Server) CreateTokenPolicy(ctx context.Context, q *ProjectTokenPolicyCre s.projectLock.Lock(q.Project.Name) defer s.projectLock.Unlock(q.Project.Name) //TODO: add check for action to be allow or deny + //TODO: Confirm object is correct + object := q.Object if !strings.HasPrefix(object, q.Project.Name+"/") { object = fmt.Sprintf("%s/%s", q.Project.Name, object) @@ -62,16 +64,19 @@ func (s *Server) CreateTokenPolicy(ctx context.Context, q *ProjectTokenPolicyCre //p, role:readonly, applications, get, */* policy := fmt.Sprintf("p, proj:%s:%s, projects, %s, %s", q.Project.Name, q.Token, q.Action, object) + tokenNotFound := true for i, projectToken := range q.Project.Spec.Tokens { if projectToken.Name == q.Token { //TODO: Add check for confirming existing policy doesn't exist (what does this mean though?) q.Project.Spec.Tokens[i].Policies = append(q.Project.Spec.Tokens[i].Policies, policy) + tokenNotFound = false break } } - //TODO: Add exit if condition never turns true + if tokenNotFound { + return nil, status.Errorf(codes.NotFound, "'%s' token was not found in the project '%s'", q.Token, q.Project.Name) + } - //TODO: Autoupdate RBAC Enforcer _, err = s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Update(q.Project) if err != nil { return nil, err @@ -80,8 +85,6 @@ func (s *Server) CreateTokenPolicy(ctx context.Context, q *ProjectTokenPolicyCre } -// CreateToken TODO: Add logging -// CreateToken TODO: Confirm deleting and recreating token doesn't work with old token // CreateToken creates a new token to access a project func (s *Server) CreateToken(ctx context.Context, q *ProjectTokenCreateRequest) (*ProjectTokenResponse, error) { if !s.enf.EnforceClaims(ctx.Value("claims"), "projects", "update", q.Project.Name) { @@ -91,6 +94,7 @@ func (s *Server) CreateToken(ctx context.Context, q *ProjectTokenCreateRequest) if err != nil { return nil, err } + s.projectLock.Lock(q.Project.Name) defer s.projectLock.Unlock(q.Project.Name) //TODO: Verify inputs @@ -102,19 +106,18 @@ func (s *Server) CreateToken(ctx context.Context, q *ProjectTokenCreateRequest) } //TODO: Move string somewhere common roleName := fmt.Sprintf("proj:%s:%s", q.Project.Name, q.Token.Name) - //Protobufforces SecondsBeforeExpiry to be a int32 instead of an int. We are converting it to a regular int here. + //Protobuf forces SecondsBeforeExpiry to be a int32 instead of an int. We are converting it to a regular int here. jwtToken, err := s.sessionMgr.Create(roleName, int(q.SecondsBeforeExpiry)) if err != nil { return nil, err } - q.Token.CreatedAt = jwtToken.IssuedAt q.Project.Spec.Tokens = append(q.Project.Spec.Tokens, *q.Token) - _, err = s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Update(q.Project) if err != nil { return nil, err } + s.logEvent(q.Project, ctx, argo.EventReasonResourceCreated, "create token") return &ProjectTokenResponse{Token: jwtToken.Token}, nil } diff --git a/server/project/project_test.go b/server/project/project_test.go index c62d967686934..7e50421269fd3 100644 --- a/server/project/project_test.go +++ b/server/project/project_test.go @@ -2,6 +2,7 @@ package project import ( "context" + "fmt" "testing" "github.com/stretchr/testify/assert" @@ -15,11 +16,14 @@ import ( apps "github.com/argoproj/argo-cd/pkg/client/clientset/versioned/fake" "github.com/argoproj/argo-cd/test" "github.com/argoproj/argo-cd/util" + jwtUtil "github.com/argoproj/argo-cd/util/jwt" "github.com/argoproj/argo-cd/util/rbac" + "github.com/argoproj/argo-cd/util/session" + "github.com/argoproj/argo-cd/util/settings" ) func TestProjectServer(t *testing.T) { - enforcer := rbac.NewEnforcer(fake.NewSimpleClientset(), "default", common.ArgoCDRBACConfigMapName, nil) + enforcer := rbac.NewEnforcer(fake.NewSimpleClientset(), nil, "default", common.ArgoCDRBACConfigMapName, nil) enforcer.SetBuiltinPolicy(test.BuiltinPolicy) enforcer.SetDefaultRole("role:admin") existingProj := v1alpha1.AppProject{ @@ -39,7 +43,7 @@ func TestProjectServer(t *testing.T) { Spec: v1alpha1.ApplicationSpec{Project: "test", Destination: v1alpha1.ApplicationDestination{Namespace: "ns3", Server: "https://server3"}}, } - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj, &existingApp), enforcer, util.NewKeyLock()) + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj, &existingApp), enforcer, util.NewKeyLock(), nil) updatedProj := existingProj.DeepCopy() updatedProj.Spec.Destinations = updatedProj.Spec.Destinations[1:] @@ -55,7 +59,7 @@ func TestProjectServer(t *testing.T) { Spec: v1alpha1.ApplicationSpec{Project: "test", Destination: v1alpha1.ApplicationDestination{Namespace: "ns1", Server: "https://server1"}}, } - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj, &existingApp), enforcer, util.NewKeyLock()) + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj, &existingApp), enforcer, util.NewKeyLock(), nil) updatedProj := existingProj.DeepCopy() updatedProj.Spec.Destinations = updatedProj.Spec.Destinations[1:] @@ -72,7 +76,7 @@ func TestProjectServer(t *testing.T) { Spec: v1alpha1.ApplicationSpec{Project: "test"}, } - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj, &existingApp), enforcer, util.NewKeyLock()) + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj, &existingApp), enforcer, util.NewKeyLock(), nil) updatedProj := existingProj.DeepCopy() updatedProj.Spec.SourceRepos = []string{} @@ -88,7 +92,7 @@ func TestProjectServer(t *testing.T) { Spec: v1alpha1.ApplicationSpec{Project: "test", Source: v1alpha1.ApplicationSource{RepoURL: "https://github.com/argoproj/argo-cd.git"}}, } - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj, &existingApp), enforcer, util.NewKeyLock()) + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj, &existingApp), enforcer, util.NewKeyLock(), nil) updatedProj := existingProj.DeepCopy() updatedProj.Spec.SourceRepos = []string{} @@ -100,7 +104,7 @@ func TestProjectServer(t *testing.T) { }) t.Run("TestDeleteProjectSuccessful", func(t *testing.T) { - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj), enforcer, util.NewKeyLock()) + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj), enforcer, util.NewKeyLock(), nil) _, err := projectServer.Delete(context.Background(), &ProjectQuery{Name: "test"}) @@ -113,11 +117,66 @@ func TestProjectServer(t *testing.T) { Spec: v1alpha1.ApplicationSpec{Project: "test"}, } - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj, &existingApp), enforcer, util.NewKeyLock()) + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj, &existingApp), enforcer, util.NewKeyLock(), nil) _, err := projectServer.Delete(context.Background(), &ProjectQuery{Name: "test"}) assert.NotNil(t, err) assert.Equal(t, codes.InvalidArgument, grpc.Code(err)) }) + + t.Run("TestCreateTokenSuccesfully", func(t *testing.T) { + sessionMgr := session.NewSessionManager(&settings.ArgoCDSettings{}) + projWithoutToken := existingProj.DeepCopy() + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithoutToken), enforcer, util.NewKeyLock(), sessionMgr) + token := &v1alpha1.ProjectToken{Name: "test"} + tokenResponse, err := projectServer.CreateToken(context.Background(), &ProjectTokenCreateRequest{Project: projWithoutToken, Token: token}) + assert.Nil(t, err) + claims, err := sessionMgr.Parse(tokenResponse.Token) + assert.Nil(t, err) + + mapClaims, err := jwtUtil.MapClaims(claims) + subject, ok := mapClaims["sub"].(string) + assert.True(t, ok) + assert.Equal(t, "proj:test:test", subject) + assert.Nil(t, err) + }) + t.Run("TestCreateDuplicateTokenFailure", func(t *testing.T) { + sessionMgr := session.NewSessionManager(&settings.ArgoCDSettings{}) + projWithToken := existingProj.DeepCopy() + token := v1alpha1.ProjectToken{Name: "test"} + projWithToken.Spec.Tokens = append(projWithToken.Spec.Tokens, token) + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, util.NewKeyLock(), sessionMgr) + _, err := projectServer.CreateToken(context.Background(), &ProjectTokenCreateRequest{Project: projWithToken, Token: &token}) + assert.EqualError(t, err, "rpc error: code = AlreadyExists desc = 'test' token already exist for project 'test'") + }) + + t.Run("TestCreateTokenPolicySuccessfully", func(t *testing.T) { + action := "create" + object := "testObject" + permission := "allow" + projWithToken := existingProj.DeepCopy() + token := v1alpha1.ProjectToken{Name: "test"} + projWithToken.Spec.Tokens = append(projWithToken.Spec.Tokens, token) + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, util.NewKeyLock(), nil) + request := &ProjectTokenPolicyCreateRequest{Project: projWithToken, Token: token.Name, Action: action, Object: object, Permission: permission} + _, err := projectServer.CreateTokenPolicy(context.Background(), request) + assert.Nil(t, err) + t.Log(projWithToken.Spec.Tokens[0].Policies[0]) + expectedPolicy := fmt.Sprintf("p, proj:%s:%s, projects, %s, %s/%s", projWithToken.Name, token.Name, action, projWithToken.Name, object) + assert.Equal(t, projWithToken.Spec.Tokens[0].Policies[0], expectedPolicy) + }) + + t.Run("TestCreateTokenPolicyOnNonExistingTokenFailure", func(t *testing.T) { + action := "create" + object := "testObject" + permission := "allow" + + token := v1alpha1.ProjectToken{Name: "test"} + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj), enforcer, util.NewKeyLock(), nil) + request := &ProjectTokenPolicyCreateRequest{Project: &existingProj, Token: token.Name, Action: action, Object: object, Permission: permission} + _, err := projectServer.CreateTokenPolicy(context.Background(), request) + assert.EqualError(t, err, "rpc error: code = NotFound desc = 'test' token was not found in the project 'test'") + + }) } From 8de9f28cfcde55959cdedc09238bed7c3443ef15 Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Mon, 30 Jul 2018 16:38:56 -0700 Subject: [PATCH 05/43] Push all create token logic server side --- cmd/argocd/commands/project.go | 12 +-- server/project/project.go | 31 +++--- server/project/project.pb.go | 177 +++++++++++++++------------------ server/project/project.proto | 6 +- server/project/project_test.go | 9 +- server/swagger.json | 8 +- util/session/sessionmanager.go | 2 +- 7 files changed, 114 insertions(+), 131 deletions(-) diff --git a/cmd/argocd/commands/project.go b/cmd/argocd/commands/project.go index b438a72b74893..e4ce1191ac523 100644 --- a/cmd/argocd/commands/project.go +++ b/cmd/argocd/commands/project.go @@ -138,7 +138,7 @@ func NewProjectAddTokenPolicyCommand(clientOpts *argocdclient.ClientOptions) *co // NewProjectCreateTokenCommand returns a new instance of an `argocd proj token create` command func NewProjectCreateTokenCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { var ( - secondsBeforeExpiry int32 + secondsBeforeExpiry int64 ) var command = &cobra.Command{ Use: "create PROJECT TOKEN-NAME [--seconds seconds]", @@ -153,19 +153,15 @@ func NewProjectCreateTokenCommand(clientOpts *argocdclient.ClientOptions) *cobra conn, projIf := argocdclient.NewClientOrDie(clientOpts).NewProjectClientOrDie() defer util.Close(conn) - proj, err := projIf.Get(context.Background(), &project.ProjectQuery{Name: projName}) - errors.CheckError(err) - - token, err := projIf.CreateToken(context.Background(), &project.ProjectTokenCreateRequest{Project: proj, Token: &v1alpha1.ProjectToken{Name: tokenName}, SecondsBeforeExpiry: secondsBeforeExpiry}) + token, err := projIf.CreateToken(context.Background(), &project.ProjectTokenCreateRequest{Project: projName, Token: tokenName, SecondsBeforeExpiry: secondsBeforeExpiry}) errors.CheckError(err) w := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0) - //TODO: Clean up message and think about how it should formatted - fmt.Fprintf(w, "New token for %s-%s:'%s'", projName, tokenName, token) + fmt.Fprintf(w, "New token for %s-%s:\n'%s'\n", projName, tokenName, token) fmt.Fprintf(w, "Make sure to save token as it is not stored.") _ = w.Flush() }, } - command.Flags().Int32VarP(&secondsBeforeExpiry, "secondsBeforeExpiry", "s", defaultSecondsBeforeExpiry, "Number of seconds before the token will expire (Default: 3 months)") + command.Flags().Int64VarP(&secondsBeforeExpiry, "secondsBeforeExpiry", "s", defaultSecondsBeforeExpiry, "Number of seconds before the token will expire (Default: 3 months)") return command } diff --git a/server/project/project.go b/server/project/project.go index a4689a721db26..b27c6e43faccb 100644 --- a/server/project/project.go +++ b/server/project/project.go @@ -87,37 +87,40 @@ func (s *Server) CreateTokenPolicy(ctx context.Context, q *ProjectTokenPolicyCre // CreateToken creates a new token to access a project func (s *Server) CreateToken(ctx context.Context, q *ProjectTokenCreateRequest) (*ProjectTokenResponse, error) { - if !s.enf.EnforceClaims(ctx.Value("claims"), "projects", "update", q.Project.Name) { + if !s.enf.EnforceClaims(ctx.Value("claims"), "projects", "update", q.Project) { return nil, grpc.ErrPermissionDenied } - err := validateProject(q.Project) + project, err := s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Get(q.Project, metav1.GetOptions{}) + if err != nil { + return nil, err + } + err = validateProject(project) if err != nil { return nil, err } - s.projectLock.Lock(q.Project.Name) - defer s.projectLock.Unlock(q.Project.Name) + s.projectLock.Lock(q.Project) + defer s.projectLock.Unlock(q.Project) //TODO: Verify inputs - for _, projectToken := range q.Project.Spec.Tokens { - if projectToken.Name == q.Token.Name { - return nil, status.Errorf(codes.AlreadyExists, "'%s' token already exist for project '%s'", q.Token.Name, q.Project.Name) + for _, projectToken := range project.Spec.Tokens { + if projectToken.Name == q.Token { + return nil, status.Errorf(codes.AlreadyExists, "'%s' token already exist for project '%s'", q.Token, q.Project) } } //TODO: Move string somewhere common - roleName := fmt.Sprintf("proj:%s:%s", q.Project.Name, q.Token.Name) - //Protobuf forces SecondsBeforeExpiry to be a int32 instead of an int. We are converting it to a regular int here. - jwtToken, err := s.sessionMgr.Create(roleName, int(q.SecondsBeforeExpiry)) + roleName := fmt.Sprintf("proj:%s:%s", q.Project, q.Token) + jwtToken, err := s.sessionMgr.Create(roleName, q.SecondsBeforeExpiry) if err != nil { return nil, err } - q.Token.CreatedAt = jwtToken.IssuedAt - q.Project.Spec.Tokens = append(q.Project.Spec.Tokens, *q.Token) - _, err = s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Update(q.Project) + token := v1alpha1.ProjectToken{Name: q.Token, CreatedAt: jwtToken.IssuedAt} + project.Spec.Tokens = append(project.Spec.Tokens, token) + _, err = s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Update(project) if err != nil { return nil, err } - s.logEvent(q.Project, ctx, argo.EventReasonResourceCreated, "create token") + s.logEvent(project, ctx, argo.EventReasonResourceCreated, "create token") return &ProjectTokenResponse{Token: jwtToken.Token}, nil } diff --git a/server/project/project.pb.go b/server/project/project.pb.go index 0687f2ab6ca72..9c287ddd76a8a 100644 --- a/server/project/project.pb.go +++ b/server/project/project.pb.go @@ -67,9 +67,9 @@ func (m *ProjectCreateRequest) GetProject() *github_com_argoproj_argo_cd_pkg_api // ProjectTokenCreateRequest defines project token creation parameters. type ProjectTokenCreateRequest struct { - Project *github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.AppProject `protobuf:"bytes,1,opt,name=project" json:"project,omitempty"` - Token *github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.ProjectToken `protobuf:"bytes,2,opt,name=token" json:"token,omitempty"` - SecondsBeforeExpiry int32 `protobuf:"varint,3,opt,name=secondsBeforeExpiry,proto3" json:"secondsBeforeExpiry,omitempty"` + Project string `protobuf:"bytes,1,opt,name=project,proto3" json:"project,omitempty"` + Token string `protobuf:"bytes,2,opt,name=token,proto3" json:"token,omitempty"` + SecondsBeforeExpiry int64 `protobuf:"varint,3,opt,name=secondsBeforeExpiry,proto3" json:"secondsBeforeExpiry,omitempty"` } func (m *ProjectTokenCreateRequest) Reset() { *m = ProjectTokenCreateRequest{} } @@ -77,21 +77,21 @@ func (m *ProjectTokenCreateRequest) String() string { return proto.Co func (*ProjectTokenCreateRequest) ProtoMessage() {} func (*ProjectTokenCreateRequest) Descriptor() ([]byte, []int) { return fileDescriptorProject, []int{1} } -func (m *ProjectTokenCreateRequest) GetProject() *github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.AppProject { +func (m *ProjectTokenCreateRequest) GetProject() string { if m != nil { return m.Project } - return nil + return "" } -func (m *ProjectTokenCreateRequest) GetToken() *github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.ProjectToken { +func (m *ProjectTokenCreateRequest) GetToken() string { if m != nil { return m.Token } - return nil + return "" } -func (m *ProjectTokenCreateRequest) GetSecondsBeforeExpiry() int32 { +func (m *ProjectTokenCreateRequest) GetSecondsBeforeExpiry() int64 { if m != nil { return m.SecondsBeforeExpiry } @@ -591,25 +591,17 @@ func (m *ProjectTokenCreateRequest) MarshalTo(dAtA []byte) (int, error) { _ = i var l int _ = l - if m.Project != nil { + if len(m.Project) > 0 { dAtA[i] = 0xa i++ - i = encodeVarintProject(dAtA, i, uint64(m.Project.Size())) - n2, err := m.Project.MarshalTo(dAtA[i:]) - if err != nil { - return 0, err - } - i += n2 + i = encodeVarintProject(dAtA, i, uint64(len(m.Project))) + i += copy(dAtA[i:], m.Project) } - if m.Token != nil { + if len(m.Token) > 0 { dAtA[i] = 0x12 i++ - i = encodeVarintProject(dAtA, i, uint64(m.Token.Size())) - n3, err := m.Token.MarshalTo(dAtA[i:]) - if err != nil { - return 0, err - } - i += n3 + i = encodeVarintProject(dAtA, i, uint64(len(m.Token))) + i += copy(dAtA[i:], m.Token) } if m.SecondsBeforeExpiry != 0 { dAtA[i] = 0x18 @@ -638,11 +630,11 @@ func (m *ProjectTokenPolicyCreateRequest) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0xa i++ i = encodeVarintProject(dAtA, i, uint64(m.Project.Size())) - n4, err := m.Project.MarshalTo(dAtA[i:]) + n2, err := m.Project.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n4 + i += n2 } if len(m.Token) > 0 { dAtA[i] = 0x12 @@ -756,11 +748,11 @@ func (m *ProjectUpdateRequest) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0xa i++ i = encodeVarintProject(dAtA, i, uint64(m.Project.Size())) - n5, err := m.Project.MarshalTo(dAtA[i:]) + n3, err := m.Project.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n5 + i += n3 } return i, nil } @@ -805,12 +797,12 @@ func (m *ProjectCreateRequest) Size() (n int) { func (m *ProjectTokenCreateRequest) Size() (n int) { var l int _ = l - if m.Project != nil { - l = m.Project.Size() + l = len(m.Project) + if l > 0 { n += 1 + l + sovProject(uint64(l)) } - if m.Token != nil { - l = m.Token.Size() + l = len(m.Token) + if l > 0 { n += 1 + l + sovProject(uint64(l)) } if m.SecondsBeforeExpiry != 0 { @@ -1016,7 +1008,7 @@ func (m *ProjectTokenCreateRequest) Unmarshal(dAtA []byte) error { if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field Project", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowProject @@ -1026,30 +1018,26 @@ func (m *ProjectTokenCreateRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= (int(b) & 0x7F) << shift + stringLen |= (uint64(b) & 0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthProject } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex > l { return io.ErrUnexpectedEOF } - if m.Project == nil { - m.Project = &github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.AppProject{} - } - if err := m.Project.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.Project = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field Token", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowProject @@ -1059,24 +1047,20 @@ func (m *ProjectTokenCreateRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= (int(b) & 0x7F) << shift + stringLen |= (uint64(b) & 0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthProject } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex > l { return io.ErrUnexpectedEOF } - if m.Token == nil { - m.Token = &github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.ProjectToken{} - } - if err := m.Token.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.Token = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 3: if wireType != 0 { @@ -1092,7 +1076,7 @@ func (m *ProjectTokenCreateRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.SecondsBeforeExpiry |= (int32(b) & 0x7F) << shift + m.SecondsBeforeExpiry |= (int64(b) & 0x7F) << shift if b < 0x80 { break } @@ -1766,51 +1750,50 @@ var ( func init() { proto.RegisterFile("server/project/project.proto", fileDescriptorProject) } var fileDescriptorProject = []byte{ - // 721 bytes of a gzipped FileDescriptorProto + // 710 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x56, 0xcb, 0x6e, 0x13, 0x3d, - 0x14, 0x96, 0x7b, 0xc9, 0xff, 0xd7, 0xfd, 0x7f, 0x2e, 0xa6, 0x2d, 0x69, 0xda, 0xa6, 0xc1, 0x0b, - 0x14, 0x2a, 0xea, 0x21, 0x2d, 0x8b, 0x8a, 0x1d, 0x85, 0xa8, 0xaa, 0xc4, 0xa2, 0x04, 0x90, 0x10, - 0x12, 0xaa, 0xdc, 0xc9, 0x61, 0x3a, 0x4d, 0x32, 0x36, 0xb6, 0x1b, 0x88, 0x10, 0x9b, 0x8a, 0x1d, - 0x62, 0x03, 0x2f, 0x80, 0xc4, 0xcb, 0xb0, 0x44, 0xe2, 0x05, 0x50, 0xc5, 0x82, 0xc7, 0x40, 0xf6, - 0xcc, 0x34, 0x93, 0x26, 0x01, 0x24, 0xa2, 0xae, 0xe2, 0x39, 0x97, 0xef, 0xfb, 0xce, 0x39, 0xbe, - 0x04, 0x2f, 0x6a, 0x50, 0x6d, 0x50, 0x9e, 0x54, 0xe2, 0x00, 0x7c, 0x93, 0xfe, 0x32, 0xa9, 0x84, - 0x11, 0xe4, 0x9f, 0xe4, 0xb3, 0x30, 0x13, 0x88, 0x40, 0x38, 0x9b, 0x67, 0x57, 0xb1, 0xbb, 0xb0, - 0x18, 0x08, 0x11, 0x34, 0xc1, 0xe3, 0x32, 0xf4, 0x78, 0x14, 0x09, 0xc3, 0x4d, 0x28, 0x22, 0x9d, - 0x78, 0x69, 0x63, 0x43, 0xb3, 0x50, 0x38, 0xaf, 0x2f, 0x14, 0x78, 0xed, 0x8a, 0x17, 0x40, 0x04, - 0x8a, 0x1b, 0xa8, 0x27, 0x31, 0x37, 0xbb, 0x31, 0x2d, 0xee, 0xef, 0x87, 0x11, 0xa8, 0x8e, 0x27, - 0x1b, 0x81, 0x35, 0x68, 0xaf, 0x05, 0x86, 0x0f, 0xca, 0xda, 0x0e, 0x42, 0xb3, 0x7f, 0xb8, 0xc7, - 0x7c, 0xd1, 0xf2, 0xb8, 0x72, 0xc2, 0x0e, 0xdc, 0x62, 0xd5, 0xaf, 0x77, 0xb3, 0xb9, 0x94, 0xcd, - 0xd0, 0x77, 0x92, 0xbc, 0x76, 0x85, 0x37, 0xe5, 0x3e, 0xef, 0x83, 0xa2, 0x2f, 0xf0, 0xcc, 0x4e, - 0x5c, 0xe3, 0x1d, 0x05, 0xdc, 0x40, 0x0d, 0x9e, 0x1f, 0x82, 0x36, 0x64, 0x17, 0xa7, 0xb5, 0xe7, - 0x51, 0x09, 0x95, 0xa7, 0xd7, 0xaa, 0xac, 0x4b, 0xca, 0x52, 0x52, 0xb7, 0xd8, 0xf5, 0xeb, 0x4c, - 0x36, 0x02, 0x66, 0x49, 0x59, 0x86, 0x94, 0xa5, 0xa4, 0xec, 0xb6, 0x94, 0x09, 0x49, 0x2d, 0x45, - 0xa5, 0xef, 0xc6, 0xf0, 0x7c, 0x62, 0x7c, 0x28, 0x1a, 0x10, 0x9d, 0x2d, 0x3d, 0x79, 0x8a, 0x27, - 0x8d, 0xa5, 0xcd, 0x8f, 0x39, 0xf8, 0xad, 0xbf, 0x80, 0xcf, 0x56, 0x51, 0x8b, 0x51, 0xc9, 0x0d, - 0x7c, 0x49, 0x83, 0x2f, 0xa2, 0xba, 0xde, 0x84, 0x67, 0x42, 0x41, 0xf5, 0xa5, 0x0c, 0x55, 0x27, - 0x3f, 0x5e, 0x42, 0xe5, 0xc9, 0xda, 0x20, 0x17, 0xfd, 0x81, 0xf0, 0x72, 0x16, 0x69, 0x47, 0x34, - 0x43, 0xbf, 0x73, 0xc6, 0x5d, 0x99, 0xc9, 0x76, 0x65, 0x2a, 0x2d, 0x66, 0x0e, 0xe7, 0xb8, 0x6f, - 0x93, 0x9d, 0xfe, 0xa9, 0x5a, 0xf2, 0x45, 0x8a, 0x18, 0x4b, 0x50, 0xad, 0x50, 0x6b, 0xeb, 0x9b, - 0x70, 0xbe, 0x8c, 0xc5, 0xe6, 0x89, 0x3d, 0xa7, 0x76, 0x32, 0xce, 0x8b, 0xbf, 0x28, 0xc5, 0xa5, - 0xe1, 0x95, 0x6a, 0x29, 0x22, 0x0d, 0xf4, 0xfa, 0xc9, 0xbe, 0x8c, 0xfb, 0x9a, 0xd8, 0xbb, 0x0a, - 0x51, 0x46, 0x21, 0xa5, 0xf8, 0xbf, 0x24, 0xfa, 0xfe, 0x21, 0xa8, 0x0e, 0x21, 0x78, 0x22, 0xe2, - 0x2d, 0x48, 0x82, 0xdc, 0x3a, 0xb3, 0xd3, 0x1f, 0xc9, 0xfa, 0x59, 0xee, 0xf4, 0xf3, 0xf8, 0xff, - 0x6a, 0x4b, 0x9a, 0x4e, 0x5a, 0xc3, 0xda, 0xc7, 0x7f, 0xf1, 0xb9, 0x24, 0xea, 0x01, 0xa8, 0x76, - 0xe8, 0x03, 0x79, 0x8f, 0xf0, 0xc5, 0xb8, 0x03, 0x99, 0x96, 0x90, 0x32, 0x4b, 0xaf, 0xa3, 0xdf, - 0xec, 0x8c, 0xc2, 0xb5, 0x3f, 0x88, 0x4c, 0x3a, 0x5b, 0x3e, 0xfa, 0xfa, 0xfd, 0xc3, 0x18, 0xa5, - 0x4b, 0xee, 0x62, 0x6a, 0x57, 0xd2, 0x2b, 0x4f, 0x7b, 0xae, 0x97, 0x9e, 0x74, 0x49, 0xb7, 0xd0, - 0x0a, 0xd1, 0x78, 0x3a, 0xa3, 0x89, 0xd0, 0x81, 0x1c, 0xbd, 0x3a, 0x96, 0x06, 0xc6, 0x9c, 0x70, - 0x5f, 0x71, 0xdc, 0x0b, 0x74, 0x6e, 0x30, 0xb7, 0x25, 0x7d, 0x8b, 0x70, 0x2e, 0xc6, 0x24, 0x7d, - 0x60, 0xbd, 0x5c, 0xa3, 0x99, 0x13, 0x5d, 0x70, 0x9a, 0x66, 0xe9, 0x85, 0xd3, 0x9a, 0xac, 0x9a, - 0x23, 0x84, 0x27, 0xee, 0x85, 0xda, 0x90, 0xd9, 0xd3, 0x5a, 0xdc, 0x46, 0x2b, 0x6c, 0x8f, 0x44, - 0x83, 0x65, 0xa0, 0x79, 0xa7, 0x83, 0x90, 0x3e, 0x1d, 0xe4, 0x0d, 0xc2, 0xe3, 0x5b, 0x30, 0x54, - 0xc3, 0x88, 0xfa, 0xb0, 0xec, 0xf8, 0xe7, 0xc9, 0xe5, 0xbe, 0xd9, 0xbc, 0xb2, 0xe7, 0xe7, 0x35, - 0xf9, 0x84, 0x70, 0x2e, 0x3e, 0x3a, 0xfd, 0x93, 0xe9, 0x39, 0x52, 0xa3, 0x52, 0xb4, 0xee, 0x14, - 0xad, 0x16, 0xca, 0xfd, 0x8a, 0x52, 0x7a, 0xfb, 0x42, 0xd6, 0xb9, 0xe1, 0xcc, 0x49, 0xb4, 0x13, - 0x7b, 0x8c, 0x73, 0x77, 0xa1, 0x09, 0x06, 0x86, 0xb5, 0x6b, 0xee, 0xc4, 0xdc, 0x73, 0x2a, 0xd3, - 0xfa, 0x57, 0x86, 0xd6, 0x7f, 0x80, 0xb1, 0x1d, 0x54, 0xb5, 0x0d, 0x91, 0xd1, 0xc3, 0xd0, 0x97, - 0x58, 0xfc, 0xa2, 0xdb, 0x0a, 0x99, 0x7d, 0xf5, 0x59, 0xbb, 0xc2, 0x5c, 0x8a, 0x1b, 0xf2, 0x55, - 0x47, 0x52, 0x22, 0xc5, 0x21, 0x24, 0x1e, 0x38, 0xf4, 0xcd, 0x8d, 0xcf, 0xc7, 0x45, 0xf4, 0xe5, - 0xb8, 0x88, 0xbe, 0x1d, 0x17, 0xd1, 0x93, 0x95, 0x5f, 0xbd, 0xf7, 0xbd, 0x7f, 0x60, 0xf6, 0x72, - 0xee, 0x5d, 0x5f, 0xff, 0x19, 0x00, 0x00, 0xff, 0xff, 0x57, 0x53, 0xb6, 0xf5, 0xd9, 0x08, 0x00, - 0x00, + 0x14, 0x96, 0x7b, 0xc9, 0xff, 0xd7, 0xe5, 0x6a, 0xda, 0x92, 0xa6, 0x6d, 0x1a, 0xbc, 0x40, 0xa1, + 0xa2, 0x1e, 0xd2, 0xb2, 0xa8, 0xd8, 0x51, 0x88, 0x50, 0x25, 0x16, 0x25, 0x80, 0x84, 0xd8, 0x54, + 0xee, 0xe4, 0x30, 0x9d, 0x26, 0x19, 0x1b, 0xdb, 0x0d, 0x44, 0xa8, 0x9b, 0x8a, 0x1d, 0x3b, 0x78, + 0x01, 0x24, 0x5e, 0x86, 0x25, 0x12, 0x2f, 0x80, 0x2a, 0x16, 0x3c, 0x06, 0xb2, 0x67, 0x26, 0x97, + 0x26, 0x03, 0x2c, 0xa2, 0xae, 0x62, 0x9f, 0xdb, 0xf7, 0x9d, 0x73, 0x7c, 0xe6, 0x04, 0x2f, 0x6b, + 0x50, 0x6d, 0x50, 0x9e, 0x54, 0xe2, 0x10, 0x7c, 0x93, 0xfe, 0x32, 0xa9, 0x84, 0x11, 0xe4, 0xbf, + 0xe4, 0x5a, 0x98, 0x0b, 0x44, 0x20, 0x9c, 0xcc, 0xb3, 0xa7, 0x58, 0x5d, 0x58, 0x0e, 0x84, 0x08, + 0x9a, 0xe0, 0x71, 0x19, 0x7a, 0x3c, 0x8a, 0x84, 0xe1, 0x26, 0x14, 0x91, 0x4e, 0xb4, 0xb4, 0xb1, + 0xa5, 0x59, 0x28, 0x9c, 0xd6, 0x17, 0x0a, 0xbc, 0x76, 0xc5, 0x0b, 0x20, 0x02, 0xc5, 0x0d, 0xd4, + 0x13, 0x9b, 0xbb, 0x3d, 0x9b, 0x16, 0xf7, 0x0f, 0xc2, 0x08, 0x54, 0xc7, 0x93, 0x8d, 0xc0, 0x0a, + 0xb4, 0xd7, 0x02, 0xc3, 0x47, 0x79, 0xed, 0x04, 0xa1, 0x39, 0x38, 0xda, 0x67, 0xbe, 0x68, 0x79, + 0x5c, 0x39, 0x62, 0x87, 0xee, 0xb0, 0xee, 0xd7, 0x7b, 0xde, 0x5c, 0xca, 0x66, 0xe8, 0x3b, 0x4a, + 0x5e, 0xbb, 0xc2, 0x9b, 0xf2, 0x80, 0x0f, 0x85, 0xa2, 0x6f, 0xf0, 0xdc, 0x6e, 0x9c, 0xe3, 0x03, + 0x05, 0xdc, 0x40, 0x0d, 0x5e, 0x1f, 0x81, 0x36, 0x64, 0x0f, 0xa7, 0xb9, 0xe7, 0x51, 0x09, 0x95, + 0x67, 0x37, 0xaa, 0xac, 0x07, 0xca, 0x52, 0x50, 0x77, 0xd8, 0xf3, 0xeb, 0x4c, 0x36, 0x02, 0x66, + 0x41, 0x59, 0x1f, 0x28, 0x4b, 0x41, 0xd9, 0x7d, 0x29, 0x13, 0x90, 0x5a, 0x1a, 0x95, 0x1e, 0xe3, + 0xc5, 0x44, 0xf6, 0x4c, 0x34, 0x20, 0x1a, 0x44, 0xcf, 0x0f, 0xa2, 0xcf, 0x74, 0xdd, 0xc8, 0x1c, + 0x9e, 0x36, 0xd6, 0x3e, 0x3f, 0xe1, 0xe4, 0xf1, 0x85, 0xdc, 0xc1, 0xd7, 0x34, 0xf8, 0x22, 0xaa, + 0xeb, 0x6d, 0x78, 0x25, 0x14, 0x54, 0xdf, 0xca, 0x50, 0x75, 0xf2, 0x93, 0x25, 0x54, 0x9e, 0xac, + 0x8d, 0x52, 0xd1, 0x5f, 0x08, 0xaf, 0xf6, 0xe3, 0xef, 0x8a, 0x66, 0xe8, 0x77, 0xce, 0xb7, 0x06, + 0x19, 0xc9, 0x2c, 0xe0, 0x1c, 0xf7, 0xad, 0xb3, 0xe3, 0x3f, 0x53, 0x4b, 0x6e, 0xa4, 0x88, 0xb1, + 0x04, 0xd5, 0x0a, 0xb5, 0xb6, 0xba, 0x29, 0xa7, 0xeb, 0x93, 0x58, 0x3f, 0xb1, 0xef, 0xd8, 0x4e, + 0xc7, 0x7e, 0xf1, 0x8d, 0x52, 0x5c, 0xca, 0xce, 0x54, 0x4b, 0x11, 0x69, 0xa0, 0xb7, 0xbb, 0xcf, + 0xc0, 0xd9, 0xa4, 0xf2, 0x1e, 0x43, 0xd4, 0xc7, 0x90, 0x52, 0x7c, 0x21, 0xb1, 0x7e, 0x72, 0x04, + 0xaa, 0x43, 0x08, 0x9e, 0x8a, 0x78, 0x0b, 0x12, 0x23, 0x77, 0xee, 0x7b, 0x58, 0xcf, 0x65, 0xfd, + 0x3c, 0x1f, 0xd6, 0x65, 0x7c, 0xb1, 0xda, 0x92, 0xa6, 0x93, 0xe6, 0xb0, 0xf1, 0xf9, 0x7f, 0x7c, + 0x29, 0xb1, 0x7a, 0x0a, 0xaa, 0x1d, 0xfa, 0x40, 0x3e, 0x22, 0x7c, 0x35, 0xae, 0x40, 0x5f, 0x49, + 0x48, 0x99, 0xa5, 0xd3, 0xff, 0x97, 0x97, 0x51, 0xb8, 0xf5, 0x0f, 0x96, 0x49, 0x65, 0xcb, 0x27, + 0xdf, 0x7f, 0x7e, 0x9a, 0xa0, 0x74, 0xc5, 0x7d, 0x07, 0xda, 0x95, 0xf4, 0x0b, 0xa3, 0x3d, 0x57, + 0x4b, 0x4f, 0x3a, 0xa7, 0x7b, 0x68, 0x8d, 0x68, 0x3c, 0xdb, 0xc7, 0x89, 0xd0, 0x91, 0x18, 0x83, + 0x3c, 0x56, 0x46, 0xda, 0x74, 0xb1, 0x6f, 0x38, 0xec, 0x25, 0xba, 0x30, 0x1a, 0xdb, 0x82, 0x7e, + 0x40, 0x38, 0x17, 0xc7, 0x24, 0x43, 0xc1, 0x06, 0xb1, 0xc6, 0xd3, 0x27, 0xba, 0xe4, 0x38, 0xcd, + 0xd3, 0x2b, 0x67, 0x39, 0x59, 0x36, 0x27, 0x08, 0x4f, 0x3d, 0x0e, 0xb5, 0x21, 0xf3, 0x67, 0xb9, + 0xb8, 0x87, 0x56, 0xd8, 0x19, 0x0b, 0x07, 0x8b, 0x40, 0xf3, 0x8e, 0x07, 0x21, 0x43, 0x3c, 0xc8, + 0x7b, 0x84, 0x27, 0x1f, 0x41, 0x26, 0x87, 0x31, 0xd5, 0x61, 0xd5, 0xe1, 0x2f, 0x92, 0xeb, 0x43, + 0xbd, 0x79, 0x67, 0xe7, 0xe7, 0x98, 0x7c, 0x41, 0x38, 0x17, 0x8f, 0xce, 0x70, 0x67, 0x06, 0x46, + 0x6a, 0x5c, 0x8c, 0x36, 0x1d, 0xa3, 0xf5, 0x42, 0x79, 0x98, 0x51, 0x0a, 0x6f, 0x17, 0x52, 0x9d, + 0x1b, 0xce, 0x1c, 0x45, 0xdb, 0xb1, 0x17, 0x38, 0xf7, 0x10, 0x9a, 0x60, 0x20, 0xab, 0x5c, 0x0b, + 0x5d, 0xf1, 0xc0, 0x54, 0xa6, 0xf9, 0xaf, 0x65, 0xe6, 0x7f, 0x88, 0xb1, 0x6d, 0x54, 0xb5, 0x0d, + 0x91, 0xd1, 0x59, 0xd1, 0x57, 0x58, 0xbc, 0x40, 0x6d, 0x86, 0xcc, 0x2e, 0x59, 0xd6, 0xae, 0x30, + 0xe7, 0xe2, 0x9a, 0x7c, 0xd3, 0x81, 0x94, 0x48, 0x31, 0x03, 0xc4, 0x03, 0x17, 0x7d, 0x7b, 0xeb, + 0xeb, 0x69, 0x11, 0x7d, 0x3b, 0x2d, 0xa2, 0x1f, 0xa7, 0x45, 0xf4, 0x72, 0xed, 0x4f, 0xeb, 0x75, + 0xf0, 0xff, 0xc2, 0x7e, 0xce, 0xad, 0xd1, 0xcd, 0xdf, 0x01, 0x00, 0x00, 0xff, 0xff, 0xf7, 0x76, + 0xe8, 0x90, 0x48, 0x08, 0x00, 0x00, } diff --git a/server/project/project.proto b/server/project/project.proto index ab714aa4a95db..4c7d2df5a93da 100644 --- a/server/project/project.proto +++ b/server/project/project.proto @@ -20,9 +20,9 @@ message ProjectCreateRequest { // ProjectTokenCreateRequest defines project token creation parameters. message ProjectTokenCreateRequest { - github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.AppProject project = 1; - github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.ProjectToken token = 2; - int32 secondsBeforeExpiry = 3; + string project = 1; + string token = 2; + int64 secondsBeforeExpiry = 3; } message ProjectTokenPolicyCreateRequest { diff --git a/server/project/project_test.go b/server/project/project_test.go index 7e50421269fd3..96003a84d41e1 100644 --- a/server/project/project_test.go +++ b/server/project/project_test.go @@ -129,8 +129,8 @@ func TestProjectServer(t *testing.T) { sessionMgr := session.NewSessionManager(&settings.ArgoCDSettings{}) projWithoutToken := existingProj.DeepCopy() projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithoutToken), enforcer, util.NewKeyLock(), sessionMgr) - token := &v1alpha1.ProjectToken{Name: "test"} - tokenResponse, err := projectServer.CreateToken(context.Background(), &ProjectTokenCreateRequest{Project: projWithoutToken, Token: token}) + tokenName := "test" + tokenResponse, err := projectServer.CreateToken(context.Background(), &ProjectTokenCreateRequest{Project: projWithoutToken.Name, Token: tokenName, SecondsBeforeExpiry: 1}) assert.Nil(t, err) claims, err := sessionMgr.Parse(tokenResponse.Token) assert.Nil(t, err) @@ -144,10 +144,11 @@ func TestProjectServer(t *testing.T) { t.Run("TestCreateDuplicateTokenFailure", func(t *testing.T) { sessionMgr := session.NewSessionManager(&settings.ArgoCDSettings{}) projWithToken := existingProj.DeepCopy() - token := v1alpha1.ProjectToken{Name: "test"} + tokenName := "test" + token := v1alpha1.ProjectToken{Name: tokenName} projWithToken.Spec.Tokens = append(projWithToken.Spec.Tokens, token) projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, util.NewKeyLock(), sessionMgr) - _, err := projectServer.CreateToken(context.Background(), &ProjectTokenCreateRequest{Project: projWithToken, Token: &token}) + _, err := projectServer.CreateToken(context.Background(), &ProjectTokenCreateRequest{Project: projWithToken.Name, Token: tokenName}) assert.EqualError(t, err, "rpc error: code = AlreadyExists desc = 'test' token already exist for project 'test'") }) diff --git a/server/swagger.json b/server/swagger.json index 4be99e0d31042..3b5974a7a3cf9 100644 --- a/server/swagger.json +++ b/server/swagger.json @@ -1394,14 +1394,14 @@ "type": "object", "properties": { "project": { - "$ref": "#/definitions/v1alpha1AppProject" + "type": "string" }, "secondsBeforeExpiry": { - "type": "integer", - "format": "int32" + "type": "string", + "format": "int64" }, "token": { - "$ref": "#/definitions/v1alpha1ProjectToken" + "type": "string" } } }, diff --git a/util/session/sessionmanager.go b/util/session/sessionmanager.go index 594a6bcd0b160..75acdcedae7b7 100644 --- a/util/session/sessionmanager.go +++ b/util/session/sessionmanager.go @@ -78,7 +78,7 @@ func NewSessionManager(settings *settings.ArgoCDSettings) *SessionManager { // Create creates a new token for a given subject (user) and returns it as a string. // Passing a value of `0` for secondsBeforeExpiry creates a token that never expires. -func (mgr *SessionManager) Create(subject string, secondsBeforeExpiry int) (*JwtToken, error) { +func (mgr *SessionManager) Create(subject string, secondsBeforeExpiry int64) (*JwtToken, error) { // Create a new token object, specifying signing method and the claims // you would like it to contain. now := time.Now().UTC() From b77b7455d3d450239e6d97fb69ed596fbad9a414 Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Wed, 1 Aug 2018 10:36:16 -0700 Subject: [PATCH 06/43] Refactor create policy token to use update endpoint --- cmd/argocd/commands/project.go | 13 +- pkg/apis/application/v1alpha1/types.go | 11 + server/project/project.go | 45 -- server/project/project.pb.go | 550 +++---------------------- server/project/project.pb.gw.go | 46 --- server/project/project.proto | 21 - server/project/project_test.go | 27 +- server/swagger.json | 50 --- 8 files changed, 77 insertions(+), 686 deletions(-) diff --git a/cmd/argocd/commands/project.go b/cmd/argocd/commands/project.go index e4ce1191ac523..0c121ad69244a 100644 --- a/cmd/argocd/commands/project.go +++ b/cmd/argocd/commands/project.go @@ -124,10 +124,17 @@ func NewProjectAddTokenPolicyCommand(clientOpts *argocdclient.ClientOptions) *co proj, err := projIf.Get(context.Background(), &project.ProjectQuery{Name: projName}) errors.CheckError(err) - //TODO: Check if this project has token + tokenIndex, err := proj.GetTokenIndex(tokenName) + if err != nil { + log.Fatal(err) + } + token := proj.Spec.Tokens[tokenIndex] + + policyTemplate := "p, proj:%s:%s, projects, %s, %s/%s" + policy := fmt.Sprintf(policyTemplate, proj.Name, token.Name, opts.action, proj.Name, opts.object) + proj.Spec.Tokens[tokenIndex].Policies = append(token.Policies, policy) - //TODO: Change to input an array of policies instead of just one? - _, err = projIf.CreateTokenPolicy(context.Background(), &project.ProjectTokenPolicyCreateRequest{Project: proj, Token: tokenName, Action: opts.action, Permission: opts.permission, Object: opts.object}) + _, err = projIf.Update(context.Background(), &project.ProjectUpdateRequest{Project: proj}) errors.CheckError(err) }, } diff --git a/pkg/apis/application/v1alpha1/types.go b/pkg/apis/application/v1alpha1/types.go index a1c2363dbae6d..ba5ec37653448 100644 --- a/pkg/apis/application/v1alpha1/types.go +++ b/pkg/apis/application/v1alpha1/types.go @@ -2,6 +2,7 @@ package v1alpha1 import ( "encoding/json" + "fmt" "reflect" "strings" @@ -466,6 +467,16 @@ type AppProjectSpec struct { Tokens []ProjectToken `protobuf:"bytes,4,rep,name=tokens"` } +// GetTokenIndex returns the index into the tokens array of that name if that token exists +func (proj *AppProject) GetTokenIndex(name string) (int, error) { + for i, token := range proj.Spec.Tokens { + if name == token.Name { + return i, nil + } + } + return -1, fmt.Errorf("token '%s' does not exist in project '%s'", name, proj.Name) +} + // ProjectToken TODO: Check if everything should be capitalized // ProjectToken contains metadata of a token for a project type ProjectToken struct { diff --git a/server/project/project.go b/server/project/project.go index b27c6e43faccb..a2a0187cbce83 100644 --- a/server/project/project.go +++ b/server/project/project.go @@ -40,51 +40,6 @@ func NewServer(ns string, kubeclientset kubernetes.Interface, appclientset appcl return &Server{enf: enf, appclientset: appclientset, kubeclientset: kubeclientset, ns: ns, projectLock: projectLock, auditLogger: auditLogger, sessionMgr: sessionMgr} } -// CreateTokenPolicy creates a new policy for a specifc project token -func (s *Server) CreateTokenPolicy(ctx context.Context, q *ProjectTokenPolicyCreateRequest) (*ProjectTokenPolicyCreateResponse, error) { - //TODO: Grab the project here instead of the CLI. Do this everywhere else too - if !s.enf.EnforceClaims(ctx.Value("claims"), "projects", "update", q.Project.Name) { - return nil, grpc.ErrPermissionDenied - } - //TODO: Verify inputs (i.e. verify project has token) (i.e. / is prepended ) - err := validateProject(q.Project) - if err != nil { - return nil, err - } - //TODO: Confirm lock shouldn't be just before update - s.projectLock.Lock(q.Project.Name) - defer s.projectLock.Unlock(q.Project.Name) - //TODO: add check for action to be allow or deny - //TODO: Confirm object is correct - - object := q.Object - if !strings.HasPrefix(object, q.Project.Name+"/") { - object = fmt.Sprintf("%s/%s", q.Project.Name, object) - } - //p, role:readonly, applications, get, */* - policy := fmt.Sprintf("p, proj:%s:%s, projects, %s, %s", q.Project.Name, q.Token, q.Action, object) - - tokenNotFound := true - for i, projectToken := range q.Project.Spec.Tokens { - if projectToken.Name == q.Token { - //TODO: Add check for confirming existing policy doesn't exist (what does this mean though?) - q.Project.Spec.Tokens[i].Policies = append(q.Project.Spec.Tokens[i].Policies, policy) - tokenNotFound = false - break - } - } - if tokenNotFound { - return nil, status.Errorf(codes.NotFound, "'%s' token was not found in the project '%s'", q.Token, q.Project.Name) - } - - _, err = s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Update(q.Project) - if err != nil { - return nil, err - } - return &ProjectTokenPolicyCreateResponse{}, nil - -} - // CreateToken creates a new token to access a project func (s *Server) CreateToken(ctx context.Context, q *ProjectTokenCreateRequest) (*ProjectTokenResponse, error) { if !s.enf.EnforceClaims(ctx.Value("claims"), "projects", "update", q.Project) { diff --git a/server/project/project.pb.go b/server/project/project.pb.go index 9c287ddd76a8a..350842cdbe2ac 100644 --- a/server/project/project.pb.go +++ b/server/project/project.pb.go @@ -14,8 +14,6 @@ It has these top-level messages: ProjectCreateRequest ProjectTokenCreateRequest - ProjectTokenPolicyCreateRequest - ProjectTokenPolicyCreateResponse ProjectTokenResponse ProjectQuery ProjectUpdateRequest @@ -98,66 +96,6 @@ func (m *ProjectTokenCreateRequest) GetSecondsBeforeExpiry() int64 { return 0 } -type ProjectTokenPolicyCreateRequest struct { - Project *github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.AppProject `protobuf:"bytes,1,opt,name=project" json:"project,omitempty"` - Token string `protobuf:"bytes,2,opt,name=token,proto3" json:"token,omitempty"` - Action string `protobuf:"bytes,3,opt,name=action,proto3" json:"action,omitempty"` - Permission string `protobuf:"bytes,4,opt,name=permission,proto3" json:"permission,omitempty"` - Object string `protobuf:"bytes,5,opt,name=object,proto3" json:"object,omitempty"` -} - -func (m *ProjectTokenPolicyCreateRequest) Reset() { *m = ProjectTokenPolicyCreateRequest{} } -func (m *ProjectTokenPolicyCreateRequest) String() string { return proto.CompactTextString(m) } -func (*ProjectTokenPolicyCreateRequest) ProtoMessage() {} -func (*ProjectTokenPolicyCreateRequest) Descriptor() ([]byte, []int) { - return fileDescriptorProject, []int{2} -} - -func (m *ProjectTokenPolicyCreateRequest) GetProject() *github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.AppProject { - if m != nil { - return m.Project - } - return nil -} - -func (m *ProjectTokenPolicyCreateRequest) GetToken() string { - if m != nil { - return m.Token - } - return "" -} - -func (m *ProjectTokenPolicyCreateRequest) GetAction() string { - if m != nil { - return m.Action - } - return "" -} - -func (m *ProjectTokenPolicyCreateRequest) GetPermission() string { - if m != nil { - return m.Permission - } - return "" -} - -func (m *ProjectTokenPolicyCreateRequest) GetObject() string { - if m != nil { - return m.Object - } - return "" -} - -type ProjectTokenPolicyCreateResponse struct { -} - -func (m *ProjectTokenPolicyCreateResponse) Reset() { *m = ProjectTokenPolicyCreateResponse{} } -func (m *ProjectTokenPolicyCreateResponse) String() string { return proto.CompactTextString(m) } -func (*ProjectTokenPolicyCreateResponse) ProtoMessage() {} -func (*ProjectTokenPolicyCreateResponse) Descriptor() ([]byte, []int) { - return fileDescriptorProject, []int{3} -} - // ProjectTokenResponse wraps the created token or returns an empty string if deleted. type ProjectTokenResponse struct { Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"` @@ -166,7 +104,7 @@ type ProjectTokenResponse struct { func (m *ProjectTokenResponse) Reset() { *m = ProjectTokenResponse{} } func (m *ProjectTokenResponse) String() string { return proto.CompactTextString(m) } func (*ProjectTokenResponse) ProtoMessage() {} -func (*ProjectTokenResponse) Descriptor() ([]byte, []int) { return fileDescriptorProject, []int{4} } +func (*ProjectTokenResponse) Descriptor() ([]byte, []int) { return fileDescriptorProject, []int{2} } func (m *ProjectTokenResponse) GetToken() string { if m != nil { @@ -183,7 +121,7 @@ type ProjectQuery struct { func (m *ProjectQuery) Reset() { *m = ProjectQuery{} } func (m *ProjectQuery) String() string { return proto.CompactTextString(m) } func (*ProjectQuery) ProtoMessage() {} -func (*ProjectQuery) Descriptor() ([]byte, []int) { return fileDescriptorProject, []int{5} } +func (*ProjectQuery) Descriptor() ([]byte, []int) { return fileDescriptorProject, []int{3} } func (m *ProjectQuery) GetName() string { if m != nil { @@ -199,7 +137,7 @@ type ProjectUpdateRequest struct { func (m *ProjectUpdateRequest) Reset() { *m = ProjectUpdateRequest{} } func (m *ProjectUpdateRequest) String() string { return proto.CompactTextString(m) } func (*ProjectUpdateRequest) ProtoMessage() {} -func (*ProjectUpdateRequest) Descriptor() ([]byte, []int) { return fileDescriptorProject, []int{6} } +func (*ProjectUpdateRequest) Descriptor() ([]byte, []int) { return fileDescriptorProject, []int{4} } func (m *ProjectUpdateRequest) GetProject() *github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.AppProject { if m != nil { @@ -214,13 +152,11 @@ type EmptyResponse struct { func (m *EmptyResponse) Reset() { *m = EmptyResponse{} } func (m *EmptyResponse) String() string { return proto.CompactTextString(m) } func (*EmptyResponse) ProtoMessage() {} -func (*EmptyResponse) Descriptor() ([]byte, []int) { return fileDescriptorProject, []int{7} } +func (*EmptyResponse) Descriptor() ([]byte, []int) { return fileDescriptorProject, []int{5} } func init() { proto.RegisterType((*ProjectCreateRequest)(nil), "project.ProjectCreateRequest") proto.RegisterType((*ProjectTokenCreateRequest)(nil), "project.ProjectTokenCreateRequest") - proto.RegisterType((*ProjectTokenPolicyCreateRequest)(nil), "project.ProjectTokenPolicyCreateRequest") - proto.RegisterType((*ProjectTokenPolicyCreateResponse)(nil), "project.ProjectTokenPolicyCreateResponse") proto.RegisterType((*ProjectTokenResponse)(nil), "project.ProjectTokenResponse") proto.RegisterType((*ProjectQuery)(nil), "project.ProjectQuery") proto.RegisterType((*ProjectUpdateRequest)(nil), "project.ProjectUpdateRequest") @@ -238,9 +174,6 @@ const _ = grpc.SupportPackageIsVersion4 // Client API for ProjectService service type ProjectServiceClient interface { - // TODO: Is this the best endpoint for this? - // Create a new project token. - CreateTokenPolicy(ctx context.Context, in *ProjectTokenPolicyCreateRequest, opts ...grpc.CallOption) (*ProjectTokenPolicyCreateResponse, error) // Create a new project token. CreateToken(ctx context.Context, in *ProjectTokenCreateRequest, opts ...grpc.CallOption) (*ProjectTokenResponse, error) // Create a new project. @@ -265,15 +198,6 @@ func NewProjectServiceClient(cc *grpc.ClientConn) ProjectServiceClient { return &projectServiceClient{cc} } -func (c *projectServiceClient) CreateTokenPolicy(ctx context.Context, in *ProjectTokenPolicyCreateRequest, opts ...grpc.CallOption) (*ProjectTokenPolicyCreateResponse, error) { - out := new(ProjectTokenPolicyCreateResponse) - err := grpc.Invoke(ctx, "/project.ProjectService/CreateTokenPolicy", in, out, c.cc, opts...) - if err != nil { - return nil, err - } - return out, nil -} - func (c *projectServiceClient) CreateToken(ctx context.Context, in *ProjectTokenCreateRequest, opts ...grpc.CallOption) (*ProjectTokenResponse, error) { out := new(ProjectTokenResponse) err := grpc.Invoke(ctx, "/project.ProjectService/CreateToken", in, out, c.cc, opts...) @@ -340,9 +264,6 @@ func (c *projectServiceClient) ListEvents(ctx context.Context, in *ProjectQuery, // Server API for ProjectService service type ProjectServiceServer interface { - // TODO: Is this the best endpoint for this? - // Create a new project token. - CreateTokenPolicy(context.Context, *ProjectTokenPolicyCreateRequest) (*ProjectTokenPolicyCreateResponse, error) // Create a new project token. CreateToken(context.Context, *ProjectTokenCreateRequest) (*ProjectTokenResponse, error) // Create a new project. @@ -363,24 +284,6 @@ func RegisterProjectServiceServer(s *grpc.Server, srv ProjectServiceServer) { s.RegisterService(&_ProjectService_serviceDesc, srv) } -func _ProjectService_CreateTokenPolicy_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(ProjectTokenPolicyCreateRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(ProjectServiceServer).CreateTokenPolicy(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/project.ProjectService/CreateTokenPolicy", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(ProjectServiceServer).CreateTokenPolicy(ctx, req.(*ProjectTokenPolicyCreateRequest)) - } - return interceptor(ctx, in, info, handler) -} - func _ProjectService_CreateToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(ProjectTokenCreateRequest) if err := dec(in); err != nil { @@ -511,10 +414,6 @@ var _ProjectService_serviceDesc = grpc.ServiceDesc{ ServiceName: "project.ProjectService", HandlerType: (*ProjectServiceServer)(nil), Methods: []grpc.MethodDesc{ - { - MethodName: "CreateTokenPolicy", - Handler: _ProjectService_CreateTokenPolicy_Handler, - }, { MethodName: "CreateToken", Handler: _ProjectService_CreateToken_Handler, @@ -611,76 +510,6 @@ func (m *ProjectTokenCreateRequest) MarshalTo(dAtA []byte) (int, error) { return i, nil } -func (m *ProjectTokenPolicyCreateRequest) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *ProjectTokenPolicyCreateRequest) MarshalTo(dAtA []byte) (int, error) { - var i int - _ = i - var l int - _ = l - if m.Project != nil { - dAtA[i] = 0xa - i++ - i = encodeVarintProject(dAtA, i, uint64(m.Project.Size())) - n2, err := m.Project.MarshalTo(dAtA[i:]) - if err != nil { - return 0, err - } - i += n2 - } - if len(m.Token) > 0 { - dAtA[i] = 0x12 - i++ - i = encodeVarintProject(dAtA, i, uint64(len(m.Token))) - i += copy(dAtA[i:], m.Token) - } - if len(m.Action) > 0 { - dAtA[i] = 0x1a - i++ - i = encodeVarintProject(dAtA, i, uint64(len(m.Action))) - i += copy(dAtA[i:], m.Action) - } - if len(m.Permission) > 0 { - dAtA[i] = 0x22 - i++ - i = encodeVarintProject(dAtA, i, uint64(len(m.Permission))) - i += copy(dAtA[i:], m.Permission) - } - if len(m.Object) > 0 { - dAtA[i] = 0x2a - i++ - i = encodeVarintProject(dAtA, i, uint64(len(m.Object))) - i += copy(dAtA[i:], m.Object) - } - return i, nil -} - -func (m *ProjectTokenPolicyCreateResponse) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *ProjectTokenPolicyCreateResponse) MarshalTo(dAtA []byte) (int, error) { - var i int - _ = i - var l int - _ = l - return i, nil -} - func (m *ProjectTokenResponse) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -748,11 +577,11 @@ func (m *ProjectUpdateRequest) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0xa i++ i = encodeVarintProject(dAtA, i, uint64(m.Project.Size())) - n3, err := m.Project.MarshalTo(dAtA[i:]) + n2, err := m.Project.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n3 + i += n2 } return i, nil } @@ -811,38 +640,6 @@ func (m *ProjectTokenCreateRequest) Size() (n int) { return n } -func (m *ProjectTokenPolicyCreateRequest) Size() (n int) { - var l int - _ = l - if m.Project != nil { - l = m.Project.Size() - n += 1 + l + sovProject(uint64(l)) - } - l = len(m.Token) - if l > 0 { - n += 1 + l + sovProject(uint64(l)) - } - l = len(m.Action) - if l > 0 { - n += 1 + l + sovProject(uint64(l)) - } - l = len(m.Permission) - if l > 0 { - n += 1 + l + sovProject(uint64(l)) - } - l = len(m.Object) - if l > 0 { - n += 1 + l + sovProject(uint64(l)) - } - return n -} - -func (m *ProjectTokenPolicyCreateResponse) Size() (n int) { - var l int - _ = l - return n -} - func (m *ProjectTokenResponse) Size() (n int) { var l int _ = l @@ -1102,255 +899,6 @@ func (m *ProjectTokenCreateRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *ProjectTokenPolicyCreateRequest) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProject - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: ProjectTokenPolicyCreateRequest: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: ProjectTokenPolicyCreateRequest: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Project", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProject - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= (int(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthProject - } - postIndex := iNdEx + msglen - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.Project == nil { - m.Project = &github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.AppProject{} - } - if err := m.Project.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Token", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProject - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthProject - } - postIndex := iNdEx + intStringLen - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Token = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Action", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProject - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthProject - } - postIndex := iNdEx + intStringLen - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Action = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Permission", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProject - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthProject - } - postIndex := iNdEx + intStringLen - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Permission = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Object", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProject - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthProject - } - postIndex := iNdEx + intStringLen - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Object = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipProject(dAtA[iNdEx:]) - if err != nil { - return err - } - if skippy < 0 { - return ErrInvalidLengthProject - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *ProjectTokenPolicyCreateResponse) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProject - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: ProjectTokenPolicyCreateResponse: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: ProjectTokenPolicyCreateResponse: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - default: - iNdEx = preIndex - skippy, err := skipProject(dAtA[iNdEx:]) - if err != nil { - return err - } - if skippy < 0 { - return ErrInvalidLengthProject - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} func (m *ProjectTokenResponse) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 @@ -1750,50 +1298,44 @@ var ( func init() { proto.RegisterFile("server/project/project.proto", fileDescriptorProject) } var fileDescriptorProject = []byte{ - // 710 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x56, 0xcb, 0x6e, 0x13, 0x3d, - 0x14, 0x96, 0x7b, 0xc9, 0xff, 0xd7, 0xe5, 0x6a, 0xda, 0x92, 0xa6, 0x6d, 0x1a, 0xbc, 0x40, 0xa1, - 0xa2, 0x1e, 0xd2, 0xb2, 0xa8, 0xd8, 0x51, 0x88, 0x50, 0x25, 0x16, 0x25, 0x80, 0x84, 0xd8, 0x54, - 0xee, 0xe4, 0x30, 0x9d, 0x26, 0x19, 0x1b, 0xdb, 0x0d, 0x44, 0xa8, 0x9b, 0x8a, 0x1d, 0x3b, 0x78, - 0x01, 0x24, 0x5e, 0x86, 0x25, 0x12, 0x2f, 0x80, 0x2a, 0x16, 0x3c, 0x06, 0xb2, 0x67, 0x26, 0x97, - 0x26, 0x03, 0x2c, 0xa2, 0xae, 0x62, 0x9f, 0xdb, 0xf7, 0x9d, 0x73, 0x7c, 0xe6, 0x04, 0x2f, 0x6b, - 0x50, 0x6d, 0x50, 0x9e, 0x54, 0xe2, 0x10, 0x7c, 0x93, 0xfe, 0x32, 0xa9, 0x84, 0x11, 0xe4, 0xbf, - 0xe4, 0x5a, 0x98, 0x0b, 0x44, 0x20, 0x9c, 0xcc, 0xb3, 0xa7, 0x58, 0x5d, 0x58, 0x0e, 0x84, 0x08, - 0x9a, 0xe0, 0x71, 0x19, 0x7a, 0x3c, 0x8a, 0x84, 0xe1, 0x26, 0x14, 0x91, 0x4e, 0xb4, 0xb4, 0xb1, - 0xa5, 0x59, 0x28, 0x9c, 0xd6, 0x17, 0x0a, 0xbc, 0x76, 0xc5, 0x0b, 0x20, 0x02, 0xc5, 0x0d, 0xd4, - 0x13, 0x9b, 0xbb, 0x3d, 0x9b, 0x16, 0xf7, 0x0f, 0xc2, 0x08, 0x54, 0xc7, 0x93, 0x8d, 0xc0, 0x0a, - 0xb4, 0xd7, 0x02, 0xc3, 0x47, 0x79, 0xed, 0x04, 0xa1, 0x39, 0x38, 0xda, 0x67, 0xbe, 0x68, 0x79, - 0x5c, 0x39, 0x62, 0x87, 0xee, 0xb0, 0xee, 0xd7, 0x7b, 0xde, 0x5c, 0xca, 0x66, 0xe8, 0x3b, 0x4a, - 0x5e, 0xbb, 0xc2, 0x9b, 0xf2, 0x80, 0x0f, 0x85, 0xa2, 0x6f, 0xf0, 0xdc, 0x6e, 0x9c, 0xe3, 0x03, - 0x05, 0xdc, 0x40, 0x0d, 0x5e, 0x1f, 0x81, 0x36, 0x64, 0x0f, 0xa7, 0xb9, 0xe7, 0x51, 0x09, 0x95, - 0x67, 0x37, 0xaa, 0xac, 0x07, 0xca, 0x52, 0x50, 0x77, 0xd8, 0xf3, 0xeb, 0x4c, 0x36, 0x02, 0x66, - 0x41, 0x59, 0x1f, 0x28, 0x4b, 0x41, 0xd9, 0x7d, 0x29, 0x13, 0x90, 0x5a, 0x1a, 0x95, 0x1e, 0xe3, - 0xc5, 0x44, 0xf6, 0x4c, 0x34, 0x20, 0x1a, 0x44, 0xcf, 0x0f, 0xa2, 0xcf, 0x74, 0xdd, 0xc8, 0x1c, - 0x9e, 0x36, 0xd6, 0x3e, 0x3f, 0xe1, 0xe4, 0xf1, 0x85, 0xdc, 0xc1, 0xd7, 0x34, 0xf8, 0x22, 0xaa, - 0xeb, 0x6d, 0x78, 0x25, 0x14, 0x54, 0xdf, 0xca, 0x50, 0x75, 0xf2, 0x93, 0x25, 0x54, 0x9e, 0xac, - 0x8d, 0x52, 0xd1, 0x5f, 0x08, 0xaf, 0xf6, 0xe3, 0xef, 0x8a, 0x66, 0xe8, 0x77, 0xce, 0xb7, 0x06, - 0x19, 0xc9, 0x2c, 0xe0, 0x1c, 0xf7, 0xad, 0xb3, 0xe3, 0x3f, 0x53, 0x4b, 0x6e, 0xa4, 0x88, 0xb1, - 0x04, 0xd5, 0x0a, 0xb5, 0xb6, 0xba, 0x29, 0xa7, 0xeb, 0x93, 0x58, 0x3f, 0xb1, 0xef, 0xd8, 0x4e, - 0xc7, 0x7e, 0xf1, 0x8d, 0x52, 0x5c, 0xca, 0xce, 0x54, 0x4b, 0x11, 0x69, 0xa0, 0xb7, 0xbb, 0xcf, - 0xc0, 0xd9, 0xa4, 0xf2, 0x1e, 0x43, 0xd4, 0xc7, 0x90, 0x52, 0x7c, 0x21, 0xb1, 0x7e, 0x72, 0x04, - 0xaa, 0x43, 0x08, 0x9e, 0x8a, 0x78, 0x0b, 0x12, 0x23, 0x77, 0xee, 0x7b, 0x58, 0xcf, 0x65, 0xfd, - 0x3c, 0x1f, 0xd6, 0x65, 0x7c, 0xb1, 0xda, 0x92, 0xa6, 0x93, 0xe6, 0xb0, 0xf1, 0xf9, 0x7f, 0x7c, - 0x29, 0xb1, 0x7a, 0x0a, 0xaa, 0x1d, 0xfa, 0x40, 0x3e, 0x22, 0x7c, 0x35, 0xae, 0x40, 0x5f, 0x49, - 0x48, 0x99, 0xa5, 0xd3, 0xff, 0x97, 0x97, 0x51, 0xb8, 0xf5, 0x0f, 0x96, 0x49, 0x65, 0xcb, 0x27, - 0xdf, 0x7f, 0x7e, 0x9a, 0xa0, 0x74, 0xc5, 0x7d, 0x07, 0xda, 0x95, 0xf4, 0x0b, 0xa3, 0x3d, 0x57, - 0x4b, 0x4f, 0x3a, 0xa7, 0x7b, 0x68, 0x8d, 0x68, 0x3c, 0xdb, 0xc7, 0x89, 0xd0, 0x91, 0x18, 0x83, - 0x3c, 0x56, 0x46, 0xda, 0x74, 0xb1, 0x6f, 0x38, 0xec, 0x25, 0xba, 0x30, 0x1a, 0xdb, 0x82, 0x7e, - 0x40, 0x38, 0x17, 0xc7, 0x24, 0x43, 0xc1, 0x06, 0xb1, 0xc6, 0xd3, 0x27, 0xba, 0xe4, 0x38, 0xcd, - 0xd3, 0x2b, 0x67, 0x39, 0x59, 0x36, 0x27, 0x08, 0x4f, 0x3d, 0x0e, 0xb5, 0x21, 0xf3, 0x67, 0xb9, - 0xb8, 0x87, 0x56, 0xd8, 0x19, 0x0b, 0x07, 0x8b, 0x40, 0xf3, 0x8e, 0x07, 0x21, 0x43, 0x3c, 0xc8, - 0x7b, 0x84, 0x27, 0x1f, 0x41, 0x26, 0x87, 0x31, 0xd5, 0x61, 0xd5, 0xe1, 0x2f, 0x92, 0xeb, 0x43, - 0xbd, 0x79, 0x67, 0xe7, 0xe7, 0x98, 0x7c, 0x41, 0x38, 0x17, 0x8f, 0xce, 0x70, 0x67, 0x06, 0x46, - 0x6a, 0x5c, 0x8c, 0x36, 0x1d, 0xa3, 0xf5, 0x42, 0x79, 0x98, 0x51, 0x0a, 0x6f, 0x17, 0x52, 0x9d, - 0x1b, 0xce, 0x1c, 0x45, 0xdb, 0xb1, 0x17, 0x38, 0xf7, 0x10, 0x9a, 0x60, 0x20, 0xab, 0x5c, 0x0b, - 0x5d, 0xf1, 0xc0, 0x54, 0xa6, 0xf9, 0xaf, 0x65, 0xe6, 0x7f, 0x88, 0xb1, 0x6d, 0x54, 0xb5, 0x0d, - 0x91, 0xd1, 0x59, 0xd1, 0x57, 0x58, 0xbc, 0x40, 0x6d, 0x86, 0xcc, 0x2e, 0x59, 0xd6, 0xae, 0x30, - 0xe7, 0xe2, 0x9a, 0x7c, 0xd3, 0x81, 0x94, 0x48, 0x31, 0x03, 0xc4, 0x03, 0x17, 0x7d, 0x7b, 0xeb, - 0xeb, 0x69, 0x11, 0x7d, 0x3b, 0x2d, 0xa2, 0x1f, 0xa7, 0x45, 0xf4, 0x72, 0xed, 0x4f, 0xeb, 0x75, - 0xf0, 0xff, 0xc2, 0x7e, 0xce, 0xad, 0xd1, 0xcd, 0xdf, 0x01, 0x00, 0x00, 0xff, 0xff, 0xf7, 0x76, - 0xe8, 0x90, 0x48, 0x08, 0x00, 0x00, + // 619 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x55, 0x4f, 0x4f, 0x14, 0x31, + 0x14, 0x4f, 0x01, 0x97, 0x58, 0xfc, 0x97, 0x0a, 0xb8, 0x2c, 0xb0, 0x62, 0x0f, 0x86, 0x10, 0x69, + 0x5d, 0xf0, 0x40, 0xbc, 0x89, 0x6e, 0x0c, 0x89, 0x07, 0x5d, 0x35, 0x31, 0x5e, 0x48, 0x99, 0x7d, + 0x0e, 0xc3, 0xee, 0x4e, 0x6b, 0x5b, 0x46, 0x37, 0x86, 0x0b, 0xf1, 0xc6, 0xd1, 0x8f, 0xe0, 0x97, + 0xf1, 0x68, 0xe2, 0x17, 0x30, 0xc4, 0x0f, 0x62, 0xda, 0x99, 0x61, 0x19, 0x86, 0xf1, 0xb4, 0xf1, + 0xb4, 0x9d, 0xd7, 0xf7, 0xde, 0xef, 0xf7, 0x7b, 0xef, 0xf5, 0x2d, 0x5e, 0x32, 0xa0, 0x13, 0xd0, + 0x5c, 0x69, 0x79, 0x00, 0x81, 0xcd, 0x7f, 0x99, 0xd2, 0xd2, 0x4a, 0x32, 0x9d, 0x7d, 0x36, 0x66, + 0x43, 0x19, 0x4a, 0x6f, 0xe3, 0xee, 0x94, 0x5e, 0x37, 0x96, 0x42, 0x29, 0xc3, 0x3e, 0x70, 0xa1, + 0x22, 0x2e, 0xe2, 0x58, 0x5a, 0x61, 0x23, 0x19, 0x9b, 0xec, 0x96, 0xf6, 0xb6, 0x0c, 0x8b, 0xa4, + 0xbf, 0x0d, 0xa4, 0x06, 0x9e, 0xb4, 0x78, 0x08, 0x31, 0x68, 0x61, 0xa1, 0x9b, 0xf9, 0x3c, 0x1a, + 0xf9, 0x0c, 0x44, 0xb0, 0x1f, 0xc5, 0xa0, 0x87, 0x5c, 0xf5, 0x42, 0x67, 0x30, 0x7c, 0x00, 0x56, + 0x5c, 0x16, 0xb5, 0x13, 0x46, 0x76, 0xff, 0x70, 0x8f, 0x05, 0x72, 0xc0, 0x85, 0xf6, 0xc4, 0x0e, + 0xfc, 0x61, 0x3d, 0xe8, 0x8e, 0xa2, 0x85, 0x52, 0xfd, 0x28, 0xf0, 0x94, 0x78, 0xd2, 0x12, 0x7d, + 0xb5, 0x2f, 0x4a, 0xa9, 0xe8, 0x27, 0x3c, 0xfb, 0x32, 0xd5, 0xf8, 0x54, 0x83, 0xb0, 0xd0, 0x81, + 0x8f, 0x87, 0x60, 0x2c, 0xd9, 0xc5, 0xb9, 0xf6, 0x3a, 0x5a, 0x41, 0xab, 0x33, 0x1b, 0x6d, 0x36, + 0x02, 0x65, 0x39, 0xa8, 0x3f, 0xec, 0x06, 0x5d, 0xa6, 0x7a, 0x21, 0x73, 0xa0, 0xec, 0x1c, 0x28, + 0xcb, 0x41, 0xd9, 0x13, 0xa5, 0x32, 0x90, 0x4e, 0x9e, 0x95, 0x1e, 0xe1, 0x85, 0xcc, 0xf6, 0x46, + 0xf6, 0x20, 0x2e, 0xa2, 0xd7, 0x8b, 0xe8, 0x57, 0xcf, 0xc2, 0xc8, 0x2c, 0xbe, 0x62, 0x9d, 0x7f, + 0x7d, 0xc2, 0xdb, 0xd3, 0x0f, 0xf2, 0x10, 0xdf, 0x36, 0x10, 0xc8, 0xb8, 0x6b, 0xb6, 0xe1, 0x83, + 0xd4, 0xd0, 0xfe, 0xac, 0x22, 0x3d, 0xac, 0x4f, 0xae, 0xa0, 0xd5, 0xc9, 0xce, 0x65, 0x57, 0xf4, + 0xc1, 0x99, 0x6e, 0x0f, 0xdf, 0x01, 0xa3, 0x64, 0x6c, 0x60, 0x94, 0x1f, 0x9d, 0xcb, 0x4f, 0x29, + 0xbe, 0x96, 0x79, 0xbf, 0x3a, 0x04, 0x3d, 0x24, 0x04, 0x4f, 0xc5, 0x62, 0x00, 0x99, 0x93, 0x3f, + 0x9f, 0xab, 0xe4, 0x5b, 0xd5, 0xfd, 0x9f, 0x95, 0xbc, 0x89, 0xaf, 0xb7, 0x07, 0xca, 0x0e, 0x73, + 0x0d, 0x1b, 0x27, 0xd3, 0xf8, 0x46, 0xe6, 0xf5, 0x1a, 0x74, 0x12, 0x05, 0x40, 0x0c, 0x9e, 0x49, + 0x2b, 0xec, 0xd5, 0x12, 0xca, 0xf2, 0x39, 0xaf, 0xec, 0x41, 0x63, 0xf9, 0x52, 0x9f, 0x1c, 0x84, + 0xde, 0x3b, 0xfe, 0xf5, 0xe7, 0xdb, 0xc4, 0x22, 0x9d, 0xf7, 0xf3, 0x9d, 0xb4, 0xf2, 0x97, 0x63, + 0xb8, 0x2f, 0xd9, 0x63, 0xb4, 0x46, 0x4e, 0x10, 0xae, 0xa5, 0x39, 0x49, 0x29, 0x59, 0x11, 0x6b, + 0x3c, 0x25, 0xa1, 0x8b, 0x9e, 0xd3, 0x1c, 0xbd, 0x75, 0x91, 0x93, 0x63, 0x73, 0x8c, 0xf0, 0xd4, + 0x8b, 0xc8, 0x58, 0x32, 0x77, 0x91, 0x8b, 0xef, 0x69, 0x63, 0x67, 0x2c, 0x1c, 0x1c, 0x02, 0xad, + 0x7b, 0x1e, 0x84, 0x94, 0x78, 0x90, 0xaf, 0x08, 0x4f, 0x3e, 0x87, 0x4a, 0x0e, 0x63, 0xaa, 0xc3, + 0x5d, 0x8f, 0xbf, 0x40, 0xee, 0x94, 0x7a, 0xf3, 0xc5, 0x8d, 0xea, 0x11, 0xf9, 0x8e, 0x70, 0x2d, + 0x9d, 0xd2, 0x72, 0x67, 0x0a, 0xd3, 0x3b, 0x2e, 0x46, 0x9b, 0x9e, 0xd1, 0x7a, 0x63, 0xb5, 0xcc, + 0x28, 0x87, 0x77, 0xcb, 0xae, 0x2b, 0xac, 0x60, 0x9e, 0xa2, 0xeb, 0xd8, 0x3b, 0x5c, 0x7b, 0x06, + 0x7d, 0xb0, 0x50, 0x55, 0xae, 0xf9, 0x33, 0x73, 0xe1, 0x01, 0xe4, 0xfa, 0xd7, 0x2a, 0xf5, 0x1f, + 0x60, 0xec, 0x1a, 0xd5, 0x4e, 0x20, 0xb6, 0xa6, 0x2a, 0xfb, 0x32, 0x4b, 0x97, 0xb3, 0x53, 0xc8, + 0xdc, 0x02, 0x67, 0x49, 0x8b, 0xf9, 0x10, 0xdf, 0xe4, 0xfb, 0x1e, 0x64, 0x85, 0x34, 0x2b, 0x40, + 0x38, 0xf8, 0xec, 0xdb, 0x5b, 0x3f, 0x4e, 0x9b, 0xe8, 0xe7, 0x69, 0x13, 0xfd, 0x3e, 0x6d, 0xa2, + 0xf7, 0x6b, 0xff, 0x5a, 0xdd, 0xc5, 0xff, 0xa2, 0xbd, 0x9a, 0x5f, 0xd1, 0x9b, 0x7f, 0x03, 0x00, + 0x00, 0xff, 0xff, 0x3d, 0x26, 0xdd, 0x63, 0xa4, 0x06, 0x00, 0x00, } diff --git a/server/project/project.pb.gw.go b/server/project/project.pb.gw.go index 91b12d52809af..6690d1287dca3 100644 --- a/server/project/project.pb.gw.go +++ b/server/project/project.pb.gw.go @@ -28,19 +28,6 @@ var _ status.Status var _ = runtime.String var _ = utilities.NewDoubleArray -func request_ProjectService_CreateTokenPolicy_0(ctx context.Context, marshaler runtime.Marshaler, client ProjectServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { - var protoReq ProjectTokenPolicyCreateRequest - var metadata runtime.ServerMetadata - - if err := marshaler.NewDecoder(req.Body).Decode(&protoReq); err != nil { - return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) - } - - msg, err := client.CreateTokenPolicy(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) - return msg, metadata, err - -} - func request_ProjectService_CreateToken_0(ctx context.Context, marshaler runtime.Marshaler, client ProjectServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { var protoReq ProjectTokenCreateRequest var metadata runtime.ServerMetadata @@ -234,35 +221,6 @@ func RegisterProjectServiceHandler(ctx context.Context, mux *runtime.ServeMux, c // "ProjectServiceClient" to call the correct interceptors. func RegisterProjectServiceHandlerClient(ctx context.Context, mux *runtime.ServeMux, client ProjectServiceClient) error { - mux.Handle("POST", pattern_ProjectService_CreateTokenPolicy_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { - ctx, cancel := context.WithCancel(req.Context()) - defer cancel() - if cn, ok := w.(http.CloseNotifier); ok { - go func(done <-chan struct{}, closed <-chan bool) { - select { - case <-done: - case <-closed: - cancel() - } - }(ctx.Done(), cn.CloseNotify()) - } - inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) - rctx, err := runtime.AnnotateContext(ctx, mux, req) - if err != nil { - runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) - return - } - resp, md, err := request_ProjectService_CreateTokenPolicy_0(rctx, inboundMarshaler, client, req, pathParams) - ctx = runtime.NewServerMetadataContext(ctx, md) - if err != nil { - runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) - return - } - - forward_ProjectService_CreateTokenPolicy_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) - - }) - mux.Handle("POST", pattern_ProjectService_CreateToken_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { ctx, cancel := context.WithCancel(req.Context()) defer cancel() @@ -470,8 +428,6 @@ func RegisterProjectServiceHandlerClient(ctx context.Context, mux *runtime.Serve } var ( - pattern_ProjectService_CreateTokenPolicy_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3, 2, 4}, []string{"api", "v1", "projects", "token", "policy"}, "")) - pattern_ProjectService_CreateToken_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"api", "v1", "projects", "token"}, "")) pattern_ProjectService_Create_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"api", "v1", "projects"}, "")) @@ -488,8 +444,6 @@ var ( ) var ( - forward_ProjectService_CreateTokenPolicy_0 = runtime.ForwardResponseMessage - forward_ProjectService_CreateToken_0 = runtime.ForwardResponseMessage forward_ProjectService_Create_0 = runtime.ForwardResponseMessage diff --git a/server/project/project.proto b/server/project/project.proto index 4c7d2df5a93da..0b02aa2f0fe24 100644 --- a/server/project/project.proto +++ b/server/project/project.proto @@ -24,18 +24,6 @@ message ProjectTokenCreateRequest { string token = 2; int64 secondsBeforeExpiry = 3; } - -message ProjectTokenPolicyCreateRequest { - github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.AppProject project = 1; - string token = 2; - string action = 3; - string permission = 4; - string object = 5; -} - -message ProjectTokenPolicyCreateResponse { -} - // ProjectTokenResponse wraps the created token or returns an empty string if deleted. message ProjectTokenResponse { string token = 1; @@ -56,15 +44,6 @@ message EmptyResponse {} // ProjectService service ProjectService { - // TODO: Is this the best endpoint for this? - // Create a new project token. - rpc CreateTokenPolicy(ProjectTokenPolicyCreateRequest) returns (ProjectTokenPolicyCreateResponse) { - option (google.api.http) = { - post: "/api/v1/projects/token/policy" - body: "*" - }; - } - // Create a new project token. rpc CreateToken(ProjectTokenCreateRequest) returns (ProjectTokenResponse) { option (google.api.http) = { diff --git a/server/project/project_test.go b/server/project/project_test.go index 96003a84d41e1..9a70ea55b5073 100644 --- a/server/project/project_test.go +++ b/server/project/project_test.go @@ -155,29 +155,22 @@ func TestProjectServer(t *testing.T) { t.Run("TestCreateTokenPolicySuccessfully", func(t *testing.T) { action := "create" object := "testObject" - permission := "allow" + tokenName := "test" + policyTemplate := "p, proj:%s:%s, projects, %s, %s/%s" + projWithToken := existingProj.DeepCopy() - token := v1alpha1.ProjectToken{Name: "test"} + token := v1alpha1.ProjectToken{Name: tokenName} + policy := fmt.Sprintf(policyTemplate, projWithToken.Name, tokenName, action, projWithToken.Name, object) + token.Policies = append(token.Policies, policy) projWithToken.Spec.Tokens = append(projWithToken.Spec.Tokens, token) + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, util.NewKeyLock(), nil) - request := &ProjectTokenPolicyCreateRequest{Project: projWithToken, Token: token.Name, Action: action, Object: object, Permission: permission} - _, err := projectServer.CreateTokenPolicy(context.Background(), request) + request := &ProjectUpdateRequest{Project: projWithToken} + _, err := projectServer.Update(context.Background(), request) assert.Nil(t, err) t.Log(projWithToken.Spec.Tokens[0].Policies[0]) - expectedPolicy := fmt.Sprintf("p, proj:%s:%s, projects, %s, %s/%s", projWithToken.Name, token.Name, action, projWithToken.Name, object) + expectedPolicy := fmt.Sprintf(policyTemplate, projWithToken.Name, token.Name, action, projWithToken.Name, object) assert.Equal(t, projWithToken.Spec.Tokens[0].Policies[0], expectedPolicy) }) - t.Run("TestCreateTokenPolicyOnNonExistingTokenFailure", func(t *testing.T) { - action := "create" - object := "testObject" - permission := "allow" - - token := v1alpha1.ProjectToken{Name: "test"} - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj), enforcer, util.NewKeyLock(), nil) - request := &ProjectTokenPolicyCreateRequest{Project: &existingProj, Token: token.Name, Action: action, Object: object, Permission: permission} - _, err := projectServer.CreateTokenPolicy(context.Background(), request) - assert.EqualError(t, err, "rpc error: code = NotFound desc = 'test' token was not found in the project 'test'") - - }) } diff --git a/server/swagger.json b/server/swagger.json index 3b5974a7a3cf9..fa1aadc22d814 100644 --- a/server/swagger.json +++ b/server/swagger.json @@ -722,33 +722,6 @@ } } }, - "/api/v1/projects/token/policy": { - "post": { - "tags": [ - "ProjectService" - ], - "summary": "TODO: Is this the best endpoint for this?\nCreate a new project token.", - "operationId": "CreateTokenPolicy", - "parameters": [ - { - "name": "body", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/projectProjectTokenPolicyCreateRequest" - } - } - ], - "responses": { - "200": { - "description": "(empty)", - "schema": { - "$ref": "#/definitions/projectProjectTokenPolicyCreateResponse" - } - } - } - } - }, "/api/v1/projects/{name}": { "get": { "tags": [ @@ -1405,29 +1378,6 @@ } } }, - "projectProjectTokenPolicyCreateRequest": { - "type": "object", - "properties": { - "action": { - "type": "string" - }, - "object": { - "type": "string" - }, - "permission": { - "type": "string" - }, - "project": { - "$ref": "#/definitions/v1alpha1AppProject" - }, - "token": { - "type": "string" - } - } - }, - "projectProjectTokenPolicyCreateResponse": { - "type": "object" - }, "projectProjectTokenResponse": { "description": "ProjectTokenResponse wraps the created token or returns an empty string if deleted.", "type": "object", From 1d2f8462412882d114226580e346e33804351bac Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Thu, 2 Aug 2018 14:29:47 -0700 Subject: [PATCH 07/43] Add Policy delete and token delete cli commands --- cmd/argocd/commands/project.go | 108 +++++++++++ server/project/project.go | 32 ++++ server/project/project.pb.go | 306 +++++++++++++++++++++++++++----- server/project/project.pb.gw.go | 50 ++++++ server/project/project.proto | 11 ++ server/project/project_test.go | 24 +++ server/swagger.json | 15 ++ 7 files changed, 501 insertions(+), 45 deletions(-) diff --git a/cmd/argocd/commands/project.go b/cmd/argocd/commands/project.go index 0c121ad69244a..b01b4cf277fbd 100644 --- a/cmd/argocd/commands/project.go +++ b/cmd/argocd/commands/project.go @@ -72,8 +72,11 @@ func NewProjectCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { os.Exit(1) }, } + tokenCommand.AddCommand(NewProjectListTokenCommand(clientOpts)) tokenCommand.AddCommand(NewProjectCreateTokenCommand(clientOpts)) + tokenCommand.AddCommand(NewProjectDeleteTokenCommand(clientOpts)) tokenCommand.AddCommand(NewProjectAddTokenPolicyCommand(clientOpts)) + tokenCommand.AddCommand(NewProjectRemoveTokenPolicyCommand(clientOpts)) command.AddCommand(tokenCommand) command.AddCommand(NewProjectCreateCommand(clientOpts)) command.AddCommand(NewProjectDeleteCommand(clientOpts)) @@ -142,6 +145,59 @@ func NewProjectAddTokenPolicyCommand(clientOpts *argocdclient.ClientOptions) *co return command } +// NewProjectRemoveTokenPolicyCommand returns a new instance of an `argocd proj token remove-policy` command +func NewProjectRemoveTokenPolicyCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { + var ( + opts policyOpts + ) + var command = &cobra.Command{ + Use: "remove-policy PROJECT TOKEN-NAME", + Short: "Remove a policy from a token within a project", + Run: func(c *cobra.Command, args []string) { + if len(args) != 2 { + c.HelpFunc()(c, args) + os.Exit(1) + } + if opts.permission != "allow" && opts.permission != "deny" { + log.Fatal("Permission flag can only have the values 'allow' or 'deny'") + } + + projName := args[0] + tokenName := args[1] + conn, projIf := argocdclient.NewClientOrDie(clientOpts).NewProjectClientOrDie() + defer util.Close(conn) + + proj, err := projIf.Get(context.Background(), &project.ProjectQuery{Name: projName}) + errors.CheckError(err) + + tokenIndex, err := proj.GetTokenIndex(tokenName) + if err != nil { + log.Fatal(err) + } + token := proj.Spec.Tokens[tokenIndex] + + policyTemplate := "p, proj:%s:%s, projects, %s, %s/%s" + policyToRemove := fmt.Sprintf(policyTemplate, proj.Name, token.Name, opts.action, proj.Name, opts.object) + duplicateIndex := -1 + for i, policy := range token.Policies { + if policy == policyToRemove { + duplicateIndex = i + break + } + } + if duplicateIndex < 0 { + log.Fatal("Policy does not exist in token.") + } + token.Policies[duplicateIndex] = token.Policies[len(token.Policies)-1] + proj.Spec.Tokens[tokenIndex].Policies = token.Policies[:len(token.Policies)-1] + _, err = projIf.Update(context.Background(), &project.ProjectUpdateRequest{Project: proj}) + errors.CheckError(err) + }, + } + addPolicyFlags(command, &opts) + return command +} + // NewProjectCreateTokenCommand returns a new instance of an `argocd proj token create` command func NewProjectCreateTokenCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { var ( @@ -173,6 +229,58 @@ func NewProjectCreateTokenCommand(clientOpts *argocdclient.ClientOptions) *cobra return command } +// NewProjectListTokenCommand returns a new instance of an `argocd proj token list` command +func NewProjectListTokenCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { + var command = &cobra.Command{ + Use: "list PROJECT", + Short: "List all the tokens in a project", + Run: func(c *cobra.Command, args []string) { + if len(args) != 1 { + c.HelpFunc()(c, args) + os.Exit(1) + } + projName := args[0] + conn, projIf := argocdclient.NewClientOrDie(clientOpts).NewProjectClientOrDie() + defer util.Close(conn) + + project, err := projIf.Get(context.Background(), &project.ProjectQuery{Name: projName}) + errors.CheckError(err) + w := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0) + fmt.Fprintf(w, "TOKEN-NAME\tCREATED-AT\tPOLICIES\n") + for _, token := range project.Spec.Tokens { + fmt.Fprintf(w, "%s\t%d\t\n", token.Name, token.CreatedAt) + for _, policy := range token.Policies { + fmt.Fprintf(w, "%s\t%d\t%s\n", token.Name, token.CreatedAt, policy) + } + } + _ = w.Flush() + }, + } + return command +} + +// NewProjectDeleteTokenCommand returns a new instance of an `argocd proj token delete` command +func NewProjectDeleteTokenCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { + var command = &cobra.Command{ + Use: "delete PROJECT TOKEN-NAME", + Short: "Delete a project token", + Run: func(c *cobra.Command, args []string) { + if len(args) != 2 { + c.HelpFunc()(c, args) + os.Exit(1) + } + projName := args[0] + tokenName := args[1] + conn, projIf := argocdclient.NewClientOrDie(clientOpts).NewProjectClientOrDie() + defer util.Close(conn) + + _, err := projIf.DeleteToken(context.Background(), &project.ProjectTokenDeleteRequest{Project: projName, Token: tokenName}) + errors.CheckError(err) + }, + } + return command +} + // NewProjectCreateCommand returns a new instance of an `argocd proj create` command func NewProjectCreateCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { var ( diff --git a/server/project/project.go b/server/project/project.go index a2a0187cbce83..920bcebcf8044 100644 --- a/server/project/project.go +++ b/server/project/project.go @@ -187,6 +187,38 @@ func validateProject(p *v1alpha1.AppProject) error { return nil } +// DeleteToken deletes a token in a project +func (s *Server) DeleteToken(ctx context.Context, q *ProjectTokenDeleteRequest) (*EmptyResponse, error) { + if !s.enf.EnforceClaims(ctx.Value("claims"), "projects", "delete", q.Project) { + return nil, grpc.ErrPermissionDenied + } + project, err := s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Get(q.Project, metav1.GetOptions{}) + if err != nil { + return nil, err + } + err = validateProject(project) + if err != nil { + return nil, err + } + + s.projectLock.Lock(q.Project) + defer s.projectLock.Unlock(q.Project) + + index, err := project.GetTokenIndex(q.Token) + if err != nil { + return nil, err + } + project.Spec.Tokens[index] = project.Spec.Tokens[len(project.Spec.Tokens)-1] + project.Spec.Tokens = project.Spec.Tokens[:len(project.Spec.Tokens)-1] + _, err = s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Update(project) + if err != nil { + return nil, err + } + s.logEvent(project, ctx, argo.EventReasonResourceDeleted, "deleted token") + return &EmptyResponse{}, nil + +} + // Update updates a project func (s *Server) Update(ctx context.Context, q *ProjectUpdateRequest) (*v1alpha1.AppProject, error) { if q.Project.Name == common.DefaultAppProjectName { diff --git a/server/project/project.pb.go b/server/project/project.pb.go index 350842cdbe2ac..d2c2f18cad0b7 100644 --- a/server/project/project.pb.go +++ b/server/project/project.pb.go @@ -13,6 +13,7 @@ It has these top-level messages: ProjectCreateRequest + ProjectTokenDeleteRequest ProjectTokenCreateRequest ProjectTokenResponse ProjectQuery @@ -63,6 +64,31 @@ func (m *ProjectCreateRequest) GetProject() *github_com_argoproj_argo_cd_pkg_api return nil } +// ProjectTokenCreateRequest defines project token deletion parameters. +type ProjectTokenDeleteRequest struct { + Project string `protobuf:"bytes,1,opt,name=project,proto3" json:"project,omitempty"` + Token string `protobuf:"bytes,2,opt,name=token,proto3" json:"token,omitempty"` +} + +func (m *ProjectTokenDeleteRequest) Reset() { *m = ProjectTokenDeleteRequest{} } +func (m *ProjectTokenDeleteRequest) String() string { return proto.CompactTextString(m) } +func (*ProjectTokenDeleteRequest) ProtoMessage() {} +func (*ProjectTokenDeleteRequest) Descriptor() ([]byte, []int) { return fileDescriptorProject, []int{1} } + +func (m *ProjectTokenDeleteRequest) GetProject() string { + if m != nil { + return m.Project + } + return "" +} + +func (m *ProjectTokenDeleteRequest) GetToken() string { + if m != nil { + return m.Token + } + return "" +} + // ProjectTokenCreateRequest defines project token creation parameters. type ProjectTokenCreateRequest struct { Project string `protobuf:"bytes,1,opt,name=project,proto3" json:"project,omitempty"` @@ -73,7 +99,7 @@ type ProjectTokenCreateRequest struct { func (m *ProjectTokenCreateRequest) Reset() { *m = ProjectTokenCreateRequest{} } func (m *ProjectTokenCreateRequest) String() string { return proto.CompactTextString(m) } func (*ProjectTokenCreateRequest) ProtoMessage() {} -func (*ProjectTokenCreateRequest) Descriptor() ([]byte, []int) { return fileDescriptorProject, []int{1} } +func (*ProjectTokenCreateRequest) Descriptor() ([]byte, []int) { return fileDescriptorProject, []int{2} } func (m *ProjectTokenCreateRequest) GetProject() string { if m != nil { @@ -104,7 +130,7 @@ type ProjectTokenResponse struct { func (m *ProjectTokenResponse) Reset() { *m = ProjectTokenResponse{} } func (m *ProjectTokenResponse) String() string { return proto.CompactTextString(m) } func (*ProjectTokenResponse) ProtoMessage() {} -func (*ProjectTokenResponse) Descriptor() ([]byte, []int) { return fileDescriptorProject, []int{2} } +func (*ProjectTokenResponse) Descriptor() ([]byte, []int) { return fileDescriptorProject, []int{3} } func (m *ProjectTokenResponse) GetToken() string { if m != nil { @@ -121,7 +147,7 @@ type ProjectQuery struct { func (m *ProjectQuery) Reset() { *m = ProjectQuery{} } func (m *ProjectQuery) String() string { return proto.CompactTextString(m) } func (*ProjectQuery) ProtoMessage() {} -func (*ProjectQuery) Descriptor() ([]byte, []int) { return fileDescriptorProject, []int{3} } +func (*ProjectQuery) Descriptor() ([]byte, []int) { return fileDescriptorProject, []int{4} } func (m *ProjectQuery) GetName() string { if m != nil { @@ -137,7 +163,7 @@ type ProjectUpdateRequest struct { func (m *ProjectUpdateRequest) Reset() { *m = ProjectUpdateRequest{} } func (m *ProjectUpdateRequest) String() string { return proto.CompactTextString(m) } func (*ProjectUpdateRequest) ProtoMessage() {} -func (*ProjectUpdateRequest) Descriptor() ([]byte, []int) { return fileDescriptorProject, []int{4} } +func (*ProjectUpdateRequest) Descriptor() ([]byte, []int) { return fileDescriptorProject, []int{5} } func (m *ProjectUpdateRequest) GetProject() *github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.AppProject { if m != nil { @@ -152,10 +178,11 @@ type EmptyResponse struct { func (m *EmptyResponse) Reset() { *m = EmptyResponse{} } func (m *EmptyResponse) String() string { return proto.CompactTextString(m) } func (*EmptyResponse) ProtoMessage() {} -func (*EmptyResponse) Descriptor() ([]byte, []int) { return fileDescriptorProject, []int{5} } +func (*EmptyResponse) Descriptor() ([]byte, []int) { return fileDescriptorProject, []int{6} } func init() { proto.RegisterType((*ProjectCreateRequest)(nil), "project.ProjectCreateRequest") + proto.RegisterType((*ProjectTokenDeleteRequest)(nil), "project.ProjectTokenDeleteRequest") proto.RegisterType((*ProjectTokenCreateRequest)(nil), "project.ProjectTokenCreateRequest") proto.RegisterType((*ProjectTokenResponse)(nil), "project.ProjectTokenResponse") proto.RegisterType((*ProjectQuery)(nil), "project.ProjectQuery") @@ -176,6 +203,8 @@ const _ = grpc.SupportPackageIsVersion4 type ProjectServiceClient interface { // Create a new project token. CreateToken(ctx context.Context, in *ProjectTokenCreateRequest, opts ...grpc.CallOption) (*ProjectTokenResponse, error) + // Create a new project token. + DeleteToken(ctx context.Context, in *ProjectTokenDeleteRequest, opts ...grpc.CallOption) (*EmptyResponse, error) // Create a new project. Create(ctx context.Context, in *ProjectCreateRequest, opts ...grpc.CallOption) (*github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.AppProject, error) // List returns list of projects @@ -207,6 +236,15 @@ func (c *projectServiceClient) CreateToken(ctx context.Context, in *ProjectToken return out, nil } +func (c *projectServiceClient) DeleteToken(ctx context.Context, in *ProjectTokenDeleteRequest, opts ...grpc.CallOption) (*EmptyResponse, error) { + out := new(EmptyResponse) + err := grpc.Invoke(ctx, "/project.ProjectService/DeleteToken", in, out, c.cc, opts...) + if err != nil { + return nil, err + } + return out, nil +} + func (c *projectServiceClient) Create(ctx context.Context, in *ProjectCreateRequest, opts ...grpc.CallOption) (*github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.AppProject, error) { out := new(github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.AppProject) err := grpc.Invoke(ctx, "/project.ProjectService/Create", in, out, c.cc, opts...) @@ -266,6 +304,8 @@ func (c *projectServiceClient) ListEvents(ctx context.Context, in *ProjectQuery, type ProjectServiceServer interface { // Create a new project token. CreateToken(context.Context, *ProjectTokenCreateRequest) (*ProjectTokenResponse, error) + // Create a new project token. + DeleteToken(context.Context, *ProjectTokenDeleteRequest) (*EmptyResponse, error) // Create a new project. Create(context.Context, *ProjectCreateRequest) (*github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.AppProject, error) // List returns list of projects @@ -302,6 +342,24 @@ func _ProjectService_CreateToken_Handler(srv interface{}, ctx context.Context, d return interceptor(ctx, in, info, handler) } +func _ProjectService_DeleteToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ProjectTokenDeleteRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(ProjectServiceServer).DeleteToken(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/project.ProjectService/DeleteToken", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(ProjectServiceServer).DeleteToken(ctx, req.(*ProjectTokenDeleteRequest)) + } + return interceptor(ctx, in, info, handler) +} + func _ProjectService_Create_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(ProjectCreateRequest) if err := dec(in); err != nil { @@ -418,6 +476,10 @@ var _ProjectService_serviceDesc = grpc.ServiceDesc{ MethodName: "CreateToken", Handler: _ProjectService_CreateToken_Handler, }, + { + MethodName: "DeleteToken", + Handler: _ProjectService_DeleteToken_Handler, + }, { MethodName: "Create", Handler: _ProjectService_Create_Handler, @@ -475,6 +537,36 @@ func (m *ProjectCreateRequest) MarshalTo(dAtA []byte) (int, error) { return i, nil } +func (m *ProjectTokenDeleteRequest) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *ProjectTokenDeleteRequest) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + if len(m.Project) > 0 { + dAtA[i] = 0xa + i++ + i = encodeVarintProject(dAtA, i, uint64(len(m.Project))) + i += copy(dAtA[i:], m.Project) + } + if len(m.Token) > 0 { + dAtA[i] = 0x12 + i++ + i = encodeVarintProject(dAtA, i, uint64(len(m.Token))) + i += copy(dAtA[i:], m.Token) + } + return i, nil +} + func (m *ProjectTokenCreateRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -623,6 +715,20 @@ func (m *ProjectCreateRequest) Size() (n int) { return n } +func (m *ProjectTokenDeleteRequest) Size() (n int) { + var l int + _ = l + l = len(m.Project) + if l > 0 { + n += 1 + l + sovProject(uint64(l)) + } + l = len(m.Token) + if l > 0 { + n += 1 + l + sovProject(uint64(l)) + } + return n +} + func (m *ProjectTokenCreateRequest) Size() (n int) { var l int _ = l @@ -772,6 +878,114 @@ func (m *ProjectCreateRequest) Unmarshal(dAtA []byte) error { } return nil } +func (m *ProjectTokenDeleteRequest) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProject + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ProjectTokenDeleteRequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ProjectTokenDeleteRequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Project", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProject + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthProject + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Project = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Token", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProject + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthProject + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Token = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipProject(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthProject + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func (m *ProjectTokenCreateRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 @@ -1298,44 +1512,46 @@ var ( func init() { proto.RegisterFile("server/project/project.proto", fileDescriptorProject) } var fileDescriptorProject = []byte{ - // 619 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x55, 0x4f, 0x4f, 0x14, 0x31, - 0x14, 0x4f, 0x01, 0x97, 0x58, 0xfc, 0x97, 0x0a, 0xb8, 0x2c, 0xb0, 0x62, 0x0f, 0x86, 0x10, 0x69, - 0x5d, 0xf0, 0x40, 0xbc, 0x89, 0x6e, 0x0c, 0x89, 0x07, 0x5d, 0x35, 0x31, 0x5e, 0x48, 0x99, 0x7d, - 0x0e, 0xc3, 0xee, 0x4e, 0x6b, 0x5b, 0x46, 0x37, 0x86, 0x0b, 0xf1, 0xc6, 0xd1, 0x8f, 0xe0, 0x97, - 0xf1, 0x68, 0xe2, 0x17, 0x30, 0xc4, 0x0f, 0x62, 0xda, 0x99, 0x61, 0x19, 0x86, 0xf1, 0xb4, 0xf1, - 0xb4, 0x9d, 0xd7, 0xf7, 0xde, 0xef, 0xf7, 0x7b, 0xef, 0xf5, 0x2d, 0x5e, 0x32, 0xa0, 0x13, 0xd0, - 0x5c, 0x69, 0x79, 0x00, 0x81, 0xcd, 0x7f, 0x99, 0xd2, 0xd2, 0x4a, 0x32, 0x9d, 0x7d, 0x36, 0x66, - 0x43, 0x19, 0x4a, 0x6f, 0xe3, 0xee, 0x94, 0x5e, 0x37, 0x96, 0x42, 0x29, 0xc3, 0x3e, 0x70, 0xa1, - 0x22, 0x2e, 0xe2, 0x58, 0x5a, 0x61, 0x23, 0x19, 0x9b, 0xec, 0x96, 0xf6, 0xb6, 0x0c, 0x8b, 0xa4, - 0xbf, 0x0d, 0xa4, 0x06, 0x9e, 0xb4, 0x78, 0x08, 0x31, 0x68, 0x61, 0xa1, 0x9b, 0xf9, 0x3c, 0x1a, - 0xf9, 0x0c, 0x44, 0xb0, 0x1f, 0xc5, 0xa0, 0x87, 0x5c, 0xf5, 0x42, 0x67, 0x30, 0x7c, 0x00, 0x56, - 0x5c, 0x16, 0xb5, 0x13, 0x46, 0x76, 0xff, 0x70, 0x8f, 0x05, 0x72, 0xc0, 0x85, 0xf6, 0xc4, 0x0e, - 0xfc, 0x61, 0x3d, 0xe8, 0x8e, 0xa2, 0x85, 0x52, 0xfd, 0x28, 0xf0, 0x94, 0x78, 0xd2, 0x12, 0x7d, - 0xb5, 0x2f, 0x4a, 0xa9, 0xe8, 0x27, 0x3c, 0xfb, 0x32, 0xd5, 0xf8, 0x54, 0x83, 0xb0, 0xd0, 0x81, - 0x8f, 0x87, 0x60, 0x2c, 0xd9, 0xc5, 0xb9, 0xf6, 0x3a, 0x5a, 0x41, 0xab, 0x33, 0x1b, 0x6d, 0x36, - 0x02, 0x65, 0x39, 0xa8, 0x3f, 0xec, 0x06, 0x5d, 0xa6, 0x7a, 0x21, 0x73, 0xa0, 0xec, 0x1c, 0x28, - 0xcb, 0x41, 0xd9, 0x13, 0xa5, 0x32, 0x90, 0x4e, 0x9e, 0x95, 0x1e, 0xe1, 0x85, 0xcc, 0xf6, 0x46, - 0xf6, 0x20, 0x2e, 0xa2, 0xd7, 0x8b, 0xe8, 0x57, 0xcf, 0xc2, 0xc8, 0x2c, 0xbe, 0x62, 0x9d, 0x7f, - 0x7d, 0xc2, 0xdb, 0xd3, 0x0f, 0xf2, 0x10, 0xdf, 0x36, 0x10, 0xc8, 0xb8, 0x6b, 0xb6, 0xe1, 0x83, - 0xd4, 0xd0, 0xfe, 0xac, 0x22, 0x3d, 0xac, 0x4f, 0xae, 0xa0, 0xd5, 0xc9, 0xce, 0x65, 0x57, 0xf4, - 0xc1, 0x99, 0x6e, 0x0f, 0xdf, 0x01, 0xa3, 0x64, 0x6c, 0x60, 0x94, 0x1f, 0x9d, 0xcb, 0x4f, 0x29, - 0xbe, 0x96, 0x79, 0xbf, 0x3a, 0x04, 0x3d, 0x24, 0x04, 0x4f, 0xc5, 0x62, 0x00, 0x99, 0x93, 0x3f, - 0x9f, 0xab, 0xe4, 0x5b, 0xd5, 0xfd, 0x9f, 0x95, 0xbc, 0x89, 0xaf, 0xb7, 0x07, 0xca, 0x0e, 0x73, - 0x0d, 0x1b, 0x27, 0xd3, 0xf8, 0x46, 0xe6, 0xf5, 0x1a, 0x74, 0x12, 0x05, 0x40, 0x0c, 0x9e, 0x49, - 0x2b, 0xec, 0xd5, 0x12, 0xca, 0xf2, 0x39, 0xaf, 0xec, 0x41, 0x63, 0xf9, 0x52, 0x9f, 0x1c, 0x84, - 0xde, 0x3b, 0xfe, 0xf5, 0xe7, 0xdb, 0xc4, 0x22, 0x9d, 0xf7, 0xf3, 0x9d, 0xb4, 0xf2, 0x97, 0x63, - 0xb8, 0x2f, 0xd9, 0x63, 0xb4, 0x46, 0x4e, 0x10, 0xae, 0xa5, 0x39, 0x49, 0x29, 0x59, 0x11, 0x6b, - 0x3c, 0x25, 0xa1, 0x8b, 0x9e, 0xd3, 0x1c, 0xbd, 0x75, 0x91, 0x93, 0x63, 0x73, 0x8c, 0xf0, 0xd4, - 0x8b, 0xc8, 0x58, 0x32, 0x77, 0x91, 0x8b, 0xef, 0x69, 0x63, 0x67, 0x2c, 0x1c, 0x1c, 0x02, 0xad, - 0x7b, 0x1e, 0x84, 0x94, 0x78, 0x90, 0xaf, 0x08, 0x4f, 0x3e, 0x87, 0x4a, 0x0e, 0x63, 0xaa, 0xc3, - 0x5d, 0x8f, 0xbf, 0x40, 0xee, 0x94, 0x7a, 0xf3, 0xc5, 0x8d, 0xea, 0x11, 0xf9, 0x8e, 0x70, 0x2d, - 0x9d, 0xd2, 0x72, 0x67, 0x0a, 0xd3, 0x3b, 0x2e, 0x46, 0x9b, 0x9e, 0xd1, 0x7a, 0x63, 0xb5, 0xcc, - 0x28, 0x87, 0x77, 0xcb, 0xae, 0x2b, 0xac, 0x60, 0x9e, 0xa2, 0xeb, 0xd8, 0x3b, 0x5c, 0x7b, 0x06, - 0x7d, 0xb0, 0x50, 0x55, 0xae, 0xf9, 0x33, 0x73, 0xe1, 0x01, 0xe4, 0xfa, 0xd7, 0x2a, 0xf5, 0x1f, - 0x60, 0xec, 0x1a, 0xd5, 0x4e, 0x20, 0xb6, 0xa6, 0x2a, 0xfb, 0x32, 0x4b, 0x97, 0xb3, 0x53, 0xc8, - 0xdc, 0x02, 0x67, 0x49, 0x8b, 0xf9, 0x10, 0xdf, 0xe4, 0xfb, 0x1e, 0x64, 0x85, 0x34, 0x2b, 0x40, - 0x38, 0xf8, 0xec, 0xdb, 0x5b, 0x3f, 0x4e, 0x9b, 0xe8, 0xe7, 0x69, 0x13, 0xfd, 0x3e, 0x6d, 0xa2, - 0xf7, 0x6b, 0xff, 0x5a, 0xdd, 0xc5, 0xff, 0xa2, 0xbd, 0x9a, 0x5f, 0xd1, 0x9b, 0x7f, 0x03, 0x00, - 0x00, 0xff, 0xff, 0x3d, 0x26, 0xdd, 0x63, 0xa4, 0x06, 0x00, 0x00, + // 652 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x55, 0xcf, 0x4f, 0x13, 0x4f, + 0x14, 0xcf, 0x02, 0xdf, 0x92, 0xef, 0xe0, 0xaf, 0x8c, 0x80, 0xa5, 0x40, 0xc5, 0x39, 0x18, 0xd2, + 0xc8, 0xac, 0x05, 0x0f, 0xc4, 0x9b, 0x68, 0x63, 0x88, 0x1e, 0xb4, 0x6a, 0x62, 0xbc, 0x90, 0x61, + 0xfb, 0x5c, 0x96, 0xb6, 0x3b, 0xe3, 0xcc, 0xb0, 0xda, 0x18, 0x2e, 0xc4, 0x9b, 0x47, 0xff, 0x04, + 0xff, 0x19, 0x8f, 0x26, 0xfe, 0x03, 0x86, 0xf8, 0x37, 0x78, 0x36, 0xf3, 0x76, 0x97, 0xb2, 0x94, + 0x25, 0x31, 0x69, 0x3c, 0x75, 0x76, 0xe6, 0xbd, 0xf7, 0xf9, 0x7c, 0xde, 0x8f, 0x3e, 0xb2, 0x64, + 0x40, 0x27, 0xa0, 0x7d, 0xa5, 0xe5, 0x3e, 0x04, 0x36, 0xff, 0xe5, 0x4a, 0x4b, 0x2b, 0xe9, 0x74, + 0xf6, 0x59, 0x9b, 0x0d, 0x65, 0x28, 0xf1, 0xce, 0x77, 0xa7, 0xf4, 0xb9, 0xb6, 0x14, 0x4a, 0x19, + 0xf6, 0xc0, 0x17, 0x2a, 0xf2, 0x45, 0x1c, 0x4b, 0x2b, 0x6c, 0x24, 0x63, 0x93, 0xbd, 0xb2, 0xee, + 0xa6, 0xe1, 0x91, 0xc4, 0xd7, 0x40, 0x6a, 0xf0, 0x93, 0xa6, 0x1f, 0x42, 0x0c, 0x5a, 0x58, 0xe8, + 0x64, 0x36, 0xf7, 0x86, 0x36, 0x7d, 0x11, 0xec, 0x45, 0x31, 0xe8, 0x81, 0xaf, 0xba, 0xa1, 0xbb, + 0x30, 0x7e, 0x1f, 0xac, 0x38, 0xcf, 0x6b, 0x3b, 0x8c, 0xec, 0xde, 0xc1, 0x2e, 0x0f, 0x64, 0xdf, + 0x17, 0x1a, 0x89, 0xed, 0xe3, 0x61, 0x2d, 0xe8, 0x0c, 0xbd, 0x85, 0x52, 0xbd, 0x28, 0x40, 0x4a, + 0x7e, 0xd2, 0x14, 0x3d, 0xb5, 0x27, 0x46, 0x42, 0xb1, 0xf7, 0x64, 0xf6, 0x59, 0xaa, 0xf1, 0xa1, + 0x06, 0x61, 0xa1, 0x0d, 0xef, 0x0e, 0xc0, 0x58, 0xba, 0x43, 0x72, 0xed, 0x55, 0x6f, 0xc5, 0x5b, + 0x9d, 0x59, 0x6f, 0xf1, 0x21, 0x28, 0xcf, 0x41, 0xf1, 0xb0, 0x13, 0x74, 0xb8, 0xea, 0x86, 0xdc, + 0x81, 0xf2, 0x53, 0xa0, 0x3c, 0x07, 0xe5, 0x0f, 0x94, 0xca, 0x40, 0xda, 0x79, 0x54, 0xf6, 0x84, + 0x2c, 0x64, 0x77, 0x2f, 0x65, 0x17, 0xe2, 0x47, 0xd0, 0x83, 0x21, 0x7a, 0xb5, 0x88, 0xfe, 0xff, + 0x89, 0x1b, 0x9d, 0x25, 0xff, 0x59, 0x67, 0x5f, 0x9d, 0xc0, 0xfb, 0xf4, 0x83, 0x1d, 0x16, 0x83, + 0x15, 0xa5, 0xfc, 0x65, 0x30, 0x7a, 0x97, 0x5c, 0x37, 0x10, 0xc8, 0xb8, 0x63, 0xb6, 0xe0, 0xad, + 0xd4, 0xd0, 0xfa, 0xa0, 0x22, 0x3d, 0xa8, 0x4e, 0xae, 0x78, 0xab, 0x93, 0xed, 0xf3, 0x9e, 0xd8, + 0x9d, 0x93, 0x24, 0x22, 0x7c, 0x1b, 0x8c, 0x92, 0xb1, 0x81, 0x61, 0x7c, 0xef, 0x34, 0x59, 0x46, + 0x2e, 0x65, 0xd6, 0xcf, 0x0f, 0x40, 0x0f, 0x28, 0x25, 0x53, 0xb1, 0xe8, 0x43, 0x66, 0x84, 0xe7, + 0x53, 0x65, 0x79, 0xa5, 0x3a, 0xff, 0xb2, 0x2c, 0x57, 0xc9, 0xe5, 0x56, 0x5f, 0xd9, 0x41, 0xae, + 0x61, 0xfd, 0xf7, 0x34, 0xb9, 0x92, 0x59, 0xbd, 0x00, 0x9d, 0x44, 0x01, 0x50, 0x43, 0x66, 0xd2, + 0x0c, 0xa3, 0x5a, 0xca, 0x78, 0x3e, 0x34, 0xa5, 0x35, 0xa8, 0x2d, 0x9f, 0x6b, 0x93, 0x83, 0xb0, + 0x5b, 0x47, 0x3f, 0x7e, 0x7d, 0x99, 0x58, 0x64, 0xf3, 0x38, 0x2c, 0x49, 0x33, 0x1f, 0x43, 0xe3, + 0x63, 0xca, 0xee, 0x7b, 0x0d, 0x1a, 0x91, 0x99, 0xb4, 0x47, 0x2e, 0x02, 0x2d, 0x74, 0x51, 0x6d, + 0xfe, 0xc4, 0xa6, 0x20, 0x89, 0xd5, 0x11, 0xad, 0xda, 0x28, 0x41, 0xa3, 0x9f, 0x3d, 0x52, 0x49, + 0xe9, 0xd3, 0x11, 0xde, 0x45, 0x59, 0xe3, 0xc9, 0x3e, 0x5b, 0x44, 0x42, 0x73, 0xec, 0xda, 0x59, + 0x42, 0x4e, 0xf8, 0x91, 0x47, 0xa6, 0x9e, 0x46, 0xc6, 0xd2, 0xb9, 0xb3, 0x5c, 0xb0, 0x7d, 0x6a, + 0xdb, 0x63, 0xe1, 0xe0, 0x10, 0x58, 0x15, 0x79, 0x50, 0x3a, 0xc2, 0x83, 0x7e, 0xf2, 0xc8, 0xe4, + 0x63, 0x28, 0xe5, 0x30, 0xa6, 0x3c, 0xdc, 0x44, 0xfc, 0x05, 0x7a, 0x63, 0xa4, 0x30, 0x1f, 0xdd, + 0x54, 0x1c, 0xd2, 0xaf, 0x1e, 0xa9, 0xa4, 0x03, 0x31, 0x5a, 0x99, 0xc2, 0xa0, 0x8c, 0x8b, 0xd1, + 0x06, 0x32, 0x5a, 0xab, 0xad, 0x8e, 0x32, 0xca, 0xe1, 0xdd, 0x9f, 0x74, 0x47, 0x58, 0xc1, 0x91, + 0xa2, 0xab, 0xd8, 0x6b, 0x52, 0x49, 0x1b, 0xb1, 0x2c, 0x5d, 0x65, 0x8d, 0x99, 0xe9, 0x6f, 0x94, + 0xea, 0xdf, 0x27, 0xc4, 0x15, 0xaa, 0x95, 0x40, 0x6c, 0x4d, 0x59, 0xf4, 0x65, 0x9e, 0x2e, 0x15, + 0xa7, 0x90, 0xbb, 0xc5, 0xc3, 0x93, 0x26, 0x47, 0x17, 0x2c, 0xf2, 0x6d, 0x04, 0x59, 0xa1, 0xf5, + 0x12, 0x10, 0x1f, 0x30, 0xfa, 0xd6, 0xe6, 0xb7, 0xe3, 0xba, 0xf7, 0xfd, 0xb8, 0xee, 0xfd, 0x3c, + 0xae, 0x7b, 0x6f, 0x1a, 0x17, 0xad, 0x9c, 0xe2, 0x0e, 0xdd, 0xad, 0xe0, 0x6a, 0xd9, 0xf8, 0x13, + 0x00, 0x00, 0xff, 0xff, 0x24, 0x68, 0x71, 0xdc, 0x5c, 0x07, 0x00, 0x00, } diff --git a/server/project/project.pb.gw.go b/server/project/project.pb.gw.go index 6690d1287dca3..3b86c74d99eec 100644 --- a/server/project/project.pb.gw.go +++ b/server/project/project.pb.gw.go @@ -41,6 +41,23 @@ func request_ProjectService_CreateToken_0(ctx context.Context, marshaler runtime } +var ( + filter_ProjectService_DeleteToken_0 = &utilities.DoubleArray{Encoding: map[string]int{}, Base: []int(nil), Check: []int(nil)} +) + +func request_ProjectService_DeleteToken_0(ctx context.Context, marshaler runtime.Marshaler, client ProjectServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq ProjectTokenDeleteRequest + var metadata runtime.ServerMetadata + + if err := runtime.PopulateQueryParameters(&protoReq, req.URL.Query(), filter_ProjectService_DeleteToken_0); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := client.DeleteToken(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) + return msg, metadata, err + +} + func request_ProjectService_Create_0(ctx context.Context, marshaler runtime.Marshaler, client ProjectServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { var protoReq ProjectCreateRequest var metadata runtime.ServerMetadata @@ -250,6 +267,35 @@ func RegisterProjectServiceHandlerClient(ctx context.Context, mux *runtime.Serve }) + mux.Handle("DELETE", pattern_ProjectService_DeleteToken_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + if cn, ok := w.(http.CloseNotifier); ok { + go func(done <-chan struct{}, closed <-chan bool) { + select { + case <-done: + case <-closed: + cancel() + } + }(ctx.Done(), cn.CloseNotify()) + } + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := request_ProjectService_DeleteToken_0(rctx, inboundMarshaler, client, req, pathParams) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_ProjectService_DeleteToken_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + mux.Handle("POST", pattern_ProjectService_Create_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { ctx, cancel := context.WithCancel(req.Context()) defer cancel() @@ -430,6 +476,8 @@ func RegisterProjectServiceHandlerClient(ctx context.Context, mux *runtime.Serve var ( pattern_ProjectService_CreateToken_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"api", "v1", "projects", "token"}, "")) + pattern_ProjectService_DeleteToken_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"api", "v1", "projects", "token"}, "")) + pattern_ProjectService_Create_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"api", "v1", "projects"}, "")) pattern_ProjectService_List_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"api", "v1", "projects"}, "")) @@ -446,6 +494,8 @@ var ( var ( forward_ProjectService_CreateToken_0 = runtime.ForwardResponseMessage + forward_ProjectService_DeleteToken_0 = runtime.ForwardResponseMessage + forward_ProjectService_Create_0 = runtime.ForwardResponseMessage forward_ProjectService_List_0 = runtime.ForwardResponseMessage diff --git a/server/project/project.proto b/server/project/project.proto index 0b02aa2f0fe24..996b12ed5ca93 100644 --- a/server/project/project.proto +++ b/server/project/project.proto @@ -18,6 +18,12 @@ message ProjectCreateRequest { github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.AppProject project = 1; } +// ProjectTokenCreateRequest defines project token deletion parameters. +message ProjectTokenDeleteRequest { + string project = 1; + string token = 2; +} + // ProjectTokenCreateRequest defines project token creation parameters. message ProjectTokenCreateRequest { string project = 1; @@ -52,6 +58,11 @@ service ProjectService { }; } + // Create a new project token. + rpc DeleteToken(ProjectTokenDeleteRequest) returns (EmptyResponse) { + option (google.api.http).delete = "/api/v1/projects/token"; + } + // Create a new project. rpc Create(ProjectCreateRequest) returns (github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.AppProject) { option (google.api.http) = { diff --git a/server/project/project_test.go b/server/project/project_test.go index 9a70ea55b5073..901f6f164fbd1 100644 --- a/server/project/project_test.go +++ b/server/project/project_test.go @@ -141,6 +141,20 @@ func TestProjectServer(t *testing.T) { assert.Equal(t, "proj:test:test", subject) assert.Nil(t, err) }) + + t.Run("TestDeleteTokenSuccesfully", func(t *testing.T) { + sessionMgr := session.NewSessionManager(&settings.ArgoCDSettings{}) + projWithToken := existingProj.DeepCopy() + tokenName := "test" + token := v1alpha1.ProjectToken{Name: tokenName} + projWithToken.Spec.Tokens = append(projWithToken.Spec.Tokens, token) + + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, util.NewKeyLock(), sessionMgr) + _, err := projectServer.DeleteToken(context.Background(), &ProjectTokenDeleteRequest{Project: projWithToken.Name, Token: tokenName}) + assert.Nil(t, err) + assert.Len(t, projWithToken.Spec.Tokens, 1) + }) + t.Run("TestCreateDuplicateTokenFailure", func(t *testing.T) { sessionMgr := session.NewSessionManager(&settings.ArgoCDSettings{}) projWithToken := existingProj.DeepCopy() @@ -173,4 +187,14 @@ func TestProjectServer(t *testing.T) { assert.Equal(t, projWithToken.Spec.Tokens[0].Policies[0], expectedPolicy) }) + t.Run("TestCreateDuplicateTokenPolicyFailure", func(t *testing.T) { + // sessionMgr := session.NewSessionManager(&settings.ArgoCDSettings{}) + // projWithToken := existingProj.DeepCopy() + // tokenName := "test" + // token := v1alpha1.ProjectToken{Name: tokenName} + // projWithToken.Spec.Tokens = append(projWithToken.Spec.Tokens, token) + // projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, util.NewKeyLock(), sessionMgr) + // _, err := projectServer.CreateToken(context.Background(), &ProjectTokenCreateRequest{Project: projWithToken.Name, Token: tokenName}) + // assert.EqualError(t, err, "rpc error: code = AlreadyExists desc = 'test' token already exist for project 'test'") + }) } diff --git a/server/swagger.json b/server/swagger.json index fa1aadc22d814..aae5b20e2f3d9 100644 --- a/server/swagger.json +++ b/server/swagger.json @@ -720,6 +720,21 @@ } } } + }, + "delete": { + "tags": [ + "ProjectService" + ], + "summary": "Create a new project token.", + "operationId": "DeleteToken", + "responses": { + "200": { + "description": "(empty)", + "schema": { + "$ref": "#/definitions/projectEmptyResponse" + } + } + } } }, "/api/v1/projects/{name}": { From c72fab0b32413620a68d4ab416adcef66b0fb96b Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Thu, 2 Aug 2018 14:32:35 -0700 Subject: [PATCH 08/43] Add policy validation --- server/project/project.go | 54 +++++++++++++++++++++ server/project/project_test.go | 89 ++++++++++++++++++++++++++++++---- 2 files changed, 134 insertions(+), 9 deletions(-) diff --git a/server/project/project.go b/server/project/project.go index 920bcebcf8044..8c1f9c9fed796 100644 --- a/server/project/project.go +++ b/server/project/project.go @@ -164,6 +164,37 @@ func getRemovedSources(oldProj, newProj *v1alpha1.AppProject) map[string]bool { return removed } +func validatePolicy(proj string, token string, policy string) error { + policyComponents := strings.Split(policy, ",") + if len(policyComponents) != 5 { + return status.Errorf(codes.InvalidArgument, "incorrect number of policy arguements for '%s'", policy) + + } + if strings.Trim(policyComponents[0], " ") != "p" { + return status.Errorf(codes.InvalidArgument, "token policy can only contain policies: '%s'", policy) + } + roleComponents := strings.Split(strings.Trim(policyComponents[1], " "), ":") + if len(roleComponents) != 3 { + return status.Errorf(codes.InvalidArgument, "incorrect number of role arguments for '%s' policy", policy) + } + if roleComponents[0] != "proj" { + return status.Errorf(codes.InvalidArgument, "incorrect policy format for '%s' as role should start with 'proj:'", policy) + } + if roleComponents[1] != proj { + return status.Errorf(codes.InvalidArgument, "incorrect policy format for '%s' as policy can't grant access to other projects", policy) + } + if roleComponents[2] != token { + return status.Errorf(codes.InvalidArgument, "incorrect policy format for '%s' as policy can't grant access to other tokens", policy) + } + if strings.Trim(policyComponents[2], " ") != "projects" { + return status.Errorf(codes.InvalidArgument, "incorrect format for '%s' as token policies can only access projects", policy) + } + if !strings.HasPrefix(strings.Trim(policyComponents[4], " "), proj) { + return status.Errorf(codes.InvalidArgument, "incorrect token policy format for '%s' as token policies can't grant access to other tokens or projects", policy) + } + return nil +} + func validateProject(p *v1alpha1.AppProject) error { destKeys := make(map[string]bool) for _, dest := range p.Spec.Destinations { @@ -184,6 +215,29 @@ func validateProject(p *v1alpha1.AppProject) error { return status.Errorf(codes.InvalidArgument, "source repository %s should not be listed more than once.", src) } } + + tokensNames := make(map[string]bool) + for _, token := range p.Spec.Tokens { + existingPolicies := make(map[string]bool) + for _, policy := range token.Policies { + err := validatePolicy(p.Name, token.Name, policy) + if err != nil { + return err + } + if _, ok := existingPolicies[policy]; !ok { + existingPolicies[policy] = true + } else { + return status.Errorf(codes.AlreadyExists, "token policy '%s' already exists for token '%s'", policy, token.Name) + } + } + if _, ok := tokensNames[token.Name]; !ok { + tokensNames[token.Name] = true + } else { + return status.Errorf(codes.AlreadyExists, "Token '%s' already exists", token) + } + + } + return nil } diff --git a/server/project/project_test.go b/server/project/project_test.go index 901f6f164fbd1..b00aa84cdbf9e 100644 --- a/server/project/project_test.go +++ b/server/project/project_test.go @@ -187,14 +187,85 @@ func TestProjectServer(t *testing.T) { assert.Equal(t, projWithToken.Spec.Tokens[0].Policies[0], expectedPolicy) }) - t.Run("TestCreateDuplicateTokenPolicyFailure", func(t *testing.T) { - // sessionMgr := session.NewSessionManager(&settings.ArgoCDSettings{}) - // projWithToken := existingProj.DeepCopy() - // tokenName := "test" - // token := v1alpha1.ProjectToken{Name: tokenName} - // projWithToken.Spec.Tokens = append(projWithToken.Spec.Tokens, token) - // projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, util.NewKeyLock(), sessionMgr) - // _, err := projectServer.CreateToken(context.Background(), &ProjectTokenCreateRequest{Project: projWithToken.Name, Token: tokenName}) - // assert.EqualError(t, err, "rpc error: code = AlreadyExists desc = 'test' token already exist for project 'test'") + t.Run("TestCreateTokenPolicyDuplicatePolicyFailure", func(t *testing.T) { + action := "create" + object := "testObject" + tokenName := "test" + policyTemplate := "p, proj:%s:%s, projects, %s, %s/%s" + + projWithToken := existingProj.DeepCopy() + token := v1alpha1.ProjectToken{Name: tokenName} + policy := fmt.Sprintf(policyTemplate, projWithToken.Name, tokenName, action, projWithToken.Name, object) + token.Policies = append(token.Policies, policy) + token.Policies = append(token.Policies, policy) + projWithToken.Spec.Tokens = append(projWithToken.Spec.Tokens, token) + + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, util.NewKeyLock(), nil) + request := &ProjectUpdateRequest{Project: projWithToken} + _, err := projectServer.Update(context.Background(), request) + expectedErr := fmt.Sprintf("rpc error: code = AlreadyExists desc = token policy '%s' already exists for token '%s'", policy, tokenName) + assert.EqualError(t, err, expectedErr) + }) + + t.Run("TestValidityProjectAccessToSeparateProjectObjectFailure", func(t *testing.T) { + action := "create" + object := "testObject" + tokenName := "test" + otherProject := "other-project" + policyTemplate := "p, proj:%s:%s, projects, %s, %s/%s" + + projWithToken := existingProj.DeepCopy() + token := v1alpha1.ProjectToken{Name: tokenName} + policy := fmt.Sprintf(policyTemplate, projWithToken.Name, tokenName, action, otherProject, object) + token.Policies = append(token.Policies, policy) + token.Policies = append(token.Policies, policy) + projWithToken.Spec.Tokens = append(projWithToken.Spec.Tokens, token) + + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, util.NewKeyLock(), nil) + request := &ProjectUpdateRequest{Project: projWithToken} + _, err := projectServer.Update(context.Background(), request) + expectedErr := fmt.Sprintf("rpc error: code = InvalidArgument desc = incorrect token policy format for '%s' as token policies can't grant access to other tokens or projects", policy) + assert.EqualError(t, err, expectedErr) + }) + + t.Run("TestValidityProjectIncorrectProjectInRoleFailure", func(t *testing.T) { + action := "create" + object := "testObject" + tokenName := "test" + otherProject := "other-project" + policyTemplate := "p, proj:%s:%s, projects, %s, %s/%s" + + projWithToken := existingProj.DeepCopy() + token := v1alpha1.ProjectToken{Name: tokenName} + invalidPolicy := fmt.Sprintf(policyTemplate, otherProject, tokenName, action, projWithToken.Name, object) + token.Policies = append(token.Policies, invalidPolicy) + projWithToken.Spec.Tokens = append(projWithToken.Spec.Tokens, token) + + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, util.NewKeyLock(), nil) + request := &ProjectUpdateRequest{Project: projWithToken} + _, err := projectServer.Update(context.Background(), request) + expectedErr := fmt.Sprintf("rpc error: code = InvalidArgument desc = incorrect policy format for '%s' as policy can't grant access to other projects", invalidPolicy) + assert.EqualError(t, err, expectedErr) + }) + + t.Run("TestValidityProjectIncorrectTokenInRoleFailure", func(t *testing.T) { + action := "create" + object := "testObject" + tokenName := "test" + policyTemplate := "p, proj:%s:%s, projects, %s, %s/%s" + otherToken := "other-token" + + projWithToken := existingProj.DeepCopy() + token := v1alpha1.ProjectToken{Name: tokenName} + invalidPolicy := fmt.Sprintf(policyTemplate, projWithToken.Name, otherToken, action, projWithToken.Name, object) + token.Policies = append(token.Policies, invalidPolicy) + token.Policies = append(token.Policies, invalidPolicy) + projWithToken.Spec.Tokens = append(projWithToken.Spec.Tokens, token) + + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, util.NewKeyLock(), nil) + request := &ProjectUpdateRequest{Project: projWithToken} + _, err := projectServer.Update(context.Background(), request) + expectedErr := fmt.Sprintf("rpc error: code = InvalidArgument desc = incorrect policy format for '%s' as policy can't grant access to other tokens", invalidPolicy) + assert.EqualError(t, err, expectedErr) }) } From f5f5973963618557f68e73e0cdedf176ae4b9770 Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Mon, 6 Aug 2018 09:33:48 -0500 Subject: [PATCH 09/43] Fix broken tests --- pkg/apis/application/v1alpha1/generated.proto | 1 - pkg/apis/application/v1alpha1/types.go | 1 - server/application/application_test.go | 2 +- server/project/project.go | 19 ++++++---- server/project/project_test.go | 37 ++++++++++--------- server/swagger.json | 2 +- util/rbac/rbac.go | 1 - util/rbac/rbac_test.go | 24 ++++++------ util/session/sessionmanager_test.go | 2 +- 9 files changed, 45 insertions(+), 44 deletions(-) diff --git a/pkg/apis/application/v1alpha1/generated.proto b/pkg/apis/application/v1alpha1/generated.proto index 5e3efa8596c5c..c95742861d1d0 100644 --- a/pkg/apis/application/v1alpha1/generated.proto +++ b/pkg/apis/application/v1alpha1/generated.proto @@ -285,7 +285,6 @@ message OperationState { optional k8s.io.apimachinery.pkg.apis.meta.v1.Time finishedAt = 7; } -// ProjectToken TODO: Check if everything should be capitalized // ProjectToken contains metadata of a token for a project message ProjectToken { optional string name = 1; diff --git a/pkg/apis/application/v1alpha1/types.go b/pkg/apis/application/v1alpha1/types.go index ba5ec37653448..711b061494751 100644 --- a/pkg/apis/application/v1alpha1/types.go +++ b/pkg/apis/application/v1alpha1/types.go @@ -477,7 +477,6 @@ func (proj *AppProject) GetTokenIndex(name string) (int, error) { return -1, fmt.Errorf("token '%s' does not exist in project '%s'", name, proj.Name) } -// ProjectToken TODO: Check if everything should be capitalized // ProjectToken contains metadata of a token for a project type ProjectToken struct { Name string `json:"name" protobuf:"bytes,1,opt,name=name"` diff --git a/server/application/application_test.go b/server/application/application_test.go index 885689dadb640..f6748744dedb7 100644 --- a/server/application/application_test.go +++ b/server/application/application_test.go @@ -75,7 +75,7 @@ func fakeListDirResponse() *repository.FileList { // return an ApplicationServiceServer which returns fake data func newTestAppServer() ApplicationServiceServer { kubeclientset := fake.NewSimpleClientset() - enforcer := rbac.NewEnforcer(kubeclientset, testNamespace, common.ArgoCDRBACConfigMapName, nil) + enforcer := rbac.NewEnforcer(kubeclientset, nil, testNamespace, common.ArgoCDRBACConfigMapName, nil) enforcer.SetBuiltinPolicy(test.BuiltinPolicy) enforcer.SetDefaultRole("role:admin") diff --git a/server/project/project.go b/server/project/project.go index 8c1f9c9fed796..666bf931648ab 100644 --- a/server/project/project.go +++ b/server/project/project.go @@ -23,6 +23,11 @@ import ( "k8s.io/client-go/kubernetes" ) +const ( + // JwtTokenSubTemplate format of the JWT token subject that ArgoCD vends out. + JwtTokenSubFormat = "proj:%s:%s" +) + // Server provides a Project service type Server struct { ns string @@ -56,16 +61,14 @@ func (s *Server) CreateToken(ctx context.Context, q *ProjectTokenCreateRequest) s.projectLock.Lock(q.Project) defer s.projectLock.Unlock(q.Project) - //TODO: Verify inputs - for _, projectToken := range project.Spec.Tokens { - if projectToken.Name == q.Token { - return nil, status.Errorf(codes.AlreadyExists, "'%s' token already exist for project '%s'", q.Token, q.Project) - } + _, err = project.GetTokenIndex(q.Token) + if err == nil { + return nil, status.Errorf(codes.AlreadyExists, "'%s' token already exist for project '%s'", q.Token, q.Project) } - //TODO: Move string somewhere common - roleName := fmt.Sprintf("proj:%s:%s", q.Project, q.Token) - jwtToken, err := s.sessionMgr.Create(roleName, q.SecondsBeforeExpiry) + + tokenName := fmt.Sprintf(JwtTokenSubFormat, q.Project, q.Token) + jwtToken, err := s.sessionMgr.Create(tokenName, q.SecondsBeforeExpiry) if err != nil { return nil, err } diff --git a/server/project/project_test.go b/server/project/project_test.go index b00aa84cdbf9e..1522ae89092f8 100644 --- a/server/project/project_test.go +++ b/server/project/project_test.go @@ -37,6 +37,8 @@ func TestProjectServer(t *testing.T) { }, } + policyTemplate := "p, proj:%s:%s, projects, %s, %s/%s" + t.Run("TestRemoveDestinationSuccessful", func(t *testing.T) { existingApp := v1alpha1.Application{ ObjectMeta: v1.ObjectMeta{Name: "test", Namespace: "default"}, @@ -129,7 +131,7 @@ func TestProjectServer(t *testing.T) { sessionMgr := session.NewSessionManager(&settings.ArgoCDSettings{}) projWithoutToken := existingProj.DeepCopy() projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithoutToken), enforcer, util.NewKeyLock(), sessionMgr) - tokenName := "test" + tokenName := "testToken" tokenResponse, err := projectServer.CreateToken(context.Background(), &ProjectTokenCreateRequest{Project: projWithoutToken.Name, Token: tokenName, SecondsBeforeExpiry: 1}) assert.Nil(t, err) claims, err := sessionMgr.Parse(tokenResponse.Token) @@ -138,39 +140,41 @@ func TestProjectServer(t *testing.T) { mapClaims, err := jwtUtil.MapClaims(claims) subject, ok := mapClaims["sub"].(string) assert.True(t, ok) - assert.Equal(t, "proj:test:test", subject) + expectedSubject := fmt.Sprintf(JwtTokenSubFormat, projWithoutToken.Name, tokenName) + assert.Equal(t, expectedSubject, subject) assert.Nil(t, err) }) t.Run("TestDeleteTokenSuccesfully", func(t *testing.T) { sessionMgr := session.NewSessionManager(&settings.ArgoCDSettings{}) projWithToken := existingProj.DeepCopy() - tokenName := "test" + tokenName := "testToken" token := v1alpha1.ProjectToken{Name: tokenName} projWithToken.Spec.Tokens = append(projWithToken.Spec.Tokens, token) projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, util.NewKeyLock(), sessionMgr) _, err := projectServer.DeleteToken(context.Background(), &ProjectTokenDeleteRequest{Project: projWithToken.Name, Token: tokenName}) assert.Nil(t, err) - assert.Len(t, projWithToken.Spec.Tokens, 1) + projWithoutToken, err := projectServer.Get(context.Background(), &ProjectQuery{Name: projWithToken.Name}) + assert.Len(t, projWithoutToken.Spec.Tokens, 0) }) t.Run("TestCreateDuplicateTokenFailure", func(t *testing.T) { sessionMgr := session.NewSessionManager(&settings.ArgoCDSettings{}) projWithToken := existingProj.DeepCopy() - tokenName := "test" + tokenName := "testToken" token := v1alpha1.ProjectToken{Name: tokenName} - projWithToken.Spec.Tokens = append(projWithToken.Spec.Tokens, token) + projWithToken.Spec.Token = append(projWithToken.Spec.Token, token) projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, util.NewKeyLock(), sessionMgr) _, err := projectServer.CreateToken(context.Background(), &ProjectTokenCreateRequest{Project: projWithToken.Name, Token: tokenName}) - assert.EqualError(t, err, "rpc error: code = AlreadyExists desc = 'test' token already exist for project 'test'") + expectedError := fmt.Sprintf("rpc error: code = AlreadyExists desc = '%s' token already exist for project '%s'", tokenName, projWithToken.Name) + assert.EqualError(t, err, expectedError) }) t.Run("TestCreateTokenPolicySuccessfully", func(t *testing.T) { action := "create" object := "testObject" - tokenName := "test" - policyTemplate := "p, proj:%s:%s, projects, %s, %s/%s" + tokenName := "testToken" projWithToken := existingProj.DeepCopy() token := v1alpha1.ProjectToken{Name: tokenName} @@ -190,8 +194,7 @@ func TestProjectServer(t *testing.T) { t.Run("TestCreateTokenPolicyDuplicatePolicyFailure", func(t *testing.T) { action := "create" object := "testObject" - tokenName := "test" - policyTemplate := "p, proj:%s:%s, projects, %s, %s/%s" + tokenName := "testToken" projWithToken := existingProj.DeepCopy() token := v1alpha1.ProjectToken{Name: tokenName} @@ -207,18 +210,16 @@ func TestProjectServer(t *testing.T) { assert.EqualError(t, err, expectedErr) }) - t.Run("TestValidityProjectAccessToSeparateProjectObjectFailure", func(t *testing.T) { + t.Run("TestValidateProjectAccessToSeparateProjectObjectFailure", func(t *testing.T) { action := "create" object := "testObject" tokenName := "test" otherProject := "other-project" policyTemplate := "p, proj:%s:%s, projects, %s, %s/%s" - projWithToken := existingProj.DeepCopy() token := v1alpha1.ProjectToken{Name: tokenName} policy := fmt.Sprintf(policyTemplate, projWithToken.Name, tokenName, action, otherProject, object) token.Policies = append(token.Policies, policy) - token.Policies = append(token.Policies, policy) projWithToken.Spec.Tokens = append(projWithToken.Spec.Tokens, token) projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, util.NewKeyLock(), nil) @@ -228,10 +229,10 @@ func TestProjectServer(t *testing.T) { assert.EqualError(t, err, expectedErr) }) - t.Run("TestValidityProjectIncorrectProjectInRoleFailure", func(t *testing.T) { + t.Run("TestValidateProjectIncorrectProjectInRoleFailure", func(t *testing.T) { action := "create" object := "testObject" - tokenName := "test" + tokenName := "testToken" otherProject := "other-project" policyTemplate := "p, proj:%s:%s, projects, %s, %s/%s" @@ -248,10 +249,10 @@ func TestProjectServer(t *testing.T) { assert.EqualError(t, err, expectedErr) }) - t.Run("TestValidityProjectIncorrectTokenInRoleFailure", func(t *testing.T) { + t.Run("TestValidateProjectIncorrectTokenInRoleFailure", func(t *testing.T) { action := "create" object := "testObject" - tokenName := "test" + tokenName := "testToken" policyTemplate := "p, proj:%s:%s, projects, %s, %s/%s" otherToken := "other-token" diff --git a/server/swagger.json b/server/swagger.json index aae5b20e2f3d9..d16e8c3875480 100644 --- a/server/swagger.json +++ b/server/swagger.json @@ -2334,7 +2334,7 @@ }, "v1alpha1ProjectToken": { "type": "object", - "title": "ProjectToken TODO: Check if everything should be capitalized\nProjectToken contains metadata of a token for a project", + "title": "ProjectToken contains metadata of a token for a project", "properties": { "createdAt": { "type": "string", diff --git a/util/rbac/rbac.go b/util/rbac/rbac.go index c43c848c0765c..68046bf99ddff 100644 --- a/util/rbac/rbac.go +++ b/util/rbac/rbac.go @@ -143,7 +143,6 @@ func (e *Enforcer) defaultEnforceClaims(rvals ...interface{}) bool { if tokenCreationTime != iat { return false } - //TODO: Add verification of created at time adapter := scas.NewAdapter(projPolicy) enf := casbin.NewEnforcer(model, adapter) enf.EnableLog(false) diff --git a/util/rbac/rbac_test.go b/util/rbac/rbac_test.go index 5582e5f51e9e8..675c6a7599c70 100644 --- a/util/rbac/rbac_test.go +++ b/util/rbac/rbac_test.go @@ -47,7 +47,7 @@ func fakeConfigMap(policy ...string) *apiv1.ConfigMap { // TestBuiltinPolicyEnforcer tests the builtin policy rules func TestBuiltinPolicyEnforcer(t *testing.T) { kubeclientset := fake.NewSimpleClientset() - enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfgMapName, nil) + enf := NewEnforcer(kubeclientset, nil, fakeNamespace, fakeConfgMapName, nil) err := enf.syncUpdate(fakeConfigMap()) assert.Nil(t, err) @@ -86,7 +86,7 @@ func TestPolicyInformer(t *testing.T) { cm := fakeConfigMap() cm.Data[ConfigMapPolicyCSVKey] = "p, admin, applications, delete, */*, allow" kubeclientset := fake.NewSimpleClientset(cm) - enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfgMapName, nil) + enf := NewEnforcer(kubeclientset, nil, fakeNamespace, fakeConfgMapName, nil) ctx := context.Background() ctx, cancel := context.WithCancel(ctx) @@ -113,7 +113,7 @@ func TestPolicyInformer(t *testing.T) { // TestResourceActionWildcards verifies the ability to use wildcards in resources and actions func TestResourceActionWildcards(t *testing.T) { kubeclientset := fake.NewSimpleClientset(fakeConfigMap()) - enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfgMapName, nil) + enf := NewEnforcer(kubeclientset, nil, fakeNamespace, fakeConfgMapName, nil) policy := ` p, alice, *, get, foo/obj, allow p, bob, repositories, *, foo/obj, allow @@ -176,7 +176,7 @@ p, trudy, applications/secrets, get, foo/obj, deny // TestProjectIsolationEnforcement verifies the ability to create Project specific policies func TestProjectIsolationEnforcement(t *testing.T) { kubeclientset := fake.NewSimpleClientset(fakeConfigMap()) - enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfgMapName, nil) + enf := NewEnforcer(kubeclientset, nil, fakeNamespace, fakeConfgMapName, nil) policy := ` p, role:foo-admin, *, *, foo/*, allow p, role:bar-admin, *, *, bar/*, allow @@ -196,7 +196,7 @@ g, bob, role:bar-admin // TestProjectReadOnly verifies the ability to have a read only role in a Project func TestProjectReadOnly(t *testing.T) { kubeclientset := fake.NewSimpleClientset(fakeConfigMap()) - enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfgMapName, nil) + enf := NewEnforcer(kubeclientset, nil, fakeNamespace, fakeConfgMapName, nil) policy := ` p, role:foo-readonly, *, get, foo/*, allow g, alice, role:foo-readonly @@ -211,7 +211,7 @@ g, alice, role:foo-readonly func TestEnforceClaims(t *testing.T) { kubeclientset := fake.NewSimpleClientset(fakeConfigMap()) - enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfgMapName, nil) + enf := NewEnforcer(kubeclientset, nil, fakeNamespace, fakeConfgMapName, nil) enf.SetBuiltinPolicy(box.String(builtinPolicyFile)) policy := ` g, org2:team2, role:admin @@ -242,7 +242,7 @@ g, bob, role:admin // TestDefaultRole tests the ability to set a default role func TestDefaultRole(t *testing.T) { kubeclientset := fake.NewSimpleClientset() - enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfgMapName, nil) + enf := NewEnforcer(kubeclientset, nil, fakeNamespace, fakeConfgMapName, nil) err := enf.syncUpdate(fakeConfigMap()) assert.Nil(t, err) enf.SetBuiltinPolicy(box.String(builtinPolicyFile)) @@ -259,7 +259,7 @@ func TestDefaultRole(t *testing.T) { // TestURLAsObjectName tests the ability to have a URL as an object name func TestURLAsObjectName(t *testing.T) { kubeclientset := fake.NewSimpleClientset() - enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfgMapName, nil) + enf := NewEnforcer(kubeclientset, nil, fakeNamespace, fakeConfgMapName, nil) err := enf.syncUpdate(fakeConfigMap()) assert.Nil(t, err) policy := ` @@ -279,7 +279,7 @@ p, cathy, repositories, *, foo/*, allow func TestEnforceNilClaims(t *testing.T) { kubeclientset := fake.NewSimpleClientset(fakeConfigMap()) - enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfgMapName, nil) + enf := NewEnforcer(kubeclientset, nil, fakeNamespace, fakeConfgMapName, nil) enf.SetBuiltinPolicy(box.String(builtinPolicyFile)) assert.False(t, enf.EnforceClaims(nil, "applications", "get", "foo/obj")) enf.SetDefaultRole("role:readonly") @@ -288,7 +288,7 @@ func TestEnforceNilClaims(t *testing.T) { func TestEnableDisableEnforce(t *testing.T) { kubeclientset := fake.NewSimpleClientset(fakeConfigMap()) - enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfgMapName, nil) + enf := NewEnforcer(kubeclientset, nil, fakeNamespace, fakeConfgMapName, nil) policy := ` p, alice, *, get, foo/obj, allow p, mike, *, get, foo/obj, deny @@ -309,7 +309,7 @@ p, mike, *, get, foo/obj, deny func TestUpdatePolicy(t *testing.T) { kubeclientset := fake.NewSimpleClientset(fakeConfigMap()) - enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfgMapName, nil) + enf := NewEnforcer(kubeclientset, nil, fakeNamespace, fakeConfgMapName, nil) enf.SetUserPolicy("p, alice, *, get, foo/obj, allow") assert.True(t, enf.Enforce("alice", "applications", "get", "foo/obj")) @@ -339,6 +339,6 @@ func TestUpdatePolicy(t *testing.T) { func TestNoPolicy(t *testing.T) { cm := fakeConfigMap() kubeclientset := fake.NewSimpleClientset(cm) - enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfgMapName, nil) + enf := NewEnforcer(kubeclientset, nil, fakeNamespace, fakeConfgMapName, nil) assert.False(t, enf.Enforce("admin", "applications", "delete", "foo/bar")) } diff --git a/util/session/sessionmanager_test.go b/util/session/sessionmanager_test.go index 0e050d043009a..823f71bee01a4 100644 --- a/util/session/sessionmanager_test.go +++ b/util/session/sessionmanager_test.go @@ -22,7 +22,7 @@ func TestSessionManager(t *testing.T) { t.Errorf("Could not create token: %v", err) } - claims, err := mgr.Parse(token) + claims, err := mgr.Parse(token.Token) if err != nil { t.Errorf("Could not parse token: %v", err) } From 94eaf6f69f578cd1341e5cb896fe44121c4a0246 Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Mon, 6 Aug 2018 16:28:46 -0700 Subject: [PATCH 10/43] Refactor token to use more generic role --- cmd/argocd/commands/project.go | 51 +- pkg/apis/application/v1alpha1/generated.pb.go | 711 ++++++++++++------ pkg/apis/application/v1alpha1/generated.proto | 19 +- pkg/apis/application/v1alpha1/types.go | 53 +- .../v1alpha1/zz_generated.deepcopy.go | 64 +- server/project/project.go | 77 +- server/project/project_test.go | 121 +-- server/swagger.json | 38 +- util/rbac/rbac.go | 52 +- util/rbac/rbac_test.go | 70 ++ 10 files changed, 870 insertions(+), 386 deletions(-) diff --git a/cmd/argocd/commands/project.go b/cmd/argocd/commands/project.go index b01b4cf277fbd..0089243934543 100644 --- a/cmd/argocd/commands/project.go +++ b/cmd/argocd/commands/project.go @@ -115,27 +115,34 @@ func NewProjectAddTokenPolicyCommand(clientOpts *argocdclient.ClientOptions) *co c.HelpFunc()(c, args) os.Exit(1) } + if len(opts.action) <= 0 { + log.Fatal("Action needs to longer than 0 characters") + } + if len(opts.object) <= 0 { + log.Fatal("Objects needs to longer than 0 characters") + + } if opts.permission != "allow" && opts.permission != "deny" { log.Fatal("Permission flag can only have the values 'allow' or 'deny'") } projName := args[0] - tokenName := args[1] + roleName := args[1] conn, projIf := argocdclient.NewClientOrDie(clientOpts).NewProjectClientOrDie() defer util.Close(conn) proj, err := projIf.Get(context.Background(), &project.ProjectQuery{Name: projName}) errors.CheckError(err) - tokenIndex, err := proj.GetTokenIndex(tokenName) + roleIndex, err := proj.GetRoleIndex(roleName) if err != nil { log.Fatal(err) } - token := proj.Spec.Tokens[tokenIndex] + role := proj.Spec.Roles[roleIndex] policyTemplate := "p, proj:%s:%s, projects, %s, %s/%s" - policy := fmt.Sprintf(policyTemplate, proj.Name, token.Name, opts.action, proj.Name, opts.object) - proj.Spec.Tokens[tokenIndex].Policies = append(token.Policies, policy) + policy := fmt.Sprintf(policyTemplate, proj.Name, role.Name, opts.action, proj.Name, opts.object) + proj.Spec.Roles[roleIndex].Policies = append(role.Policies, policy) _, err = projIf.Update(context.Background(), &project.ProjectUpdateRequest{Project: proj}) errors.CheckError(err) @@ -162,34 +169,42 @@ func NewProjectRemoveTokenPolicyCommand(clientOpts *argocdclient.ClientOptions) log.Fatal("Permission flag can only have the values 'allow' or 'deny'") } + if len(opts.action) <= 0 { + log.Fatal("Action needs to longer than 0 characters") + } + if len(opts.object) <= 0 { + log.Fatal("Objects needs to longer than 0 characters") + + } + projName := args[0] - tokenName := args[1] + roleName := args[1] conn, projIf := argocdclient.NewClientOrDie(clientOpts).NewProjectClientOrDie() defer util.Close(conn) proj, err := projIf.Get(context.Background(), &project.ProjectQuery{Name: projName}) errors.CheckError(err) - tokenIndex, err := proj.GetTokenIndex(tokenName) + roleIndex, err := proj.GetRoleIndex(roleName) if err != nil { log.Fatal(err) } - token := proj.Spec.Tokens[tokenIndex] + role := proj.Spec.Roles[roleIndex] policyTemplate := "p, proj:%s:%s, projects, %s, %s/%s" - policyToRemove := fmt.Sprintf(policyTemplate, proj.Name, token.Name, opts.action, proj.Name, opts.object) + policyToRemove := fmt.Sprintf(policyTemplate, proj.Name, role.Name, opts.action, proj.Name, opts.object) duplicateIndex := -1 - for i, policy := range token.Policies { + for i, policy := range role.Policies { if policy == policyToRemove { duplicateIndex = i break } } if duplicateIndex < 0 { - log.Fatal("Policy does not exist in token.") + log.Fatal("Policy does not exist in role.") } - token.Policies[duplicateIndex] = token.Policies[len(token.Policies)-1] - proj.Spec.Tokens[tokenIndex].Policies = token.Policies[:len(token.Policies)-1] + role.Policies[duplicateIndex] = role.Policies[len(role.Policies)-1] + proj.Spec.Roles[roleIndex].Policies = role.Policies[:len(role.Policies)-1] _, err = projIf.Update(context.Background(), &project.ProjectUpdateRequest{Project: proj}) errors.CheckError(err) }, @@ -247,10 +262,12 @@ func NewProjectListTokenCommand(clientOpts *argocdclient.ClientOptions) *cobra.C errors.CheckError(err) w := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0) fmt.Fprintf(w, "TOKEN-NAME\tCREATED-AT\tPOLICIES\n") - for _, token := range project.Spec.Tokens { - fmt.Fprintf(w, "%s\t%d\t\n", token.Name, token.CreatedAt) - for _, policy := range token.Policies { - fmt.Fprintf(w, "%s\t%d\t%s\n", token.Name, token.CreatedAt, policy) + for _, role := range project.Spec.Roles { + if role.Metadata.JwtToken != nil { + fmt.Fprintf(w, "%s\t%d\t\n", role.Name, role.Metadata.JwtToken.CreatedAt) + for _, policy := range role.Policies { + fmt.Fprintf(w, "%s\t%d\t%s\n", role.Name, role.Metadata.JwtToken.CreatedAt, policy) + } } } _ = w.Flush() diff --git a/pkg/apis/application/v1alpha1/generated.pb.go b/pkg/apis/application/v1alpha1/generated.pb.go index 158799af252c1..fca1d63ea2b85 100644 --- a/pkg/apis/application/v1alpha1/generated.pb.go +++ b/pkg/apis/application/v1alpha1/generated.pb.go @@ -28,9 +28,11 @@ DeploymentInfo HealthStatus HookStatus + JwtTokenMetadata Operation OperationState - ProjectToken + ProjectRole + ProjectRoleMetatdata Repository RepositoryList ResourceDetails @@ -150,65 +152,73 @@ func (m *HookStatus) Reset() { *m = HookStatus{} } func (*HookStatus) ProtoMessage() {} func (*HookStatus) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{19} } +func (m *JwtTokenMetadata) Reset() { *m = JwtTokenMetadata{} } +func (*JwtTokenMetadata) ProtoMessage() {} +func (*JwtTokenMetadata) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{20} } + func (m *Operation) Reset() { *m = Operation{} } func (*Operation) ProtoMessage() {} -func (*Operation) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{20} } +func (*Operation) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{21} } func (m *OperationState) Reset() { *m = OperationState{} } func (*OperationState) ProtoMessage() {} -func (*OperationState) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{21} } +func (*OperationState) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{22} } + +func (m *ProjectRole) Reset() { *m = ProjectRole{} } +func (*ProjectRole) ProtoMessage() {} +func (*ProjectRole) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{23} } -func (m *ProjectToken) Reset() { *m = ProjectToken{} } -func (*ProjectToken) ProtoMessage() {} -func (*ProjectToken) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{22} } +func (m *ProjectRoleMetatdata) Reset() { *m = ProjectRoleMetatdata{} } +func (*ProjectRoleMetatdata) ProtoMessage() {} +func (*ProjectRoleMetatdata) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{24} } func (m *Repository) Reset() { *m = Repository{} } func (*Repository) ProtoMessage() {} -func (*Repository) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{23} } +func (*Repository) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{25} } func (m *RepositoryList) Reset() { *m = RepositoryList{} } func (*RepositoryList) ProtoMessage() {} -func (*RepositoryList) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{24} } +func (*RepositoryList) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{26} } func (m *ResourceDetails) Reset() { *m = ResourceDetails{} } func (*ResourceDetails) ProtoMessage() {} -func (*ResourceDetails) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{25} } +func (*ResourceDetails) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{27} } func (m *ResourceNode) Reset() { *m = ResourceNode{} } func (*ResourceNode) ProtoMessage() {} -func (*ResourceNode) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{26} } +func (*ResourceNode) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{28} } func (m *ResourceState) Reset() { *m = ResourceState{} } func (*ResourceState) ProtoMessage() {} -func (*ResourceState) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{27} } +func (*ResourceState) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{29} } func (m *RollbackOperation) Reset() { *m = RollbackOperation{} } func (*RollbackOperation) ProtoMessage() {} -func (*RollbackOperation) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{28} } +func (*RollbackOperation) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{30} } func (m *SyncOperation) Reset() { *m = SyncOperation{} } func (*SyncOperation) ProtoMessage() {} -func (*SyncOperation) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{29} } +func (*SyncOperation) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{31} } func (m *SyncOperationResult) Reset() { *m = SyncOperationResult{} } func (*SyncOperationResult) ProtoMessage() {} -func (*SyncOperationResult) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{30} } +func (*SyncOperationResult) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{32} } func (m *SyncStrategy) Reset() { *m = SyncStrategy{} } func (*SyncStrategy) ProtoMessage() {} -func (*SyncStrategy) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{31} } +func (*SyncStrategy) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{33} } func (m *SyncStrategyApply) Reset() { *m = SyncStrategyApply{} } func (*SyncStrategyApply) ProtoMessage() {} -func (*SyncStrategyApply) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{32} } +func (*SyncStrategyApply) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{34} } func (m *SyncStrategyHook) Reset() { *m = SyncStrategyHook{} } func (*SyncStrategyHook) ProtoMessage() {} -func (*SyncStrategyHook) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{33} } +func (*SyncStrategyHook) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{35} } func (m *TLSClientConfig) Reset() { *m = TLSClientConfig{} } func (*TLSClientConfig) ProtoMessage() {} -func (*TLSClientConfig) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{34} } +func (*TLSClientConfig) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{36} } func init() { proto.RegisterType((*AppProject)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.AppProject") @@ -231,9 +241,11 @@ func init() { proto.RegisterType((*DeploymentInfo)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.DeploymentInfo") proto.RegisterType((*HealthStatus)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.HealthStatus") proto.RegisterType((*HookStatus)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.HookStatus") + proto.RegisterType((*JwtTokenMetadata)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.JwtTokenMetadata") proto.RegisterType((*Operation)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.Operation") proto.RegisterType((*OperationState)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.OperationState") - proto.RegisterType((*ProjectToken)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.ProjectToken") + proto.RegisterType((*ProjectRole)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.ProjectRole") + proto.RegisterType((*ProjectRoleMetatdata)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.ProjectRoleMetatdata") proto.RegisterType((*Repository)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.Repository") proto.RegisterType((*RepositoryList)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.RepositoryList") proto.RegisterType((*ResourceDetails)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.ResourceDetails") @@ -365,8 +377,8 @@ func (m *AppProjectSpec) MarshalTo(dAtA []byte) (int, error) { i++ i = encodeVarintGenerated(dAtA, i, uint64(len(m.Description))) i += copy(dAtA[i:], m.Description) - if len(m.Tokens) > 0 { - for _, msg := range m.Tokens { + if len(m.Roles) > 0 { + for _, msg := range m.Roles { dAtA[i] = 0x22 i++ i = encodeVarintGenerated(dAtA, i, uint64(msg.Size())) @@ -1090,6 +1102,27 @@ func (m *HookStatus) MarshalTo(dAtA []byte) (int, error) { return i, nil } +func (m *JwtTokenMetadata) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *JwtTokenMetadata) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + dAtA[i] = 0x18 + i++ + i = encodeVarintGenerated(dAtA, i, uint64(m.CreatedAt)) + return i, nil +} + func (m *Operation) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -1200,7 +1233,7 @@ func (m *OperationState) MarshalTo(dAtA []byte) (int, error) { return i, nil } -func (m *ProjectToken) Marshal() (dAtA []byte, err error) { +func (m *ProjectRole) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalTo(dAtA) @@ -1210,7 +1243,7 @@ func (m *ProjectToken) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *ProjectToken) MarshalTo(dAtA []byte) (int, error) { +func (m *ProjectRole) MarshalTo(dAtA []byte) (int, error) { var i int _ = i var l int @@ -1234,9 +1267,44 @@ func (m *ProjectToken) MarshalTo(dAtA []byte) (int, error) { i += copy(dAtA[i:], s) } } - dAtA[i] = 0x18 - i++ - i = encodeVarintGenerated(dAtA, i, uint64(m.CreatedAt)) + if m.Metadata != nil { + dAtA[i] = 0x1a + i++ + i = encodeVarintGenerated(dAtA, i, uint64(m.Metadata.Size())) + n30, err := m.Metadata.MarshalTo(dAtA[i:]) + if err != nil { + return 0, err + } + i += n30 + } + return i, nil +} + +func (m *ProjectRoleMetatdata) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *ProjectRoleMetatdata) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + if m.JwtToken != nil { + dAtA[i] = 0xa + i++ + i = encodeVarintGenerated(dAtA, i, uint64(m.JwtToken.Size())) + n31, err := m.JwtToken.MarshalTo(dAtA[i:]) + if err != nil { + return 0, err + } + i += n31 + } return i, nil } @@ -1274,11 +1342,11 @@ func (m *Repository) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0x2a i++ i = encodeVarintGenerated(dAtA, i, uint64(m.ConnectionState.Size())) - n30, err := m.ConnectionState.MarshalTo(dAtA[i:]) + n32, err := m.ConnectionState.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n30 + i += n32 return i, nil } @@ -1300,11 +1368,11 @@ func (m *RepositoryList) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0xa i++ i = encodeVarintGenerated(dAtA, i, uint64(m.ListMeta.Size())) - n31, err := m.ListMeta.MarshalTo(dAtA[i:]) + n33, err := m.ListMeta.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n31 + i += n33 if len(m.Items) > 0 { for _, msg := range m.Items { dAtA[i] = 0x12 @@ -1434,11 +1502,11 @@ func (m *ResourceState) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0x2a i++ i = encodeVarintGenerated(dAtA, i, uint64(m.Health.Size())) - n32, err := m.Health.MarshalTo(dAtA[i:]) + n34, err := m.Health.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n32 + i += n34 return i, nil } @@ -1518,11 +1586,11 @@ func (m *SyncOperation) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0x22 i++ i = encodeVarintGenerated(dAtA, i, uint64(m.SyncStrategy.Size())) - n33, err := m.SyncStrategy.MarshalTo(dAtA[i:]) + n35, err := m.SyncStrategy.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n33 + i += n35 } return i, nil } @@ -1592,21 +1660,21 @@ func (m *SyncStrategy) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0xa i++ i = encodeVarintGenerated(dAtA, i, uint64(m.Apply.Size())) - n34, err := m.Apply.MarshalTo(dAtA[i:]) + n36, err := m.Apply.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n34 + i += n36 } if m.Hook != nil { dAtA[i] = 0x12 i++ i = encodeVarintGenerated(dAtA, i, uint64(m.Hook.Size())) - n35, err := m.Hook.MarshalTo(dAtA[i:]) + n37, err := m.Hook.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n35 + i += n37 } return i, nil } @@ -1655,11 +1723,11 @@ func (m *SyncStrategyHook) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0xa i++ i = encodeVarintGenerated(dAtA, i, uint64(m.SyncStrategyApply.Size())) - n36, err := m.SyncStrategyApply.MarshalTo(dAtA[i:]) + n38, err := m.SyncStrategyApply.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n36 + i += n38 return i, nil } @@ -1761,8 +1829,8 @@ func (m *AppProjectSpec) Size() (n int) { } l = len(m.Description) n += 1 + l + sovGenerated(uint64(l)) - if len(m.Tokens) > 0 { - for _, e := range m.Tokens { + if len(m.Roles) > 0 { + for _, e := range m.Roles { l = e.Size() n += 1 + l + sovGenerated(uint64(l)) } @@ -2037,6 +2105,13 @@ func (m *HookStatus) Size() (n int) { return n } +func (m *JwtTokenMetadata) Size() (n int) { + var l int + _ = l + n += 1 + sovGenerated(uint64(m.CreatedAt)) + return n +} + func (m *Operation) Size() (n int) { var l int _ = l @@ -2077,7 +2152,7 @@ func (m *OperationState) Size() (n int) { return n } -func (m *ProjectToken) Size() (n int) { +func (m *ProjectRole) Size() (n int) { var l int _ = l l = len(m.Name) @@ -2088,7 +2163,20 @@ func (m *ProjectToken) Size() (n int) { n += 1 + l + sovGenerated(uint64(l)) } } - n += 1 + sovGenerated(uint64(m.CreatedAt)) + if m.Metadata != nil { + l = m.Metadata.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + return n +} + +func (m *ProjectRoleMetatdata) Size() (n int) { + var l int + _ = l + if m.JwtToken != nil { + l = m.JwtToken.Size() + n += 1 + l + sovGenerated(uint64(l)) + } return n } @@ -2308,7 +2396,7 @@ func (this *AppProjectSpec) String() string { `SourceRepos:` + fmt.Sprintf("%v", this.SourceRepos) + `,`, `Destinations:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Destinations), "ApplicationDestination", "ApplicationDestination", 1), `&`, ``, 1) + `,`, `Description:` + fmt.Sprintf("%v", this.Description) + `,`, - `Tokens:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Tokens), "ProjectToken", "ProjectToken", 1), `&`, ``, 1) + `,`, + `Roles:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Roles), "ProjectRole", "ProjectRole", 1), `&`, ``, 1) + `,`, `}`, }, "") return s @@ -2526,6 +2614,16 @@ func (this *HookStatus) String() string { }, "") return s } +func (this *JwtTokenMetadata) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&JwtTokenMetadata{`, + `CreatedAt:` + fmt.Sprintf("%v", this.CreatedAt) + `,`, + `}`, + }, "") + return s +} func (this *Operation) String() string { if this == nil { return "nil" @@ -2553,14 +2651,24 @@ func (this *OperationState) String() string { }, "") return s } -func (this *ProjectToken) String() string { +func (this *ProjectRole) String() string { if this == nil { return "nil" } - s := strings.Join([]string{`&ProjectToken{`, + s := strings.Join([]string{`&ProjectRole{`, `Name:` + fmt.Sprintf("%v", this.Name) + `,`, `Policies:` + fmt.Sprintf("%v", this.Policies) + `,`, - `CreatedAt:` + fmt.Sprintf("%v", this.CreatedAt) + `,`, + `Metadata:` + strings.Replace(fmt.Sprintf("%v", this.Metadata), "ProjectRoleMetatdata", "ProjectRoleMetatdata", 1) + `,`, + `}`, + }, "") + return s +} +func (this *ProjectRoleMetatdata) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&ProjectRoleMetatdata{`, + `JwtToken:` + strings.Replace(fmt.Sprintf("%v", this.JwtToken), "JwtTokenMetadata", "JwtTokenMetadata", 1) + `,`, `}`, }, "") return s @@ -3060,7 +3168,7 @@ func (m *AppProjectSpec) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Tokens", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Roles", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -3084,8 +3192,8 @@ func (m *AppProjectSpec) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Tokens = append(m.Tokens, ProjectToken{}) - if err := m.Tokens[len(m.Tokens)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + m.Roles = append(m.Roles, ProjectRole{}) + if err := m.Roles[len(m.Roles)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex @@ -5736,6 +5844,75 @@ func (m *HookStatus) Unmarshal(dAtA []byte) error { } return nil } +func (m *JwtTokenMetadata) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: JwtTokenMetadata: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: JwtTokenMetadata: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 3: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field CreatedAt", wireType) + } + m.CreatedAt = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.CreatedAt |= (int64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func (m *Operation) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 @@ -6119,7 +6296,7 @@ func (m *OperationState) Unmarshal(dAtA []byte) error { } return nil } -func (m *ProjectToken) Unmarshal(dAtA []byte) error { +func (m *ProjectRole) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -6142,10 +6319,10 @@ func (m *ProjectToken) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: ProjectToken: wiretype end group for non-group") + return fmt.Errorf("proto: ProjectRole: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: ProjectToken: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: ProjectRole: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -6207,10 +6384,10 @@ func (m *ProjectToken) Unmarshal(dAtA []byte) error { m.Policies = append(m.Policies, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex case 3: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field CreatedAt", wireType) + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) } - m.CreatedAt = 0 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowGenerated @@ -6220,11 +6397,108 @@ func (m *ProjectToken) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.CreatedAt |= (int64(b) & 0x7F) << shift + msglen |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Metadata == nil { + m.Metadata = &ProjectRoleMetatdata{} + } + if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *ProjectRoleMetatdata) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ProjectRoleMetatdata: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ProjectRoleMetatdata: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field JwtToken", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= (int(b) & 0x7F) << shift if b < 0x80 { break } } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.JwtToken == nil { + m.JwtToken = &JwtTokenMetadata{} + } + if err := m.JwtToken.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -8026,163 +8300,166 @@ func init() { } var fileDescriptorGenerated = []byte{ - // 2515 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xd4, 0x59, 0x4d, 0x8c, 0x1c, 0x47, - 0x15, 0x76, 0xcf, 0xdf, 0xce, 0xbc, 0xd9, 0x1f, 0xbb, 0xf2, 0xc3, 0xe0, 0x48, 0xbb, 0xab, 0x0e, - 0x3f, 0x06, 0x25, 0x33, 0xd8, 0x10, 0x30, 0x3f, 0x42, 0xf2, 0xec, 0xda, 0xf1, 0x66, 0xfd, 0xb3, - 0xd4, 0x6c, 0x82, 0x14, 0xa2, 0x40, 0xbb, 0xa7, 0x76, 0xa6, 0x3d, 0x33, 0xdd, 0x9d, 0xae, 0x9a, - 0xb1, 0x46, 0x22, 0x28, 0x08, 0x21, 0x01, 0x01, 0x09, 0x84, 0x10, 0x57, 0x0e, 0x9c, 0x10, 0x12, - 0x12, 0xe2, 0x84, 0xc4, 0x01, 0x0e, 0xc8, 0xc7, 0x1c, 0x40, 0x44, 0x01, 0xad, 0xf0, 0xe6, 0x12, - 0x89, 0x03, 0x67, 0x72, 0x42, 0xf5, 0xd3, 0x5d, 0xd5, 0x3d, 0xbb, 0xec, 0xda, 0xd3, 0x36, 0x70, - 0xeb, 0x7e, 0xef, 0xf5, 0xfb, 0x5e, 0xbd, 0x7a, 0xf5, 0x7e, 0xaa, 0x61, 0xab, 0xe7, 0xb1, 0xfe, - 0xf8, 0x56, 0xd3, 0x0d, 0x46, 0x2d, 0x27, 0xea, 0x05, 0x61, 0x14, 0xdc, 0x16, 0x0f, 0xcf, 0xba, - 0xdd, 0x56, 0x38, 0xe8, 0xb5, 0x9c, 0xd0, 0xa3, 0x2d, 0x27, 0x0c, 0x87, 0x9e, 0xeb, 0x30, 0x2f, - 0xf0, 0x5b, 0x93, 0xf3, 0xce, 0x30, 0xec, 0x3b, 0xe7, 0x5b, 0x3d, 0xe2, 0x93, 0xc8, 0x61, 0xa4, - 0xdb, 0x0c, 0xa3, 0x80, 0x05, 0xe8, 0xb3, 0x5a, 0x55, 0x33, 0x56, 0x25, 0x1e, 0xbe, 0xea, 0x76, - 0x9b, 0xe1, 0xa0, 0xd7, 0xe4, 0xaa, 0x9a, 0x86, 0xaa, 0x66, 0xac, 0xea, 0xec, 0xb3, 0x86, 0x15, - 0xbd, 0xa0, 0x17, 0xb4, 0x84, 0xc6, 0x5b, 0xe3, 0x3d, 0xf1, 0x26, 0x5e, 0xc4, 0x93, 0x44, 0x3a, - 0xfb, 0xa9, 0xc1, 0x45, 0xda, 0xf4, 0x02, 0x6e, 0xdb, 0xc8, 0x71, 0xfb, 0x9e, 0x4f, 0xa2, 0xa9, - 0x36, 0x76, 0x44, 0x98, 0xd3, 0x9a, 0xcc, 0xd8, 0x77, 0xb6, 0x75, 0xd4, 0x57, 0xd1, 0xd8, 0x67, - 0xde, 0x88, 0xcc, 0x7c, 0xf0, 0xe9, 0xe3, 0x3e, 0xa0, 0x6e, 0x9f, 0x8c, 0x9c, 0x99, 0xef, 0x3e, - 0x79, 0xd4, 0x77, 0x63, 0xe6, 0x0d, 0x5b, 0x9e, 0xcf, 0x28, 0x8b, 0xb2, 0x1f, 0xd9, 0x7f, 0xb5, - 0x00, 0x2e, 0x85, 0xe1, 0x4e, 0x14, 0xdc, 0x26, 0x2e, 0x43, 0x5f, 0x83, 0x2a, 0x5f, 0x47, 0xd7, - 0x61, 0x4e, 0xc3, 0x5a, 0xb7, 0xce, 0xd5, 0x2f, 0x7c, 0xa2, 0x29, 0xd5, 0x36, 0x4d, 0xb5, 0xda, - 0xaf, 0x5c, 0xba, 0x39, 0x39, 0xdf, 0xbc, 0x79, 0x8b, 0x7f, 0x7f, 0x9d, 0x30, 0xa7, 0x8d, 0xee, - 0xee, 0xaf, 0x9d, 0x3a, 0xd8, 0x5f, 0x03, 0x4d, 0xc3, 0x89, 0x56, 0x34, 0x80, 0x12, 0x0d, 0x89, - 0xdb, 0x28, 0x08, 0xed, 0x5b, 0xcd, 0x07, 0xde, 0xbd, 0xa6, 0x36, 0xbb, 0x13, 0x12, 0xb7, 0xbd, - 0xa8, 0x60, 0x4b, 0xfc, 0x0d, 0x0b, 0x10, 0xfb, 0x1d, 0x0b, 0x96, 0xb5, 0xd8, 0x35, 0x8f, 0x32, - 0xf4, 0xca, 0xcc, 0x0a, 0x9b, 0x27, 0x5b, 0x21, 0xff, 0x5a, 0xac, 0xef, 0xb4, 0x02, 0xaa, 0xc6, - 0x14, 0x63, 0x75, 0xb7, 0xa1, 0xec, 0x31, 0x32, 0xa2, 0x8d, 0xc2, 0x7a, 0xf1, 0x5c, 0xfd, 0xc2, - 0xe5, 0x5c, 0x96, 0xd7, 0x5e, 0x52, 0x88, 0xe5, 0x2d, 0xae, 0x1b, 0x4b, 0x08, 0xfb, 0x5f, 0x05, - 0x73, 0x71, 0x7c, 0xd5, 0xe8, 0x3c, 0xd4, 0x69, 0x30, 0x8e, 0x5c, 0x82, 0x49, 0x18, 0xd0, 0x86, - 0xb5, 0x5e, 0x3c, 0x57, 0x6b, 0xaf, 0x1c, 0xec, 0xaf, 0xd5, 0x3b, 0x9a, 0x8c, 0x4d, 0x19, 0xf4, - 0xa6, 0x05, 0x8b, 0x5d, 0x42, 0x99, 0xe7, 0x0b, 0xfc, 0xd8, 0xf2, 0x2f, 0xcd, 0x67, 0x79, 0x4c, - 0xdc, 0xd4, 0x9a, 0xdb, 0x8f, 0xab, 0x55, 0x2c, 0x1a, 0x44, 0x8a, 0x53, 0xe0, 0xe8, 0x39, 0xa8, - 0x77, 0x09, 0x75, 0x23, 0x2f, 0xe4, 0xef, 0x8d, 0xe2, 0xba, 0x75, 0xae, 0xd6, 0x7e, 0x4c, 0x7d, - 0x58, 0xdf, 0xd4, 0x2c, 0x6c, 0xca, 0xa1, 0x00, 0x2a, 0x2c, 0x18, 0x10, 0x9f, 0x36, 0x4a, 0xc2, - 0xfa, 0xe7, 0xe7, 0xb0, 0x5e, 0xf9, 0x73, 0x97, 0xeb, 0x6b, 0x2f, 0x2b, 0xe8, 0x8a, 0x78, 0xa5, - 0x58, 0xc1, 0xd8, 0x7f, 0x2c, 0x42, 0xdd, 0x58, 0xe6, 0x23, 0x38, 0x37, 0xc3, 0xd4, 0xb9, 0x79, - 0x21, 0x9f, 0xed, 0x39, 0xea, 0xe0, 0x20, 0x06, 0x15, 0xca, 0x1c, 0x36, 0xa6, 0x62, 0x0b, 0xea, - 0x17, 0xae, 0xe5, 0x84, 0x27, 0x74, 0x6a, 0xaf, 0xca, 0x77, 0xac, 0xb0, 0xd0, 0x6b, 0x50, 0x0b, - 0x42, 0x9e, 0x9e, 0xf8, 0xde, 0x97, 0x04, 0xf0, 0xe6, 0x1c, 0xc0, 0x37, 0x63, 0x5d, 0xed, 0xa5, - 0x83, 0xfd, 0xb5, 0x5a, 0xf2, 0x8a, 0x35, 0x8a, 0xed, 0xc2, 0xe3, 0x86, 0x7d, 0x1b, 0x81, 0xdf, - 0xf5, 0xc4, 0x86, 0xae, 0x43, 0x89, 0x4d, 0x43, 0x22, 0x36, 0xb3, 0xa6, 0x5d, 0xb4, 0x3b, 0x0d, - 0x09, 0x16, 0x1c, 0xf4, 0x31, 0x58, 0x18, 0x11, 0x4a, 0x9d, 0x1e, 0x11, 0x7b, 0x52, 0x6b, 0xaf, - 0x28, 0xa1, 0x85, 0xeb, 0x92, 0x8c, 0x63, 0xbe, 0xfd, 0x1a, 0x3c, 0x79, 0xf8, 0x99, 0x40, 0x1f, - 0x81, 0x0a, 0x25, 0xd1, 0x84, 0x44, 0x0a, 0x48, 0x7b, 0x46, 0x50, 0xb1, 0xe2, 0xa2, 0x16, 0xd4, - 0x7c, 0x67, 0x44, 0x68, 0xe8, 0xb8, 0x31, 0xdc, 0x19, 0x25, 0x5a, 0xbb, 0x11, 0x33, 0xb0, 0x96, - 0xb1, 0xff, 0x66, 0xc1, 0x8a, 0x81, 0xf9, 0x08, 0x52, 0xdf, 0x20, 0x9d, 0xfa, 0xae, 0xe4, 0x13, - 0x31, 0x47, 0xe4, 0xbe, 0xdf, 0x17, 0xe1, 0x8c, 0x19, 0x57, 0x22, 0xa1, 0xf1, 0x2d, 0x89, 0x48, - 0x18, 0xbc, 0x88, 0xaf, 0x29, 0x77, 0x26, 0x5b, 0x82, 0x25, 0x19, 0xc7, 0x7c, 0xbe, 0xbf, 0xa1, - 0xc3, 0xfa, 0xca, 0x97, 0xc9, 0xfe, 0xee, 0x38, 0xac, 0x8f, 0x05, 0x87, 0xa7, 0x22, 0xe2, 0x4f, - 0xbc, 0x28, 0xf0, 0x47, 0xc4, 0x67, 0xd9, 0x54, 0x74, 0x59, 0xb3, 0xb0, 0x29, 0x87, 0xbe, 0x08, - 0xcb, 0xcc, 0x89, 0x7a, 0x84, 0x61, 0x32, 0xf1, 0x68, 0x1c, 0xc8, 0xb5, 0xf6, 0x93, 0xea, 0xcb, - 0xe5, 0xdd, 0x14, 0x17, 0x67, 0xa4, 0xd1, 0x6f, 0x2c, 0x78, 0xca, 0x0d, 0x46, 0x61, 0xe0, 0x13, - 0x9f, 0xed, 0x38, 0x91, 0x33, 0x22, 0x8c, 0x44, 0x37, 0x27, 0x24, 0x8a, 0xbc, 0x2e, 0xa1, 0x8d, - 0xb2, 0xf0, 0xee, 0xf5, 0x39, 0xbc, 0xbb, 0x31, 0xa3, 0xbd, 0xfd, 0xb4, 0x32, 0xee, 0xa9, 0x8d, - 0xa3, 0x91, 0xf1, 0x7f, 0x32, 0x8b, 0x57, 0x9e, 0x89, 0x33, 0x1c, 0x13, 0x7a, 0xc5, 0x1b, 0x12, - 0xda, 0xa8, 0xe8, 0xca, 0xf3, 0x92, 0x26, 0x63, 0x53, 0xc6, 0xfe, 0x5d, 0x21, 0x15, 0xa2, 0x9d, - 0x38, 0xef, 0x88, 0xbd, 0x54, 0x01, 0x9a, 0x57, 0xde, 0x11, 0x3a, 0x8d, 0xd3, 0x25, 0x0b, 0xa0, - 0xc2, 0x42, 0xdf, 0xb1, 0x44, 0xd9, 0x89, 0x4f, 0xa5, 0xca, 0xb1, 0x0f, 0xa1, 0x04, 0x9a, 0x95, - 0x2c, 0x26, 0x62, 0x13, 0x9a, 0x87, 0x70, 0x28, 0x0b, 0x90, 0x8a, 0xb8, 0x24, 0x84, 0x55, 0x5d, - 0xc2, 0x31, 0xdf, 0xfe, 0x59, 0x25, 0x7d, 0x06, 0x64, 0x0e, 0xfd, 0x91, 0x05, 0xa7, 0xf9, 0x46, - 0x39, 0x91, 0x47, 0x03, 0x1f, 0x13, 0x3a, 0x1e, 0x32, 0xe5, 0xcc, 0xed, 0x39, 0x83, 0xc6, 0x54, - 0xd9, 0x6e, 0x28, 0xbb, 0x4e, 0x67, 0x39, 0x78, 0x06, 0x1e, 0x31, 0x58, 0xe8, 0x7b, 0x94, 0x05, - 0xd1, 0x54, 0x25, 0x87, 0x79, 0xda, 0xbe, 0x4d, 0x12, 0x0e, 0x83, 0x29, 0x3f, 0x6b, 0x5b, 0xfe, - 0x5e, 0xa0, 0xfd, 0x73, 0x55, 0x22, 0xe0, 0x18, 0x0a, 0x7d, 0xd3, 0x02, 0x08, 0xe3, 0x48, 0xe5, - 0x85, 0xec, 0x21, 0x1c, 0x9c, 0xa4, 0x66, 0x27, 0x24, 0x8a, 0x0d, 0x50, 0xde, 0x98, 0xf4, 0x89, - 0x33, 0x64, 0x7d, 0x55, 0xce, 0xe6, 0x69, 0x4c, 0xae, 0x0a, 0x45, 0xd9, 0x12, 0x2a, 0xa9, 0x58, - 0xc1, 0xa0, 0x6f, 0x5b, 0xb0, 0x9c, 0x54, 0x37, 0x2e, 0x4b, 0x1a, 0xe5, 0xb9, 0x3b, 0xed, 0x9b, - 0x29, 0x85, 0x6d, 0xc4, 0xd3, 0x58, 0x9a, 0x86, 0x33, 0xa0, 0xe8, 0x5b, 0x16, 0x80, 0x1b, 0x57, - 0x53, 0x99, 0x0f, 0xea, 0x17, 0x6e, 0xe6, 0x73, 0xa2, 0x92, 0x2a, 0xad, 0xdd, 0x9f, 0x90, 0x28, - 0x36, 0x60, 0xed, 0x77, 0x2d, 0x78, 0xc2, 0xf8, 0xf0, 0xcb, 0x0e, 0x73, 0xfb, 0x97, 0x27, 0x3c, - 0x4d, 0x6f, 0xa7, 0xea, 0xfb, 0x67, 0xcc, 0xfa, 0xfe, 0xfe, 0xfe, 0xda, 0x47, 0x8f, 0x1a, 0xa5, - 0xee, 0x70, 0x0d, 0x4d, 0xa1, 0xc2, 0x68, 0x05, 0x5e, 0x87, 0xba, 0x61, 0xb3, 0x4a, 0x1f, 0x79, - 0x15, 0xc0, 0x24, 0x67, 0x18, 0x44, 0x6c, 0xe2, 0xd9, 0x7f, 0x2e, 0xc0, 0xc2, 0xc6, 0x70, 0x4c, - 0x19, 0x89, 0x4e, 0xdc, 0x50, 0xac, 0x43, 0x89, 0x37, 0x0b, 0xd9, 0xfa, 0xc7, 0x7b, 0x09, 0x2c, - 0x38, 0x28, 0x84, 0x8a, 0x1b, 0xf8, 0x7b, 0x5e, 0x4f, 0xb5, 0x80, 0x57, 0xe7, 0x39, 0x39, 0xd2, - 0xba, 0x0d, 0xa1, 0x4f, 0xdb, 0x24, 0xdf, 0xb1, 0xc2, 0x41, 0x3f, 0xb0, 0x60, 0xc5, 0x0d, 0x7c, - 0x9f, 0xb8, 0x3a, 0x78, 0x4b, 0x73, 0xb7, 0xbb, 0x1b, 0x69, 0x8d, 0xed, 0x0f, 0x28, 0xf4, 0x95, - 0x0c, 0x03, 0x67, 0xb1, 0xed, 0x5f, 0x17, 0x60, 0x29, 0x65, 0x39, 0x7a, 0x06, 0xaa, 0x63, 0x4a, - 0x22, 0xe1, 0x39, 0xe9, 0xdf, 0xa4, 0x23, 0x7a, 0x51, 0xd1, 0x71, 0x22, 0xc1, 0xa5, 0x43, 0x87, - 0xd2, 0x3b, 0x41, 0xd4, 0x55, 0x7e, 0x4e, 0xa4, 0x77, 0x14, 0x1d, 0x27, 0x12, 0xbc, 0xdf, 0xb8, - 0x45, 0x9c, 0x88, 0x44, 0x62, 0xd4, 0xc8, 0xf6, 0x1b, 0x6d, 0xcd, 0xc2, 0xa6, 0x9c, 0x70, 0x1a, - 0x1b, 0xd2, 0x8d, 0xa1, 0x47, 0x7c, 0x26, 0xcd, 0xcc, 0xc1, 0x69, 0xbb, 0xd7, 0x3a, 0xa6, 0x46, - 0xed, 0xb4, 0x0c, 0x03, 0x67, 0xb1, 0xed, 0x3f, 0x59, 0x50, 0x57, 0x4e, 0x7b, 0x04, 0x4d, 0x67, - 0x2f, 0xdd, 0x74, 0xb6, 0xe7, 0x8f, 0xd1, 0x23, 0x1a, 0xce, 0x5f, 0x16, 0x61, 0xa6, 0xd2, 0xa1, - 0x57, 0x79, 0x8e, 0xe3, 0x34, 0xd2, 0xbd, 0x14, 0x17, 0xd9, 0x8f, 0x9f, 0x6c, 0x75, 0xbb, 0xde, - 0x88, 0x98, 0xe9, 0x2b, 0xd6, 0x82, 0x0d, 0x8d, 0xe8, 0x0d, 0x4b, 0x03, 0xec, 0x06, 0x2a, 0xaf, - 0xe4, 0xdb, 0x12, 0xcd, 0x98, 0xb0, 0x1b, 0x60, 0x03, 0x13, 0x7d, 0x2e, 0x19, 0x04, 0xcb, 0x22, - 0x20, 0xed, 0xf4, 0xe8, 0xf6, 0x7e, 0xaa, 0x01, 0xc8, 0x8c, 0x73, 0x53, 0xa8, 0x45, 0x44, 0xb6, - 0x58, 0x71, 0x05, 0x98, 0x27, 0x89, 0x60, 0xa5, 0x4b, 0x1e, 0xe3, 0x64, 0xfc, 0x89, 0xc9, 0x14, - 0x6b, 0x34, 0xfb, 0xfb, 0x16, 0xa0, 0xd9, 0x72, 0xcd, 0xc7, 0xa8, 0xa4, 0x89, 0x55, 0x07, 0x38, - 0xd1, 0x93, 0x88, 0x63, 0x2d, 0x73, 0x82, 0x34, 0xf9, 0x34, 0x94, 0x45, 0x53, 0xab, 0x0e, 0x6c, - 0x12, 0x3d, 0xa2, 0xed, 0xc5, 0x92, 0x67, 0xff, 0xc1, 0x82, 0x6c, 0xba, 0x11, 0x99, 0x5a, 0x7a, - 0x36, 0x9b, 0xa9, 0xd3, 0x5e, 0x3c, 0xf9, 0x9c, 0x89, 0x5e, 0x81, 0xba, 0xc3, 0x18, 0x19, 0x85, - 0x4c, 0x04, 0x64, 0xf1, 0xbe, 0x03, 0x72, 0x99, 0x47, 0xc2, 0xf5, 0xa0, 0xeb, 0xed, 0x79, 0x22, - 0x18, 0x4d, 0x75, 0xf6, 0x7b, 0x45, 0x58, 0x4e, 0x37, 0x5f, 0x68, 0x0c, 0x15, 0xd1, 0xec, 0xc8, - 0xab, 0xa6, 0xdc, 0xbb, 0xab, 0xc4, 0x25, 0x82, 0x44, 0xb1, 0x02, 0xe3, 0x89, 0x35, 0x8a, 0xa7, - 0xab, 0x4c, 0x62, 0x4d, 0xe6, 0xaa, 0x44, 0xe2, 0xd8, 0x89, 0xaa, 0xf8, 0xbf, 0x39, 0x51, 0xbd, - 0x0a, 0xd0, 0x15, 0xde, 0x16, 0x7b, 0x59, 0x7a, 0xf0, 0xe4, 0xb2, 0x99, 0x68, 0xc1, 0x86, 0x46, - 0x74, 0x16, 0x0a, 0x5e, 0x57, 0x9c, 0xea, 0x62, 0x1b, 0x94, 0x6c, 0x61, 0x6b, 0x13, 0x17, 0xbc, - 0xae, 0x4d, 0x61, 0xd1, 0xec, 0x36, 0x4f, 0x1c, 0xab, 0x9f, 0x87, 0x25, 0xf9, 0xb4, 0x49, 0x98, - 0xe3, 0x0d, 0xa9, 0xda, 0x9d, 0x27, 0x94, 0xf8, 0x52, 0xc7, 0x64, 0xe2, 0xb4, 0xac, 0xfd, 0xd3, - 0x02, 0xc0, 0xd5, 0x20, 0x18, 0x28, 0xcc, 0xf8, 0xe8, 0x59, 0x47, 0x1e, 0xbd, 0x75, 0x28, 0x0d, - 0x3c, 0xbf, 0x9b, 0x3d, 0x9c, 0xdb, 0x9e, 0xdf, 0xc5, 0x82, 0x83, 0x2e, 0x00, 0x38, 0xa1, 0xf7, - 0x12, 0x89, 0xa8, 0xbe, 0x4d, 0x4c, 0xfc, 0x72, 0x69, 0x67, 0x4b, 0x71, 0xb0, 0x21, 0x85, 0x9e, - 0x51, 0x9d, 0xa1, 0x1c, 0xdb, 0x1b, 0x99, 0xce, 0xb0, 0xca, 0x2d, 0x34, 0x5a, 0xbf, 0x8b, 0x99, - 0xfc, 0xb8, 0x3e, 0x93, 0x1f, 0x75, 0xa7, 0xbc, 0xd3, 0x77, 0x28, 0x39, 0xec, 0x5c, 0x57, 0x8e, - 0xb9, 0x3f, 0xfa, 0x87, 0x05, 0xfa, 0xf6, 0x0a, 0xed, 0x41, 0x89, 0x4e, 0x7d, 0x57, 0xd5, 0x9b, - 0x79, 0x32, 0x6a, 0x67, 0xea, 0xbb, 0xfa, 0x92, 0xac, 0x2a, 0xee, 0x00, 0xa7, 0xbe, 0x8b, 0x85, - 0x7e, 0x34, 0x81, 0x6a, 0x14, 0x0c, 0x87, 0xb7, 0x1c, 0x77, 0x90, 0x43, 0xe9, 0xc1, 0x4a, 0x95, - 0xc6, 0x5b, 0x14, 0xe7, 0x55, 0x91, 0x71, 0x82, 0x65, 0xff, 0xaa, 0x0c, 0x99, 0xe9, 0x02, 0x8d, - 0xcd, 0x8b, 0x41, 0x2b, 0xc7, 0x8b, 0xc1, 0x24, 0xfb, 0x1f, 0x76, 0x39, 0x88, 0x9e, 0x83, 0x72, - 0xc8, 0xf7, 0x4c, 0x45, 0xd8, 0x5a, 0x9c, 0xdb, 0xc5, 0x46, 0x1e, 0xb2, 0xb5, 0x52, 0xda, 0xdc, - 0xd9, 0xe2, 0x31, 0x19, 0xfb, 0x1b, 0x00, 0xdc, 0xd7, 0x6a, 0x4c, 0x97, 0x87, 0xfc, 0x46, 0x5e, - 0x3b, 0xaa, 0x26, 0x75, 0x91, 0xd4, 0x3b, 0x09, 0x0a, 0x36, 0x10, 0xd1, 0xf7, 0x2c, 0x58, 0x8e, - 0x1d, 0xaf, 0x8c, 0x28, 0x3f, 0x14, 0x23, 0xc4, 0xcc, 0x88, 0x53, 0x48, 0x38, 0x83, 0x8c, 0xbe, - 0x02, 0x35, 0xca, 0x9c, 0x48, 0x16, 0xaf, 0xca, 0x7d, 0x27, 0xbc, 0x64, 0x2f, 0x3b, 0xb1, 0x12, - 0xac, 0xf5, 0xa1, 0x97, 0x01, 0xf6, 0x3c, 0xdf, 0xa3, 0x7d, 0xa1, 0x7d, 0xe1, 0xc1, 0x4a, 0xe3, - 0x95, 0x44, 0x03, 0x36, 0xb4, 0xd9, 0x6f, 0x5a, 0xb0, 0x68, 0xfe, 0x36, 0x38, 0x41, 0xee, 0x3a, - 0x07, 0xd5, 0x30, 0x18, 0x7a, 0xae, 0x47, 0x64, 0xef, 0x5a, 0x93, 0xc7, 0x61, 0x47, 0xd1, 0x70, - 0xc2, 0x15, 0x3d, 0x4b, 0x44, 0x1c, 0x5d, 0xd2, 0x8b, 0x46, 0xcf, 0x12, 0x33, 0xb0, 0x96, 0xb1, - 0xff, 0x52, 0x00, 0x10, 0xff, 0x76, 0x3c, 0x71, 0x0d, 0xb2, 0x0e, 0xa5, 0x88, 0x84, 0x41, 0xd6, - 0x16, 0x2e, 0x81, 0x05, 0x27, 0x35, 0xd5, 0x14, 0xee, 0x6b, 0xaa, 0x29, 0x1e, 0x3b, 0xd5, 0xf0, - 0x8a, 0x40, 0xfb, 0x3b, 0x91, 0x37, 0x71, 0x18, 0xd9, 0x26, 0x53, 0x95, 0x56, 0x75, 0x45, 0xe8, - 0x5c, 0xd5, 0x4c, 0x9c, 0x96, 0x3d, 0x74, 0x20, 0x2c, 0xff, 0x17, 0x07, 0xc2, 0x77, 0x2c, 0x58, - 0xd6, 0x9e, 0xfd, 0xff, 0xfa, 0x9d, 0xa8, 0xed, 0x3e, 0x62, 0xc2, 0xf9, 0xa7, 0x05, 0x2b, 0x71, - 0x2f, 0xad, 0x4a, 0x72, 0x2e, 0x35, 0x38, 0xf5, 0xeb, 0xa2, 0x78, 0xfc, 0xaf, 0x0b, 0x33, 0x7d, - 0x96, 0x8e, 0x49, 0x9f, 0x5f, 0xc8, 0x54, 0xdf, 0x0f, 0xcd, 0x54, 0x5f, 0x94, 0x4c, 0x0d, 0x53, - 0xdf, 0x4d, 0x77, 0x2b, 0xf6, 0x2f, 0x2c, 0x58, 0x8c, 0xd9, 0x37, 0x82, 0xae, 0xe8, 0xe5, 0xa9, - 0x08, 0x32, 0x2b, 0xdd, 0xcb, 0xcb, 0x70, 0x90, 0x3c, 0x34, 0x86, 0xaa, 0xdb, 0xf7, 0x86, 0xdd, - 0x88, 0xf8, 0x6a, 0x5b, 0x9e, 0xcf, 0x61, 0xa8, 0xe1, 0xf8, 0x3a, 0x14, 0x36, 0x14, 0x00, 0x4e, - 0xa0, 0xec, 0xdf, 0x16, 0x61, 0x29, 0x35, 0x01, 0xa1, 0xe7, 0xa0, 0x2e, 0xff, 0x1d, 0x74, 0x0c, - 0x9b, 0x93, 0x0b, 0x83, 0x5d, 0xcd, 0xc2, 0xa6, 0x1c, 0xdf, 0x8f, 0xa1, 0x37, 0x91, 0x3a, 0xb2, - 0xbf, 0x92, 0xae, 0xc5, 0x0c, 0xac, 0x65, 0x8c, 0x11, 0xb0, 0x78, 0xdf, 0x23, 0xe0, 0x8f, 0x2d, - 0x40, 0x62, 0x09, 0x5c, 0x73, 0x32, 0xa9, 0xe5, 0xf0, 0x97, 0x36, 0xe5, 0xb7, 0xb3, 0xca, 0x22, - 0xb4, 0x31, 0x03, 0x85, 0x0f, 0x81, 0x37, 0x6e, 0x65, 0xcb, 0x8f, 0xe4, 0x56, 0xd6, 0xfe, 0x3a, - 0x9c, 0x99, 0xe9, 0x7f, 0x54, 0x03, 0x6e, 0x1d, 0xd6, 0x80, 0xf3, 0x48, 0x0c, 0xa3, 0xb1, 0x2f, - 0x37, 0xa8, 0xaa, 0x23, 0x71, 0x87, 0x13, 0xb1, 0xe4, 0xf1, 0xae, 0xbc, 0x1b, 0x4d, 0xf1, 0x58, - 0x76, 0xb6, 0x55, 0x8d, 0xbe, 0x29, 0xa8, 0x58, 0x71, 0xed, 0xef, 0x16, 0x60, 0x29, 0x55, 0x93, - 0x53, 0x03, 0x94, 0x75, 0xec, 0x00, 0x95, 0xa7, 0x31, 0xe8, 0x75, 0x58, 0xa4, 0xe2, 0x28, 0x46, - 0x0e, 0x23, 0xbd, 0x69, 0x0e, 0xf7, 0xe2, 0x1d, 0x43, 0x5d, 0xfb, 0xf4, 0xc1, 0xfe, 0xda, 0xa2, - 0x49, 0xc1, 0x29, 0x38, 0xfb, 0xe7, 0x05, 0x78, 0xec, 0x90, 0xfe, 0x04, 0xdd, 0x31, 0xef, 0x2a, - 0xe4, 0x30, 0xfb, 0x42, 0x0e, 0xe1, 0xa9, 0x12, 0xa9, 0xfc, 0x01, 0x7d, 0xd8, 0x4d, 0xc5, 0x7d, - 0xce, 0xb2, 0x7b, 0x50, 0xee, 0x07, 0xc1, 0x20, 0x1e, 0x5a, 0xe7, 0x29, 0x08, 0x7a, 0xd4, 0x6a, - 0xd7, 0xf8, 0x6e, 0xf2, 0x77, 0x8a, 0xa5, 0x7a, 0xfb, 0x3d, 0x0b, 0x52, 0x5e, 0x44, 0x23, 0x28, - 0x73, 0x2d, 0xd3, 0x1c, 0xfe, 0xcb, 0x99, 0x7a, 0x2f, 0x71, 0x9d, 0x12, 0x5f, 0x3c, 0x62, 0x89, - 0x82, 0x3c, 0x28, 0x71, 0x43, 0xd4, 0xdc, 0xb1, 0x9d, 0x13, 0x1a, 0x5f, 0xa2, 0x1c, 0x73, 0xf8, - 0x13, 0x16, 0x10, 0xf6, 0x45, 0x38, 0x33, 0x63, 0x11, 0x0f, 0xf9, 0xbd, 0x20, 0xfe, 0x0d, 0x69, - 0x84, 0xfc, 0x15, 0x4e, 0xc4, 0x92, 0xc7, 0xeb, 0xc7, 0xe9, 0xac, 0x7a, 0xf4, 0x13, 0x0b, 0xce, - 0xd0, 0xac, 0xbe, 0x87, 0xe2, 0xb5, 0x0f, 0x2a, 0xa3, 0x66, 0xcd, 0xc7, 0xb3, 0x16, 0xf0, 0x1d, - 0xcd, 0x5e, 0xde, 0xf2, 0xd8, 0xf3, 0x7c, 0x4a, 0xdc, 0x71, 0x14, 0x2f, 0x34, 0x89, 0xbd, 0x2d, - 0x45, 0xc7, 0x89, 0x04, 0x1f, 0xa6, 0xe5, 0xcf, 0x83, 0x1b, 0xba, 0x51, 0x4c, 0x86, 0xe9, 0x4e, - 0xc2, 0xc1, 0x86, 0x14, 0x6f, 0x73, 0x5d, 0x12, 0xb1, 0x4d, 0xde, 0x1e, 0xf1, 0xbc, 0xb0, 0x28, - 0xdb, 0xdc, 0x0d, 0x45, 0xc3, 0x09, 0x17, 0x7d, 0x18, 0x16, 0x06, 0x64, 0x2a, 0x04, 0x4b, 0x42, - 0xb0, 0xce, 0x2b, 0xfe, 0xb6, 0x24, 0xe1, 0x98, 0x87, 0x6c, 0xa8, 0xb8, 0x8e, 0x90, 0x2a, 0x0b, - 0x29, 0x10, 0xff, 0x11, 0x2e, 0x09, 0x21, 0xc5, 0x69, 0x37, 0xef, 0xde, 0x5b, 0x3d, 0xf5, 0xd6, - 0xbd, 0xd5, 0x53, 0x6f, 0xdf, 0x5b, 0x3d, 0xf5, 0xc6, 0xc1, 0xaa, 0x75, 0xf7, 0x60, 0xd5, 0x7a, - 0xeb, 0x60, 0xd5, 0x7a, 0xfb, 0x60, 0xd5, 0xfa, 0xfb, 0xc1, 0xaa, 0xf5, 0xc3, 0x77, 0x57, 0x4f, - 0xbd, 0x5c, 0x8d, 0x5d, 0xfb, 0xef, 0x00, 0x00, 0x00, 0xff, 0xff, 0x8d, 0x42, 0xe6, 0x06, 0x8d, - 0x28, 0x00, 0x00, + // 2570 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xd4, 0x59, 0x4d, 0x6c, 0x1c, 0x49, + 0x15, 0x4e, 0xcf, 0x8f, 0xed, 0x79, 0xe3, 0xbf, 0xd4, 0xfe, 0x60, 0xb2, 0x92, 0x6d, 0xf5, 0xf2, + 0x13, 0xd0, 0xee, 0x0c, 0x31, 0x04, 0xc2, 0x8f, 0x90, 0x32, 0xe3, 0x64, 0xe3, 0x38, 0x89, 0x4d, + 0x8d, 0x77, 0x91, 0x96, 0xd5, 0x42, 0xa7, 0xa7, 0x3c, 0xd3, 0x99, 0x99, 0xee, 0xde, 0xae, 0x9a, + 0x89, 0x46, 0x62, 0xd1, 0x22, 0x84, 0xc4, 0xdf, 0x4a, 0x20, 0x84, 0xb8, 0x72, 0xe0, 0x84, 0x90, + 0x90, 0x10, 0x27, 0x24, 0x0e, 0x70, 0x40, 0x39, 0xee, 0x01, 0xc4, 0x6a, 0x41, 0x16, 0xf1, 0x5e, + 0x56, 0xe2, 0xc0, 0x89, 0xcb, 0x9e, 0x50, 0xfd, 0x74, 0x57, 0x75, 0x8f, 0x8d, 0x9d, 0x4c, 0x27, + 0xc0, 0xad, 0xfb, 0xbd, 0xd7, 0xef, 0x7b, 0xfd, 0xea, 0xd5, 0xfb, 0xa9, 0x82, 0xad, 0x8e, 0xc7, + 0xba, 0xc3, 0xdb, 0x35, 0x37, 0x18, 0xd4, 0x9d, 0xa8, 0x13, 0x84, 0x51, 0x70, 0x47, 0x3c, 0x3c, + 0xef, 0xb6, 0xeb, 0x61, 0xaf, 0x53, 0x77, 0x42, 0x8f, 0xd6, 0x9d, 0x30, 0xec, 0x7b, 0xae, 0xc3, + 0xbc, 0xc0, 0xaf, 0x8f, 0x2e, 0x38, 0xfd, 0xb0, 0xeb, 0x5c, 0xa8, 0x77, 0x88, 0x4f, 0x22, 0x87, + 0x91, 0x76, 0x2d, 0x8c, 0x02, 0x16, 0xa0, 0xcf, 0x6a, 0x55, 0xb5, 0x58, 0x95, 0x78, 0xf8, 0xaa, + 0xdb, 0xae, 0x85, 0xbd, 0x4e, 0x8d, 0xab, 0xaa, 0x19, 0xaa, 0x6a, 0xb1, 0xaa, 0x73, 0xcf, 0x1b, + 0x56, 0x74, 0x82, 0x4e, 0x50, 0x17, 0x1a, 0x6f, 0x0f, 0xf7, 0xc5, 0x9b, 0x78, 0x11, 0x4f, 0x12, + 0xe9, 0xdc, 0xa7, 0x7a, 0x97, 0x68, 0xcd, 0x0b, 0xb8, 0x6d, 0x03, 0xc7, 0xed, 0x7a, 0x3e, 0x89, + 0xc6, 0xda, 0xd8, 0x01, 0x61, 0x4e, 0x7d, 0x34, 0x61, 0xdf, 0xb9, 0xfa, 0x71, 0x5f, 0x45, 0x43, + 0x9f, 0x79, 0x03, 0x32, 0xf1, 0xc1, 0xa7, 0x4f, 0xfa, 0x80, 0xba, 0x5d, 0x32, 0x70, 0x26, 0xbe, + 0xfb, 0xe4, 0x71, 0xdf, 0x0d, 0x99, 0xd7, 0xaf, 0x7b, 0x3e, 0xa3, 0x2c, 0xca, 0x7e, 0x64, 0xff, + 0xd5, 0x02, 0xb8, 0x1c, 0x86, 0xbb, 0x51, 0x70, 0x87, 0xb8, 0x0c, 0x7d, 0x0d, 0xe6, 0xf8, 0x7f, + 0xb4, 0x1d, 0xe6, 0xac, 0x58, 0xeb, 0xd6, 0xf9, 0xea, 0xc6, 0x27, 0x6a, 0x52, 0x6d, 0xcd, 0x54, + 0xab, 0xfd, 0xca, 0xa5, 0x6b, 0xa3, 0x0b, 0xb5, 0x9d, 0xdb, 0xfc, 0xfb, 0x9b, 0x84, 0x39, 0x0d, + 0x74, 0xef, 0x60, 0xed, 0xcc, 0xe1, 0xc1, 0x1a, 0x68, 0x1a, 0x4e, 0xb4, 0xa2, 0x1e, 0x94, 0x68, + 0x48, 0xdc, 0x95, 0x82, 0xd0, 0xbe, 0x55, 0x7b, 0xe8, 0xd5, 0xab, 0x69, 0xb3, 0x5b, 0x21, 0x71, + 0x1b, 0xf3, 0x0a, 0xb6, 0xc4, 0xdf, 0xb0, 0x00, 0xb1, 0xdf, 0xb1, 0x60, 0x51, 0x8b, 0xdd, 0xf0, + 0x28, 0x43, 0xaf, 0x4c, 0xfc, 0x61, 0xed, 0x74, 0x7f, 0xc8, 0xbf, 0x16, 0xff, 0xb7, 0xac, 0x80, + 0xe6, 0x62, 0x8a, 0xf1, 0x77, 0x77, 0xa0, 0xec, 0x31, 0x32, 0xa0, 0x2b, 0x85, 0xf5, 0xe2, 0xf9, + 0xea, 0xc6, 0x95, 0x5c, 0x7e, 0xaf, 0xb1, 0xa0, 0x10, 0xcb, 0x5b, 0x5c, 0x37, 0x96, 0x10, 0xf6, + 0xbf, 0x0a, 0xe6, 0xcf, 0xf1, 0xbf, 0x46, 0x17, 0xa0, 0x4a, 0x83, 0x61, 0xe4, 0x12, 0x4c, 0xc2, + 0x80, 0xae, 0x58, 0xeb, 0xc5, 0xf3, 0x95, 0xc6, 0xd2, 0xe1, 0xc1, 0x5a, 0xb5, 0xa5, 0xc9, 0xd8, + 0x94, 0x41, 0xdf, 0xb7, 0x60, 0xbe, 0x4d, 0x28, 0xf3, 0x7c, 0x81, 0x1f, 0x5b, 0xfe, 0xa5, 0xe9, + 0x2c, 0x8f, 0x89, 0x9b, 0x5a, 0x73, 0xe3, 0x49, 0xf5, 0x17, 0xf3, 0x06, 0x91, 0xe2, 0x14, 0x38, + 0xba, 0x08, 0xd5, 0x36, 0xa1, 0x6e, 0xe4, 0x85, 0xfc, 0x7d, 0xa5, 0xb8, 0x6e, 0x9d, 0xaf, 0x34, + 0x9e, 0x50, 0x1f, 0x56, 0x37, 0x35, 0x0b, 0x9b, 0x72, 0xa8, 0x07, 0xe5, 0x28, 0xe8, 0x13, 0xba, + 0x52, 0x12, 0xc6, 0x5f, 0x9d, 0xc2, 0x78, 0xe5, 0x4e, 0x1c, 0xf4, 0x89, 0xf6, 0x3b, 0x7f, 0xa3, + 0x58, 0x62, 0xd8, 0x7f, 0x2c, 0x42, 0xd5, 0xf8, 0xc5, 0xc7, 0xb0, 0x67, 0xfa, 0xa9, 0x3d, 0x73, + 0x3d, 0x9f, 0xa5, 0x39, 0x6e, 0xd3, 0x20, 0x06, 0x33, 0x94, 0x39, 0x6c, 0x48, 0x85, 0xfb, 0xab, + 0x1b, 0x37, 0x72, 0xc2, 0x13, 0x3a, 0x1b, 0x8b, 0x0a, 0x71, 0x46, 0xbe, 0x63, 0x85, 0x85, 0x5e, + 0x83, 0x4a, 0x10, 0xf2, 0xd4, 0xc4, 0xd7, 0xbd, 0x24, 0x80, 0x37, 0xa7, 0x00, 0xde, 0x89, 0x75, + 0x35, 0x16, 0x0e, 0x0f, 0xd6, 0x2a, 0xc9, 0x2b, 0xd6, 0x28, 0xb6, 0x0b, 0x4f, 0x1a, 0xf6, 0x35, + 0x03, 0xbf, 0xed, 0x89, 0x05, 0x5d, 0x87, 0x12, 0x1b, 0x87, 0x44, 0x2c, 0x66, 0x45, 0xbb, 0x68, + 0x6f, 0x1c, 0x12, 0x2c, 0x38, 0xe8, 0x63, 0x30, 0x3b, 0x20, 0x94, 0x3a, 0x1d, 0x22, 0xd6, 0xa4, + 0xd2, 0x58, 0x52, 0x42, 0xb3, 0x37, 0x25, 0x19, 0xc7, 0x7c, 0xfb, 0x35, 0x78, 0xfa, 0xe8, 0xfd, + 0x80, 0x3e, 0x02, 0x33, 0x94, 0x44, 0x23, 0x12, 0x29, 0x20, 0xed, 0x19, 0x41, 0xc5, 0x8a, 0x8b, + 0xea, 0x50, 0xf1, 0x9d, 0x01, 0xa1, 0xa1, 0xe3, 0xc6, 0x70, 0x67, 0x95, 0x68, 0xe5, 0x56, 0xcc, + 0xc0, 0x5a, 0xc6, 0xfe, 0x9b, 0x05, 0x4b, 0x06, 0xe6, 0x63, 0x48, 0x7b, 0xbd, 0x74, 0xda, 0xbb, + 0x9a, 0x4f, 0xc4, 0x1c, 0x93, 0xf7, 0x7e, 0x5f, 0x84, 0xb3, 0x66, 0x5c, 0x89, 0x64, 0xc6, 0x97, + 0x24, 0x22, 0x61, 0xf0, 0x22, 0xbe, 0xa1, 0xdc, 0x99, 0x2c, 0x09, 0x96, 0x64, 0x1c, 0xf3, 0xf9, + 0xfa, 0x86, 0x0e, 0xeb, 0x2a, 0x5f, 0x26, 0xeb, 0xbb, 0xeb, 0xb0, 0x2e, 0x16, 0x1c, 0x9e, 0x86, + 0x88, 0x3f, 0xf2, 0xa2, 0xc0, 0x1f, 0x10, 0x9f, 0x65, 0xd3, 0xd0, 0x15, 0xcd, 0xc2, 0xa6, 0x1c, + 0xfa, 0x22, 0x2c, 0x32, 0x27, 0xea, 0x10, 0x86, 0xc9, 0xc8, 0xa3, 0x71, 0x20, 0x57, 0x1a, 0x4f, + 0xab, 0x2f, 0x17, 0xf7, 0x52, 0x5c, 0x9c, 0x91, 0x46, 0xbf, 0xb1, 0xe0, 0x19, 0x37, 0x18, 0x84, + 0x81, 0x4f, 0x7c, 0xb6, 0xeb, 0x44, 0xce, 0x80, 0x30, 0x12, 0xed, 0x8c, 0x48, 0x14, 0x79, 0x6d, + 0x42, 0x57, 0xca, 0xc2, 0xbb, 0x37, 0xa7, 0xf0, 0x6e, 0x73, 0x42, 0x7b, 0xe3, 0x59, 0x65, 0xdc, + 0x33, 0xcd, 0xe3, 0x91, 0xf1, 0x7f, 0x32, 0x8b, 0x57, 0x9d, 0x91, 0xd3, 0x1f, 0x12, 0x7a, 0xd5, + 0xe3, 0x39, 0x78, 0x46, 0x57, 0x9d, 0x97, 0x34, 0x19, 0x9b, 0x32, 0xf6, 0xef, 0x0a, 0xa9, 0x10, + 0x6d, 0xc5, 0x79, 0x47, 0xac, 0xa5, 0x0a, 0xd0, 0xbc, 0xf2, 0x8e, 0xd0, 0x69, 0xec, 0x2e, 0x59, + 0xfc, 0x14, 0x16, 0xfa, 0x8e, 0x25, 0x4a, 0x4e, 0xbc, 0x2b, 0x55, 0x8e, 0x7d, 0x04, 0xe5, 0xcf, + 0xac, 0x62, 0x31, 0x11, 0x9b, 0xd0, 0x3c, 0x84, 0x43, 0x59, 0x7d, 0x54, 0xc4, 0x25, 0x21, 0x1c, + 0x17, 0xa5, 0x98, 0x6f, 0xff, 0x6c, 0x26, 0xbd, 0x07, 0x64, 0x0e, 0xfd, 0x91, 0x05, 0xcb, 0x7c, + 0xa1, 0x9c, 0xc8, 0xa3, 0x81, 0x8f, 0x09, 0x1d, 0xf6, 0x99, 0x72, 0xe6, 0xf6, 0x94, 0x41, 0x63, + 0xaa, 0x6c, 0xac, 0x28, 0xbb, 0x96, 0xb3, 0x1c, 0x3c, 0x01, 0x8f, 0x18, 0xcc, 0x76, 0x3d, 0xca, + 0x82, 0x68, 0xac, 0x92, 0xc3, 0x34, 0x2d, 0xdf, 0x26, 0x09, 0xfb, 0xc1, 0x98, 0xef, 0xb5, 0x2d, + 0x7f, 0x3f, 0xd0, 0xfe, 0xb9, 0x26, 0x11, 0x70, 0x0c, 0x85, 0xbe, 0x69, 0x01, 0x84, 0x71, 0xa4, + 0xf2, 0x42, 0xf6, 0x08, 0x36, 0x4e, 0x52, 0xb3, 0x13, 0x12, 0xc5, 0x06, 0x28, 0x0a, 0x60, 0xa6, + 0x4b, 0x9c, 0x3e, 0xeb, 0xaa, 0x72, 0xf6, 0xc2, 0x14, 0xf0, 0xd7, 0x84, 0xa2, 0x6c, 0x09, 0x95, + 0x54, 0xac, 0x60, 0xd0, 0xb7, 0x2d, 0x58, 0x4c, 0xaa, 0x1b, 0x97, 0x25, 0x2b, 0xe5, 0xa9, 0xbb, + 0xec, 0x9d, 0x94, 0xc2, 0x06, 0xe2, 0x69, 0x2c, 0x4d, 0xc3, 0x19, 0x50, 0xf4, 0x2d, 0x0b, 0xc0, + 0x8d, 0xab, 0xa9, 0xcc, 0x07, 0xd5, 0x8d, 0x9d, 0x7c, 0x76, 0x54, 0x52, 0xa5, 0xb5, 0xfb, 0x13, + 0x12, 0xc5, 0x06, 0xac, 0xfd, 0xae, 0x05, 0x4f, 0x19, 0x1f, 0x7e, 0xd9, 0x61, 0x6e, 0xf7, 0xca, + 0x88, 0xa7, 0xe9, 0xed, 0x54, 0x7d, 0xff, 0x8c, 0x59, 0xdf, 0xdf, 0x3f, 0x58, 0xfb, 0xe8, 0x71, + 0x63, 0xd4, 0x5d, 0xae, 0xa1, 0x26, 0x54, 0x18, 0xad, 0xc0, 0xeb, 0x50, 0x35, 0x6c, 0x56, 0xe9, + 0x23, 0xaf, 0x02, 0x98, 0xe4, 0x0c, 0x83, 0x88, 0x4d, 0x3c, 0xfb, 0xcf, 0x05, 0x98, 0x6d, 0xf6, + 0x87, 0x94, 0x91, 0xe8, 0xd4, 0x0d, 0xc5, 0x3a, 0x94, 0x78, 0xb3, 0x90, 0xad, 0x7f, 0xbc, 0x97, + 0xc0, 0x82, 0x83, 0x42, 0x98, 0x71, 0x03, 0x7f, 0xdf, 0xeb, 0xa8, 0x16, 0xf0, 0xda, 0x34, 0x3b, + 0x47, 0x5a, 0xd7, 0x14, 0xfa, 0xb4, 0x4d, 0xf2, 0x1d, 0x2b, 0x1c, 0xf4, 0xa6, 0x05, 0x4b, 0x6e, + 0xe0, 0xfb, 0xc4, 0xd5, 0xc1, 0x5b, 0x9a, 0xba, 0xdd, 0x6d, 0xa6, 0x35, 0x36, 0x3e, 0xa0, 0xd0, + 0x97, 0x32, 0x0c, 0x9c, 0xc5, 0xb6, 0x7f, 0x5d, 0x80, 0x85, 0x94, 0xe5, 0xe8, 0x39, 0x98, 0x1b, + 0x52, 0x12, 0x09, 0xcf, 0x49, 0xff, 0x26, 0x1d, 0xd1, 0x8b, 0x8a, 0x8e, 0x13, 0x09, 0x2e, 0x1d, + 0x3a, 0x94, 0xde, 0x0d, 0xa2, 0xb6, 0xf2, 0x73, 0x22, 0xbd, 0xab, 0xe8, 0x38, 0x91, 0xe0, 0xfd, + 0xc6, 0x6d, 0xe2, 0x44, 0x24, 0xda, 0x0b, 0x7a, 0x64, 0x62, 0xec, 0x69, 0x68, 0x16, 0x36, 0xe5, + 0x84, 0xd3, 0x58, 0x9f, 0x36, 0xfb, 0x1e, 0xf1, 0x99, 0x34, 0x33, 0x07, 0xa7, 0xed, 0xdd, 0x68, + 0x99, 0x1a, 0xb5, 0xd3, 0x32, 0x0c, 0x9c, 0xc5, 0xb6, 0xff, 0x64, 0x41, 0x55, 0x39, 0xed, 0x31, + 0x34, 0x9d, 0x9d, 0x74, 0xd3, 0xd9, 0x98, 0x3e, 0x46, 0x8f, 0x69, 0x38, 0x7f, 0x59, 0x84, 0x89, + 0x4a, 0x87, 0x5e, 0xe5, 0x39, 0x8e, 0xd3, 0x48, 0xfb, 0x72, 0x5c, 0x64, 0x3f, 0x7e, 0xba, 0xbf, + 0xdb, 0xf3, 0x06, 0xc4, 0x4c, 0x5f, 0xb1, 0x16, 0x6c, 0x68, 0x44, 0x6f, 0x58, 0x1a, 0x60, 0x2f, + 0x50, 0x79, 0x25, 0xdf, 0x96, 0x68, 0xc2, 0x84, 0xbd, 0x00, 0x1b, 0x98, 0xe8, 0x73, 0xc9, 0x20, + 0x58, 0x16, 0x01, 0x69, 0xa7, 0x47, 0xb7, 0xf7, 0x53, 0x0d, 0x40, 0x66, 0x9c, 0x1b, 0x43, 0x25, + 0x22, 0xb2, 0xc5, 0x8a, 0x2b, 0xc0, 0x34, 0x49, 0x04, 0x2b, 0x5d, 0x72, 0x1b, 0x27, 0xe3, 0x4f, + 0x4c, 0xa6, 0x58, 0xa3, 0xd9, 0x3f, 0xb0, 0x00, 0x4d, 0x96, 0x6b, 0x3e, 0x46, 0x25, 0x4d, 0xac, + 0xda, 0xc0, 0x89, 0x9e, 0x44, 0x1c, 0x6b, 0x99, 0x53, 0xa4, 0xc9, 0x67, 0xa1, 0x2c, 0x9a, 0x5a, + 0xb5, 0x61, 0x93, 0xe8, 0x11, 0x6d, 0x2f, 0x96, 0x3c, 0xfb, 0x0f, 0x16, 0x64, 0xd3, 0x8d, 0xc8, + 0xd4, 0xd2, 0xb3, 0xd9, 0x4c, 0x9d, 0xf6, 0xe2, 0xe9, 0xe7, 0x4c, 0xf4, 0x0a, 0x54, 0x1d, 0xc6, + 0xc8, 0x20, 0x64, 0x22, 0x20, 0x8b, 0x0f, 0x1c, 0x90, 0x8b, 0x3c, 0x12, 0x6e, 0x06, 0x6d, 0x6f, + 0xdf, 0x13, 0xc1, 0x68, 0xaa, 0xb3, 0xdf, 0x2b, 0xc2, 0x62, 0xba, 0xf9, 0x42, 0x43, 0x98, 0x11, + 0xcd, 0x8e, 0x3c, 0x66, 0xca, 0xbd, 0xbb, 0x4a, 0x5c, 0x22, 0x48, 0x14, 0x2b, 0x30, 0x9e, 0x58, + 0xa3, 0x78, 0xba, 0xca, 0x24, 0xd6, 0x64, 0xae, 0x4a, 0x24, 0x4e, 0x9c, 0xa8, 0x8a, 0xff, 0x9b, + 0x13, 0xd5, 0xab, 0x00, 0x6d, 0xe1, 0x6d, 0xb1, 0x96, 0xa5, 0x87, 0x4f, 0x2e, 0x9b, 0x89, 0x16, + 0x6c, 0x68, 0x44, 0xe7, 0xa0, 0xe0, 0xb5, 0xc5, 0xae, 0x2e, 0x36, 0x40, 0xc9, 0x16, 0xb6, 0x36, + 0x71, 0xc1, 0x6b, 0xdb, 0x14, 0xe6, 0xcd, 0x6e, 0xf3, 0xd4, 0xb1, 0xfa, 0x79, 0x58, 0x90, 0x4f, + 0x9b, 0x84, 0x39, 0x5e, 0x9f, 0xaa, 0xd5, 0x79, 0x4a, 0x89, 0x2f, 0xb4, 0x4c, 0x26, 0x4e, 0xcb, + 0xda, 0x3f, 0x2d, 0x00, 0x5c, 0x0b, 0x82, 0x9e, 0xc2, 0x8c, 0xb7, 0x9e, 0x75, 0xec, 0xd6, 0x5b, + 0x87, 0x52, 0xcf, 0xf3, 0xdb, 0xd9, 0xcd, 0xb9, 0xed, 0xf9, 0x6d, 0x2c, 0x38, 0x68, 0x03, 0xc0, + 0x09, 0xbd, 0x97, 0x48, 0x44, 0xf5, 0x49, 0x62, 0xe2, 0x97, 0xcb, 0xbb, 0x5b, 0x8a, 0x83, 0x0d, + 0x29, 0xf4, 0x9c, 0xea, 0x0c, 0xe5, 0xd8, 0xbe, 0x92, 0xe9, 0x0c, 0xe7, 0xb8, 0x85, 0x46, 0xeb, + 0x77, 0x29, 0x93, 0x1f, 0xd7, 0x27, 0xf2, 0xa3, 0xee, 0x94, 0x77, 0xbb, 0x0e, 0x25, 0x47, 0xed, + 0xeb, 0x99, 0x13, 0xce, 0x8f, 0x9a, 0xb0, 0x7c, 0xfd, 0x2e, 0x13, 0xf5, 0xfe, 0x66, 0x5c, 0xf9, + 0x78, 0x2a, 0x8b, 0x88, 0xa3, 0x77, 0x7a, 0xd1, 0x48, 0x65, 0x31, 0x03, 0x6b, 0x19, 0xfb, 0x1f, + 0x16, 0xe8, 0x23, 0x30, 0xb4, 0x0f, 0x25, 0x3a, 0xf6, 0x5d, 0x55, 0xb4, 0xa6, 0x49, 0xcb, 0xad, + 0xb1, 0xef, 0xea, 0x93, 0xb6, 0x39, 0x71, 0x90, 0x38, 0xf6, 0x5d, 0x2c, 0xf4, 0xa3, 0x11, 0xcc, + 0x45, 0x41, 0xbf, 0x7f, 0xdb, 0x71, 0x7b, 0x39, 0xd4, 0x2f, 0xac, 0x54, 0x69, 0xbc, 0x79, 0xb1, + 0xe9, 0x15, 0x19, 0x27, 0x58, 0xf6, 0xaf, 0xca, 0x90, 0x19, 0x51, 0xd0, 0xd0, 0x3c, 0x5d, 0xb4, + 0x72, 0x3c, 0x5d, 0x4c, 0xfc, 0x7e, 0xd4, 0x09, 0x23, 0xba, 0x08, 0xe5, 0x90, 0x2f, 0xbc, 0x0a, + 0xd3, 0xb5, 0xb8, 0x40, 0x88, 0x68, 0x38, 0x22, 0x3e, 0xa4, 0xb4, 0x19, 0x1e, 0xc5, 0x13, 0xd2, + 0xfe, 0x37, 0x00, 0xb8, 0xaf, 0xd5, 0xac, 0x2f, 0x33, 0xc5, 0xad, 0xbc, 0x56, 0x54, 0x8d, 0xfb, + 0xa2, 0x32, 0xb4, 0x12, 0x14, 0x6c, 0x20, 0xa2, 0xef, 0x59, 0xb0, 0x18, 0x3b, 0x5e, 0x19, 0x51, + 0x7e, 0x24, 0x46, 0x88, 0xc1, 0x13, 0xa7, 0x90, 0x70, 0x06, 0x19, 0x7d, 0x05, 0x2a, 0x94, 0x39, + 0x91, 0xdc, 0x17, 0x33, 0x0f, 0x9c, 0x35, 0x93, 0xb5, 0x6c, 0xc5, 0x4a, 0xb0, 0xd6, 0x87, 0x5e, + 0x06, 0xd8, 0xf7, 0x7c, 0x8f, 0x76, 0x85, 0xf6, 0xd9, 0x87, 0xab, 0xaf, 0x57, 0x13, 0x0d, 0xd8, + 0xd0, 0x26, 0x1a, 0x67, 0xe3, 0xe2, 0xe1, 0x14, 0xf9, 0xef, 0x3c, 0xcc, 0x85, 0x41, 0xdf, 0x73, + 0x3d, 0x22, 0xfb, 0xdf, 0x8a, 0xdc, 0x0d, 0xbb, 0x8a, 0x86, 0x13, 0x2e, 0x1a, 0x1b, 0x4d, 0xb8, + 0xec, 0x0a, 0x76, 0xf2, 0xb9, 0x1e, 0xe1, 0xe9, 0x88, 0x71, 0xb5, 0x12, 0x3a, 0xce, 0x4e, 0xba, + 0x43, 0xb7, 0xdf, 0xb4, 0xe0, 0xc9, 0xa3, 0x3e, 0x40, 0x43, 0x98, 0xbb, 0xa3, 0x92, 0x5a, 0x0e, + 0xe7, 0x53, 0xd9, 0xfc, 0x28, 0xed, 0x89, 0xa9, 0x38, 0x81, 0xb2, 0xff, 0x52, 0x00, 0x10, 0xb7, + 0x5e, 0x9e, 0x38, 0x24, 0x5a, 0x87, 0x52, 0x44, 0xc2, 0x20, 0xeb, 0x65, 0x2e, 0x81, 0x05, 0x27, + 0x35, 0xf3, 0x15, 0x1e, 0x68, 0xe6, 0x2b, 0x9e, 0x38, 0xf3, 0xf1, 0x7a, 0x49, 0xbb, 0xbb, 0x91, + 0x37, 0x72, 0x18, 0xd9, 0x26, 0x63, 0x55, 0x74, 0x74, 0xbd, 0x6c, 0x5d, 0xd3, 0x4c, 0x9c, 0x96, + 0x3d, 0x72, 0x5c, 0x2e, 0xff, 0x17, 0xc7, 0xe5, 0x77, 0x2c, 0x58, 0xd4, 0x9e, 0xfd, 0xff, 0xba, + 0x68, 0xd5, 0x76, 0x1f, 0x33, 0xff, 0xfd, 0xd3, 0x82, 0xa5, 0x78, 0xd2, 0x50, 0x0d, 0x4b, 0x2e, + 0x1d, 0x4a, 0xea, 0x62, 0xa7, 0x78, 0xf2, 0xc5, 0x8e, 0x59, 0x17, 0x4a, 0x27, 0xd4, 0x85, 0x2f, + 0x64, 0x7a, 0x93, 0x0f, 0x4d, 0xf4, 0x26, 0x28, 0x99, 0xa9, 0xc6, 0xbe, 0x9b, 0xee, 0xe5, 0xec, + 0x5f, 0x58, 0x30, 0x1f, 0xb3, 0x6f, 0x05, 0x6d, 0x31, 0xe9, 0x50, 0x11, 0x64, 0x56, 0x7a, 0xd2, + 0x91, 0xe1, 0x20, 0x79, 0x7c, 0x57, 0xbb, 0x5d, 0xaf, 0xdf, 0x8e, 0x88, 0xaf, 0x96, 0xe5, 0x85, + 0x1c, 0x46, 0x3e, 0x8e, 0xaf, 0x43, 0xa1, 0xa9, 0x00, 0x70, 0x02, 0x65, 0xff, 0xb6, 0x08, 0x0b, + 0xa9, 0xf9, 0x10, 0x5d, 0x84, 0xaa, 0xbc, 0x59, 0x69, 0x19, 0x36, 0x27, 0xc7, 0x29, 0x7b, 0x9a, + 0x85, 0x4d, 0x39, 0xbe, 0x1e, 0x7d, 0x6f, 0x24, 0x75, 0x64, 0x2f, 0xda, 0x6e, 0xc4, 0x0c, 0xac, + 0x65, 0x8c, 0x01, 0xb9, 0xf8, 0xc0, 0x03, 0xf2, 0x8f, 0x2d, 0x40, 0xe2, 0x17, 0xb8, 0xe6, 0x64, + 0x8e, 0x55, 0x17, 0xd8, 0xb9, 0xf9, 0xed, 0x9c, 0xb2, 0x08, 0x35, 0x27, 0xa0, 0xf0, 0x11, 0xf0, + 0xc6, 0x99, 0x75, 0xf9, 0xb1, 0x9c, 0x59, 0xdb, 0x5f, 0x87, 0xb3, 0x13, 0x8d, 0x9d, 0x1a, 0x4f, + 0xac, 0xa3, 0xc6, 0x13, 0x1e, 0x89, 0x61, 0x34, 0xf4, 0xe5, 0x02, 0xcd, 0xe9, 0x48, 0xdc, 0xe5, + 0x44, 0x2c, 0x79, 0x7c, 0x66, 0x69, 0x47, 0x63, 0x3c, 0x94, 0x7d, 0xff, 0x9c, 0x46, 0xdf, 0x14, + 0x54, 0xac, 0xb8, 0xf6, 0x77, 0x0b, 0xb0, 0x90, 0x6a, 0x36, 0x52, 0xe3, 0xa5, 0x75, 0xe2, 0x78, + 0x99, 0xa7, 0x31, 0xe8, 0x75, 0x98, 0xa7, 0x62, 0x2b, 0x46, 0x0e, 0x23, 0x9d, 0x71, 0x0e, 0xb7, + 0x06, 0x2d, 0x43, 0x5d, 0x63, 0xf9, 0xf0, 0x60, 0x6d, 0xde, 0xa4, 0xe0, 0x14, 0x9c, 0xfd, 0xf3, + 0x02, 0x3c, 0x71, 0x44, 0xe3, 0x85, 0xee, 0x9a, 0x27, 0x39, 0x72, 0xd4, 0xbf, 0x9e, 0x43, 0x78, + 0xaa, 0x44, 0x2a, 0xaf, 0xe7, 0x8f, 0x3a, 0xc7, 0x79, 0xc0, 0x49, 0x7f, 0x1f, 0xca, 0xdd, 0x20, + 0xe8, 0xc5, 0x23, 0xfd, 0x34, 0x05, 0x41, 0x0f, 0xa2, 0x8d, 0x0a, 0x5f, 0x4d, 0xfe, 0x4e, 0xb1, + 0x54, 0x6f, 0xbf, 0x67, 0x41, 0xca, 0x8b, 0x68, 0x00, 0x65, 0xae, 0x65, 0x9c, 0xc3, 0xad, 0xa5, + 0xa9, 0xf7, 0x32, 0xd7, 0x29, 0xf1, 0xc5, 0x23, 0x96, 0x28, 0xc8, 0x83, 0x12, 0x37, 0x44, 0x0d, + 0x54, 0xdb, 0x39, 0xa1, 0xf1, 0x5f, 0x94, 0xf3, 0x1b, 0x7f, 0xc2, 0x02, 0xc2, 0xbe, 0x04, 0x67, + 0x27, 0x2c, 0xe2, 0x21, 0xbf, 0x1f, 0xc4, 0x97, 0xb4, 0x46, 0xc8, 0x5f, 0xe5, 0x44, 0x2c, 0x79, + 0xbc, 0x7e, 0x2c, 0x67, 0xd5, 0xa3, 0x9f, 0x58, 0x70, 0x96, 0x66, 0xf5, 0x3d, 0x12, 0xaf, 0x7d, + 0x50, 0x19, 0x35, 0x69, 0x3e, 0x9e, 0xb4, 0x80, 0xaf, 0x68, 0xf6, 0x68, 0x9b, 0xc7, 0x9e, 0xe7, + 0x53, 0xe2, 0x0e, 0xa3, 0xf8, 0x47, 0x93, 0xd8, 0xdb, 0x52, 0x74, 0x9c, 0x48, 0xa0, 0x0d, 0x00, + 0x79, 0xb5, 0x72, 0x4b, 0x37, 0x8a, 0xc9, 0x51, 0x43, 0x2b, 0xe1, 0x60, 0x43, 0x8a, 0x37, 0xf0, + 0x2e, 0x89, 0xd8, 0x66, 0xdc, 0x96, 0xcf, 0xcb, 0xae, 0xb5, 0xa9, 0x68, 0x38, 0xe1, 0xa2, 0x0f, + 0xc3, 0x6c, 0x8f, 0x8c, 0x85, 0x60, 0x49, 0x08, 0x56, 0x79, 0xc5, 0xdf, 0x96, 0x24, 0x1c, 0xf3, + 0x90, 0x0d, 0x33, 0xae, 0x23, 0xa4, 0xca, 0x42, 0x0a, 0xc4, 0x2d, 0xcb, 0x65, 0x21, 0xa4, 0x38, + 0x8d, 0xda, 0xbd, 0xfb, 0xab, 0x67, 0xde, 0xba, 0xbf, 0x7a, 0xe6, 0xed, 0xfb, 0xab, 0x67, 0xde, + 0x38, 0x5c, 0xb5, 0xee, 0x1d, 0xae, 0x5a, 0x6f, 0x1d, 0xae, 0x5a, 0x6f, 0x1f, 0xae, 0x5a, 0x7f, + 0x3f, 0x5c, 0xb5, 0x7e, 0xf8, 0xee, 0xea, 0x99, 0x97, 0xe7, 0x62, 0xd7, 0xfe, 0x3b, 0x00, 0x00, + 0xff, 0xff, 0x40, 0xba, 0x69, 0x1a, 0xa7, 0x29, 0x00, 0x00, } diff --git a/pkg/apis/application/v1alpha1/generated.proto b/pkg/apis/application/v1alpha1/generated.proto index c95742861d1d0..54a88c3787273 100644 --- a/pkg/apis/application/v1alpha1/generated.proto +++ b/pkg/apis/application/v1alpha1/generated.proto @@ -42,7 +42,7 @@ message AppProjectSpec { // Description contains optional project description optional string description = 3; - repeated ProjectToken tokens = 4; + repeated ProjectRole roles = 4; } // Application is a definition of Application resource. @@ -254,6 +254,11 @@ message HookStatus { optional string message = 6; } +// JwtTokenMetadata holds the createdAt time of a token +message JwtTokenMetadata { + optional int64 createdAt = 3; +} + // Operation contains requested operation parameters. message Operation { optional SyncOperation sync = 1; @@ -285,13 +290,19 @@ message OperationState { optional k8s.io.apimachinery.pkg.apis.meta.v1.Time finishedAt = 7; } -// ProjectToken contains metadata of a token for a project -message ProjectToken { +// ProjectRole represents a role that has access to a project +message ProjectRole { optional string name = 1; repeated string policies = 2; - optional int64 createdAt = 3; + optional ProjectRoleMetatdata metadata = 3; +} + +// ProjectRoleMetatdata represents all the different types of roles a project can have +// ProjectRoleMetatdata only one of its members may be specified for a specific role +message ProjectRoleMetatdata { + optional JwtTokenMetadata jwtToken = 1; } // Repository is a Git repository holding application configurations diff --git a/pkg/apis/application/v1alpha1/types.go b/pkg/apis/application/v1alpha1/types.go index 711b061494751..4a857222f88c7 100644 --- a/pkg/apis/application/v1alpha1/types.go +++ b/pkg/apis/application/v1alpha1/types.go @@ -184,7 +184,7 @@ type DeploymentInfo struct { // +genclient:noStatus // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object type Application struct { - metav1.TypeMeta `json:",inline" protobuf:"bytes,5,opt,name=typeMeta"` + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata" protobuf:"bytes,1,opt,name=metadata"` Spec ApplicationSpec `json:"spec" protobuf:"bytes,2,opt,name=spec"` Status ApplicationStatus `json:"status" protobuf:"bytes,3,opt,name=status"` @@ -206,7 +206,7 @@ type ApplicationWatchEvent struct { // ApplicationList is list of Application resources // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object type ApplicationList struct { - metav1.TypeMeta `json:",inline" protobuf:"bytes,3,opt,name=typeMeta"` + metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata" protobuf:"bytes,1,opt,name=metadata"` Items []Application `json:"items" protobuf:"bytes,2,rep,name=items"` } @@ -429,7 +429,7 @@ type RepositoryList struct { // AppProjectList is list of AppProject resources // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object type AppProjectList struct { - metav1.TypeMeta `json:",inline" protobuf:"bytes,3,opt,name=typeMeta"` + metav1.TypeMeta `json:",inline""` metav1.ListMeta `json:"metadata" protobuf:"bytes,1,opt,name=metadata"` Items []AppProject `json:"items" protobuf:"bytes,2,rep,name=items"` } @@ -439,18 +439,18 @@ type AppProjectList struct { // +genclient:noStatus // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object type AppProject struct { - metav1.TypeMeta `json:",inline" protobuf:"bytes,3,opt,name=typeMeta"` + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata" protobuf:"bytes,1,opt,name=metadata"` Spec AppProjectSpec `json:"spec" protobuf:"bytes,2,opt,name=spec"` } -//TokenPoliciesString returns Casabin formated string of all the policies for each string -func (proj *AppProject) TokenPoliciesString() string { - var tokenPolicies []string - for _, token := range proj.Spec.Tokens { - tokenPolicies = append(tokenPolicies, token.Policies...) +//ProjectPoliciesString returns Casabin formated string of a project's polcies for each role +func (proj *AppProject) ProjectPoliciesString() string { + var policies []string + for _, role := range proj.Spec.Roles { + policies = append(policies, role.Policies...) } - return strings.Join(tokenPolicies, "\n") + return strings.Join(policies, "\n") } // AppProjectSpec represents @@ -464,24 +464,35 @@ type AppProjectSpec struct { // Description contains optional project description Description string `json:"description,omitempty" protobuf:"bytes,3,opt,name=description"` - Tokens []ProjectToken `protobuf:"bytes,4,rep,name=tokens"` + Roles []ProjectRole `protobuf:"bytes,4,rep,name=roles"` } -// GetTokenIndex returns the index into the tokens array of that name if that token exists -func (proj *AppProject) GetTokenIndex(name string) (int, error) { - for i, token := range proj.Spec.Tokens { - if name == token.Name { +// GetRoleIndex looks up the index of a role in a project by the name +func (proj *AppProject) GetRoleIndex(name string) (int, error) { + for i, role := range proj.Spec.Roles { + if name == role.Name { return i, nil } } - return -1, fmt.Errorf("token '%s' does not exist in project '%s'", name, proj.Name) + return -1, fmt.Errorf("role '%s' does not exist in project '%s'", name, proj.Name) } -// ProjectToken contains metadata of a token for a project -type ProjectToken struct { - Name string `json:"name" protobuf:"bytes,1,opt,name=name"` - Policies []string `protobuf:"bytes,2,rep,name=policies"` - CreatedAt int64 `json:"createdAt" protobuf:"int64,3,opt,name=createdAt"` +// ProjectRole represents a role that has access to a project +type ProjectRole struct { + Name string `json:"name" protobuf:"bytes,1,opt,name=name"` + Policies []string `json:"policies" protobuf:"bytes,2,rep,name=policies"` + Metadata *ProjectRoleMetatdata `json:"metadata" protobuf:"bytes,3,rep,name=metadata"` +} + +// ProjectRoleMetatdata represents all the different types of roles a project can have +// ProjectRoleMetatdata only one of its members may be specified for a specific role +type ProjectRoleMetatdata struct { + JwtToken *JwtTokenMetadata `protobuf:"bytes,1,opt,name=jwtToken"` +} + +// JwtTokenMetadata holds the createdAt time of a token +type JwtTokenMetadata struct { + CreatedAt int64 `json:"createdAt" protobuf:"int64,3,opt,name=createdAt"` } func GetDefaultProject(namespace string) AppProject { diff --git a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go index 2619ef03fd186..44d486e671045 100644 --- a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go @@ -82,9 +82,9 @@ func (in *AppProjectSpec) DeepCopyInto(out *AppProjectSpec) { *out = make([]ApplicationDestination, len(*in)) copy(*out, *in) } - if in.Tokens != nil { - in, out := &in.Tokens, &out.Tokens - *out = make([]ProjectToken, len(*in)) + if in.Roles != nil { + in, out := &in.Roles, &out.Roles + *out = make([]ProjectRole, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -493,6 +493,22 @@ func (in *HookStatus) DeepCopy() *HookStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *JwtTokenMetadata) DeepCopyInto(out *JwtTokenMetadata) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JwtTokenMetadata. +func (in *JwtTokenMetadata) DeepCopy() *JwtTokenMetadata { + if in == nil { + return nil + } + out := new(JwtTokenMetadata) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Operation) DeepCopyInto(out *Operation) { *out = *in @@ -573,22 +589,56 @@ func (in *OperationState) DeepCopy() *OperationState { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ProjectToken) DeepCopyInto(out *ProjectToken) { +func (in *ProjectRole) DeepCopyInto(out *ProjectRole) { *out = *in if in.Policies != nil { in, out := &in.Policies, &out.Policies *out = make([]string, len(*in)) copy(*out, *in) } + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata + if *in == nil { + *out = nil + } else { + *out = new(ProjectRoleMetatdata) + (*in).DeepCopyInto(*out) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectRole. +func (in *ProjectRole) DeepCopy() *ProjectRole { + if in == nil { + return nil + } + out := new(ProjectRole) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ProjectRoleMetatdata) DeepCopyInto(out *ProjectRoleMetatdata) { + *out = *in + if in.JwtToken != nil { + in, out := &in.JwtToken, &out.JwtToken + if *in == nil { + *out = nil + } else { + *out = new(JwtTokenMetadata) + **out = **in + } + } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectToken. -func (in *ProjectToken) DeepCopy() *ProjectToken { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectRoleMetatdata. +func (in *ProjectRoleMetatdata) DeepCopy() *ProjectRoleMetatdata { if in == nil { return nil } - out := new(ProjectToken) + out := new(ProjectRoleMetatdata) in.DeepCopyInto(out) return out } diff --git a/server/project/project.go b/server/project/project.go index 666bf931648ab..6d419e4c43069 100644 --- a/server/project/project.go +++ b/server/project/project.go @@ -2,6 +2,7 @@ package project import ( "context" + "errors" "fmt" "strings" @@ -62,7 +63,7 @@ func (s *Server) CreateToken(ctx context.Context, q *ProjectTokenCreateRequest) s.projectLock.Lock(q.Project) defer s.projectLock.Unlock(q.Project) - _, err = project.GetTokenIndex(q.Token) + _, err = project.GetRoleIndex(q.Token) if err == nil { return nil, status.Errorf(codes.AlreadyExists, "'%s' token already exist for project '%s'", q.Token, q.Project) } @@ -72,8 +73,9 @@ func (s *Server) CreateToken(ctx context.Context, q *ProjectTokenCreateRequest) if err != nil { return nil, err } - token := v1alpha1.ProjectToken{Name: q.Token, CreatedAt: jwtToken.IssuedAt} - project.Spec.Tokens = append(project.Spec.Tokens, token) + tokenMetadata := &v1alpha1.ProjectRoleMetatdata{JwtToken: &v1alpha1.JwtTokenMetadata{CreatedAt: jwtToken.IssuedAt}} + token := v1alpha1.ProjectRole{Name: q.Token, Metadata: tokenMetadata} + project.Spec.Roles = append(project.Spec.Roles, token) _, err = s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Update(project) if err != nil { return nil, err @@ -167,14 +169,14 @@ func getRemovedSources(oldProj, newProj *v1alpha1.AppProject) map[string]bool { return removed } -func validatePolicy(proj string, token string, policy string) error { - policyComponents := strings.Split(policy, ",") - if len(policyComponents) != 5 { - return status.Errorf(codes.InvalidArgument, "incorrect number of policy arguements for '%s'", policy) - +func validateJwtToken(proj string, token string, policy string) error { + err := validatePolicy(proj, policy) + if err != nil { + return err } - if strings.Trim(policyComponents[0], " ") != "p" { - return status.Errorf(codes.InvalidArgument, "token policy can only contain policies: '%s'", policy) + policyComponents := strings.Split(policy, ",") + if strings.Trim(policyComponents[2], " ") != "projects" { + return status.Errorf(codes.InvalidArgument, "incorrect format for '%s' as JWT tokens can only access projects", policy) } roleComponents := strings.Split(strings.Trim(policyComponents[1], " "), ":") if len(roleComponents) != 3 { @@ -187,13 +189,30 @@ func validatePolicy(proj string, token string, policy string) error { return status.Errorf(codes.InvalidArgument, "incorrect policy format for '%s' as policy can't grant access to other projects", policy) } if roleComponents[2] != token { - return status.Errorf(codes.InvalidArgument, "incorrect policy format for '%s' as policy can't grant access to other tokens", policy) + return status.Errorf(codes.InvalidArgument, "incorrect policy format for '%s' as policy can't grant access to other roles", policy) } - if strings.Trim(policyComponents[2], " ") != "projects" { - return status.Errorf(codes.InvalidArgument, "incorrect format for '%s' as token policies can only access projects", policy) + return nil +} + +func validatePolicy(proj string, policy string) error { + policyComponents := strings.Split(policy, ",") + if len(policyComponents) != 5 { + return status.Errorf(codes.InvalidArgument, "incorrect number of policy arguements for '%s'", policy) + } + if strings.Trim(policyComponents[0], " ") != "p" { + return status.Errorf(codes.InvalidArgument, "policies can only use the policy format: '%s'", policy) + } + if len(strings.Trim(policyComponents[1], " ")) <= 0 { + return status.Errorf(codes.InvalidArgument, "incorrect policy format for '%s' as subject must be longer than 0 characters:", policy) + } + if len(strings.Trim(policyComponents[2], " ")) <= 0 { + return status.Errorf(codes.InvalidArgument, "incorrect policy format for '%s' as object must be longer than 0 characters:", policy) + } + if len(strings.Trim(policyComponents[3], " ")) <= 0 { + return status.Errorf(codes.InvalidArgument, "incorrect policy format for '%s' as action must be longer than 0 characters:", policy) } if !strings.HasPrefix(strings.Trim(policyComponents[4], " "), proj) { - return status.Errorf(codes.InvalidArgument, "incorrect token policy format for '%s' as token policies can't grant access to other tokens or projects", policy) + return status.Errorf(codes.InvalidArgument, "incorrect policy format for '%s' as policies can't grant access to other roles or projects", policy) } return nil } @@ -219,24 +238,32 @@ func validateProject(p *v1alpha1.AppProject) error { } } - tokensNames := make(map[string]bool) - for _, token := range p.Spec.Tokens { + roleNames := make(map[string]bool) + for _, role := range p.Spec.Roles { + if role.Metadata == nil { + return errors.New("Role must have a metadata") + } existingPolicies := make(map[string]bool) - for _, policy := range token.Policies { - err := validatePolicy(p.Name, token.Name, policy) + for _, policy := range role.Policies { + var err error + if role.Metadata.JwtToken != nil { + err = validateJwtToken(p.Name, role.Name, policy) + } else { + err = validatePolicy(p.Name, policy) + } if err != nil { return err } if _, ok := existingPolicies[policy]; !ok { existingPolicies[policy] = true } else { - return status.Errorf(codes.AlreadyExists, "token policy '%s' already exists for token '%s'", policy, token.Name) + return status.Errorf(codes.AlreadyExists, "policy '%s' already exists for role '%s'", policy, role.Name) } } - if _, ok := tokensNames[token.Name]; !ok { - tokensNames[token.Name] = true + if _, ok := roleNames[role.Name]; !ok { + roleNames[role.Name] = true } else { - return status.Errorf(codes.AlreadyExists, "Token '%s' already exists", token) + return status.Errorf(codes.AlreadyExists, "role '%s' already exists", role) } } @@ -261,12 +288,12 @@ func (s *Server) DeleteToken(ctx context.Context, q *ProjectTokenDeleteRequest) s.projectLock.Lock(q.Project) defer s.projectLock.Unlock(q.Project) - index, err := project.GetTokenIndex(q.Token) + index, err := project.GetRoleIndex(q.Token) if err != nil { return nil, err } - project.Spec.Tokens[index] = project.Spec.Tokens[len(project.Spec.Tokens)-1] - project.Spec.Tokens = project.Spec.Tokens[:len(project.Spec.Tokens)-1] + project.Spec.Roles[index] = project.Spec.Roles[len(project.Spec.Roles)-1] + project.Spec.Roles = project.Spec.Roles[:len(project.Spec.Roles)-1] _, err = s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Update(project) if err != nil { return nil, err diff --git a/server/project/project_test.go b/server/project/project_test.go index 1522ae89092f8..4a834c9624c4a 100644 --- a/server/project/project_test.go +++ b/server/project/project_test.go @@ -149,101 +149,108 @@ func TestProjectServer(t *testing.T) { sessionMgr := session.NewSessionManager(&settings.ArgoCDSettings{}) projWithToken := existingProj.DeepCopy() tokenName := "testToken" - token := v1alpha1.ProjectToken{Name: tokenName} - projWithToken.Spec.Tokens = append(projWithToken.Spec.Tokens, token) + tokenMetadata := &v1alpha1.ProjectRoleMetatdata{JwtToken: &v1alpha1.JwtTokenMetadata{CreatedAt: 1}} + token := v1alpha1.ProjectRole{Name: tokenName, Metadata: tokenMetadata} + projWithToken.Spec.Roles = append(projWithToken.Spec.Roles, token) projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, util.NewKeyLock(), sessionMgr) _, err := projectServer.DeleteToken(context.Background(), &ProjectTokenDeleteRequest{Project: projWithToken.Name, Token: tokenName}) assert.Nil(t, err) projWithoutToken, err := projectServer.Get(context.Background(), &ProjectQuery{Name: projWithToken.Name}) - assert.Len(t, projWithoutToken.Spec.Tokens, 0) + assert.Len(t, projWithoutToken.Spec.Roles, 0) }) t.Run("TestCreateDuplicateTokenFailure", func(t *testing.T) { sessionMgr := session.NewSessionManager(&settings.ArgoCDSettings{}) projWithToken := existingProj.DeepCopy() tokenName := "testToken" - token := v1alpha1.ProjectToken{Name: tokenName} - projWithToken.Spec.Token = append(projWithToken.Spec.Token, token) + tokenMetadata := &v1alpha1.ProjectRoleMetatdata{JwtToken: &v1alpha1.JwtTokenMetadata{CreatedAt: 1}} + token := v1alpha1.ProjectRole{Name: tokenName, Metadata: tokenMetadata} + projWithToken.Spec.Roles = append(projWithToken.Spec.Roles, token) projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, util.NewKeyLock(), sessionMgr) _, err := projectServer.CreateToken(context.Background(), &ProjectTokenCreateRequest{Project: projWithToken.Name, Token: tokenName}) expectedError := fmt.Sprintf("rpc error: code = AlreadyExists desc = '%s' token already exist for project '%s'", tokenName, projWithToken.Name) assert.EqualError(t, err, expectedError) }) - t.Run("TestCreateTokenPolicySuccessfully", func(t *testing.T) { + t.Run("TestCreateRolePolicySuccessfully", func(t *testing.T) { action := "create" object := "testObject" - tokenName := "testToken" + roleName := "testRole" - projWithToken := existingProj.DeepCopy() - token := v1alpha1.ProjectToken{Name: tokenName} - policy := fmt.Sprintf(policyTemplate, projWithToken.Name, tokenName, action, projWithToken.Name, object) - token.Policies = append(token.Policies, policy) - projWithToken.Spec.Tokens = append(projWithToken.Spec.Tokens, token) + projWithRole := existingProj.DeepCopy() + roleMetadata := &v1alpha1.ProjectRoleMetatdata{JwtToken: &v1alpha1.JwtTokenMetadata{CreatedAt: 1}} + role := v1alpha1.ProjectRole{Name: roleName, Metadata: roleMetadata} + policy := fmt.Sprintf(policyTemplate, projWithRole.Name, roleName, action, projWithRole.Name, object) + role.Policies = append(role.Policies, policy) + projWithRole.Spec.Roles = append(projWithRole.Spec.Roles, role) - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, util.NewKeyLock(), nil) - request := &ProjectUpdateRequest{Project: projWithToken} + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithRole), enforcer, util.NewKeyLock(), nil) + request := &ProjectUpdateRequest{Project: projWithRole} _, err := projectServer.Update(context.Background(), request) assert.Nil(t, err) - t.Log(projWithToken.Spec.Tokens[0].Policies[0]) - expectedPolicy := fmt.Sprintf(policyTemplate, projWithToken.Name, token.Name, action, projWithToken.Name, object) - assert.Equal(t, projWithToken.Spec.Tokens[0].Policies[0], expectedPolicy) + t.Log(projWithRole.Spec.Roles[0].Policies[0]) + expectedPolicy := fmt.Sprintf(policyTemplate, projWithRole.Name, role.Name, action, projWithRole.Name, object) + assert.Equal(t, projWithRole.Spec.Roles[0].Policies[0], expectedPolicy) }) - t.Run("TestCreateTokenPolicyDuplicatePolicyFailure", func(t *testing.T) { + t.Run("TestValidatePolicyDuplicatePolicyFailure", func(t *testing.T) { action := "create" object := "testObject" - tokenName := "testToken" - - projWithToken := existingProj.DeepCopy() - token := v1alpha1.ProjectToken{Name: tokenName} - policy := fmt.Sprintf(policyTemplate, projWithToken.Name, tokenName, action, projWithToken.Name, object) - token.Policies = append(token.Policies, policy) - token.Policies = append(token.Policies, policy) - projWithToken.Spec.Tokens = append(projWithToken.Spec.Tokens, token) - - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, util.NewKeyLock(), nil) - request := &ProjectUpdateRequest{Project: projWithToken} + roleName := "testRole" + + projWithRole := existingProj.DeepCopy() + roleMetadata := &v1alpha1.ProjectRoleMetatdata{JwtToken: &v1alpha1.JwtTokenMetadata{CreatedAt: 1}} + role := v1alpha1.ProjectRole{Name: roleName, Metadata: roleMetadata} + policy := fmt.Sprintf(policyTemplate, projWithRole.Name, roleName, action, projWithRole.Name, object) + role.Policies = append(role.Policies, policy) + role.Policies = append(role.Policies, policy) + projWithRole.Spec.Roles = append(projWithRole.Spec.Roles, role) + + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithRole), enforcer, util.NewKeyLock(), nil) + request := &ProjectUpdateRequest{Project: projWithRole} _, err := projectServer.Update(context.Background(), request) - expectedErr := fmt.Sprintf("rpc error: code = AlreadyExists desc = token policy '%s' already exists for token '%s'", policy, tokenName) + expectedErr := fmt.Sprintf("rpc error: code = AlreadyExists desc = policy '%s' already exists for role '%s'", policy, roleName) assert.EqualError(t, err, expectedErr) }) t.Run("TestValidateProjectAccessToSeparateProjectObjectFailure", func(t *testing.T) { action := "create" object := "testObject" - tokenName := "test" + roleName := "testRole" otherProject := "other-project" policyTemplate := "p, proj:%s:%s, projects, %s, %s/%s" - token := v1alpha1.ProjectToken{Name: tokenName} - policy := fmt.Sprintf(policyTemplate, projWithToken.Name, tokenName, action, otherProject, object) - token.Policies = append(token.Policies, policy) - projWithToken.Spec.Tokens = append(projWithToken.Spec.Tokens, token) + projWithRole := existingProj.DeepCopy() + roleMetadata := &v1alpha1.ProjectRoleMetatdata{JwtToken: &v1alpha1.JwtTokenMetadata{CreatedAt: 1}} + role := v1alpha1.ProjectRole{Name: roleName, Metadata: roleMetadata} + policy := fmt.Sprintf(policyTemplate, projWithRole.Name, roleName, action, otherProject, object) + role.Policies = append(role.Policies, policy) + projWithRole.Spec.Roles = append(projWithRole.Spec.Roles, role) - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, util.NewKeyLock(), nil) - request := &ProjectUpdateRequest{Project: projWithToken} + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithRole), enforcer, util.NewKeyLock(), nil) + request := &ProjectUpdateRequest{Project: projWithRole} _, err := projectServer.Update(context.Background(), request) - expectedErr := fmt.Sprintf("rpc error: code = InvalidArgument desc = incorrect token policy format for '%s' as token policies can't grant access to other tokens or projects", policy) + expectedErr := fmt.Sprintf("rpc error: code = InvalidArgument desc = incorrect policy format for '%s' as policies can't grant access to other roles or projects", policy) assert.EqualError(t, err, expectedErr) }) t.Run("TestValidateProjectIncorrectProjectInRoleFailure", func(t *testing.T) { action := "create" object := "testObject" - tokenName := "testToken" + roleName := "testRole" otherProject := "other-project" policyTemplate := "p, proj:%s:%s, projects, %s, %s/%s" - projWithToken := existingProj.DeepCopy() - token := v1alpha1.ProjectToken{Name: tokenName} - invalidPolicy := fmt.Sprintf(policyTemplate, otherProject, tokenName, action, projWithToken.Name, object) - token.Policies = append(token.Policies, invalidPolicy) - projWithToken.Spec.Tokens = append(projWithToken.Spec.Tokens, token) + projWithRole := existingProj.DeepCopy() + roleMetadata := &v1alpha1.ProjectRoleMetatdata{JwtToken: &v1alpha1.JwtTokenMetadata{CreatedAt: 1}} + role := v1alpha1.ProjectRole{Name: roleName, Metadata: roleMetadata} + invalidPolicy := fmt.Sprintf(policyTemplate, otherProject, roleName, action, projWithRole.Name, object) + role.Policies = append(role.Policies, invalidPolicy) + projWithRole.Spec.Roles = append(projWithRole.Spec.Roles, role) - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, util.NewKeyLock(), nil) - request := &ProjectUpdateRequest{Project: projWithToken} + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithRole), enforcer, util.NewKeyLock(), nil) + request := &ProjectUpdateRequest{Project: projWithRole} _, err := projectServer.Update(context.Background(), request) expectedErr := fmt.Sprintf("rpc error: code = InvalidArgument desc = incorrect policy format for '%s' as policy can't grant access to other projects", invalidPolicy) assert.EqualError(t, err, expectedErr) @@ -252,21 +259,21 @@ func TestProjectServer(t *testing.T) { t.Run("TestValidateProjectIncorrectTokenInRoleFailure", func(t *testing.T) { action := "create" object := "testObject" - tokenName := "testToken" + roleName := "testRole" policyTemplate := "p, proj:%s:%s, projects, %s, %s/%s" otherToken := "other-token" - projWithToken := existingProj.DeepCopy() - token := v1alpha1.ProjectToken{Name: tokenName} - invalidPolicy := fmt.Sprintf(policyTemplate, projWithToken.Name, otherToken, action, projWithToken.Name, object) - token.Policies = append(token.Policies, invalidPolicy) - token.Policies = append(token.Policies, invalidPolicy) - projWithToken.Spec.Tokens = append(projWithToken.Spec.Tokens, token) - - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, util.NewKeyLock(), nil) - request := &ProjectUpdateRequest{Project: projWithToken} + projWithRole := existingProj.DeepCopy() + roleMetadata := &v1alpha1.ProjectRoleMetatdata{JwtToken: &v1alpha1.JwtTokenMetadata{CreatedAt: 1}} + role := v1alpha1.ProjectRole{Name: roleName, Metadata: roleMetadata} + invalidPolicy := fmt.Sprintf(policyTemplate, projWithRole.Name, otherToken, action, projWithRole.Name, object) + role.Policies = append(role.Policies, invalidPolicy) + projWithRole.Spec.Roles = append(projWithRole.Spec.Roles, role) + + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithRole), enforcer, util.NewKeyLock(), nil) + request := &ProjectUpdateRequest{Project: projWithRole} _, err := projectServer.Update(context.Background(), request) - expectedErr := fmt.Sprintf("rpc error: code = InvalidArgument desc = incorrect policy format for '%s' as policy can't grant access to other tokens", invalidPolicy) + expectedErr := fmt.Sprintf("rpc error: code = InvalidArgument desc = incorrect policy format for '%s' as policy can't grant access to other roles", invalidPolicy) assert.EqualError(t, err, expectedErr) }) } diff --git a/server/swagger.json b/server/swagger.json index d16e8c3875480..612319451e378 100644 --- a/server/swagger.json +++ b/server/swagger.json @@ -1943,17 +1943,17 @@ "$ref": "#/definitions/v1alpha1ApplicationDestination" } }, - "sourceRepos": { + "roles": { "type": "array", - "title": "SourceRepos contains list of git repository URLs which can be used for deployment", "items": { - "type": "string" + "$ref": "#/definitions/v1alpha1ProjectRole" } }, - "tokens": { + "sourceRepos": { "type": "array", + "title": "SourceRepos contains list of git repository URLs which can be used for deployment", "items": { - "$ref": "#/definitions/v1alpha1ProjectToken" + "type": "string" } } } @@ -2291,6 +2291,16 @@ } } }, + "v1alpha1JwtTokenMetadata": { + "type": "object", + "title": "JwtTokenMetadata holds the createdAt time of a token", + "properties": { + "createdAt": { + "type": "string", + "format": "int64" + } + } + }, "v1alpha1Operation": { "description": "Operation contains requested operation parameters.", "type": "object", @@ -2332,13 +2342,12 @@ } } }, - "v1alpha1ProjectToken": { + "v1alpha1ProjectRole": { "type": "object", - "title": "ProjectToken contains metadata of a token for a project", + "title": "ProjectRole represents a role that has access to a project", "properties": { - "createdAt": { - "type": "string", - "format": "int64" + "metadata": { + "$ref": "#/definitions/v1alpha1ProjectRoleMetatdata" }, "name": { "type": "string" @@ -2351,6 +2360,15 @@ } } }, + "v1alpha1ProjectRoleMetatdata": { + "type": "object", + "title": "ProjectRoleMetatdata represents all the different types of roles a project can have\nProjectRoleMetatdata only one of its members may be specified for a specific role", + "properties": { + "jwtToken": { + "$ref": "#/definitions/v1alpha1JwtTokenMetadata" + } + } + }, "v1alpha1Repository": { "type": "object", "title": "Repository is a Git repository holding application configurations", diff --git a/util/rbac/rbac.go b/util/rbac/rbac.go index 68046bf99ddff..cbf23b0d5bec5 100644 --- a/util/rbac/rbac.go +++ b/util/rbac/rbac.go @@ -2,7 +2,6 @@ package rbac import ( "context" - "errors" "fmt" "strings" "time" @@ -133,47 +132,44 @@ func (e *Enforcer) defaultEnforceClaims(rvals ...interface{}) bool { } user := jwtutil.GetField(mapClaims, "sub") if strings.HasPrefix(user, "proj:") { - model := loadModel() - projPolicy, tokenCreationTime, err := e.getProjectTokenInfo(user) - if err != nil { - log.Error(err) - return false - } - iat := jwtutil.GetInt64Field(mapClaims, "iat") - if tokenCreationTime != iat { - return false - } - adapter := scas.NewAdapter(projPolicy) - enf := casbin.NewEnforcer(model, adapter) - enf.EnableLog(false) - vals := append([]interface{}{user}, rvals[1:]...) - return enf.Enforce(vals...) - + return e.enforceJwtToken(user, mapClaims, rvals...) } vals := append([]interface{}{user}, rvals[1:]...) return e.Enforce(vals...) } -//TODO: Add tests for method -// Returns all the policies for a project and when the token was created. -func (e *Enforcer) getProjectTokenInfo(user string) (string, int64, error) { +func (e *Enforcer) enforceJwtToken(user string, mapClaims jwt.MapClaims, rvals ...interface{}) bool { userSplit := strings.Split(user, ":") if len(userSplit) != 3 { - return "", -1, errors.New("incorrectly formated sub. Should follow proj:: format") + return false } projName := userSplit[1] tokenName := userSplit[2] proj, err := e.appclientset.ArgoprojV1alpha1().AppProjects(e.namespace).Get(projName, metav1.GetOptions{}) if err != nil { - fmt.Print(err) - return "", -1, err + return false } - for _, token := range proj.Spec.Tokens { - if token.Name == tokenName { - return proj.TokenPoliciesString(), token.CreatedAt, nil - } + index, err := proj.GetRoleIndex(tokenName) + if err != nil { + return false } - return "", -1, errors.New("project doesn't have token") + if proj.Spec.Roles[index].Metadata.JwtToken == nil { + return false + } + iat := jwtutil.GetInt64Field(mapClaims, "iat") + if proj.Spec.Roles[index].Metadata.JwtToken.CreatedAt != iat { + return false + } + vals := append([]interface{}{user}, rvals[1:]...) + return e.enforceCustomPolicy(proj.ProjectPoliciesString(), vals...) +} + +func (e *Enforcer) enforceCustomPolicy(projPolicy string, rvals ...interface{}) bool { + model := loadModel() + adapter := scas.NewAdapter(projPolicy) + enf := casbin.NewEnforcer(model, adapter) + enf.EnableLog(false) + return enf.Enforce(rvals...) } // SetBuiltinPolicy sets a built-in policy, which augments any user defined policies diff --git a/util/rbac/rbac_test.go b/util/rbac/rbac_test.go index 675c6a7599c70..50faa7801541a 100644 --- a/util/rbac/rbac_test.go +++ b/util/rbac/rbac_test.go @@ -2,15 +2,19 @@ package rbac import ( "context" + "fmt" "testing" "time" + "github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1" + apps "github.com/argoproj/argo-cd/pkg/client/clientset/versioned/fake" jwt "github.com/dgrijalva/jwt-go" "github.com/gobuffalo/packr" log "github.com/sirupsen/logrus" "github.com/stretchr/testify/assert" apiv1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/kubernetes/fake" ) @@ -342,3 +346,69 @@ func TestNoPolicy(t *testing.T) { enf := NewEnforcer(kubeclientset, nil, fakeNamespace, fakeConfgMapName, nil) assert.False(t, enf.Enforce("admin", "applications", "delete", "foo/bar")) } + +func TestEnforceJwtToken(t *testing.T) { + projectName := "testProj" + tokenName := "testToken" + subFormat := "proj:%s:%s" + sub := fmt.Sprintf(subFormat, projectName, tokenName) + policy := fmt.Sprintf("p, %s, projects, get, %s", sub, projectName) + createdAt := int64(1) + + tokenMetadata := &v1alpha1.ProjectRoleMetatdata{JwtToken: &v1alpha1.JwtTokenMetadata{CreatedAt: createdAt}} + role := v1alpha1.ProjectRole{Name: tokenName, Policies: []string{policy}, Metadata: tokenMetadata} + existingProj := v1alpha1.AppProject{ + ObjectMeta: metav1.ObjectMeta{Name: projectName, Namespace: fakeNamespace}, + Spec: v1alpha1.AppProjectSpec{ + Roles: []v1alpha1.ProjectRole{role}, + }, + } + t.Run("TestEnforceJwtTokenSuccessful", func(t *testing.T) { + proj := existingProj.DeepCopy() + enf := NewEnforcer(nil, apps.NewSimpleClientset(proj), "", "", nil) + claims := jwt.MapClaims{"sub": sub, "iat": createdAt} + assert.True(t, enf.EnforceClaims(claims, "projects", "get", projectName)) + }) + + t.Run("TestEnforceJwtTokenWithDiffCreateAtFailure", func(t *testing.T) { + diffCreateAt := createdAt + 1 + proj := existingProj.DeepCopy() + enf := NewEnforcer(nil, apps.NewSimpleClientset(proj), "", "", nil) + claims := jwt.MapClaims{"sub": sub, "iat": diffCreateAt} + assert.False(t, enf.EnforceClaims(claims, "projects", "get", projectName)) + }) + + t.Run("TestEnforceJwtTokenIncorrectSubFormatFailure", func(t *testing.T) { + proj := existingProj.DeepCopy() + invalidSub := "proj:test" + enf := NewEnforcer(nil, apps.NewSimpleClientset(proj), "", "", nil) + claims := jwt.MapClaims{"sub": invalidSub, "iat": createdAt} + assert.False(t, enf.EnforceClaims(claims, "projects", "get", projectName)) + }) + + t.Run("TestEnforceJwtTokenNoTokenFailure", func(t *testing.T) { + proj := existingProj.DeepCopy() + invalidToken := "fake-token" + invalidSub := fmt.Sprintf(subFormat, projectName, invalidToken) + enf := NewEnforcer(nil, apps.NewSimpleClientset(proj), "", "", nil) + claims := jwt.MapClaims{"sub": invalidSub, "iat": createdAt} + assert.False(t, enf.EnforceClaims(claims, "projects", "get", projectName)) + }) + + t.Run("TestEnforceJwtTokenNoTokenFailure", func(t *testing.T) { + proj := existingProj.DeepCopy() + invalidToken := "fake-token" + invalidSub := fmt.Sprintf(subFormat, projectName, invalidToken) + enf := NewEnforcer(nil, apps.NewSimpleClientset(proj), "", "", nil) + claims := jwt.MapClaims{"sub": invalidSub, "iat": createdAt} + assert.False(t, enf.EnforceClaims(claims, "projects", "get", projectName)) + }) + + t.Run("TestEnforceJwtTokenNotJwtTokenFailure", func(t *testing.T) { + proj := existingProj.DeepCopy() + proj.Spec.Roles[0].Metadata.JwtToken = nil + enf := NewEnforcer(nil, apps.NewSimpleClientset(proj), "", "", nil) + claims := jwt.MapClaims{"sub": sub, "iat": createdAt} + assert.False(t, enf.EnforceClaims(claims, "projects", "get", projectName)) + }) +} From ba9299183418462793574ddd86983e0438bc25af Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Tue, 7 Aug 2018 13:39:57 -0700 Subject: [PATCH 11/43] Move argocd specific enforcement to projects server --- pkg/apis/application/v1alpha1/types.go | 8 +- server/application/application_test.go | 2 +- server/project/project.go | 104 ++++++++++++++++++++++--- server/project/project_test.go | 60 +++++++++++++- server/server.go | 2 +- server/session/session.go | 2 +- util/rbac/rbac.go | 46 +---------- util/rbac/rbac_test.go | 93 +++------------------- util/session/sessionmanager.go | 12 +-- util/session/sessionmanager_test.go | 2 +- 10 files changed, 178 insertions(+), 153 deletions(-) diff --git a/pkg/apis/application/v1alpha1/types.go b/pkg/apis/application/v1alpha1/types.go index 4a857222f88c7..3b19a0f50e9e5 100644 --- a/pkg/apis/application/v1alpha1/types.go +++ b/pkg/apis/application/v1alpha1/types.go @@ -429,7 +429,7 @@ type RepositoryList struct { // AppProjectList is list of AppProject resources // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object type AppProjectList struct { - metav1.TypeMeta `json:",inline""` + metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata" protobuf:"bytes,1,opt,name=metadata"` Items []AppProject `json:"items" protobuf:"bytes,2,rep,name=items"` } @@ -464,11 +464,11 @@ type AppProjectSpec struct { // Description contains optional project description Description string `json:"description,omitempty" protobuf:"bytes,3,opt,name=description"` - Roles []ProjectRole `protobuf:"bytes,4,rep,name=roles"` + Roles []ProjectRole `json:"roles,omitempty" protobuf:"bytes,4,rep,name=roles"` } -// GetRoleIndex looks up the index of a role in a project by the name -func (proj *AppProject) GetRoleIndex(name string) (int, error) { +// GetRoleIndexByName looks up the index of a role in a project by the name +func (proj *AppProject) GetRoleIndexByName(name string) (int, error) { for i, role := range proj.Spec.Roles { if name == role.Name { return i, nil diff --git a/server/application/application_test.go b/server/application/application_test.go index f6748744dedb7..885689dadb640 100644 --- a/server/application/application_test.go +++ b/server/application/application_test.go @@ -75,7 +75,7 @@ func fakeListDirResponse() *repository.FileList { // return an ApplicationServiceServer which returns fake data func newTestAppServer() ApplicationServiceServer { kubeclientset := fake.NewSimpleClientset() - enforcer := rbac.NewEnforcer(kubeclientset, nil, testNamespace, common.ArgoCDRBACConfigMapName, nil) + enforcer := rbac.NewEnforcer(kubeclientset, testNamespace, common.ArgoCDRBACConfigMapName, nil) enforcer.SetBuiltinPolicy(test.BuiltinPolicy) enforcer.SetDefaultRole("role:admin") diff --git a/server/project/project.go b/server/project/project.go index 6d419e4c43069..33f6d19b73f37 100644 --- a/server/project/project.go +++ b/server/project/project.go @@ -14,8 +14,12 @@ import ( "github.com/argoproj/argo-cd/util/argo" "github.com/argoproj/argo-cd/util/git" "github.com/argoproj/argo-cd/util/grpc" + jwtUtil "github.com/argoproj/argo-cd/util/jwt" "github.com/argoproj/argo-cd/util/rbac" "github.com/argoproj/argo-cd/util/session" + "github.com/casbin/casbin" + jwt "github.com/dgrijalva/jwt-go" + scas "github.com/qiangmzsx/string-adapter" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" "k8s.io/api/core/v1" @@ -46,9 +50,77 @@ func NewServer(ns string, kubeclientset kubernetes.Interface, appclientset appcl return &Server{enf: enf, appclientset: appclientset, kubeclientset: kubeclientset, ns: ns, projectLock: projectLock, auditLogger: auditLogger, sessionMgr: sessionMgr} } +func defaultEnforceClaims(rvals ...interface{}) bool { + s, ok := rvals[0].(*Server) + if !ok { + return false + } + claims, ok := rvals[1].(jwt.Claims) + if !ok { + if rvals[1] == nil { + vals := append([]interface{}{""}, rvals[2:]...) + return s.enf.Enforce(vals...) + } + return s.enf.Enforce(rvals...) + } + + mapClaims, err := jwtUtil.MapClaims(claims) + if err != nil { + vals := append([]interface{}{""}, rvals[2:]...) + return s.enf.Enforce(vals...) + } + groups := jwtUtil.GetGroups(mapClaims) + for _, group := range groups { + vals := append([]interface{}{group}, rvals[2:]...) + if s.enf.Enforcer.Enforce(vals...) { + return true + } + } + user := jwtUtil.GetField(mapClaims, "sub") + if strings.HasPrefix(user, "proj:") { + return s.enforceJwtToken(user, mapClaims, rvals[1:]...) + } + vals := append([]interface{}{user}, rvals[2:]...) + return s.enf.Enforce(vals...) +} + +func (s *Server) enforceJwtToken(user string, mapClaims jwt.MapClaims, rvals ...interface{}) bool { + userSplit := strings.Split(user, ":") + if len(userSplit) != 3 { + return false + } + projName := userSplit[1] + tokenName := userSplit[2] + proj, err := s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Get(projName, metav1.GetOptions{}) + if err != nil { + return false + } + index, err := proj.GetRoleIndexByName(tokenName) + if err != nil { + return false + } + if proj.Spec.Roles[index].Metadata.JwtToken == nil { + return false + } + iat := jwtUtil.GetInt64Field(mapClaims, "iat") + if proj.Spec.Roles[index].Metadata.JwtToken.CreatedAt != iat { + return false + } + vals := append([]interface{}{user}, rvals[1:]...) + return enforceCustomPolicy(proj.ProjectPoliciesString(), vals...) +} + +func enforceCustomPolicy(projPolicy string, rvals ...interface{}) bool { + model := rbac.LoadModel() + adapter := scas.NewAdapter(projPolicy) + enf := casbin.NewEnforcer(model, adapter) + enf.EnableLog(false) + return enf.Enforce(rvals...) +} + // CreateToken creates a new token to access a project func (s *Server) CreateToken(ctx context.Context, q *ProjectTokenCreateRequest) (*ProjectTokenResponse, error) { - if !s.enf.EnforceClaims(ctx.Value("claims"), "projects", "update", q.Project) { + if !s.enf.EnforceClaims(s, ctx.Value("claims"), "projects", "update", q.Project) { return nil, grpc.ErrPermissionDenied } project, err := s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Get(q.Project, metav1.GetOptions{}) @@ -63,7 +135,7 @@ func (s *Server) CreateToken(ctx context.Context, q *ProjectTokenCreateRequest) s.projectLock.Lock(q.Project) defer s.projectLock.Unlock(q.Project) - _, err = project.GetRoleIndex(q.Token) + _, err = project.GetRoleIndexByName(q.Token) if err == nil { return nil, status.Errorf(codes.AlreadyExists, "'%s' token already exist for project '%s'", q.Token, q.Project) } @@ -73,7 +145,17 @@ func (s *Server) CreateToken(ctx context.Context, q *ProjectTokenCreateRequest) if err != nil { return nil, err } - tokenMetadata := &v1alpha1.ProjectRoleMetatdata{JwtToken: &v1alpha1.JwtTokenMetadata{CreatedAt: jwtToken.IssuedAt}} + claims, err := s.sessionMgr.Parse(jwtToken) + if err != nil { + return nil, err + } + mapClaims, err := jwtUtil.MapClaims(claims) + if err != nil { + return nil, err + } + issuedAt := jwtUtil.GetInt64Field(mapClaims, "iat") + + tokenMetadata := &v1alpha1.ProjectRoleMetatdata{JwtToken: &v1alpha1.JwtTokenMetadata{CreatedAt: issuedAt}} token := v1alpha1.ProjectRole{Name: q.Token, Metadata: tokenMetadata} project.Spec.Roles = append(project.Spec.Roles, token) _, err = s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Update(project) @@ -81,13 +163,13 @@ func (s *Server) CreateToken(ctx context.Context, q *ProjectTokenCreateRequest) return nil, err } s.logEvent(project, ctx, argo.EventReasonResourceCreated, "create token") - return &ProjectTokenResponse{Token: jwtToken.Token}, nil + return &ProjectTokenResponse{Token: jwtToken}, nil } // Create a new project. func (s *Server) Create(ctx context.Context, q *ProjectCreateRequest) (*v1alpha1.AppProject, error) { - if !s.enf.EnforceClaims(ctx.Value("claims"), "projects", "create", q.Project.Name) { + if !s.enf.EnforceClaims(s, ctx.Value("claims"), "projects", "create", q.Project.Name) { return nil, grpc.ErrPermissionDenied } if q.Project.Name == common.DefaultAppProjectName { @@ -112,7 +194,7 @@ func (s *Server) List(ctx context.Context, q *ProjectQuery) (*v1alpha1.AppProjec newItems := make([]v1alpha1.AppProject, 0) for i := range list.Items { project := list.Items[i] - if s.enf.EnforceClaims(ctx.Value("claims"), "projects", "get", project.Name) { + if s.enf.EnforceClaims(s, ctx.Value("claims"), "projects", "get", project.Name) { newItems = append(newItems, project) } } @@ -123,7 +205,7 @@ func (s *Server) List(ctx context.Context, q *ProjectQuery) (*v1alpha1.AppProjec // Get returns a project by name func (s *Server) Get(ctx context.Context, q *ProjectQuery) (*v1alpha1.AppProject, error) { - if !s.enf.EnforceClaims(ctx.Value("claims"), "projects", "get", q.Name) { + if !s.enf.EnforceClaims(s, ctx.Value("claims"), "projects", "get", q.Name) { return nil, grpc.ErrPermissionDenied } return s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Get(q.Name, metav1.GetOptions{}) @@ -273,7 +355,7 @@ func validateProject(p *v1alpha1.AppProject) error { // DeleteToken deletes a token in a project func (s *Server) DeleteToken(ctx context.Context, q *ProjectTokenDeleteRequest) (*EmptyResponse, error) { - if !s.enf.EnforceClaims(ctx.Value("claims"), "projects", "delete", q.Project) { + if !s.enf.EnforceClaims(s, ctx.Value("claims"), "projects", "delete", q.Project) { return nil, grpc.ErrPermissionDenied } project, err := s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Get(q.Project, metav1.GetOptions{}) @@ -288,7 +370,7 @@ func (s *Server) DeleteToken(ctx context.Context, q *ProjectTokenDeleteRequest) s.projectLock.Lock(q.Project) defer s.projectLock.Unlock(q.Project) - index, err := project.GetRoleIndex(q.Token) + index, err := project.GetRoleIndexByName(q.Token) if err != nil { return nil, err } @@ -308,7 +390,7 @@ func (s *Server) Update(ctx context.Context, q *ProjectUpdateRequest) (*v1alpha1 if q.Project.Name == common.DefaultAppProjectName { return nil, grpc.ErrPermissionDenied } - if !s.enf.EnforceClaims(ctx.Value("claims"), "projects", "update", q.Project.Name) { + if !s.enf.EnforceClaims(s, ctx.Value("claims"), "projects", "update", q.Project.Name) { return nil, grpc.ErrPermissionDenied } err := validateProject(q.Project) @@ -364,7 +446,7 @@ func (s *Server) Update(ctx context.Context, q *ProjectUpdateRequest) (*v1alpha1 // Delete deletes a project func (s *Server) Delete(ctx context.Context, q *ProjectQuery) (*EmptyResponse, error) { - if !s.enf.EnforceClaims(ctx.Value("claims"), "projects", "delete", q.Name) { + if !s.enf.EnforceClaims(s, ctx.Value("claims"), "projects", "delete", q.Name) { return nil, grpc.ErrPermissionDenied } diff --git a/server/project/project_test.go b/server/project/project_test.go index 4a834c9624c4a..c62a37bed222c 100644 --- a/server/project/project_test.go +++ b/server/project/project_test.go @@ -5,6 +5,7 @@ import ( "fmt" "testing" + jwt "github.com/dgrijalva/jwt-go" "github.com/stretchr/testify/assert" "google.golang.org/grpc" "google.golang.org/grpc/codes" @@ -23,7 +24,7 @@ import ( ) func TestProjectServer(t *testing.T) { - enforcer := rbac.NewEnforcer(fake.NewSimpleClientset(), nil, "default", common.ArgoCDRBACConfigMapName, nil) + enforcer := rbac.NewEnforcer(fake.NewSimpleClientset(), "default", common.ArgoCDRBACConfigMapName, nil) enforcer.SetBuiltinPolicy(test.BuiltinPolicy) enforcer.SetDefaultRole("role:admin") existingProj := v1alpha1.AppProject{ @@ -277,3 +278,60 @@ func TestProjectServer(t *testing.T) { assert.EqualError(t, err, expectedErr) }) } + +func TestEnforceJwtToken(t *testing.T) { + projectName := "testProj" + tokenName := "testToken" + subFormat := "proj:%s:%s" + fakeNamespace := "fakeNamespace" + sub := fmt.Sprintf(subFormat, projectName, tokenName) + policy := fmt.Sprintf("p, %s, projects, get, %s", sub, projectName) + createdAt := int64(1) + + tokenMetadata := &v1alpha1.ProjectRoleMetatdata{JwtToken: &v1alpha1.JwtTokenMetadata{CreatedAt: createdAt}} + role := v1alpha1.ProjectRole{Name: tokenName, Policies: []string{policy}, Metadata: tokenMetadata} + existingProj := v1alpha1.AppProject{ + ObjectMeta: v1.ObjectMeta{Name: projectName, Namespace: fakeNamespace}, + Spec: v1alpha1.AppProjectSpec{ + Roles: []v1alpha1.ProjectRole{role}, + }, + } + enforcer := rbac.NewEnforcer(fake.NewSimpleClientset(), fakeNamespace, common.ArgoCDRBACConfigMapName, nil) + + t.Run("TestEnforceJwtTokenSuccessful", func(t *testing.T) { + s := NewServer(fakeNamespace, fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj), enforcer, util.NewKeyLock(), nil) + claims := jwt.MapClaims{"sub": sub, "iat": createdAt} + assert.True(t, s.enf.EnforceClaims(s, claims, "projects", "get", projectName)) + }) + + t.Run("TestEnforceJwtTokenWithDiffCreateAtFailure", func(t *testing.T) { + s := NewServer(fakeNamespace, fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj), enforcer, util.NewKeyLock(), nil) + + diffCreateAt := createdAt + 1 + claims := jwt.MapClaims{"sub": sub, "iat": diffCreateAt} + assert.False(t, s.enf.EnforceClaims(s, claims, "projects", "get", projectName)) + }) + + t.Run("TestEnforceJwtTokenIncorrectSubFormatFailure", func(t *testing.T) { + s := NewServer(fakeNamespace, fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj), enforcer, util.NewKeyLock(), nil) + invalidSub := "proj:test" + claims := jwt.MapClaims{"sub": invalidSub, "iat": createdAt} + assert.False(t, s.enf.EnforceClaims(s, claims, "projects", "get", projectName)) + }) + + t.Run("TestEnforceJwtTokenNoTokenFailure", func(t *testing.T) { + s := NewServer(fakeNamespace, fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj), enforcer, util.NewKeyLock(), nil) + nonExistentToken := "fake-token" + invalidSub := fmt.Sprintf(subFormat, projectName, nonExistentToken) + claims := jwt.MapClaims{"sub": invalidSub, "iat": createdAt} + assert.False(t, s.enf.EnforceClaims(s, claims, "projects", "get", projectName)) + }) + + t.Run("TestEnforceJwtTokenNotJwtTokenFailure", func(t *testing.T) { + proj := existingProj.DeepCopy() + proj.Spec.Roles[0].Metadata.JwtToken = nil + s := NewServer(fakeNamespace, fake.NewSimpleClientset(), apps.NewSimpleClientset(proj), enforcer, util.NewKeyLock(), nil) + claims := jwt.MapClaims{"sub": sub, "iat": createdAt} + assert.False(t, s.enf.EnforceClaims(s, claims, "projects", "get", projectName)) + }) +} diff --git a/server/server.go b/server/server.go index e48cf45ffaadf..a6ee0610bcff2 100644 --- a/server/server.go +++ b/server/server.go @@ -131,7 +131,7 @@ func NewServer(opts ArgoCDServerOpts) *ArgoCDServer { errors.CheckError(err) sessionMgr := util_session.NewSessionManager(settings) - enf := rbac.NewEnforcer(opts.KubeClientset, opts.AppClientset, opts.Namespace, common.ArgoCDRBACConfigMapName, nil) + enf := rbac.NewEnforcer(opts.KubeClientset, opts.Namespace, common.ArgoCDRBACConfigMapName, nil) enf.EnableEnforce(!opts.DisableAuth) err = enf.SetBuiltinPolicy(builtinPolicy) errors.CheckError(err) diff --git a/server/session/session.go b/server/session/session.go index bd92495495776..6cb1bea8bea06 100644 --- a/server/session/session.go +++ b/server/session/session.go @@ -38,7 +38,7 @@ func (s *Server) Create(ctx context.Context, q *SessionCreateRequest) (*SessionR if err != nil { return nil, err } - return &SessionResponse{Token: jwtToken.Token}, nil + return &SessionResponse{Token: jwtToken}, nil } // Delete an authentication cookie from the client. This makes sense only for the Web client. diff --git a/util/rbac/rbac.go b/util/rbac/rbac.go index cbf23b0d5bec5..01bf83cca4595 100644 --- a/util/rbac/rbac.go +++ b/util/rbac/rbac.go @@ -3,7 +3,6 @@ package rbac import ( "context" "fmt" - "strings" "time" "github.com/casbin/casbin" @@ -50,14 +49,14 @@ type Enforcer struct { appclientset appclientset.Interface } -func loadModel() model.Model { +func LoadModel() model.Model { box := packr.NewBox(".") modelConf := box.String(builtinModelFile) return casbin.NewModel(modelConf) } -func NewEnforcer(clientset kubernetes.Interface, appclientset appclientset.Interface, namespace, configmap string, claimsEnforcer ClaimsEnforcerFunc) *Enforcer { - model := loadModel() +func NewEnforcer(clientset kubernetes.Interface, namespace, configmap string, claimsEnforcer ClaimsEnforcerFunc) *Enforcer { + model := LoadModel() adapter := scas.NewAdapter("") enf := casbin.NewEnforcer(model, adapter) enf.EnableLog(false) @@ -69,7 +68,6 @@ func NewEnforcer(clientset kubernetes.Interface, appclientset appclientset.Inter configmap: configmap, model: model, claimsEnforcerFunc: claimsEnforcer, - appclientset: appclientset, } } @@ -117,7 +115,6 @@ func (e *Enforcer) defaultEnforceClaims(rvals ...interface{}) bool { } return e.Enforce(rvals...) } - mapClaims, err := jwtutil.MapClaims(claims) if err != nil { vals := append([]interface{}{""}, rvals[1:]...) @@ -131,47 +128,10 @@ func (e *Enforcer) defaultEnforceClaims(rvals ...interface{}) bool { } } user := jwtutil.GetField(mapClaims, "sub") - if strings.HasPrefix(user, "proj:") { - return e.enforceJwtToken(user, mapClaims, rvals...) - } vals := append([]interface{}{user}, rvals[1:]...) return e.Enforce(vals...) } -func (e *Enforcer) enforceJwtToken(user string, mapClaims jwt.MapClaims, rvals ...interface{}) bool { - userSplit := strings.Split(user, ":") - if len(userSplit) != 3 { - return false - } - projName := userSplit[1] - tokenName := userSplit[2] - proj, err := e.appclientset.ArgoprojV1alpha1().AppProjects(e.namespace).Get(projName, metav1.GetOptions{}) - if err != nil { - return false - } - index, err := proj.GetRoleIndex(tokenName) - if err != nil { - return false - } - if proj.Spec.Roles[index].Metadata.JwtToken == nil { - return false - } - iat := jwtutil.GetInt64Field(mapClaims, "iat") - if proj.Spec.Roles[index].Metadata.JwtToken.CreatedAt != iat { - return false - } - vals := append([]interface{}{user}, rvals[1:]...) - return e.enforceCustomPolicy(proj.ProjectPoliciesString(), vals...) -} - -func (e *Enforcer) enforceCustomPolicy(projPolicy string, rvals ...interface{}) bool { - model := loadModel() - adapter := scas.NewAdapter(projPolicy) - enf := casbin.NewEnforcer(model, adapter) - enf.EnableLog(false) - return enf.Enforce(rvals...) -} - // SetBuiltinPolicy sets a built-in policy, which augments any user defined policies func (e *Enforcer) SetBuiltinPolicy(policy string) error { e.builtinPolicy = policy diff --git a/util/rbac/rbac_test.go b/util/rbac/rbac_test.go index 50faa7801541a..f6796acda1d8b 100644 --- a/util/rbac/rbac_test.go +++ b/util/rbac/rbac_test.go @@ -2,12 +2,9 @@ package rbac import ( "context" - "fmt" "testing" "time" - "github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1" - apps "github.com/argoproj/argo-cd/pkg/client/clientset/versioned/fake" jwt "github.com/dgrijalva/jwt-go" "github.com/gobuffalo/packr" log "github.com/sirupsen/logrus" @@ -51,7 +48,7 @@ func fakeConfigMap(policy ...string) *apiv1.ConfigMap { // TestBuiltinPolicyEnforcer tests the builtin policy rules func TestBuiltinPolicyEnforcer(t *testing.T) { kubeclientset := fake.NewSimpleClientset() - enf := NewEnforcer(kubeclientset, nil, fakeNamespace, fakeConfgMapName, nil) + enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfgMapName, nil) err := enf.syncUpdate(fakeConfigMap()) assert.Nil(t, err) @@ -90,7 +87,7 @@ func TestPolicyInformer(t *testing.T) { cm := fakeConfigMap() cm.Data[ConfigMapPolicyCSVKey] = "p, admin, applications, delete, */*, allow" kubeclientset := fake.NewSimpleClientset(cm) - enf := NewEnforcer(kubeclientset, nil, fakeNamespace, fakeConfgMapName, nil) + enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfgMapName, nil) ctx := context.Background() ctx, cancel := context.WithCancel(ctx) @@ -117,7 +114,7 @@ func TestPolicyInformer(t *testing.T) { // TestResourceActionWildcards verifies the ability to use wildcards in resources and actions func TestResourceActionWildcards(t *testing.T) { kubeclientset := fake.NewSimpleClientset(fakeConfigMap()) - enf := NewEnforcer(kubeclientset, nil, fakeNamespace, fakeConfgMapName, nil) + enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfgMapName, nil) policy := ` p, alice, *, get, foo/obj, allow p, bob, repositories, *, foo/obj, allow @@ -180,7 +177,7 @@ p, trudy, applications/secrets, get, foo/obj, deny // TestProjectIsolationEnforcement verifies the ability to create Project specific policies func TestProjectIsolationEnforcement(t *testing.T) { kubeclientset := fake.NewSimpleClientset(fakeConfigMap()) - enf := NewEnforcer(kubeclientset, nil, fakeNamespace, fakeConfgMapName, nil) + enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfgMapName, nil) policy := ` p, role:foo-admin, *, *, foo/*, allow p, role:bar-admin, *, *, bar/*, allow @@ -200,7 +197,7 @@ g, bob, role:bar-admin // TestProjectReadOnly verifies the ability to have a read only role in a Project func TestProjectReadOnly(t *testing.T) { kubeclientset := fake.NewSimpleClientset(fakeConfigMap()) - enf := NewEnforcer(kubeclientset, nil, fakeNamespace, fakeConfgMapName, nil) + enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfgMapName, nil) policy := ` p, role:foo-readonly, *, get, foo/*, allow g, alice, role:foo-readonly @@ -215,7 +212,7 @@ g, alice, role:foo-readonly func TestEnforceClaims(t *testing.T) { kubeclientset := fake.NewSimpleClientset(fakeConfigMap()) - enf := NewEnforcer(kubeclientset, nil, fakeNamespace, fakeConfgMapName, nil) + enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfgMapName, nil) enf.SetBuiltinPolicy(box.String(builtinPolicyFile)) policy := ` g, org2:team2, role:admin @@ -246,7 +243,7 @@ g, bob, role:admin // TestDefaultRole tests the ability to set a default role func TestDefaultRole(t *testing.T) { kubeclientset := fake.NewSimpleClientset() - enf := NewEnforcer(kubeclientset, nil, fakeNamespace, fakeConfgMapName, nil) + enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfgMapName, nil) err := enf.syncUpdate(fakeConfigMap()) assert.Nil(t, err) enf.SetBuiltinPolicy(box.String(builtinPolicyFile)) @@ -263,7 +260,7 @@ func TestDefaultRole(t *testing.T) { // TestURLAsObjectName tests the ability to have a URL as an object name func TestURLAsObjectName(t *testing.T) { kubeclientset := fake.NewSimpleClientset() - enf := NewEnforcer(kubeclientset, nil, fakeNamespace, fakeConfgMapName, nil) + enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfgMapName, nil) err := enf.syncUpdate(fakeConfigMap()) assert.Nil(t, err) policy := ` @@ -283,7 +280,7 @@ p, cathy, repositories, *, foo/*, allow func TestEnforceNilClaims(t *testing.T) { kubeclientset := fake.NewSimpleClientset(fakeConfigMap()) - enf := NewEnforcer(kubeclientset, nil, fakeNamespace, fakeConfgMapName, nil) + enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfgMapName, nil) enf.SetBuiltinPolicy(box.String(builtinPolicyFile)) assert.False(t, enf.EnforceClaims(nil, "applications", "get", "foo/obj")) enf.SetDefaultRole("role:readonly") @@ -292,7 +289,7 @@ func TestEnforceNilClaims(t *testing.T) { func TestEnableDisableEnforce(t *testing.T) { kubeclientset := fake.NewSimpleClientset(fakeConfigMap()) - enf := NewEnforcer(kubeclientset, nil, fakeNamespace, fakeConfgMapName, nil) + enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfgMapName, nil) policy := ` p, alice, *, get, foo/obj, allow p, mike, *, get, foo/obj, deny @@ -313,7 +310,7 @@ p, mike, *, get, foo/obj, deny func TestUpdatePolicy(t *testing.T) { kubeclientset := fake.NewSimpleClientset(fakeConfigMap()) - enf := NewEnforcer(kubeclientset, nil, fakeNamespace, fakeConfgMapName, nil) + enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfgMapName, nil) enf.SetUserPolicy("p, alice, *, get, foo/obj, allow") assert.True(t, enf.Enforce("alice", "applications", "get", "foo/obj")) @@ -343,72 +340,6 @@ func TestUpdatePolicy(t *testing.T) { func TestNoPolicy(t *testing.T) { cm := fakeConfigMap() kubeclientset := fake.NewSimpleClientset(cm) - enf := NewEnforcer(kubeclientset, nil, fakeNamespace, fakeConfgMapName, nil) + enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfgMapName, nil) assert.False(t, enf.Enforce("admin", "applications", "delete", "foo/bar")) } - -func TestEnforceJwtToken(t *testing.T) { - projectName := "testProj" - tokenName := "testToken" - subFormat := "proj:%s:%s" - sub := fmt.Sprintf(subFormat, projectName, tokenName) - policy := fmt.Sprintf("p, %s, projects, get, %s", sub, projectName) - createdAt := int64(1) - - tokenMetadata := &v1alpha1.ProjectRoleMetatdata{JwtToken: &v1alpha1.JwtTokenMetadata{CreatedAt: createdAt}} - role := v1alpha1.ProjectRole{Name: tokenName, Policies: []string{policy}, Metadata: tokenMetadata} - existingProj := v1alpha1.AppProject{ - ObjectMeta: metav1.ObjectMeta{Name: projectName, Namespace: fakeNamespace}, - Spec: v1alpha1.AppProjectSpec{ - Roles: []v1alpha1.ProjectRole{role}, - }, - } - t.Run("TestEnforceJwtTokenSuccessful", func(t *testing.T) { - proj := existingProj.DeepCopy() - enf := NewEnforcer(nil, apps.NewSimpleClientset(proj), "", "", nil) - claims := jwt.MapClaims{"sub": sub, "iat": createdAt} - assert.True(t, enf.EnforceClaims(claims, "projects", "get", projectName)) - }) - - t.Run("TestEnforceJwtTokenWithDiffCreateAtFailure", func(t *testing.T) { - diffCreateAt := createdAt + 1 - proj := existingProj.DeepCopy() - enf := NewEnforcer(nil, apps.NewSimpleClientset(proj), "", "", nil) - claims := jwt.MapClaims{"sub": sub, "iat": diffCreateAt} - assert.False(t, enf.EnforceClaims(claims, "projects", "get", projectName)) - }) - - t.Run("TestEnforceJwtTokenIncorrectSubFormatFailure", func(t *testing.T) { - proj := existingProj.DeepCopy() - invalidSub := "proj:test" - enf := NewEnforcer(nil, apps.NewSimpleClientset(proj), "", "", nil) - claims := jwt.MapClaims{"sub": invalidSub, "iat": createdAt} - assert.False(t, enf.EnforceClaims(claims, "projects", "get", projectName)) - }) - - t.Run("TestEnforceJwtTokenNoTokenFailure", func(t *testing.T) { - proj := existingProj.DeepCopy() - invalidToken := "fake-token" - invalidSub := fmt.Sprintf(subFormat, projectName, invalidToken) - enf := NewEnforcer(nil, apps.NewSimpleClientset(proj), "", "", nil) - claims := jwt.MapClaims{"sub": invalidSub, "iat": createdAt} - assert.False(t, enf.EnforceClaims(claims, "projects", "get", projectName)) - }) - - t.Run("TestEnforceJwtTokenNoTokenFailure", func(t *testing.T) { - proj := existingProj.DeepCopy() - invalidToken := "fake-token" - invalidSub := fmt.Sprintf(subFormat, projectName, invalidToken) - enf := NewEnforcer(nil, apps.NewSimpleClientset(proj), "", "", nil) - claims := jwt.MapClaims{"sub": invalidSub, "iat": createdAt} - assert.False(t, enf.EnforceClaims(claims, "projects", "get", projectName)) - }) - - t.Run("TestEnforceJwtTokenNotJwtTokenFailure", func(t *testing.T) { - proj := existingProj.DeepCopy() - proj.Spec.Roles[0].Metadata.JwtToken = nil - enf := NewEnforcer(nil, apps.NewSimpleClientset(proj), "", "", nil) - claims := jwt.MapClaims{"sub": sub, "iat": createdAt} - assert.False(t, enf.EnforceClaims(claims, "projects", "get", projectName)) - }) -} diff --git a/util/session/sessionmanager.go b/util/session/sessionmanager.go index 75acdcedae7b7..a4e187431ad1a 100644 --- a/util/session/sessionmanager.go +++ b/util/session/sessionmanager.go @@ -43,12 +43,6 @@ const ( badUserError = "Bad local superuser username" ) -// JwtToken the metadata of a token -type JwtToken struct { - Token string - IssuedAt int64 -} - // NewSessionManager creates a new session manager from ArgoCD settings func NewSessionManager(settings *settings.ArgoCDSettings) *SessionManager { s := SessionManager{ @@ -78,7 +72,7 @@ func NewSessionManager(settings *settings.ArgoCDSettings) *SessionManager { // Create creates a new token for a given subject (user) and returns it as a string. // Passing a value of `0` for secondsBeforeExpiry creates a token that never expires. -func (mgr *SessionManager) Create(subject string, secondsBeforeExpiry int64) (*JwtToken, error) { +func (mgr *SessionManager) Create(subject string, secondsBeforeExpiry int64) (string, error) { // Create a new token object, specifying signing method and the claims // you would like it to contain. now := time.Now().UTC() @@ -95,9 +89,9 @@ func (mgr *SessionManager) Create(subject string, secondsBeforeExpiry int64) (*J token, err := mgr.signClaims(claims) if err != nil { - return nil, err + return "", err } - return &JwtToken{Token: token, IssuedAt: now.Unix()}, nil + return token, nil } func (mgr *SessionManager) signClaims(claims jwt.Claims) (string, error) { diff --git a/util/session/sessionmanager_test.go b/util/session/sessionmanager_test.go index 823f71bee01a4..0e050d043009a 100644 --- a/util/session/sessionmanager_test.go +++ b/util/session/sessionmanager_test.go @@ -22,7 +22,7 @@ func TestSessionManager(t *testing.T) { t.Errorf("Could not create token: %v", err) } - claims, err := mgr.Parse(token.Token) + claims, err := mgr.Parse(token) if err != nil { t.Errorf("Could not parse token: %v", err) } From e307e4068d9a1e944ac5fbb02febd791394d84e8 Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Tue, 7 Aug 2018 13:41:07 -0700 Subject: [PATCH 12/43] Refactor cli to leverage roles instead of tokens --- cmd/argocd/commands/project.go | 52 +++++++++++++++++----------------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/cmd/argocd/commands/project.go b/cmd/argocd/commands/project.go index 0089243934543..59df33730335f 100644 --- a/cmd/argocd/commands/project.go +++ b/cmd/argocd/commands/project.go @@ -64,20 +64,20 @@ func NewProjectCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { os.Exit(1) }, } - var tokenCommand = &cobra.Command{ - Use: "token", - Short: "Manage a project's token", + var roleCommand = &cobra.Command{ + Use: "role", + Short: "Manage a project's role", Run: func(c *cobra.Command, args []string) { c.HelpFunc()(c, args) os.Exit(1) }, } - tokenCommand.AddCommand(NewProjectListTokenCommand(clientOpts)) - tokenCommand.AddCommand(NewProjectCreateTokenCommand(clientOpts)) - tokenCommand.AddCommand(NewProjectDeleteTokenCommand(clientOpts)) - tokenCommand.AddCommand(NewProjectAddTokenPolicyCommand(clientOpts)) - tokenCommand.AddCommand(NewProjectRemoveTokenPolicyCommand(clientOpts)) - command.AddCommand(tokenCommand) + roleCommand.AddCommand(NewProjectListRolesCommand(clientOpts)) + roleCommand.AddCommand(NewProjectCreateTokenCommand(clientOpts)) + roleCommand.AddCommand(NewProjectDeleteTokenCommand(clientOpts)) + roleCommand.AddCommand(NewProjectAddRolePolicyCommand(clientOpts)) + roleCommand.AddCommand(NewProjectRemoveRolePolicyCommand(clientOpts)) + command.AddCommand(roleCommand) command.AddCommand(NewProjectCreateCommand(clientOpts)) command.AddCommand(NewProjectDeleteCommand(clientOpts)) command.AddCommand(NewProjectListCommand(clientOpts)) @@ -102,14 +102,14 @@ func addPolicyFlags(command *cobra.Command, opts *policyOpts) { command.Flags().StringVarP(&opts.object, "object", "o", "", "Object within the project to grant/deny access. Use '*' for a wildcard. Will want access to '/'") } -// NewProjectAddTokenPolicyCommand returns a new instance of an `argocd proj token add-policy` command -func NewProjectAddTokenPolicyCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { +// NewProjectAddRolePolicyCommand returns a new instance of an `argocd proj role add-policy` command +func NewProjectAddRolePolicyCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { var ( opts policyOpts ) var command = &cobra.Command{ - Use: "add-policy PROJECT TOKEN-NAME", - Short: "Add a policy to a project token", + Use: "add-policy PROJECT ROLE-NAME", + Short: "Add a policy to a project role", Run: func(c *cobra.Command, args []string) { if len(args) != 2 { c.HelpFunc()(c, args) @@ -134,7 +134,7 @@ func NewProjectAddTokenPolicyCommand(clientOpts *argocdclient.ClientOptions) *co proj, err := projIf.Get(context.Background(), &project.ProjectQuery{Name: projName}) errors.CheckError(err) - roleIndex, err := proj.GetRoleIndex(roleName) + roleIndex, err := proj.GetRoleIndexByName(roleName) if err != nil { log.Fatal(err) } @@ -152,14 +152,14 @@ func NewProjectAddTokenPolicyCommand(clientOpts *argocdclient.ClientOptions) *co return command } -// NewProjectRemoveTokenPolicyCommand returns a new instance of an `argocd proj token remove-policy` command -func NewProjectRemoveTokenPolicyCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { +// NewProjectRemoveRolePolicyCommand returns a new instance of an `argocd proj role remove-policy` command +func NewProjectRemoveRolePolicyCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { var ( opts policyOpts ) var command = &cobra.Command{ - Use: "remove-policy PROJECT TOKEN-NAME", - Short: "Remove a policy from a token within a project", + Use: "remove-policy PROJECT ROLE-NAME", + Short: "Remove a policy from a role within a project", Run: func(c *cobra.Command, args []string) { if len(args) != 2 { c.HelpFunc()(c, args) @@ -185,7 +185,7 @@ func NewProjectRemoveTokenPolicyCommand(clientOpts *argocdclient.ClientOptions) proj, err := projIf.Get(context.Background(), &project.ProjectQuery{Name: projName}) errors.CheckError(err) - roleIndex, err := proj.GetRoleIndex(roleName) + roleIndex, err := proj.GetRoleIndexByName(roleName) if err != nil { log.Fatal(err) } @@ -213,13 +213,13 @@ func NewProjectRemoveTokenPolicyCommand(clientOpts *argocdclient.ClientOptions) return command } -// NewProjectCreateTokenCommand returns a new instance of an `argocd proj token create` command +// NewProjectCreateTokenCommand returns a new instance of an `argocd proj role create-token` command func NewProjectCreateTokenCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { var ( secondsBeforeExpiry int64 ) var command = &cobra.Command{ - Use: "create PROJECT TOKEN-NAME [--seconds seconds]", + Use: "create-token PROJECT TOKEN-NAME [--seconds seconds]", Short: "Create a project token", Run: func(c *cobra.Command, args []string) { if len(args) != 2 { @@ -234,7 +234,7 @@ func NewProjectCreateTokenCommand(clientOpts *argocdclient.ClientOptions) *cobra token, err := projIf.CreateToken(context.Background(), &project.ProjectTokenCreateRequest{Project: projName, Token: tokenName, SecondsBeforeExpiry: secondsBeforeExpiry}) errors.CheckError(err) w := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0) - fmt.Fprintf(w, "New token for %s-%s:\n'%s'\n", projName, tokenName, token) + fmt.Fprintf(w, "New token for %s-%s:\n%s\n", projName, tokenName, token) fmt.Fprintf(w, "Make sure to save token as it is not stored.") _ = w.Flush() }, @@ -244,11 +244,11 @@ func NewProjectCreateTokenCommand(clientOpts *argocdclient.ClientOptions) *cobra return command } -// NewProjectListTokenCommand returns a new instance of an `argocd proj token list` command -func NewProjectListTokenCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { +// NewProjectListRolesCommand returns a new instance of an `argocd proj roles list` command +func NewProjectListRolesCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { var command = &cobra.Command{ Use: "list PROJECT", - Short: "List all the tokens in a project", + Short: "List all the roles in a project", Run: func(c *cobra.Command, args []string) { if len(args) != 1 { c.HelpFunc()(c, args) @@ -276,7 +276,7 @@ func NewProjectListTokenCommand(clientOpts *argocdclient.ClientOptions) *cobra.C return command } -// NewProjectDeleteTokenCommand returns a new instance of an `argocd proj token delete` command +// NewProjectDeleteTokenCommand returns a new instance of an `argocd proj role delete-token` command func NewProjectDeleteTokenCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { var command = &cobra.Command{ Use: "delete PROJECT TOKEN-NAME", From 0c0b60a9ce7936e9d9044aecdc6fb857921991a3 Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Wed, 8 Aug 2018 09:08:06 -0700 Subject: [PATCH 13/43] Remove RoleMetadata to only use JwtToken --- cmd/argocd/commands/project.go | 8 +- pkg/apis/application/v1alpha1/generated.pb.go | 547 +++++++----------- pkg/apis/application/v1alpha1/generated.proto | 12 +- pkg/apis/application/v1alpha1/types.go | 16 +- .../v1alpha1/zz_generated.deepcopy.go | 41 +- server/project/project.go | 9 +- server/project/project_test.go | 22 +- server/swagger.json | 17 +- 8 files changed, 238 insertions(+), 434 deletions(-) diff --git a/cmd/argocd/commands/project.go b/cmd/argocd/commands/project.go index 59df33730335f..5b4d865213f0e 100644 --- a/cmd/argocd/commands/project.go +++ b/cmd/argocd/commands/project.go @@ -261,12 +261,12 @@ func NewProjectListRolesCommand(clientOpts *argocdclient.ClientOptions) *cobra.C project, err := projIf.Get(context.Background(), &project.ProjectQuery{Name: projName}) errors.CheckError(err) w := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0) - fmt.Fprintf(w, "TOKEN-NAME\tCREATED-AT\tPOLICIES\n") + fmt.Fprintf(w, "ROLE-NAME\tCREATED-AT\tPOLICIES\n") for _, role := range project.Spec.Roles { - if role.Metadata.JwtToken != nil { - fmt.Fprintf(w, "%s\t%d\t\n", role.Name, role.Metadata.JwtToken.CreatedAt) + if role.JwtToken != nil { + fmt.Fprintf(w, "%s\t%d\t\n", role.Name, role.JwtToken.CreatedAt) for _, policy := range role.Policies { - fmt.Fprintf(w, "%s\t%d\t%s\n", role.Name, role.Metadata.JwtToken.CreatedAt, policy) + fmt.Fprintf(w, "%s\t%d\t%s\n", role.Name, role.JwtToken.CreatedAt, policy) } } } diff --git a/pkg/apis/application/v1alpha1/generated.pb.go b/pkg/apis/application/v1alpha1/generated.pb.go index fca1d63ea2b85..ed13323b27ed4 100644 --- a/pkg/apis/application/v1alpha1/generated.pb.go +++ b/pkg/apis/application/v1alpha1/generated.pb.go @@ -28,11 +28,10 @@ DeploymentInfo HealthStatus HookStatus - JwtTokenMetadata + JwtToken Operation OperationState ProjectRole - ProjectRoleMetatdata Repository RepositoryList ResourceDetails @@ -152,9 +151,9 @@ func (m *HookStatus) Reset() { *m = HookStatus{} } func (*HookStatus) ProtoMessage() {} func (*HookStatus) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{19} } -func (m *JwtTokenMetadata) Reset() { *m = JwtTokenMetadata{} } -func (*JwtTokenMetadata) ProtoMessage() {} -func (*JwtTokenMetadata) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{20} } +func (m *JwtToken) Reset() { *m = JwtToken{} } +func (*JwtToken) ProtoMessage() {} +func (*JwtToken) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{20} } func (m *Operation) Reset() { *m = Operation{} } func (*Operation) ProtoMessage() {} @@ -168,57 +167,53 @@ func (m *ProjectRole) Reset() { *m = ProjectRole{} } func (*ProjectRole) ProtoMessage() {} func (*ProjectRole) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{23} } -func (m *ProjectRoleMetatdata) Reset() { *m = ProjectRoleMetatdata{} } -func (*ProjectRoleMetatdata) ProtoMessage() {} -func (*ProjectRoleMetatdata) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{24} } - func (m *Repository) Reset() { *m = Repository{} } func (*Repository) ProtoMessage() {} -func (*Repository) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{25} } +func (*Repository) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{24} } func (m *RepositoryList) Reset() { *m = RepositoryList{} } func (*RepositoryList) ProtoMessage() {} -func (*RepositoryList) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{26} } +func (*RepositoryList) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{25} } func (m *ResourceDetails) Reset() { *m = ResourceDetails{} } func (*ResourceDetails) ProtoMessage() {} -func (*ResourceDetails) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{27} } +func (*ResourceDetails) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{26} } func (m *ResourceNode) Reset() { *m = ResourceNode{} } func (*ResourceNode) ProtoMessage() {} -func (*ResourceNode) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{28} } +func (*ResourceNode) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{27} } func (m *ResourceState) Reset() { *m = ResourceState{} } func (*ResourceState) ProtoMessage() {} -func (*ResourceState) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{29} } +func (*ResourceState) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{28} } func (m *RollbackOperation) Reset() { *m = RollbackOperation{} } func (*RollbackOperation) ProtoMessage() {} -func (*RollbackOperation) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{30} } +func (*RollbackOperation) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{29} } func (m *SyncOperation) Reset() { *m = SyncOperation{} } func (*SyncOperation) ProtoMessage() {} -func (*SyncOperation) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{31} } +func (*SyncOperation) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{30} } func (m *SyncOperationResult) Reset() { *m = SyncOperationResult{} } func (*SyncOperationResult) ProtoMessage() {} -func (*SyncOperationResult) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{32} } +func (*SyncOperationResult) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{31} } func (m *SyncStrategy) Reset() { *m = SyncStrategy{} } func (*SyncStrategy) ProtoMessage() {} -func (*SyncStrategy) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{33} } +func (*SyncStrategy) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{32} } func (m *SyncStrategyApply) Reset() { *m = SyncStrategyApply{} } func (*SyncStrategyApply) ProtoMessage() {} -func (*SyncStrategyApply) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{34} } +func (*SyncStrategyApply) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{33} } func (m *SyncStrategyHook) Reset() { *m = SyncStrategyHook{} } func (*SyncStrategyHook) ProtoMessage() {} -func (*SyncStrategyHook) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{35} } +func (*SyncStrategyHook) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{34} } func (m *TLSClientConfig) Reset() { *m = TLSClientConfig{} } func (*TLSClientConfig) ProtoMessage() {} -func (*TLSClientConfig) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{36} } +func (*TLSClientConfig) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{35} } func init() { proto.RegisterType((*AppProject)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.AppProject") @@ -241,11 +236,10 @@ func init() { proto.RegisterType((*DeploymentInfo)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.DeploymentInfo") proto.RegisterType((*HealthStatus)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.HealthStatus") proto.RegisterType((*HookStatus)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.HookStatus") - proto.RegisterType((*JwtTokenMetadata)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.JwtTokenMetadata") + proto.RegisterType((*JwtToken)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.JwtToken") proto.RegisterType((*Operation)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.Operation") proto.RegisterType((*OperationState)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.OperationState") proto.RegisterType((*ProjectRole)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.ProjectRole") - proto.RegisterType((*ProjectRoleMetatdata)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.ProjectRoleMetatdata") proto.RegisterType((*Repository)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.Repository") proto.RegisterType((*RepositoryList)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.RepositoryList") proto.RegisterType((*ResourceDetails)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.ResourceDetails") @@ -1102,7 +1096,7 @@ func (m *HookStatus) MarshalTo(dAtA []byte) (int, error) { return i, nil } -func (m *JwtTokenMetadata) Marshal() (dAtA []byte, err error) { +func (m *JwtToken) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalTo(dAtA) @@ -1112,7 +1106,7 @@ func (m *JwtTokenMetadata) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *JwtTokenMetadata) MarshalTo(dAtA []byte) (int, error) { +func (m *JwtToken) MarshalTo(dAtA []byte) (int, error) { var i int _ = i var l int @@ -1267,43 +1261,15 @@ func (m *ProjectRole) MarshalTo(dAtA []byte) (int, error) { i += copy(dAtA[i:], s) } } - if m.Metadata != nil { - dAtA[i] = 0x1a - i++ - i = encodeVarintGenerated(dAtA, i, uint64(m.Metadata.Size())) - n30, err := m.Metadata.MarshalTo(dAtA[i:]) - if err != nil { - return 0, err - } - i += n30 - } - return i, nil -} - -func (m *ProjectRoleMetatdata) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *ProjectRoleMetatdata) MarshalTo(dAtA []byte) (int, error) { - var i int - _ = i - var l int - _ = l if m.JwtToken != nil { - dAtA[i] = 0xa + dAtA[i] = 0x1a i++ i = encodeVarintGenerated(dAtA, i, uint64(m.JwtToken.Size())) - n31, err := m.JwtToken.MarshalTo(dAtA[i:]) + n30, err := m.JwtToken.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n31 + i += n30 } return i, nil } @@ -1342,11 +1308,11 @@ func (m *Repository) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0x2a i++ i = encodeVarintGenerated(dAtA, i, uint64(m.ConnectionState.Size())) - n32, err := m.ConnectionState.MarshalTo(dAtA[i:]) + n31, err := m.ConnectionState.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n32 + i += n31 return i, nil } @@ -1368,11 +1334,11 @@ func (m *RepositoryList) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0xa i++ i = encodeVarintGenerated(dAtA, i, uint64(m.ListMeta.Size())) - n33, err := m.ListMeta.MarshalTo(dAtA[i:]) + n32, err := m.ListMeta.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n33 + i += n32 if len(m.Items) > 0 { for _, msg := range m.Items { dAtA[i] = 0x12 @@ -1502,11 +1468,11 @@ func (m *ResourceState) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0x2a i++ i = encodeVarintGenerated(dAtA, i, uint64(m.Health.Size())) - n34, err := m.Health.MarshalTo(dAtA[i:]) + n33, err := m.Health.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n34 + i += n33 return i, nil } @@ -1586,11 +1552,11 @@ func (m *SyncOperation) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0x22 i++ i = encodeVarintGenerated(dAtA, i, uint64(m.SyncStrategy.Size())) - n35, err := m.SyncStrategy.MarshalTo(dAtA[i:]) + n34, err := m.SyncStrategy.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n35 + i += n34 } return i, nil } @@ -1660,21 +1626,21 @@ func (m *SyncStrategy) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0xa i++ i = encodeVarintGenerated(dAtA, i, uint64(m.Apply.Size())) - n36, err := m.Apply.MarshalTo(dAtA[i:]) + n35, err := m.Apply.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n36 + i += n35 } if m.Hook != nil { dAtA[i] = 0x12 i++ i = encodeVarintGenerated(dAtA, i, uint64(m.Hook.Size())) - n37, err := m.Hook.MarshalTo(dAtA[i:]) + n36, err := m.Hook.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n37 + i += n36 } return i, nil } @@ -1723,11 +1689,11 @@ func (m *SyncStrategyHook) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0xa i++ i = encodeVarintGenerated(dAtA, i, uint64(m.SyncStrategyApply.Size())) - n38, err := m.SyncStrategyApply.MarshalTo(dAtA[i:]) + n37, err := m.SyncStrategyApply.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n38 + i += n37 return i, nil } @@ -2105,7 +2071,7 @@ func (m *HookStatus) Size() (n int) { return n } -func (m *JwtTokenMetadata) Size() (n int) { +func (m *JwtToken) Size() (n int) { var l int _ = l n += 1 + sovGenerated(uint64(m.CreatedAt)) @@ -2163,16 +2129,6 @@ func (m *ProjectRole) Size() (n int) { n += 1 + l + sovGenerated(uint64(l)) } } - if m.Metadata != nil { - l = m.Metadata.Size() - n += 1 + l + sovGenerated(uint64(l)) - } - return n -} - -func (m *ProjectRoleMetatdata) Size() (n int) { - var l int - _ = l if m.JwtToken != nil { l = m.JwtToken.Size() n += 1 + l + sovGenerated(uint64(l)) @@ -2614,11 +2570,11 @@ func (this *HookStatus) String() string { }, "") return s } -func (this *JwtTokenMetadata) String() string { +func (this *JwtToken) String() string { if this == nil { return "nil" } - s := strings.Join([]string{`&JwtTokenMetadata{`, + s := strings.Join([]string{`&JwtToken{`, `CreatedAt:` + fmt.Sprintf("%v", this.CreatedAt) + `,`, `}`, }, "") @@ -2658,17 +2614,7 @@ func (this *ProjectRole) String() string { s := strings.Join([]string{`&ProjectRole{`, `Name:` + fmt.Sprintf("%v", this.Name) + `,`, `Policies:` + fmt.Sprintf("%v", this.Policies) + `,`, - `Metadata:` + strings.Replace(fmt.Sprintf("%v", this.Metadata), "ProjectRoleMetatdata", "ProjectRoleMetatdata", 1) + `,`, - `}`, - }, "") - return s -} -func (this *ProjectRoleMetatdata) String() string { - if this == nil { - return "nil" - } - s := strings.Join([]string{`&ProjectRoleMetatdata{`, - `JwtToken:` + strings.Replace(fmt.Sprintf("%v", this.JwtToken), "JwtTokenMetadata", "JwtTokenMetadata", 1) + `,`, + `JwtToken:` + strings.Replace(fmt.Sprintf("%v", this.JwtToken), "JwtToken", "JwtToken", 1) + `,`, `}`, }, "") return s @@ -5844,7 +5790,7 @@ func (m *HookStatus) Unmarshal(dAtA []byte) error { } return nil } -func (m *JwtTokenMetadata) Unmarshal(dAtA []byte) error { +func (m *JwtToken) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -5867,10 +5813,10 @@ func (m *JwtTokenMetadata) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: JwtTokenMetadata: wiretype end group for non-group") + return fmt.Errorf("proto: JwtToken: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: JwtTokenMetadata: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: JwtToken: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 3: @@ -6384,89 +6330,6 @@ func (m *ProjectRole) Unmarshal(dAtA []byte) error { m.Policies = append(m.Policies, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= (int(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.Metadata == nil { - m.Metadata = &ProjectRoleMetatdata{} - } - if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipGenerated(dAtA[iNdEx:]) - if err != nil { - return err - } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *ProjectRoleMetatdata) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: ProjectRoleMetatdata: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: ProjectRoleMetatdata: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field JwtToken", wireType) } @@ -6493,7 +6356,7 @@ func (m *ProjectRoleMetatdata) Unmarshal(dAtA []byte) error { return io.ErrUnexpectedEOF } if m.JwtToken == nil { - m.JwtToken = &JwtTokenMetadata{} + m.JwtToken = &JwtToken{} } if err := m.JwtToken.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err @@ -8300,166 +8163,164 @@ func init() { } var fileDescriptorGenerated = []byte{ - // 2570 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xd4, 0x59, 0x4d, 0x6c, 0x1c, 0x49, - 0x15, 0x4e, 0xcf, 0x8f, 0xed, 0x79, 0xe3, 0xbf, 0xd4, 0xfe, 0x60, 0xb2, 0x92, 0x6d, 0xf5, 0xf2, - 0x13, 0xd0, 0xee, 0x0c, 0x31, 0x04, 0xc2, 0x8f, 0x90, 0x32, 0xe3, 0x64, 0xe3, 0x38, 0x89, 0x4d, - 0x8d, 0x77, 0x91, 0x96, 0xd5, 0x42, 0xa7, 0xa7, 0x3c, 0xd3, 0x99, 0x99, 0xee, 0xde, 0xae, 0x9a, - 0x89, 0x46, 0x62, 0xd1, 0x22, 0x84, 0xc4, 0xdf, 0x4a, 0x20, 0x84, 0xb8, 0x72, 0xe0, 0x84, 0x90, - 0x90, 0x10, 0x27, 0x24, 0x0e, 0x70, 0x40, 0x39, 0xee, 0x01, 0xc4, 0x6a, 0x41, 0x16, 0xf1, 0x5e, - 0x56, 0xe2, 0xc0, 0x89, 0xcb, 0x9e, 0x50, 0xfd, 0x74, 0x57, 0x75, 0x8f, 0x8d, 0x9d, 0x4c, 0x27, - 0xc0, 0xad, 0xfb, 0xbd, 0xd7, 0xef, 0x7b, 0xfd, 0xea, 0xd5, 0xfb, 0xa9, 0x82, 0xad, 0x8e, 0xc7, - 0xba, 0xc3, 0xdb, 0x35, 0x37, 0x18, 0xd4, 0x9d, 0xa8, 0x13, 0x84, 0x51, 0x70, 0x47, 0x3c, 0x3c, - 0xef, 0xb6, 0xeb, 0x61, 0xaf, 0x53, 0x77, 0x42, 0x8f, 0xd6, 0x9d, 0x30, 0xec, 0x7b, 0xae, 0xc3, - 0xbc, 0xc0, 0xaf, 0x8f, 0x2e, 0x38, 0xfd, 0xb0, 0xeb, 0x5c, 0xa8, 0x77, 0x88, 0x4f, 0x22, 0x87, - 0x91, 0x76, 0x2d, 0x8c, 0x02, 0x16, 0xa0, 0xcf, 0x6a, 0x55, 0xb5, 0x58, 0x95, 0x78, 0xf8, 0xaa, - 0xdb, 0xae, 0x85, 0xbd, 0x4e, 0x8d, 0xab, 0xaa, 0x19, 0xaa, 0x6a, 0xb1, 0xaa, 0x73, 0xcf, 0x1b, - 0x56, 0x74, 0x82, 0x4e, 0x50, 0x17, 0x1a, 0x6f, 0x0f, 0xf7, 0xc5, 0x9b, 0x78, 0x11, 0x4f, 0x12, - 0xe9, 0xdc, 0xa7, 0x7a, 0x97, 0x68, 0xcd, 0x0b, 0xb8, 0x6d, 0x03, 0xc7, 0xed, 0x7a, 0x3e, 0x89, - 0xc6, 0xda, 0xd8, 0x01, 0x61, 0x4e, 0x7d, 0x34, 0x61, 0xdf, 0xb9, 0xfa, 0x71, 0x5f, 0x45, 0x43, - 0x9f, 0x79, 0x03, 0x32, 0xf1, 0xc1, 0xa7, 0x4f, 0xfa, 0x80, 0xba, 0x5d, 0x32, 0x70, 0x26, 0xbe, - 0xfb, 0xe4, 0x71, 0xdf, 0x0d, 0x99, 0xd7, 0xaf, 0x7b, 0x3e, 0xa3, 0x2c, 0xca, 0x7e, 0x64, 0xff, - 0xd5, 0x02, 0xb8, 0x1c, 0x86, 0xbb, 0x51, 0x70, 0x87, 0xb8, 0x0c, 0x7d, 0x0d, 0xe6, 0xf8, 0x7f, - 0xb4, 0x1d, 0xe6, 0xac, 0x58, 0xeb, 0xd6, 0xf9, 0xea, 0xc6, 0x27, 0x6a, 0x52, 0x6d, 0xcd, 0x54, - 0xab, 0xfd, 0xca, 0xa5, 0x6b, 0xa3, 0x0b, 0xb5, 0x9d, 0xdb, 0xfc, 0xfb, 0x9b, 0x84, 0x39, 0x0d, - 0x74, 0xef, 0x60, 0xed, 0xcc, 0xe1, 0xc1, 0x1a, 0x68, 0x1a, 0x4e, 0xb4, 0xa2, 0x1e, 0x94, 0x68, - 0x48, 0xdc, 0x95, 0x82, 0xd0, 0xbe, 0x55, 0x7b, 0xe8, 0xd5, 0xab, 0x69, 0xb3, 0x5b, 0x21, 0x71, - 0x1b, 0xf3, 0x0a, 0xb6, 0xc4, 0xdf, 0xb0, 0x00, 0xb1, 0xdf, 0xb1, 0x60, 0x51, 0x8b, 0xdd, 0xf0, - 0x28, 0x43, 0xaf, 0x4c, 0xfc, 0x61, 0xed, 0x74, 0x7f, 0xc8, 0xbf, 0x16, 0xff, 0xb7, 0xac, 0x80, - 0xe6, 0x62, 0x8a, 0xf1, 0x77, 0x77, 0xa0, 0xec, 0x31, 0x32, 0xa0, 0x2b, 0x85, 0xf5, 0xe2, 0xf9, - 0xea, 0xc6, 0x95, 0x5c, 0x7e, 0xaf, 0xb1, 0xa0, 0x10, 0xcb, 0x5b, 0x5c, 0x37, 0x96, 0x10, 0xf6, - 0xbf, 0x0a, 0xe6, 0xcf, 0xf1, 0xbf, 0x46, 0x17, 0xa0, 0x4a, 0x83, 0x61, 0xe4, 0x12, 0x4c, 0xc2, - 0x80, 0xae, 0x58, 0xeb, 0xc5, 0xf3, 0x95, 0xc6, 0xd2, 0xe1, 0xc1, 0x5a, 0xb5, 0xa5, 0xc9, 0xd8, - 0x94, 0x41, 0xdf, 0xb7, 0x60, 0xbe, 0x4d, 0x28, 0xf3, 0x7c, 0x81, 0x1f, 0x5b, 0xfe, 0xa5, 0xe9, - 0x2c, 0x8f, 0x89, 0x9b, 0x5a, 0x73, 0xe3, 0x49, 0xf5, 0x17, 0xf3, 0x06, 0x91, 0xe2, 0x14, 0x38, - 0xba, 0x08, 0xd5, 0x36, 0xa1, 0x6e, 0xe4, 0x85, 0xfc, 0x7d, 0xa5, 0xb8, 0x6e, 0x9d, 0xaf, 0x34, - 0x9e, 0x50, 0x1f, 0x56, 0x37, 0x35, 0x0b, 0x9b, 0x72, 0xa8, 0x07, 0xe5, 0x28, 0xe8, 0x13, 0xba, - 0x52, 0x12, 0xc6, 0x5f, 0x9d, 0xc2, 0x78, 0xe5, 0x4e, 0x1c, 0xf4, 0x89, 0xf6, 0x3b, 0x7f, 0xa3, - 0x58, 0x62, 0xd8, 0x7f, 0x2c, 0x42, 0xd5, 0xf8, 0xc5, 0xc7, 0xb0, 0x67, 0xfa, 0xa9, 0x3d, 0x73, - 0x3d, 0x9f, 0xa5, 0x39, 0x6e, 0xd3, 0x20, 0x06, 0x33, 0x94, 0x39, 0x6c, 0x48, 0x85, 0xfb, 0xab, - 0x1b, 0x37, 0x72, 0xc2, 0x13, 0x3a, 0x1b, 0x8b, 0x0a, 0x71, 0x46, 0xbe, 0x63, 0x85, 0x85, 0x5e, - 0x83, 0x4a, 0x10, 0xf2, 0xd4, 0xc4, 0xd7, 0xbd, 0x24, 0x80, 0x37, 0xa7, 0x00, 0xde, 0x89, 0x75, - 0x35, 0x16, 0x0e, 0x0f, 0xd6, 0x2a, 0xc9, 0x2b, 0xd6, 0x28, 0xb6, 0x0b, 0x4f, 0x1a, 0xf6, 0x35, - 0x03, 0xbf, 0xed, 0x89, 0x05, 0x5d, 0x87, 0x12, 0x1b, 0x87, 0x44, 0x2c, 0x66, 0x45, 0xbb, 0x68, - 0x6f, 0x1c, 0x12, 0x2c, 0x38, 0xe8, 0x63, 0x30, 0x3b, 0x20, 0x94, 0x3a, 0x1d, 0x22, 0xd6, 0xa4, - 0xd2, 0x58, 0x52, 0x42, 0xb3, 0x37, 0x25, 0x19, 0xc7, 0x7c, 0xfb, 0x35, 0x78, 0xfa, 0xe8, 0xfd, - 0x80, 0x3e, 0x02, 0x33, 0x94, 0x44, 0x23, 0x12, 0x29, 0x20, 0xed, 0x19, 0x41, 0xc5, 0x8a, 0x8b, - 0xea, 0x50, 0xf1, 0x9d, 0x01, 0xa1, 0xa1, 0xe3, 0xc6, 0x70, 0x67, 0x95, 0x68, 0xe5, 0x56, 0xcc, - 0xc0, 0x5a, 0xc6, 0xfe, 0x9b, 0x05, 0x4b, 0x06, 0xe6, 0x63, 0x48, 0x7b, 0xbd, 0x74, 0xda, 0xbb, - 0x9a, 0x4f, 0xc4, 0x1c, 0x93, 0xf7, 0x7e, 0x5f, 0x84, 0xb3, 0x66, 0x5c, 0x89, 0x64, 0xc6, 0x97, - 0x24, 0x22, 0x61, 0xf0, 0x22, 0xbe, 0xa1, 0xdc, 0x99, 0x2c, 0x09, 0x96, 0x64, 0x1c, 0xf3, 0xf9, - 0xfa, 0x86, 0x0e, 0xeb, 0x2a, 0x5f, 0x26, 0xeb, 0xbb, 0xeb, 0xb0, 0x2e, 0x16, 0x1c, 0x9e, 0x86, - 0x88, 0x3f, 0xf2, 0xa2, 0xc0, 0x1f, 0x10, 0x9f, 0x65, 0xd3, 0xd0, 0x15, 0xcd, 0xc2, 0xa6, 0x1c, - 0xfa, 0x22, 0x2c, 0x32, 0x27, 0xea, 0x10, 0x86, 0xc9, 0xc8, 0xa3, 0x71, 0x20, 0x57, 0x1a, 0x4f, - 0xab, 0x2f, 0x17, 0xf7, 0x52, 0x5c, 0x9c, 0x91, 0x46, 0xbf, 0xb1, 0xe0, 0x19, 0x37, 0x18, 0x84, - 0x81, 0x4f, 0x7c, 0xb6, 0xeb, 0x44, 0xce, 0x80, 0x30, 0x12, 0xed, 0x8c, 0x48, 0x14, 0x79, 0x6d, - 0x42, 0x57, 0xca, 0xc2, 0xbb, 0x37, 0xa7, 0xf0, 0x6e, 0x73, 0x42, 0x7b, 0xe3, 0x59, 0x65, 0xdc, - 0x33, 0xcd, 0xe3, 0x91, 0xf1, 0x7f, 0x32, 0x8b, 0x57, 0x9d, 0x91, 0xd3, 0x1f, 0x12, 0x7a, 0xd5, - 0xe3, 0x39, 0x78, 0x46, 0x57, 0x9d, 0x97, 0x34, 0x19, 0x9b, 0x32, 0xf6, 0xef, 0x0a, 0xa9, 0x10, - 0x6d, 0xc5, 0x79, 0x47, 0xac, 0xa5, 0x0a, 0xd0, 0xbc, 0xf2, 0x8e, 0xd0, 0x69, 0xec, 0x2e, 0x59, - 0xfc, 0x14, 0x16, 0xfa, 0x8e, 0x25, 0x4a, 0x4e, 0xbc, 0x2b, 0x55, 0x8e, 0x7d, 0x04, 0xe5, 0xcf, - 0xac, 0x62, 0x31, 0x11, 0x9b, 0xd0, 0x3c, 0x84, 0x43, 0x59, 0x7d, 0x54, 0xc4, 0x25, 0x21, 0x1c, - 0x17, 0xa5, 0x98, 0x6f, 0xff, 0x6c, 0x26, 0xbd, 0x07, 0x64, 0x0e, 0xfd, 0x91, 0x05, 0xcb, 0x7c, - 0xa1, 0x9c, 0xc8, 0xa3, 0x81, 0x8f, 0x09, 0x1d, 0xf6, 0x99, 0x72, 0xe6, 0xf6, 0x94, 0x41, 0x63, - 0xaa, 0x6c, 0xac, 0x28, 0xbb, 0x96, 0xb3, 0x1c, 0x3c, 0x01, 0x8f, 0x18, 0xcc, 0x76, 0x3d, 0xca, - 0x82, 0x68, 0xac, 0x92, 0xc3, 0x34, 0x2d, 0xdf, 0x26, 0x09, 0xfb, 0xc1, 0x98, 0xef, 0xb5, 0x2d, - 0x7f, 0x3f, 0xd0, 0xfe, 0xb9, 0x26, 0x11, 0x70, 0x0c, 0x85, 0xbe, 0x69, 0x01, 0x84, 0x71, 0xa4, - 0xf2, 0x42, 0xf6, 0x08, 0x36, 0x4e, 0x52, 0xb3, 0x13, 0x12, 0xc5, 0x06, 0x28, 0x0a, 0x60, 0xa6, - 0x4b, 0x9c, 0x3e, 0xeb, 0xaa, 0x72, 0xf6, 0xc2, 0x14, 0xf0, 0xd7, 0x84, 0xa2, 0x6c, 0x09, 0x95, - 0x54, 0xac, 0x60, 0xd0, 0xb7, 0x2d, 0x58, 0x4c, 0xaa, 0x1b, 0x97, 0x25, 0x2b, 0xe5, 0xa9, 0xbb, - 0xec, 0x9d, 0x94, 0xc2, 0x06, 0xe2, 0x69, 0x2c, 0x4d, 0xc3, 0x19, 0x50, 0xf4, 0x2d, 0x0b, 0xc0, - 0x8d, 0xab, 0xa9, 0xcc, 0x07, 0xd5, 0x8d, 0x9d, 0x7c, 0x76, 0x54, 0x52, 0xa5, 0xb5, 0xfb, 0x13, - 0x12, 0xc5, 0x06, 0xac, 0xfd, 0xae, 0x05, 0x4f, 0x19, 0x1f, 0x7e, 0xd9, 0x61, 0x6e, 0xf7, 0xca, - 0x88, 0xa7, 0xe9, 0xed, 0x54, 0x7d, 0xff, 0x8c, 0x59, 0xdf, 0xdf, 0x3f, 0x58, 0xfb, 0xe8, 0x71, - 0x63, 0xd4, 0x5d, 0xae, 0xa1, 0x26, 0x54, 0x18, 0xad, 0xc0, 0xeb, 0x50, 0x35, 0x6c, 0x56, 0xe9, - 0x23, 0xaf, 0x02, 0x98, 0xe4, 0x0c, 0x83, 0x88, 0x4d, 0x3c, 0xfb, 0xcf, 0x05, 0x98, 0x6d, 0xf6, - 0x87, 0x94, 0x91, 0xe8, 0xd4, 0x0d, 0xc5, 0x3a, 0x94, 0x78, 0xb3, 0x90, 0xad, 0x7f, 0xbc, 0x97, - 0xc0, 0x82, 0x83, 0x42, 0x98, 0x71, 0x03, 0x7f, 0xdf, 0xeb, 0xa8, 0x16, 0xf0, 0xda, 0x34, 0x3b, - 0x47, 0x5a, 0xd7, 0x14, 0xfa, 0xb4, 0x4d, 0xf2, 0x1d, 0x2b, 0x1c, 0xf4, 0xa6, 0x05, 0x4b, 0x6e, - 0xe0, 0xfb, 0xc4, 0xd5, 0xc1, 0x5b, 0x9a, 0xba, 0xdd, 0x6d, 0xa6, 0x35, 0x36, 0x3e, 0xa0, 0xd0, - 0x97, 0x32, 0x0c, 0x9c, 0xc5, 0xb6, 0x7f, 0x5d, 0x80, 0x85, 0x94, 0xe5, 0xe8, 0x39, 0x98, 0x1b, - 0x52, 0x12, 0x09, 0xcf, 0x49, 0xff, 0x26, 0x1d, 0xd1, 0x8b, 0x8a, 0x8e, 0x13, 0x09, 0x2e, 0x1d, - 0x3a, 0x94, 0xde, 0x0d, 0xa2, 0xb6, 0xf2, 0x73, 0x22, 0xbd, 0xab, 0xe8, 0x38, 0x91, 0xe0, 0xfd, - 0xc6, 0x6d, 0xe2, 0x44, 0x24, 0xda, 0x0b, 0x7a, 0x64, 0x62, 0xec, 0x69, 0x68, 0x16, 0x36, 0xe5, - 0x84, 0xd3, 0x58, 0x9f, 0x36, 0xfb, 0x1e, 0xf1, 0x99, 0x34, 0x33, 0x07, 0xa7, 0xed, 0xdd, 0x68, - 0x99, 0x1a, 0xb5, 0xd3, 0x32, 0x0c, 0x9c, 0xc5, 0xb6, 0xff, 0x64, 0x41, 0x55, 0x39, 0xed, 0x31, - 0x34, 0x9d, 0x9d, 0x74, 0xd3, 0xd9, 0x98, 0x3e, 0x46, 0x8f, 0x69, 0x38, 0x7f, 0x59, 0x84, 0x89, - 0x4a, 0x87, 0x5e, 0xe5, 0x39, 0x8e, 0xd3, 0x48, 0xfb, 0x72, 0x5c, 0x64, 0x3f, 0x7e, 0xba, 0xbf, - 0xdb, 0xf3, 0x06, 0xc4, 0x4c, 0x5f, 0xb1, 0x16, 0x6c, 0x68, 0x44, 0x6f, 0x58, 0x1a, 0x60, 0x2f, - 0x50, 0x79, 0x25, 0xdf, 0x96, 0x68, 0xc2, 0x84, 0xbd, 0x00, 0x1b, 0x98, 0xe8, 0x73, 0xc9, 0x20, - 0x58, 0x16, 0x01, 0x69, 0xa7, 0x47, 0xb7, 0xf7, 0x53, 0x0d, 0x40, 0x66, 0x9c, 0x1b, 0x43, 0x25, - 0x22, 0xb2, 0xc5, 0x8a, 0x2b, 0xc0, 0x34, 0x49, 0x04, 0x2b, 0x5d, 0x72, 0x1b, 0x27, 0xe3, 0x4f, - 0x4c, 0xa6, 0x58, 0xa3, 0xd9, 0x3f, 0xb0, 0x00, 0x4d, 0x96, 0x6b, 0x3e, 0x46, 0x25, 0x4d, 0xac, - 0xda, 0xc0, 0x89, 0x9e, 0x44, 0x1c, 0x6b, 0x99, 0x53, 0xa4, 0xc9, 0x67, 0xa1, 0x2c, 0x9a, 0x5a, - 0xb5, 0x61, 0x93, 0xe8, 0x11, 0x6d, 0x2f, 0x96, 0x3c, 0xfb, 0x0f, 0x16, 0x64, 0xd3, 0x8d, 0xc8, - 0xd4, 0xd2, 0xb3, 0xd9, 0x4c, 0x9d, 0xf6, 0xe2, 0xe9, 0xe7, 0x4c, 0xf4, 0x0a, 0x54, 0x1d, 0xc6, - 0xc8, 0x20, 0x64, 0x22, 0x20, 0x8b, 0x0f, 0x1c, 0x90, 0x8b, 0x3c, 0x12, 0x6e, 0x06, 0x6d, 0x6f, - 0xdf, 0x13, 0xc1, 0x68, 0xaa, 0xb3, 0xdf, 0x2b, 0xc2, 0x62, 0xba, 0xf9, 0x42, 0x43, 0x98, 0x11, - 0xcd, 0x8e, 0x3c, 0x66, 0xca, 0xbd, 0xbb, 0x4a, 0x5c, 0x22, 0x48, 0x14, 0x2b, 0x30, 0x9e, 0x58, - 0xa3, 0x78, 0xba, 0xca, 0x24, 0xd6, 0x64, 0xae, 0x4a, 0x24, 0x4e, 0x9c, 0xa8, 0x8a, 0xff, 0x9b, - 0x13, 0xd5, 0xab, 0x00, 0x6d, 0xe1, 0x6d, 0xb1, 0x96, 0xa5, 0x87, 0x4f, 0x2e, 0x9b, 0x89, 0x16, - 0x6c, 0x68, 0x44, 0xe7, 0xa0, 0xe0, 0xb5, 0xc5, 0xae, 0x2e, 0x36, 0x40, 0xc9, 0x16, 0xb6, 0x36, - 0x71, 0xc1, 0x6b, 0xdb, 0x14, 0xe6, 0xcd, 0x6e, 0xf3, 0xd4, 0xb1, 0xfa, 0x79, 0x58, 0x90, 0x4f, - 0x9b, 0x84, 0x39, 0x5e, 0x9f, 0xaa, 0xd5, 0x79, 0x4a, 0x89, 0x2f, 0xb4, 0x4c, 0x26, 0x4e, 0xcb, - 0xda, 0x3f, 0x2d, 0x00, 0x5c, 0x0b, 0x82, 0x9e, 0xc2, 0x8c, 0xb7, 0x9e, 0x75, 0xec, 0xd6, 0x5b, - 0x87, 0x52, 0xcf, 0xf3, 0xdb, 0xd9, 0xcd, 0xb9, 0xed, 0xf9, 0x6d, 0x2c, 0x38, 0x68, 0x03, 0xc0, - 0x09, 0xbd, 0x97, 0x48, 0x44, 0xf5, 0x49, 0x62, 0xe2, 0x97, 0xcb, 0xbb, 0x5b, 0x8a, 0x83, 0x0d, - 0x29, 0xf4, 0x9c, 0xea, 0x0c, 0xe5, 0xd8, 0xbe, 0x92, 0xe9, 0x0c, 0xe7, 0xb8, 0x85, 0x46, 0xeb, - 0x77, 0x29, 0x93, 0x1f, 0xd7, 0x27, 0xf2, 0xa3, 0xee, 0x94, 0x77, 0xbb, 0x0e, 0x25, 0x47, 0xed, - 0xeb, 0x99, 0x13, 0xce, 0x8f, 0x9a, 0xb0, 0x7c, 0xfd, 0x2e, 0x13, 0xf5, 0xfe, 0x66, 0x5c, 0xf9, - 0x78, 0x2a, 0x8b, 0x88, 0xa3, 0x77, 0x7a, 0xd1, 0x48, 0x65, 0x31, 0x03, 0x6b, 0x19, 0xfb, 0x1f, - 0x16, 0xe8, 0x23, 0x30, 0xb4, 0x0f, 0x25, 0x3a, 0xf6, 0x5d, 0x55, 0xb4, 0xa6, 0x49, 0xcb, 0xad, - 0xb1, 0xef, 0xea, 0x93, 0xb6, 0x39, 0x71, 0x90, 0x38, 0xf6, 0x5d, 0x2c, 0xf4, 0xa3, 0x11, 0xcc, - 0x45, 0x41, 0xbf, 0x7f, 0xdb, 0x71, 0x7b, 0x39, 0xd4, 0x2f, 0xac, 0x54, 0x69, 0xbc, 0x79, 0xb1, - 0xe9, 0x15, 0x19, 0x27, 0x58, 0xf6, 0xaf, 0xca, 0x90, 0x19, 0x51, 0xd0, 0xd0, 0x3c, 0x5d, 0xb4, - 0x72, 0x3c, 0x5d, 0x4c, 0xfc, 0x7e, 0xd4, 0x09, 0x23, 0xba, 0x08, 0xe5, 0x90, 0x2f, 0xbc, 0x0a, - 0xd3, 0xb5, 0xb8, 0x40, 0x88, 0x68, 0x38, 0x22, 0x3e, 0xa4, 0xb4, 0x19, 0x1e, 0xc5, 0x13, 0xd2, - 0xfe, 0x37, 0x00, 0xb8, 0xaf, 0xd5, 0xac, 0x2f, 0x33, 0xc5, 0xad, 0xbc, 0x56, 0x54, 0x8d, 0xfb, - 0xa2, 0x32, 0xb4, 0x12, 0x14, 0x6c, 0x20, 0xa2, 0xef, 0x59, 0xb0, 0x18, 0x3b, 0x5e, 0x19, 0x51, - 0x7e, 0x24, 0x46, 0x88, 0xc1, 0x13, 0xa7, 0x90, 0x70, 0x06, 0x19, 0x7d, 0x05, 0x2a, 0x94, 0x39, - 0x91, 0xdc, 0x17, 0x33, 0x0f, 0x9c, 0x35, 0x93, 0xb5, 0x6c, 0xc5, 0x4a, 0xb0, 0xd6, 0x87, 0x5e, - 0x06, 0xd8, 0xf7, 0x7c, 0x8f, 0x76, 0x85, 0xf6, 0xd9, 0x87, 0xab, 0xaf, 0x57, 0x13, 0x0d, 0xd8, - 0xd0, 0x26, 0x1a, 0x67, 0xe3, 0xe2, 0xe1, 0x14, 0xf9, 0xef, 0x3c, 0xcc, 0x85, 0x41, 0xdf, 0x73, - 0x3d, 0x22, 0xfb, 0xdf, 0x8a, 0xdc, 0x0d, 0xbb, 0x8a, 0x86, 0x13, 0x2e, 0x1a, 0x1b, 0x4d, 0xb8, - 0xec, 0x0a, 0x76, 0xf2, 0xb9, 0x1e, 0xe1, 0xe9, 0x88, 0x71, 0xb5, 0x12, 0x3a, 0xce, 0x4e, 0xba, - 0x43, 0xb7, 0xdf, 0xb4, 0xe0, 0xc9, 0xa3, 0x3e, 0x40, 0x43, 0x98, 0xbb, 0xa3, 0x92, 0x5a, 0x0e, - 0xe7, 0x53, 0xd9, 0xfc, 0x28, 0xed, 0x89, 0xa9, 0x38, 0x81, 0xb2, 0xff, 0x52, 0x00, 0x10, 0xb7, - 0x5e, 0x9e, 0x38, 0x24, 0x5a, 0x87, 0x52, 0x44, 0xc2, 0x20, 0xeb, 0x65, 0x2e, 0x81, 0x05, 0x27, - 0x35, 0xf3, 0x15, 0x1e, 0x68, 0xe6, 0x2b, 0x9e, 0x38, 0xf3, 0xf1, 0x7a, 0x49, 0xbb, 0xbb, 0x91, - 0x37, 0x72, 0x18, 0xd9, 0x26, 0x63, 0x55, 0x74, 0x74, 0xbd, 0x6c, 0x5d, 0xd3, 0x4c, 0x9c, 0x96, - 0x3d, 0x72, 0x5c, 0x2e, 0xff, 0x17, 0xc7, 0xe5, 0x77, 0x2c, 0x58, 0xd4, 0x9e, 0xfd, 0xff, 0xba, - 0x68, 0xd5, 0x76, 0x1f, 0x33, 0xff, 0xfd, 0xd3, 0x82, 0xa5, 0x78, 0xd2, 0x50, 0x0d, 0x4b, 0x2e, - 0x1d, 0x4a, 0xea, 0x62, 0xa7, 0x78, 0xf2, 0xc5, 0x8e, 0x59, 0x17, 0x4a, 0x27, 0xd4, 0x85, 0x2f, - 0x64, 0x7a, 0x93, 0x0f, 0x4d, 0xf4, 0x26, 0x28, 0x99, 0xa9, 0xc6, 0xbe, 0x9b, 0xee, 0xe5, 0xec, - 0x5f, 0x58, 0x30, 0x1f, 0xb3, 0x6f, 0x05, 0x6d, 0x31, 0xe9, 0x50, 0x11, 0x64, 0x56, 0x7a, 0xd2, - 0x91, 0xe1, 0x20, 0x79, 0x7c, 0x57, 0xbb, 0x5d, 0xaf, 0xdf, 0x8e, 0x88, 0xaf, 0x96, 0xe5, 0x85, - 0x1c, 0x46, 0x3e, 0x8e, 0xaf, 0x43, 0xa1, 0xa9, 0x00, 0x70, 0x02, 0x65, 0xff, 0xb6, 0x08, 0x0b, - 0xa9, 0xf9, 0x10, 0x5d, 0x84, 0xaa, 0xbc, 0x59, 0x69, 0x19, 0x36, 0x27, 0xc7, 0x29, 0x7b, 0x9a, - 0x85, 0x4d, 0x39, 0xbe, 0x1e, 0x7d, 0x6f, 0x24, 0x75, 0x64, 0x2f, 0xda, 0x6e, 0xc4, 0x0c, 0xac, - 0x65, 0x8c, 0x01, 0xb9, 0xf8, 0xc0, 0x03, 0xf2, 0x8f, 0x2d, 0x40, 0xe2, 0x17, 0xb8, 0xe6, 0x64, - 0x8e, 0x55, 0x17, 0xd8, 0xb9, 0xf9, 0xed, 0x9c, 0xb2, 0x08, 0x35, 0x27, 0xa0, 0xf0, 0x11, 0xf0, - 0xc6, 0x99, 0x75, 0xf9, 0xb1, 0x9c, 0x59, 0xdb, 0x5f, 0x87, 0xb3, 0x13, 0x8d, 0x9d, 0x1a, 0x4f, - 0xac, 0xa3, 0xc6, 0x13, 0x1e, 0x89, 0x61, 0x34, 0xf4, 0xe5, 0x02, 0xcd, 0xe9, 0x48, 0xdc, 0xe5, - 0x44, 0x2c, 0x79, 0x7c, 0x66, 0x69, 0x47, 0x63, 0x3c, 0x94, 0x7d, 0xff, 0x9c, 0x46, 0xdf, 0x14, - 0x54, 0xac, 0xb8, 0xf6, 0x77, 0x0b, 0xb0, 0x90, 0x6a, 0x36, 0x52, 0xe3, 0xa5, 0x75, 0xe2, 0x78, - 0x99, 0xa7, 0x31, 0xe8, 0x75, 0x98, 0xa7, 0x62, 0x2b, 0x46, 0x0e, 0x23, 0x9d, 0x71, 0x0e, 0xb7, - 0x06, 0x2d, 0x43, 0x5d, 0x63, 0xf9, 0xf0, 0x60, 0x6d, 0xde, 0xa4, 0xe0, 0x14, 0x9c, 0xfd, 0xf3, - 0x02, 0x3c, 0x71, 0x44, 0xe3, 0x85, 0xee, 0x9a, 0x27, 0x39, 0x72, 0xd4, 0xbf, 0x9e, 0x43, 0x78, - 0xaa, 0x44, 0x2a, 0xaf, 0xe7, 0x8f, 0x3a, 0xc7, 0x79, 0xc0, 0x49, 0x7f, 0x1f, 0xca, 0xdd, 0x20, - 0xe8, 0xc5, 0x23, 0xfd, 0x34, 0x05, 0x41, 0x0f, 0xa2, 0x8d, 0x0a, 0x5f, 0x4d, 0xfe, 0x4e, 0xb1, - 0x54, 0x6f, 0xbf, 0x67, 0x41, 0xca, 0x8b, 0x68, 0x00, 0x65, 0xae, 0x65, 0x9c, 0xc3, 0xad, 0xa5, - 0xa9, 0xf7, 0x32, 0xd7, 0x29, 0xf1, 0xc5, 0x23, 0x96, 0x28, 0xc8, 0x83, 0x12, 0x37, 0x44, 0x0d, - 0x54, 0xdb, 0x39, 0xa1, 0xf1, 0x5f, 0x94, 0xf3, 0x1b, 0x7f, 0xc2, 0x02, 0xc2, 0xbe, 0x04, 0x67, - 0x27, 0x2c, 0xe2, 0x21, 0xbf, 0x1f, 0xc4, 0x97, 0xb4, 0x46, 0xc8, 0x5f, 0xe5, 0x44, 0x2c, 0x79, - 0xbc, 0x7e, 0x2c, 0x67, 0xd5, 0xa3, 0x9f, 0x58, 0x70, 0x96, 0x66, 0xf5, 0x3d, 0x12, 0xaf, 0x7d, - 0x50, 0x19, 0x35, 0x69, 0x3e, 0x9e, 0xb4, 0x80, 0xaf, 0x68, 0xf6, 0x68, 0x9b, 0xc7, 0x9e, 0xe7, - 0x53, 0xe2, 0x0e, 0xa3, 0xf8, 0x47, 0x93, 0xd8, 0xdb, 0x52, 0x74, 0x9c, 0x48, 0xa0, 0x0d, 0x00, - 0x79, 0xb5, 0x72, 0x4b, 0x37, 0x8a, 0xc9, 0x51, 0x43, 0x2b, 0xe1, 0x60, 0x43, 0x8a, 0x37, 0xf0, - 0x2e, 0x89, 0xd8, 0x66, 0xdc, 0x96, 0xcf, 0xcb, 0xae, 0xb5, 0xa9, 0x68, 0x38, 0xe1, 0xa2, 0x0f, - 0xc3, 0x6c, 0x8f, 0x8c, 0x85, 0x60, 0x49, 0x08, 0x56, 0x79, 0xc5, 0xdf, 0x96, 0x24, 0x1c, 0xf3, - 0x90, 0x0d, 0x33, 0xae, 0x23, 0xa4, 0xca, 0x42, 0x0a, 0xc4, 0x2d, 0xcb, 0x65, 0x21, 0xa4, 0x38, - 0x8d, 0xda, 0xbd, 0xfb, 0xab, 0x67, 0xde, 0xba, 0xbf, 0x7a, 0xe6, 0xed, 0xfb, 0xab, 0x67, 0xde, - 0x38, 0x5c, 0xb5, 0xee, 0x1d, 0xae, 0x5a, 0x6f, 0x1d, 0xae, 0x5a, 0x6f, 0x1f, 0xae, 0x5a, 0x7f, - 0x3f, 0x5c, 0xb5, 0x7e, 0xf8, 0xee, 0xea, 0x99, 0x97, 0xe7, 0x62, 0xd7, 0xfe, 0x3b, 0x00, 0x00, - 0xff, 0xff, 0x40, 0xba, 0x69, 0x1a, 0xa7, 0x29, 0x00, 0x00, + // 2543 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xd4, 0x59, 0x4d, 0x8c, 0x1c, 0x47, + 0x15, 0x76, 0xcf, 0xdf, 0xce, 0xbc, 0xd9, 0x1f, 0xbb, 0xf2, 0xc3, 0xe2, 0x48, 0xbb, 0xab, 0x0e, + 0x3f, 0x06, 0x25, 0x33, 0xd8, 0x10, 0x08, 0x04, 0x21, 0x79, 0x66, 0xed, 0x78, 0xbd, 0xfe, 0x59, + 0x6a, 0x36, 0x41, 0x0a, 0x51, 0xa0, 0xdd, 0x53, 0x3b, 0xd3, 0x9e, 0x99, 0xee, 0x4e, 0x57, 0xcd, + 0x58, 0x23, 0x11, 0x14, 0x84, 0x90, 0xf8, 0x95, 0x40, 0x08, 0x71, 0xe5, 0xc0, 0x09, 0x21, 0x21, + 0x21, 0x4e, 0x48, 0x1c, 0xe0, 0x80, 0x7c, 0xcc, 0x01, 0x44, 0x14, 0xd0, 0x0a, 0x6f, 0x2e, 0x91, + 0x38, 0x70, 0xe2, 0x92, 0x13, 0xaa, 0x9f, 0xee, 0xaa, 0xee, 0xd9, 0x65, 0xd7, 0x9e, 0xb6, 0x81, + 0x5b, 0xf7, 0x7b, 0xaf, 0xdf, 0xf7, 0xea, 0xd5, 0xab, 0xf7, 0x53, 0x0d, 0x5b, 0x3d, 0x8f, 0xf5, + 0xc7, 0xb7, 0x1a, 0x6e, 0x30, 0x6a, 0x3a, 0x51, 0x2f, 0x08, 0xa3, 0xe0, 0xb6, 0x78, 0x78, 0xd6, + 0xed, 0x36, 0xc3, 0x41, 0xaf, 0xe9, 0x84, 0x1e, 0x6d, 0x3a, 0x61, 0x38, 0xf4, 0x5c, 0x87, 0x79, + 0x81, 0xdf, 0x9c, 0x9c, 0x77, 0x86, 0x61, 0xdf, 0x39, 0xdf, 0xec, 0x11, 0x9f, 0x44, 0x0e, 0x23, + 0xdd, 0x46, 0x18, 0x05, 0x2c, 0x40, 0x9f, 0xd5, 0xaa, 0x1a, 0xb1, 0x2a, 0xf1, 0xf0, 0x15, 0xb7, + 0xdb, 0x08, 0x07, 0xbd, 0x06, 0x57, 0xd5, 0x30, 0x54, 0x35, 0x62, 0x55, 0x67, 0x9f, 0x35, 0xac, + 0xe8, 0x05, 0xbd, 0xa0, 0x29, 0x34, 0xde, 0x1a, 0xef, 0x89, 0x37, 0xf1, 0x22, 0x9e, 0x24, 0xd2, + 0xd9, 0x4f, 0x0d, 0x9e, 0xa7, 0x0d, 0x2f, 0xe0, 0xb6, 0x8d, 0x1c, 0xb7, 0xef, 0xf9, 0x24, 0x9a, + 0x6a, 0x63, 0x47, 0x84, 0x39, 0xcd, 0xc9, 0x8c, 0x7d, 0x67, 0x9b, 0x47, 0x7d, 0x15, 0x8d, 0x7d, + 0xe6, 0x8d, 0xc8, 0xcc, 0x07, 0x9f, 0x3e, 0xee, 0x03, 0xea, 0xf6, 0xc9, 0xc8, 0x99, 0xf9, 0xee, + 0x93, 0x47, 0x7d, 0x37, 0x66, 0xde, 0xb0, 0xe9, 0xf9, 0x8c, 0xb2, 0x28, 0xfb, 0x91, 0xfd, 0x57, + 0x0b, 0xe0, 0x62, 0x18, 0xee, 0x44, 0xc1, 0x6d, 0xe2, 0x32, 0xf4, 0x55, 0xa8, 0xf2, 0x75, 0x74, + 0x1d, 0xe6, 0xac, 0x5a, 0x1b, 0xd6, 0xb9, 0xfa, 0x85, 0x4f, 0x34, 0xa4, 0xda, 0x86, 0xa9, 0x56, + 0xfb, 0x95, 0x4b, 0x37, 0x26, 0xe7, 0x1b, 0x37, 0x6f, 0xf1, 0xef, 0xaf, 0x13, 0xe6, 0xb4, 0xd0, + 0xdd, 0xfd, 0xf5, 0x53, 0x07, 0xfb, 0xeb, 0xa0, 0x69, 0x38, 0xd1, 0x8a, 0x06, 0x50, 0xa2, 0x21, + 0x71, 0x57, 0x0b, 0x42, 0xfb, 0x56, 0xe3, 0x81, 0x77, 0xaf, 0xa1, 0xcd, 0xee, 0x84, 0xc4, 0x6d, + 0x2d, 0x2a, 0xd8, 0x12, 0x7f, 0xc3, 0x02, 0xc4, 0x7e, 0xc7, 0x82, 0x65, 0x2d, 0x76, 0xcd, 0xa3, + 0x0c, 0xbd, 0x3a, 0xb3, 0xc2, 0xc6, 0xc9, 0x56, 0xc8, 0xbf, 0x16, 0xeb, 0x3b, 0xad, 0x80, 0xaa, + 0x31, 0xc5, 0x58, 0xdd, 0x6d, 0x28, 0x7b, 0x8c, 0x8c, 0xe8, 0x6a, 0x61, 0xa3, 0x78, 0xae, 0x7e, + 0xe1, 0x52, 0x2e, 0xcb, 0x6b, 0x2d, 0x29, 0xc4, 0xf2, 0x16, 0xd7, 0x8d, 0x25, 0x84, 0xfd, 0xaf, + 0x82, 0xb9, 0x38, 0xbe, 0x6a, 0x74, 0x1e, 0xea, 0x34, 0x18, 0x47, 0x2e, 0xc1, 0x24, 0x0c, 0xe8, + 0xaa, 0xb5, 0x51, 0x3c, 0x57, 0x6b, 0xad, 0x1c, 0xec, 0xaf, 0xd7, 0x3b, 0x9a, 0x8c, 0x4d, 0x19, + 0xf4, 0x3d, 0x0b, 0x16, 0xbb, 0x84, 0x32, 0xcf, 0x17, 0xf8, 0xb1, 0xe5, 0x5f, 0x9c, 0xcf, 0xf2, + 0x98, 0xb8, 0xa9, 0x35, 0xb7, 0x1e, 0x57, 0xab, 0x58, 0x34, 0x88, 0x14, 0xa7, 0xc0, 0xd1, 0x73, + 0x50, 0xef, 0x12, 0xea, 0x46, 0x5e, 0xc8, 0xdf, 0x57, 0x8b, 0x1b, 0xd6, 0xb9, 0x5a, 0xeb, 0x31, + 0xf5, 0x61, 0x7d, 0x53, 0xb3, 0xb0, 0x29, 0x87, 0x06, 0x50, 0x8e, 0x82, 0x21, 0xa1, 0xab, 0x25, + 0x61, 0xfc, 0xe5, 0x39, 0x8c, 0x57, 0xee, 0xc4, 0xc1, 0x90, 0x68, 0xbf, 0xf3, 0x37, 0x8a, 0x25, + 0x86, 0xfd, 0xc7, 0x22, 0xd4, 0x8d, 0x25, 0x3e, 0x82, 0x33, 0x33, 0x4c, 0x9d, 0x99, 0xab, 0xf9, + 0x6c, 0xcd, 0x51, 0x87, 0x06, 0x31, 0xa8, 0x50, 0xe6, 0xb0, 0x31, 0x15, 0xee, 0xaf, 0x5f, 0xb8, + 0x96, 0x13, 0x9e, 0xd0, 0xd9, 0x5a, 0x56, 0x88, 0x15, 0xf9, 0x8e, 0x15, 0x16, 0x7a, 0x1d, 0x6a, + 0x41, 0xc8, 0x53, 0x13, 0xdf, 0xf7, 0x92, 0x00, 0xde, 0x9c, 0x03, 0xf8, 0x66, 0xac, 0xab, 0xb5, + 0x74, 0xb0, 0xbf, 0x5e, 0x4b, 0x5e, 0xb1, 0x46, 0xb1, 0x5d, 0x78, 0xdc, 0xb0, 0xaf, 0x1d, 0xf8, + 0x5d, 0x4f, 0x6c, 0xe8, 0x06, 0x94, 0xd8, 0x34, 0x24, 0x62, 0x33, 0x6b, 0xda, 0x45, 0xbb, 0xd3, + 0x90, 0x60, 0xc1, 0x41, 0x1f, 0x83, 0x85, 0x11, 0xa1, 0xd4, 0xe9, 0x11, 0xb1, 0x27, 0xb5, 0xd6, + 0x8a, 0x12, 0x5a, 0xb8, 0x2e, 0xc9, 0x38, 0xe6, 0xdb, 0xaf, 0xc3, 0x93, 0x87, 0x9f, 0x07, 0xf4, + 0x11, 0xa8, 0x50, 0x12, 0x4d, 0x48, 0xa4, 0x80, 0xb4, 0x67, 0x04, 0x15, 0x2b, 0x2e, 0x6a, 0x42, + 0xcd, 0x77, 0x46, 0x84, 0x86, 0x8e, 0x1b, 0xc3, 0x9d, 0x51, 0xa2, 0xb5, 0x1b, 0x31, 0x03, 0x6b, + 0x19, 0xfb, 0x6f, 0x16, 0xac, 0x18, 0x98, 0x8f, 0x20, 0xed, 0x0d, 0xd2, 0x69, 0xef, 0x72, 0x3e, + 0x11, 0x73, 0x44, 0xde, 0xfb, 0x7d, 0x11, 0xce, 0x98, 0x71, 0x25, 0x92, 0x19, 0xdf, 0x92, 0x88, + 0x84, 0xc1, 0x4b, 0xf8, 0x9a, 0x72, 0x67, 0xb2, 0x25, 0x58, 0x92, 0x71, 0xcc, 0xe7, 0xfb, 0x1b, + 0x3a, 0xac, 0xaf, 0x7c, 0x99, 0xec, 0xef, 0x8e, 0xc3, 0xfa, 0x58, 0x70, 0x78, 0x1a, 0x22, 0xfe, + 0xc4, 0x8b, 0x02, 0x7f, 0x44, 0x7c, 0x96, 0x4d, 0x43, 0x97, 0x34, 0x0b, 0x9b, 0x72, 0xe8, 0x0b, + 0xb0, 0xcc, 0x9c, 0xa8, 0x47, 0x18, 0x26, 0x13, 0x8f, 0xc6, 0x81, 0x5c, 0x6b, 0x3d, 0xa9, 0xbe, + 0x5c, 0xde, 0x4d, 0x71, 0x71, 0x46, 0x1a, 0xfd, 0xc6, 0x82, 0xa7, 0xdc, 0x60, 0x14, 0x06, 0x3e, + 0xf1, 0xd9, 0x8e, 0x13, 0x39, 0x23, 0xc2, 0x48, 0x74, 0x73, 0x42, 0xa2, 0xc8, 0xeb, 0x12, 0xba, + 0x5a, 0x16, 0xde, 0xbd, 0x3e, 0x87, 0x77, 0xdb, 0x33, 0xda, 0x5b, 0x4f, 0x2b, 0xe3, 0x9e, 0x6a, + 0x1f, 0x8d, 0x8c, 0xff, 0x93, 0x59, 0xbc, 0xea, 0x4c, 0x9c, 0xe1, 0x98, 0xd0, 0xcb, 0x1e, 0xcf, + 0xc1, 0x15, 0x5d, 0x75, 0x5e, 0xd6, 0x64, 0x6c, 0xca, 0xd8, 0xbf, 0x2b, 0xa4, 0x42, 0xb4, 0x13, + 0xe7, 0x1d, 0xb1, 0x97, 0x2a, 0x40, 0xf3, 0xca, 0x3b, 0x42, 0xa7, 0x71, 0xba, 0x64, 0xf1, 0x53, + 0x58, 0xe8, 0xdb, 0x96, 0x28, 0x39, 0xf1, 0xa9, 0x54, 0x39, 0xf6, 0x21, 0x94, 0x3f, 0xb3, 0x8a, + 0xc5, 0x44, 0x6c, 0x42, 0xf3, 0x10, 0x0e, 0x65, 0xf5, 0x51, 0x11, 0x97, 0x84, 0x70, 0x5c, 0x94, + 0x62, 0xbe, 0xfd, 0xb3, 0x4a, 0xfa, 0x0c, 0xc8, 0x1c, 0xfa, 0x23, 0x0b, 0x4e, 0xf3, 0x8d, 0x72, + 0x22, 0x8f, 0x06, 0x3e, 0x26, 0x74, 0x3c, 0x64, 0xca, 0x99, 0xdb, 0x73, 0x06, 0x8d, 0xa9, 0xb2, + 0xb5, 0xaa, 0xec, 0x3a, 0x9d, 0xe5, 0xe0, 0x19, 0x78, 0xc4, 0x60, 0xa1, 0xef, 0x51, 0x16, 0x44, + 0x53, 0x95, 0x1c, 0xe6, 0x69, 0xf9, 0x36, 0x49, 0x38, 0x0c, 0xa6, 0xfc, 0xac, 0x6d, 0xf9, 0x7b, + 0x81, 0xf6, 0xcf, 0x15, 0x89, 0x80, 0x63, 0x28, 0xf4, 0x0d, 0x0b, 0x20, 0x8c, 0x23, 0x95, 0x17, + 0xb2, 0x87, 0x70, 0x70, 0x92, 0x9a, 0x9d, 0x90, 0x28, 0x36, 0x40, 0x51, 0x00, 0x95, 0x3e, 0x71, + 0x86, 0xac, 0xaf, 0xca, 0xd9, 0x8b, 0x73, 0xc0, 0x5f, 0x11, 0x8a, 0xb2, 0x25, 0x54, 0x52, 0xb1, + 0x82, 0x41, 0xdf, 0xb2, 0x60, 0x39, 0xa9, 0x6e, 0x5c, 0x96, 0xac, 0x96, 0xe7, 0xee, 0xb2, 0x6f, + 0xa6, 0x14, 0xb6, 0x10, 0x4f, 0x63, 0x69, 0x1a, 0xce, 0x80, 0xa2, 0x6f, 0x5a, 0x00, 0x6e, 0x5c, + 0x4d, 0x65, 0x3e, 0xa8, 0x5f, 0xb8, 0x99, 0xcf, 0x89, 0x4a, 0xaa, 0xb4, 0x76, 0x7f, 0x42, 0xa2, + 0xd8, 0x80, 0xb5, 0xdf, 0xb5, 0xe0, 0x09, 0xe3, 0xc3, 0x2f, 0x39, 0xcc, 0xed, 0x5f, 0x9a, 0xf0, + 0x34, 0xbd, 0x9d, 0xaa, 0xef, 0x9f, 0x31, 0xeb, 0xfb, 0xfb, 0xfb, 0xeb, 0x1f, 0x3d, 0x6a, 0x8c, + 0xba, 0xc3, 0x35, 0x34, 0x84, 0x0a, 0xa3, 0x15, 0x78, 0x03, 0xea, 0x86, 0xcd, 0x2a, 0x7d, 0xe4, + 0x55, 0x00, 0x93, 0x9c, 0x61, 0x10, 0xb1, 0x89, 0x67, 0xff, 0xb9, 0x00, 0x0b, 0xed, 0xe1, 0x98, + 0x32, 0x12, 0x9d, 0xb8, 0xa1, 0xd8, 0x80, 0x12, 0x6f, 0x16, 0xb2, 0xf5, 0x8f, 0xf7, 0x12, 0x58, + 0x70, 0x50, 0x08, 0x15, 0x37, 0xf0, 0xf7, 0xbc, 0x9e, 0x6a, 0x01, 0xaf, 0xcc, 0x73, 0x72, 0xa4, + 0x75, 0x6d, 0xa1, 0x4f, 0xdb, 0x24, 0xdf, 0xb1, 0xc2, 0x41, 0x3f, 0xb0, 0x60, 0xc5, 0x0d, 0x7c, + 0x9f, 0xb8, 0x3a, 0x78, 0x4b, 0x73, 0xb7, 0xbb, 0xed, 0xb4, 0xc6, 0xd6, 0x07, 0x14, 0xfa, 0x4a, + 0x86, 0x81, 0xb3, 0xd8, 0xf6, 0xaf, 0x0b, 0xb0, 0x94, 0xb2, 0x1c, 0x3d, 0x03, 0xd5, 0x31, 0x25, + 0x91, 0xf0, 0x9c, 0xf4, 0x6f, 0xd2, 0x11, 0xbd, 0xa4, 0xe8, 0x38, 0x91, 0xe0, 0xd2, 0xa1, 0x43, + 0xe9, 0x9d, 0x20, 0xea, 0x2a, 0x3f, 0x27, 0xd2, 0x3b, 0x8a, 0x8e, 0x13, 0x09, 0xde, 0x6f, 0xdc, + 0x22, 0x4e, 0x44, 0xa2, 0xdd, 0x60, 0x40, 0x66, 0xc6, 0x9e, 0x96, 0x66, 0x61, 0x53, 0x4e, 0x38, + 0x8d, 0x0d, 0x69, 0x7b, 0xe8, 0x11, 0x9f, 0x49, 0x33, 0x73, 0x70, 0xda, 0xee, 0xb5, 0x8e, 0xa9, + 0x51, 0x3b, 0x2d, 0xc3, 0xc0, 0x59, 0x6c, 0xfb, 0x4f, 0x16, 0xd4, 0x95, 0xd3, 0x1e, 0x41, 0xd3, + 0xd9, 0x4b, 0x37, 0x9d, 0xad, 0xf9, 0x63, 0xf4, 0x88, 0x86, 0xf3, 0x97, 0x45, 0x98, 0xa9, 0x74, + 0xe8, 0x35, 0x9e, 0xe3, 0x38, 0x8d, 0x74, 0x2f, 0xc6, 0x45, 0xf6, 0xe3, 0x27, 0x5b, 0xdd, 0xae, + 0x37, 0x22, 0x66, 0xfa, 0x8a, 0xb5, 0x60, 0x43, 0x23, 0x7a, 0xd3, 0xd2, 0x00, 0xbb, 0x81, 0xca, + 0x2b, 0xf9, 0xb6, 0x44, 0x33, 0x26, 0xec, 0x06, 0xd8, 0xc0, 0x44, 0x9f, 0x4b, 0x06, 0xc1, 0xb2, + 0x08, 0x48, 0x3b, 0x3d, 0xba, 0xbd, 0x9f, 0x6a, 0x00, 0x32, 0xe3, 0xdc, 0x14, 0x6a, 0x11, 0x91, + 0x2d, 0x56, 0x5c, 0x01, 0xe6, 0x49, 0x22, 0x58, 0xe9, 0x92, 0xc7, 0x38, 0x19, 0x7f, 0x62, 0x32, + 0xc5, 0x1a, 0xcd, 0xfe, 0xbe, 0x05, 0x68, 0xb6, 0x5c, 0xf3, 0x31, 0x2a, 0x69, 0x62, 0xd5, 0x01, + 0x4e, 0xf4, 0x24, 0xe2, 0x58, 0xcb, 0x9c, 0x20, 0x4d, 0x3e, 0x0d, 0x65, 0xd1, 0xd4, 0xaa, 0x03, + 0x9b, 0x44, 0x8f, 0x68, 0x7b, 0xb1, 0xe4, 0xd9, 0x7f, 0xb0, 0x20, 0x9b, 0x6e, 0x44, 0xa6, 0x96, + 0x9e, 0xcd, 0x66, 0xea, 0xb4, 0x17, 0x4f, 0x3e, 0x67, 0xa2, 0x57, 0xa1, 0xee, 0x30, 0x46, 0x46, + 0x21, 0x13, 0x01, 0x59, 0xbc, 0xef, 0x80, 0x5c, 0xe6, 0x91, 0x70, 0x3d, 0xe8, 0x7a, 0x7b, 0x9e, + 0x08, 0x46, 0x53, 0x9d, 0xfd, 0x5e, 0x11, 0x96, 0xd3, 0xcd, 0x17, 0x1a, 0x43, 0x45, 0x34, 0x3b, + 0xf2, 0x9a, 0x29, 0xf7, 0xee, 0x2a, 0x71, 0x89, 0x20, 0x51, 0xac, 0xc0, 0x78, 0x62, 0x8d, 0xe2, + 0xe9, 0x2a, 0x93, 0x58, 0x93, 0xb9, 0x2a, 0x91, 0x38, 0x76, 0xa2, 0x2a, 0xfe, 0x6f, 0x4e, 0x54, + 0xaf, 0x01, 0x74, 0x85, 0xb7, 0xc5, 0x5e, 0x96, 0x1e, 0x3c, 0xb9, 0x6c, 0x26, 0x5a, 0xb0, 0xa1, + 0x11, 0x9d, 0x85, 0x82, 0xd7, 0x15, 0xa7, 0xba, 0xd8, 0x02, 0x25, 0x5b, 0xd8, 0xda, 0xc4, 0x05, + 0xaf, 0x6b, 0x53, 0x58, 0x34, 0xbb, 0xcd, 0x13, 0xc7, 0xea, 0x0b, 0xb0, 0x24, 0x9f, 0x36, 0x09, + 0x73, 0xbc, 0x21, 0x55, 0xbb, 0xf3, 0x84, 0x12, 0x5f, 0xea, 0x98, 0x4c, 0x9c, 0x96, 0xb5, 0x7f, + 0x5a, 0x00, 0xb8, 0x12, 0x04, 0x03, 0x85, 0x19, 0x1f, 0x3d, 0xeb, 0xc8, 0xa3, 0xb7, 0x01, 0xa5, + 0x81, 0xe7, 0x77, 0xb3, 0x87, 0x73, 0xdb, 0xf3, 0xbb, 0x58, 0x70, 0xd0, 0x05, 0x00, 0x27, 0xf4, + 0x5e, 0x26, 0x11, 0xd5, 0x37, 0x89, 0x89, 0x5f, 0x2e, 0xee, 0x6c, 0x29, 0x0e, 0x36, 0xa4, 0xd0, + 0x33, 0xaa, 0x33, 0x94, 0x63, 0xfb, 0x6a, 0xa6, 0x33, 0xac, 0x72, 0x0b, 0x8d, 0xd6, 0xef, 0xf9, + 0x4c, 0x7e, 0xdc, 0x98, 0xc9, 0x8f, 0xba, 0x53, 0xde, 0xe9, 0x3b, 0x94, 0x1c, 0x76, 0xae, 0x2b, + 0xc7, 0xdc, 0x1f, 0xbd, 0x00, 0xd5, 0xab, 0x77, 0x98, 0xac, 0xf7, 0x3c, 0x85, 0x45, 0xc4, 0xd1, + 0x27, 0xbc, 0x68, 0xa4, 0xb0, 0x98, 0x81, 0xb5, 0x8c, 0xfd, 0x0f, 0x0b, 0xf4, 0xd5, 0x17, 0xda, + 0x83, 0x12, 0x9d, 0xfa, 0xae, 0x2a, 0x56, 0xf3, 0xa4, 0xe3, 0xce, 0xd4, 0x77, 0xf5, 0x0d, 0x5b, + 0x55, 0x5c, 0x20, 0x4e, 0x7d, 0x17, 0x0b, 0xfd, 0x68, 0x02, 0xd5, 0x28, 0x18, 0x0e, 0x6f, 0x39, + 0xee, 0x20, 0x87, 0xba, 0x85, 0x95, 0x2a, 0x8d, 0xb7, 0x28, 0x0e, 0xbb, 0x22, 0xe3, 0x04, 0xcb, + 0xfe, 0x55, 0x19, 0x32, 0xa3, 0x09, 0x1a, 0x9b, 0xb7, 0x8a, 0x56, 0x8e, 0xb7, 0x8a, 0x89, 0xdf, + 0x0f, 0xbb, 0x59, 0x44, 0xcf, 0x41, 0x39, 0xe4, 0x1b, 0xae, 0xc2, 0x73, 0x3d, 0x2e, 0x0c, 0x22, + 0x0a, 0x0e, 0x89, 0x0b, 0x29, 0x6d, 0x86, 0x45, 0xf1, 0x98, 0x74, 0xff, 0x75, 0x00, 0xee, 0x6b, + 0x35, 0xe3, 0xcb, 0x0c, 0x71, 0x23, 0xaf, 0x1d, 0x55, 0x63, 0xbe, 0xa8, 0x08, 0x9d, 0x04, 0x05, + 0x1b, 0x88, 0xe8, 0xbb, 0x16, 0x2c, 0xc7, 0x8e, 0x57, 0x46, 0x94, 0x1f, 0x8a, 0x11, 0x62, 0xe0, + 0xc4, 0x29, 0x24, 0x9c, 0x41, 0x46, 0x5f, 0x86, 0x1a, 0x65, 0x4e, 0x24, 0xcf, 0x45, 0xe5, 0xbe, + 0xb3, 0x65, 0xb2, 0x97, 0x9d, 0x58, 0x09, 0xd6, 0xfa, 0xd0, 0x2b, 0x00, 0x7b, 0x9e, 0xef, 0xd1, + 0xbe, 0xd0, 0xbe, 0xf0, 0x60, 0x75, 0xf5, 0x72, 0xa2, 0x01, 0x1b, 0xda, 0xec, 0xbb, 0x16, 0xd4, + 0x8d, 0x1f, 0x0e, 0x27, 0xc8, 0x7b, 0xe7, 0xa0, 0x1a, 0x06, 0x43, 0xcf, 0xf5, 0x88, 0xec, 0x7b, + 0x6b, 0xf2, 0x34, 0xec, 0x28, 0x1a, 0x4e, 0xb8, 0x68, 0x04, 0xd5, 0xdb, 0x2a, 0x71, 0xa8, 0x6e, + 0xa0, 0x3d, 0xc7, 0xd6, 0xc4, 0x39, 0x48, 0xc2, 0xc5, 0x6f, 0x38, 0x81, 0xb0, 0xff, 0x52, 0x00, + 0x10, 0x7f, 0x94, 0x3c, 0x71, 0x01, 0xb3, 0x01, 0xa5, 0x88, 0x84, 0x41, 0x76, 0x25, 0x5c, 0x02, + 0x0b, 0x4e, 0x6a, 0x9e, 0x2a, 0xdc, 0xd7, 0x3c, 0x55, 0x3c, 0x76, 0x9e, 0xe2, 0xb5, 0x88, 0xf6, + 0x77, 0x22, 0x6f, 0xe2, 0x30, 0xb2, 0x4d, 0xa6, 0x2a, 0xa1, 0xeb, 0x5a, 0xd4, 0xb9, 0xa2, 0x99, + 0x38, 0x2d, 0x7b, 0xe8, 0x28, 0x5a, 0xfe, 0x2f, 0x8e, 0xa2, 0xef, 0x58, 0xb0, 0xac, 0x3d, 0xfb, + 0xff, 0xf5, 0x13, 0x53, 0xdb, 0x7d, 0xc4, 0x6c, 0xf5, 0x4f, 0x0b, 0x56, 0xe2, 0x2e, 0x5e, 0x35, + 0x03, 0xb9, 0x54, 0xff, 0xd4, 0x4f, 0x93, 0xe2, 0xf1, 0x3f, 0x4d, 0xcc, 0xdc, 0x5b, 0x3a, 0x26, + 0xf7, 0x7e, 0x3e, 0x53, 0xf7, 0x3f, 0x34, 0x53, 0xf7, 0x51, 0x32, 0xaf, 0x4c, 0x7d, 0x37, 0xdd, + 0x27, 0xd9, 0xbf, 0xb0, 0x60, 0x31, 0x66, 0xdf, 0x08, 0xba, 0x62, 0x8a, 0xa0, 0x22, 0xc8, 0xac, + 0xf4, 0x14, 0x21, 0xc3, 0x41, 0xf2, 0xd0, 0x18, 0xaa, 0x6e, 0xdf, 0x1b, 0x76, 0x23, 0xe2, 0xab, + 0x6d, 0x79, 0x31, 0x87, 0x71, 0x8a, 0xe3, 0xeb, 0x50, 0x68, 0x2b, 0x00, 0x9c, 0x40, 0xd9, 0xbf, + 0x2d, 0xc2, 0x52, 0x6a, 0xf6, 0x42, 0xcf, 0x41, 0x5d, 0xfe, 0xb5, 0xe8, 0x18, 0x36, 0x27, 0x57, + 0x15, 0xbb, 0x9a, 0x85, 0x4d, 0x39, 0xbe, 0x1f, 0x43, 0x6f, 0x22, 0x75, 0x64, 0x7f, 0x62, 0x5d, + 0x8b, 0x19, 0x58, 0xcb, 0x18, 0xc3, 0x67, 0xf1, 0xbe, 0x87, 0xcf, 0x1f, 0x5b, 0x80, 0xc4, 0x12, + 0xb8, 0xe6, 0x64, 0x46, 0x54, 0x3f, 0x87, 0x73, 0xf3, 0xdb, 0x59, 0x65, 0x11, 0x6a, 0xcf, 0x40, + 0xe1, 0x43, 0xe0, 0x8d, 0xfb, 0xe0, 0xf2, 0x23, 0xb9, 0x0f, 0xb6, 0xbf, 0x06, 0x67, 0x66, 0x9a, + 0x27, 0xd5, 0xfa, 0x5b, 0x87, 0xb5, 0xfe, 0x3c, 0x12, 0xc3, 0x68, 0xec, 0xcb, 0x0d, 0xaa, 0xea, + 0x48, 0xdc, 0xe1, 0x44, 0x2c, 0x79, 0x7c, 0x1e, 0xe8, 0x46, 0x53, 0x3c, 0x96, 0x55, 0xa5, 0xaa, + 0xd1, 0x37, 0x05, 0x15, 0x2b, 0xae, 0xfd, 0x9d, 0x02, 0x2c, 0xa5, 0x0a, 0x7a, 0x6a, 0x74, 0xb3, + 0x8e, 0x1d, 0xdd, 0xf2, 0x34, 0x06, 0xbd, 0x01, 0x8b, 0x54, 0x1c, 0xc5, 0xc8, 0x61, 0xa4, 0x37, + 0xcd, 0xe1, 0x46, 0xbe, 0x63, 0xa8, 0x6b, 0x9d, 0x3e, 0xd8, 0x5f, 0x5f, 0x34, 0x29, 0x38, 0x05, + 0x67, 0xff, 0xbc, 0x00, 0x8f, 0x1d, 0xd2, 0xdc, 0xa0, 0x3b, 0xe6, 0x2d, 0x89, 0x1c, 0xa3, 0xaf, + 0xe6, 0x10, 0x9e, 0x2a, 0x91, 0xca, 0x5f, 0xdf, 0x87, 0xdd, 0x91, 0xdc, 0xe7, 0x14, 0xbd, 0x07, + 0xe5, 0x7e, 0x10, 0x0c, 0xe2, 0x71, 0x79, 0x9e, 0x82, 0xa0, 0x87, 0xbc, 0x56, 0x8d, 0xef, 0x26, + 0x7f, 0xa7, 0x58, 0xaa, 0xb7, 0xdf, 0xb3, 0x20, 0xe5, 0x45, 0x34, 0x82, 0x32, 0xd7, 0x32, 0xcd, + 0xe1, 0x8f, 0xa0, 0xa9, 0xf7, 0x22, 0xd7, 0x29, 0xf1, 0xc5, 0x23, 0x96, 0x28, 0xc8, 0x83, 0x12, + 0x37, 0x44, 0x0d, 0x2d, 0xdb, 0x39, 0xa1, 0xf1, 0x25, 0xca, 0x19, 0x89, 0x3f, 0x61, 0x01, 0x61, + 0x3f, 0x0f, 0x67, 0x66, 0x2c, 0xe2, 0x21, 0xbf, 0x17, 0xc4, 0x3f, 0x40, 0x8d, 0x90, 0xbf, 0xcc, + 0x89, 0x58, 0xf2, 0x78, 0xfd, 0x38, 0x9d, 0x55, 0x8f, 0x7e, 0x62, 0xc1, 0x19, 0x9a, 0xd5, 0xf7, + 0x50, 0xbc, 0xf6, 0x41, 0x65, 0xd4, 0xac, 0xf9, 0x78, 0xd6, 0x02, 0xbe, 0xa3, 0xd9, 0x6b, 0x63, + 0x1e, 0x7b, 0x9e, 0x4f, 0x89, 0x3b, 0x8e, 0xe2, 0x85, 0x26, 0xb1, 0xb7, 0xa5, 0xe8, 0x38, 0x91, + 0xe0, 0x63, 0xbc, 0xfc, 0x6d, 0x71, 0x43, 0x37, 0x8a, 0xc9, 0x18, 0xdf, 0x49, 0x38, 0xd8, 0x90, + 0xe2, 0x4d, 0xb2, 0x4b, 0x22, 0xb6, 0xc9, 0xdb, 0x23, 0x9e, 0x17, 0x16, 0x65, 0xd7, 0xda, 0x56, + 0x34, 0x9c, 0x70, 0xd1, 0x87, 0x61, 0x61, 0x40, 0xa6, 0x42, 0xb0, 0x24, 0x04, 0xeb, 0xbc, 0xe2, + 0x6f, 0x4b, 0x12, 0x8e, 0x79, 0xc8, 0x86, 0x8a, 0xeb, 0x08, 0xa9, 0xb2, 0x90, 0x02, 0xf1, 0x07, + 0xe3, 0xa2, 0x10, 0x52, 0x9c, 0x56, 0xe3, 0xee, 0xbd, 0xb5, 0x53, 0x6f, 0xdd, 0x5b, 0x3b, 0xf5, + 0xf6, 0xbd, 0xb5, 0x53, 0x6f, 0x1e, 0xac, 0x59, 0x77, 0x0f, 0xd6, 0xac, 0xb7, 0x0e, 0xd6, 0xac, + 0xb7, 0x0f, 0xd6, 0xac, 0xbf, 0x1f, 0xac, 0x59, 0x3f, 0x7c, 0x77, 0xed, 0xd4, 0x2b, 0xd5, 0xd8, + 0xb5, 0xff, 0x0e, 0x00, 0x00, 0xff, 0xff, 0x7a, 0x1b, 0x36, 0xb0, 0x03, 0x29, 0x00, 0x00, } diff --git a/pkg/apis/application/v1alpha1/generated.proto b/pkg/apis/application/v1alpha1/generated.proto index 54a88c3787273..d17b8a6a1d5b8 100644 --- a/pkg/apis/application/v1alpha1/generated.proto +++ b/pkg/apis/application/v1alpha1/generated.proto @@ -254,8 +254,8 @@ message HookStatus { optional string message = 6; } -// JwtTokenMetadata holds the createdAt time of a token -message JwtTokenMetadata { +// JwtToken holds the createdAt time of a token +message JwtToken { optional int64 createdAt = 3; } @@ -296,13 +296,7 @@ message ProjectRole { repeated string policies = 2; - optional ProjectRoleMetatdata metadata = 3; -} - -// ProjectRoleMetatdata represents all the different types of roles a project can have -// ProjectRoleMetatdata only one of its members may be specified for a specific role -message ProjectRoleMetatdata { - optional JwtTokenMetadata jwtToken = 1; + optional JwtToken jwtToken = 3; } // Repository is a Git repository holding application configurations diff --git a/pkg/apis/application/v1alpha1/types.go b/pkg/apis/application/v1alpha1/types.go index 3b19a0f50e9e5..56444384a0ee3 100644 --- a/pkg/apis/application/v1alpha1/types.go +++ b/pkg/apis/application/v1alpha1/types.go @@ -479,19 +479,13 @@ func (proj *AppProject) GetRoleIndexByName(name string) (int, error) { // ProjectRole represents a role that has access to a project type ProjectRole struct { - Name string `json:"name" protobuf:"bytes,1,opt,name=name"` - Policies []string `json:"policies" protobuf:"bytes,2,rep,name=policies"` - Metadata *ProjectRoleMetatdata `json:"metadata" protobuf:"bytes,3,rep,name=metadata"` + Name string `json:"name" protobuf:"bytes,1,opt,name=name"` + Policies []string `json:"policies" protobuf:"bytes,2,rep,name=policies"` + JwtToken *JwtToken `json:"jwtToken" protobuf:"bytes,3,rep,name=jwtToken"` } -// ProjectRoleMetatdata represents all the different types of roles a project can have -// ProjectRoleMetatdata only one of its members may be specified for a specific role -type ProjectRoleMetatdata struct { - JwtToken *JwtTokenMetadata `protobuf:"bytes,1,opt,name=jwtToken"` -} - -// JwtTokenMetadata holds the createdAt time of a token -type JwtTokenMetadata struct { +// JwtToken holds the createdAt time of a token +type JwtToken struct { CreatedAt int64 `json:"createdAt" protobuf:"int64,3,opt,name=createdAt"` } diff --git a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go index 44d486e671045..35acda577f61c 100644 --- a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go @@ -494,17 +494,17 @@ func (in *HookStatus) DeepCopy() *HookStatus { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *JwtTokenMetadata) DeepCopyInto(out *JwtTokenMetadata) { +func (in *JwtToken) DeepCopyInto(out *JwtToken) { *out = *in return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JwtTokenMetadata. -func (in *JwtTokenMetadata) DeepCopy() *JwtTokenMetadata { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JwtToken. +func (in *JwtToken) DeepCopy() *JwtToken { if in == nil { return nil } - out := new(JwtTokenMetadata) + out := new(JwtToken) in.DeepCopyInto(out) return out } @@ -596,49 +596,24 @@ func (in *ProjectRole) DeepCopyInto(out *ProjectRole) { *out = make([]string, len(*in)) copy(*out, *in) } - if in.Metadata != nil { - in, out := &in.Metadata, &out.Metadata - if *in == nil { - *out = nil - } else { - *out = new(ProjectRoleMetatdata) - (*in).DeepCopyInto(*out) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectRole. -func (in *ProjectRole) DeepCopy() *ProjectRole { - if in == nil { - return nil - } - out := new(ProjectRole) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ProjectRoleMetatdata) DeepCopyInto(out *ProjectRoleMetatdata) { - *out = *in if in.JwtToken != nil { in, out := &in.JwtToken, &out.JwtToken if *in == nil { *out = nil } else { - *out = new(JwtTokenMetadata) + *out = new(JwtToken) **out = **in } } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectRoleMetatdata. -func (in *ProjectRoleMetatdata) DeepCopy() *ProjectRoleMetatdata { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectRole. +func (in *ProjectRole) DeepCopy() *ProjectRole { if in == nil { return nil } - out := new(ProjectRoleMetatdata) + out := new(ProjectRole) in.DeepCopyInto(out) return out } diff --git a/server/project/project.go b/server/project/project.go index 33f6d19b73f37..beacb978153c6 100644 --- a/server/project/project.go +++ b/server/project/project.go @@ -154,9 +154,7 @@ func (s *Server) CreateToken(ctx context.Context, q *ProjectTokenCreateRequest) return nil, err } issuedAt := jwtUtil.GetInt64Field(mapClaims, "iat") - - tokenMetadata := &v1alpha1.ProjectRoleMetatdata{JwtToken: &v1alpha1.JwtTokenMetadata{CreatedAt: issuedAt}} - token := v1alpha1.ProjectRole{Name: q.Token, Metadata: tokenMetadata} + token := v1alpha1.ProjectRole{Name: q.Token, JwtToken: &v1alpha1.JwtToken{CreatedAt: issuedAt}} project.Spec.Roles = append(project.Spec.Roles, token) _, err = s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Update(project) if err != nil { @@ -322,13 +320,10 @@ func validateProject(p *v1alpha1.AppProject) error { roleNames := make(map[string]bool) for _, role := range p.Spec.Roles { - if role.Metadata == nil { - return errors.New("Role must have a metadata") - } existingPolicies := make(map[string]bool) for _, policy := range role.Policies { var err error - if role.Metadata.JwtToken != nil { + if role.JwtToken != nil { err = validateJwtToken(p.Name, role.Name, policy) } else { err = validatePolicy(p.Name, policy) diff --git a/server/project/project_test.go b/server/project/project_test.go index c62a37bed222c..cd7faf635ae14 100644 --- a/server/project/project_test.go +++ b/server/project/project_test.go @@ -150,8 +150,8 @@ func TestProjectServer(t *testing.T) { sessionMgr := session.NewSessionManager(&settings.ArgoCDSettings{}) projWithToken := existingProj.DeepCopy() tokenName := "testToken" - tokenMetadata := &v1alpha1.ProjectRoleMetatdata{JwtToken: &v1alpha1.JwtTokenMetadata{CreatedAt: 1}} - token := v1alpha1.ProjectRole{Name: tokenName, Metadata: tokenMetadata} + + token := v1alpha1.ProjectRole{Name: tokenName, JwtToken: &v1alpha1.JwtToken{CreatedAt: 1}} projWithToken.Spec.Roles = append(projWithToken.Spec.Roles, token) projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, util.NewKeyLock(), sessionMgr) @@ -165,8 +165,7 @@ func TestProjectServer(t *testing.T) { sessionMgr := session.NewSessionManager(&settings.ArgoCDSettings{}) projWithToken := existingProj.DeepCopy() tokenName := "testToken" - tokenMetadata := &v1alpha1.ProjectRoleMetatdata{JwtToken: &v1alpha1.JwtTokenMetadata{CreatedAt: 1}} - token := v1alpha1.ProjectRole{Name: tokenName, Metadata: tokenMetadata} + token := v1alpha1.ProjectRole{Name: tokenName, JwtToken: &v1alpha1.JwtToken{CreatedAt: 1}} projWithToken.Spec.Roles = append(projWithToken.Spec.Roles, token) projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, util.NewKeyLock(), sessionMgr) _, err := projectServer.CreateToken(context.Background(), &ProjectTokenCreateRequest{Project: projWithToken.Name, Token: tokenName}) @@ -180,8 +179,7 @@ func TestProjectServer(t *testing.T) { roleName := "testRole" projWithRole := existingProj.DeepCopy() - roleMetadata := &v1alpha1.ProjectRoleMetatdata{JwtToken: &v1alpha1.JwtTokenMetadata{CreatedAt: 1}} - role := v1alpha1.ProjectRole{Name: roleName, Metadata: roleMetadata} + role := v1alpha1.ProjectRole{Name: roleName, JwtToken: &v1alpha1.JwtToken{CreatedAt: 1}} policy := fmt.Sprintf(policyTemplate, projWithRole.Name, roleName, action, projWithRole.Name, object) role.Policies = append(role.Policies, policy) projWithRole.Spec.Roles = append(projWithRole.Spec.Roles, role) @@ -201,8 +199,7 @@ func TestProjectServer(t *testing.T) { roleName := "testRole" projWithRole := existingProj.DeepCopy() - roleMetadata := &v1alpha1.ProjectRoleMetatdata{JwtToken: &v1alpha1.JwtTokenMetadata{CreatedAt: 1}} - role := v1alpha1.ProjectRole{Name: roleName, Metadata: roleMetadata} + role := v1alpha1.ProjectRole{Name: roleName, JwtToken: &v1alpha1.JwtToken{CreatedAt: 1}} policy := fmt.Sprintf(policyTemplate, projWithRole.Name, roleName, action, projWithRole.Name, object) role.Policies = append(role.Policies, policy) role.Policies = append(role.Policies, policy) @@ -223,8 +220,7 @@ func TestProjectServer(t *testing.T) { policyTemplate := "p, proj:%s:%s, projects, %s, %s/%s" projWithRole := existingProj.DeepCopy() - roleMetadata := &v1alpha1.ProjectRoleMetatdata{JwtToken: &v1alpha1.JwtTokenMetadata{CreatedAt: 1}} - role := v1alpha1.ProjectRole{Name: roleName, Metadata: roleMetadata} + role := v1alpha1.ProjectRole{Name: roleName, JwtToken: &v1alpha1.JwtToken{CreatedAt: 1}} policy := fmt.Sprintf(policyTemplate, projWithRole.Name, roleName, action, otherProject, object) role.Policies = append(role.Policies, policy) projWithRole.Spec.Roles = append(projWithRole.Spec.Roles, role) @@ -244,8 +240,7 @@ func TestProjectServer(t *testing.T) { policyTemplate := "p, proj:%s:%s, projects, %s, %s/%s" projWithRole := existingProj.DeepCopy() - roleMetadata := &v1alpha1.ProjectRoleMetatdata{JwtToken: &v1alpha1.JwtTokenMetadata{CreatedAt: 1}} - role := v1alpha1.ProjectRole{Name: roleName, Metadata: roleMetadata} + role := v1alpha1.ProjectRole{Name: roleName, JwtToken: &v1alpha1.JwtToken{CreatedAt: 1}} invalidPolicy := fmt.Sprintf(policyTemplate, otherProject, roleName, action, projWithRole.Name, object) role.Policies = append(role.Policies, invalidPolicy) projWithRole.Spec.Roles = append(projWithRole.Spec.Roles, role) @@ -265,8 +260,7 @@ func TestProjectServer(t *testing.T) { otherToken := "other-token" projWithRole := existingProj.DeepCopy() - roleMetadata := &v1alpha1.ProjectRoleMetatdata{JwtToken: &v1alpha1.JwtTokenMetadata{CreatedAt: 1}} - role := v1alpha1.ProjectRole{Name: roleName, Metadata: roleMetadata} + role := v1alpha1.ProjectRole{Name: roleName, JwtToken: &v1alpha1.JwtToken{CreatedAt: 1}} invalidPolicy := fmt.Sprintf(policyTemplate, projWithRole.Name, otherToken, action, projWithRole.Name, object) role.Policies = append(role.Policies, invalidPolicy) projWithRole.Spec.Roles = append(projWithRole.Spec.Roles, role) diff --git a/server/swagger.json b/server/swagger.json index 612319451e378..6d682a868eb3e 100644 --- a/server/swagger.json +++ b/server/swagger.json @@ -2291,9 +2291,9 @@ } } }, - "v1alpha1JwtTokenMetadata": { + "v1alpha1JwtToken": { "type": "object", - "title": "JwtTokenMetadata holds the createdAt time of a token", + "title": "JwtToken holds the createdAt time of a token", "properties": { "createdAt": { "type": "string", @@ -2346,8 +2346,8 @@ "type": "object", "title": "ProjectRole represents a role that has access to a project", "properties": { - "metadata": { - "$ref": "#/definitions/v1alpha1ProjectRoleMetatdata" + "jwtToken": { + "$ref": "#/definitions/v1alpha1JwtToken" }, "name": { "type": "string" @@ -2360,15 +2360,6 @@ } } }, - "v1alpha1ProjectRoleMetatdata": { - "type": "object", - "title": "ProjectRoleMetatdata represents all the different types of roles a project can have\nProjectRoleMetatdata only one of its members may be specified for a specific role", - "properties": { - "jwtToken": { - "$ref": "#/definitions/v1alpha1JwtTokenMetadata" - } - } - }, "v1alpha1Repository": { "type": "object", "title": "Repository is a Git repository holding application configurations", From c8b9c7218e1f58fe50fe4a2a0b46ab477eb5fc56 Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Wed, 8 Aug 2018 09:19:11 -0700 Subject: [PATCH 14/43] Move argocd specific rbac impl to server --- server/application/application_test.go | 4 +- server/project/project.go | 86 ++-------------- server/project/project_test.go | 61 +---------- server/server.go | 63 +++++++++++- server/server_test.go | 135 +++++++++++++++++++++++++ util/rbac/rbac.go | 49 +++------ util/rbac/rbac_test.go | 12 --- 7 files changed, 224 insertions(+), 186 deletions(-) create mode 100644 server/server_test.go diff --git a/server/application/application_test.go b/server/application/application_test.go index 885689dadb640..65eb8425b7c0b 100644 --- a/server/application/application_test.go +++ b/server/application/application_test.go @@ -78,7 +78,9 @@ func newTestAppServer() ApplicationServiceServer { enforcer := rbac.NewEnforcer(kubeclientset, testNamespace, common.ArgoCDRBACConfigMapName, nil) enforcer.SetBuiltinPolicy(test.BuiltinPolicy) enforcer.SetDefaultRole("role:admin") - + enforcer.SetClaimsEnforcerFunc(func(rvals ...interface{}) bool { + return true + }) db := db.NewDB(testNamespace, kubeclientset) ctx := context.Background() _, err := db.CreateRepository(ctx, fakeRepo()) diff --git a/server/project/project.go b/server/project/project.go index beacb978153c6..ad60a6bdead03 100644 --- a/server/project/project.go +++ b/server/project/project.go @@ -2,7 +2,6 @@ package project import ( "context" - "errors" "fmt" "strings" @@ -17,9 +16,6 @@ import ( jwtUtil "github.com/argoproj/argo-cd/util/jwt" "github.com/argoproj/argo-cd/util/rbac" "github.com/argoproj/argo-cd/util/session" - "github.com/casbin/casbin" - jwt "github.com/dgrijalva/jwt-go" - scas "github.com/qiangmzsx/string-adapter" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" "k8s.io/api/core/v1" @@ -50,77 +46,9 @@ func NewServer(ns string, kubeclientset kubernetes.Interface, appclientset appcl return &Server{enf: enf, appclientset: appclientset, kubeclientset: kubeclientset, ns: ns, projectLock: projectLock, auditLogger: auditLogger, sessionMgr: sessionMgr} } -func defaultEnforceClaims(rvals ...interface{}) bool { - s, ok := rvals[0].(*Server) - if !ok { - return false - } - claims, ok := rvals[1].(jwt.Claims) - if !ok { - if rvals[1] == nil { - vals := append([]interface{}{""}, rvals[2:]...) - return s.enf.Enforce(vals...) - } - return s.enf.Enforce(rvals...) - } - - mapClaims, err := jwtUtil.MapClaims(claims) - if err != nil { - vals := append([]interface{}{""}, rvals[2:]...) - return s.enf.Enforce(vals...) - } - groups := jwtUtil.GetGroups(mapClaims) - for _, group := range groups { - vals := append([]interface{}{group}, rvals[2:]...) - if s.enf.Enforcer.Enforce(vals...) { - return true - } - } - user := jwtUtil.GetField(mapClaims, "sub") - if strings.HasPrefix(user, "proj:") { - return s.enforceJwtToken(user, mapClaims, rvals[1:]...) - } - vals := append([]interface{}{user}, rvals[2:]...) - return s.enf.Enforce(vals...) -} - -func (s *Server) enforceJwtToken(user string, mapClaims jwt.MapClaims, rvals ...interface{}) bool { - userSplit := strings.Split(user, ":") - if len(userSplit) != 3 { - return false - } - projName := userSplit[1] - tokenName := userSplit[2] - proj, err := s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Get(projName, metav1.GetOptions{}) - if err != nil { - return false - } - index, err := proj.GetRoleIndexByName(tokenName) - if err != nil { - return false - } - if proj.Spec.Roles[index].Metadata.JwtToken == nil { - return false - } - iat := jwtUtil.GetInt64Field(mapClaims, "iat") - if proj.Spec.Roles[index].Metadata.JwtToken.CreatedAt != iat { - return false - } - vals := append([]interface{}{user}, rvals[1:]...) - return enforceCustomPolicy(proj.ProjectPoliciesString(), vals...) -} - -func enforceCustomPolicy(projPolicy string, rvals ...interface{}) bool { - model := rbac.LoadModel() - adapter := scas.NewAdapter(projPolicy) - enf := casbin.NewEnforcer(model, adapter) - enf.EnableLog(false) - return enf.Enforce(rvals...) -} - // CreateToken creates a new token to access a project func (s *Server) CreateToken(ctx context.Context, q *ProjectTokenCreateRequest) (*ProjectTokenResponse, error) { - if !s.enf.EnforceClaims(s, ctx.Value("claims"), "projects", "update", q.Project) { + if !s.enf.EnforceClaims(ctx.Value("claims"), "projects", "update", q.Project) { return nil, grpc.ErrPermissionDenied } project, err := s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Get(q.Project, metav1.GetOptions{}) @@ -167,7 +95,7 @@ func (s *Server) CreateToken(ctx context.Context, q *ProjectTokenCreateRequest) // Create a new project. func (s *Server) Create(ctx context.Context, q *ProjectCreateRequest) (*v1alpha1.AppProject, error) { - if !s.enf.EnforceClaims(s, ctx.Value("claims"), "projects", "create", q.Project.Name) { + if !s.enf.EnforceClaims(ctx.Value("claims"), "projects", "create", q.Project.Name) { return nil, grpc.ErrPermissionDenied } if q.Project.Name == common.DefaultAppProjectName { @@ -192,7 +120,7 @@ func (s *Server) List(ctx context.Context, q *ProjectQuery) (*v1alpha1.AppProjec newItems := make([]v1alpha1.AppProject, 0) for i := range list.Items { project := list.Items[i] - if s.enf.EnforceClaims(s, ctx.Value("claims"), "projects", "get", project.Name) { + if s.enf.EnforceClaims(ctx.Value("claims"), "projects", "get", project.Name) { newItems = append(newItems, project) } } @@ -203,7 +131,7 @@ func (s *Server) List(ctx context.Context, q *ProjectQuery) (*v1alpha1.AppProjec // Get returns a project by name func (s *Server) Get(ctx context.Context, q *ProjectQuery) (*v1alpha1.AppProject, error) { - if !s.enf.EnforceClaims(s, ctx.Value("claims"), "projects", "get", q.Name) { + if !s.enf.EnforceClaims(ctx.Value("claims"), "projects", "get", q.Name) { return nil, grpc.ErrPermissionDenied } return s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Get(q.Name, metav1.GetOptions{}) @@ -350,7 +278,7 @@ func validateProject(p *v1alpha1.AppProject) error { // DeleteToken deletes a token in a project func (s *Server) DeleteToken(ctx context.Context, q *ProjectTokenDeleteRequest) (*EmptyResponse, error) { - if !s.enf.EnforceClaims(s, ctx.Value("claims"), "projects", "delete", q.Project) { + if !s.enf.EnforceClaims(ctx.Value("claims"), "projects", "delete", q.Project) { return nil, grpc.ErrPermissionDenied } project, err := s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Get(q.Project, metav1.GetOptions{}) @@ -385,7 +313,7 @@ func (s *Server) Update(ctx context.Context, q *ProjectUpdateRequest) (*v1alpha1 if q.Project.Name == common.DefaultAppProjectName { return nil, grpc.ErrPermissionDenied } - if !s.enf.EnforceClaims(s, ctx.Value("claims"), "projects", "update", q.Project.Name) { + if !s.enf.EnforceClaims(ctx.Value("claims"), "projects", "update", q.Project.Name) { return nil, grpc.ErrPermissionDenied } err := validateProject(q.Project) @@ -441,7 +369,7 @@ func (s *Server) Update(ctx context.Context, q *ProjectUpdateRequest) (*v1alpha1 // Delete deletes a project func (s *Server) Delete(ctx context.Context, q *ProjectQuery) (*EmptyResponse, error) { - if !s.enf.EnforceClaims(s, ctx.Value("claims"), "projects", "delete", q.Name) { + if !s.enf.EnforceClaims(ctx.Value("claims"), "projects", "delete", q.Name) { return nil, grpc.ErrPermissionDenied } diff --git a/server/project/project_test.go b/server/project/project_test.go index cd7faf635ae14..a87f13fa996a3 100644 --- a/server/project/project_test.go +++ b/server/project/project_test.go @@ -5,7 +5,6 @@ import ( "fmt" "testing" - jwt "github.com/dgrijalva/jwt-go" "github.com/stretchr/testify/assert" "google.golang.org/grpc" "google.golang.org/grpc/codes" @@ -27,6 +26,9 @@ func TestProjectServer(t *testing.T) { enforcer := rbac.NewEnforcer(fake.NewSimpleClientset(), "default", common.ArgoCDRBACConfigMapName, nil) enforcer.SetBuiltinPolicy(test.BuiltinPolicy) enforcer.SetDefaultRole("role:admin") + enforcer.SetClaimsEnforcerFunc(func(rvals ...interface{}) bool { + return true + }) existingProj := v1alpha1.AppProject{ ObjectMeta: v1.ObjectMeta{Name: "test", Namespace: "default"}, Spec: v1alpha1.AppProjectSpec{ @@ -272,60 +274,3 @@ func TestProjectServer(t *testing.T) { assert.EqualError(t, err, expectedErr) }) } - -func TestEnforceJwtToken(t *testing.T) { - projectName := "testProj" - tokenName := "testToken" - subFormat := "proj:%s:%s" - fakeNamespace := "fakeNamespace" - sub := fmt.Sprintf(subFormat, projectName, tokenName) - policy := fmt.Sprintf("p, %s, projects, get, %s", sub, projectName) - createdAt := int64(1) - - tokenMetadata := &v1alpha1.ProjectRoleMetatdata{JwtToken: &v1alpha1.JwtTokenMetadata{CreatedAt: createdAt}} - role := v1alpha1.ProjectRole{Name: tokenName, Policies: []string{policy}, Metadata: tokenMetadata} - existingProj := v1alpha1.AppProject{ - ObjectMeta: v1.ObjectMeta{Name: projectName, Namespace: fakeNamespace}, - Spec: v1alpha1.AppProjectSpec{ - Roles: []v1alpha1.ProjectRole{role}, - }, - } - enforcer := rbac.NewEnforcer(fake.NewSimpleClientset(), fakeNamespace, common.ArgoCDRBACConfigMapName, nil) - - t.Run("TestEnforceJwtTokenSuccessful", func(t *testing.T) { - s := NewServer(fakeNamespace, fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj), enforcer, util.NewKeyLock(), nil) - claims := jwt.MapClaims{"sub": sub, "iat": createdAt} - assert.True(t, s.enf.EnforceClaims(s, claims, "projects", "get", projectName)) - }) - - t.Run("TestEnforceJwtTokenWithDiffCreateAtFailure", func(t *testing.T) { - s := NewServer(fakeNamespace, fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj), enforcer, util.NewKeyLock(), nil) - - diffCreateAt := createdAt + 1 - claims := jwt.MapClaims{"sub": sub, "iat": diffCreateAt} - assert.False(t, s.enf.EnforceClaims(s, claims, "projects", "get", projectName)) - }) - - t.Run("TestEnforceJwtTokenIncorrectSubFormatFailure", func(t *testing.T) { - s := NewServer(fakeNamespace, fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj), enforcer, util.NewKeyLock(), nil) - invalidSub := "proj:test" - claims := jwt.MapClaims{"sub": invalidSub, "iat": createdAt} - assert.False(t, s.enf.EnforceClaims(s, claims, "projects", "get", projectName)) - }) - - t.Run("TestEnforceJwtTokenNoTokenFailure", func(t *testing.T) { - s := NewServer(fakeNamespace, fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj), enforcer, util.NewKeyLock(), nil) - nonExistentToken := "fake-token" - invalidSub := fmt.Sprintf(subFormat, projectName, nonExistentToken) - claims := jwt.MapClaims{"sub": invalidSub, "iat": createdAt} - assert.False(t, s.enf.EnforceClaims(s, claims, "projects", "get", projectName)) - }) - - t.Run("TestEnforceJwtTokenNotJwtTokenFailure", func(t *testing.T) { - proj := existingProj.DeepCopy() - proj.Spec.Roles[0].Metadata.JwtToken = nil - s := NewServer(fakeNamespace, fake.NewSimpleClientset(), apps.NewSimpleClientset(proj), enforcer, util.NewKeyLock(), nil) - claims := jwt.MapClaims{"sub": sub, "iat": createdAt} - assert.False(t, s.enf.EnforceClaims(s, claims, "projects", "get", projectName)) - }) -} diff --git a/server/server.go b/server/server.go index a6ee0610bcff2..077f40b23a471 100644 --- a/server/server.go +++ b/server/server.go @@ -12,6 +12,8 @@ import ( "strings" "time" + jwtUtil "github.com/argoproj/argo-cd/util/jwt" + jwt "github.com/dgrijalva/jwt-go" "github.com/gobuffalo/packr" golang_proto "github.com/golang/protobuf/proto" "github.com/grpc-ecosystem/go-grpc-middleware" @@ -56,6 +58,7 @@ import ( tlsutil "github.com/argoproj/argo-cd/util/tls" "github.com/argoproj/argo-cd/util/webhook" netCtx "golang.org/x/net/context" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) var ( @@ -332,7 +335,7 @@ func (a *ArgoCDServer) newGRPCServer() *grpc.Server { grpc_util.ErrorCodeUnaryServerInterceptor(), grpc_util.PanicLoggerUnaryServerInterceptor(a.log), ))) - + a.enf.SetClaimsEnforcerFunc(defaultEnforceClaims(a.enf, a.AppClientset, a.Namespace)) grpcS := grpc.NewServer(sOpts...) db := db.NewDB(a.Namespace, a.KubeClientset) clusterService := cluster.NewServer(db, a.enf) @@ -593,3 +596,61 @@ func bug21955WorkaroundInterceptor(ctx context.Context, req interface{}, _ *grpc } return handler(ctx, req) } + +func defaultEnforceClaims(enf *rbac.Enforcer, a appclientset.Interface, namespace string) func(rvals ...interface{}) bool { + return func(rvals ...interface{}) bool { + claims, ok := rvals[0].(jwt.Claims) + if !ok { + if rvals[0] == nil { + vals := append([]interface{}{""}, rvals[1:]...) + return enf.Enforce(vals...) + } + return enf.Enforce(rvals...) + } + + mapClaims, err := jwtUtil.MapClaims(claims) + if err != nil { + vals := append([]interface{}{""}, rvals[1:]...) + return enf.Enforce(vals...) + } + groups := jwtUtil.GetGroups(mapClaims) + for _, group := range groups { + vals := append([]interface{}{group}, rvals[1:]...) + if enf.Enforcer.Enforce(vals...) { + return true + } + } + user := jwtUtil.GetField(mapClaims, "sub") + if strings.HasPrefix(user, "proj:") { + return enforceJwtToken(enf, a, namespace, user, mapClaims, rvals...) + } + vals := append([]interface{}{user}, rvals[1:]...) + return enf.Enforce(vals...) + } +} + +func enforceJwtToken(enf *rbac.Enforcer, a appclientset.Interface, namespace string, user string, mapClaims jwt.MapClaims, rvals ...interface{}) bool { + userSplit := strings.Split(user, ":") + if len(userSplit) != 3 { + return false + } + projName := userSplit[1] + tokenName := userSplit[2] + proj, err := a.ArgoprojV1alpha1().AppProjects(namespace).Get(projName, metav1.GetOptions{}) + if err != nil { + return false + } + index, err := proj.GetRoleIndexByName(tokenName) + if err != nil { + return false + } + if proj.Spec.Roles[index].JwtToken == nil { + return false + } + iat := jwtUtil.GetInt64Field(mapClaims, "iat") + if proj.Spec.Roles[index].JwtToken.CreatedAt != iat { + return false + } + vals := append([]interface{}{user}, rvals[1:]...) + return enf.EnforceCustomPolicy(proj.ProjectPoliciesString(), vals...) +} diff --git a/server/server_test.go b/server/server_test.go new file mode 100644 index 0000000000000..1346787e9de2e --- /dev/null +++ b/server/server_test.go @@ -0,0 +1,135 @@ +package server + +import ( + "fmt" + "testing" + + "github.com/argoproj/argo-cd/common" + "github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1" + apps "github.com/argoproj/argo-cd/pkg/client/clientset/versioned/fake" + "github.com/argoproj/argo-cd/util/rbac" + jwt "github.com/dgrijalva/jwt-go" + "github.com/stretchr/testify/assert" + apiv1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1" + + "k8s.io/client-go/kubernetes/fake" +) + +const ( + fakeNamespace = "fake-ns" + builtinPolicyFile = "builtin-policy.csv" +) + +func fakeConfigMap() *apiv1.ConfigMap { + cm := apiv1.ConfigMap{ + TypeMeta: v1.TypeMeta{ + Kind: "ConfigMap", + APIVersion: "v1", + }, + ObjectMeta: v1.ObjectMeta{ + Name: common.ArgoCDConfigMapName, + Namespace: fakeNamespace, + }, + Data: make(map[string]string), + } + return &cm +} + +func fakeSecret(policy ...string) *apiv1.Secret { + secret := apiv1.Secret{ + TypeMeta: v1.TypeMeta{ + Kind: "Secret", + APIVersion: "v1", + }, + ObjectMeta: v1.ObjectMeta{ + Name: common.ArgoCDSecretName, + Namespace: fakeNamespace, + }, + Data: make(map[string][]byte), + } + return &secret +} + +func TestEnforceJwtToken(t *testing.T) { + projectName := "testProj" + tokenName := "testToken" + subFormat := "proj:%s:%s" + sub := fmt.Sprintf(subFormat, projectName, tokenName) + policy := fmt.Sprintf("p, %s, projects, get, %s", sub, projectName) + createdAt := int64(1) + + token := v1alpha1.ProjectRole{Name: tokenName, Policies: []string{policy}, JwtToken: &v1alpha1.JwtToken{CreatedAt: createdAt}} + existingProj := v1alpha1.AppProject{ + ObjectMeta: v1.ObjectMeta{Name: projectName, Namespace: fakeNamespace}, + Spec: v1alpha1.AppProjectSpec{ + Roles: []v1alpha1.ProjectRole{token}, + }, + } + cm := fakeConfigMap() + secret := fakeSecret() + kubeclientset := fake.NewSimpleClientset(cm, secret) + + t.Run("TestEnforceJwtTokenSuccessful", func(t *testing.T) { + s := NewServer(ArgoCDServerOpts{Namespace: fakeNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj)}) + s.newGRPCServer() + claims := jwt.MapClaims{"sub": sub, "iat": createdAt} + assert.True(t, s.enf.EnforceClaims(claims, "projects", "get", projectName)) + }) + + t.Run("TestEnforceJwtTokenWithDiffCreateAtFailure", func(t *testing.T) { + s := NewServer(ArgoCDServerOpts{Namespace: fakeNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj)}) + s.newGRPCServer() + diffCreateAt := createdAt + 1 + claims := jwt.MapClaims{"sub": sub, "iat": diffCreateAt} + assert.False(t, s.enf.EnforceClaims(claims, "projects", "get", projectName)) + }) + + t.Run("TestEnforceJwtTokenIncorrectSubFormatFailure", func(t *testing.T) { + s := NewServer(ArgoCDServerOpts{Namespace: fakeNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj)}) + s.newGRPCServer() + invalidSub := "proj:test" + claims := jwt.MapClaims{"sub": invalidSub, "iat": createdAt} + assert.False(t, s.enf.EnforceClaims(claims, "projects", "get", projectName)) + }) + + t.Run("TestEnforceJwtTokenNoTokenFailure", func(t *testing.T) { + s := NewServer(ArgoCDServerOpts{Namespace: fakeNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj)}) + s.newGRPCServer() + nonExistentToken := "fake-token" + invalidSub := fmt.Sprintf(subFormat, projectName, nonExistentToken) + claims := jwt.MapClaims{"sub": invalidSub, "iat": createdAt} + assert.False(t, s.enf.EnforceClaims(claims, "projects", "get", projectName)) + }) + + t.Run("TestEnforceJwtTokenNotJwtTokenFailure", func(t *testing.T) { + proj := existingProj.DeepCopy() + proj.Spec.Roles[0].JwtToken = nil + s := NewServer(ArgoCDServerOpts{Namespace: fakeNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(proj)}) + s.newGRPCServer() + claims := jwt.MapClaims{"sub": sub, "iat": createdAt} + assert.False(t, s.enf.EnforceClaims(claims, "projects", "get", projectName)) + }) +} +func TestDefaultRoleWithClaims(t *testing.T) { + kubeclientset := fake.NewSimpleClientset() + enf := rbac.NewEnforcer(kubeclientset, fakeNamespace, common.ArgoCDConfigMapName, nil) + enf.SetBuiltinPolicy(box.String(builtinPolicyFile)) + enf.SetClaimsEnforcerFunc(defaultEnforceClaims(enf, nil, fakeNamespace)) + claims := jwt.MapClaims{"groups": []string{"org1:team1", "org2:team2"}} + + assert.False(t, enf.EnforceClaims(claims, "applications", "get", "foo/bar")) + // after setting the default role to be the read-only role, this should now pass + enf.SetDefaultRole("role:readonly") + assert.True(t, enf.EnforceClaims(claims, "applications", "get", "foo/bar")) +} + +func TestEnforceNilClaims(t *testing.T) { + kubeclientset := fake.NewSimpleClientset(fakeConfigMap()) + enf := rbac.NewEnforcer(kubeclientset, fakeNamespace, common.ArgoCDConfigMapName, nil) + enf.SetBuiltinPolicy(box.String(builtinPolicyFile)) + enf.SetClaimsEnforcerFunc(defaultEnforceClaims(enf, nil, fakeNamespace)) + assert.False(t, enf.EnforceClaims(nil, "applications", "get", "foo/obj")) + enf.SetDefaultRole("role:readonly") + assert.True(t, enf.EnforceClaims(nil, "applications", "get", "foo/obj")) +} diff --git a/util/rbac/rbac.go b/util/rbac/rbac.go index 01bf83cca4595..57774d17825b5 100644 --- a/util/rbac/rbac.go +++ b/util/rbac/rbac.go @@ -7,7 +7,6 @@ import ( "github.com/casbin/casbin" "github.com/casbin/casbin/model" - jwt "github.com/dgrijalva/jwt-go" "github.com/gobuffalo/packr" scas "github.com/qiangmzsx/string-adapter" log "github.com/sirupsen/logrus" @@ -18,9 +17,6 @@ import ( v1 "k8s.io/client-go/informers/core/v1" "k8s.io/client-go/kubernetes" "k8s.io/client-go/tools/cache" - - appclientset "github.com/argoproj/argo-cd/pkg/client/clientset/versioned" - jwtutil "github.com/argoproj/argo-cd/util/jwt" ) const ( @@ -46,17 +42,16 @@ type Enforcer struct { defaultRole string builtinPolicy string userDefinedPolicy string - appclientset appclientset.Interface } -func LoadModel() model.Model { +func loadModel() model.Model { box := packr.NewBox(".") modelConf := box.String(builtinModelFile) return casbin.NewModel(modelConf) } func NewEnforcer(clientset kubernetes.Interface, namespace, configmap string, claimsEnforcer ClaimsEnforcerFunc) *Enforcer { - model := LoadModel() + model := loadModel() adapter := scas.NewAdapter("") enf := casbin.NewEnforcer(model, adapter) enf.EnableLog(false) @@ -96,42 +91,26 @@ func (e *Enforcer) Enforce(rvals ...interface{}) bool { return e.Enforcer.Enforce(rvals...) } +// EnforceCustomPolicy enforce a custom policy with the buildin and user defined policies in case of explicit deny of that resource +func (e *Enforcer) EnforceCustomPolicy(policy string, rvals ...interface{}) bool { + model := loadModel() + policies := fmt.Sprintf("%s\n%s\n%s", e.builtinPolicy, e.userDefinedPolicy, policy) + adapter := scas.NewAdapter(policies) + enf := casbin.NewEnforcer(model, adapter) + enf.EnableLog(false) + return enf.Enforce(rvals...) +} + // EnforceClaims checks if the first value is a jwt.Claims and runs enforce against its groups and sub func (e *Enforcer) EnforceClaims(rvals ...interface{}) bool { - // Use default claims enforcer if it is nil + // Return false if no enforcer is provided if e.claimsEnforcerFunc == nil { - return e.defaultEnforceClaims(rvals...) + return false } return e.claimsEnforcerFunc(rvals...) } -func (e *Enforcer) defaultEnforceClaims(rvals ...interface{}) bool { - claims, ok := rvals[0].(jwt.Claims) - if !ok { - if rvals[0] == nil { - vals := append([]interface{}{""}, rvals[1:]...) - return e.Enforce(vals...) - } - return e.Enforce(rvals...) - } - mapClaims, err := jwtutil.MapClaims(claims) - if err != nil { - vals := append([]interface{}{""}, rvals[1:]...) - return e.Enforce(vals...) - } - groups := jwtutil.GetGroups(mapClaims) - for _, group := range groups { - vals := append([]interface{}{group}, rvals[1:]...) - if e.Enforcer.Enforce(vals...) { - return true - } - } - user := jwtutil.GetField(mapClaims, "sub") - vals := append([]interface{}{user}, rvals[1:]...) - return e.Enforce(vals...) -} - // SetBuiltinPolicy sets a built-in policy, which augments any user defined policies func (e *Enforcer) SetBuiltinPolicy(policy string) error { e.builtinPolicy = policy diff --git a/util/rbac/rbac_test.go b/util/rbac/rbac_test.go index f6796acda1d8b..382482d4eb0bb 100644 --- a/util/rbac/rbac_test.go +++ b/util/rbac/rbac_test.go @@ -247,14 +247,11 @@ func TestDefaultRole(t *testing.T) { err := enf.syncUpdate(fakeConfigMap()) assert.Nil(t, err) enf.SetBuiltinPolicy(box.String(builtinPolicyFile)) - claims := jwt.MapClaims{"groups": []string{"org1:team1", "org2:team2"}} assert.False(t, enf.Enforce("bob", "applications", "get", "foo/bar")) - assert.False(t, enf.EnforceClaims(claims, "applications", "get", "foo/bar")) // after setting the default role to be the read-only role, this should now pass enf.SetDefaultRole("role:readonly") assert.True(t, enf.Enforce("bob", "applications", "get", "foo/bar")) - assert.True(t, enf.EnforceClaims(claims, "applications", "get", "foo/bar")) } // TestURLAsObjectName tests the ability to have a URL as an object name @@ -278,15 +275,6 @@ p, cathy, repositories, *, foo/*, allow } -func TestEnforceNilClaims(t *testing.T) { - kubeclientset := fake.NewSimpleClientset(fakeConfigMap()) - enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfgMapName, nil) - enf.SetBuiltinPolicy(box.String(builtinPolicyFile)) - assert.False(t, enf.EnforceClaims(nil, "applications", "get", "foo/obj")) - enf.SetDefaultRole("role:readonly") - assert.True(t, enf.EnforceClaims(nil, "applications", "get", "foo/obj")) -} - func TestEnableDisableEnforce(t *testing.T) { kubeclientset := fake.NewSimpleClientset(fakeConfigMap()) enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfgMapName, nil) From 49bb3ba4468b48afa7af558138d60d33c8ef788d Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Wed, 8 Aug 2018 10:43:17 -0700 Subject: [PATCH 15/43] Restrict tokens to applications instead of projects --- server/project/project.go | 6 +++--- server/project/project_test.go | 17 +++++++---------- server/server_test.go | 34 ++++++++++++++++++++++++++++++++++ util/rbac/rbac_test.go | 31 ------------------------------- 4 files changed, 44 insertions(+), 44 deletions(-) diff --git a/server/project/project.go b/server/project/project.go index ad60a6bdead03..0e0c75eda614c 100644 --- a/server/project/project.go +++ b/server/project/project.go @@ -183,8 +183,8 @@ func validateJwtToken(proj string, token string, policy string) error { return err } policyComponents := strings.Split(policy, ",") - if strings.Trim(policyComponents[2], " ") != "projects" { - return status.Errorf(codes.InvalidArgument, "incorrect format for '%s' as JWT tokens can only access projects", policy) + if strings.Trim(policyComponents[2], " ") != "applications" { + return status.Errorf(codes.InvalidArgument, "incorrect format for '%s' as JWT tokens can only access applications", policy) } roleComponents := strings.Split(strings.Trim(policyComponents[1], " "), ":") if len(roleComponents) != 3 { @@ -220,7 +220,7 @@ func validatePolicy(proj string, policy string) error { return status.Errorf(codes.InvalidArgument, "incorrect policy format for '%s' as action must be longer than 0 characters:", policy) } if !strings.HasPrefix(strings.Trim(policyComponents[4], " "), proj) { - return status.Errorf(codes.InvalidArgument, "incorrect policy format for '%s' as policies can't grant access to other roles or projects", policy) + return status.Errorf(codes.InvalidArgument, "incorrect policy format for '%s' as policies can't grant access to other projects", policy) } return nil } diff --git a/server/project/project_test.go b/server/project/project_test.go index a87f13fa996a3..a0f0a2db64f63 100644 --- a/server/project/project_test.go +++ b/server/project/project_test.go @@ -40,7 +40,7 @@ func TestProjectServer(t *testing.T) { }, } - policyTemplate := "p, proj:%s:%s, projects, %s, %s/%s" + policyTemplate := "p, proj:%s:%s, applications, %s, %s/%s" t.Run("TestRemoveDestinationSuccessful", func(t *testing.T) { existingApp := v1alpha1.Application{ @@ -177,7 +177,7 @@ func TestProjectServer(t *testing.T) { t.Run("TestCreateRolePolicySuccessfully", func(t *testing.T) { action := "create" - object := "testObject" + object := "testApplication" roleName := "testRole" projWithRole := existingProj.DeepCopy() @@ -197,7 +197,7 @@ func TestProjectServer(t *testing.T) { t.Run("TestValidatePolicyDuplicatePolicyFailure", func(t *testing.T) { action := "create" - object := "testObject" + object := "testApplication" roleName := "testRole" projWithRole := existingProj.DeepCopy() @@ -216,10 +216,9 @@ func TestProjectServer(t *testing.T) { t.Run("TestValidateProjectAccessToSeparateProjectObjectFailure", func(t *testing.T) { action := "create" - object := "testObject" + object := "testApplication" roleName := "testRole" otherProject := "other-project" - policyTemplate := "p, proj:%s:%s, projects, %s, %s/%s" projWithRole := existingProj.DeepCopy() role := v1alpha1.ProjectRole{Name: roleName, JwtToken: &v1alpha1.JwtToken{CreatedAt: 1}} @@ -230,16 +229,15 @@ func TestProjectServer(t *testing.T) { projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithRole), enforcer, util.NewKeyLock(), nil) request := &ProjectUpdateRequest{Project: projWithRole} _, err := projectServer.Update(context.Background(), request) - expectedErr := fmt.Sprintf("rpc error: code = InvalidArgument desc = incorrect policy format for '%s' as policies can't grant access to other roles or projects", policy) + expectedErr := fmt.Sprintf("rpc error: code = InvalidArgument desc = incorrect policy format for '%s' as policies can't grant access to other projects", policy) assert.EqualError(t, err, expectedErr) }) t.Run("TestValidateProjectIncorrectProjectInRoleFailure", func(t *testing.T) { action := "create" - object := "testObject" + object := "testApplication" roleName := "testRole" otherProject := "other-project" - policyTemplate := "p, proj:%s:%s, projects, %s, %s/%s" projWithRole := existingProj.DeepCopy() role := v1alpha1.ProjectRole{Name: roleName, JwtToken: &v1alpha1.JwtToken{CreatedAt: 1}} @@ -256,9 +254,8 @@ func TestProjectServer(t *testing.T) { t.Run("TestValidateProjectIncorrectTokenInRoleFailure", func(t *testing.T) { action := "create" - object := "testObject" + object := "testApplication" roleName := "testRole" - policyTemplate := "p, proj:%s:%s, projects, %s, %s/%s" otherToken := "other-token" projWithRole := existingProj.DeepCopy() diff --git a/server/server_test.go b/server/server_test.go index 1346787e9de2e..50e61d26eaf52 100644 --- a/server/server_test.go +++ b/server/server_test.go @@ -9,6 +9,7 @@ import ( apps "github.com/argoproj/argo-cd/pkg/client/clientset/versioned/fake" "github.com/argoproj/argo-cd/util/rbac" jwt "github.com/dgrijalva/jwt-go" + log "github.com/sirupsen/logrus" "github.com/stretchr/testify/assert" apiv1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -111,6 +112,39 @@ func TestEnforceJwtToken(t *testing.T) { assert.False(t, s.enf.EnforceClaims(claims, "projects", "get", projectName)) }) } + +func TestEnforceClaims(t *testing.T) { + kubeclientset := fake.NewSimpleClientset(fakeConfigMap()) + + enf := rbac.NewEnforcer(kubeclientset, fakeNamespace, common.ArgoCDConfigMapName, nil) + enf.SetBuiltinPolicy(box.String(builtinPolicyFile)) + enf.SetClaimsEnforcerFunc(defaultEnforceClaims(enf, nil, fakeNamespace)) + policy := ` +g, org2:team2, role:admin +g, bob, role:admin +` + enf.SetUserPolicy(policy) + allowed := []jwt.Claims{ + jwt.MapClaims{"groups": []string{"org1:team1", "org2:team2"}}, + jwt.StandardClaims{Subject: "admin"}, + } + for _, c := range allowed { + if !assert.True(t, enf.EnforceClaims(c, "applications", "delete", "foo/obj")) { + log.Errorf("%v: expected true, got false", c) + } + } + + disallowed := []jwt.Claims{ + jwt.MapClaims{"groups": []string{"org3:team3"}}, + jwt.StandardClaims{Subject: "nobody"}, + } + for _, c := range disallowed { + if !assert.False(t, enf.EnforceClaims(c, "applications", "delete", "foo/obj")) { + log.Errorf("%v: expected true, got false", c) + } + } +} + func TestDefaultRoleWithClaims(t *testing.T) { kubeclientset := fake.NewSimpleClientset() enf := rbac.NewEnforcer(kubeclientset, fakeNamespace, common.ArgoCDConfigMapName, nil) diff --git a/util/rbac/rbac_test.go b/util/rbac/rbac_test.go index 382482d4eb0bb..5f12b673844c2 100644 --- a/util/rbac/rbac_test.go +++ b/util/rbac/rbac_test.go @@ -5,7 +5,6 @@ import ( "testing" "time" - jwt "github.com/dgrijalva/jwt-go" "github.com/gobuffalo/packr" log "github.com/sirupsen/logrus" "github.com/stretchr/testify/assert" @@ -210,36 +209,6 @@ g, alice, role:foo-readonly assert.False(t, enf.Enforce("bob", "applications", "get", "foo/obj")) } -func TestEnforceClaims(t *testing.T) { - kubeclientset := fake.NewSimpleClientset(fakeConfigMap()) - enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfgMapName, nil) - enf.SetBuiltinPolicy(box.String(builtinPolicyFile)) - policy := ` -g, org2:team2, role:admin -g, bob, role:admin -` - enf.SetUserPolicy(policy) - allowed := []jwt.Claims{ - jwt.MapClaims{"groups": []string{"org1:team1", "org2:team2"}}, - jwt.StandardClaims{Subject: "admin"}, - } - for _, c := range allowed { - if !assert.True(t, enf.EnforceClaims(c, "applications", "delete", "foo/obj")) { - log.Errorf("%v: expected true, got false", c) - } - } - - disallowed := []jwt.Claims{ - jwt.MapClaims{"groups": []string{"org3:team3"}}, - jwt.StandardClaims{Subject: "nobody"}, - } - for _, c := range disallowed { - if !assert.False(t, enf.EnforceClaims(c, "applications", "delete", "foo/obj")) { - log.Errorf("%v: expected true, got false", c) - } - } -} - // TestDefaultRole tests the ability to set a default role func TestDefaultRole(t *testing.T) { kubeclientset := fake.NewSimpleClientset() From 07e94dda2df674921049fcdc659fe61a9e4fdae0 Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Wed, 8 Aug 2018 10:58:55 -0700 Subject: [PATCH 16/43] Move GetRoleIndexByName to a util lib --- cmd/argocd/commands/project.go | 5 ++-- pkg/apis/application/v1alpha1/types.go | 11 ------- server/project/project.go | 5 ++-- server/server.go | 40 +++++++++++++------------- util/project/util.go | 14 +++++++++ 5 files changed, 40 insertions(+), 35 deletions(-) create mode 100644 util/project/util.go diff --git a/cmd/argocd/commands/project.go b/cmd/argocd/commands/project.go index 5b4d865213f0e..e84003d0fc01e 100644 --- a/cmd/argocd/commands/project.go +++ b/cmd/argocd/commands/project.go @@ -19,6 +19,7 @@ import ( "github.com/argoproj/argo-cd/server/project" "github.com/argoproj/argo-cd/util" "github.com/argoproj/argo-cd/util/git" + projectUtil "github.com/argoproj/argo-cd/util/project" "github.com/spf13/pflag" "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -134,7 +135,7 @@ func NewProjectAddRolePolicyCommand(clientOpts *argocdclient.ClientOptions) *cob proj, err := projIf.Get(context.Background(), &project.ProjectQuery{Name: projName}) errors.CheckError(err) - roleIndex, err := proj.GetRoleIndexByName(roleName) + roleIndex, err := projectUtil.GetRoleIndexByName(proj, roleName) if err != nil { log.Fatal(err) } @@ -185,7 +186,7 @@ func NewProjectRemoveRolePolicyCommand(clientOpts *argocdclient.ClientOptions) * proj, err := projIf.Get(context.Background(), &project.ProjectQuery{Name: projName}) errors.CheckError(err) - roleIndex, err := proj.GetRoleIndexByName(roleName) + roleIndex, err := projectUtil.GetRoleIndexByName(proj, roleName) if err != nil { log.Fatal(err) } diff --git a/pkg/apis/application/v1alpha1/types.go b/pkg/apis/application/v1alpha1/types.go index 56444384a0ee3..323c60d821659 100644 --- a/pkg/apis/application/v1alpha1/types.go +++ b/pkg/apis/application/v1alpha1/types.go @@ -2,7 +2,6 @@ package v1alpha1 import ( "encoding/json" - "fmt" "reflect" "strings" @@ -467,16 +466,6 @@ type AppProjectSpec struct { Roles []ProjectRole `json:"roles,omitempty" protobuf:"bytes,4,rep,name=roles"` } -// GetRoleIndexByName looks up the index of a role in a project by the name -func (proj *AppProject) GetRoleIndexByName(name string) (int, error) { - for i, role := range proj.Spec.Roles { - if name == role.Name { - return i, nil - } - } - return -1, fmt.Errorf("role '%s' does not exist in project '%s'", name, proj.Name) -} - // ProjectRole represents a role that has access to a project type ProjectRole struct { Name string `json:"name" protobuf:"bytes,1,opt,name=name"` diff --git a/server/project/project.go b/server/project/project.go index 0e0c75eda614c..36287b61da257 100644 --- a/server/project/project.go +++ b/server/project/project.go @@ -14,6 +14,7 @@ import ( "github.com/argoproj/argo-cd/util/git" "github.com/argoproj/argo-cd/util/grpc" jwtUtil "github.com/argoproj/argo-cd/util/jwt" + projectUtil "github.com/argoproj/argo-cd/util/project" "github.com/argoproj/argo-cd/util/rbac" "github.com/argoproj/argo-cd/util/session" "google.golang.org/grpc/codes" @@ -63,7 +64,7 @@ func (s *Server) CreateToken(ctx context.Context, q *ProjectTokenCreateRequest) s.projectLock.Lock(q.Project) defer s.projectLock.Unlock(q.Project) - _, err = project.GetRoleIndexByName(q.Token) + _, err = projectUtil.GetRoleIndexByName(project, q.Token) if err == nil { return nil, status.Errorf(codes.AlreadyExists, "'%s' token already exist for project '%s'", q.Token, q.Project) } @@ -293,7 +294,7 @@ func (s *Server) DeleteToken(ctx context.Context, q *ProjectTokenDeleteRequest) s.projectLock.Lock(q.Project) defer s.projectLock.Unlock(q.Project) - index, err := project.GetRoleIndexByName(q.Token) + index, err := projectUtil.GetRoleIndexByName(project, q.Token) if err != nil { return nil, err } diff --git a/server/server.go b/server/server.go index 077f40b23a471..14bc709e31875 100644 --- a/server/server.go +++ b/server/server.go @@ -12,25 +12,6 @@ import ( "strings" "time" - jwtUtil "github.com/argoproj/argo-cd/util/jwt" - jwt "github.com/dgrijalva/jwt-go" - "github.com/gobuffalo/packr" - golang_proto "github.com/golang/protobuf/proto" - "github.com/grpc-ecosystem/go-grpc-middleware" - "github.com/grpc-ecosystem/go-grpc-middleware/auth" - "github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus" - "github.com/grpc-ecosystem/grpc-gateway/runtime" - log "github.com/sirupsen/logrus" - "github.com/soheilhy/cmux" - "google.golang.org/grpc" - "google.golang.org/grpc/codes" - "google.golang.org/grpc/credentials" - "google.golang.org/grpc/metadata" - "google.golang.org/grpc/reflection" - "google.golang.org/grpc/status" - "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/client-go/kubernetes" - "github.com/argoproj/argo-cd" "github.com/argoproj/argo-cd/common" "github.com/argoproj/argo-cd/errors" @@ -51,14 +32,33 @@ import ( dexutil "github.com/argoproj/argo-cd/util/dex" grpc_util "github.com/argoproj/argo-cd/util/grpc" jsonutil "github.com/argoproj/argo-cd/util/json" + jwtUtil "github.com/argoproj/argo-cd/util/jwt" + projectUtil "github.com/argoproj/argo-cd/util/project" "github.com/argoproj/argo-cd/util/rbac" util_session "github.com/argoproj/argo-cd/util/session" settings_util "github.com/argoproj/argo-cd/util/settings" "github.com/argoproj/argo-cd/util/swagger" tlsutil "github.com/argoproj/argo-cd/util/tls" "github.com/argoproj/argo-cd/util/webhook" + jwt "github.com/dgrijalva/jwt-go" + "github.com/gobuffalo/packr" + golang_proto "github.com/golang/protobuf/proto" + "github.com/grpc-ecosystem/go-grpc-middleware" + "github.com/grpc-ecosystem/go-grpc-middleware/auth" + "github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus" + "github.com/grpc-ecosystem/grpc-gateway/runtime" + log "github.com/sirupsen/logrus" + "github.com/soheilhy/cmux" netCtx "golang.org/x/net/context" + "google.golang.org/grpc" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/credentials" + "google.golang.org/grpc/metadata" + "google.golang.org/grpc/reflection" + "google.golang.org/grpc/status" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/wait" + "k8s.io/client-go/kubernetes" ) var ( @@ -640,7 +640,7 @@ func enforceJwtToken(enf *rbac.Enforcer, a appclientset.Interface, namespace str if err != nil { return false } - index, err := proj.GetRoleIndexByName(tokenName) + index, err := projectUtil.GetRoleIndexByName(proj, tokenName) if err != nil { return false } diff --git a/util/project/util.go b/util/project/util.go new file mode 100644 index 0000000000000..ebf75bf9cbd00 --- /dev/null +++ b/util/project/util.go @@ -0,0 +1,14 @@ +package project + +import "fmt" +import "github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1" + +// GetRoleIndexByName looks up the index of a role in a project by the name +func GetRoleIndexByName(proj *v1alpha1.AppProject, name string) (int, error) { + for i, role := range proj.Spec.Roles { + if name == role.Name { + return i, nil + } + } + return -1, fmt.Errorf("role '%s' does not exist in project '%s'", name, proj.Name) +} From 369c6a18d84df39f8f8a3c6e4574b2fdf8a1a9d0 Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Wed, 8 Aug 2018 11:35:31 -0700 Subject: [PATCH 17/43] Add create/delete role commands to project cli --- cmd/argocd/commands/project.go | 69 +++++++++++++++++++++++++++++++++- server/project/project.go | 20 ++++++---- server/project/project_test.go | 14 ++++--- 3 files changed, 87 insertions(+), 16 deletions(-) diff --git a/cmd/argocd/commands/project.go b/cmd/argocd/commands/project.go index e84003d0fc01e..3c73222e3f6bc 100644 --- a/cmd/argocd/commands/project.go +++ b/cmd/argocd/commands/project.go @@ -74,6 +74,8 @@ func NewProjectCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { }, } roleCommand.AddCommand(NewProjectListRolesCommand(clientOpts)) + roleCommand.AddCommand(NewProjectCreateRoleCommand(clientOpts)) + roleCommand.AddCommand(NewProjectDeleteRoleCommand(clientOpts)) roleCommand.AddCommand(NewProjectCreateTokenCommand(clientOpts)) roleCommand.AddCommand(NewProjectDeleteTokenCommand(clientOpts)) roleCommand.AddCommand(NewProjectAddRolePolicyCommand(clientOpts)) @@ -141,7 +143,7 @@ func NewProjectAddRolePolicyCommand(clientOpts *argocdclient.ClientOptions) *cob } role := proj.Spec.Roles[roleIndex] - policyTemplate := "p, proj:%s:%s, projects, %s, %s/%s" + policyTemplate := "p, proj:%s:%s, applications, %s, %s/%s" policy := fmt.Sprintf(policyTemplate, proj.Name, role.Name, opts.action, proj.Name, opts.object) proj.Spec.Roles[roleIndex].Policies = append(role.Policies, policy) @@ -214,6 +216,68 @@ func NewProjectRemoveRolePolicyCommand(clientOpts *argocdclient.ClientOptions) * return command } +// NewProjectCreateRoleCommand returns a new instance of an `argocd proj role create` command +func NewProjectCreateRoleCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { + var command = &cobra.Command{ + Use: "create PROJECT ROLE-NAME", + Short: "Create a project role", + Run: func(c *cobra.Command, args []string) { + if len(args) != 2 { + c.HelpFunc()(c, args) + os.Exit(1) + } + projName := args[0] + roleName := args[1] + conn, projIf := argocdclient.NewClientOrDie(clientOpts).NewProjectClientOrDie() + defer util.Close(conn) + + proj, err := projIf.Get(context.Background(), &project.ProjectQuery{Name: projName}) + errors.CheckError(err) + + _, err = projectUtil.GetRoleIndexByName(proj, roleName) + if err == nil { + log.Fatal("Role '%s' already exists for '%s'", roleName, projName) + } + proj.Spec.Roles = append(proj.Spec.Roles, v1alpha1.ProjectRole{Name: roleName}) + + _, err = projIf.Update(context.Background(), &project.ProjectUpdateRequest{Project: proj}) + errors.CheckError(err) + }, + } + return command +} + +// NewProjectDeleteRoleCommand returns a new instance of an `argocd proj role delete` command +func NewProjectDeleteRoleCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { + var command = &cobra.Command{ + Use: "delete PROJECT ROLE-NAME", + Short: "Delete a project role", + Run: func(c *cobra.Command, args []string) { + if len(args) != 2 { + c.HelpFunc()(c, args) + os.Exit(1) + } + projName := args[0] + roleName := args[1] + conn, projIf := argocdclient.NewClientOrDie(clientOpts).NewProjectClientOrDie() + defer util.Close(conn) + + proj, err := projIf.Get(context.Background(), &project.ProjectQuery{Name: projName}) + errors.CheckError(err) + + index, err := projectUtil.GetRoleIndexByName(proj, roleName) + errors.CheckError(err) + + proj.Spec.Roles[index] = proj.Spec.Roles[len(proj.Spec.Roles)-1] + proj.Spec.Roles = proj.Spec.Roles[:len(proj.Spec.Roles)-1] + + _, err = projIf.Update(context.Background(), &project.ProjectUpdateRequest{Project: proj}) + errors.CheckError(err) + }, + } + return command +} + // NewProjectCreateTokenCommand returns a new instance of an `argocd proj role create-token` command func NewProjectCreateTokenCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { var ( @@ -264,6 +328,7 @@ func NewProjectListRolesCommand(clientOpts *argocdclient.ClientOptions) *cobra.C w := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0) fmt.Fprintf(w, "ROLE-NAME\tCREATED-AT\tPOLICIES\n") for _, role := range project.Spec.Roles { + fmt.Fprintf(w, "%s\n", role.Name) if role.JwtToken != nil { fmt.Fprintf(w, "%s\t%d\t\n", role.Name, role.JwtToken.CreatedAt) for _, policy := range role.Policies { @@ -280,7 +345,7 @@ func NewProjectListRolesCommand(clientOpts *argocdclient.ClientOptions) *cobra.C // NewProjectDeleteTokenCommand returns a new instance of an `argocd proj role delete-token` command func NewProjectDeleteTokenCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { var command = &cobra.Command{ - Use: "delete PROJECT TOKEN-NAME", + Use: "delete-token PROJECT TOKEN-NAME", Short: "Delete a project token", Run: func(c *cobra.Command, args []string) { if len(args) != 2 { diff --git a/server/project/project.go b/server/project/project.go index 36287b61da257..db8f60cf16034 100644 --- a/server/project/project.go +++ b/server/project/project.go @@ -64,9 +64,12 @@ func (s *Server) CreateToken(ctx context.Context, q *ProjectTokenCreateRequest) s.projectLock.Lock(q.Project) defer s.projectLock.Unlock(q.Project) - _, err = projectUtil.GetRoleIndexByName(project, q.Token) - if err == nil { - return nil, status.Errorf(codes.AlreadyExists, "'%s' token already exist for project '%s'", q.Token, q.Project) + index, err := projectUtil.GetRoleIndexByName(project, q.Token) + if err != nil { + return nil, status.Errorf(codes.NotFound, "project '%s' does not have role '%s'", q.Project, q.Token) + } + if project.Spec.Roles[index].JwtToken != nil { + return nil, status.Errorf(codes.AlreadyExists, "Role '%s' already has a JwtToken", q.Token) } tokenName := fmt.Sprintf(JwtTokenSubFormat, q.Project, q.Token) @@ -83,8 +86,7 @@ func (s *Server) CreateToken(ctx context.Context, q *ProjectTokenCreateRequest) return nil, err } issuedAt := jwtUtil.GetInt64Field(mapClaims, "iat") - token := v1alpha1.ProjectRole{Name: q.Token, JwtToken: &v1alpha1.JwtToken{CreatedAt: issuedAt}} - project.Spec.Roles = append(project.Spec.Roles, token) + project.Spec.Roles[index].JwtToken = &v1alpha1.JwtToken{CreatedAt: issuedAt} _, err = s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Update(project) if err != nil { return nil, err @@ -269,7 +271,7 @@ func validateProject(p *v1alpha1.AppProject) error { if _, ok := roleNames[role.Name]; !ok { roleNames[role.Name] = true } else { - return status.Errorf(codes.AlreadyExists, "role '%s' already exists", role) + return status.Errorf(codes.AlreadyExists, "can't have duplicate roles: role '%s' already exists", role) } } @@ -298,8 +300,10 @@ func (s *Server) DeleteToken(ctx context.Context, q *ProjectTokenDeleteRequest) if err != nil { return nil, err } - project.Spec.Roles[index] = project.Spec.Roles[len(project.Spec.Roles)-1] - project.Spec.Roles = project.Spec.Roles[:len(project.Spec.Roles)-1] + if project.Spec.Roles[index].JwtToken == nil { + return nil, fmt.Errorf("Role '%s' does not have a JWT token", q.Token) + } + project.Spec.Roles[index].JwtToken = nil _, err = s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Update(project) if err != nil { return nil, err diff --git a/server/project/project_test.go b/server/project/project_test.go index a0f0a2db64f63..26e4cfd1f9969 100644 --- a/server/project/project_test.go +++ b/server/project/project_test.go @@ -132,10 +132,11 @@ func TestProjectServer(t *testing.T) { t.Run("TestCreateTokenSuccesfully", func(t *testing.T) { sessionMgr := session.NewSessionManager(&settings.ArgoCDSettings{}) - projWithoutToken := existingProj.DeepCopy() - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithoutToken), enforcer, util.NewKeyLock(), sessionMgr) + projectWithRole := existingProj.DeepCopy() tokenName := "testToken" - tokenResponse, err := projectServer.CreateToken(context.Background(), &ProjectTokenCreateRequest{Project: projWithoutToken.Name, Token: tokenName, SecondsBeforeExpiry: 1}) + projectWithRole.Spec.Roles = []v1alpha1.ProjectRole{v1alpha1.ProjectRole{Name: tokenName}} + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projectWithRole), enforcer, util.NewKeyLock(), sessionMgr) + tokenResponse, err := projectServer.CreateToken(context.Background(), &ProjectTokenCreateRequest{Project: projectWithRole.Name, Token: tokenName, SecondsBeforeExpiry: 1}) assert.Nil(t, err) claims, err := sessionMgr.Parse(tokenResponse.Token) assert.Nil(t, err) @@ -143,7 +144,7 @@ func TestProjectServer(t *testing.T) { mapClaims, err := jwtUtil.MapClaims(claims) subject, ok := mapClaims["sub"].(string) assert.True(t, ok) - expectedSubject := fmt.Sprintf(JwtTokenSubFormat, projWithoutToken.Name, tokenName) + expectedSubject := fmt.Sprintf(JwtTokenSubFormat, projectWithRole.Name, tokenName) assert.Equal(t, expectedSubject, subject) assert.Nil(t, err) }) @@ -160,7 +161,8 @@ func TestProjectServer(t *testing.T) { _, err := projectServer.DeleteToken(context.Background(), &ProjectTokenDeleteRequest{Project: projWithToken.Name, Token: tokenName}) assert.Nil(t, err) projWithoutToken, err := projectServer.Get(context.Background(), &ProjectQuery{Name: projWithToken.Name}) - assert.Len(t, projWithoutToken.Spec.Roles, 0) + assert.Len(t, projWithoutToken.Spec.Roles, 1) + assert.Nil(t, projWithoutToken.Spec.Roles[0].JwtToken) }) t.Run("TestCreateDuplicateTokenFailure", func(t *testing.T) { @@ -171,7 +173,7 @@ func TestProjectServer(t *testing.T) { projWithToken.Spec.Roles = append(projWithToken.Spec.Roles, token) projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, util.NewKeyLock(), sessionMgr) _, err := projectServer.CreateToken(context.Background(), &ProjectTokenCreateRequest{Project: projWithToken.Name, Token: tokenName}) - expectedError := fmt.Sprintf("rpc error: code = AlreadyExists desc = '%s' token already exist for project '%s'", tokenName, projWithToken.Name) + expectedError := fmt.Sprintf("rpc error: code = AlreadyExists desc = Role '%s' already has a JwtToken", tokenName) assert.EqualError(t, err, expectedError) }) From 46ee59e1763e37f6fb5a85a7ab2fa4eb45eb1cfb Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Wed, 8 Aug 2018 11:51:26 -0700 Subject: [PATCH 18/43] Refactor project errors to send status instead of regular errors --- server/project/project.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/server/project/project.go b/server/project/project.go index db8f60cf16034..bc8c897fc5141 100644 --- a/server/project/project.go +++ b/server/project/project.go @@ -75,15 +75,15 @@ func (s *Server) CreateToken(ctx context.Context, q *ProjectTokenCreateRequest) tokenName := fmt.Sprintf(JwtTokenSubFormat, q.Project, q.Token) jwtToken, err := s.sessionMgr.Create(tokenName, q.SecondsBeforeExpiry) if err != nil { - return nil, err + return nil, status.Error(codes.InvalidArgument, err.Error()) } claims, err := s.sessionMgr.Parse(jwtToken) if err != nil { - return nil, err + return nil, status.Error(codes.InvalidArgument, err.Error()) } mapClaims, err := jwtUtil.MapClaims(claims) if err != nil { - return nil, err + return nil, status.Error(codes.InvalidArgument, err.Error()) } issuedAt := jwtUtil.GetInt64Field(mapClaims, "iat") project.Spec.Roles[index].JwtToken = &v1alpha1.JwtToken{CreatedAt: issuedAt} @@ -298,10 +298,10 @@ func (s *Server) DeleteToken(ctx context.Context, q *ProjectTokenDeleteRequest) index, err := projectUtil.GetRoleIndexByName(project, q.Token) if err != nil { - return nil, err + return nil, status.Error(codes.NotFound, err.Error()) } if project.Spec.Roles[index].JwtToken == nil { - return nil, fmt.Errorf("Role '%s' does not have a JWT token", q.Token) + return nil, status.Errorf(codes.NotFound, "Role '%s' does not have a JWT token", q.Token) } project.Spec.Roles[index].JwtToken = nil _, err = s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Update(project) From 4c8c3b7cf08c1160a7ba2b4a5507ba440c2058cc Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Wed, 8 Aug 2018 14:32:25 -0700 Subject: [PATCH 19/43] Fix formating --- cmd/argocd/commands/project.go | 2 +- server/project/project.go | 2 +- server/project/project_test.go | 3 ++- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/cmd/argocd/commands/project.go b/cmd/argocd/commands/project.go index 3c73222e3f6bc..5ecaf7b3cf87a 100644 --- a/cmd/argocd/commands/project.go +++ b/cmd/argocd/commands/project.go @@ -236,7 +236,7 @@ func NewProjectCreateRoleCommand(clientOpts *argocdclient.ClientOptions) *cobra. _, err = projectUtil.GetRoleIndexByName(proj, roleName) if err == nil { - log.Fatal("Role '%s' already exists for '%s'", roleName, projName) + log.Fatalf("Role '%s' already exists for '%s'", roleName, projName) } proj.Spec.Roles = append(proj.Spec.Roles, v1alpha1.ProjectRole{Name: roleName}) diff --git a/server/project/project.go b/server/project/project.go index bc8c897fc5141..52a33443b1898 100644 --- a/server/project/project.go +++ b/server/project/project.go @@ -208,7 +208,7 @@ func validateJwtToken(proj string, token string, policy string) error { func validatePolicy(proj string, policy string) error { policyComponents := strings.Split(policy, ",") if len(policyComponents) != 5 { - return status.Errorf(codes.InvalidArgument, "incorrect number of policy arguements for '%s'", policy) + return status.Errorf(codes.InvalidArgument, "incorrect number of policy arguments for '%s'", policy) } if strings.Trim(policyComponents[0], " ") != "p" { return status.Errorf(codes.InvalidArgument, "policies can only use the policy format: '%s'", policy) diff --git a/server/project/project_test.go b/server/project/project_test.go index 26e4cfd1f9969..8f0ef87918809 100644 --- a/server/project/project_test.go +++ b/server/project/project_test.go @@ -134,7 +134,7 @@ func TestProjectServer(t *testing.T) { sessionMgr := session.NewSessionManager(&settings.ArgoCDSettings{}) projectWithRole := existingProj.DeepCopy() tokenName := "testToken" - projectWithRole.Spec.Roles = []v1alpha1.ProjectRole{v1alpha1.ProjectRole{Name: tokenName}} + projectWithRole.Spec.Roles = []v1alpha1.ProjectRole{{Name: tokenName}} projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projectWithRole), enforcer, util.NewKeyLock(), sessionMgr) tokenResponse, err := projectServer.CreateToken(context.Background(), &ProjectTokenCreateRequest{Project: projectWithRole.Name, Token: tokenName, SecondsBeforeExpiry: 1}) assert.Nil(t, err) @@ -161,6 +161,7 @@ func TestProjectServer(t *testing.T) { _, err := projectServer.DeleteToken(context.Background(), &ProjectTokenDeleteRequest{Project: projWithToken.Name, Token: tokenName}) assert.Nil(t, err) projWithoutToken, err := projectServer.Get(context.Background(), &ProjectQuery{Name: projWithToken.Name}) + assert.Nil(t, err) assert.Len(t, projWithoutToken.Spec.Roles, 1) assert.Nil(t, projWithoutToken.Spec.Roles[0].JwtToken) }) From ec0fee6b8a019b1a43eee5103c757015a62bfc4c Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Wed, 8 Aug 2018 17:12:30 -0700 Subject: [PATCH 20/43] Add ability to stop multiple tokens --- cmd/argocd/commands/project.go | 33 +- pkg/apis/application/v1alpha1/generated.pb.go | 383 +++++++++--------- pkg/apis/application/v1alpha1/generated.proto | 2 +- pkg/apis/application/v1alpha1/types.go | 6 +- .../v1alpha1/zz_generated.deepcopy.go | 12 +- server/project/project.go | 27 +- server/project/project.pb.go | 158 +++++--- server/project/project.proto | 5 +- server/project/project_test.go | 35 +- server/server.go | 5 +- server/server_test.go | 4 +- server/swagger.json | 13 +- util/project/util.go | 10 + 13 files changed, 379 insertions(+), 314 deletions(-) diff --git a/cmd/argocd/commands/project.go b/cmd/argocd/commands/project.go index 5ecaf7b3cf87a..87fc36e8eeb23 100644 --- a/cmd/argocd/commands/project.go +++ b/cmd/argocd/commands/project.go @@ -2,6 +2,7 @@ package commands import ( "os" + "strconv" log "github.com/sirupsen/logrus" "github.com/spf13/cobra" @@ -194,7 +195,7 @@ func NewProjectRemoveRolePolicyCommand(clientOpts *argocdclient.ClientOptions) * } role := proj.Spec.Roles[roleIndex] - policyTemplate := "p, proj:%s:%s, projects, %s, %s/%s" + policyTemplate := "p, proj:%s:%s, applications, %s, %s/%s" policyToRemove := fmt.Sprintf(policyTemplate, proj.Name, role.Name, opts.action, proj.Name, opts.object) duplicateIndex := -1 for i, policy := range role.Policies { @@ -292,14 +293,14 @@ func NewProjectCreateTokenCommand(clientOpts *argocdclient.ClientOptions) *cobra os.Exit(1) } projName := args[0] - tokenName := args[1] + roleName := args[1] conn, projIf := argocdclient.NewClientOrDie(clientOpts).NewProjectClientOrDie() defer util.Close(conn) - token, err := projIf.CreateToken(context.Background(), &project.ProjectTokenCreateRequest{Project: projName, Token: tokenName, SecondsBeforeExpiry: secondsBeforeExpiry}) + token, err := projIf.CreateToken(context.Background(), &project.ProjectTokenCreateRequest{Project: projName, Role: roleName, SecondsBeforeExpiry: secondsBeforeExpiry}) errors.CheckError(err) w := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0) - fmt.Fprintf(w, "New token for %s-%s:\n%s\n", projName, tokenName, token) + fmt.Fprintf(w, "New token for %s-%s:\n%s\n", projName, roleName, token) fmt.Fprintf(w, "Make sure to save token as it is not stored.") _ = w.Flush() }, @@ -329,10 +330,13 @@ func NewProjectListRolesCommand(clientOpts *argocdclient.ClientOptions) *cobra.C fmt.Fprintf(w, "ROLE-NAME\tCREATED-AT\tPOLICIES\n") for _, role := range project.Spec.Roles { fmt.Fprintf(w, "%s\n", role.Name) - if role.JwtToken != nil { - fmt.Fprintf(w, "%s\t%d\t\n", role.Name, role.JwtToken.CreatedAt) - for _, policy := range role.Policies { - fmt.Fprintf(w, "%s\t%d\t%s\n", role.Name, role.JwtToken.CreatedAt, policy) + if role.JwtTokens != nil { + for _, token := range role.JwtTokens { + fmt.Fprintf(w, "%s\t%d\t\n", role.Name, token.CreatedAt) + + for _, policy := range role.Policies { + fmt.Fprintf(w, "%s\t%d\t%s\n", role.Name, token.CreatedAt, policy) + } } } } @@ -345,19 +349,24 @@ func NewProjectListRolesCommand(clientOpts *argocdclient.ClientOptions) *cobra.C // NewProjectDeleteTokenCommand returns a new instance of an `argocd proj role delete-token` command func NewProjectDeleteTokenCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { var command = &cobra.Command{ - Use: "delete-token PROJECT TOKEN-NAME", + Use: "delete-token PROJECT ROLE-NAME CREATED_AT", Short: "Delete a project token", Run: func(c *cobra.Command, args []string) { - if len(args) != 2 { + if len(args) != 3 { c.HelpFunc()(c, args) os.Exit(1) } projName := args[0] - tokenName := args[1] + roleName := args[1] + createdAt, err := strconv.ParseInt(args[2], 10, 64) + if err != nil { + log.Fatal(err) + } + conn, projIf := argocdclient.NewClientOrDie(clientOpts).NewProjectClientOrDie() defer util.Close(conn) - _, err := projIf.DeleteToken(context.Background(), &project.ProjectTokenDeleteRequest{Project: projName, Token: tokenName}) + _, err = projIf.DeleteToken(context.Background(), &project.ProjectTokenDeleteRequest{Project: projName, Role: roleName, CreatedAt: createdAt}) errors.CheckError(err) }, } diff --git a/pkg/apis/application/v1alpha1/generated.pb.go b/pkg/apis/application/v1alpha1/generated.pb.go index ed13323b27ed4..155a47485d0bb 100644 --- a/pkg/apis/application/v1alpha1/generated.pb.go +++ b/pkg/apis/application/v1alpha1/generated.pb.go @@ -1261,15 +1261,17 @@ func (m *ProjectRole) MarshalTo(dAtA []byte) (int, error) { i += copy(dAtA[i:], s) } } - if m.JwtToken != nil { - dAtA[i] = 0x1a - i++ - i = encodeVarintGenerated(dAtA, i, uint64(m.JwtToken.Size())) - n30, err := m.JwtToken.MarshalTo(dAtA[i:]) - if err != nil { - return 0, err + if len(m.JwtTokens) > 0 { + for _, msg := range m.JwtTokens { + dAtA[i] = 0x1a + i++ + i = encodeVarintGenerated(dAtA, i, uint64(msg.Size())) + n, err := msg.MarshalTo(dAtA[i:]) + if err != nil { + return 0, err + } + i += n } - i += n30 } return i, nil } @@ -1308,11 +1310,11 @@ func (m *Repository) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0x2a i++ i = encodeVarintGenerated(dAtA, i, uint64(m.ConnectionState.Size())) - n31, err := m.ConnectionState.MarshalTo(dAtA[i:]) + n30, err := m.ConnectionState.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n31 + i += n30 return i, nil } @@ -1334,11 +1336,11 @@ func (m *RepositoryList) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0xa i++ i = encodeVarintGenerated(dAtA, i, uint64(m.ListMeta.Size())) - n32, err := m.ListMeta.MarshalTo(dAtA[i:]) + n31, err := m.ListMeta.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n32 + i += n31 if len(m.Items) > 0 { for _, msg := range m.Items { dAtA[i] = 0x12 @@ -1468,11 +1470,11 @@ func (m *ResourceState) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0x2a i++ i = encodeVarintGenerated(dAtA, i, uint64(m.Health.Size())) - n33, err := m.Health.MarshalTo(dAtA[i:]) + n32, err := m.Health.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n33 + i += n32 return i, nil } @@ -1552,11 +1554,11 @@ func (m *SyncOperation) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0x22 i++ i = encodeVarintGenerated(dAtA, i, uint64(m.SyncStrategy.Size())) - n34, err := m.SyncStrategy.MarshalTo(dAtA[i:]) + n33, err := m.SyncStrategy.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n34 + i += n33 } return i, nil } @@ -1626,21 +1628,21 @@ func (m *SyncStrategy) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0xa i++ i = encodeVarintGenerated(dAtA, i, uint64(m.Apply.Size())) - n35, err := m.Apply.MarshalTo(dAtA[i:]) + n34, err := m.Apply.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n35 + i += n34 } if m.Hook != nil { dAtA[i] = 0x12 i++ i = encodeVarintGenerated(dAtA, i, uint64(m.Hook.Size())) - n36, err := m.Hook.MarshalTo(dAtA[i:]) + n35, err := m.Hook.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n36 + i += n35 } return i, nil } @@ -1689,11 +1691,11 @@ func (m *SyncStrategyHook) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0xa i++ i = encodeVarintGenerated(dAtA, i, uint64(m.SyncStrategyApply.Size())) - n37, err := m.SyncStrategyApply.MarshalTo(dAtA[i:]) + n36, err := m.SyncStrategyApply.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n37 + i += n36 return i, nil } @@ -2129,9 +2131,11 @@ func (m *ProjectRole) Size() (n int) { n += 1 + l + sovGenerated(uint64(l)) } } - if m.JwtToken != nil { - l = m.JwtToken.Size() - n += 1 + l + sovGenerated(uint64(l)) + if len(m.JwtTokens) > 0 { + for _, e := range m.JwtTokens { + l = e.Size() + n += 1 + l + sovGenerated(uint64(l)) + } } return n } @@ -2614,7 +2618,7 @@ func (this *ProjectRole) String() string { s := strings.Join([]string{`&ProjectRole{`, `Name:` + fmt.Sprintf("%v", this.Name) + `,`, `Policies:` + fmt.Sprintf("%v", this.Policies) + `,`, - `JwtToken:` + strings.Replace(fmt.Sprintf("%v", this.JwtToken), "JwtToken", "JwtToken", 1) + `,`, + `JwtTokens:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.JwtTokens), "JwtToken", "JwtToken", 1), `&`, ``, 1) + `,`, `}`, }, "") return s @@ -6331,7 +6335,7 @@ func (m *ProjectRole) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field JwtToken", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field JwtTokens", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -6355,10 +6359,8 @@ func (m *ProjectRole) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if m.JwtToken == nil { - m.JwtToken = &JwtToken{} - } - if err := m.JwtToken.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + m.JwtTokens = append(m.JwtTokens, JwtToken{}) + if err := m.JwtTokens[len(m.JwtTokens)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex @@ -8163,164 +8165,165 @@ func init() { } var fileDescriptorGenerated = []byte{ - // 2543 bytes of a gzipped FileDescriptorProto + // 2546 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xd4, 0x59, 0x4d, 0x8c, 0x1c, 0x47, - 0x15, 0x76, 0xcf, 0xdf, 0xce, 0xbc, 0xd9, 0x1f, 0xbb, 0xf2, 0xc3, 0xe2, 0x48, 0xbb, 0xab, 0x0e, - 0x3f, 0x06, 0x25, 0x33, 0xd8, 0x10, 0x08, 0x04, 0x21, 0x79, 0x66, 0xed, 0x78, 0xbd, 0xfe, 0x59, - 0x6a, 0x36, 0x41, 0x0a, 0x51, 0xa0, 0xdd, 0x53, 0x3b, 0xd3, 0x9e, 0x99, 0xee, 0x4e, 0x57, 0xcd, - 0x58, 0x23, 0x11, 0x14, 0x84, 0x90, 0xf8, 0x95, 0x40, 0x08, 0x71, 0xe5, 0xc0, 0x09, 0x21, 0x21, - 0x21, 0x4e, 0x48, 0x1c, 0xe0, 0x80, 0x7c, 0xcc, 0x01, 0x44, 0x14, 0xd0, 0x0a, 0x6f, 0x2e, 0x91, - 0x38, 0x70, 0xe2, 0x92, 0x13, 0xaa, 0x9f, 0xee, 0xaa, 0xee, 0xd9, 0x65, 0xd7, 0x9e, 0xb6, 0x81, - 0x5b, 0xf7, 0x7b, 0xaf, 0xdf, 0xf7, 0xea, 0xd5, 0xab, 0xf7, 0x53, 0x0d, 0x5b, 0x3d, 0x8f, 0xf5, - 0xc7, 0xb7, 0x1a, 0x6e, 0x30, 0x6a, 0x3a, 0x51, 0x2f, 0x08, 0xa3, 0xe0, 0xb6, 0x78, 0x78, 0xd6, - 0xed, 0x36, 0xc3, 0x41, 0xaf, 0xe9, 0x84, 0x1e, 0x6d, 0x3a, 0x61, 0x38, 0xf4, 0x5c, 0x87, 0x79, - 0x81, 0xdf, 0x9c, 0x9c, 0x77, 0x86, 0x61, 0xdf, 0x39, 0xdf, 0xec, 0x11, 0x9f, 0x44, 0x0e, 0x23, - 0xdd, 0x46, 0x18, 0x05, 0x2c, 0x40, 0x9f, 0xd5, 0xaa, 0x1a, 0xb1, 0x2a, 0xf1, 0xf0, 0x15, 0xb7, - 0xdb, 0x08, 0x07, 0xbd, 0x06, 0x57, 0xd5, 0x30, 0x54, 0x35, 0x62, 0x55, 0x67, 0x9f, 0x35, 0xac, - 0xe8, 0x05, 0xbd, 0xa0, 0x29, 0x34, 0xde, 0x1a, 0xef, 0x89, 0x37, 0xf1, 0x22, 0x9e, 0x24, 0xd2, - 0xd9, 0x4f, 0x0d, 0x9e, 0xa7, 0x0d, 0x2f, 0xe0, 0xb6, 0x8d, 0x1c, 0xb7, 0xef, 0xf9, 0x24, 0x9a, - 0x6a, 0x63, 0x47, 0x84, 0x39, 0xcd, 0xc9, 0x8c, 0x7d, 0x67, 0x9b, 0x47, 0x7d, 0x15, 0x8d, 0x7d, - 0xe6, 0x8d, 0xc8, 0xcc, 0x07, 0x9f, 0x3e, 0xee, 0x03, 0xea, 0xf6, 0xc9, 0xc8, 0x99, 0xf9, 0xee, - 0x93, 0x47, 0x7d, 0x37, 0x66, 0xde, 0xb0, 0xe9, 0xf9, 0x8c, 0xb2, 0x28, 0xfb, 0x91, 0xfd, 0x57, - 0x0b, 0xe0, 0x62, 0x18, 0xee, 0x44, 0xc1, 0x6d, 0xe2, 0x32, 0xf4, 0x55, 0xa8, 0xf2, 0x75, 0x74, - 0x1d, 0xe6, 0xac, 0x5a, 0x1b, 0xd6, 0xb9, 0xfa, 0x85, 0x4f, 0x34, 0xa4, 0xda, 0x86, 0xa9, 0x56, - 0xfb, 0x95, 0x4b, 0x37, 0x26, 0xe7, 0x1b, 0x37, 0x6f, 0xf1, 0xef, 0xaf, 0x13, 0xe6, 0xb4, 0xd0, - 0xdd, 0xfd, 0xf5, 0x53, 0x07, 0xfb, 0xeb, 0xa0, 0x69, 0x38, 0xd1, 0x8a, 0x06, 0x50, 0xa2, 0x21, - 0x71, 0x57, 0x0b, 0x42, 0xfb, 0x56, 0xe3, 0x81, 0x77, 0xaf, 0xa1, 0xcd, 0xee, 0x84, 0xc4, 0x6d, - 0x2d, 0x2a, 0xd8, 0x12, 0x7f, 0xc3, 0x02, 0xc4, 0x7e, 0xc7, 0x82, 0x65, 0x2d, 0x76, 0xcd, 0xa3, - 0x0c, 0xbd, 0x3a, 0xb3, 0xc2, 0xc6, 0xc9, 0x56, 0xc8, 0xbf, 0x16, 0xeb, 0x3b, 0xad, 0x80, 0xaa, - 0x31, 0xc5, 0x58, 0xdd, 0x6d, 0x28, 0x7b, 0x8c, 0x8c, 0xe8, 0x6a, 0x61, 0xa3, 0x78, 0xae, 0x7e, - 0xe1, 0x52, 0x2e, 0xcb, 0x6b, 0x2d, 0x29, 0xc4, 0xf2, 0x16, 0xd7, 0x8d, 0x25, 0x84, 0xfd, 0xaf, - 0x82, 0xb9, 0x38, 0xbe, 0x6a, 0x74, 0x1e, 0xea, 0x34, 0x18, 0x47, 0x2e, 0xc1, 0x24, 0x0c, 0xe8, - 0xaa, 0xb5, 0x51, 0x3c, 0x57, 0x6b, 0xad, 0x1c, 0xec, 0xaf, 0xd7, 0x3b, 0x9a, 0x8c, 0x4d, 0x19, - 0xf4, 0x3d, 0x0b, 0x16, 0xbb, 0x84, 0x32, 0xcf, 0x17, 0xf8, 0xb1, 0xe5, 0x5f, 0x9c, 0xcf, 0xf2, - 0x98, 0xb8, 0xa9, 0x35, 0xb7, 0x1e, 0x57, 0xab, 0x58, 0x34, 0x88, 0x14, 0xa7, 0xc0, 0xd1, 0x73, - 0x50, 0xef, 0x12, 0xea, 0x46, 0x5e, 0xc8, 0xdf, 0x57, 0x8b, 0x1b, 0xd6, 0xb9, 0x5a, 0xeb, 0x31, - 0xf5, 0x61, 0x7d, 0x53, 0xb3, 0xb0, 0x29, 0x87, 0x06, 0x50, 0x8e, 0x82, 0x21, 0xa1, 0xab, 0x25, - 0x61, 0xfc, 0xe5, 0x39, 0x8c, 0x57, 0xee, 0xc4, 0xc1, 0x90, 0x68, 0xbf, 0xf3, 0x37, 0x8a, 0x25, - 0x86, 0xfd, 0xc7, 0x22, 0xd4, 0x8d, 0x25, 0x3e, 0x82, 0x33, 0x33, 0x4c, 0x9d, 0x99, 0xab, 0xf9, - 0x6c, 0xcd, 0x51, 0x87, 0x06, 0x31, 0xa8, 0x50, 0xe6, 0xb0, 0x31, 0x15, 0xee, 0xaf, 0x5f, 0xb8, - 0x96, 0x13, 0x9e, 0xd0, 0xd9, 0x5a, 0x56, 0x88, 0x15, 0xf9, 0x8e, 0x15, 0x16, 0x7a, 0x1d, 0x6a, - 0x41, 0xc8, 0x53, 0x13, 0xdf, 0xf7, 0x92, 0x00, 0xde, 0x9c, 0x03, 0xf8, 0x66, 0xac, 0xab, 0xb5, - 0x74, 0xb0, 0xbf, 0x5e, 0x4b, 0x5e, 0xb1, 0x46, 0xb1, 0x5d, 0x78, 0xdc, 0xb0, 0xaf, 0x1d, 0xf8, - 0x5d, 0x4f, 0x6c, 0xe8, 0x06, 0x94, 0xd8, 0x34, 0x24, 0x62, 0x33, 0x6b, 0xda, 0x45, 0xbb, 0xd3, - 0x90, 0x60, 0xc1, 0x41, 0x1f, 0x83, 0x85, 0x11, 0xa1, 0xd4, 0xe9, 0x11, 0xb1, 0x27, 0xb5, 0xd6, - 0x8a, 0x12, 0x5a, 0xb8, 0x2e, 0xc9, 0x38, 0xe6, 0xdb, 0xaf, 0xc3, 0x93, 0x87, 0x9f, 0x07, 0xf4, - 0x11, 0xa8, 0x50, 0x12, 0x4d, 0x48, 0xa4, 0x80, 0xb4, 0x67, 0x04, 0x15, 0x2b, 0x2e, 0x6a, 0x42, - 0xcd, 0x77, 0x46, 0x84, 0x86, 0x8e, 0x1b, 0xc3, 0x9d, 0x51, 0xa2, 0xb5, 0x1b, 0x31, 0x03, 0x6b, - 0x19, 0xfb, 0x6f, 0x16, 0xac, 0x18, 0x98, 0x8f, 0x20, 0xed, 0x0d, 0xd2, 0x69, 0xef, 0x72, 0x3e, - 0x11, 0x73, 0x44, 0xde, 0xfb, 0x7d, 0x11, 0xce, 0x98, 0x71, 0x25, 0x92, 0x19, 0xdf, 0x92, 0x88, - 0x84, 0xc1, 0x4b, 0xf8, 0x9a, 0x72, 0x67, 0xb2, 0x25, 0x58, 0x92, 0x71, 0xcc, 0xe7, 0xfb, 0x1b, - 0x3a, 0xac, 0xaf, 0x7c, 0x99, 0xec, 0xef, 0x8e, 0xc3, 0xfa, 0x58, 0x70, 0x78, 0x1a, 0x22, 0xfe, - 0xc4, 0x8b, 0x02, 0x7f, 0x44, 0x7c, 0x96, 0x4d, 0x43, 0x97, 0x34, 0x0b, 0x9b, 0x72, 0xe8, 0x0b, - 0xb0, 0xcc, 0x9c, 0xa8, 0x47, 0x18, 0x26, 0x13, 0x8f, 0xc6, 0x81, 0x5c, 0x6b, 0x3d, 0xa9, 0xbe, - 0x5c, 0xde, 0x4d, 0x71, 0x71, 0x46, 0x1a, 0xfd, 0xc6, 0x82, 0xa7, 0xdc, 0x60, 0x14, 0x06, 0x3e, - 0xf1, 0xd9, 0x8e, 0x13, 0x39, 0x23, 0xc2, 0x48, 0x74, 0x73, 0x42, 0xa2, 0xc8, 0xeb, 0x12, 0xba, - 0x5a, 0x16, 0xde, 0xbd, 0x3e, 0x87, 0x77, 0xdb, 0x33, 0xda, 0x5b, 0x4f, 0x2b, 0xe3, 0x9e, 0x6a, - 0x1f, 0x8d, 0x8c, 0xff, 0x93, 0x59, 0xbc, 0xea, 0x4c, 0x9c, 0xe1, 0x98, 0xd0, 0xcb, 0x1e, 0xcf, - 0xc1, 0x15, 0x5d, 0x75, 0x5e, 0xd6, 0x64, 0x6c, 0xca, 0xd8, 0xbf, 0x2b, 0xa4, 0x42, 0xb4, 0x13, - 0xe7, 0x1d, 0xb1, 0x97, 0x2a, 0x40, 0xf3, 0xca, 0x3b, 0x42, 0xa7, 0x71, 0xba, 0x64, 0xf1, 0x53, - 0x58, 0xe8, 0xdb, 0x96, 0x28, 0x39, 0xf1, 0xa9, 0x54, 0x39, 0xf6, 0x21, 0x94, 0x3f, 0xb3, 0x8a, - 0xc5, 0x44, 0x6c, 0x42, 0xf3, 0x10, 0x0e, 0x65, 0xf5, 0x51, 0x11, 0x97, 0x84, 0x70, 0x5c, 0x94, - 0x62, 0xbe, 0xfd, 0xb3, 0x4a, 0xfa, 0x0c, 0xc8, 0x1c, 0xfa, 0x23, 0x0b, 0x4e, 0xf3, 0x8d, 0x72, - 0x22, 0x8f, 0x06, 0x3e, 0x26, 0x74, 0x3c, 0x64, 0xca, 0x99, 0xdb, 0x73, 0x06, 0x8d, 0xa9, 0xb2, - 0xb5, 0xaa, 0xec, 0x3a, 0x9d, 0xe5, 0xe0, 0x19, 0x78, 0xc4, 0x60, 0xa1, 0xef, 0x51, 0x16, 0x44, - 0x53, 0x95, 0x1c, 0xe6, 0x69, 0xf9, 0x36, 0x49, 0x38, 0x0c, 0xa6, 0xfc, 0xac, 0x6d, 0xf9, 0x7b, - 0x81, 0xf6, 0xcf, 0x15, 0x89, 0x80, 0x63, 0x28, 0xf4, 0x0d, 0x0b, 0x20, 0x8c, 0x23, 0x95, 0x17, - 0xb2, 0x87, 0x70, 0x70, 0x92, 0x9a, 0x9d, 0x90, 0x28, 0x36, 0x40, 0x51, 0x00, 0x95, 0x3e, 0x71, - 0x86, 0xac, 0xaf, 0xca, 0xd9, 0x8b, 0x73, 0xc0, 0x5f, 0x11, 0x8a, 0xb2, 0x25, 0x54, 0x52, 0xb1, - 0x82, 0x41, 0xdf, 0xb2, 0x60, 0x39, 0xa9, 0x6e, 0x5c, 0x96, 0xac, 0x96, 0xe7, 0xee, 0xb2, 0x6f, - 0xa6, 0x14, 0xb6, 0x10, 0x4f, 0x63, 0x69, 0x1a, 0xce, 0x80, 0xa2, 0x6f, 0x5a, 0x00, 0x6e, 0x5c, - 0x4d, 0x65, 0x3e, 0xa8, 0x5f, 0xb8, 0x99, 0xcf, 0x89, 0x4a, 0xaa, 0xb4, 0x76, 0x7f, 0x42, 0xa2, - 0xd8, 0x80, 0xb5, 0xdf, 0xb5, 0xe0, 0x09, 0xe3, 0xc3, 0x2f, 0x39, 0xcc, 0xed, 0x5f, 0x9a, 0xf0, - 0x34, 0xbd, 0x9d, 0xaa, 0xef, 0x9f, 0x31, 0xeb, 0xfb, 0xfb, 0xfb, 0xeb, 0x1f, 0x3d, 0x6a, 0x8c, - 0xba, 0xc3, 0x35, 0x34, 0x84, 0x0a, 0xa3, 0x15, 0x78, 0x03, 0xea, 0x86, 0xcd, 0x2a, 0x7d, 0xe4, - 0x55, 0x00, 0x93, 0x9c, 0x61, 0x10, 0xb1, 0x89, 0x67, 0xff, 0xb9, 0x00, 0x0b, 0xed, 0xe1, 0x98, - 0x32, 0x12, 0x9d, 0xb8, 0xa1, 0xd8, 0x80, 0x12, 0x6f, 0x16, 0xb2, 0xf5, 0x8f, 0xf7, 0x12, 0x58, - 0x70, 0x50, 0x08, 0x15, 0x37, 0xf0, 0xf7, 0xbc, 0x9e, 0x6a, 0x01, 0xaf, 0xcc, 0x73, 0x72, 0xa4, - 0x75, 0x6d, 0xa1, 0x4f, 0xdb, 0x24, 0xdf, 0xb1, 0xc2, 0x41, 0x3f, 0xb0, 0x60, 0xc5, 0x0d, 0x7c, - 0x9f, 0xb8, 0x3a, 0x78, 0x4b, 0x73, 0xb7, 0xbb, 0xed, 0xb4, 0xc6, 0xd6, 0x07, 0x14, 0xfa, 0x4a, - 0x86, 0x81, 0xb3, 0xd8, 0xf6, 0xaf, 0x0b, 0xb0, 0x94, 0xb2, 0x1c, 0x3d, 0x03, 0xd5, 0x31, 0x25, - 0x91, 0xf0, 0x9c, 0xf4, 0x6f, 0xd2, 0x11, 0xbd, 0xa4, 0xe8, 0x38, 0x91, 0xe0, 0xd2, 0xa1, 0x43, - 0xe9, 0x9d, 0x20, 0xea, 0x2a, 0x3f, 0x27, 0xd2, 0x3b, 0x8a, 0x8e, 0x13, 0x09, 0xde, 0x6f, 0xdc, - 0x22, 0x4e, 0x44, 0xa2, 0xdd, 0x60, 0x40, 0x66, 0xc6, 0x9e, 0x96, 0x66, 0x61, 0x53, 0x4e, 0x38, - 0x8d, 0x0d, 0x69, 0x7b, 0xe8, 0x11, 0x9f, 0x49, 0x33, 0x73, 0x70, 0xda, 0xee, 0xb5, 0x8e, 0xa9, - 0x51, 0x3b, 0x2d, 0xc3, 0xc0, 0x59, 0x6c, 0xfb, 0x4f, 0x16, 0xd4, 0x95, 0xd3, 0x1e, 0x41, 0xd3, - 0xd9, 0x4b, 0x37, 0x9d, 0xad, 0xf9, 0x63, 0xf4, 0x88, 0x86, 0xf3, 0x97, 0x45, 0x98, 0xa9, 0x74, - 0xe8, 0x35, 0x9e, 0xe3, 0x38, 0x8d, 0x74, 0x2f, 0xc6, 0x45, 0xf6, 0xe3, 0x27, 0x5b, 0xdd, 0xae, - 0x37, 0x22, 0x66, 0xfa, 0x8a, 0xb5, 0x60, 0x43, 0x23, 0x7a, 0xd3, 0xd2, 0x00, 0xbb, 0x81, 0xca, - 0x2b, 0xf9, 0xb6, 0x44, 0x33, 0x26, 0xec, 0x06, 0xd8, 0xc0, 0x44, 0x9f, 0x4b, 0x06, 0xc1, 0xb2, - 0x08, 0x48, 0x3b, 0x3d, 0xba, 0xbd, 0x9f, 0x6a, 0x00, 0x32, 0xe3, 0xdc, 0x14, 0x6a, 0x11, 0x91, - 0x2d, 0x56, 0x5c, 0x01, 0xe6, 0x49, 0x22, 0x58, 0xe9, 0x92, 0xc7, 0x38, 0x19, 0x7f, 0x62, 0x32, - 0xc5, 0x1a, 0xcd, 0xfe, 0xbe, 0x05, 0x68, 0xb6, 0x5c, 0xf3, 0x31, 0x2a, 0x69, 0x62, 0xd5, 0x01, - 0x4e, 0xf4, 0x24, 0xe2, 0x58, 0xcb, 0x9c, 0x20, 0x4d, 0x3e, 0x0d, 0x65, 0xd1, 0xd4, 0xaa, 0x03, - 0x9b, 0x44, 0x8f, 0x68, 0x7b, 0xb1, 0xe4, 0xd9, 0x7f, 0xb0, 0x20, 0x9b, 0x6e, 0x44, 0xa6, 0x96, - 0x9e, 0xcd, 0x66, 0xea, 0xb4, 0x17, 0x4f, 0x3e, 0x67, 0xa2, 0x57, 0xa1, 0xee, 0x30, 0x46, 0x46, - 0x21, 0x13, 0x01, 0x59, 0xbc, 0xef, 0x80, 0x5c, 0xe6, 0x91, 0x70, 0x3d, 0xe8, 0x7a, 0x7b, 0x9e, - 0x08, 0x46, 0x53, 0x9d, 0xfd, 0x5e, 0x11, 0x96, 0xd3, 0xcd, 0x17, 0x1a, 0x43, 0x45, 0x34, 0x3b, - 0xf2, 0x9a, 0x29, 0xf7, 0xee, 0x2a, 0x71, 0x89, 0x20, 0x51, 0xac, 0xc0, 0x78, 0x62, 0x8d, 0xe2, - 0xe9, 0x2a, 0x93, 0x58, 0x93, 0xb9, 0x2a, 0x91, 0x38, 0x76, 0xa2, 0x2a, 0xfe, 0x6f, 0x4e, 0x54, - 0xaf, 0x01, 0x74, 0x85, 0xb7, 0xc5, 0x5e, 0x96, 0x1e, 0x3c, 0xb9, 0x6c, 0x26, 0x5a, 0xb0, 0xa1, - 0x11, 0x9d, 0x85, 0x82, 0xd7, 0x15, 0xa7, 0xba, 0xd8, 0x02, 0x25, 0x5b, 0xd8, 0xda, 0xc4, 0x05, - 0xaf, 0x6b, 0x53, 0x58, 0x34, 0xbb, 0xcd, 0x13, 0xc7, 0xea, 0x0b, 0xb0, 0x24, 0x9f, 0x36, 0x09, - 0x73, 0xbc, 0x21, 0x55, 0xbb, 0xf3, 0x84, 0x12, 0x5f, 0xea, 0x98, 0x4c, 0x9c, 0x96, 0xb5, 0x7f, - 0x5a, 0x00, 0xb8, 0x12, 0x04, 0x03, 0x85, 0x19, 0x1f, 0x3d, 0xeb, 0xc8, 0xa3, 0xb7, 0x01, 0xa5, - 0x81, 0xe7, 0x77, 0xb3, 0x87, 0x73, 0xdb, 0xf3, 0xbb, 0x58, 0x70, 0xd0, 0x05, 0x00, 0x27, 0xf4, - 0x5e, 0x26, 0x11, 0xd5, 0x37, 0x89, 0x89, 0x5f, 0x2e, 0xee, 0x6c, 0x29, 0x0e, 0x36, 0xa4, 0xd0, - 0x33, 0xaa, 0x33, 0x94, 0x63, 0xfb, 0x6a, 0xa6, 0x33, 0xac, 0x72, 0x0b, 0x8d, 0xd6, 0xef, 0xf9, - 0x4c, 0x7e, 0xdc, 0x98, 0xc9, 0x8f, 0xba, 0x53, 0xde, 0xe9, 0x3b, 0x94, 0x1c, 0x76, 0xae, 0x2b, - 0xc7, 0xdc, 0x1f, 0xbd, 0x00, 0xd5, 0xab, 0x77, 0x98, 0xac, 0xf7, 0x3c, 0x85, 0x45, 0xc4, 0xd1, - 0x27, 0xbc, 0x68, 0xa4, 0xb0, 0x98, 0x81, 0xb5, 0x8c, 0xfd, 0x0f, 0x0b, 0xf4, 0xd5, 0x17, 0xda, - 0x83, 0x12, 0x9d, 0xfa, 0xae, 0x2a, 0x56, 0xf3, 0xa4, 0xe3, 0xce, 0xd4, 0x77, 0xf5, 0x0d, 0x5b, - 0x55, 0x5c, 0x20, 0x4e, 0x7d, 0x17, 0x0b, 0xfd, 0x68, 0x02, 0xd5, 0x28, 0x18, 0x0e, 0x6f, 0x39, - 0xee, 0x20, 0x87, 0xba, 0x85, 0x95, 0x2a, 0x8d, 0xb7, 0x28, 0x0e, 0xbb, 0x22, 0xe3, 0x04, 0xcb, - 0xfe, 0x55, 0x19, 0x32, 0xa3, 0x09, 0x1a, 0x9b, 0xb7, 0x8a, 0x56, 0x8e, 0xb7, 0x8a, 0x89, 0xdf, - 0x0f, 0xbb, 0x59, 0x44, 0xcf, 0x41, 0x39, 0xe4, 0x1b, 0xae, 0xc2, 0x73, 0x3d, 0x2e, 0x0c, 0x22, - 0x0a, 0x0e, 0x89, 0x0b, 0x29, 0x6d, 0x86, 0x45, 0xf1, 0x98, 0x74, 0xff, 0x75, 0x00, 0xee, 0x6b, - 0x35, 0xe3, 0xcb, 0x0c, 0x71, 0x23, 0xaf, 0x1d, 0x55, 0x63, 0xbe, 0xa8, 0x08, 0x9d, 0x04, 0x05, - 0x1b, 0x88, 0xe8, 0xbb, 0x16, 0x2c, 0xc7, 0x8e, 0x57, 0x46, 0x94, 0x1f, 0x8a, 0x11, 0x62, 0xe0, - 0xc4, 0x29, 0x24, 0x9c, 0x41, 0x46, 0x5f, 0x86, 0x1a, 0x65, 0x4e, 0x24, 0xcf, 0x45, 0xe5, 0xbe, - 0xb3, 0x65, 0xb2, 0x97, 0x9d, 0x58, 0x09, 0xd6, 0xfa, 0xd0, 0x2b, 0x00, 0x7b, 0x9e, 0xef, 0xd1, - 0xbe, 0xd0, 0xbe, 0xf0, 0x60, 0x75, 0xf5, 0x72, 0xa2, 0x01, 0x1b, 0xda, 0xec, 0xbb, 0x16, 0xd4, - 0x8d, 0x1f, 0x0e, 0x27, 0xc8, 0x7b, 0xe7, 0xa0, 0x1a, 0x06, 0x43, 0xcf, 0xf5, 0x88, 0xec, 0x7b, - 0x6b, 0xf2, 0x34, 0xec, 0x28, 0x1a, 0x4e, 0xb8, 0x68, 0x04, 0xd5, 0xdb, 0x2a, 0x71, 0xa8, 0x6e, - 0xa0, 0x3d, 0xc7, 0xd6, 0xc4, 0x39, 0x48, 0xc2, 0xc5, 0x6f, 0x38, 0x81, 0xb0, 0xff, 0x52, 0x00, - 0x10, 0x7f, 0x94, 0x3c, 0x71, 0x01, 0xb3, 0x01, 0xa5, 0x88, 0x84, 0x41, 0x76, 0x25, 0x5c, 0x02, - 0x0b, 0x4e, 0x6a, 0x9e, 0x2a, 0xdc, 0xd7, 0x3c, 0x55, 0x3c, 0x76, 0x9e, 0xe2, 0xb5, 0x88, 0xf6, - 0x77, 0x22, 0x6f, 0xe2, 0x30, 0xb2, 0x4d, 0xa6, 0x2a, 0xa1, 0xeb, 0x5a, 0xd4, 0xb9, 0xa2, 0x99, - 0x38, 0x2d, 0x7b, 0xe8, 0x28, 0x5a, 0xfe, 0x2f, 0x8e, 0xa2, 0xef, 0x58, 0xb0, 0xac, 0x3d, 0xfb, - 0xff, 0xf5, 0x13, 0x53, 0xdb, 0x7d, 0xc4, 0x6c, 0xf5, 0x4f, 0x0b, 0x56, 0xe2, 0x2e, 0x5e, 0x35, - 0x03, 0xb9, 0x54, 0xff, 0xd4, 0x4f, 0x93, 0xe2, 0xf1, 0x3f, 0x4d, 0xcc, 0xdc, 0x5b, 0x3a, 0x26, - 0xf7, 0x7e, 0x3e, 0x53, 0xf7, 0x3f, 0x34, 0x53, 0xf7, 0x51, 0x32, 0xaf, 0x4c, 0x7d, 0x37, 0xdd, - 0x27, 0xd9, 0xbf, 0xb0, 0x60, 0x31, 0x66, 0xdf, 0x08, 0xba, 0x62, 0x8a, 0xa0, 0x22, 0xc8, 0xac, - 0xf4, 0x14, 0x21, 0xc3, 0x41, 0xf2, 0xd0, 0x18, 0xaa, 0x6e, 0xdf, 0x1b, 0x76, 0x23, 0xe2, 0xab, - 0x6d, 0x79, 0x31, 0x87, 0x71, 0x8a, 0xe3, 0xeb, 0x50, 0x68, 0x2b, 0x00, 0x9c, 0x40, 0xd9, 0xbf, - 0x2d, 0xc2, 0x52, 0x6a, 0xf6, 0x42, 0xcf, 0x41, 0x5d, 0xfe, 0xb5, 0xe8, 0x18, 0x36, 0x27, 0x57, - 0x15, 0xbb, 0x9a, 0x85, 0x4d, 0x39, 0xbe, 0x1f, 0x43, 0x6f, 0x22, 0x75, 0x64, 0x7f, 0x62, 0x5d, - 0x8b, 0x19, 0x58, 0xcb, 0x18, 0xc3, 0x67, 0xf1, 0xbe, 0x87, 0xcf, 0x1f, 0x5b, 0x80, 0xc4, 0x12, - 0xb8, 0xe6, 0x64, 0x46, 0x54, 0x3f, 0x87, 0x73, 0xf3, 0xdb, 0x59, 0x65, 0x11, 0x6a, 0xcf, 0x40, - 0xe1, 0x43, 0xe0, 0x8d, 0xfb, 0xe0, 0xf2, 0x23, 0xb9, 0x0f, 0xb6, 0xbf, 0x06, 0x67, 0x66, 0x9a, - 0x27, 0xd5, 0xfa, 0x5b, 0x87, 0xb5, 0xfe, 0x3c, 0x12, 0xc3, 0x68, 0xec, 0xcb, 0x0d, 0xaa, 0xea, - 0x48, 0xdc, 0xe1, 0x44, 0x2c, 0x79, 0x7c, 0x1e, 0xe8, 0x46, 0x53, 0x3c, 0x96, 0x55, 0xa5, 0xaa, - 0xd1, 0x37, 0x05, 0x15, 0x2b, 0xae, 0xfd, 0x9d, 0x02, 0x2c, 0xa5, 0x0a, 0x7a, 0x6a, 0x74, 0xb3, - 0x8e, 0x1d, 0xdd, 0xf2, 0x34, 0x06, 0xbd, 0x01, 0x8b, 0x54, 0x1c, 0xc5, 0xc8, 0x61, 0xa4, 0x37, - 0xcd, 0xe1, 0x46, 0xbe, 0x63, 0xa8, 0x6b, 0x9d, 0x3e, 0xd8, 0x5f, 0x5f, 0x34, 0x29, 0x38, 0x05, - 0x67, 0xff, 0xbc, 0x00, 0x8f, 0x1d, 0xd2, 0xdc, 0xa0, 0x3b, 0xe6, 0x2d, 0x89, 0x1c, 0xa3, 0xaf, - 0xe6, 0x10, 0x9e, 0x2a, 0x91, 0xca, 0x5f, 0xdf, 0x87, 0xdd, 0x91, 0xdc, 0xe7, 0x14, 0xbd, 0x07, - 0xe5, 0x7e, 0x10, 0x0c, 0xe2, 0x71, 0x79, 0x9e, 0x82, 0xa0, 0x87, 0xbc, 0x56, 0x8d, 0xef, 0x26, - 0x7f, 0xa7, 0x58, 0xaa, 0xb7, 0xdf, 0xb3, 0x20, 0xe5, 0x45, 0x34, 0x82, 0x32, 0xd7, 0x32, 0xcd, - 0xe1, 0x8f, 0xa0, 0xa9, 0xf7, 0x22, 0xd7, 0x29, 0xf1, 0xc5, 0x23, 0x96, 0x28, 0xc8, 0x83, 0x12, - 0x37, 0x44, 0x0d, 0x2d, 0xdb, 0x39, 0xa1, 0xf1, 0x25, 0xca, 0x19, 0x89, 0x3f, 0x61, 0x01, 0x61, - 0x3f, 0x0f, 0x67, 0x66, 0x2c, 0xe2, 0x21, 0xbf, 0x17, 0xc4, 0x3f, 0x40, 0x8d, 0x90, 0xbf, 0xcc, - 0x89, 0x58, 0xf2, 0x78, 0xfd, 0x38, 0x9d, 0x55, 0x8f, 0x7e, 0x62, 0xc1, 0x19, 0x9a, 0xd5, 0xf7, - 0x50, 0xbc, 0xf6, 0x41, 0x65, 0xd4, 0xac, 0xf9, 0x78, 0xd6, 0x02, 0xbe, 0xa3, 0xd9, 0x6b, 0x63, - 0x1e, 0x7b, 0x9e, 0x4f, 0x89, 0x3b, 0x8e, 0xe2, 0x85, 0x26, 0xb1, 0xb7, 0xa5, 0xe8, 0x38, 0x91, - 0xe0, 0x63, 0xbc, 0xfc, 0x6d, 0x71, 0x43, 0x37, 0x8a, 0xc9, 0x18, 0xdf, 0x49, 0x38, 0xd8, 0x90, - 0xe2, 0x4d, 0xb2, 0x4b, 0x22, 0xb6, 0xc9, 0xdb, 0x23, 0x9e, 0x17, 0x16, 0x65, 0xd7, 0xda, 0x56, - 0x34, 0x9c, 0x70, 0xd1, 0x87, 0x61, 0x61, 0x40, 0xa6, 0x42, 0xb0, 0x24, 0x04, 0xeb, 0xbc, 0xe2, - 0x6f, 0x4b, 0x12, 0x8e, 0x79, 0xc8, 0x86, 0x8a, 0xeb, 0x08, 0xa9, 0xb2, 0x90, 0x02, 0xf1, 0x07, - 0xe3, 0xa2, 0x10, 0x52, 0x9c, 0x56, 0xe3, 0xee, 0xbd, 0xb5, 0x53, 0x6f, 0xdd, 0x5b, 0x3b, 0xf5, - 0xf6, 0xbd, 0xb5, 0x53, 0x6f, 0x1e, 0xac, 0x59, 0x77, 0x0f, 0xd6, 0xac, 0xb7, 0x0e, 0xd6, 0xac, - 0xb7, 0x0f, 0xd6, 0xac, 0xbf, 0x1f, 0xac, 0x59, 0x3f, 0x7c, 0x77, 0xed, 0xd4, 0x2b, 0xd5, 0xd8, - 0xb5, 0xff, 0x0e, 0x00, 0x00, 0xff, 0xff, 0x7a, 0x1b, 0x36, 0xb0, 0x03, 0x29, 0x00, 0x00, + 0xf5, 0x77, 0xcf, 0xd7, 0xce, 0xbc, 0xd9, 0x0f, 0xbb, 0xf2, 0xf1, 0xdf, 0xbf, 0x23, 0xed, 0xae, + 0x3a, 0x7c, 0x18, 0x94, 0xcc, 0x60, 0x43, 0x20, 0x10, 0x84, 0xe4, 0x99, 0xb5, 0xe3, 0xf5, 0xfa, + 0x63, 0xa9, 0xd9, 0x04, 0x29, 0x44, 0x81, 0x76, 0x4f, 0xed, 0x4c, 0x7b, 0x66, 0xba, 0x3b, 0x5d, + 0x35, 0x63, 0x8d, 0x44, 0x50, 0x10, 0x42, 0xe2, 0x53, 0x02, 0x21, 0xc4, 0x95, 0x03, 0x27, 0x84, + 0x84, 0x84, 0x38, 0x21, 0x71, 0x80, 0x03, 0xf2, 0x8d, 0x1c, 0x40, 0x44, 0x01, 0xad, 0xf0, 0xe6, + 0x12, 0x89, 0x03, 0x27, 0x2e, 0x39, 0xa1, 0xfa, 0xe8, 0xae, 0xea, 0x9e, 0x5d, 0x76, 0xed, 0x69, + 0x1b, 0xb8, 0x75, 0xbf, 0xf7, 0xfa, 0xfd, 0x5e, 0xbd, 0x7a, 0xf5, 0x3e, 0xaa, 0x61, 0xab, 0xe7, + 0xb1, 0xfe, 0xf8, 0x56, 0xc3, 0x0d, 0x46, 0x4d, 0x27, 0xea, 0x05, 0x61, 0x14, 0xdc, 0x16, 0x0f, + 0xcf, 0xba, 0xdd, 0x66, 0x38, 0xe8, 0x35, 0x9d, 0xd0, 0xa3, 0x4d, 0x27, 0x0c, 0x87, 0x9e, 0xeb, + 0x30, 0x2f, 0xf0, 0x9b, 0x93, 0xf3, 0xce, 0x30, 0xec, 0x3b, 0xe7, 0x9b, 0x3d, 0xe2, 0x93, 0xc8, + 0x61, 0xa4, 0xdb, 0x08, 0xa3, 0x80, 0x05, 0xe8, 0xd3, 0x5a, 0x55, 0x23, 0x56, 0x25, 0x1e, 0xbe, + 0xe4, 0x76, 0x1b, 0xe1, 0xa0, 0xd7, 0xe0, 0xaa, 0x1a, 0x86, 0xaa, 0x46, 0xac, 0xea, 0xec, 0xb3, + 0x86, 0x15, 0xbd, 0xa0, 0x17, 0x34, 0x85, 0xc6, 0x5b, 0xe3, 0x3d, 0xf1, 0x26, 0x5e, 0xc4, 0x93, + 0x44, 0x3a, 0xfb, 0x89, 0xc1, 0xf3, 0xb4, 0xe1, 0x05, 0xdc, 0xb6, 0x91, 0xe3, 0xf6, 0x3d, 0x9f, + 0x44, 0x53, 0x6d, 0xec, 0x88, 0x30, 0xa7, 0x39, 0x99, 0xb1, 0xef, 0x6c, 0xf3, 0xa8, 0xaf, 0xa2, + 0xb1, 0xcf, 0xbc, 0x11, 0x99, 0xf9, 0xe0, 0x93, 0xc7, 0x7d, 0x40, 0xdd, 0x3e, 0x19, 0x39, 0x33, + 0xdf, 0x7d, 0xfc, 0xa8, 0xef, 0xc6, 0xcc, 0x1b, 0x36, 0x3d, 0x9f, 0x51, 0x16, 0x65, 0x3f, 0xb2, + 0xff, 0x62, 0x01, 0x5c, 0x0c, 0xc3, 0x9d, 0x28, 0xb8, 0x4d, 0x5c, 0x86, 0xbe, 0x0c, 0x55, 0xbe, + 0x8e, 0xae, 0xc3, 0x9c, 0x55, 0x6b, 0xc3, 0x3a, 0x57, 0xbf, 0xf0, 0xb1, 0x86, 0x54, 0xdb, 0x30, + 0xd5, 0x6a, 0xbf, 0x72, 0xe9, 0xc6, 0xe4, 0x7c, 0xe3, 0xe6, 0x2d, 0xfe, 0xfd, 0x75, 0xc2, 0x9c, + 0x16, 0xba, 0xbb, 0xbf, 0x7e, 0xea, 0x60, 0x7f, 0x1d, 0x34, 0x0d, 0x27, 0x5a, 0xd1, 0x00, 0x4a, + 0x34, 0x24, 0xee, 0x6a, 0x41, 0x68, 0xdf, 0x6a, 0x3c, 0xf0, 0xee, 0x35, 0xb4, 0xd9, 0x9d, 0x90, + 0xb8, 0xad, 0x45, 0x05, 0x5b, 0xe2, 0x6f, 0x58, 0x80, 0xd8, 0xef, 0x58, 0xb0, 0xac, 0xc5, 0xae, + 0x79, 0x94, 0xa1, 0x57, 0x67, 0x56, 0xd8, 0x38, 0xd9, 0x0a, 0xf9, 0xd7, 0x62, 0x7d, 0xa7, 0x15, + 0x50, 0x35, 0xa6, 0x18, 0xab, 0xbb, 0x0d, 0x65, 0x8f, 0x91, 0x11, 0x5d, 0x2d, 0x6c, 0x14, 0xcf, + 0xd5, 0x2f, 0x5c, 0xca, 0x65, 0x79, 0xad, 0x25, 0x85, 0x58, 0xde, 0xe2, 0xba, 0xb1, 0x84, 0xb0, + 0xff, 0x59, 0x30, 0x17, 0xc7, 0x57, 0x8d, 0xce, 0x43, 0x9d, 0x06, 0xe3, 0xc8, 0x25, 0x98, 0x84, + 0x01, 0x5d, 0xb5, 0x36, 0x8a, 0xe7, 0x6a, 0xad, 0x95, 0x83, 0xfd, 0xf5, 0x7a, 0x47, 0x93, 0xb1, + 0x29, 0x83, 0xbe, 0x63, 0xc1, 0x62, 0x97, 0x50, 0xe6, 0xf9, 0x02, 0x3f, 0xb6, 0xfc, 0xf3, 0xf3, + 0x59, 0x1e, 0x13, 0x37, 0xb5, 0xe6, 0xd6, 0xe3, 0x6a, 0x15, 0x8b, 0x06, 0x91, 0xe2, 0x14, 0x38, + 0x7a, 0x0e, 0xea, 0x5d, 0x42, 0xdd, 0xc8, 0x0b, 0xf9, 0xfb, 0x6a, 0x71, 0xc3, 0x3a, 0x57, 0x6b, + 0x3d, 0xa6, 0x3e, 0xac, 0x6f, 0x6a, 0x16, 0x36, 0xe5, 0xd0, 0x00, 0xca, 0x51, 0x30, 0x24, 0x74, + 0xb5, 0x24, 0x8c, 0xbf, 0x3c, 0x87, 0xf1, 0xca, 0x9d, 0x38, 0x18, 0x12, 0xed, 0x77, 0xfe, 0x46, + 0xb1, 0xc4, 0xb0, 0x7f, 0x5f, 0x84, 0xba, 0xb1, 0xc4, 0x47, 0x70, 0x66, 0x86, 0xa9, 0x33, 0x73, + 0x35, 0x9f, 0xad, 0x39, 0xea, 0xd0, 0x20, 0x06, 0x15, 0xca, 0x1c, 0x36, 0xa6, 0xc2, 0xfd, 0xf5, + 0x0b, 0xd7, 0x72, 0xc2, 0x13, 0x3a, 0x5b, 0xcb, 0x0a, 0xb1, 0x22, 0xdf, 0xb1, 0xc2, 0x42, 0xaf, + 0x43, 0x2d, 0x08, 0x79, 0x6a, 0xe2, 0xfb, 0x5e, 0x12, 0xc0, 0x9b, 0x73, 0x00, 0xdf, 0x8c, 0x75, + 0xb5, 0x96, 0x0e, 0xf6, 0xd7, 0x6b, 0xc9, 0x2b, 0xd6, 0x28, 0xb6, 0x0b, 0x8f, 0x1b, 0xf6, 0xb5, + 0x03, 0xbf, 0xeb, 0x89, 0x0d, 0xdd, 0x80, 0x12, 0x9b, 0x86, 0x44, 0x6c, 0x66, 0x4d, 0xbb, 0x68, + 0x77, 0x1a, 0x12, 0x2c, 0x38, 0xe8, 0x23, 0xb0, 0x30, 0x22, 0x94, 0x3a, 0x3d, 0x22, 0xf6, 0xa4, + 0xd6, 0x5a, 0x51, 0x42, 0x0b, 0xd7, 0x25, 0x19, 0xc7, 0x7c, 0xfb, 0x75, 0x78, 0xf2, 0xf0, 0xf3, + 0x80, 0x3e, 0x04, 0x15, 0x4a, 0xa2, 0x09, 0x89, 0x14, 0x90, 0xf6, 0x8c, 0xa0, 0x62, 0xc5, 0x45, + 0x4d, 0xa8, 0xf9, 0xce, 0x88, 0xd0, 0xd0, 0x71, 0x63, 0xb8, 0x33, 0x4a, 0xb4, 0x76, 0x23, 0x66, + 0x60, 0x2d, 0x63, 0xff, 0xd5, 0x82, 0x15, 0x03, 0xf3, 0x11, 0xa4, 0xbd, 0x41, 0x3a, 0xed, 0x5d, + 0xce, 0x27, 0x62, 0x8e, 0xc8, 0x7b, 0xbf, 0x2d, 0xc2, 0x19, 0x33, 0xae, 0x44, 0x32, 0xe3, 0x5b, + 0x12, 0x91, 0x30, 0x78, 0x09, 0x5f, 0x53, 0xee, 0x4c, 0xb6, 0x04, 0x4b, 0x32, 0x8e, 0xf9, 0x7c, + 0x7f, 0x43, 0x87, 0xf5, 0x95, 0x2f, 0x93, 0xfd, 0xdd, 0x71, 0x58, 0x1f, 0x0b, 0x0e, 0x4f, 0x43, + 0xc4, 0x9f, 0x78, 0x51, 0xe0, 0x8f, 0x88, 0xcf, 0xb2, 0x69, 0xe8, 0x92, 0x66, 0x61, 0x53, 0x0e, + 0x7d, 0x0e, 0x96, 0x99, 0x13, 0xf5, 0x08, 0xc3, 0x64, 0xe2, 0xd1, 0x38, 0x90, 0x6b, 0xad, 0x27, + 0xd5, 0x97, 0xcb, 0xbb, 0x29, 0x2e, 0xce, 0x48, 0xa3, 0x5f, 0x59, 0xf0, 0x94, 0x1b, 0x8c, 0xc2, + 0xc0, 0x27, 0x3e, 0xdb, 0x71, 0x22, 0x67, 0x44, 0x18, 0x89, 0x6e, 0x4e, 0x48, 0x14, 0x79, 0x5d, + 0x42, 0x57, 0xcb, 0xc2, 0xbb, 0xd7, 0xe7, 0xf0, 0x6e, 0x7b, 0x46, 0x7b, 0xeb, 0x69, 0x65, 0xdc, + 0x53, 0xed, 0xa3, 0x91, 0xf1, 0xbf, 0x33, 0x8b, 0x57, 0x9d, 0x89, 0x33, 0x1c, 0x13, 0x7a, 0xd9, + 0xe3, 0x39, 0xb8, 0xa2, 0xab, 0xce, 0xcb, 0x9a, 0x8c, 0x4d, 0x19, 0xfb, 0x37, 0x85, 0x54, 0x88, + 0x76, 0xe2, 0xbc, 0x23, 0xf6, 0x52, 0x05, 0x68, 0x5e, 0x79, 0x47, 0xe8, 0x34, 0x4e, 0x97, 0x2c, + 0x7e, 0x0a, 0x0b, 0x7d, 0xd3, 0x12, 0x25, 0x27, 0x3e, 0x95, 0x2a, 0xc7, 0x3e, 0x84, 0xf2, 0x67, + 0x56, 0xb1, 0x98, 0x88, 0x4d, 0x68, 0x1e, 0xc2, 0xa1, 0xac, 0x3e, 0x2a, 0xe2, 0x92, 0x10, 0x8e, + 0x8b, 0x52, 0xcc, 0xb7, 0x7f, 0x52, 0x49, 0x9f, 0x01, 0x99, 0x43, 0x7f, 0x60, 0xc1, 0x69, 0xbe, + 0x51, 0x4e, 0xe4, 0xd1, 0xc0, 0xc7, 0x84, 0x8e, 0x87, 0x4c, 0x39, 0x73, 0x7b, 0xce, 0xa0, 0x31, + 0x55, 0xb6, 0x56, 0x95, 0x5d, 0xa7, 0xb3, 0x1c, 0x3c, 0x03, 0x8f, 0x18, 0x2c, 0xf4, 0x3d, 0xca, + 0x82, 0x68, 0xaa, 0x92, 0xc3, 0x3c, 0x2d, 0xdf, 0x26, 0x09, 0x87, 0xc1, 0x94, 0x9f, 0xb5, 0x2d, + 0x7f, 0x2f, 0xd0, 0xfe, 0xb9, 0x22, 0x11, 0x70, 0x0c, 0x85, 0xbe, 0x66, 0x01, 0x84, 0x71, 0xa4, + 0xf2, 0x42, 0xf6, 0x10, 0x0e, 0x4e, 0x52, 0xb3, 0x13, 0x12, 0xc5, 0x06, 0x28, 0x0a, 0xa0, 0xd2, + 0x27, 0xce, 0x90, 0xf5, 0x55, 0x39, 0x7b, 0x71, 0x0e, 0xf8, 0x2b, 0x42, 0x51, 0xb6, 0x84, 0x4a, + 0x2a, 0x56, 0x30, 0xe8, 0x1b, 0x16, 0x2c, 0x27, 0xd5, 0x8d, 0xcb, 0x92, 0xd5, 0xf2, 0xdc, 0x5d, + 0xf6, 0xcd, 0x94, 0xc2, 0x16, 0xe2, 0x69, 0x2c, 0x4d, 0xc3, 0x19, 0x50, 0xf4, 0x75, 0x0b, 0xc0, + 0x8d, 0xab, 0xa9, 0xcc, 0x07, 0xf5, 0x0b, 0x37, 0xf3, 0x39, 0x51, 0x49, 0x95, 0xd6, 0xee, 0x4f, + 0x48, 0x14, 0x1b, 0xb0, 0xf6, 0xbb, 0x16, 0x3c, 0x61, 0x7c, 0xf8, 0x05, 0x87, 0xb9, 0xfd, 0x4b, + 0x13, 0x9e, 0xa6, 0xb7, 0x53, 0xf5, 0xfd, 0x53, 0x66, 0x7d, 0x7f, 0x7f, 0x7f, 0xfd, 0xc3, 0x47, + 0x8d, 0x51, 0x77, 0xb8, 0x86, 0x86, 0x50, 0x61, 0xb4, 0x02, 0x6f, 0x40, 0xdd, 0xb0, 0x59, 0xa5, + 0x8f, 0xbc, 0x0a, 0x60, 0x92, 0x33, 0x0c, 0x22, 0x36, 0xf1, 0xec, 0x3f, 0x15, 0x60, 0xa1, 0x3d, + 0x1c, 0x53, 0x46, 0xa2, 0x13, 0x37, 0x14, 0x1b, 0x50, 0xe2, 0xcd, 0x42, 0xb6, 0xfe, 0xf1, 0x5e, + 0x02, 0x0b, 0x0e, 0x0a, 0xa1, 0xe2, 0x06, 0xfe, 0x9e, 0xd7, 0x53, 0x2d, 0xe0, 0x95, 0x79, 0x4e, + 0x8e, 0xb4, 0xae, 0x2d, 0xf4, 0x69, 0x9b, 0xe4, 0x3b, 0x56, 0x38, 0xe8, 0x7b, 0x16, 0xac, 0xb8, + 0x81, 0xef, 0x13, 0x57, 0x07, 0x6f, 0x69, 0xee, 0x76, 0xb7, 0x9d, 0xd6, 0xd8, 0xfa, 0x3f, 0x85, + 0xbe, 0x92, 0x61, 0xe0, 0x2c, 0xb6, 0xfd, 0xcb, 0x02, 0x2c, 0xa5, 0x2c, 0x47, 0xcf, 0x40, 0x75, + 0x4c, 0x49, 0x24, 0x3c, 0x27, 0xfd, 0x9b, 0x74, 0x44, 0x2f, 0x29, 0x3a, 0x4e, 0x24, 0xb8, 0x74, + 0xe8, 0x50, 0x7a, 0x27, 0x88, 0xba, 0xca, 0xcf, 0x89, 0xf4, 0x8e, 0xa2, 0xe3, 0x44, 0x82, 0xf7, + 0x1b, 0xb7, 0x88, 0x13, 0x91, 0x68, 0x37, 0x18, 0x90, 0x99, 0xb1, 0xa7, 0xa5, 0x59, 0xd8, 0x94, + 0x13, 0x4e, 0x63, 0x43, 0xda, 0x1e, 0x7a, 0xc4, 0x67, 0xd2, 0xcc, 0x1c, 0x9c, 0xb6, 0x7b, 0xad, + 0x63, 0x6a, 0xd4, 0x4e, 0xcb, 0x30, 0x70, 0x16, 0xdb, 0xfe, 0xa3, 0x05, 0x75, 0xe5, 0xb4, 0x47, + 0xd0, 0x74, 0xf6, 0xd2, 0x4d, 0x67, 0x6b, 0xfe, 0x18, 0x3d, 0xa2, 0xe1, 0xfc, 0x79, 0x11, 0x66, + 0x2a, 0x1d, 0x7a, 0x8d, 0xe7, 0x38, 0x4e, 0x23, 0xdd, 0x8b, 0x71, 0x91, 0xfd, 0xe8, 0xc9, 0x56, + 0xb7, 0xeb, 0x8d, 0x88, 0x99, 0xbe, 0x62, 0x2d, 0xd8, 0xd0, 0x88, 0xde, 0xb4, 0x34, 0xc0, 0x6e, + 0xa0, 0xf2, 0x4a, 0xbe, 0x2d, 0xd1, 0x8c, 0x09, 0xbb, 0x01, 0x36, 0x30, 0xd1, 0x67, 0x92, 0x41, + 0xb0, 0x2c, 0x02, 0xd2, 0x4e, 0x8f, 0x6e, 0xef, 0xa7, 0x1a, 0x80, 0xcc, 0x38, 0x37, 0x85, 0x5a, + 0x44, 0x64, 0x8b, 0x15, 0x57, 0x80, 0x79, 0x92, 0x08, 0x56, 0xba, 0xe4, 0x31, 0x4e, 0xc6, 0x9f, + 0x98, 0x4c, 0xb1, 0x46, 0xb3, 0xbf, 0x6b, 0x01, 0x9a, 0x2d, 0xd7, 0x7c, 0x8c, 0x4a, 0x9a, 0x58, + 0x75, 0x80, 0x13, 0x3d, 0x89, 0x38, 0xd6, 0x32, 0x27, 0x48, 0x93, 0x4f, 0x43, 0x59, 0x34, 0xb5, + 0xea, 0xc0, 0x26, 0xd1, 0x23, 0xda, 0x5e, 0x2c, 0x79, 0xf6, 0xef, 0x2c, 0xc8, 0xa6, 0x1b, 0x91, + 0xa9, 0xa5, 0x67, 0xb3, 0x99, 0x3a, 0xed, 0xc5, 0x93, 0xcf, 0x99, 0xe8, 0x55, 0xa8, 0x3b, 0x8c, + 0x91, 0x51, 0xc8, 0x44, 0x40, 0x16, 0xef, 0x3b, 0x20, 0x97, 0x79, 0x24, 0x5c, 0x0f, 0xba, 0xde, + 0x9e, 0x27, 0x82, 0xd1, 0x54, 0x67, 0xbf, 0x57, 0x84, 0xe5, 0x74, 0xf3, 0x85, 0xc6, 0x50, 0x11, + 0xcd, 0x8e, 0xbc, 0x66, 0xca, 0xbd, 0xbb, 0x4a, 0x5c, 0x22, 0x48, 0x14, 0x2b, 0x30, 0x9e, 0x58, + 0xa3, 0x78, 0xba, 0xca, 0x24, 0xd6, 0x64, 0xae, 0x4a, 0x24, 0x8e, 0x9d, 0xa8, 0x8a, 0xff, 0x9d, + 0x13, 0xd5, 0x6b, 0x00, 0x5d, 0xe1, 0x6d, 0xb1, 0x97, 0xa5, 0x07, 0x4f, 0x2e, 0x9b, 0x89, 0x16, + 0x6c, 0x68, 0x44, 0x67, 0xa1, 0xe0, 0x75, 0xc5, 0xa9, 0x2e, 0xb6, 0x40, 0xc9, 0x16, 0xb6, 0x36, + 0x71, 0xc1, 0xeb, 0xda, 0x14, 0x16, 0xcd, 0x6e, 0xf3, 0xc4, 0xb1, 0xfa, 0x02, 0x2c, 0xc9, 0xa7, + 0x4d, 0xc2, 0x1c, 0x6f, 0x48, 0xd5, 0xee, 0x3c, 0xa1, 0xc4, 0x97, 0x3a, 0x26, 0x13, 0xa7, 0x65, + 0xed, 0x1f, 0x17, 0x00, 0xae, 0x04, 0xc1, 0x40, 0x61, 0xc6, 0x47, 0xcf, 0x3a, 0xf2, 0xe8, 0x6d, + 0x40, 0x69, 0xe0, 0xf9, 0xdd, 0xec, 0xe1, 0xdc, 0xf6, 0xfc, 0x2e, 0x16, 0x1c, 0x74, 0x01, 0xc0, + 0x09, 0xbd, 0x97, 0x49, 0x44, 0xf5, 0x4d, 0x62, 0xe2, 0x97, 0x8b, 0x3b, 0x5b, 0x8a, 0x83, 0x0d, + 0x29, 0xf4, 0x8c, 0xea, 0x0c, 0xe5, 0xd8, 0xbe, 0x9a, 0xe9, 0x0c, 0xab, 0xdc, 0x42, 0xa3, 0xf5, + 0x7b, 0x3e, 0x93, 0x1f, 0x37, 0x66, 0xf2, 0xa3, 0xee, 0x94, 0x77, 0xfa, 0x0e, 0x25, 0x87, 0x9d, + 0xeb, 0xca, 0x31, 0xf7, 0x47, 0x2f, 0x40, 0xf5, 0xea, 0x1d, 0x26, 0xeb, 0x3d, 0x4f, 0x61, 0x11, + 0x71, 0xf4, 0x09, 0x2f, 0x1a, 0x29, 0x2c, 0x66, 0x60, 0x2d, 0x63, 0xff, 0xdd, 0x02, 0x7d, 0xf5, + 0x85, 0xf6, 0xa0, 0x44, 0xa7, 0xbe, 0xab, 0x8a, 0xd5, 0x3c, 0xe9, 0xb8, 0x33, 0xf5, 0x5d, 0x7d, + 0xc3, 0x56, 0x15, 0x17, 0x88, 0x53, 0xdf, 0xc5, 0x42, 0x3f, 0x9a, 0x40, 0x35, 0x0a, 0x86, 0xc3, + 0x5b, 0x8e, 0x3b, 0xc8, 0xa1, 0x6e, 0x61, 0xa5, 0x4a, 0xe3, 0x2d, 0x8a, 0xc3, 0xae, 0xc8, 0x38, + 0xc1, 0xb2, 0x7f, 0x51, 0x86, 0xcc, 0x68, 0x82, 0xc6, 0xe6, 0xad, 0xa2, 0x95, 0xe3, 0xad, 0x62, + 0xe2, 0xf7, 0xc3, 0x6e, 0x16, 0xd1, 0x73, 0x50, 0x0e, 0xf9, 0x86, 0xab, 0xf0, 0x5c, 0x8f, 0x0b, + 0x83, 0x88, 0x82, 0x43, 0xe2, 0x42, 0x4a, 0x9b, 0x61, 0x51, 0x3c, 0x26, 0xdd, 0x7f, 0x15, 0x80, + 0xfb, 0x5a, 0xcd, 0xf8, 0x32, 0x43, 0xdc, 0xc8, 0x6b, 0x47, 0xd5, 0x98, 0x2f, 0x2a, 0x42, 0x27, + 0x41, 0xc1, 0x06, 0x22, 0xfa, 0xb6, 0x05, 0xcb, 0xb1, 0xe3, 0x95, 0x11, 0xe5, 0x87, 0x62, 0x84, + 0x18, 0x38, 0x71, 0x0a, 0x09, 0x67, 0x90, 0xd1, 0x17, 0xa1, 0x46, 0x99, 0x13, 0xc9, 0x73, 0x51, + 0xb9, 0xef, 0x6c, 0x99, 0xec, 0x65, 0x27, 0x56, 0x82, 0xb5, 0x3e, 0xf4, 0x0a, 0xc0, 0x9e, 0xe7, + 0x7b, 0xb4, 0x2f, 0xb4, 0x2f, 0x3c, 0x58, 0x5d, 0xbd, 0x9c, 0x68, 0xc0, 0x86, 0x36, 0xfb, 0x0f, + 0x16, 0xd4, 0x8d, 0x1f, 0x0e, 0x27, 0xc8, 0x7b, 0xe7, 0xa0, 0x1a, 0x06, 0x43, 0xcf, 0xf5, 0x88, + 0xec, 0x7b, 0x6b, 0xf2, 0x34, 0xec, 0x28, 0x1a, 0x4e, 0xb8, 0x88, 0x41, 0xed, 0xb6, 0x4a, 0x1c, + 0x71, 0x9d, 0x6b, 0xcf, 0xb1, 0x37, 0x71, 0x12, 0xd2, 0xde, 0x8a, 0x29, 0x14, 0x6b, 0x20, 0xfb, + 0xcf, 0x05, 0x00, 0xf1, 0x63, 0xc9, 0x13, 0xf7, 0x30, 0x1b, 0x50, 0x8a, 0x48, 0x18, 0x64, 0x17, + 0xc4, 0x25, 0xb0, 0xe0, 0xa4, 0xc6, 0xaa, 0xc2, 0x7d, 0x8d, 0x55, 0xc5, 0x63, 0xc7, 0x2a, 0x5e, + 0x92, 0x68, 0x7f, 0x27, 0xf2, 0x26, 0x0e, 0x23, 0xdb, 0x64, 0xaa, 0xf2, 0xba, 0x2e, 0x49, 0x9d, + 0x2b, 0x9a, 0x89, 0xd3, 0xb2, 0x87, 0x4e, 0xa4, 0xe5, 0xff, 0xe0, 0x44, 0xfa, 0x8e, 0x05, 0xcb, + 0xda, 0xb3, 0xff, 0x5b, 0xff, 0x32, 0xb5, 0xdd, 0x47, 0x8c, 0x58, 0xff, 0xb0, 0x60, 0x25, 0x6e, + 0xe6, 0x55, 0x4f, 0x90, 0x4b, 0x13, 0x90, 0xfa, 0x77, 0x52, 0x3c, 0xfe, 0xdf, 0x89, 0x99, 0x82, + 0x4b, 0xc7, 0xa4, 0xe0, 0xcf, 0x66, 0xca, 0xff, 0x07, 0x66, 0xca, 0x3f, 0x4a, 0xc6, 0x96, 0xa9, + 0xef, 0xa6, 0xdb, 0x25, 0xfb, 0x67, 0x16, 0x2c, 0xc6, 0xec, 0x1b, 0x41, 0x57, 0x0c, 0x13, 0x54, + 0x04, 0x99, 0x95, 0x1e, 0x26, 0x64, 0x38, 0x48, 0x1e, 0x1a, 0x43, 0xd5, 0xed, 0x7b, 0xc3, 0x6e, + 0x44, 0x7c, 0xb5, 0x2d, 0x2f, 0xe6, 0x30, 0x55, 0x71, 0x7c, 0x1d, 0x0a, 0x6d, 0x05, 0x80, 0x13, + 0x28, 0xfb, 0xd7, 0x45, 0x58, 0x4a, 0x8d, 0x60, 0xe8, 0x39, 0xa8, 0xcb, 0x9f, 0x17, 0x1d, 0xc3, + 0xe6, 0xe4, 0xc6, 0x62, 0x57, 0xb3, 0xb0, 0x29, 0xc7, 0xf7, 0x63, 0xe8, 0x4d, 0xa4, 0x8e, 0xec, + 0xbf, 0xac, 0x6b, 0x31, 0x03, 0x6b, 0x19, 0x63, 0x06, 0x2d, 0xde, 0xf7, 0x0c, 0xfa, 0x43, 0x0b, + 0x90, 0x58, 0x02, 0xd7, 0x9c, 0x8c, 0x8a, 0xea, 0x1f, 0x71, 0x6e, 0x7e, 0x3b, 0xab, 0x2c, 0x42, + 0xed, 0x19, 0x28, 0x7c, 0x08, 0xbc, 0x71, 0x2d, 0x5c, 0x7e, 0x24, 0xd7, 0xc2, 0xf6, 0x57, 0xe0, + 0xcc, 0x4c, 0x0f, 0xa5, 0x26, 0x00, 0xeb, 0xb0, 0x09, 0x80, 0x47, 0x62, 0x18, 0x8d, 0x7d, 0xb9, + 0x41, 0x55, 0x1d, 0x89, 0x3b, 0x9c, 0x88, 0x25, 0x8f, 0x8f, 0x05, 0xdd, 0x68, 0x8a, 0xc7, 0xb2, + 0xb5, 0xae, 0x6a, 0xf4, 0x4d, 0x41, 0xc5, 0x8a, 0x6b, 0x7f, 0xab, 0x00, 0x4b, 0xa9, 0xba, 0x9e, + 0x9a, 0xe0, 0xac, 0x63, 0x27, 0xb8, 0x3c, 0x8d, 0x41, 0x6f, 0xc0, 0x22, 0x15, 0x47, 0x31, 0x72, + 0x18, 0xe9, 0x4d, 0x73, 0xb8, 0x98, 0xef, 0x18, 0xea, 0x5a, 0xa7, 0x0f, 0xf6, 0xd7, 0x17, 0x4d, + 0x0a, 0x4e, 0xc1, 0xd9, 0x3f, 0x2d, 0xc0, 0x63, 0x87, 0xf4, 0x38, 0xe8, 0x8e, 0x79, 0x59, 0x22, + 0xa7, 0xe9, 0xab, 0x39, 0x84, 0xa7, 0x4a, 0xa4, 0xf2, 0x0f, 0xf8, 0x61, 0x57, 0x25, 0xf7, 0x39, + 0x4c, 0xef, 0x41, 0xb9, 0x1f, 0x04, 0x83, 0xb8, 0x9b, 0x98, 0xa7, 0x20, 0xe8, 0x59, 0xaf, 0x55, + 0xe3, 0xbb, 0xc9, 0xdf, 0x29, 0x96, 0xea, 0xed, 0xf7, 0x2c, 0x48, 0x79, 0x11, 0x8d, 0xa0, 0xcc, + 0xb5, 0x4c, 0x73, 0xf8, 0x31, 0x68, 0xea, 0xbd, 0xc8, 0x75, 0x4a, 0x7c, 0xf1, 0x88, 0x25, 0x0a, + 0xf2, 0xa0, 0xc4, 0x0d, 0x51, 0xb3, 0xcb, 0x76, 0x4e, 0x68, 0x7c, 0x89, 0x72, 0x54, 0xe2, 0x4f, + 0x58, 0x40, 0xd8, 0xcf, 0xc3, 0x99, 0x19, 0x8b, 0x78, 0xc8, 0xef, 0x05, 0xf1, 0x7f, 0x50, 0x23, + 0xe4, 0x2f, 0x73, 0x22, 0x96, 0x3c, 0x5e, 0x3f, 0x4e, 0x67, 0xd5, 0xa3, 0x1f, 0x59, 0x70, 0x86, + 0x66, 0xf5, 0x3d, 0x14, 0xaf, 0xfd, 0xbf, 0x32, 0x6a, 0xd6, 0x7c, 0x3c, 0x6b, 0x01, 0xdf, 0xd1, + 0xec, 0xed, 0x31, 0x8f, 0x3d, 0xcf, 0xa7, 0xc4, 0x1d, 0x47, 0xf1, 0x42, 0x93, 0xd8, 0xdb, 0x52, + 0x74, 0x9c, 0x48, 0xf0, 0x69, 0x5e, 0xfe, 0xbd, 0xb8, 0xa1, 0x1b, 0xc5, 0x64, 0x9a, 0xef, 0x24, + 0x1c, 0x6c, 0x48, 0xf1, 0x5e, 0xd9, 0x25, 0x11, 0xdb, 0xe4, 0xed, 0x11, 0xcf, 0x0b, 0x8b, 0xb2, + 0x57, 0x6e, 0x2b, 0x1a, 0x4e, 0xb8, 0xe8, 0x83, 0xb0, 0x30, 0x20, 0x53, 0x21, 0x58, 0x12, 0x82, + 0x75, 0x5e, 0xf1, 0xb7, 0x25, 0x09, 0xc7, 0x3c, 0x64, 0x43, 0xc5, 0x75, 0x84, 0x54, 0x59, 0x48, + 0x81, 0xf8, 0x91, 0x71, 0x51, 0x08, 0x29, 0x4e, 0xab, 0x71, 0xf7, 0xde, 0xda, 0xa9, 0xb7, 0xee, + 0xad, 0x9d, 0x7a, 0xfb, 0xde, 0xda, 0xa9, 0x37, 0x0f, 0xd6, 0xac, 0xbb, 0x07, 0x6b, 0xd6, 0x5b, + 0x07, 0x6b, 0xd6, 0xdb, 0x07, 0x6b, 0xd6, 0xdf, 0x0e, 0xd6, 0xac, 0xef, 0xbf, 0xbb, 0x76, 0xea, + 0x95, 0x6a, 0xec, 0xda, 0x7f, 0x05, 0x00, 0x00, 0xff, 0xff, 0x86, 0x74, 0xaf, 0x89, 0x0a, 0x29, + 0x00, 0x00, } diff --git a/pkg/apis/application/v1alpha1/generated.proto b/pkg/apis/application/v1alpha1/generated.proto index d17b8a6a1d5b8..a02029ed19fc3 100644 --- a/pkg/apis/application/v1alpha1/generated.proto +++ b/pkg/apis/application/v1alpha1/generated.proto @@ -296,7 +296,7 @@ message ProjectRole { repeated string policies = 2; - optional JwtToken jwtToken = 3; + repeated JwtToken jwtTokens = 3; } // Repository is a Git repository holding application configurations diff --git a/pkg/apis/application/v1alpha1/types.go b/pkg/apis/application/v1alpha1/types.go index 323c60d821659..7ebae36f57e23 100644 --- a/pkg/apis/application/v1alpha1/types.go +++ b/pkg/apis/application/v1alpha1/types.go @@ -468,9 +468,9 @@ type AppProjectSpec struct { // ProjectRole represents a role that has access to a project type ProjectRole struct { - Name string `json:"name" protobuf:"bytes,1,opt,name=name"` - Policies []string `json:"policies" protobuf:"bytes,2,rep,name=policies"` - JwtToken *JwtToken `json:"jwtToken" protobuf:"bytes,3,rep,name=jwtToken"` + Name string `json:"name" protobuf:"bytes,1,opt,name=name"` + Policies []string `json:"policies" protobuf:"bytes,2,rep,name=policies"` + JwtTokens []JwtToken `json:"jwtTokens" protobuf:"bytes,3,rep,name=jwtTokens"` } // JwtToken holds the createdAt time of a token diff --git a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go index 35acda577f61c..12d3787d0391d 100644 --- a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go @@ -596,14 +596,10 @@ func (in *ProjectRole) DeepCopyInto(out *ProjectRole) { *out = make([]string, len(*in)) copy(*out, *in) } - if in.JwtToken != nil { - in, out := &in.JwtToken, &out.JwtToken - if *in == nil { - *out = nil - } else { - *out = new(JwtToken) - **out = **in - } + if in.JwtTokens != nil { + in, out := &in.JwtTokens, &out.JwtTokens + *out = make([]JwtToken, len(*in)) + copy(*out, *in) } return } diff --git a/server/project/project.go b/server/project/project.go index 52a33443b1898..79629c22952ff 100644 --- a/server/project/project.go +++ b/server/project/project.go @@ -64,15 +64,12 @@ func (s *Server) CreateToken(ctx context.Context, q *ProjectTokenCreateRequest) s.projectLock.Lock(q.Project) defer s.projectLock.Unlock(q.Project) - index, err := projectUtil.GetRoleIndexByName(project, q.Token) + index, err := projectUtil.GetRoleIndexByName(project, q.Role) if err != nil { - return nil, status.Errorf(codes.NotFound, "project '%s' does not have role '%s'", q.Project, q.Token) - } - if project.Spec.Roles[index].JwtToken != nil { - return nil, status.Errorf(codes.AlreadyExists, "Role '%s' already has a JwtToken", q.Token) + return nil, status.Errorf(codes.NotFound, "project '%s' does not have role '%s'", q.Project, q.Role) } - tokenName := fmt.Sprintf(JwtTokenSubFormat, q.Project, q.Token) + tokenName := fmt.Sprintf(JwtTokenSubFormat, q.Project, q.Role) jwtToken, err := s.sessionMgr.Create(tokenName, q.SecondsBeforeExpiry) if err != nil { return nil, status.Error(codes.InvalidArgument, err.Error()) @@ -86,7 +83,7 @@ func (s *Server) CreateToken(ctx context.Context, q *ProjectTokenCreateRequest) return nil, status.Error(codes.InvalidArgument, err.Error()) } issuedAt := jwtUtil.GetInt64Field(mapClaims, "iat") - project.Spec.Roles[index].JwtToken = &v1alpha1.JwtToken{CreatedAt: issuedAt} + project.Spec.Roles[index].JwtTokens = append(project.Spec.Roles[index].JwtTokens, v1alpha1.JwtToken{CreatedAt: issuedAt}) _, err = s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Update(project) if err != nil { return nil, err @@ -254,7 +251,7 @@ func validateProject(p *v1alpha1.AppProject) error { existingPolicies := make(map[string]bool) for _, policy := range role.Policies { var err error - if role.JwtToken != nil { + if role.JwtTokens != nil { err = validateJwtToken(p.Name, role.Name, policy) } else { err = validatePolicy(p.Name, policy) @@ -296,21 +293,25 @@ func (s *Server) DeleteToken(ctx context.Context, q *ProjectTokenDeleteRequest) s.projectLock.Lock(q.Project) defer s.projectLock.Unlock(q.Project) - index, err := projectUtil.GetRoleIndexByName(project, q.Token) + roleIndex, err := projectUtil.GetRoleIndexByName(project, q.Role) if err != nil { return nil, status.Error(codes.NotFound, err.Error()) } - if project.Spec.Roles[index].JwtToken == nil { - return nil, status.Errorf(codes.NotFound, "Role '%s' does not have a JWT token", q.Token) + if project.Spec.Roles[roleIndex].JwtTokens == nil { + return nil, status.Errorf(codes.NotFound, "Role '%s' does not have a JWT token", q.Role) } - project.Spec.Roles[index].JwtToken = nil + jwtTokenIndex, err := projectUtil.GetJwtTokenIndexByCreatedAt(project, roleIndex, q.CreatedAt) + if err != nil { + return nil, status.Error(codes.NotFound, err.Error()) + } + project.Spec.Roles[roleIndex].JwtTokens[jwtTokenIndex] = project.Spec.Roles[roleIndex].JwtTokens[len(project.Spec.Roles[roleIndex].JwtTokens)-1] + project.Spec.Roles[roleIndex].JwtTokens = project.Spec.Roles[roleIndex].JwtTokens[:len(project.Spec.Roles[roleIndex].JwtTokens)-1] _, err = s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Update(project) if err != nil { return nil, err } s.logEvent(project, ctx, argo.EventReasonResourceDeleted, "deleted token") return &EmptyResponse{}, nil - } // Update updates a project diff --git a/server/project/project.pb.go b/server/project/project.pb.go index d2c2f18cad0b7..8a62d0aee3d5a 100644 --- a/server/project/project.pb.go +++ b/server/project/project.pb.go @@ -66,8 +66,9 @@ func (m *ProjectCreateRequest) GetProject() *github_com_argoproj_argo_cd_pkg_api // ProjectTokenCreateRequest defines project token deletion parameters. type ProjectTokenDeleteRequest struct { - Project string `protobuf:"bytes,1,opt,name=project,proto3" json:"project,omitempty"` - Token string `protobuf:"bytes,2,opt,name=token,proto3" json:"token,omitempty"` + Project string `protobuf:"bytes,1,opt,name=project,proto3" json:"project,omitempty"` + Role string `protobuf:"bytes,2,opt,name=role,proto3" json:"role,omitempty"` + CreatedAt int64 `protobuf:"varint,3,opt,name=createdAt,proto3" json:"createdAt,omitempty"` } func (m *ProjectTokenDeleteRequest) Reset() { *m = ProjectTokenDeleteRequest{} } @@ -82,17 +83,24 @@ func (m *ProjectTokenDeleteRequest) GetProject() string { return "" } -func (m *ProjectTokenDeleteRequest) GetToken() string { +func (m *ProjectTokenDeleteRequest) GetRole() string { if m != nil { - return m.Token + return m.Role } return "" } +func (m *ProjectTokenDeleteRequest) GetCreatedAt() int64 { + if m != nil { + return m.CreatedAt + } + return 0 +} + // ProjectTokenCreateRequest defines project token creation parameters. type ProjectTokenCreateRequest struct { Project string `protobuf:"bytes,1,opt,name=project,proto3" json:"project,omitempty"` - Token string `protobuf:"bytes,2,opt,name=token,proto3" json:"token,omitempty"` + Role string `protobuf:"bytes,2,opt,name=role,proto3" json:"role,omitempty"` SecondsBeforeExpiry int64 `protobuf:"varint,3,opt,name=secondsBeforeExpiry,proto3" json:"secondsBeforeExpiry,omitempty"` } @@ -108,9 +116,9 @@ func (m *ProjectTokenCreateRequest) GetProject() string { return "" } -func (m *ProjectTokenCreateRequest) GetToken() string { +func (m *ProjectTokenCreateRequest) GetRole() string { if m != nil { - return m.Token + return m.Role } return "" } @@ -558,11 +566,16 @@ func (m *ProjectTokenDeleteRequest) MarshalTo(dAtA []byte) (int, error) { i = encodeVarintProject(dAtA, i, uint64(len(m.Project))) i += copy(dAtA[i:], m.Project) } - if len(m.Token) > 0 { + if len(m.Role) > 0 { dAtA[i] = 0x12 i++ - i = encodeVarintProject(dAtA, i, uint64(len(m.Token))) - i += copy(dAtA[i:], m.Token) + i = encodeVarintProject(dAtA, i, uint64(len(m.Role))) + i += copy(dAtA[i:], m.Role) + } + if m.CreatedAt != 0 { + dAtA[i] = 0x18 + i++ + i = encodeVarintProject(dAtA, i, uint64(m.CreatedAt)) } return i, nil } @@ -588,11 +601,11 @@ func (m *ProjectTokenCreateRequest) MarshalTo(dAtA []byte) (int, error) { i = encodeVarintProject(dAtA, i, uint64(len(m.Project))) i += copy(dAtA[i:], m.Project) } - if len(m.Token) > 0 { + if len(m.Role) > 0 { dAtA[i] = 0x12 i++ - i = encodeVarintProject(dAtA, i, uint64(len(m.Token))) - i += copy(dAtA[i:], m.Token) + i = encodeVarintProject(dAtA, i, uint64(len(m.Role))) + i += copy(dAtA[i:], m.Role) } if m.SecondsBeforeExpiry != 0 { dAtA[i] = 0x18 @@ -722,10 +735,13 @@ func (m *ProjectTokenDeleteRequest) Size() (n int) { if l > 0 { n += 1 + l + sovProject(uint64(l)) } - l = len(m.Token) + l = len(m.Role) if l > 0 { n += 1 + l + sovProject(uint64(l)) } + if m.CreatedAt != 0 { + n += 1 + sovProject(uint64(m.CreatedAt)) + } return n } @@ -736,7 +752,7 @@ func (m *ProjectTokenCreateRequest) Size() (n int) { if l > 0 { n += 1 + l + sovProject(uint64(l)) } - l = len(m.Token) + l = len(m.Role) if l > 0 { n += 1 + l + sovProject(uint64(l)) } @@ -938,7 +954,7 @@ func (m *ProjectTokenDeleteRequest) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Token", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Role", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -963,8 +979,27 @@ func (m *ProjectTokenDeleteRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Token = string(dAtA[iNdEx:postIndex]) + m.Role = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex + case 3: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field CreatedAt", wireType) + } + m.CreatedAt = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProject + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.CreatedAt |= (int64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } default: iNdEx = preIndex skippy, err := skipProject(dAtA[iNdEx:]) @@ -1046,7 +1081,7 @@ func (m *ProjectTokenCreateRequest) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Token", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Role", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -1071,7 +1106,7 @@ func (m *ProjectTokenCreateRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Token = string(dAtA[iNdEx:postIndex]) + m.Role = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 3: if wireType != 0 { @@ -1512,46 +1547,47 @@ var ( func init() { proto.RegisterFile("server/project/project.proto", fileDescriptorProject) } var fileDescriptorProject = []byte{ - // 652 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x55, 0xcf, 0x4f, 0x13, 0x4f, - 0x14, 0xcf, 0x02, 0xdf, 0x92, 0xef, 0xe0, 0xaf, 0x8c, 0x80, 0xa5, 0x40, 0xc5, 0x39, 0x18, 0xd2, - 0xc8, 0xac, 0x05, 0x0f, 0xc4, 0x9b, 0x68, 0x63, 0x88, 0x1e, 0xb4, 0x6a, 0x62, 0xbc, 0x90, 0x61, - 0xfb, 0x5c, 0x96, 0xb6, 0x3b, 0xe3, 0xcc, 0xb0, 0xda, 0x18, 0x2e, 0xc4, 0x9b, 0x47, 0xff, 0x04, - 0xff, 0x19, 0x8f, 0x26, 0xfe, 0x03, 0x86, 0xf8, 0x37, 0x78, 0x36, 0xf3, 0x76, 0x97, 0xb2, 0x94, - 0x25, 0x31, 0x69, 0x3c, 0x75, 0x76, 0xe6, 0xbd, 0xf7, 0xf9, 0x7c, 0xde, 0x8f, 0x3e, 0xb2, 0x64, - 0x40, 0x27, 0xa0, 0x7d, 0xa5, 0xe5, 0x3e, 0x04, 0x36, 0xff, 0xe5, 0x4a, 0x4b, 0x2b, 0xe9, 0x74, - 0xf6, 0x59, 0x9b, 0x0d, 0x65, 0x28, 0xf1, 0xce, 0x77, 0xa7, 0xf4, 0xb9, 0xb6, 0x14, 0x4a, 0x19, - 0xf6, 0xc0, 0x17, 0x2a, 0xf2, 0x45, 0x1c, 0x4b, 0x2b, 0x6c, 0x24, 0x63, 0x93, 0xbd, 0xb2, 0xee, - 0xa6, 0xe1, 0x91, 0xc4, 0xd7, 0x40, 0x6a, 0xf0, 0x93, 0xa6, 0x1f, 0x42, 0x0c, 0x5a, 0x58, 0xe8, - 0x64, 0x36, 0xf7, 0x86, 0x36, 0x7d, 0x11, 0xec, 0x45, 0x31, 0xe8, 0x81, 0xaf, 0xba, 0xa1, 0xbb, - 0x30, 0x7e, 0x1f, 0xac, 0x38, 0xcf, 0x6b, 0x3b, 0x8c, 0xec, 0xde, 0xc1, 0x2e, 0x0f, 0x64, 0xdf, - 0x17, 0x1a, 0x89, 0xed, 0xe3, 0x61, 0x2d, 0xe8, 0x0c, 0xbd, 0x85, 0x52, 0xbd, 0x28, 0x40, 0x4a, - 0x7e, 0xd2, 0x14, 0x3d, 0xb5, 0x27, 0x46, 0x42, 0xb1, 0xf7, 0x64, 0xf6, 0x59, 0xaa, 0xf1, 0xa1, - 0x06, 0x61, 0xa1, 0x0d, 0xef, 0x0e, 0xc0, 0x58, 0xba, 0x43, 0x72, 0xed, 0x55, 0x6f, 0xc5, 0x5b, - 0x9d, 0x59, 0x6f, 0xf1, 0x21, 0x28, 0xcf, 0x41, 0xf1, 0xb0, 0x13, 0x74, 0xb8, 0xea, 0x86, 0xdc, - 0x81, 0xf2, 0x53, 0xa0, 0x3c, 0x07, 0xe5, 0x0f, 0x94, 0xca, 0x40, 0xda, 0x79, 0x54, 0xf6, 0x84, - 0x2c, 0x64, 0x77, 0x2f, 0x65, 0x17, 0xe2, 0x47, 0xd0, 0x83, 0x21, 0x7a, 0xb5, 0x88, 0xfe, 0xff, - 0x89, 0x1b, 0x9d, 0x25, 0xff, 0x59, 0x67, 0x5f, 0x9d, 0xc0, 0xfb, 0xf4, 0x83, 0x1d, 0x16, 0x83, - 0x15, 0xa5, 0xfc, 0x65, 0x30, 0x7a, 0x97, 0x5c, 0x37, 0x10, 0xc8, 0xb8, 0x63, 0xb6, 0xe0, 0xad, - 0xd4, 0xd0, 0xfa, 0xa0, 0x22, 0x3d, 0xa8, 0x4e, 0xae, 0x78, 0xab, 0x93, 0xed, 0xf3, 0x9e, 0xd8, - 0x9d, 0x93, 0x24, 0x22, 0x7c, 0x1b, 0x8c, 0x92, 0xb1, 0x81, 0x61, 0x7c, 0xef, 0x34, 0x59, 0x46, - 0x2e, 0x65, 0xd6, 0xcf, 0x0f, 0x40, 0x0f, 0x28, 0x25, 0x53, 0xb1, 0xe8, 0x43, 0x66, 0x84, 0xe7, - 0x53, 0x65, 0x79, 0xa5, 0x3a, 0xff, 0xb2, 0x2c, 0x57, 0xc9, 0xe5, 0x56, 0x5f, 0xd9, 0x41, 0xae, - 0x61, 0xfd, 0xf7, 0x34, 0xb9, 0x92, 0x59, 0xbd, 0x00, 0x9d, 0x44, 0x01, 0x50, 0x43, 0x66, 0xd2, - 0x0c, 0xa3, 0x5a, 0xca, 0x78, 0x3e, 0x34, 0xa5, 0x35, 0xa8, 0x2d, 0x9f, 0x6b, 0x93, 0x83, 0xb0, - 0x5b, 0x47, 0x3f, 0x7e, 0x7d, 0x99, 0x58, 0x64, 0xf3, 0x38, 0x2c, 0x49, 0x33, 0x1f, 0x43, 0xe3, - 0x63, 0xca, 0xee, 0x7b, 0x0d, 0x1a, 0x91, 0x99, 0xb4, 0x47, 0x2e, 0x02, 0x2d, 0x74, 0x51, 0x6d, - 0xfe, 0xc4, 0xa6, 0x20, 0x89, 0xd5, 0x11, 0xad, 0xda, 0x28, 0x41, 0xa3, 0x9f, 0x3d, 0x52, 0x49, - 0xe9, 0xd3, 0x11, 0xde, 0x45, 0x59, 0xe3, 0xc9, 0x3e, 0x5b, 0x44, 0x42, 0x73, 0xec, 0xda, 0x59, - 0x42, 0x4e, 0xf8, 0x91, 0x47, 0xa6, 0x9e, 0x46, 0xc6, 0xd2, 0xb9, 0xb3, 0x5c, 0xb0, 0x7d, 0x6a, - 0xdb, 0x63, 0xe1, 0xe0, 0x10, 0x58, 0x15, 0x79, 0x50, 0x3a, 0xc2, 0x83, 0x7e, 0xf2, 0xc8, 0xe4, - 0x63, 0x28, 0xe5, 0x30, 0xa6, 0x3c, 0xdc, 0x44, 0xfc, 0x05, 0x7a, 0x63, 0xa4, 0x30, 0x1f, 0xdd, - 0x54, 0x1c, 0xd2, 0xaf, 0x1e, 0xa9, 0xa4, 0x03, 0x31, 0x5a, 0x99, 0xc2, 0xa0, 0x8c, 0x8b, 0xd1, - 0x06, 0x32, 0x5a, 0xab, 0xad, 0x8e, 0x32, 0xca, 0xe1, 0xdd, 0x9f, 0x74, 0x47, 0x58, 0xc1, 0x91, - 0xa2, 0xab, 0xd8, 0x6b, 0x52, 0x49, 0x1b, 0xb1, 0x2c, 0x5d, 0x65, 0x8d, 0x99, 0xe9, 0x6f, 0x94, - 0xea, 0xdf, 0x27, 0xc4, 0x15, 0xaa, 0x95, 0x40, 0x6c, 0x4d, 0x59, 0xf4, 0x65, 0x9e, 0x2e, 0x15, - 0xa7, 0x90, 0xbb, 0xc5, 0xc3, 0x93, 0x26, 0x47, 0x17, 0x2c, 0xf2, 0x6d, 0x04, 0x59, 0xa1, 0xf5, - 0x12, 0x10, 0x1f, 0x30, 0xfa, 0xd6, 0xe6, 0xb7, 0xe3, 0xba, 0xf7, 0xfd, 0xb8, 0xee, 0xfd, 0x3c, - 0xae, 0x7b, 0x6f, 0x1a, 0x17, 0xad, 0x9c, 0xe2, 0x0e, 0xdd, 0xad, 0xe0, 0x6a, 0xd9, 0xf8, 0x13, - 0x00, 0x00, 0xff, 0xff, 0x24, 0x68, 0x71, 0xdc, 0x5c, 0x07, 0x00, 0x00, + // 665 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x95, 0xcf, 0x4f, 0x13, 0x41, + 0x14, 0xc7, 0xb3, 0x80, 0x25, 0x0c, 0xfe, 0xca, 0x08, 0x58, 0x0a, 0x54, 0x9c, 0x83, 0x21, 0x8d, + 0xcc, 0x5a, 0xf0, 0x40, 0xbc, 0x81, 0x36, 0x86, 0xc4, 0x83, 0x56, 0x4d, 0x8c, 0x17, 0x32, 0xec, + 0x3e, 0x97, 0xa5, 0xed, 0xce, 0x38, 0x3b, 0xac, 0x36, 0xc4, 0x0b, 0xf1, 0xe6, 0xd1, 0x3f, 0xc1, + 0x7f, 0xc6, 0xa3, 0x89, 0xff, 0x80, 0x21, 0xfe, 0x0d, 0x9e, 0xcd, 0xbc, 0xdd, 0xa5, 0x2c, 0xed, + 0x92, 0x98, 0x34, 0x9e, 0x3a, 0x3b, 0xf3, 0x66, 0x3e, 0xdf, 0xef, 0x7b, 0xf3, 0x3a, 0x64, 0x39, + 0x06, 0x9d, 0x80, 0x76, 0x95, 0x96, 0x87, 0xe0, 0x99, 0xfc, 0x97, 0x2b, 0x2d, 0x8d, 0xa4, 0xd3, + 0xd9, 0x67, 0x6d, 0x2e, 0x90, 0x81, 0xc4, 0x39, 0xd7, 0x8e, 0xd2, 0xe5, 0xda, 0x72, 0x20, 0x65, + 0xd0, 0x05, 0x57, 0xa8, 0xd0, 0x15, 0x51, 0x24, 0x8d, 0x30, 0xa1, 0x8c, 0xe2, 0x6c, 0x95, 0x75, + 0xb6, 0x62, 0x1e, 0x4a, 0x5c, 0xf5, 0xa4, 0x06, 0x37, 0x69, 0xba, 0x01, 0x44, 0xa0, 0x85, 0x01, + 0x3f, 0x8b, 0x79, 0x38, 0x88, 0xe9, 0x09, 0xef, 0x20, 0x8c, 0x40, 0xf7, 0x5d, 0xd5, 0x09, 0xec, + 0x44, 0xec, 0xf6, 0xc0, 0x88, 0x51, 0xbb, 0x76, 0x83, 0xd0, 0x1c, 0x1c, 0xed, 0x73, 0x4f, 0xf6, + 0x5c, 0xa1, 0x51, 0xd8, 0x21, 0x0e, 0xd6, 0x3d, 0x7f, 0xb0, 0x5b, 0x28, 0xd5, 0x0d, 0x3d, 0x94, + 0xe4, 0x26, 0x4d, 0xd1, 0x55, 0x07, 0x62, 0xe8, 0x28, 0xf6, 0x81, 0xcc, 0x3d, 0x4f, 0x3d, 0x3e, + 0xd6, 0x20, 0x0c, 0xb4, 0xe1, 0xfd, 0x11, 0xc4, 0x86, 0xee, 0x91, 0xdc, 0x7b, 0xd5, 0x59, 0x75, + 0xd6, 0x66, 0x37, 0x5a, 0x7c, 0x00, 0xe5, 0x39, 0x14, 0x07, 0x7b, 0x9e, 0xcf, 0x55, 0x27, 0xe0, + 0x16, 0xca, 0xcf, 0x41, 0x79, 0x0e, 0xe5, 0xdb, 0x4a, 0x65, 0x90, 0x76, 0x7e, 0x2a, 0x0b, 0xc8, + 0x62, 0x36, 0xf7, 0x4a, 0x76, 0x20, 0x7a, 0x02, 0x5d, 0x18, 0xd0, 0xab, 0x45, 0xfa, 0xcc, 0xd9, + 0x36, 0x4a, 0xc9, 0x94, 0x96, 0x5d, 0xa8, 0x4e, 0xe0, 0x34, 0x8e, 0xe9, 0x32, 0x99, 0xf1, 0x50, + 0xbc, 0xbf, 0x6d, 0xaa, 0x93, 0xab, 0xce, 0xda, 0x64, 0x7b, 0x30, 0xc1, 0x8e, 0x8b, 0xa0, 0xa2, + 0xcd, 0x7f, 0x03, 0x3d, 0x20, 0xb7, 0x62, 0xf0, 0x64, 0xe4, 0xc7, 0x3b, 0xf0, 0x4e, 0x6a, 0x68, + 0x7d, 0x54, 0xa1, 0xee, 0x67, 0xc8, 0x51, 0x4b, 0xec, 0xfe, 0x59, 0x7a, 0x11, 0xde, 0x86, 0x58, + 0xc9, 0x28, 0x06, 0x3a, 0x47, 0xae, 0x18, 0x3b, 0x91, 0x51, 0xd3, 0x0f, 0xc6, 0xc8, 0xd5, 0x2c, + 0xfa, 0xc5, 0x11, 0xe8, 0xbe, 0xd5, 0x10, 0x89, 0x1e, 0x64, 0x41, 0x38, 0x3e, 0x57, 0xb0, 0xd7, + 0xca, 0xff, 0x9f, 0x05, 0xbb, 0x41, 0xae, 0xb5, 0x7a, 0xca, 0xf4, 0x73, 0x0f, 0x1b, 0x7f, 0xa6, + 0xc9, 0xf5, 0x2c, 0xea, 0x25, 0xe8, 0x24, 0xf4, 0x80, 0xc6, 0x64, 0x36, 0xcd, 0x2f, 0xba, 0xa5, + 0x8c, 0xe7, 0xed, 0x54, 0x5a, 0x81, 0xda, 0xca, 0xc8, 0x98, 0x1c, 0xc2, 0xee, 0x9e, 0xfc, 0xfc, + 0xfd, 0x75, 0x62, 0x89, 0x2d, 0x60, 0x1b, 0x25, 0xcd, 0xbc, 0x41, 0x63, 0x17, 0x53, 0xf6, 0xc8, + 0x69, 0xd0, 0x90, 0xcc, 0xa6, 0xb7, 0xe7, 0x32, 0x68, 0xe1, 0x7e, 0xd5, 0x16, 0xce, 0x62, 0x0a, + 0x96, 0x58, 0x1d, 0x69, 0xd5, 0x46, 0x09, 0x8d, 0x7e, 0x71, 0x48, 0x25, 0x95, 0x4f, 0x87, 0x74, + 0x17, 0x6d, 0x8d, 0x27, 0xfb, 0x6c, 0x09, 0x05, 0xcd, 0xb3, 0x9b, 0x17, 0x05, 0x59, 0xe3, 0x27, + 0x0e, 0x99, 0x7a, 0x16, 0xc6, 0x86, 0xce, 0x5f, 0xd4, 0x82, 0xd7, 0xa7, 0xb6, 0x3b, 0x16, 0x0d, + 0x96, 0xc0, 0xaa, 0xa8, 0x83, 0xd2, 0x21, 0x1d, 0xf4, 0xb3, 0x43, 0x26, 0x9f, 0x42, 0xa9, 0x86, + 0x31, 0xe5, 0xe1, 0x0e, 0xf2, 0x17, 0xe9, 0xed, 0xa1, 0xc2, 0x1c, 0xdb, 0xae, 0xf8, 0x44, 0xbf, + 0x39, 0xa4, 0x92, 0x36, 0xc4, 0x70, 0x65, 0x0a, 0x8d, 0x32, 0x2e, 0x45, 0x9b, 0xa8, 0x68, 0xbd, + 0xb6, 0x36, 0xac, 0x28, 0xc7, 0xdb, 0xbf, 0x6f, 0x5f, 0x18, 0xc1, 0x51, 0xa2, 0xad, 0xd8, 0x1b, + 0x52, 0x49, 0x2f, 0x62, 0x59, 0xba, 0xca, 0x2e, 0x66, 0xe6, 0xbf, 0x51, 0xea, 0xff, 0x90, 0x10, + 0x5b, 0xa8, 0x56, 0x02, 0x91, 0x89, 0xcb, 0x4e, 0x5f, 0xe1, 0xe9, 0x73, 0x63, 0x1d, 0x72, 0xfb, + 0x24, 0xf1, 0xa4, 0xc9, 0x71, 0x0b, 0x16, 0xf9, 0x1e, 0x42, 0x56, 0x69, 0xbd, 0x04, 0xe2, 0x02, + 0x9e, 0xbe, 0xb3, 0xf5, 0xfd, 0xb4, 0xee, 0xfc, 0x38, 0xad, 0x3b, 0xbf, 0x4e, 0xeb, 0xce, 0xdb, + 0xc6, 0x65, 0x8f, 0x51, 0xf1, 0x75, 0xdd, 0xaf, 0xe0, 0xa3, 0xb3, 0xf9, 0x37, 0x00, 0x00, 0xff, + 0xff, 0x1d, 0x14, 0x43, 0x64, 0x76, 0x07, 0x00, 0x00, } diff --git a/server/project/project.proto b/server/project/project.proto index 996b12ed5ca93..cc3fec82790a6 100644 --- a/server/project/project.proto +++ b/server/project/project.proto @@ -21,13 +21,14 @@ message ProjectCreateRequest { // ProjectTokenCreateRequest defines project token deletion parameters. message ProjectTokenDeleteRequest { string project = 1; - string token = 2; + string role = 2; + int64 createdAt = 3; } // ProjectTokenCreateRequest defines project token creation parameters. message ProjectTokenCreateRequest { string project = 1; - string token = 2; + string role = 2; int64 secondsBeforeExpiry = 3; } // ProjectTokenResponse wraps the created token or returns an empty string if deleted. diff --git a/server/project/project_test.go b/server/project/project_test.go index 8f0ef87918809..abfe2743ce756 100644 --- a/server/project/project_test.go +++ b/server/project/project_test.go @@ -136,7 +136,7 @@ func TestProjectServer(t *testing.T) { tokenName := "testToken" projectWithRole.Spec.Roles = []v1alpha1.ProjectRole{{Name: tokenName}} projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projectWithRole), enforcer, util.NewKeyLock(), sessionMgr) - tokenResponse, err := projectServer.CreateToken(context.Background(), &ProjectTokenCreateRequest{Project: projectWithRole.Name, Token: tokenName, SecondsBeforeExpiry: 1}) + tokenResponse, err := projectServer.CreateToken(context.Background(), &ProjectTokenCreateRequest{Project: projectWithRole.Name, Role: tokenName, SecondsBeforeExpiry: 1}) assert.Nil(t, err) claims, err := sessionMgr.Parse(tokenResponse.Token) assert.Nil(t, err) @@ -153,29 +153,34 @@ func TestProjectServer(t *testing.T) { sessionMgr := session.NewSessionManager(&settings.ArgoCDSettings{}) projWithToken := existingProj.DeepCopy() tokenName := "testToken" - - token := v1alpha1.ProjectRole{Name: tokenName, JwtToken: &v1alpha1.JwtToken{CreatedAt: 1}} + createdAt := int64(1) + secondCreatedAt := createdAt + 1 + token := v1alpha1.ProjectRole{Name: tokenName, JwtTokens: []v1alpha1.JwtToken{{CreatedAt: createdAt}, {CreatedAt: secondCreatedAt}}} projWithToken.Spec.Roles = append(projWithToken.Spec.Roles, token) projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, util.NewKeyLock(), sessionMgr) - _, err := projectServer.DeleteToken(context.Background(), &ProjectTokenDeleteRequest{Project: projWithToken.Name, Token: tokenName}) + _, err := projectServer.DeleteToken(context.Background(), &ProjectTokenDeleteRequest{Project: projWithToken.Name, Role: tokenName, CreatedAt: createdAt}) assert.Nil(t, err) projWithoutToken, err := projectServer.Get(context.Background(), &ProjectQuery{Name: projWithToken.Name}) assert.Nil(t, err) assert.Len(t, projWithoutToken.Spec.Roles, 1) - assert.Nil(t, projWithoutToken.Spec.Roles[0].JwtToken) + assert.Len(t, projWithoutToken.Spec.Roles[0].JwtTokens, 1) + assert.Equal(t, projWithoutToken.Spec.Roles[0].JwtTokens[0].CreatedAt, secondCreatedAt) }) - t.Run("TestCreateDuplicateTokenFailure", func(t *testing.T) { + t.Run("TestCreateTwoTokensInRoleSuccess", func(t *testing.T) { sessionMgr := session.NewSessionManager(&settings.ArgoCDSettings{}) projWithToken := existingProj.DeepCopy() tokenName := "testToken" - token := v1alpha1.ProjectRole{Name: tokenName, JwtToken: &v1alpha1.JwtToken{CreatedAt: 1}} + token := v1alpha1.ProjectRole{Name: tokenName, JwtTokens: []v1alpha1.JwtToken{{CreatedAt: 1}}} projWithToken.Spec.Roles = append(projWithToken.Spec.Roles, token) projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, util.NewKeyLock(), sessionMgr) - _, err := projectServer.CreateToken(context.Background(), &ProjectTokenCreateRequest{Project: projWithToken.Name, Token: tokenName}) - expectedError := fmt.Sprintf("rpc error: code = AlreadyExists desc = Role '%s' already has a JwtToken", tokenName) - assert.EqualError(t, err, expectedError) + _, err := projectServer.CreateToken(context.Background(), &ProjectTokenCreateRequest{Project: projWithToken.Name, Role: tokenName}) + assert.Nil(t, err) + projWithTwoTokens, err := projectServer.Get(context.Background(), &ProjectQuery{Name: projWithToken.Name}) + assert.Nil(t, err) + assert.Len(t, projWithTwoTokens.Spec.Roles, 1) + assert.Len(t, projWithTwoTokens.Spec.Roles[0].JwtTokens, 2) }) t.Run("TestCreateRolePolicySuccessfully", func(t *testing.T) { @@ -184,7 +189,7 @@ func TestProjectServer(t *testing.T) { roleName := "testRole" projWithRole := existingProj.DeepCopy() - role := v1alpha1.ProjectRole{Name: roleName, JwtToken: &v1alpha1.JwtToken{CreatedAt: 1}} + role := v1alpha1.ProjectRole{Name: roleName, JwtTokens: []v1alpha1.JwtToken{{CreatedAt: 1}}} policy := fmt.Sprintf(policyTemplate, projWithRole.Name, roleName, action, projWithRole.Name, object) role.Policies = append(role.Policies, policy) projWithRole.Spec.Roles = append(projWithRole.Spec.Roles, role) @@ -204,7 +209,7 @@ func TestProjectServer(t *testing.T) { roleName := "testRole" projWithRole := existingProj.DeepCopy() - role := v1alpha1.ProjectRole{Name: roleName, JwtToken: &v1alpha1.JwtToken{CreatedAt: 1}} + role := v1alpha1.ProjectRole{Name: roleName, JwtTokens: []v1alpha1.JwtToken{{CreatedAt: 1}}} policy := fmt.Sprintf(policyTemplate, projWithRole.Name, roleName, action, projWithRole.Name, object) role.Policies = append(role.Policies, policy) role.Policies = append(role.Policies, policy) @@ -224,7 +229,7 @@ func TestProjectServer(t *testing.T) { otherProject := "other-project" projWithRole := existingProj.DeepCopy() - role := v1alpha1.ProjectRole{Name: roleName, JwtToken: &v1alpha1.JwtToken{CreatedAt: 1}} + role := v1alpha1.ProjectRole{Name: roleName, JwtTokens: []v1alpha1.JwtToken{{CreatedAt: 1}}} policy := fmt.Sprintf(policyTemplate, projWithRole.Name, roleName, action, otherProject, object) role.Policies = append(role.Policies, policy) projWithRole.Spec.Roles = append(projWithRole.Spec.Roles, role) @@ -243,7 +248,7 @@ func TestProjectServer(t *testing.T) { otherProject := "other-project" projWithRole := existingProj.DeepCopy() - role := v1alpha1.ProjectRole{Name: roleName, JwtToken: &v1alpha1.JwtToken{CreatedAt: 1}} + role := v1alpha1.ProjectRole{Name: roleName, JwtTokens: []v1alpha1.JwtToken{{CreatedAt: 1}}} invalidPolicy := fmt.Sprintf(policyTemplate, otherProject, roleName, action, projWithRole.Name, object) role.Policies = append(role.Policies, invalidPolicy) projWithRole.Spec.Roles = append(projWithRole.Spec.Roles, role) @@ -262,7 +267,7 @@ func TestProjectServer(t *testing.T) { otherToken := "other-token" projWithRole := existingProj.DeepCopy() - role := v1alpha1.ProjectRole{Name: roleName, JwtToken: &v1alpha1.JwtToken{CreatedAt: 1}} + role := v1alpha1.ProjectRole{Name: roleName, JwtTokens: []v1alpha1.JwtToken{{CreatedAt: 1}}} invalidPolicy := fmt.Sprintf(policyTemplate, projWithRole.Name, otherToken, action, projWithRole.Name, object) role.Policies = append(role.Policies, invalidPolicy) projWithRole.Spec.Roles = append(projWithRole.Spec.Roles, role) diff --git a/server/server.go b/server/server.go index 14bc709e31875..a045448387041 100644 --- a/server/server.go +++ b/server/server.go @@ -644,11 +644,12 @@ func enforceJwtToken(enf *rbac.Enforcer, a appclientset.Interface, namespace str if err != nil { return false } - if proj.Spec.Roles[index].JwtToken == nil { + if proj.Spec.Roles[index].JwtTokens == nil { return false } iat := jwtUtil.GetInt64Field(mapClaims, "iat") - if proj.Spec.Roles[index].JwtToken.CreatedAt != iat { + _, err = projectUtil.GetJwtTokenIndexByCreatedAt(proj, index, iat) + if err != nil { return false } vals := append([]interface{}{user}, rvals[1:]...) diff --git a/server/server_test.go b/server/server_test.go index 50e61d26eaf52..17f42bd44087f 100644 --- a/server/server_test.go +++ b/server/server_test.go @@ -60,7 +60,7 @@ func TestEnforceJwtToken(t *testing.T) { policy := fmt.Sprintf("p, %s, projects, get, %s", sub, projectName) createdAt := int64(1) - token := v1alpha1.ProjectRole{Name: tokenName, Policies: []string{policy}, JwtToken: &v1alpha1.JwtToken{CreatedAt: createdAt}} + token := v1alpha1.ProjectRole{Name: tokenName, Policies: []string{policy}, JwtTokens: []v1alpha1.JwtToken{{CreatedAt: createdAt}}} existingProj := v1alpha1.AppProject{ ObjectMeta: v1.ObjectMeta{Name: projectName, Namespace: fakeNamespace}, Spec: v1alpha1.AppProjectSpec{ @@ -105,7 +105,7 @@ func TestEnforceJwtToken(t *testing.T) { t.Run("TestEnforceJwtTokenNotJwtTokenFailure", func(t *testing.T) { proj := existingProj.DeepCopy() - proj.Spec.Roles[0].JwtToken = nil + proj.Spec.Roles[0].JwtTokens = nil s := NewServer(ArgoCDServerOpts{Namespace: fakeNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(proj)}) s.newGRPCServer() claims := jwt.MapClaims{"sub": sub, "iat": createdAt} diff --git a/server/swagger.json b/server/swagger.json index 6d682a868eb3e..6c684e16b3509 100644 --- a/server/swagger.json +++ b/server/swagger.json @@ -1384,12 +1384,12 @@ "project": { "type": "string" }, + "role": { + "type": "string" + }, "secondsBeforeExpiry": { "type": "string", "format": "int64" - }, - "token": { - "type": "string" } } }, @@ -2346,8 +2346,11 @@ "type": "object", "title": "ProjectRole represents a role that has access to a project", "properties": { - "jwtToken": { - "$ref": "#/definitions/v1alpha1JwtToken" + "jwtTokens": { + "type": "array", + "items": { + "$ref": "#/definitions/v1alpha1JwtToken" + } }, "name": { "type": "string" diff --git a/util/project/util.go b/util/project/util.go index ebf75bf9cbd00..80de5d166cf63 100644 --- a/util/project/util.go +++ b/util/project/util.go @@ -12,3 +12,13 @@ func GetRoleIndexByName(proj *v1alpha1.AppProject, name string) (int, error) { } return -1, fmt.Errorf("role '%s' does not exist in project '%s'", name, proj.Name) } + +// GetJwtTokenIndexByCreatedAt looks up the index of a JwtToken in a project by the created at time +func GetJwtTokenIndexByCreatedAt(proj *v1alpha1.AppProject, roleIndex int, createdAt int64) (int, error) { + for i, token := range proj.Spec.Roles[roleIndex].JwtTokens { + if createdAt == token.CreatedAt { + return i, nil + } + } + return -1, fmt.Errorf("JwtToken for role '%s' with '%d' created time does not exist in project '%s'", proj.Spec.Roles[roleIndex].Name, createdAt, proj.Name) +} From 4a91e717430695715196e2cbc6f930c6af59c87a Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Wed, 8 Aug 2018 22:44:58 -0700 Subject: [PATCH 21/43] Add expiresAt field to JwtToken --- pkg/apis/application/v1alpha1/generated.pb.go | 351 ++++++++++-------- pkg/apis/application/v1alpha1/generated.proto | 6 +- pkg/apis/application/v1alpha1/types.go | 5 +- server/project/project.go | 4 +- server/swagger.json | 6 +- 5 files changed, 203 insertions(+), 169 deletions(-) diff --git a/pkg/apis/application/v1alpha1/generated.pb.go b/pkg/apis/application/v1alpha1/generated.pb.go index 155a47485d0bb..a132bffa1eaae 100644 --- a/pkg/apis/application/v1alpha1/generated.pb.go +++ b/pkg/apis/application/v1alpha1/generated.pb.go @@ -1111,9 +1111,12 @@ func (m *JwtToken) MarshalTo(dAtA []byte) (int, error) { _ = i var l int _ = l - dAtA[i] = 0x18 + dAtA[i] = 0x8 i++ i = encodeVarintGenerated(dAtA, i, uint64(m.CreatedAt)) + dAtA[i] = 0x10 + i++ + i = encodeVarintGenerated(dAtA, i, uint64(m.ExpireAt)) return i, nil } @@ -2077,6 +2080,7 @@ func (m *JwtToken) Size() (n int) { var l int _ = l n += 1 + sovGenerated(uint64(m.CreatedAt)) + n += 1 + sovGenerated(uint64(m.ExpireAt)) return n } @@ -2580,6 +2584,7 @@ func (this *JwtToken) String() string { } s := strings.Join([]string{`&JwtToken{`, `CreatedAt:` + fmt.Sprintf("%v", this.CreatedAt) + `,`, + `ExpireAt:` + fmt.Sprintf("%v", this.ExpireAt) + `,`, `}`, }, "") return s @@ -5823,7 +5828,7 @@ func (m *JwtToken) Unmarshal(dAtA []byte) error { return fmt.Errorf("proto: JwtToken: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { - case 3: + case 1: if wireType != 0 { return fmt.Errorf("proto: wrong wireType = %d for field CreatedAt", wireType) } @@ -5842,6 +5847,25 @@ func (m *JwtToken) Unmarshal(dAtA []byte) error { break } } + case 2: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field ExpireAt", wireType) + } + m.ExpireAt = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.ExpireAt |= (int64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -8165,165 +8189,166 @@ func init() { } var fileDescriptorGenerated = []byte{ - // 2546 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xd4, 0x59, 0x4d, 0x8c, 0x1c, 0x47, - 0xf5, 0x77, 0xcf, 0xd7, 0xce, 0xbc, 0xd9, 0x0f, 0xbb, 0xf2, 0xf1, 0xdf, 0xbf, 0x23, 0xed, 0xae, - 0x3a, 0x7c, 0x18, 0x94, 0xcc, 0x60, 0x43, 0x20, 0x10, 0x84, 0xe4, 0x99, 0xb5, 0xe3, 0xf5, 0xfa, - 0x63, 0xa9, 0xd9, 0x04, 0x29, 0x44, 0x81, 0x76, 0x4f, 0xed, 0x4c, 0x7b, 0x66, 0xba, 0x3b, 0x5d, - 0x35, 0x63, 0x8d, 0x44, 0x50, 0x10, 0x42, 0xe2, 0x53, 0x02, 0x21, 0xc4, 0x95, 0x03, 0x27, 0x84, - 0x84, 0x84, 0x38, 0x21, 0x71, 0x80, 0x03, 0xf2, 0x8d, 0x1c, 0x40, 0x44, 0x01, 0xad, 0xf0, 0xe6, - 0x12, 0x89, 0x03, 0x27, 0x2e, 0x39, 0xa1, 0xfa, 0xe8, 0xae, 0xea, 0x9e, 0x5d, 0x76, 0xed, 0x69, - 0x1b, 0xb8, 0x75, 0xbf, 0xf7, 0xfa, 0xfd, 0x5e, 0xbd, 0x7a, 0xf5, 0x3e, 0xaa, 0x61, 0xab, 0xe7, - 0xb1, 0xfe, 0xf8, 0x56, 0xc3, 0x0d, 0x46, 0x4d, 0x27, 0xea, 0x05, 0x61, 0x14, 0xdc, 0x16, 0x0f, - 0xcf, 0xba, 0xdd, 0x66, 0x38, 0xe8, 0x35, 0x9d, 0xd0, 0xa3, 0x4d, 0x27, 0x0c, 0x87, 0x9e, 0xeb, - 0x30, 0x2f, 0xf0, 0x9b, 0x93, 0xf3, 0xce, 0x30, 0xec, 0x3b, 0xe7, 0x9b, 0x3d, 0xe2, 0x93, 0xc8, - 0x61, 0xa4, 0xdb, 0x08, 0xa3, 0x80, 0x05, 0xe8, 0xd3, 0x5a, 0x55, 0x23, 0x56, 0x25, 0x1e, 0xbe, - 0xe4, 0x76, 0x1b, 0xe1, 0xa0, 0xd7, 0xe0, 0xaa, 0x1a, 0x86, 0xaa, 0x46, 0xac, 0xea, 0xec, 0xb3, - 0x86, 0x15, 0xbd, 0xa0, 0x17, 0x34, 0x85, 0xc6, 0x5b, 0xe3, 0x3d, 0xf1, 0x26, 0x5e, 0xc4, 0x93, - 0x44, 0x3a, 0xfb, 0x89, 0xc1, 0xf3, 0xb4, 0xe1, 0x05, 0xdc, 0xb6, 0x91, 0xe3, 0xf6, 0x3d, 0x9f, - 0x44, 0x53, 0x6d, 0xec, 0x88, 0x30, 0xa7, 0x39, 0x99, 0xb1, 0xef, 0x6c, 0xf3, 0xa8, 0xaf, 0xa2, - 0xb1, 0xcf, 0xbc, 0x11, 0x99, 0xf9, 0xe0, 0x93, 0xc7, 0x7d, 0x40, 0xdd, 0x3e, 0x19, 0x39, 0x33, - 0xdf, 0x7d, 0xfc, 0xa8, 0xef, 0xc6, 0xcc, 0x1b, 0x36, 0x3d, 0x9f, 0x51, 0x16, 0x65, 0x3f, 0xb2, - 0xff, 0x62, 0x01, 0x5c, 0x0c, 0xc3, 0x9d, 0x28, 0xb8, 0x4d, 0x5c, 0x86, 0xbe, 0x0c, 0x55, 0xbe, - 0x8e, 0xae, 0xc3, 0x9c, 0x55, 0x6b, 0xc3, 0x3a, 0x57, 0xbf, 0xf0, 0xb1, 0x86, 0x54, 0xdb, 0x30, - 0xd5, 0x6a, 0xbf, 0x72, 0xe9, 0xc6, 0xe4, 0x7c, 0xe3, 0xe6, 0x2d, 0xfe, 0xfd, 0x75, 0xc2, 0x9c, - 0x16, 0xba, 0xbb, 0xbf, 0x7e, 0xea, 0x60, 0x7f, 0x1d, 0x34, 0x0d, 0x27, 0x5a, 0xd1, 0x00, 0x4a, - 0x34, 0x24, 0xee, 0x6a, 0x41, 0x68, 0xdf, 0x6a, 0x3c, 0xf0, 0xee, 0x35, 0xb4, 0xd9, 0x9d, 0x90, - 0xb8, 0xad, 0x45, 0x05, 0x5b, 0xe2, 0x6f, 0x58, 0x80, 0xd8, 0xef, 0x58, 0xb0, 0xac, 0xc5, 0xae, - 0x79, 0x94, 0xa1, 0x57, 0x67, 0x56, 0xd8, 0x38, 0xd9, 0x0a, 0xf9, 0xd7, 0x62, 0x7d, 0xa7, 0x15, - 0x50, 0x35, 0xa6, 0x18, 0xab, 0xbb, 0x0d, 0x65, 0x8f, 0x91, 0x11, 0x5d, 0x2d, 0x6c, 0x14, 0xcf, - 0xd5, 0x2f, 0x5c, 0xca, 0x65, 0x79, 0xad, 0x25, 0x85, 0x58, 0xde, 0xe2, 0xba, 0xb1, 0x84, 0xb0, - 0xff, 0x59, 0x30, 0x17, 0xc7, 0x57, 0x8d, 0xce, 0x43, 0x9d, 0x06, 0xe3, 0xc8, 0x25, 0x98, 0x84, - 0x01, 0x5d, 0xb5, 0x36, 0x8a, 0xe7, 0x6a, 0xad, 0x95, 0x83, 0xfd, 0xf5, 0x7a, 0x47, 0x93, 0xb1, - 0x29, 0x83, 0xbe, 0x63, 0xc1, 0x62, 0x97, 0x50, 0xe6, 0xf9, 0x02, 0x3f, 0xb6, 0xfc, 0xf3, 0xf3, - 0x59, 0x1e, 0x13, 0x37, 0xb5, 0xe6, 0xd6, 0xe3, 0x6a, 0x15, 0x8b, 0x06, 0x91, 0xe2, 0x14, 0x38, - 0x7a, 0x0e, 0xea, 0x5d, 0x42, 0xdd, 0xc8, 0x0b, 0xf9, 0xfb, 0x6a, 0x71, 0xc3, 0x3a, 0x57, 0x6b, - 0x3d, 0xa6, 0x3e, 0xac, 0x6f, 0x6a, 0x16, 0x36, 0xe5, 0xd0, 0x00, 0xca, 0x51, 0x30, 0x24, 0x74, - 0xb5, 0x24, 0x8c, 0xbf, 0x3c, 0x87, 0xf1, 0xca, 0x9d, 0x38, 0x18, 0x12, 0xed, 0x77, 0xfe, 0x46, - 0xb1, 0xc4, 0xb0, 0x7f, 0x5f, 0x84, 0xba, 0xb1, 0xc4, 0x47, 0x70, 0x66, 0x86, 0xa9, 0x33, 0x73, - 0x35, 0x9f, 0xad, 0x39, 0xea, 0xd0, 0x20, 0x06, 0x15, 0xca, 0x1c, 0x36, 0xa6, 0xc2, 0xfd, 0xf5, - 0x0b, 0xd7, 0x72, 0xc2, 0x13, 0x3a, 0x5b, 0xcb, 0x0a, 0xb1, 0x22, 0xdf, 0xb1, 0xc2, 0x42, 0xaf, - 0x43, 0x2d, 0x08, 0x79, 0x6a, 0xe2, 0xfb, 0x5e, 0x12, 0xc0, 0x9b, 0x73, 0x00, 0xdf, 0x8c, 0x75, - 0xb5, 0x96, 0x0e, 0xf6, 0xd7, 0x6b, 0xc9, 0x2b, 0xd6, 0x28, 0xb6, 0x0b, 0x8f, 0x1b, 0xf6, 0xb5, - 0x03, 0xbf, 0xeb, 0x89, 0x0d, 0xdd, 0x80, 0x12, 0x9b, 0x86, 0x44, 0x6c, 0x66, 0x4d, 0xbb, 0x68, - 0x77, 0x1a, 0x12, 0x2c, 0x38, 0xe8, 0x23, 0xb0, 0x30, 0x22, 0x94, 0x3a, 0x3d, 0x22, 0xf6, 0xa4, - 0xd6, 0x5a, 0x51, 0x42, 0x0b, 0xd7, 0x25, 0x19, 0xc7, 0x7c, 0xfb, 0x75, 0x78, 0xf2, 0xf0, 0xf3, - 0x80, 0x3e, 0x04, 0x15, 0x4a, 0xa2, 0x09, 0x89, 0x14, 0x90, 0xf6, 0x8c, 0xa0, 0x62, 0xc5, 0x45, - 0x4d, 0xa8, 0xf9, 0xce, 0x88, 0xd0, 0xd0, 0x71, 0x63, 0xb8, 0x33, 0x4a, 0xb4, 0x76, 0x23, 0x66, - 0x60, 0x2d, 0x63, 0xff, 0xd5, 0x82, 0x15, 0x03, 0xf3, 0x11, 0xa4, 0xbd, 0x41, 0x3a, 0xed, 0x5d, - 0xce, 0x27, 0x62, 0x8e, 0xc8, 0x7b, 0xbf, 0x2d, 0xc2, 0x19, 0x33, 0xae, 0x44, 0x32, 0xe3, 0x5b, - 0x12, 0x91, 0x30, 0x78, 0x09, 0x5f, 0x53, 0xee, 0x4c, 0xb6, 0x04, 0x4b, 0x32, 0x8e, 0xf9, 0x7c, - 0x7f, 0x43, 0x87, 0xf5, 0x95, 0x2f, 0x93, 0xfd, 0xdd, 0x71, 0x58, 0x1f, 0x0b, 0x0e, 0x4f, 0x43, - 0xc4, 0x9f, 0x78, 0x51, 0xe0, 0x8f, 0x88, 0xcf, 0xb2, 0x69, 0xe8, 0x92, 0x66, 0x61, 0x53, 0x0e, - 0x7d, 0x0e, 0x96, 0x99, 0x13, 0xf5, 0x08, 0xc3, 0x64, 0xe2, 0xd1, 0x38, 0x90, 0x6b, 0xad, 0x27, - 0xd5, 0x97, 0xcb, 0xbb, 0x29, 0x2e, 0xce, 0x48, 0xa3, 0x5f, 0x59, 0xf0, 0x94, 0x1b, 0x8c, 0xc2, - 0xc0, 0x27, 0x3e, 0xdb, 0x71, 0x22, 0x67, 0x44, 0x18, 0x89, 0x6e, 0x4e, 0x48, 0x14, 0x79, 0x5d, - 0x42, 0x57, 0xcb, 0xc2, 0xbb, 0xd7, 0xe7, 0xf0, 0x6e, 0x7b, 0x46, 0x7b, 0xeb, 0x69, 0x65, 0xdc, - 0x53, 0xed, 0xa3, 0x91, 0xf1, 0xbf, 0x33, 0x8b, 0x57, 0x9d, 0x89, 0x33, 0x1c, 0x13, 0x7a, 0xd9, - 0xe3, 0x39, 0xb8, 0xa2, 0xab, 0xce, 0xcb, 0x9a, 0x8c, 0x4d, 0x19, 0xfb, 0x37, 0x85, 0x54, 0x88, - 0x76, 0xe2, 0xbc, 0x23, 0xf6, 0x52, 0x05, 0x68, 0x5e, 0x79, 0x47, 0xe8, 0x34, 0x4e, 0x97, 0x2c, - 0x7e, 0x0a, 0x0b, 0x7d, 0xd3, 0x12, 0x25, 0x27, 0x3e, 0x95, 0x2a, 0xc7, 0x3e, 0x84, 0xf2, 0x67, - 0x56, 0xb1, 0x98, 0x88, 0x4d, 0x68, 0x1e, 0xc2, 0xa1, 0xac, 0x3e, 0x2a, 0xe2, 0x92, 0x10, 0x8e, - 0x8b, 0x52, 0xcc, 0xb7, 0x7f, 0x52, 0x49, 0x9f, 0x01, 0x99, 0x43, 0x7f, 0x60, 0xc1, 0x69, 0xbe, - 0x51, 0x4e, 0xe4, 0xd1, 0xc0, 0xc7, 0x84, 0x8e, 0x87, 0x4c, 0x39, 0x73, 0x7b, 0xce, 0xa0, 0x31, - 0x55, 0xb6, 0x56, 0x95, 0x5d, 0xa7, 0xb3, 0x1c, 0x3c, 0x03, 0x8f, 0x18, 0x2c, 0xf4, 0x3d, 0xca, - 0x82, 0x68, 0xaa, 0x92, 0xc3, 0x3c, 0x2d, 0xdf, 0x26, 0x09, 0x87, 0xc1, 0x94, 0x9f, 0xb5, 0x2d, - 0x7f, 0x2f, 0xd0, 0xfe, 0xb9, 0x22, 0x11, 0x70, 0x0c, 0x85, 0xbe, 0x66, 0x01, 0x84, 0x71, 0xa4, - 0xf2, 0x42, 0xf6, 0x10, 0x0e, 0x4e, 0x52, 0xb3, 0x13, 0x12, 0xc5, 0x06, 0x28, 0x0a, 0xa0, 0xd2, - 0x27, 0xce, 0x90, 0xf5, 0x55, 0x39, 0x7b, 0x71, 0x0e, 0xf8, 0x2b, 0x42, 0x51, 0xb6, 0x84, 0x4a, - 0x2a, 0x56, 0x30, 0xe8, 0x1b, 0x16, 0x2c, 0x27, 0xd5, 0x8d, 0xcb, 0x92, 0xd5, 0xf2, 0xdc, 0x5d, - 0xf6, 0xcd, 0x94, 0xc2, 0x16, 0xe2, 0x69, 0x2c, 0x4d, 0xc3, 0x19, 0x50, 0xf4, 0x75, 0x0b, 0xc0, - 0x8d, 0xab, 0xa9, 0xcc, 0x07, 0xf5, 0x0b, 0x37, 0xf3, 0x39, 0x51, 0x49, 0x95, 0xd6, 0xee, 0x4f, - 0x48, 0x14, 0x1b, 0xb0, 0xf6, 0xbb, 0x16, 0x3c, 0x61, 0x7c, 0xf8, 0x05, 0x87, 0xb9, 0xfd, 0x4b, - 0x13, 0x9e, 0xa6, 0xb7, 0x53, 0xf5, 0xfd, 0x53, 0x66, 0x7d, 0x7f, 0x7f, 0x7f, 0xfd, 0xc3, 0x47, - 0x8d, 0x51, 0x77, 0xb8, 0x86, 0x86, 0x50, 0x61, 0xb4, 0x02, 0x6f, 0x40, 0xdd, 0xb0, 0x59, 0xa5, - 0x8f, 0xbc, 0x0a, 0x60, 0x92, 0x33, 0x0c, 0x22, 0x36, 0xf1, 0xec, 0x3f, 0x15, 0x60, 0xa1, 0x3d, - 0x1c, 0x53, 0x46, 0xa2, 0x13, 0x37, 0x14, 0x1b, 0x50, 0xe2, 0xcd, 0x42, 0xb6, 0xfe, 0xf1, 0x5e, - 0x02, 0x0b, 0x0e, 0x0a, 0xa1, 0xe2, 0x06, 0xfe, 0x9e, 0xd7, 0x53, 0x2d, 0xe0, 0x95, 0x79, 0x4e, - 0x8e, 0xb4, 0xae, 0x2d, 0xf4, 0x69, 0x9b, 0xe4, 0x3b, 0x56, 0x38, 0xe8, 0x7b, 0x16, 0xac, 0xb8, - 0x81, 0xef, 0x13, 0x57, 0x07, 0x6f, 0x69, 0xee, 0x76, 0xb7, 0x9d, 0xd6, 0xd8, 0xfa, 0x3f, 0x85, - 0xbe, 0x92, 0x61, 0xe0, 0x2c, 0xb6, 0xfd, 0xcb, 0x02, 0x2c, 0xa5, 0x2c, 0x47, 0xcf, 0x40, 0x75, - 0x4c, 0x49, 0x24, 0x3c, 0x27, 0xfd, 0x9b, 0x74, 0x44, 0x2f, 0x29, 0x3a, 0x4e, 0x24, 0xb8, 0x74, - 0xe8, 0x50, 0x7a, 0x27, 0x88, 0xba, 0xca, 0xcf, 0x89, 0xf4, 0x8e, 0xa2, 0xe3, 0x44, 0x82, 0xf7, - 0x1b, 0xb7, 0x88, 0x13, 0x91, 0x68, 0x37, 0x18, 0x90, 0x99, 0xb1, 0xa7, 0xa5, 0x59, 0xd8, 0x94, - 0x13, 0x4e, 0x63, 0x43, 0xda, 0x1e, 0x7a, 0xc4, 0x67, 0xd2, 0xcc, 0x1c, 0x9c, 0xb6, 0x7b, 0xad, - 0x63, 0x6a, 0xd4, 0x4e, 0xcb, 0x30, 0x70, 0x16, 0xdb, 0xfe, 0xa3, 0x05, 0x75, 0xe5, 0xb4, 0x47, - 0xd0, 0x74, 0xf6, 0xd2, 0x4d, 0x67, 0x6b, 0xfe, 0x18, 0x3d, 0xa2, 0xe1, 0xfc, 0x79, 0x11, 0x66, - 0x2a, 0x1d, 0x7a, 0x8d, 0xe7, 0x38, 0x4e, 0x23, 0xdd, 0x8b, 0x71, 0x91, 0xfd, 0xe8, 0xc9, 0x56, - 0xb7, 0xeb, 0x8d, 0x88, 0x99, 0xbe, 0x62, 0x2d, 0xd8, 0xd0, 0x88, 0xde, 0xb4, 0x34, 0xc0, 0x6e, - 0xa0, 0xf2, 0x4a, 0xbe, 0x2d, 0xd1, 0x8c, 0x09, 0xbb, 0x01, 0x36, 0x30, 0xd1, 0x67, 0x92, 0x41, - 0xb0, 0x2c, 0x02, 0xd2, 0x4e, 0x8f, 0x6e, 0xef, 0xa7, 0x1a, 0x80, 0xcc, 0x38, 0x37, 0x85, 0x5a, - 0x44, 0x64, 0x8b, 0x15, 0x57, 0x80, 0x79, 0x92, 0x08, 0x56, 0xba, 0xe4, 0x31, 0x4e, 0xc6, 0x9f, - 0x98, 0x4c, 0xb1, 0x46, 0xb3, 0xbf, 0x6b, 0x01, 0x9a, 0x2d, 0xd7, 0x7c, 0x8c, 0x4a, 0x9a, 0x58, - 0x75, 0x80, 0x13, 0x3d, 0x89, 0x38, 0xd6, 0x32, 0x27, 0x48, 0x93, 0x4f, 0x43, 0x59, 0x34, 0xb5, - 0xea, 0xc0, 0x26, 0xd1, 0x23, 0xda, 0x5e, 0x2c, 0x79, 0xf6, 0xef, 0x2c, 0xc8, 0xa6, 0x1b, 0x91, - 0xa9, 0xa5, 0x67, 0xb3, 0x99, 0x3a, 0xed, 0xc5, 0x93, 0xcf, 0x99, 0xe8, 0x55, 0xa8, 0x3b, 0x8c, - 0x91, 0x51, 0xc8, 0x44, 0x40, 0x16, 0xef, 0x3b, 0x20, 0x97, 0x79, 0x24, 0x5c, 0x0f, 0xba, 0xde, - 0x9e, 0x27, 0x82, 0xd1, 0x54, 0x67, 0xbf, 0x57, 0x84, 0xe5, 0x74, 0xf3, 0x85, 0xc6, 0x50, 0x11, - 0xcd, 0x8e, 0xbc, 0x66, 0xca, 0xbd, 0xbb, 0x4a, 0x5c, 0x22, 0x48, 0x14, 0x2b, 0x30, 0x9e, 0x58, - 0xa3, 0x78, 0xba, 0xca, 0x24, 0xd6, 0x64, 0xae, 0x4a, 0x24, 0x8e, 0x9d, 0xa8, 0x8a, 0xff, 0x9d, - 0x13, 0xd5, 0x6b, 0x00, 0x5d, 0xe1, 0x6d, 0xb1, 0x97, 0xa5, 0x07, 0x4f, 0x2e, 0x9b, 0x89, 0x16, - 0x6c, 0x68, 0x44, 0x67, 0xa1, 0xe0, 0x75, 0xc5, 0xa9, 0x2e, 0xb6, 0x40, 0xc9, 0x16, 0xb6, 0x36, - 0x71, 0xc1, 0xeb, 0xda, 0x14, 0x16, 0xcd, 0x6e, 0xf3, 0xc4, 0xb1, 0xfa, 0x02, 0x2c, 0xc9, 0xa7, - 0x4d, 0xc2, 0x1c, 0x6f, 0x48, 0xd5, 0xee, 0x3c, 0xa1, 0xc4, 0x97, 0x3a, 0x26, 0x13, 0xa7, 0x65, - 0xed, 0x1f, 0x17, 0x00, 0xae, 0x04, 0xc1, 0x40, 0x61, 0xc6, 0x47, 0xcf, 0x3a, 0xf2, 0xe8, 0x6d, - 0x40, 0x69, 0xe0, 0xf9, 0xdd, 0xec, 0xe1, 0xdc, 0xf6, 0xfc, 0x2e, 0x16, 0x1c, 0x74, 0x01, 0xc0, - 0x09, 0xbd, 0x97, 0x49, 0x44, 0xf5, 0x4d, 0x62, 0xe2, 0x97, 0x8b, 0x3b, 0x5b, 0x8a, 0x83, 0x0d, - 0x29, 0xf4, 0x8c, 0xea, 0x0c, 0xe5, 0xd8, 0xbe, 0x9a, 0xe9, 0x0c, 0xab, 0xdc, 0x42, 0xa3, 0xf5, - 0x7b, 0x3e, 0x93, 0x1f, 0x37, 0x66, 0xf2, 0xa3, 0xee, 0x94, 0x77, 0xfa, 0x0e, 0x25, 0x87, 0x9d, - 0xeb, 0xca, 0x31, 0xf7, 0x47, 0x2f, 0x40, 0xf5, 0xea, 0x1d, 0x26, 0xeb, 0x3d, 0x4f, 0x61, 0x11, - 0x71, 0xf4, 0x09, 0x2f, 0x1a, 0x29, 0x2c, 0x66, 0x60, 0x2d, 0x63, 0xff, 0xdd, 0x02, 0x7d, 0xf5, - 0x85, 0xf6, 0xa0, 0x44, 0xa7, 0xbe, 0xab, 0x8a, 0xd5, 0x3c, 0xe9, 0xb8, 0x33, 0xf5, 0x5d, 0x7d, - 0xc3, 0x56, 0x15, 0x17, 0x88, 0x53, 0xdf, 0xc5, 0x42, 0x3f, 0x9a, 0x40, 0x35, 0x0a, 0x86, 0xc3, - 0x5b, 0x8e, 0x3b, 0xc8, 0xa1, 0x6e, 0x61, 0xa5, 0x4a, 0xe3, 0x2d, 0x8a, 0xc3, 0xae, 0xc8, 0x38, - 0xc1, 0xb2, 0x7f, 0x51, 0x86, 0xcc, 0x68, 0x82, 0xc6, 0xe6, 0xad, 0xa2, 0x95, 0xe3, 0xad, 0x62, - 0xe2, 0xf7, 0xc3, 0x6e, 0x16, 0xd1, 0x73, 0x50, 0x0e, 0xf9, 0x86, 0xab, 0xf0, 0x5c, 0x8f, 0x0b, - 0x83, 0x88, 0x82, 0x43, 0xe2, 0x42, 0x4a, 0x9b, 0x61, 0x51, 0x3c, 0x26, 0xdd, 0x7f, 0x15, 0x80, - 0xfb, 0x5a, 0xcd, 0xf8, 0x32, 0x43, 0xdc, 0xc8, 0x6b, 0x47, 0xd5, 0x98, 0x2f, 0x2a, 0x42, 0x27, - 0x41, 0xc1, 0x06, 0x22, 0xfa, 0xb6, 0x05, 0xcb, 0xb1, 0xe3, 0x95, 0x11, 0xe5, 0x87, 0x62, 0x84, - 0x18, 0x38, 0x71, 0x0a, 0x09, 0x67, 0x90, 0xd1, 0x17, 0xa1, 0x46, 0x99, 0x13, 0xc9, 0x73, 0x51, - 0xb9, 0xef, 0x6c, 0x99, 0xec, 0x65, 0x27, 0x56, 0x82, 0xb5, 0x3e, 0xf4, 0x0a, 0xc0, 0x9e, 0xe7, - 0x7b, 0xb4, 0x2f, 0xb4, 0x2f, 0x3c, 0x58, 0x5d, 0xbd, 0x9c, 0x68, 0xc0, 0x86, 0x36, 0xfb, 0x0f, - 0x16, 0xd4, 0x8d, 0x1f, 0x0e, 0x27, 0xc8, 0x7b, 0xe7, 0xa0, 0x1a, 0x06, 0x43, 0xcf, 0xf5, 0x88, - 0xec, 0x7b, 0x6b, 0xf2, 0x34, 0xec, 0x28, 0x1a, 0x4e, 0xb8, 0x88, 0x41, 0xed, 0xb6, 0x4a, 0x1c, - 0x71, 0x9d, 0x6b, 0xcf, 0xb1, 0x37, 0x71, 0x12, 0xd2, 0xde, 0x8a, 0x29, 0x14, 0x6b, 0x20, 0xfb, - 0xcf, 0x05, 0x00, 0xf1, 0x63, 0xc9, 0x13, 0xf7, 0x30, 0x1b, 0x50, 0x8a, 0x48, 0x18, 0x64, 0x17, - 0xc4, 0x25, 0xb0, 0xe0, 0xa4, 0xc6, 0xaa, 0xc2, 0x7d, 0x8d, 0x55, 0xc5, 0x63, 0xc7, 0x2a, 0x5e, - 0x92, 0x68, 0x7f, 0x27, 0xf2, 0x26, 0x0e, 0x23, 0xdb, 0x64, 0xaa, 0xf2, 0xba, 0x2e, 0x49, 0x9d, - 0x2b, 0x9a, 0x89, 0xd3, 0xb2, 0x87, 0x4e, 0xa4, 0xe5, 0xff, 0xe0, 0x44, 0xfa, 0x8e, 0x05, 0xcb, - 0xda, 0xb3, 0xff, 0x5b, 0xff, 0x32, 0xb5, 0xdd, 0x47, 0x8c, 0x58, 0xff, 0xb0, 0x60, 0x25, 0x6e, - 0xe6, 0x55, 0x4f, 0x90, 0x4b, 0x13, 0x90, 0xfa, 0x77, 0x52, 0x3c, 0xfe, 0xdf, 0x89, 0x99, 0x82, - 0x4b, 0xc7, 0xa4, 0xe0, 0xcf, 0x66, 0xca, 0xff, 0x07, 0x66, 0xca, 0x3f, 0x4a, 0xc6, 0x96, 0xa9, - 0xef, 0xa6, 0xdb, 0x25, 0xfb, 0x67, 0x16, 0x2c, 0xc6, 0xec, 0x1b, 0x41, 0x57, 0x0c, 0x13, 0x54, - 0x04, 0x99, 0x95, 0x1e, 0x26, 0x64, 0x38, 0x48, 0x1e, 0x1a, 0x43, 0xd5, 0xed, 0x7b, 0xc3, 0x6e, - 0x44, 0x7c, 0xb5, 0x2d, 0x2f, 0xe6, 0x30, 0x55, 0x71, 0x7c, 0x1d, 0x0a, 0x6d, 0x05, 0x80, 0x13, - 0x28, 0xfb, 0xd7, 0x45, 0x58, 0x4a, 0x8d, 0x60, 0xe8, 0x39, 0xa8, 0xcb, 0x9f, 0x17, 0x1d, 0xc3, - 0xe6, 0xe4, 0xc6, 0x62, 0x57, 0xb3, 0xb0, 0x29, 0xc7, 0xf7, 0x63, 0xe8, 0x4d, 0xa4, 0x8e, 0xec, - 0xbf, 0xac, 0x6b, 0x31, 0x03, 0x6b, 0x19, 0x63, 0x06, 0x2d, 0xde, 0xf7, 0x0c, 0xfa, 0x43, 0x0b, - 0x90, 0x58, 0x02, 0xd7, 0x9c, 0x8c, 0x8a, 0xea, 0x1f, 0x71, 0x6e, 0x7e, 0x3b, 0xab, 0x2c, 0x42, - 0xed, 0x19, 0x28, 0x7c, 0x08, 0xbc, 0x71, 0x2d, 0x5c, 0x7e, 0x24, 0xd7, 0xc2, 0xf6, 0x57, 0xe0, - 0xcc, 0x4c, 0x0f, 0xa5, 0x26, 0x00, 0xeb, 0xb0, 0x09, 0x80, 0x47, 0x62, 0x18, 0x8d, 0x7d, 0xb9, - 0x41, 0x55, 0x1d, 0x89, 0x3b, 0x9c, 0x88, 0x25, 0x8f, 0x8f, 0x05, 0xdd, 0x68, 0x8a, 0xc7, 0xb2, - 0xb5, 0xae, 0x6a, 0xf4, 0x4d, 0x41, 0xc5, 0x8a, 0x6b, 0x7f, 0xab, 0x00, 0x4b, 0xa9, 0xba, 0x9e, - 0x9a, 0xe0, 0xac, 0x63, 0x27, 0xb8, 0x3c, 0x8d, 0x41, 0x6f, 0xc0, 0x22, 0x15, 0x47, 0x31, 0x72, - 0x18, 0xe9, 0x4d, 0x73, 0xb8, 0x98, 0xef, 0x18, 0xea, 0x5a, 0xa7, 0x0f, 0xf6, 0xd7, 0x17, 0x4d, - 0x0a, 0x4e, 0xc1, 0xd9, 0x3f, 0x2d, 0xc0, 0x63, 0x87, 0xf4, 0x38, 0xe8, 0x8e, 0x79, 0x59, 0x22, - 0xa7, 0xe9, 0xab, 0x39, 0x84, 0xa7, 0x4a, 0xa4, 0xf2, 0x0f, 0xf8, 0x61, 0x57, 0x25, 0xf7, 0x39, - 0x4c, 0xef, 0x41, 0xb9, 0x1f, 0x04, 0x83, 0xb8, 0x9b, 0x98, 0xa7, 0x20, 0xe8, 0x59, 0xaf, 0x55, - 0xe3, 0xbb, 0xc9, 0xdf, 0x29, 0x96, 0xea, 0xed, 0xf7, 0x2c, 0x48, 0x79, 0x11, 0x8d, 0xa0, 0xcc, - 0xb5, 0x4c, 0x73, 0xf8, 0x31, 0x68, 0xea, 0xbd, 0xc8, 0x75, 0x4a, 0x7c, 0xf1, 0x88, 0x25, 0x0a, - 0xf2, 0xa0, 0xc4, 0x0d, 0x51, 0xb3, 0xcb, 0x76, 0x4e, 0x68, 0x7c, 0x89, 0x72, 0x54, 0xe2, 0x4f, - 0x58, 0x40, 0xd8, 0xcf, 0xc3, 0x99, 0x19, 0x8b, 0x78, 0xc8, 0xef, 0x05, 0xf1, 0x7f, 0x50, 0x23, - 0xe4, 0x2f, 0x73, 0x22, 0x96, 0x3c, 0x5e, 0x3f, 0x4e, 0x67, 0xd5, 0xa3, 0x1f, 0x59, 0x70, 0x86, - 0x66, 0xf5, 0x3d, 0x14, 0xaf, 0xfd, 0xbf, 0x32, 0x6a, 0xd6, 0x7c, 0x3c, 0x6b, 0x01, 0xdf, 0xd1, - 0xec, 0xed, 0x31, 0x8f, 0x3d, 0xcf, 0xa7, 0xc4, 0x1d, 0x47, 0xf1, 0x42, 0x93, 0xd8, 0xdb, 0x52, - 0x74, 0x9c, 0x48, 0xf0, 0x69, 0x5e, 0xfe, 0xbd, 0xb8, 0xa1, 0x1b, 0xc5, 0x64, 0x9a, 0xef, 0x24, - 0x1c, 0x6c, 0x48, 0xf1, 0x5e, 0xd9, 0x25, 0x11, 0xdb, 0xe4, 0xed, 0x11, 0xcf, 0x0b, 0x8b, 0xb2, - 0x57, 0x6e, 0x2b, 0x1a, 0x4e, 0xb8, 0xe8, 0x83, 0xb0, 0x30, 0x20, 0x53, 0x21, 0x58, 0x12, 0x82, - 0x75, 0x5e, 0xf1, 0xb7, 0x25, 0x09, 0xc7, 0x3c, 0x64, 0x43, 0xc5, 0x75, 0x84, 0x54, 0x59, 0x48, - 0x81, 0xf8, 0x91, 0x71, 0x51, 0x08, 0x29, 0x4e, 0xab, 0x71, 0xf7, 0xde, 0xda, 0xa9, 0xb7, 0xee, - 0xad, 0x9d, 0x7a, 0xfb, 0xde, 0xda, 0xa9, 0x37, 0x0f, 0xd6, 0xac, 0xbb, 0x07, 0x6b, 0xd6, 0x5b, - 0x07, 0x6b, 0xd6, 0xdb, 0x07, 0x6b, 0xd6, 0xdf, 0x0e, 0xd6, 0xac, 0xef, 0xbf, 0xbb, 0x76, 0xea, - 0x95, 0x6a, 0xec, 0xda, 0x7f, 0x05, 0x00, 0x00, 0xff, 0xff, 0x86, 0x74, 0xaf, 0x89, 0x0a, 0x29, - 0x00, 0x00, + // 2567 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xd4, 0x59, 0x4b, 0x6c, 0x1c, 0x49, + 0xf9, 0x4f, 0xcf, 0xc3, 0x9e, 0xf9, 0xc6, 0x8f, 0xa4, 0xf6, 0xf1, 0xf7, 0x3f, 0x2b, 0xd9, 0x56, + 0x2f, 0x8f, 0x80, 0x76, 0xc7, 0x24, 0x10, 0x08, 0x0f, 0x21, 0x79, 0xec, 0x64, 0xe3, 0x38, 0x0f, + 0x53, 0xe3, 0x5d, 0xa4, 0x65, 0xb5, 0xd0, 0xe9, 0x29, 0xcf, 0x74, 0x66, 0xa6, 0xbb, 0xb7, 0xab, + 0x66, 0xc2, 0x48, 0x2c, 0x5a, 0x84, 0x90, 0x78, 0x4a, 0x20, 0x84, 0xb8, 0x72, 0xe0, 0x84, 0x90, + 0x90, 0x10, 0x27, 0x24, 0x0e, 0x70, 0x40, 0xb9, 0xb1, 0x07, 0x10, 0xab, 0x05, 0x59, 0xc4, 0x7b, + 0x59, 0x89, 0x03, 0x27, 0x2e, 0x7b, 0x42, 0xf5, 0xe8, 0xaa, 0xea, 0x1e, 0x1b, 0x3b, 0x99, 0x49, + 0x80, 0x5b, 0xf7, 0xf7, 0x7d, 0xfd, 0xfd, 0xbe, 0xfa, 0xea, 0xab, 0xef, 0x51, 0x0d, 0x5b, 0xed, + 0x80, 0x75, 0x06, 0xb7, 0xeb, 0x7e, 0xd4, 0x5f, 0xf3, 0x92, 0x76, 0x14, 0x27, 0xd1, 0x1d, 0xf1, + 0xf0, 0xbc, 0xdf, 0x5a, 0x8b, 0xbb, 0xed, 0x35, 0x2f, 0x0e, 0xe8, 0x9a, 0x17, 0xc7, 0xbd, 0xc0, + 0xf7, 0x58, 0x10, 0x85, 0x6b, 0xc3, 0xf3, 0x5e, 0x2f, 0xee, 0x78, 0xe7, 0xd7, 0xda, 0x24, 0x24, + 0x89, 0xc7, 0x48, 0xab, 0x1e, 0x27, 0x11, 0x8b, 0xd0, 0x27, 0x8d, 0xaa, 0x7a, 0xaa, 0x4a, 0x3c, + 0x7c, 0xd1, 0x6f, 0xd5, 0xe3, 0x6e, 0xbb, 0xce, 0x55, 0xd5, 0x2d, 0x55, 0xf5, 0x54, 0xd5, 0xd9, + 0xe7, 0x2d, 0x2b, 0xda, 0x51, 0x3b, 0x5a, 0x13, 0x1a, 0x6f, 0x0f, 0xf6, 0xc4, 0x9b, 0x78, 0x11, + 0x4f, 0x12, 0xe9, 0xec, 0xc7, 0xba, 0x97, 0x68, 0x3d, 0x88, 0xb8, 0x6d, 0x7d, 0xcf, 0xef, 0x04, + 0x21, 0x49, 0x46, 0xc6, 0xd8, 0x3e, 0x61, 0xde, 0xda, 0x70, 0xcc, 0xbe, 0xb3, 0x6b, 0x47, 0x7d, + 0x95, 0x0c, 0x42, 0x16, 0xf4, 0xc9, 0xd8, 0x07, 0x1f, 0x3f, 0xee, 0x03, 0xea, 0x77, 0x48, 0xdf, + 0x1b, 0xfb, 0xee, 0xa3, 0x47, 0x7d, 0x37, 0x60, 0x41, 0x6f, 0x2d, 0x08, 0x19, 0x65, 0x49, 0xfe, + 0x23, 0xf7, 0x2f, 0x0e, 0xc0, 0x7a, 0x1c, 0xef, 0x24, 0xd1, 0x1d, 0xe2, 0x33, 0xf4, 0x25, 0xa8, + 0xf0, 0x75, 0xb4, 0x3c, 0xe6, 0x2d, 0x39, 0xab, 0xce, 0xb9, 0xda, 0x85, 0x8f, 0xd4, 0xa5, 0xda, + 0xba, 0xad, 0xd6, 0xf8, 0x95, 0x4b, 0xd7, 0x87, 0xe7, 0xeb, 0xb7, 0x6e, 0xf3, 0xef, 0x6f, 0x10, + 0xe6, 0x35, 0xd0, 0xbd, 0xfd, 0x95, 0x53, 0x07, 0xfb, 0x2b, 0x60, 0x68, 0x58, 0x6b, 0x45, 0x5d, + 0x28, 0xd1, 0x98, 0xf8, 0x4b, 0x05, 0xa1, 0x7d, 0xab, 0xfe, 0xd0, 0xbb, 0x57, 0x37, 0x66, 0x37, + 0x63, 0xe2, 0x37, 0xe6, 0x14, 0x6c, 0x89, 0xbf, 0x61, 0x01, 0xe2, 0xbe, 0xed, 0xc0, 0x82, 0x11, + 0xbb, 0x1e, 0x50, 0x86, 0x5e, 0x19, 0x5b, 0x61, 0xfd, 0x64, 0x2b, 0xe4, 0x5f, 0x8b, 0xf5, 0x9d, + 0x56, 0x40, 0x95, 0x94, 0x62, 0xad, 0xee, 0x0e, 0x94, 0x03, 0x46, 0xfa, 0x74, 0xa9, 0xb0, 0x5a, + 0x3c, 0x57, 0xbb, 0x70, 0x79, 0x2a, 0xcb, 0x6b, 0xcc, 0x2b, 0xc4, 0xf2, 0x16, 0xd7, 0x8d, 0x25, + 0x84, 0xfb, 0xcf, 0x82, 0xbd, 0x38, 0xbe, 0x6a, 0x74, 0x1e, 0x6a, 0x34, 0x1a, 0x24, 0x3e, 0xc1, + 0x24, 0x8e, 0xe8, 0x92, 0xb3, 0x5a, 0x3c, 0x57, 0x6d, 0x2c, 0x1e, 0xec, 0xaf, 0xd4, 0x9a, 0x86, + 0x8c, 0x6d, 0x19, 0xf4, 0x1d, 0x07, 0xe6, 0x5a, 0x84, 0xb2, 0x20, 0x14, 0xf8, 0xa9, 0xe5, 0x9f, + 0x9b, 0xcc, 0xf2, 0x94, 0xb8, 0x69, 0x34, 0x37, 0x9e, 0x54, 0xab, 0x98, 0xb3, 0x88, 0x14, 0x67, + 0xc0, 0xd1, 0x45, 0xa8, 0xb5, 0x08, 0xf5, 0x93, 0x20, 0xe6, 0xef, 0x4b, 0xc5, 0x55, 0xe7, 0x5c, + 0xb5, 0xf1, 0x84, 0xfa, 0xb0, 0xb6, 0x69, 0x58, 0xd8, 0x96, 0x43, 0x5d, 0x28, 0x27, 0x51, 0x8f, + 0xd0, 0xa5, 0x92, 0x30, 0xfe, 0xca, 0x04, 0xc6, 0x2b, 0x77, 0xe2, 0xa8, 0x47, 0x8c, 0xdf, 0xf9, + 0x1b, 0xc5, 0x12, 0xc3, 0xfd, 0x7d, 0x11, 0x6a, 0xd6, 0x12, 0x1f, 0xc3, 0x99, 0xe9, 0x65, 0xce, + 0xcc, 0xb5, 0xe9, 0x6c, 0xcd, 0x51, 0x87, 0x06, 0x31, 0x98, 0xa1, 0xcc, 0x63, 0x03, 0x2a, 0xdc, + 0x5f, 0xbb, 0x70, 0x7d, 0x4a, 0x78, 0x42, 0x67, 0x63, 0x41, 0x21, 0xce, 0xc8, 0x77, 0xac, 0xb0, + 0xd0, 0x6b, 0x50, 0x8d, 0x62, 0x9e, 0x9a, 0xf8, 0xbe, 0x97, 0x04, 0xf0, 0xe6, 0x04, 0xc0, 0xb7, + 0x52, 0x5d, 0x8d, 0xf9, 0x83, 0xfd, 0x95, 0xaa, 0x7e, 0xc5, 0x06, 0xc5, 0xf5, 0xe1, 0x49, 0xcb, + 0xbe, 0x8d, 0x28, 0x6c, 0x05, 0x62, 0x43, 0x57, 0xa1, 0xc4, 0x46, 0x31, 0x11, 0x9b, 0x59, 0x35, + 0x2e, 0xda, 0x1d, 0xc5, 0x04, 0x0b, 0x0e, 0xfa, 0x10, 0xcc, 0xf6, 0x09, 0xa5, 0x5e, 0x9b, 0x88, + 0x3d, 0xa9, 0x36, 0x16, 0x95, 0xd0, 0xec, 0x0d, 0x49, 0xc6, 0x29, 0xdf, 0x7d, 0x0d, 0x9e, 0x3e, + 0xfc, 0x3c, 0xa0, 0x0f, 0xc0, 0x0c, 0x25, 0xc9, 0x90, 0x24, 0x0a, 0xc8, 0x78, 0x46, 0x50, 0xb1, + 0xe2, 0xa2, 0x35, 0xa8, 0x86, 0x5e, 0x9f, 0xd0, 0xd8, 0xf3, 0x53, 0xb8, 0x33, 0x4a, 0xb4, 0x7a, + 0x33, 0x65, 0x60, 0x23, 0xe3, 0xfe, 0xd5, 0x81, 0x45, 0x0b, 0xf3, 0x31, 0xa4, 0xbd, 0x6e, 0x36, + 0xed, 0x5d, 0x99, 0x4e, 0xc4, 0x1c, 0x91, 0xf7, 0x7e, 0x5b, 0x84, 0x33, 0x76, 0x5c, 0x89, 0x64, + 0xc6, 0xb7, 0x24, 0x21, 0x71, 0xf4, 0x22, 0xbe, 0xae, 0xdc, 0xa9, 0xb7, 0x04, 0x4b, 0x32, 0x4e, + 0xf9, 0x7c, 0x7f, 0x63, 0x8f, 0x75, 0x94, 0x2f, 0xf5, 0xfe, 0xee, 0x78, 0xac, 0x83, 0x05, 0x87, + 0xa7, 0x21, 0x12, 0x0e, 0x83, 0x24, 0x0a, 0xfb, 0x24, 0x64, 0xf9, 0x34, 0x74, 0xd9, 0xb0, 0xb0, + 0x2d, 0x87, 0x3e, 0x0b, 0x0b, 0xcc, 0x4b, 0xda, 0x84, 0x61, 0x32, 0x0c, 0x68, 0x1a, 0xc8, 0xd5, + 0xc6, 0xd3, 0xea, 0xcb, 0x85, 0xdd, 0x0c, 0x17, 0xe7, 0xa4, 0xd1, 0xaf, 0x1c, 0x78, 0xc6, 0x8f, + 0xfa, 0x71, 0x14, 0x92, 0x90, 0xed, 0x78, 0x89, 0xd7, 0x27, 0x8c, 0x24, 0xb7, 0x86, 0x24, 0x49, + 0x82, 0x16, 0xa1, 0x4b, 0x65, 0xe1, 0xdd, 0x1b, 0x13, 0x78, 0x77, 0x63, 0x4c, 0x7b, 0xe3, 0x59, + 0x65, 0xdc, 0x33, 0x1b, 0x47, 0x23, 0xe3, 0x7f, 0x67, 0x16, 0xaf, 0x3a, 0x43, 0xaf, 0x37, 0x20, + 0xf4, 0x4a, 0xc0, 0x73, 0xf0, 0x8c, 0xa9, 0x3a, 0x2f, 0x19, 0x32, 0xb6, 0x65, 0xdc, 0xdf, 0x14, + 0x32, 0x21, 0xda, 0x4c, 0xf3, 0x8e, 0xd8, 0x4b, 0x15, 0xa0, 0xd3, 0xca, 0x3b, 0x42, 0xa7, 0x75, + 0xba, 0x64, 0xf1, 0x53, 0x58, 0xe8, 0x9b, 0x8e, 0x28, 0x39, 0xe9, 0xa9, 0x54, 0x39, 0xf6, 0x11, + 0x94, 0x3f, 0xbb, 0x8a, 0xa5, 0x44, 0x6c, 0x43, 0xf3, 0x10, 0x8e, 0x65, 0xf5, 0x51, 0x11, 0xa7, + 0x43, 0x38, 0x2d, 0x4a, 0x29, 0xdf, 0xfd, 0xc9, 0x4c, 0xf6, 0x0c, 0xc8, 0x1c, 0xfa, 0x03, 0x07, + 0x4e, 0xf3, 0x8d, 0xf2, 0x92, 0x80, 0x46, 0x21, 0x26, 0x74, 0xd0, 0x63, 0xca, 0x99, 0xdb, 0x13, + 0x06, 0x8d, 0xad, 0xb2, 0xb1, 0xa4, 0xec, 0x3a, 0x9d, 0xe7, 0xe0, 0x31, 0x78, 0xc4, 0x60, 0xb6, + 0x13, 0x50, 0x16, 0x25, 0x23, 0x95, 0x1c, 0x26, 0x69, 0xf9, 0x36, 0x49, 0xdc, 0x8b, 0x46, 0xfc, + 0xac, 0x6d, 0x85, 0x7b, 0x91, 0xf1, 0xcf, 0x55, 0x89, 0x80, 0x53, 0x28, 0xf4, 0x35, 0x07, 0x20, + 0x4e, 0x23, 0x95, 0x17, 0xb2, 0x47, 0x70, 0x70, 0x74, 0xcd, 0xd6, 0x24, 0x8a, 0x2d, 0x50, 0x14, + 0xc1, 0x4c, 0x87, 0x78, 0x3d, 0xd6, 0x51, 0xe5, 0xec, 0x85, 0x09, 0xe0, 0xaf, 0x0a, 0x45, 0xf9, + 0x12, 0x2a, 0xa9, 0x58, 0xc1, 0xa0, 0x6f, 0x38, 0xb0, 0xa0, 0xab, 0x1b, 0x97, 0x25, 0x4b, 0xe5, + 0x89, 0xbb, 0xec, 0x5b, 0x19, 0x85, 0x0d, 0xc4, 0xd3, 0x58, 0x96, 0x86, 0x73, 0xa0, 0xe8, 0xeb, + 0x0e, 0x80, 0x9f, 0x56, 0x53, 0x99, 0x0f, 0x6a, 0x17, 0x6e, 0x4d, 0xe7, 0x44, 0xe9, 0x2a, 0x6d, + 0xdc, 0xaf, 0x49, 0x14, 0x5b, 0xb0, 0xee, 0x3b, 0x0e, 0x3c, 0x65, 0x7d, 0xf8, 0x79, 0x8f, 0xf9, + 0x9d, 0xcb, 0x43, 0x9e, 0xa6, 0xb7, 0x33, 0xf5, 0xfd, 0x13, 0x76, 0x7d, 0x7f, 0x6f, 0x7f, 0xe5, + 0x83, 0x47, 0x8d, 0x51, 0x77, 0xb9, 0x86, 0xba, 0x50, 0x61, 0xb5, 0x02, 0xaf, 0x43, 0xcd, 0xb2, + 0x59, 0xa5, 0x8f, 0x69, 0x15, 0x40, 0x9d, 0x33, 0x2c, 0x22, 0xb6, 0xf1, 0xdc, 0x3f, 0x15, 0x60, + 0x76, 0xa3, 0x37, 0xa0, 0x8c, 0x24, 0x27, 0x6e, 0x28, 0x56, 0xa1, 0xc4, 0x9b, 0x85, 0x7c, 0xfd, + 0xe3, 0xbd, 0x04, 0x16, 0x1c, 0x14, 0xc3, 0x8c, 0x1f, 0x85, 0x7b, 0x41, 0x5b, 0xb5, 0x80, 0x57, + 0x27, 0x39, 0x39, 0xd2, 0xba, 0x0d, 0xa1, 0xcf, 0xd8, 0x24, 0xdf, 0xb1, 0xc2, 0x41, 0xdf, 0x73, + 0x60, 0xd1, 0x8f, 0xc2, 0x90, 0xf8, 0x26, 0x78, 0x4b, 0x13, 0xb7, 0xbb, 0x1b, 0x59, 0x8d, 0x8d, + 0xff, 0x53, 0xe8, 0x8b, 0x39, 0x06, 0xce, 0x63, 0xbb, 0xbf, 0x2c, 0xc0, 0x7c, 0xc6, 0x72, 0xf4, + 0x1c, 0x54, 0x06, 0x94, 0x24, 0xc2, 0x73, 0xd2, 0xbf, 0xba, 0x23, 0x7a, 0x51, 0xd1, 0xb1, 0x96, + 0xe0, 0xd2, 0xb1, 0x47, 0xe9, 0xdd, 0x28, 0x69, 0x29, 0x3f, 0x6b, 0xe9, 0x1d, 0x45, 0xc7, 0x5a, + 0x82, 0xf7, 0x1b, 0xb7, 0x89, 0x97, 0x90, 0x64, 0x37, 0xea, 0x92, 0xb1, 0xb1, 0xa7, 0x61, 0x58, + 0xd8, 0x96, 0x13, 0x4e, 0x63, 0x3d, 0xba, 0xd1, 0x0b, 0x48, 0xc8, 0xa4, 0x99, 0x53, 0x70, 0xda, + 0xee, 0xf5, 0xa6, 0xad, 0xd1, 0x38, 0x2d, 0xc7, 0xc0, 0x79, 0x6c, 0xf7, 0x8f, 0x0e, 0xd4, 0x94, + 0xd3, 0x1e, 0x43, 0xd3, 0xd9, 0xce, 0x36, 0x9d, 0x8d, 0xc9, 0x63, 0xf4, 0x88, 0x86, 0xf3, 0xe7, + 0x45, 0x18, 0xab, 0x74, 0xe8, 0x55, 0x9e, 0xe3, 0x38, 0x8d, 0xb4, 0xd6, 0xd3, 0x22, 0xfb, 0xe1, + 0x93, 0xad, 0x6e, 0x37, 0xe8, 0x13, 0x3b, 0x7d, 0xa5, 0x5a, 0xb0, 0xa5, 0x11, 0xbd, 0xe1, 0x18, + 0x80, 0xdd, 0x48, 0xe5, 0x95, 0xe9, 0xb6, 0x44, 0x63, 0x26, 0xec, 0x46, 0xd8, 0xc2, 0x44, 0x9f, + 0xd2, 0x83, 0x60, 0x59, 0x04, 0xa4, 0x9b, 0x1d, 0xdd, 0xde, 0xcb, 0x34, 0x00, 0xb9, 0x71, 0x6e, + 0x04, 0xd5, 0x84, 0xc8, 0x16, 0x2b, 0xad, 0x00, 0x93, 0x24, 0x11, 0xac, 0x74, 0xc9, 0x63, 0xac, + 0xc7, 0x9f, 0x94, 0x4c, 0xb1, 0x41, 0x73, 0xbf, 0xeb, 0x00, 0x1a, 0x2f, 0xd7, 0x7c, 0x8c, 0xd2, + 0x4d, 0xac, 0x3a, 0xc0, 0x5a, 0x8f, 0x16, 0xc7, 0x46, 0xe6, 0x04, 0x69, 0xf2, 0x59, 0x28, 0x8b, + 0xa6, 0x56, 0x1d, 0x58, 0x1d, 0x3d, 0xa2, 0xed, 0xc5, 0x92, 0xe7, 0xfe, 0xce, 0x81, 0x7c, 0xba, + 0x11, 0x99, 0x5a, 0x7a, 0x36, 0x9f, 0xa9, 0xb3, 0x5e, 0x3c, 0xf9, 0x9c, 0x89, 0x5e, 0x81, 0x9a, + 0xc7, 0x18, 0xe9, 0xc7, 0x4c, 0x04, 0x64, 0xf1, 0x81, 0x03, 0x72, 0x81, 0x47, 0xc2, 0x8d, 0xa8, + 0x15, 0xec, 0x05, 0x22, 0x18, 0x6d, 0x75, 0xee, 0xbb, 0x45, 0x58, 0xc8, 0x36, 0x5f, 0x68, 0x00, + 0x33, 0xa2, 0xd9, 0x91, 0xd7, 0x4c, 0x53, 0xef, 0xae, 0xb4, 0x4b, 0x04, 0x89, 0x62, 0x05, 0xc6, + 0x13, 0x6b, 0x92, 0x4e, 0x57, 0xb9, 0xc4, 0xaa, 0xe7, 0x2a, 0x2d, 0x71, 0xec, 0x44, 0x55, 0xfc, + 0xef, 0x9c, 0xa8, 0x5e, 0x05, 0x68, 0x09, 0x6f, 0x8b, 0xbd, 0x2c, 0x3d, 0x7c, 0x72, 0xd9, 0xd4, + 0x5a, 0xb0, 0xa5, 0x11, 0x9d, 0x85, 0x42, 0xd0, 0x12, 0xa7, 0xba, 0xd8, 0x00, 0x25, 0x5b, 0xd8, + 0xda, 0xc4, 0x85, 0xa0, 0xe5, 0x52, 0x98, 0xb3, 0xbb, 0xcd, 0x13, 0xc7, 0xea, 0xa7, 0x61, 0x5e, + 0x3e, 0x6d, 0x12, 0xe6, 0x05, 0x3d, 0xaa, 0x76, 0xe7, 0x29, 0x25, 0x3e, 0xdf, 0xb4, 0x99, 0x38, + 0x2b, 0xeb, 0xfe, 0xb8, 0x00, 0x70, 0x35, 0x8a, 0xba, 0x0a, 0x33, 0x3d, 0x7a, 0xce, 0x91, 0x47, + 0x6f, 0x15, 0x4a, 0xdd, 0x20, 0x6c, 0xe5, 0x0f, 0xe7, 0x76, 0x10, 0xb6, 0xb0, 0xe0, 0xa0, 0x0b, + 0x00, 0x5e, 0x1c, 0xbc, 0x44, 0x12, 0x6a, 0x6e, 0x12, 0xb5, 0x5f, 0xd6, 0x77, 0xb6, 0x14, 0x07, + 0x5b, 0x52, 0xe8, 0x39, 0xd5, 0x19, 0xca, 0xb1, 0x7d, 0x29, 0xd7, 0x19, 0x56, 0xb8, 0x85, 0x56, + 0xeb, 0x77, 0x29, 0x97, 0x1f, 0x57, 0xc7, 0xf2, 0xa3, 0xe9, 0x94, 0x77, 0x3a, 0x1e, 0x25, 0x87, + 0x9d, 0xeb, 0x99, 0x63, 0xee, 0x8f, 0x02, 0xa8, 0x5c, 0xbb, 0xcb, 0x64, 0xbd, 0xe7, 0x29, 0x2c, + 0x21, 0x1e, 0xd3, 0x25, 0xa7, 0x68, 0xa5, 0xb0, 0x94, 0x81, 0x8d, 0x0c, 0x3f, 0x2c, 0xe4, 0xcb, + 0x71, 0x90, 0x90, 0x75, 0x26, 0x3c, 0x55, 0x34, 0x87, 0xe5, 0xb2, 0xa2, 0x63, 0x2d, 0xe1, 0xfe, + 0xdd, 0x01, 0x73, 0x51, 0x86, 0xf6, 0xa0, 0x44, 0x47, 0xa1, 0xaf, 0x4a, 0xdb, 0x24, 0xc9, 0xbb, + 0x39, 0x0a, 0x7d, 0x73, 0x1f, 0x57, 0x11, 0xd7, 0x8d, 0xa3, 0xd0, 0xc7, 0x42, 0x3f, 0x1a, 0x42, + 0x25, 0x89, 0x7a, 0xbd, 0xdb, 0x9e, 0xdf, 0x9d, 0x42, 0x95, 0xc3, 0x4a, 0x95, 0xc1, 0x9b, 0x13, + 0xa9, 0x41, 0x91, 0xb1, 0xc6, 0x72, 0x7f, 0x51, 0x86, 0xdc, 0x20, 0x83, 0x06, 0xf6, 0x1d, 0xa4, + 0x33, 0xc5, 0x3b, 0x48, 0xbd, 0x4b, 0x87, 0xdd, 0x43, 0xa2, 0x8b, 0x50, 0x8e, 0x79, 0x78, 0xa8, + 0x60, 0x5e, 0x49, 0xcb, 0x88, 0x88, 0x99, 0x43, 0xa2, 0x48, 0x4a, 0xdb, 0x41, 0x54, 0x3c, 0xa6, + 0x38, 0x7c, 0x15, 0x80, 0xfb, 0x5a, 0xdd, 0x08, 0xc8, 0x7c, 0x72, 0x73, 0x5a, 0x3b, 0xaa, 0x2e, + 0x05, 0x44, 0xfd, 0x68, 0x6a, 0x14, 0x6c, 0x21, 0xa2, 0x6f, 0x3b, 0xb0, 0x90, 0x3a, 0x5e, 0x19, + 0x51, 0x7e, 0x24, 0x46, 0x88, 0xf1, 0x14, 0x67, 0x90, 0x70, 0x0e, 0x19, 0x7d, 0x01, 0xaa, 0x94, + 0x79, 0x89, 0x3c, 0x45, 0x33, 0x0f, 0x9c, 0x5b, 0xf5, 0x5e, 0x36, 0x53, 0x25, 0xd8, 0xe8, 0x43, + 0x2f, 0x03, 0xec, 0x05, 0x61, 0x40, 0x3b, 0x42, 0xfb, 0xec, 0xc3, 0x55, 0xe1, 0x2b, 0x5a, 0x03, + 0xb6, 0xb4, 0xb9, 0x7f, 0x70, 0xa0, 0x66, 0xfd, 0x9e, 0x38, 0x41, 0x96, 0x3c, 0x07, 0x95, 0x38, + 0xea, 0x05, 0x7e, 0x40, 0x64, 0x97, 0x5c, 0x95, 0xa7, 0x61, 0x47, 0xd1, 0xb0, 0xe6, 0x22, 0x06, + 0xd5, 0x3b, 0x2a, 0xcd, 0xa4, 0x55, 0x71, 0x63, 0x82, 0xbd, 0x49, 0x53, 0x96, 0xf1, 0x56, 0x4a, + 0xa1, 0xd8, 0x00, 0xb9, 0x7f, 0x2e, 0x00, 0x88, 0xdf, 0x50, 0x81, 0xb8, 0xb5, 0x59, 0x85, 0x52, + 0x42, 0xe2, 0x28, 0xbf, 0x20, 0x2e, 0x81, 0x05, 0x27, 0x33, 0x84, 0x15, 0x1e, 0x68, 0x08, 0x2b, + 0x1e, 0x3b, 0x84, 0xf1, 0x02, 0x46, 0x3b, 0x3b, 0x49, 0x30, 0xf4, 0x18, 0xd9, 0x26, 0x23, 0x55, + 0x05, 0x4c, 0x01, 0x6b, 0x5e, 0x35, 0x4c, 0x9c, 0x95, 0x3d, 0x74, 0x7e, 0x2d, 0xff, 0x07, 0xe7, + 0xd7, 0xb7, 0x1d, 0x58, 0x30, 0x9e, 0xfd, 0xdf, 0xfa, 0xf3, 0x69, 0xec, 0x3e, 0x62, 0x20, 0xfb, + 0x87, 0x03, 0x8b, 0x69, 0xeb, 0xaf, 0x3a, 0x88, 0xa9, 0xb4, 0x0c, 0x99, 0x3f, 0x2d, 0xc5, 0xe3, + 0xff, 0xb4, 0xd8, 0x29, 0xb8, 0x74, 0x4c, 0x0a, 0xfe, 0x4c, 0xae, 0x59, 0x78, 0xdf, 0x58, 0xb3, + 0x80, 0xf4, 0x90, 0x33, 0x0a, 0xfd, 0x6c, 0x73, 0xe5, 0xfe, 0xcc, 0x81, 0xb9, 0x94, 0x7d, 0x33, + 0x6a, 0x89, 0xd1, 0x83, 0x8a, 0x20, 0x73, 0xb2, 0xa3, 0x87, 0x0c, 0x07, 0xc9, 0x43, 0x03, 0xa8, + 0xf8, 0x9d, 0xa0, 0xd7, 0x4a, 0x48, 0xa8, 0xb6, 0xe5, 0x85, 0x29, 0xcc, 0x60, 0x1c, 0xdf, 0x84, + 0xc2, 0x86, 0x02, 0xc0, 0x1a, 0xca, 0xfd, 0x75, 0x11, 0xe6, 0x33, 0x03, 0x1b, 0xba, 0x08, 0x35, + 0xf9, 0xab, 0xa3, 0x69, 0xd9, 0xac, 0xef, 0x37, 0x76, 0x0d, 0x0b, 0xdb, 0x72, 0x7c, 0x3f, 0x7a, + 0xc1, 0x50, 0xea, 0xc8, 0xff, 0xf9, 0xba, 0x9e, 0x32, 0xb0, 0x91, 0xb1, 0x26, 0xd6, 0xe2, 0x03, + 0x4f, 0xac, 0x3f, 0x74, 0x00, 0x89, 0x25, 0x70, 0xcd, 0x7a, 0xb0, 0x54, 0x7f, 0x94, 0xa7, 0xe6, + 0xb7, 0xb3, 0xca, 0x22, 0xb4, 0x31, 0x06, 0x85, 0x0f, 0x81, 0xb7, 0x2e, 0x91, 0xcb, 0x8f, 0xe5, + 0x12, 0xd9, 0xfd, 0x0a, 0x9c, 0x19, 0xeb, 0xa1, 0xd4, 0xbc, 0xe0, 0x1c, 0x36, 0x2f, 0xf0, 0x48, + 0x8c, 0x93, 0x41, 0x28, 0x37, 0xa8, 0x62, 0x22, 0x71, 0x87, 0x13, 0xb1, 0xe4, 0xf1, 0x21, 0xa2, + 0x95, 0x8c, 0xf0, 0x40, 0x36, 0xe2, 0x15, 0x83, 0xbe, 0x29, 0xa8, 0x58, 0x71, 0xdd, 0x6f, 0x15, + 0x60, 0x3e, 0x53, 0xd7, 0x33, 0xf3, 0x9e, 0x73, 0xec, 0xbc, 0x37, 0x4d, 0x63, 0xd0, 0xeb, 0x30, + 0x47, 0xc5, 0x51, 0x4c, 0x3c, 0x46, 0xda, 0xa3, 0x29, 0x5c, 0xe3, 0x37, 0x2d, 0x75, 0x8d, 0xd3, + 0x07, 0xfb, 0x2b, 0x73, 0x36, 0x05, 0x67, 0xe0, 0xdc, 0x9f, 0x16, 0xe0, 0x89, 0x43, 0x7a, 0x1c, + 0x74, 0xd7, 0xbe, 0x5a, 0x91, 0xb3, 0xf7, 0xb5, 0x29, 0x84, 0xa7, 0x4a, 0xa4, 0xf2, 0x7f, 0xf9, + 0x61, 0x17, 0x2b, 0x0f, 0x38, 0x7a, 0xef, 0x41, 0xb9, 0x13, 0x45, 0xdd, 0xb4, 0x9b, 0x98, 0xa4, + 0x20, 0x98, 0xc9, 0xb0, 0x51, 0xe5, 0xbb, 0xc9, 0xdf, 0x29, 0x96, 0xea, 0xdd, 0x77, 0x1d, 0xc8, + 0x78, 0x11, 0xf5, 0xa1, 0xcc, 0xb5, 0x8c, 0xa6, 0xf0, 0x1b, 0xd1, 0xd6, 0xbb, 0xce, 0x75, 0x4a, + 0x7c, 0xf1, 0x88, 0x25, 0x0a, 0x0a, 0xa0, 0xc4, 0x0d, 0x51, 0xb3, 0xcb, 0xf6, 0x94, 0xd0, 0xf8, + 0x12, 0xe5, 0xa8, 0xc4, 0x9f, 0xb0, 0x80, 0x70, 0x2f, 0xc1, 0x99, 0x31, 0x8b, 0x78, 0xc8, 0xef, + 0x45, 0xe9, 0x5f, 0x53, 0x2b, 0xe4, 0xaf, 0x70, 0x22, 0x96, 0x3c, 0x5e, 0x3f, 0x4e, 0xe7, 0xd5, + 0xa3, 0x1f, 0x39, 0x70, 0x86, 0xe6, 0xf5, 0x3d, 0x12, 0xaf, 0xfd, 0xbf, 0x32, 0x6a, 0xdc, 0x7c, + 0x3c, 0x6e, 0x01, 0xdf, 0xd1, 0xfc, 0x5d, 0x33, 0x8f, 0xbd, 0x20, 0xa4, 0xc4, 0x1f, 0x24, 0xe9, + 0x42, 0x75, 0xec, 0x6d, 0x29, 0x3a, 0xd6, 0x12, 0x7c, 0xf6, 0x97, 0xff, 0x3a, 0x6e, 0x9a, 0x46, + 0x51, 0xcf, 0xfe, 0x4d, 0xcd, 0xc1, 0x96, 0x14, 0xef, 0x95, 0x7d, 0x92, 0xb0, 0x4d, 0xde, 0x1e, + 0xf1, 0xbc, 0x30, 0x27, 0x7b, 0xe5, 0x0d, 0x45, 0xc3, 0x9a, 0x8b, 0xde, 0x0f, 0xb3, 0x5d, 0x32, + 0x12, 0x82, 0x25, 0x21, 0x58, 0xe3, 0x15, 0x7f, 0x5b, 0x92, 0x70, 0xca, 0x43, 0x2e, 0xcc, 0xf8, + 0x9e, 0x90, 0x2a, 0x0b, 0x29, 0x10, 0xbf, 0x3d, 0xd6, 0x85, 0x90, 0xe2, 0x34, 0xea, 0xf7, 0xee, + 0x2f, 0x9f, 0x7a, 0xf3, 0xfe, 0xf2, 0xa9, 0xb7, 0xee, 0x2f, 0x9f, 0x7a, 0xe3, 0x60, 0xd9, 0xb9, + 0x77, 0xb0, 0xec, 0xbc, 0x79, 0xb0, 0xec, 0xbc, 0x75, 0xb0, 0xec, 0xfc, 0xed, 0x60, 0xd9, 0xf9, + 0xfe, 0x3b, 0xcb, 0xa7, 0x5e, 0xae, 0xa4, 0xae, 0xfd, 0x57, 0x00, 0x00, 0x00, 0xff, 0xff, 0x99, + 0x62, 0x42, 0x3c, 0x38, 0x29, 0x00, 0x00, } diff --git a/pkg/apis/application/v1alpha1/generated.proto b/pkg/apis/application/v1alpha1/generated.proto index a02029ed19fc3..0c084704a3fd5 100644 --- a/pkg/apis/application/v1alpha1/generated.proto +++ b/pkg/apis/application/v1alpha1/generated.proto @@ -254,9 +254,11 @@ message HookStatus { optional string message = 6; } -// JwtToken holds the createdAt time of a token +// JwtToken holds the createdAt and expiresAt time of a token message JwtToken { - optional int64 createdAt = 3; + optional int64 createdAt = 1; + + optional int64 expireAt = 2; } // Operation contains requested operation parameters. diff --git a/pkg/apis/application/v1alpha1/types.go b/pkg/apis/application/v1alpha1/types.go index 7ebae36f57e23..c0d3b33ac2163 100644 --- a/pkg/apis/application/v1alpha1/types.go +++ b/pkg/apis/application/v1alpha1/types.go @@ -473,9 +473,10 @@ type ProjectRole struct { JwtTokens []JwtToken `json:"jwtTokens" protobuf:"bytes,3,rep,name=jwtTokens"` } -// JwtToken holds the createdAt time of a token +// JwtToken holds the createdAt and expiresAt time of a token type JwtToken struct { - CreatedAt int64 `json:"createdAt" protobuf:"int64,3,opt,name=createdAt"` + CreatedAt int64 `json:"createdAt" protobuf:"int64,1,opt,name=createdAt"` + ExpireAt int64 `json:"expireAt" protobuf:"int64,2,opt,name=expireAt"` } func GetDefaultProject(namespace string) AppProject { diff --git a/server/project/project.go b/server/project/project.go index 79629c22952ff..27d0946ac5b4b 100644 --- a/server/project/project.go +++ b/server/project/project.go @@ -83,7 +83,9 @@ func (s *Server) CreateToken(ctx context.Context, q *ProjectTokenCreateRequest) return nil, status.Error(codes.InvalidArgument, err.Error()) } issuedAt := jwtUtil.GetInt64Field(mapClaims, "iat") - project.Spec.Roles[index].JwtTokens = append(project.Spec.Roles[index].JwtTokens, v1alpha1.JwtToken{CreatedAt: issuedAt}) + expireAt := jwtUtil.GetInt64Field(mapClaims, "exp") + + project.Spec.Roles[index].JwtTokens = append(project.Spec.Roles[index].JwtTokens, v1alpha1.JwtToken{CreatedAt: issuedAt, ExpireAt: expireAt}) _, err = s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Update(project) if err != nil { return nil, err diff --git a/server/swagger.json b/server/swagger.json index 6c684e16b3509..25121996c82fc 100644 --- a/server/swagger.json +++ b/server/swagger.json @@ -2293,11 +2293,15 @@ }, "v1alpha1JwtToken": { "type": "object", - "title": "JwtToken holds the createdAt time of a token", + "title": "JwtToken holds the createdAt and expiresAt time of a token", "properties": { "createdAt": { "type": "string", "format": "int64" + }, + "expireAt": { + "type": "string", + "format": "int64" } } }, From 3af90e9f5188669793ca397d6b6af2374cbf05f6 Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Thu, 9 Aug 2018 09:46:32 -0700 Subject: [PATCH 22/43] Add explicit deny to project tokens --- server/project/project.go | 6 +++- server/project/project_test.go | 38 ++++++++++++++++++---- server/server_test.go | 58 ++++++++++++++++++++++++---------- 3 files changed, 77 insertions(+), 25 deletions(-) diff --git a/server/project/project.go b/server/project/project.go index 27d0946ac5b4b..4ff7a135592b9 100644 --- a/server/project/project.go +++ b/server/project/project.go @@ -206,7 +206,7 @@ func validateJwtToken(proj string, token string, policy string) error { func validatePolicy(proj string, policy string) error { policyComponents := strings.Split(policy, ",") - if len(policyComponents) != 5 { + if len(policyComponents) != 6 { return status.Errorf(codes.InvalidArgument, "incorrect number of policy arguments for '%s'", policy) } if strings.Trim(policyComponents[0], " ") != "p" { @@ -224,6 +224,10 @@ func validatePolicy(proj string, policy string) error { if !strings.HasPrefix(strings.Trim(policyComponents[4], " "), proj) { return status.Errorf(codes.InvalidArgument, "incorrect policy format for '%s' as policies can't grant access to other projects", policy) } + effect := strings.Trim(policyComponents[5], " ") + if effect != "allow" && effect != "deny" { + return status.Errorf(codes.InvalidArgument, "incorrect policy format for '%s' as effect can only have value 'allow' or 'deny'", policy) + } return nil } diff --git a/server/project/project_test.go b/server/project/project_test.go index abfe2743ce756..fd932d7d244d0 100644 --- a/server/project/project_test.go +++ b/server/project/project_test.go @@ -40,7 +40,7 @@ func TestProjectServer(t *testing.T) { }, } - policyTemplate := "p, proj:%s:%s, applications, %s, %s/%s" + policyTemplate := "p, proj:%s:%s, applications, %s, %s/%s, %s" t.Run("TestRemoveDestinationSuccessful", func(t *testing.T) { existingApp := v1alpha1.Application{ @@ -187,10 +187,11 @@ func TestProjectServer(t *testing.T) { action := "create" object := "testApplication" roleName := "testRole" + effect := "allow" projWithRole := existingProj.DeepCopy() role := v1alpha1.ProjectRole{Name: roleName, JwtTokens: []v1alpha1.JwtToken{{CreatedAt: 1}}} - policy := fmt.Sprintf(policyTemplate, projWithRole.Name, roleName, action, projWithRole.Name, object) + policy := fmt.Sprintf(policyTemplate, projWithRole.Name, roleName, action, projWithRole.Name, object, effect) role.Policies = append(role.Policies, policy) projWithRole.Spec.Roles = append(projWithRole.Spec.Roles, role) @@ -199,7 +200,7 @@ func TestProjectServer(t *testing.T) { _, err := projectServer.Update(context.Background(), request) assert.Nil(t, err) t.Log(projWithRole.Spec.Roles[0].Policies[0]) - expectedPolicy := fmt.Sprintf(policyTemplate, projWithRole.Name, role.Name, action, projWithRole.Name, object) + expectedPolicy := fmt.Sprintf(policyTemplate, projWithRole.Name, role.Name, action, projWithRole.Name, object, effect) assert.Equal(t, projWithRole.Spec.Roles[0].Policies[0], expectedPolicy) }) @@ -207,10 +208,11 @@ func TestProjectServer(t *testing.T) { action := "create" object := "testApplication" roleName := "testRole" + effect := "allow" projWithRole := existingProj.DeepCopy() role := v1alpha1.ProjectRole{Name: roleName, JwtTokens: []v1alpha1.JwtToken{{CreatedAt: 1}}} - policy := fmt.Sprintf(policyTemplate, projWithRole.Name, roleName, action, projWithRole.Name, object) + policy := fmt.Sprintf(policyTemplate, projWithRole.Name, roleName, action, projWithRole.Name, object, effect) role.Policies = append(role.Policies, policy) role.Policies = append(role.Policies, policy) projWithRole.Spec.Roles = append(projWithRole.Spec.Roles, role) @@ -227,10 +229,11 @@ func TestProjectServer(t *testing.T) { object := "testApplication" roleName := "testRole" otherProject := "other-project" + effect := "allow" projWithRole := existingProj.DeepCopy() role := v1alpha1.ProjectRole{Name: roleName, JwtTokens: []v1alpha1.JwtToken{{CreatedAt: 1}}} - policy := fmt.Sprintf(policyTemplate, projWithRole.Name, roleName, action, otherProject, object) + policy := fmt.Sprintf(policyTemplate, projWithRole.Name, roleName, action, otherProject, object, effect) role.Policies = append(role.Policies, policy) projWithRole.Spec.Roles = append(projWithRole.Spec.Roles, role) @@ -246,10 +249,11 @@ func TestProjectServer(t *testing.T) { object := "testApplication" roleName := "testRole" otherProject := "other-project" + effect := "allow" projWithRole := existingProj.DeepCopy() role := v1alpha1.ProjectRole{Name: roleName, JwtTokens: []v1alpha1.JwtToken{{CreatedAt: 1}}} - invalidPolicy := fmt.Sprintf(policyTemplate, otherProject, roleName, action, projWithRole.Name, object) + invalidPolicy := fmt.Sprintf(policyTemplate, otherProject, roleName, action, projWithRole.Name, object, effect) role.Policies = append(role.Policies, invalidPolicy) projWithRole.Spec.Roles = append(projWithRole.Spec.Roles, role) @@ -265,10 +269,11 @@ func TestProjectServer(t *testing.T) { object := "testApplication" roleName := "testRole" otherToken := "other-token" + effect := "allow" projWithRole := existingProj.DeepCopy() role := v1alpha1.ProjectRole{Name: roleName, JwtTokens: []v1alpha1.JwtToken{{CreatedAt: 1}}} - invalidPolicy := fmt.Sprintf(policyTemplate, projWithRole.Name, otherToken, action, projWithRole.Name, object) + invalidPolicy := fmt.Sprintf(policyTemplate, projWithRole.Name, otherToken, action, projWithRole.Name, object, effect) role.Policies = append(role.Policies, invalidPolicy) projWithRole.Spec.Roles = append(projWithRole.Spec.Roles, role) @@ -278,4 +283,23 @@ func TestProjectServer(t *testing.T) { expectedErr := fmt.Sprintf("rpc error: code = InvalidArgument desc = incorrect policy format for '%s' as policy can't grant access to other roles", invalidPolicy) assert.EqualError(t, err, expectedErr) }) + + t.Run("TestValidateProjectInvalidEffectFailure", func(t *testing.T) { + action := "create" + object := "testApplication" + roleName := "testRole" + effect := "testEffect" + + projWithRole := existingProj.DeepCopy() + role := v1alpha1.ProjectRole{Name: roleName, JwtTokens: []v1alpha1.JwtToken{{CreatedAt: 1}}} + invalidPolicy := fmt.Sprintf(policyTemplate, projWithRole.Name, roleName, action, projWithRole.Name, object, effect) + role.Policies = append(role.Policies, invalidPolicy) + projWithRole.Spec.Roles = append(projWithRole.Spec.Roles, role) + + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithRole), enforcer, util.NewKeyLock(), nil) + request := &ProjectUpdateRequest{Project: projWithRole} + _, err := projectServer.Update(context.Background(), request) + expectedErr := fmt.Sprintf("rpc error: code = InvalidArgument desc = incorrect policy format for '%s' as effect can only have value 'allow' or 'deny'", invalidPolicy) + assert.EqualError(t, err, expectedErr) + }) } diff --git a/server/server_test.go b/server/server_test.go index 17f42bd44087f..56df4b44ac9d2 100644 --- a/server/server_test.go +++ b/server/server_test.go @@ -54,17 +54,22 @@ func fakeSecret(policy ...string) *apiv1.Secret { func TestEnforceJwtToken(t *testing.T) { projectName := "testProj" - tokenName := "testToken" + roleName := "testRole" subFormat := "proj:%s:%s" - sub := fmt.Sprintf(subFormat, projectName, tokenName) - policy := fmt.Sprintf("p, %s, projects, get, %s", sub, projectName) - createdAt := int64(1) + policyTemplate := "p, %s, applications, get, %s/%s, %s" - token := v1alpha1.ProjectRole{Name: tokenName, Policies: []string{policy}, JwtTokens: []v1alpha1.JwtToken{{CreatedAt: createdAt}}} + defaultObject := "*" + defaultEffect := "allow" + defaultTestObject := fmt.Sprintf("%s/%s", projectName, "test") + defaultCreatedAt := int64(1) + defaultSub := fmt.Sprintf(subFormat, projectName, roleName) + defaultPolicy := fmt.Sprintf(policyTemplate, defaultSub, projectName, defaultObject, defaultEffect) + + role := v1alpha1.ProjectRole{Name: roleName, Policies: []string{defaultPolicy}, JwtTokens: []v1alpha1.JwtToken{{CreatedAt: defaultCreatedAt}}} existingProj := v1alpha1.AppProject{ ObjectMeta: v1.ObjectMeta{Name: projectName, Namespace: fakeNamespace}, Spec: v1alpha1.AppProjectSpec{ - Roles: []v1alpha1.ProjectRole{token}, + Roles: []v1alpha1.ProjectRole{role}, }, } cm := fakeConfigMap() @@ -74,24 +79,24 @@ func TestEnforceJwtToken(t *testing.T) { t.Run("TestEnforceJwtTokenSuccessful", func(t *testing.T) { s := NewServer(ArgoCDServerOpts{Namespace: fakeNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj)}) s.newGRPCServer() - claims := jwt.MapClaims{"sub": sub, "iat": createdAt} - assert.True(t, s.enf.EnforceClaims(claims, "projects", "get", projectName)) + claims := jwt.MapClaims{"sub": defaultSub, "iat": defaultCreatedAt} + assert.True(t, s.enf.EnforceClaims(claims, "applications", "get", defaultTestObject)) }) t.Run("TestEnforceJwtTokenWithDiffCreateAtFailure", func(t *testing.T) { s := NewServer(ArgoCDServerOpts{Namespace: fakeNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj)}) s.newGRPCServer() - diffCreateAt := createdAt + 1 - claims := jwt.MapClaims{"sub": sub, "iat": diffCreateAt} - assert.False(t, s.enf.EnforceClaims(claims, "projects", "get", projectName)) + diffCreateAt := defaultCreatedAt + 1 + claims := jwt.MapClaims{"sub": defaultSub, "iat": diffCreateAt} + assert.False(t, s.enf.EnforceClaims(claims, "applications", "get", defaultTestObject)) }) t.Run("TestEnforceJwtTokenIncorrectSubFormatFailure", func(t *testing.T) { s := NewServer(ArgoCDServerOpts{Namespace: fakeNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj)}) s.newGRPCServer() invalidSub := "proj:test" - claims := jwt.MapClaims{"sub": invalidSub, "iat": createdAt} - assert.False(t, s.enf.EnforceClaims(claims, "projects", "get", projectName)) + claims := jwt.MapClaims{"sub": invalidSub, "iat": defaultCreatedAt} + assert.False(t, s.enf.EnforceClaims(claims, "applications", "get", defaultTestObject)) }) t.Run("TestEnforceJwtTokenNoTokenFailure", func(t *testing.T) { @@ -99,8 +104,9 @@ func TestEnforceJwtToken(t *testing.T) { s.newGRPCServer() nonExistentToken := "fake-token" invalidSub := fmt.Sprintf(subFormat, projectName, nonExistentToken) - claims := jwt.MapClaims{"sub": invalidSub, "iat": createdAt} - assert.False(t, s.enf.EnforceClaims(claims, "projects", "get", projectName)) + claims := jwt.MapClaims{"sub": invalidSub, "iat": defaultCreatedAt} + + assert.False(t, s.enf.EnforceClaims(claims, "applications", "get", defaultTestObject)) }) t.Run("TestEnforceJwtTokenNotJwtTokenFailure", func(t *testing.T) { @@ -108,8 +114,26 @@ func TestEnforceJwtToken(t *testing.T) { proj.Spec.Roles[0].JwtTokens = nil s := NewServer(ArgoCDServerOpts{Namespace: fakeNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(proj)}) s.newGRPCServer() - claims := jwt.MapClaims{"sub": sub, "iat": createdAt} - assert.False(t, s.enf.EnforceClaims(claims, "projects", "get", projectName)) + claims := jwt.MapClaims{"sub": defaultSub, "iat": defaultCreatedAt} + assert.False(t, s.enf.EnforceClaims(claims, "applications", "get", defaultTestObject)) + }) + + t.Run("TestEnforceJwtTokenExplicitDeny", func(t *testing.T) { + denyApp := "testDenyApp" + allowPolicy := fmt.Sprintf(policyTemplate, defaultSub, projectName, defaultObject, defaultEffect) + denyPolicy := fmt.Sprintf(policyTemplate, defaultSub, projectName, denyApp, "deny") + role := v1alpha1.ProjectRole{Name: roleName, Policies: []string{allowPolicy, denyPolicy}, JwtTokens: []v1alpha1.JwtToken{{CreatedAt: defaultCreatedAt}}} + proj := existingProj.DeepCopy() + proj.Spec.Roles[0] = role + + s := NewServer(ArgoCDServerOpts{Namespace: fakeNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(proj)}) + s.newGRPCServer() + + claims := jwt.MapClaims{"sub": defaultSub, "iat": defaultCreatedAt} + allowedObject := fmt.Sprintf("%s/%s", projectName, "test") + denyObject := fmt.Sprintf("%s/%s", projectName, denyApp) + assert.True(t, s.enf.EnforceClaims(claims, "applications", "get", allowedObject)) + assert.False(t, s.enf.EnforceClaims(claims, "applications", "get", denyObject)) }) } From 55a52513d9188510726b04ebce97ad7a93a75b48 Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Thu, 9 Aug 2018 13:18:00 -0700 Subject: [PATCH 23/43] Add defaultEnforcer func to e2e tests --- cmd/argocd/commands/project.go | 15 +++++----- server/server.go | 4 +-- server/server_test.go | 6 ++-- test/e2e/app_management_test.go | 9 +++--- test/e2e/fixture.go | 1 + test/e2e/project_management_test.go | 45 +++++++++++++++++++++++++++++ 6 files changed, 62 insertions(+), 18 deletions(-) diff --git a/cmd/argocd/commands/project.go b/cmd/argocd/commands/project.go index 87fc36e8eeb23..43b87f31e16ea 100644 --- a/cmd/argocd/commands/project.go +++ b/cmd/argocd/commands/project.go @@ -25,6 +25,10 @@ import ( "k8s.io/apimachinery/pkg/apis/meta/v1" ) +const ( + policyTemplate = "p, proj:%s:%s, applications, %s, %s/%s, %s" +) + type projectOpts struct { description string destinations []string @@ -144,8 +148,7 @@ func NewProjectAddRolePolicyCommand(clientOpts *argocdclient.ClientOptions) *cob } role := proj.Spec.Roles[roleIndex] - policyTemplate := "p, proj:%s:%s, applications, %s, %s/%s" - policy := fmt.Sprintf(policyTemplate, proj.Name, role.Name, opts.action, proj.Name, opts.object) + policy := fmt.Sprintf(policyTemplate, proj.Name, role.Name, opts.action, proj.Name, opts.object, opts.permission) proj.Spec.Roles[roleIndex].Policies = append(role.Policies, policy) _, err = projIf.Update(context.Background(), &project.ProjectUpdateRequest{Project: proj}) @@ -195,8 +198,7 @@ func NewProjectRemoveRolePolicyCommand(clientOpts *argocdclient.ClientOptions) * } role := proj.Spec.Roles[roleIndex] - policyTemplate := "p, proj:%s:%s, applications, %s, %s/%s" - policyToRemove := fmt.Sprintf(policyTemplate, proj.Name, role.Name, opts.action, proj.Name, opts.object) + policyToRemove := fmt.Sprintf(policyTemplate, proj.Name, role.Name, opts.action, proj.Name, opts.object, opts.permission) duplicateIndex := -1 for i, policy := range role.Policies { if policy == policyToRemove { @@ -299,10 +301,7 @@ func NewProjectCreateTokenCommand(clientOpts *argocdclient.ClientOptions) *cobra token, err := projIf.CreateToken(context.Background(), &project.ProjectTokenCreateRequest{Project: projName, Role: roleName, SecondsBeforeExpiry: secondsBeforeExpiry}) errors.CheckError(err) - w := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0) - fmt.Fprintf(w, "New token for %s-%s:\n%s\n", projName, roleName, token) - fmt.Fprintf(w, "Make sure to save token as it is not stored.") - _ = w.Flush() + fmt.Print(token.Token) }, } command.Flags().Int64VarP(&secondsBeforeExpiry, "secondsBeforeExpiry", "s", defaultSecondsBeforeExpiry, "Number of seconds before the token will expire (Default: 3 months)") diff --git a/server/server.go b/server/server.go index a045448387041..ac9be4fb19995 100644 --- a/server/server.go +++ b/server/server.go @@ -335,7 +335,7 @@ func (a *ArgoCDServer) newGRPCServer() *grpc.Server { grpc_util.ErrorCodeUnaryServerInterceptor(), grpc_util.PanicLoggerUnaryServerInterceptor(a.log), ))) - a.enf.SetClaimsEnforcerFunc(defaultEnforceClaims(a.enf, a.AppClientset, a.Namespace)) + a.enf.SetClaimsEnforcerFunc(DefaultEnforceClaims(a.enf, a.AppClientset, a.Namespace)) grpcS := grpc.NewServer(sOpts...) db := db.NewDB(a.Namespace, a.KubeClientset) clusterService := cluster.NewServer(db, a.enf) @@ -597,7 +597,7 @@ func bug21955WorkaroundInterceptor(ctx context.Context, req interface{}, _ *grpc return handler(ctx, req) } -func defaultEnforceClaims(enf *rbac.Enforcer, a appclientset.Interface, namespace string) func(rvals ...interface{}) bool { +func DefaultEnforceClaims(enf *rbac.Enforcer, a appclientset.Interface, namespace string) func(rvals ...interface{}) bool { return func(rvals ...interface{}) bool { claims, ok := rvals[0].(jwt.Claims) if !ok { diff --git a/server/server_test.go b/server/server_test.go index 56df4b44ac9d2..fed2a18b0f0cd 100644 --- a/server/server_test.go +++ b/server/server_test.go @@ -142,7 +142,7 @@ func TestEnforceClaims(t *testing.T) { enf := rbac.NewEnforcer(kubeclientset, fakeNamespace, common.ArgoCDConfigMapName, nil) enf.SetBuiltinPolicy(box.String(builtinPolicyFile)) - enf.SetClaimsEnforcerFunc(defaultEnforceClaims(enf, nil, fakeNamespace)) + enf.SetClaimsEnforcerFunc(DefaultEnforceClaims(enf, nil, fakeNamespace)) policy := ` g, org2:team2, role:admin g, bob, role:admin @@ -173,7 +173,7 @@ func TestDefaultRoleWithClaims(t *testing.T) { kubeclientset := fake.NewSimpleClientset() enf := rbac.NewEnforcer(kubeclientset, fakeNamespace, common.ArgoCDConfigMapName, nil) enf.SetBuiltinPolicy(box.String(builtinPolicyFile)) - enf.SetClaimsEnforcerFunc(defaultEnforceClaims(enf, nil, fakeNamespace)) + enf.SetClaimsEnforcerFunc(DefaultEnforceClaims(enf, nil, fakeNamespace)) claims := jwt.MapClaims{"groups": []string{"org1:team1", "org2:team2"}} assert.False(t, enf.EnforceClaims(claims, "applications", "get", "foo/bar")) @@ -186,7 +186,7 @@ func TestEnforceNilClaims(t *testing.T) { kubeclientset := fake.NewSimpleClientset(fakeConfigMap()) enf := rbac.NewEnforcer(kubeclientset, fakeNamespace, common.ArgoCDConfigMapName, nil) enf.SetBuiltinPolicy(box.String(builtinPolicyFile)) - enf.SetClaimsEnforcerFunc(defaultEnforceClaims(enf, nil, fakeNamespace)) + enf.SetClaimsEnforcerFunc(DefaultEnforceClaims(enf, nil, fakeNamespace)) assert.False(t, enf.EnforceClaims(nil, "applications", "get", "foo/obj")) enf.SetDefaultRole("role:readonly") assert.True(t, enf.EnforceClaims(nil, "applications", "get", "foo/obj")) diff --git a/test/e2e/app_management_test.go b/test/e2e/app_management_test.go index 65b4e8e65ba4b..74c0dc85f7615 100644 --- a/test/e2e/app_management_test.go +++ b/test/e2e/app_management_test.go @@ -5,16 +5,15 @@ import ( "testing" "time" + // load the gcp plugin (required to authenticate against GKE clusters). "github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1" + "github.com/argoproj/argo-cd/util/argo" "github.com/stretchr/testify/assert" + "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - - // load the gcp plugin (required to authenticate against GKE clusters). + "k8s.io/apimachinery/pkg/fields" _ "k8s.io/client-go/plugin/pkg/client/auth/gcp" - "github.com/argoproj/argo-cd/util/argo" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/fields" _ "k8s.io/client-go/plugin/pkg/client/auth/oidc" ) diff --git a/test/e2e/fixture.go b/test/e2e/fixture.go index 8eb1906cf1b98..23450cf512f17 100644 --- a/test/e2e/fixture.go +++ b/test/e2e/fixture.go @@ -259,6 +259,7 @@ func NewFixture() (*Fixture, error) { } db := db.NewDB(namespace, kubeClient) enforcer := rbac.NewEnforcer(kubeClient, namespace, common.ArgoCDRBACConfigMapName, nil) + enforcer.SetClaimsEnforcerFunc(server.DefaultEnforceClaims(enforcer, appClient, namespace)) err = enforcer.SetBuiltinPolicy(test.BuiltinPolicy) if err != nil { return nil, err diff --git a/test/e2e/project_management_test.go b/test/e2e/project_management_test.go index c60be26feb820..0454b4db6786f 100644 --- a/test/e2e/project_management_test.go +++ b/test/e2e/project_management_test.go @@ -246,4 +246,49 @@ func TestProjectManagement(t *testing.T) { assert.Equal(t, 0, len(proj.Spec.SourceRepos)) assertProjHasEvent(proj, "update", argo.EventReasonResourceUpdated) }) + + t.Run("TestUseJwtToken", func(t *testing.T) { + projectName := "proj-" + strconv.FormatInt(time.Now().Unix(), 10) + appName := "app-" + strconv.FormatInt(time.Now().Unix(), 10) + roleName := "roleTest" + testApp := &v1alpha1.Application{ + ObjectMeta: metav1.ObjectMeta{ + Name: appName, + }, + Spec: v1alpha1.ApplicationSpec{ + Source: v1alpha1.ApplicationSource{ + RepoURL: "https://github.com/argoproj/argo-cd.git", Path: ".", Environment: "minikube", + }, + Destination: v1alpha1.ApplicationDestination{ + Server: fixture.Config.Host, + Namespace: fixture.Namespace, + }, + Project: projectName, + }, + } + _, err := fixture.AppClient.ArgoprojV1alpha1().AppProjects(fixture.Namespace).Create(&v1alpha1.AppProject{ObjectMeta: metav1.ObjectMeta{Name: projectName}}) + if err != nil { + t.Fatalf("Unable to create project %v", err) + } + + _, err = fixture.AppClient.ArgoprojV1alpha1().Applications(fixture.Namespace).Create(testApp) + if err != nil { + t.Fatalf("Unable to create app %v", err) + } + + _, err = fixture.RunCli("proj", "role", "create", projectName, roleName) + if err != nil { + t.Fatalf("Unable to get project %v", err) + } + _, err = fixture.RunCli("proj", "role", "create-token", projectName, roleName) + if err != nil { + t.Fatalf("Unable to get create token %v", err) + } + + _, err = fixture.RunCli("proj", "role", "add-policy", projectName, roleName, "-a", "get", "-o", "*", "-p", "allow") + if err != nil { + t.Fatalf("Unable to get add policy token %v", err) + } + + }) } From 879dca815d09d84977cce1691b5112e96f7dc5c2 Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Mon, 13 Aug 2018 10:44:08 -0700 Subject: [PATCH 24/43] Use argoproj time lib to enter time --- Gopkg.lock | 377 +++++---------------------------- Gopkg.toml | 1 + cmd/argocd/commands/project.go | 77 +++---- 3 files changed, 91 insertions(+), 364 deletions(-) diff --git a/Gopkg.lock b/Gopkg.lock index 782e78f6a27c0..61bba59813815 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -2,75 +2,64 @@ [[projects]] - digest = "1:9702dc153c9bb6ee7ee0587c248b7024700e89e4a7be284faaeeab9da32e1c6b" name = "cloud.google.com/go" packages = ["compute/metadata"] - pruneopts = "" revision = "767c40d6a2e058483c25fa193e963a22da17236d" version = "v0.18.0" [[projects]] - digest = "1:6204a59b379aadf05380cf8cf3ae0f5867588ba028fe84f260312a79ae717272" name = "github.com/GeertJohan/go.rice" packages = [ ".", - "embedded", + "embedded" ] - pruneopts = "" revision = "c02ca9a983da5807ddf7d796784928f5be4afd09" [[projects]] - digest = "1:8ec1618fc3ee146af104d6c13be250f25e5976e34557d4afbfe4b28035ce6c05" name = "github.com/Knetic/govaluate" packages = ["."] - pruneopts = "" revision = "d216395917cc49052c7c7094cf57f09657ca08a8" version = "v3.0.0" [[projects]] - digest = "1:71c0dfb843260bfb9b03357cae8eac261b8d82e149ad8f76938b87a23aa47c43" name = "github.com/PuerkitoBio/purell" packages = ["."] - pruneopts = "" revision = "b938d81255b5473c57635324295cb0fe398c7a58" [[projects]] branch = "master" - digest = "1:331a419049c2be691e5ba1d24342fc77c7e767a80c666a18fd8a9f7b82419c1c" name = "github.com/PuerkitoBio/urlesc" packages = ["."] - pruneopts = "" revision = "de5bf2ad457846296e2031421a34e2568e304e35" [[projects]] - digest = "1:26a8fd03a1fb25aa92c58080d8ca76363d56694c148f6175266e0393c0d2e729" name = "github.com/argoproj/argo" packages = [ "pkg/apis/workflow", - "pkg/apis/workflow/v1alpha1", + "pkg/apis/workflow/v1alpha1" ] - pruneopts = "" revision = "ac241c95c13f08e868cd6f5ee32c9ce273e239ff" version = "v2.1.1" [[projects]] - digest = "1:d8a2bb36a048d1571bcc1aee208b61f39dc16c6c53823feffd37449dde162507" + branch = "master" + name = "github.com/argoproj/pkg" + packages = ["time"] + revision = "881057947d921c5d62af84ad15cd3c6fb36d6077" + +[[projects]] name = "github.com/asaskevich/govalidator" packages = ["."] - pruneopts = "" revision = "ccb8e960c48f04d6935e72476ae4a51028f9e22f" version = "v9" [[projects]] - digest = "1:79421244ba5848aae4b0a5c41e633a04e4894cb0b164a219dc8c15ec7facb7f1" name = "github.com/blang/semver" packages = ["."] - pruneopts = "" revision = "2ee87856327ba09384cabd113bc6b5d174e9ec0f" version = "v3.5.1" [[projects]] - digest = "1:e04162bd6a6d4950541bae744c968108e14913b1cebccf29f7650b573f44adb3" name = "github.com/casbin/casbin" packages = [ ".", @@ -81,113 +70,87 @@ "persist/file-adapter", "rbac", "rbac/default-role-manager", - "util", + "util" ] - pruneopts = "" revision = "d71629e497929858300c38cd442098c178121c30" version = "v1.5.0" [[projects]] - digest = "1:65bad35bfcdd839cb26bb4ff31de49be39dd6bd2ade0c7c57d010f7d0412a4a5" name = "github.com/coreos/dex" packages = ["api"] - pruneopts = "" revision = "218d671a96865df2a4cf7f310efb99b8bfc5a5e2" version = "v2.10.0" [[projects]] branch = "v2" - digest = "1:d8ee1b165eb7f4fd9ada718e1e7eeb0bc1fd462592d0bd823df694443f448681" name = "github.com/coreos/go-oidc" packages = ["."] - pruneopts = "" revision = "1180514eaf4d9f38d0d19eef639a1d695e066e72" [[projects]] branch = "master" - digest = "1:5fd5c4d4282935b7a575299494f2c09e9d2cacded7815c83aff7c1602aff3154" name = "github.com/daaku/go.zipexe" packages = ["."] - pruneopts = "" revision = "a5fe2436ffcb3236e175e5149162b41cd28bd27d" [[projects]] - digest = "1:56c130d885a4aacae1dd9c7b71cfe39912c7ebc1ff7d2b46083c8812996dc43b" name = "github.com/davecgh/go-spew" packages = ["spew"] - pruneopts = "" revision = "346938d642f2ec3594ed81d874461961cd0faa76" version = "v1.1.0" [[projects]] - digest = "1:6098222470fe0172157ce9bbef5d2200df4edde17ee649c5d6e48330e4afa4c6" name = "github.com/dgrijalva/jwt-go" packages = ["."] - pruneopts = "" revision = "06ea1031745cb8b3dab3f6a236daf2b0aa468b7e" version = "v3.2.0" [[projects]] - digest = "1:971e9ba63a417c5f1f83ab358677bc59e96ff04285f26c6646ff089fb60b15e8" name = "github.com/emicklei/go-restful" packages = [ ".", - "log", + "log" ] - pruneopts = "" revision = "3658237ded108b4134956c1b3050349d93e7b895" version = "v2.7.1" [[projects]] - digest = "1:b13707423743d41665fd23f0c36b2f37bb49c30e94adb813319c44188a51ba22" name = "github.com/ghodss/yaml" packages = ["."] - pruneopts = "" revision = "0ca9ea5df5451ffdf184b4428c902747c2c11cd7" [[projects]] branch = "master" - digest = "1:eb77b66abaf9649747230eb973350bd1c311a0d0362213192efbdd222082b072" name = "github.com/go-openapi/analysis" packages = ["."] - pruneopts = "" revision = "5957818e100395077187fb7ef3b8a28227af06c6" [[projects]] branch = "master" - digest = "1:ee273c95c1414ef11bd4da259b40e83f41c1d5a6bee7d1b54a05ef5f3565fd92" name = "github.com/go-openapi/errors" packages = ["."] - pruneopts = "" revision = "b2b2befaf267d082d779bcef52d682a47c779517" [[projects]] branch = "master" - digest = "1:1287439f7765209116509fffff2b8f853845e4b35572b41a1aadda42cbcffcc2" name = "github.com/go-openapi/jsonpointer" packages = ["."] - pruneopts = "" revision = "779f45308c19820f1a69e9a4cd965f496e0da10f" [[projects]] branch = "master" - digest = "1:07ac8ac445f68b0bc063d11845d479fb7e09c906ead7a8c4165b59777df09d74" name = "github.com/go-openapi/jsonreference" packages = ["."] - pruneopts = "" revision = "36d33bfe519efae5632669801b180bf1a245da3b" [[projects]] branch = "master" - digest = "1:c4a8c916364abeda1c5cf36684320298bbf4d87718b0b2bd9c4ca663157fdc75" name = "github.com/go-openapi/loads" packages = ["."] - pruneopts = "" revision = "2a2b323bab96e6b1fdee110e57d959322446e9c9" [[projects]] branch = "master" - digest = "1:1d9c762f6695e6e7ed0b4c055fa0eab7d20c2b36c935943282273d37f114e302" name = "github.com/go-openapi/runtime" packages = [ ".", @@ -196,57 +159,45 @@ "middleware/denco", "middleware/header", "middleware/untyped", - "security", + "security" ] - pruneopts = "" revision = "cd9d8ed52e4b4665463cbc655500e4faa09c3c16" [[projects]] branch = "master" - digest = "1:fd4008f8283b993180f0626d0c7b2f48880e9dbb6bd92a91cac7ded30dc66777" name = "github.com/go-openapi/spec" packages = ["."] - pruneopts = "" revision = "1de3e0542de65ad8d75452a595886fdd0befb363" [[projects]] branch = "master" - digest = "1:4ddc424130bcfbf6f782f433192ca2502a02a09e4ac55dcbecf91f22ed4e3138" name = "github.com/go-openapi/strfmt" packages = ["."] - pruneopts = "" revision = "481808443b00a14745fada967cb5eeff0f9b1df2" [[projects]] branch = "master" - digest = "1:366052ef634d344217d6720719c9f8e95de13a94d211f09785b0ba3c4c181b06" name = "github.com/go-openapi/swag" packages = ["."] - pruneopts = "" revision = "84f4bee7c0a6db40e3166044c7983c1c32125429" [[projects]] branch = "master" - digest = "1:671e25496d550c80a9d6e7e588d32b380c6b4877f113750724f69acc6ce6790f" name = "github.com/go-openapi/validate" packages = ["."] - pruneopts = "" revision = "b0a3ed684d0fdd3e1eda00433382188ce8aa7169" [[projects]] - digest = "1:024c9473f363a12918e87e7efc778091839beab514b01309a6ecd8aa336c8065" name = "github.com/go-redis/cache" packages = [ ".", "internal/lrucache", - "internal/singleflight", + "internal/singleflight" ] - pruneopts = "" revision = "c58ada1e23a3b66593f81c70572c20a0bb805a90" version = "v6.3.5" [[projects]] - digest = "1:34c6632be33dacedc5acf9f4489cfa64e0d716a55b00e2f6ff839a4437c3f7da" name = "github.com/go-redis/redis" packages = [ ".", @@ -256,22 +207,18 @@ "internal/pool", "internal/proto", "internal/singleflight", - "internal/util", + "internal/util" ] - pruneopts = "" revision = "877867d2845fbaf86798befe410b6ceb6f5c29a3" version = "v6.10.2" [[projects]] - digest = "1:842c1acbacc80da775cfc0c412c4fe322c2d1b86c260db632987730d0d67a6bd" name = "github.com/gobuffalo/packr" packages = ["."] - pruneopts = "" revision = "7f4074995d431987caaa35088199f13c44b24440" version = "v1.11.0" [[projects]] - digest = "1:0a3f6a0c68ab8f3d455f8892295503b179e571b7fefe47cc6c556405d1f83411" name = "github.com/gogo/protobuf" packages = [ "gogoproto", @@ -300,23 +247,19 @@ "protoc-gen-gogofast", "sortkeys", "vanity", - "vanity/command", + "vanity/command" ] - pruneopts = "" revision = "1adfc126b41513cc696b209667c8656ea7aac67c" version = "v1.0.0" [[projects]] branch = "master" - digest = "1:107b233e45174dbab5b1324201d092ea9448e58243ab9f039e4c0f332e121e3a" name = "github.com/golang/glog" packages = ["."] - pruneopts = "" revision = "23def4e6c14b4da8ac2ed8007337bc5eb5007998" [[projects]] branch = "master" - digest = "1:27828cf74799ad14fcafece9f78f350cdbcd4fbe92c14ad4cba256fbbfa328ef" name = "github.com/golang/protobuf" packages = [ "jsonpb", @@ -331,45 +274,37 @@ "ptypes/duration", "ptypes/empty", "ptypes/struct", - "ptypes/timestamp", + "ptypes/timestamp" ] - pruneopts = "" revision = "e09c5db296004fbe3f74490e84dcd62c3c5ddb1b" [[projects]] - digest = "1:14d826ee25139b4674e9768ac287a135f4e7c14e1134a5b15e4e152edfd49f41" name = "github.com/google/go-jsonnet" packages = [ ".", "ast", - "parser", + "parser" ] - pruneopts = "" revision = "dfddf2b4e3aec377b0dcdf247ff92e7d078b8179" [[projects]] branch = "master" - digest = "1:754f77e9c839b24778a4b64422236d38515301d2baeb63113aa3edc42e6af692" name = "github.com/google/gofuzz" packages = ["."] - pruneopts = "" revision = "24818f796faf91cd76ec7bddd72458fbced7a6c1" [[projects]] - digest = "1:2a131706ff80636629ab6373f2944569b8252ecc018cda8040931b05d32e3c16" name = "github.com/googleapis/gnostic" packages = [ "OpenAPIv2", "compiler", - "extensions", + "extensions" ] - pruneopts = "" revision = "ee43cbb60db7bd22502942cccbc39059117352ab" version = "v0.1.0" [[projects]] branch = "master" - digest = "1:9dca8c981b8aed7448d94e78bc68a76784867a38b3036d5aabc0b32d92ffd1f4" name = "github.com/grpc-ecosystem/go-grpc-middleware" packages = [ ".", @@ -379,13 +314,11 @@ "logging/logrus/ctxlogrus", "tags", "tags/logrus", - "util/metautils", + "util/metautils" ] - pruneopts = "" revision = "bc372cc64f55abd91995ba3f219b380ffbc59e9d" [[projects]] - digest = "1:9feb7485bc57adbcbc1e1037ca05588e9d8b0a3a1875fbf730021fc118859b75" name = "github.com/grpc-ecosystem/grpc-gateway" packages = [ "protoc-gen-grpc-gateway", @@ -398,65 +331,51 @@ "protoc-gen-swagger/options", "runtime", "runtime/internal", - "utilities", + "utilities" ] - pruneopts = "" revision = "07f5e79768022f9a3265235f0db4ac8c3f675fec" version = "v1.3.1" [[projects]] branch = "master" - digest = "1:9c776d7d9c54b7ed89f119e449983c3f24c0023e75001d6092442412ebca6b94" name = "github.com/hashicorp/golang-lru" packages = [ ".", - "simplelru", + "simplelru" ] - pruneopts = "" revision = "0fb14efe8c47ae851c0034ed7a448854d3d34cf3" [[projects]] branch = "master" - digest = "1:f81c8d7354cc0c6340f2f7a48724ee6c2b3db3e918ecd441c985b4d2d97dd3e7" name = "github.com/howeyc/gopass" packages = ["."] - pruneopts = "" revision = "bf9dde6d0d2c004a008c27aaee91170c786f6db8" [[projects]] - digest = "1:23bc0b496ba341c6e3ba24d6358ff4a40a704d9eb5f9a3bd8e8fbd57ad869013" name = "github.com/imdario/mergo" packages = ["."] - pruneopts = "" revision = "163f41321a19dd09362d4c63cc2489db2015f1f4" version = "0.3.2" [[projects]] - digest = "1:870d441fe217b8e689d7949fef6e43efbc787e50f200cb1e70dbca9204a1d6be" name = "github.com/inconshreveable/mousetrap" packages = ["."] - pruneopts = "" revision = "76626ae9c91c4f2a10f34cad8ce83ea42c93bb75" version = "v1.0" [[projects]] - digest = "1:dd5cdbd84daf24b2a009364f3c24859b1e4de1eab87c451fb3bce09935d909fc" name = "github.com/json-iterator/go" packages = ["."] - pruneopts = "" revision = "e7c7f3b33712573affdcc7a107218e7926b9a05b" version = "1.0.6" [[projects]] branch = "master" - digest = "1:2c5ad58492804c40bdaf5d92039b0cde8b5becd2b7feeb37d7d1cc36a8aa8dbe" name = "github.com/kardianos/osext" packages = ["."] - pruneopts = "" revision = "ae77be60afb1dcacde03767a8c37337fad28ac14" [[projects]] - digest = "1:2fe45da14d25bce0a58c5a991967149cc5d07f94be327b928a9fd306466815a3" name = "github.com/ksonnet/ksonnet" packages = [ "metadata/params", @@ -471,14 +390,12 @@ "pkg/schema", "pkg/util/jsonnet", "pkg/util/kslib", - "pkg/util/strings", + "pkg/util/strings" ] - pruneopts = "" revision = "e943ae55d4fe256c8330a047ce8426ad9dac110c" version = "v0.11.0" [[projects]] - digest = "1:a165d7829bc54ec7952629870058b748512edb2fcbe244aba797d8de31bb4f03" name = "github.com/ksonnet/ksonnet-lib" packages = [ "ksonnet-gen/astext", @@ -487,198 +404,156 @@ "ksonnet-gen/kubespec", "ksonnet-gen/kubeversion", "ksonnet-gen/nodemaker", - "ksonnet-gen/printer", + "ksonnet-gen/printer" ] - pruneopts = "" revision = "dfcaa3d01d0c4948cb596403c35e966c774f2678" version = "v0.1.8" [[projects]] branch = "master" - digest = "1:ccc20cacf54eb16464dad02efa1c14fa7c0b9e124639b0d2a51dcc87b0154e4c" name = "github.com/mailru/easyjson" packages = [ "buffer", "jlexer", - "jwriter", + "jwriter" ] - pruneopts = "" revision = "32fa128f234d041f196a9f3e0fea5ac9772c08e1" [[projects]] branch = "master" - digest = "1:eb9117392ee8e7aa44f78e0db603f70b1050ee0ebda4bd40040befb5b218c546" name = "github.com/mitchellh/mapstructure" packages = ["."] - pruneopts = "" revision = "bb74f1db0675b241733089d5a1faa5dd8b0ef57b" [[projects]] - digest = "1:4c0404dc03d974acd5fcd8b8d3ce687b13bd169db032b89275e8b9d77b98ce8c" name = "github.com/patrickmn/go-cache" packages = ["."] - pruneopts = "" revision = "a3647f8e31d79543b2d0f0ae2fe5c379d72cedc0" version = "v2.1.0" [[projects]] - digest = "1:7365acd48986e205ccb8652cc746f09c8b7876030d53710ea6ef7d0bd0dcd7ca" name = "github.com/pkg/errors" packages = ["."] - pruneopts = "" revision = "645ef00459ed84a119197bfb8d8205042c6df63d" version = "v0.8.0" [[projects]] - digest = "1:256484dbbcd271f9ecebc6795b2df8cad4c458dd0f5fd82a8c2fa0c29f233411" name = "github.com/pmezard/go-difflib" packages = ["difflib"] - pruneopts = "" revision = "792786c7400a136282c1664665ae0a8db921c6c2" version = "v1.0.0" [[projects]] branch = "master" - digest = "1:90daff4630a8cf2fa207dbd3ccaed0e860936ead1851a473019674e6b5993a13" name = "github.com/pquerna/cachecontrol" packages = [ ".", - "cacheobject", + "cacheobject" ] - pruneopts = "" revision = "525d0eb5f91d30e3b1548de401b7ef9ea6898520" [[projects]] branch = "master" - digest = "1:1ee3e3e12ffdb5ba70b918148685cab6340bbc0d03ba723bcb46062d1bea69c6" name = "github.com/qiangmzsx/string-adapter" packages = ["."] - pruneopts = "" revision = "38f25303bb0cd40e674a6fac01e0171ab905f5a1" [[projects]] - digest = "1:3962f553b77bf6c03fc07cd687a22dd3b00fe11aa14d31194f5505f5bb65cdc8" name = "github.com/sergi/go-diff" packages = ["diffmatchpatch"] - pruneopts = "" revision = "1744e2970ca51c86172c8190fadad617561ed6e7" version = "v1.0.0" [[projects]] - digest = "1:c92f01303e3ab3b5da92657841639cb53d1548f0d2733d12ef3b9fd9d47c869e" name = "github.com/sirupsen/logrus" packages = ["."] - pruneopts = "" revision = "ea8897e79973357ba785ac2533559a6297e83c44" [[projects]] branch = "master" - digest = "1:50b5be512f924d289f20e8b2aef8951d98b9bd8c44666cf169514906df597a4c" name = "github.com/skratchdot/open-golang" packages = ["open"] - pruneopts = "" revision = "75fb7ed4208cf72d323d7d02fd1a5964a7a9073c" [[projects]] - digest = "1:022a4e2a8c327eb46a99088a51c0dda5d5be86928ace2afd72145dc1d746a323" name = "github.com/soheilhy/cmux" packages = ["."] - pruneopts = "" revision = "e09e9389d85d8492d313d73d1469c029e710623f" version = "v0.1.4" [[projects]] - digest = "1:a35a4db30a6094deac33fdb99de9ed99fefc39a7bf06b57d9f04bcaa425bb183" name = "github.com/spf13/afero" packages = [ ".", - "mem", + "mem" ] - pruneopts = "" revision = "9be650865eab0c12963d8753212f4f9c66cdcf12" [[projects]] - digest = "1:2208a80fc3259291e43b30f42f844d18f4218036dff510f42c653ec9890d460a" name = "github.com/spf13/cobra" packages = ["."] - pruneopts = "" revision = "7b2c5ac9fc04fc5efafb60700713d4fa609b777b" version = "v0.0.1" [[projects]] - digest = "1:261bc565833ef4f02121450d74eb88d5ae4bd74bfe5d0e862cddb8550ec35000" name = "github.com/spf13/pflag" packages = ["."] - pruneopts = "" revision = "e57e3eeb33f795204c1ca35f56c44f83227c6e66" version = "v1.0.0" [[projects]] - digest = "1:306417ea2f31ea733df356a2b895de63776b6a5107085b33458e5cd6eb1d584d" name = "github.com/stretchr/objx" packages = ["."] - pruneopts = "" revision = "facf9a85c22f48d2f52f2380e4efce1768749a89" version = "v0.1" [[projects]] - digest = "1:a30066593578732a356dc7e5d7f78d69184ca65aeeff5939241a3ab10559bb06" name = "github.com/stretchr/testify" packages = [ "assert", - "mock", + "mock" ] - pruneopts = "" revision = "12b6f73e6084dad08a7c6e575284b177ecafbc71" version = "v1.2.1" [[projects]] - digest = "1:51cf0fca93f4866709ceaf01b750e51d997c299a7bd2edf7ccd79e3b428754ae" name = "github.com/vmihailenco/msgpack" packages = [ ".", - "codes", + "codes" ] - pruneopts = "" revision = "a053f3dac71df214bfe8b367f34220f0029c9c02" version = "v3.3.1" [[projects]] - digest = "1:529ed3f98838f69e13761788d0cc71b44e130058fab13bae2ce09f7a176bced4" name = "github.com/yudai/gojsondiff" packages = [ ".", - "formatter", + "formatter" ] - pruneopts = "" revision = "7b1b7adf999dab73a6eb02669c3d82dbb27a3dd6" version = "1.0.0" [[projects]] branch = "master" - digest = "1:9857bb2293f372b2181004d8b62179bbdb4ab0982ec6f762abe6cf2bfedaff85" name = "github.com/yudai/golcs" packages = ["."] - pruneopts = "" revision = "ecda9a501e8220fae3b4b600c3db4b0ba22cfc68" [[projects]] branch = "master" - digest = "1:2ea6df0f542cc95a5e374e9cdd81eaa599ed0d55366eef92d2f6b9efa2795c07" name = "golang.org/x/crypto" packages = [ "bcrypt", "blowfish", "ed25519", "ed25519/internal/edwards25519", - "ssh/terminal", + "ssh/terminal" ] - pruneopts = "" revision = "432090b8f568c018896cd8a0fb0345872bbac6ce" [[projects]] branch = "master" - digest = "1:b4ba046df563f56fe42b6270b20039107a37e1ab47c97aa47a16f848aa5b6d9a" name = "golang.org/x/net" packages = [ "context", @@ -688,46 +563,38 @@ "idna", "internal/timeseries", "lex/httplex", - "trace", + "trace" ] - pruneopts = "" revision = "cbe0f9307d0156177f9dd5dc85da1a31abc5f2fb" [[projects]] - digest = "1:8a58c605e58272e3d280181a24749b07499cf98968da6f7c1d19c8d5649c6b1b" name = "golang.org/x/oauth2" packages = [ ".", "google", "internal", "jws", - "jwt", + "jwt" ] - pruneopts = "" revision = "cce311a261e6fcf29de72ca96827bdb0b7d9c9e6" [[projects]] branch = "master" - digest = "1:8aad4e360d6645abe564e925bd6d8d3b94975e52ce68af0c28f91b5aedb0637f" name = "golang.org/x/sync" packages = ["errgroup"] - pruneopts = "" revision = "fd80eb99c8f653c847d294a001bdf2a3a6f768f5" [[projects]] branch = "master" - digest = "1:407b5f905024dd94ee08c1777fabb380fb3d380f92a7f7df2592be005337eeb3" name = "golang.org/x/sys" packages = [ "unix", - "windows", + "windows" ] - pruneopts = "" revision = "37707fdb30a5b38865cfb95e5aab41707daec7fd" [[projects]] branch = "master" - digest = "1:31985a0ed491dba5ba7fe92e18be008acd92ca9435ed9b35b06f3e6c00fd82cb" name = "golang.org/x/text" packages = [ "collate", @@ -744,34 +611,28 @@ "unicode/cldr", "unicode/norm", "unicode/rangetable", - "width", + "width" ] - pruneopts = "" revision = "4e4a3210bb54bb31f6ab2cdca2edcc0b50c420c1" [[projects]] branch = "master" - digest = "1:55a681cb66f28755765fa5fa5104cbd8dc85c55c02d206f9f89566451e3fe1aa" name = "golang.org/x/time" packages = ["rate"] - pruneopts = "" revision = "fbb02b2291d28baffd63558aa44b4b56f178d650" [[projects]] branch = "master" - digest = "1:77e1d6ed91936b206979806b0aacbf817ec54b840803d8f8cd7a1de5bfbf92a4" name = "golang.org/x/tools" packages = [ "cmd/cover", "cover", "go/ast/astutil", - "imports", + "imports" ] - pruneopts = "" revision = "5e776fee60db37e560cee3fb46db699d2f095386" [[projects]] - digest = "1:934fb8966f303ede63aa405e2c8d7f0a427a05ea8df335dfdc1833dd4d40756f" name = "google.golang.org/appengine" packages = [ ".", @@ -784,25 +645,21 @@ "internal/modules", "internal/remote_api", "internal/urlfetch", - "urlfetch", + "urlfetch" ] - pruneopts = "" revision = "150dc57a1b433e64154302bdc40b6bb8aefa313a" version = "v1.0.0" [[projects]] branch = "master" - digest = "1:2d833b53e432cd69645da559b822661ebc5c0a13c571dee1c1f80fb1a0241330" name = "google.golang.org/genproto" packages = [ "googleapis/api/annotations", - "googleapis/rpc/status", + "googleapis/rpc/status" ] - pruneopts = "" revision = "2b5a72b8730b0b16380010cfe5286c42108d88e7" [[projects]] - digest = "1:d2dc833c73202298c92b63a7e180e2b007b5a3c3c763e3b9fe1da249b5c7f5b9" name = "google.golang.org/grpc" packages = [ ".", @@ -829,66 +686,54 @@ "stats", "status", "tap", - "transport", + "transport" ] - pruneopts = "" revision = "8e4536a86ab602859c20df5ebfd0bd4228d08655" version = "v1.10.0" [[projects]] - digest = "1:bf7444e1e6a36e633f4f1624a67b9e4734cfb879c27ac0a2082ac16aff8462ac" name = "gopkg.in/go-playground/webhooks.v3" packages = [ ".", "bitbucket", "github", - "gitlab", + "gitlab" ] - pruneopts = "" revision = "5580947e3ec83427ef5f6f2392eddca8dde5d99a" version = "v3.11.0" [[projects]] - digest = "1:e5d1fb981765b6f7513f793a3fcaac7158408cca77f75f7311ac82cc88e9c445" name = "gopkg.in/inf.v0" packages = ["."] - pruneopts = "" revision = "3887ee99ecf07df5b447e9b00d9c0b2adaa9f3e4" version = "v0.9.0" [[projects]] branch = "v2" - digest = "1:c80894778314c7fb90d94a5ab925214900e1341afeddc953cda7398b8cdcd006" name = "gopkg.in/mgo.v2" packages = [ "bson", - "internal/json", + "internal/json" ] - pruneopts = "" revision = "3f83fa5005286a7fe593b055f0d7771a7dce4655" [[projects]] - digest = "1:de0ec5755ee1a5e61f079c8855cf2073b5a5f614ae3b51db65f2c4e1044455fd" name = "gopkg.in/square/go-jose.v2" packages = [ ".", "cipher", - "json", + "json" ] - pruneopts = "" revision = "76dd09796242edb5b897103a75df2645c028c960" version = "v2.1.6" [[projects]] - digest = "1:81314a486195626940617e43740b4fa073f265b0715c9f54ce2027fee1cb5f61" name = "gopkg.in/yaml.v2" packages = ["."] - pruneopts = "" revision = "eb3733d160e74a9c7e442f435eb3bea458e1d19f" [[projects]] branch = "release-1.10" - digest = "1:5beb32094452970c0d73a2bdacd79aa9cfaa4947a774d521c1bed4b4c2705f15" name = "k8s.io/api" packages = [ "admission/v1beta1", @@ -920,28 +765,24 @@ "settings/v1alpha1", "storage/v1", "storage/v1alpha1", - "storage/v1beta1", + "storage/v1beta1" ] - pruneopts = "" revision = "8b7507fac302640dd5f1efbf9643199952cc58db" [[projects]] branch = "release-1.10" - digest = "1:7cb811fe9560718bd0ada29f2091acab5c4b4380ed23ef2824f64ce7038d899e" name = "k8s.io/apiextensions-apiserver" packages = [ "pkg/apis/apiextensions", "pkg/apis/apiextensions/v1beta1", "pkg/client/clientset/clientset", "pkg/client/clientset/clientset/scheme", - "pkg/client/clientset/clientset/typed/apiextensions/v1beta1", + "pkg/client/clientset/clientset/typed/apiextensions/v1beta1" ] - pruneopts = "" revision = "b13a681559816a9c14f93086bbeeed1c7baf2bcb" [[projects]] branch = "release-1.10" - digest = "1:b9c6e8e91bab6a419c58a63377532782a9f5616552164c38a9527f91c9309bbe" name = "k8s.io/apimachinery" packages = [ "pkg/api/equality", @@ -988,14 +829,12 @@ "pkg/version", "pkg/watch", "third_party/forked/golang/json", - "third_party/forked/golang/reflect", + "third_party/forked/golang/reflect" ] - pruneopts = "" revision = "f6313580a4d36c7c74a3d845dda6e116642c4f90" [[projects]] branch = "release-7.0" - digest = "1:3a45889089f89cc371fb45b3f8a478248b755e4af17a8cf592e49bdf3481a0b3" name = "k8s.io/client-go" packages = [ "discovery", @@ -1152,51 +991,43 @@ "util/integer", "util/jsonpath", "util/retry", - "util/workqueue", + "util/workqueue" ] - pruneopts = "" revision = "26a26f55b28aa1b338fbaf6fbbe0bcd76aed05e0" [[projects]] branch = "release-1.10" - digest = "1:34b0b3400ffdc2533ed4ea23721956638c2776ba49ca4c5def71dddcf0cdfd9b" name = "k8s.io/code-generator" packages = [ "cmd/go-to-protobuf", "cmd/go-to-protobuf/protobuf", "pkg/util", - "third_party/forked/golang/reflect", + "third_party/forked/golang/reflect" ] - pruneopts = "" revision = "9de8e796a74d16d2a285165727d04c185ebca6dc" [[projects]] branch = "master" - digest = "1:15710582bd5ceff07eee4726884f75f97f90366fde9307b8dd09500c75722456" name = "k8s.io/gengo" packages = [ "args", "generator", "namer", "parser", - "types", + "types" ] - pruneopts = "" revision = "8394c995ab8fbe52216f38d0e1a37de36d820528" [[projects]] branch = "master" - digest = "1:9a648ff9eb89673d2870c22fc011ec5db0fcff6c4e5174a650298e51be71bbf1" name = "k8s.io/kube-openapi" packages = [ "pkg/common", - "pkg/util/proto", + "pkg/util/proto" ] - pruneopts = "" revision = "50ae88d24ede7b8bad68e23c805b5d3da5c8abaf" [[projects]] - digest = "1:ad247ab9725165a7f289779d46747da832e33a4efe8ae264461afc571f65dac8" name = "k8s.io/kubernetes" packages = [ "pkg/apis/apps", @@ -1205,124 +1036,14 @@ "pkg/apis/core", "pkg/apis/extensions", "pkg/apis/networking", - "pkg/kubectl/scheme", + "pkg/kubectl/scheme" ] - pruneopts = "" revision = "81753b10df112992bf51bbc2c2f85208aad78335" version = "v1.10.2" [solve-meta] analyzer-name = "dep" analyzer-version = 1 - input-imports = [ - "github.com/argoproj/argo/pkg/apis/workflow/v1alpha1", - "github.com/casbin/casbin", - "github.com/casbin/casbin/model", - "github.com/coreos/dex/api", - "github.com/coreos/go-oidc", - "github.com/dgrijalva/jwt-go", - "github.com/ghodss/yaml", - "github.com/go-openapi/loads", - "github.com/go-openapi/runtime/middleware", - "github.com/go-redis/cache", - "github.com/go-redis/redis", - "github.com/gobuffalo/packr", - "github.com/gogo/protobuf/gogoproto", - "github.com/gogo/protobuf/proto", - "github.com/gogo/protobuf/protoc-gen-gofast", - "github.com/gogo/protobuf/protoc-gen-gogofast", - "github.com/golang/glog", - "github.com/golang/protobuf/proto", - "github.com/golang/protobuf/protoc-gen-go", - "github.com/golang/protobuf/ptypes/empty", - "github.com/grpc-ecosystem/go-grpc-middleware", - "github.com/grpc-ecosystem/go-grpc-middleware/auth", - "github.com/grpc-ecosystem/go-grpc-middleware/logging", - "github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus", - "github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus", - "github.com/grpc-ecosystem/grpc-gateway/protoc-gen-grpc-gateway", - "github.com/grpc-ecosystem/grpc-gateway/protoc-gen-swagger", - "github.com/grpc-ecosystem/grpc-gateway/runtime", - "github.com/grpc-ecosystem/grpc-gateway/utilities", - "github.com/ksonnet/ksonnet/pkg/app", - "github.com/ksonnet/ksonnet/pkg/component", - "github.com/patrickmn/go-cache", - "github.com/pkg/errors", - "github.com/qiangmzsx/string-adapter", - "github.com/sirupsen/logrus", - "github.com/skratchdot/open-golang/open", - "github.com/soheilhy/cmux", - "github.com/spf13/afero", - "github.com/spf13/cobra", - "github.com/spf13/pflag", - "github.com/stretchr/testify/assert", - "github.com/stretchr/testify/mock", - "github.com/vmihailenco/msgpack", - "github.com/yudai/gojsondiff", - "github.com/yudai/gojsondiff/formatter", - "golang.org/x/crypto/bcrypt", - "golang.org/x/crypto/ssh/terminal", - "golang.org/x/net/context", - "golang.org/x/oauth2", - "golang.org/x/sync/errgroup", - "golang.org/x/tools/cmd/cover", - "google.golang.org/genproto/googleapis/api/annotations", - "google.golang.org/grpc", - "google.golang.org/grpc/codes", - "google.golang.org/grpc/credentials", - "google.golang.org/grpc/grpclog", - "google.golang.org/grpc/metadata", - "google.golang.org/grpc/reflection", - "google.golang.org/grpc/status", - "gopkg.in/go-playground/webhooks.v3", - "gopkg.in/go-playground/webhooks.v3/bitbucket", - "gopkg.in/go-playground/webhooks.v3/github", - "gopkg.in/go-playground/webhooks.v3/gitlab", - "k8s.io/api/apps/v1", - "k8s.io/api/apps/v1beta1", - "k8s.io/api/apps/v1beta2", - "k8s.io/api/core/v1", - "k8s.io/api/extensions/v1beta1", - "k8s.io/api/rbac/v1", - "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset", - "k8s.io/apimachinery/pkg/api/equality", - "k8s.io/apimachinery/pkg/api/errors", - "k8s.io/apimachinery/pkg/apis/meta/v1", - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured", - "k8s.io/apimachinery/pkg/fields", - "k8s.io/apimachinery/pkg/labels", - "k8s.io/apimachinery/pkg/runtime", - "k8s.io/apimachinery/pkg/runtime/schema", - "k8s.io/apimachinery/pkg/runtime/serializer", - "k8s.io/apimachinery/pkg/selection", - "k8s.io/apimachinery/pkg/types", - "k8s.io/apimachinery/pkg/util/intstr", - "k8s.io/apimachinery/pkg/util/runtime", - "k8s.io/apimachinery/pkg/util/strategicpatch", - "k8s.io/apimachinery/pkg/util/wait", - "k8s.io/apimachinery/pkg/watch", - "k8s.io/client-go/discovery", - "k8s.io/client-go/discovery/fake", - "k8s.io/client-go/dynamic", - "k8s.io/client-go/dynamic/fake", - "k8s.io/client-go/informers", - "k8s.io/client-go/informers/core/v1", - "k8s.io/client-go/kubernetes", - "k8s.io/client-go/kubernetes/fake", - "k8s.io/client-go/plugin/pkg/client/auth/gcp", - "k8s.io/client-go/plugin/pkg/client/auth/oidc", - "k8s.io/client-go/rest", - "k8s.io/client-go/testing", - "k8s.io/client-go/tools/cache", - "k8s.io/client-go/tools/clientcmd", - "k8s.io/client-go/tools/clientcmd/api", - "k8s.io/client-go/util/flowcontrol", - "k8s.io/client-go/util/workqueue", - "k8s.io/code-generator/cmd/go-to-protobuf", - "k8s.io/kubernetes/pkg/apis/apps", - "k8s.io/kubernetes/pkg/apis/batch", - "k8s.io/kubernetes/pkg/apis/core", - "k8s.io/kubernetes/pkg/kubectl/scheme", - ] + inputs-digest = "3f7be63d38bb177fbf37d388370cb2c32a7a94973084d0664beb48dcf4f7c74f" solver-name = "gps-cdcl" solver-version = 1 diff --git a/Gopkg.toml b/Gopkg.toml index 035ae78078ec7..c74711aa542c7 100644 --- a/Gopkg.toml +++ b/Gopkg.toml @@ -7,6 +7,7 @@ required = [ "github.com/grpc-ecosystem/grpc-gateway/protoc-gen-swagger", "github.com/golang/protobuf/protoc-gen-go", "golang.org/x/tools/cmd/cover", + "github.com/argoproj/pkg/time", ] [[constraint]] diff --git a/cmd/argocd/commands/project.go b/cmd/argocd/commands/project.go index 43b87f31e16ea..5f698363d3e14 100644 --- a/cmd/argocd/commands/project.go +++ b/cmd/argocd/commands/project.go @@ -21,6 +21,7 @@ import ( "github.com/argoproj/argo-cd/util" "github.com/argoproj/argo-cd/util/git" projectUtil "github.com/argoproj/argo-cd/util/project" + timeutil "github.com/argoproj/pkg/time" "github.com/spf13/pflag" "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -41,9 +42,6 @@ type policyOpts struct { object string } -//Default expiration time to 3 months -const defaultSecondsBeforeExpiry = 60 * 60 * 24 * 3 - func (opts *projectOpts) GetDestinations() []v1alpha1.ApplicationDestination { destinations := make([]v1alpha1.ApplicationDestination, 0) for _, destStr := range opts.destinations { @@ -70,21 +68,15 @@ func NewProjectCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { os.Exit(1) }, } - var roleCommand = &cobra.Command{ - Use: "role", - Short: "Manage a project's role", - Run: func(c *cobra.Command, args []string) { - c.HelpFunc()(c, args) - os.Exit(1) - }, - } - roleCommand.AddCommand(NewProjectListRolesCommand(clientOpts)) - roleCommand.AddCommand(NewProjectCreateRoleCommand(clientOpts)) - roleCommand.AddCommand(NewProjectDeleteRoleCommand(clientOpts)) - roleCommand.AddCommand(NewProjectCreateTokenCommand(clientOpts)) - roleCommand.AddCommand(NewProjectDeleteTokenCommand(clientOpts)) - roleCommand.AddCommand(NewProjectAddRolePolicyCommand(clientOpts)) - roleCommand.AddCommand(NewProjectRemoveRolePolicyCommand(clientOpts)) + + roleCommand := NewProjectRoleCommand(clientOpts) + roleCommand.AddCommand(NewProjectRoleListCommand(clientOpts)) + roleCommand.AddCommand(NewProjectRoleCreateCommand(clientOpts)) + roleCommand.AddCommand(NewProjectRoleDeleteCommand(clientOpts)) + roleCommand.AddCommand(NewProjectRoleCreateTokenCommand(clientOpts)) + roleCommand.AddCommand(NewProjectRoleDeleteTokenCommand(clientOpts)) + roleCommand.AddCommand(NewProjectRoleAddPolicyCommand(clientOpts)) + roleCommand.AddCommand(NewProjectRoleRemovePolicyCommand(clientOpts)) command.AddCommand(roleCommand) command.AddCommand(NewProjectCreateCommand(clientOpts)) command.AddCommand(NewProjectDeleteCommand(clientOpts)) @@ -110,8 +102,20 @@ func addPolicyFlags(command *cobra.Command, opts *policyOpts) { command.Flags().StringVarP(&opts.object, "object", "o", "", "Object within the project to grant/deny access. Use '*' for a wildcard. Will want access to '/'") } -// NewProjectAddRolePolicyCommand returns a new instance of an `argocd proj role add-policy` command -func NewProjectAddRolePolicyCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { +// NewProjectRoleCommand returns a new instance of the `argocd proj role` command +func NewProjectRoleCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { + return &cobra.Command{ + Use: "role", + Short: "Manage a project's role", + Run: func(c *cobra.Command, args []string) { + c.HelpFunc()(c, args) + os.Exit(1) + }, + } +} + +// NewProjectRoleAddPolicyCommand returns a new instance of an `argocd proj role add-policy` command +func NewProjectRoleAddPolicyCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { var ( opts policyOpts ) @@ -159,8 +163,8 @@ func NewProjectAddRolePolicyCommand(clientOpts *argocdclient.ClientOptions) *cob return command } -// NewProjectRemoveRolePolicyCommand returns a new instance of an `argocd proj role remove-policy` command -func NewProjectRemoveRolePolicyCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { +// NewProjectRoleRemovePolicyCommand returns a new instance of an `argocd proj role remove-policy` command +func NewProjectRoleRemovePolicyCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { var ( opts policyOpts ) @@ -219,8 +223,8 @@ func NewProjectRemoveRolePolicyCommand(clientOpts *argocdclient.ClientOptions) * return command } -// NewProjectCreateRoleCommand returns a new instance of an `argocd proj role create` command -func NewProjectCreateRoleCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { +// NewProjectRoleCreateCommand returns a new instance of an `argocd proj role create` command +func NewProjectRoleCreateCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { var command = &cobra.Command{ Use: "create PROJECT ROLE-NAME", Short: "Create a project role", @@ -250,8 +254,8 @@ func NewProjectCreateRoleCommand(clientOpts *argocdclient.ClientOptions) *cobra. return command } -// NewProjectDeleteRoleCommand returns a new instance of an `argocd proj role delete` command -func NewProjectDeleteRoleCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { +// NewProjectRoleDeleteCommand returns a new instance of an `argocd proj role delete` command +func NewProjectRoleDeleteCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { var command = &cobra.Command{ Use: "delete PROJECT ROLE-NAME", Short: "Delete a project role", @@ -281,10 +285,10 @@ func NewProjectDeleteRoleCommand(clientOpts *argocdclient.ClientOptions) *cobra. return command } -// NewProjectCreateTokenCommand returns a new instance of an `argocd proj role create-token` command -func NewProjectCreateTokenCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { +// NewProjectRoleCreateTokenCommand returns a new instance of an `argocd proj role create-token` command +func NewProjectRoleCreateTokenCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { var ( - secondsBeforeExpiry int64 + timeBeforeExpiry string ) var command = &cobra.Command{ Use: "create-token PROJECT TOKEN-NAME [--seconds seconds]", @@ -298,19 +302,20 @@ func NewProjectCreateTokenCommand(clientOpts *argocdclient.ClientOptions) *cobra roleName := args[1] conn, projIf := argocdclient.NewClientOrDie(clientOpts).NewProjectClientOrDie() defer util.Close(conn) - - token, err := projIf.CreateToken(context.Background(), &project.ProjectTokenCreateRequest{Project: projName, Role: roleName, SecondsBeforeExpiry: secondsBeforeExpiry}) + duration, err := timeutil.ParseDuration(timeBeforeExpiry) + errors.CheckError(err) + token, err := projIf.CreateToken(context.Background(), &project.ProjectTokenCreateRequest{Project: projName, Role: roleName, SecondsBeforeExpiry: int64(duration.Seconds())}) errors.CheckError(err) fmt.Print(token.Token) }, } - command.Flags().Int64VarP(&secondsBeforeExpiry, "secondsBeforeExpiry", "s", defaultSecondsBeforeExpiry, "Number of seconds before the token will expire (Default: 3 months)") + command.Flags().StringVarP(&timeBeforeExpiry, "timeBeforeExpiry", "s", "0s", "Time before the token will expire. (Default: No expiration)") return command } -// NewProjectListRolesCommand returns a new instance of an `argocd proj roles list` command -func NewProjectListRolesCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { +// NewProjectRoleListCommand returns a new instance of an `argocd proj roles list` command +func NewProjectRoleListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { var command = &cobra.Command{ Use: "list PROJECT", Short: "List all the roles in a project", @@ -345,8 +350,8 @@ func NewProjectListRolesCommand(clientOpts *argocdclient.ClientOptions) *cobra.C return command } -// NewProjectDeleteTokenCommand returns a new instance of an `argocd proj role delete-token` command -func NewProjectDeleteTokenCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { +// NewProjectRoleDeleteTokenCommand returns a new instance of an `argocd proj role delete-token` command +func NewProjectRoleDeleteTokenCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { var command = &cobra.Command{ Use: "delete-token PROJECT ROLE-NAME CREATED_AT", Short: "Delete a project token", From 6299abc64697fcc0c7cdf487e80d350765ab6373 Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Mon, 13 Aug 2018 11:26:03 -0700 Subject: [PATCH 25/43] Renew JwtToken to JWTToken to find golang standard --- cmd/argocd/commands/project.go | 14 +- pkg/apis/application/v1alpha1/generated.pb.go | 390 +++++++++--------- pkg/apis/application/v1alpha1/generated.proto | 10 +- pkg/apis/application/v1alpha1/types.go | 10 +- .../v1alpha1/zz_generated.deepcopy.go | 14 +- server/project/project.go | 24 +- server/project/project.pb.go | 110 ++--- server/project/project.proto | 2 +- server/project/project_test.go | 30 +- server/server.go | 8 +- server/server_test.go | 34 +- server/swagger.json | 12 +- test/e2e/project_management_test.go | 2 +- util/project/util.go | 10 +- 14 files changed, 335 insertions(+), 335 deletions(-) diff --git a/cmd/argocd/commands/project.go b/cmd/argocd/commands/project.go index 5f698363d3e14..526341f5c7ec6 100644 --- a/cmd/argocd/commands/project.go +++ b/cmd/argocd/commands/project.go @@ -331,15 +331,15 @@ func NewProjectRoleListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co project, err := projIf.Get(context.Background(), &project.ProjectQuery{Name: projName}) errors.CheckError(err) w := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0) - fmt.Fprintf(w, "ROLE-NAME\tCREATED-AT\tPOLICIES\n") + fmt.Fprintf(w, "ROLE-NAME\tISSUED-AT\tEXPIRES-AT\tPOLICIES\n") for _, role := range project.Spec.Roles { fmt.Fprintf(w, "%s\n", role.Name) - if role.JwtTokens != nil { - for _, token := range role.JwtTokens { - fmt.Fprintf(w, "%s\t%d\t\n", role.Name, token.CreatedAt) + if role.JWTTokens != nil { + for _, token := range role.JWTTokens { + fmt.Fprintf(w, "%s\t%d\t\n", role.Name, token.IssuedAt) for _, policy := range role.Policies { - fmt.Fprintf(w, "%s\t%d\t%s\n", role.Name, token.CreatedAt, policy) + fmt.Fprintf(w, "%s\t%d\t%s\n", role.Name, token.IssuedAt, policy) } } } @@ -362,7 +362,7 @@ func NewProjectRoleDeleteTokenCommand(clientOpts *argocdclient.ClientOptions) *c } projName := args[0] roleName := args[1] - createdAt, err := strconv.ParseInt(args[2], 10, 64) + issuedAt, err := strconv.ParseInt(args[2], 10, 64) if err != nil { log.Fatal(err) } @@ -370,7 +370,7 @@ func NewProjectRoleDeleteTokenCommand(clientOpts *argocdclient.ClientOptions) *c conn, projIf := argocdclient.NewClientOrDie(clientOpts).NewProjectClientOrDie() defer util.Close(conn) - _, err = projIf.DeleteToken(context.Background(), &project.ProjectTokenDeleteRequest{Project: projName, Role: roleName, CreatedAt: createdAt}) + _, err = projIf.DeleteToken(context.Background(), &project.ProjectTokenDeleteRequest{Project: projName, Role: roleName, IssuedAt: issuedAt}) errors.CheckError(err) }, } diff --git a/pkg/apis/application/v1alpha1/generated.pb.go b/pkg/apis/application/v1alpha1/generated.pb.go index a132bffa1eaae..ad2973498738b 100644 --- a/pkg/apis/application/v1alpha1/generated.pb.go +++ b/pkg/apis/application/v1alpha1/generated.pb.go @@ -28,7 +28,7 @@ DeploymentInfo HealthStatus HookStatus - JwtToken + JWTToken Operation OperationState ProjectRole @@ -151,9 +151,9 @@ func (m *HookStatus) Reset() { *m = HookStatus{} } func (*HookStatus) ProtoMessage() {} func (*HookStatus) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{19} } -func (m *JwtToken) Reset() { *m = JwtToken{} } -func (*JwtToken) ProtoMessage() {} -func (*JwtToken) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{20} } +func (m *JWTToken) Reset() { *m = JWTToken{} } +func (*JWTToken) ProtoMessage() {} +func (*JWTToken) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{20} } func (m *Operation) Reset() { *m = Operation{} } func (*Operation) ProtoMessage() {} @@ -236,7 +236,7 @@ func init() { proto.RegisterType((*DeploymentInfo)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.DeploymentInfo") proto.RegisterType((*HealthStatus)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.HealthStatus") proto.RegisterType((*HookStatus)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.HookStatus") - proto.RegisterType((*JwtToken)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.JwtToken") + proto.RegisterType((*JWTToken)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.JWTToken") proto.RegisterType((*Operation)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.Operation") proto.RegisterType((*OperationState)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.OperationState") proto.RegisterType((*ProjectRole)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.ProjectRole") @@ -1096,7 +1096,7 @@ func (m *HookStatus) MarshalTo(dAtA []byte) (int, error) { return i, nil } -func (m *JwtToken) Marshal() (dAtA []byte, err error) { +func (m *JWTToken) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalTo(dAtA) @@ -1106,17 +1106,17 @@ func (m *JwtToken) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *JwtToken) MarshalTo(dAtA []byte) (int, error) { +func (m *JWTToken) MarshalTo(dAtA []byte) (int, error) { var i int _ = i var l int _ = l dAtA[i] = 0x8 i++ - i = encodeVarintGenerated(dAtA, i, uint64(m.CreatedAt)) + i = encodeVarintGenerated(dAtA, i, uint64(m.IssuedAt)) dAtA[i] = 0x10 i++ - i = encodeVarintGenerated(dAtA, i, uint64(m.ExpireAt)) + i = encodeVarintGenerated(dAtA, i, uint64(m.ExpiresAt)) return i, nil } @@ -1264,8 +1264,8 @@ func (m *ProjectRole) MarshalTo(dAtA []byte) (int, error) { i += copy(dAtA[i:], s) } } - if len(m.JwtTokens) > 0 { - for _, msg := range m.JwtTokens { + if len(m.JWTTokens) > 0 { + for _, msg := range m.JWTTokens { dAtA[i] = 0x1a i++ i = encodeVarintGenerated(dAtA, i, uint64(msg.Size())) @@ -2076,11 +2076,11 @@ func (m *HookStatus) Size() (n int) { return n } -func (m *JwtToken) Size() (n int) { +func (m *JWTToken) Size() (n int) { var l int _ = l - n += 1 + sovGenerated(uint64(m.CreatedAt)) - n += 1 + sovGenerated(uint64(m.ExpireAt)) + n += 1 + sovGenerated(uint64(m.IssuedAt)) + n += 1 + sovGenerated(uint64(m.ExpiresAt)) return n } @@ -2135,8 +2135,8 @@ func (m *ProjectRole) Size() (n int) { n += 1 + l + sovGenerated(uint64(l)) } } - if len(m.JwtTokens) > 0 { - for _, e := range m.JwtTokens { + if len(m.JWTTokens) > 0 { + for _, e := range m.JWTTokens { l = e.Size() n += 1 + l + sovGenerated(uint64(l)) } @@ -2578,13 +2578,13 @@ func (this *HookStatus) String() string { }, "") return s } -func (this *JwtToken) String() string { +func (this *JWTToken) String() string { if this == nil { return "nil" } - s := strings.Join([]string{`&JwtToken{`, - `CreatedAt:` + fmt.Sprintf("%v", this.CreatedAt) + `,`, - `ExpireAt:` + fmt.Sprintf("%v", this.ExpireAt) + `,`, + s := strings.Join([]string{`&JWTToken{`, + `IssuedAt:` + fmt.Sprintf("%v", this.IssuedAt) + `,`, + `ExpiresAt:` + fmt.Sprintf("%v", this.ExpiresAt) + `,`, `}`, }, "") return s @@ -2623,7 +2623,7 @@ func (this *ProjectRole) String() string { s := strings.Join([]string{`&ProjectRole{`, `Name:` + fmt.Sprintf("%v", this.Name) + `,`, `Policies:` + fmt.Sprintf("%v", this.Policies) + `,`, - `JwtTokens:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.JwtTokens), "JwtToken", "JwtToken", 1), `&`, ``, 1) + `,`, + `JWTTokens:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.JWTTokens), "JWTToken", "JWTToken", 1), `&`, ``, 1) + `,`, `}`, }, "") return s @@ -5799,7 +5799,7 @@ func (m *HookStatus) Unmarshal(dAtA []byte) error { } return nil } -func (m *JwtToken) Unmarshal(dAtA []byte) error { +func (m *JWTToken) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -5822,17 +5822,17 @@ func (m *JwtToken) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: JwtToken: wiretype end group for non-group") + return fmt.Errorf("proto: JWTToken: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: JwtToken: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: JWTToken: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field CreatedAt", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field IssuedAt", wireType) } - m.CreatedAt = 0 + m.IssuedAt = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowGenerated @@ -5842,16 +5842,16 @@ func (m *JwtToken) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.CreatedAt |= (int64(b) & 0x7F) << shift + m.IssuedAt |= (int64(b) & 0x7F) << shift if b < 0x80 { break } } case 2: if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field ExpireAt", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ExpiresAt", wireType) } - m.ExpireAt = 0 + m.ExpiresAt = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowGenerated @@ -5861,7 +5861,7 @@ func (m *JwtToken) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.ExpireAt |= (int64(b) & 0x7F) << shift + m.ExpiresAt |= (int64(b) & 0x7F) << shift if b < 0x80 { break } @@ -6359,7 +6359,7 @@ func (m *ProjectRole) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field JwtTokens", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field JWTTokens", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -6383,8 +6383,8 @@ func (m *ProjectRole) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.JwtTokens = append(m.JwtTokens, JwtToken{}) - if err := m.JwtTokens[len(m.JwtTokens)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + m.JWTTokens = append(m.JWTTokens, JWTToken{}) + if err := m.JWTTokens[len(m.JWTTokens)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex @@ -8189,166 +8189,166 @@ func init() { } var fileDescriptorGenerated = []byte{ - // 2567 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xd4, 0x59, 0x4b, 0x6c, 0x1c, 0x49, - 0xf9, 0x4f, 0xcf, 0xc3, 0x9e, 0xf9, 0xc6, 0x8f, 0xa4, 0xf6, 0xf1, 0xf7, 0x3f, 0x2b, 0xd9, 0x56, - 0x2f, 0x8f, 0x80, 0x76, 0xc7, 0x24, 0x10, 0x08, 0x0f, 0x21, 0x79, 0xec, 0x64, 0xe3, 0x38, 0x0f, - 0x53, 0xe3, 0x5d, 0xa4, 0x65, 0xb5, 0xd0, 0xe9, 0x29, 0xcf, 0x74, 0x66, 0xa6, 0xbb, 0xb7, 0xab, - 0x66, 0xc2, 0x48, 0x2c, 0x5a, 0x84, 0x90, 0x78, 0x4a, 0x20, 0x84, 0xb8, 0x72, 0xe0, 0x84, 0x90, - 0x90, 0x10, 0x27, 0x24, 0x0e, 0x70, 0x40, 0xb9, 0xb1, 0x07, 0x10, 0xab, 0x05, 0x59, 0xc4, 0x7b, - 0x59, 0x89, 0x03, 0x27, 0x2e, 0x7b, 0x42, 0xf5, 0xe8, 0xaa, 0xea, 0x1e, 0x1b, 0x3b, 0x99, 0x49, - 0x80, 0x5b, 0xf7, 0xf7, 0x7d, 0xfd, 0xfd, 0xbe, 0xfa, 0xea, 0xab, 0xef, 0x51, 0x0d, 0x5b, 0xed, - 0x80, 0x75, 0x06, 0xb7, 0xeb, 0x7e, 0xd4, 0x5f, 0xf3, 0x92, 0x76, 0x14, 0x27, 0xd1, 0x1d, 0xf1, - 0xf0, 0xbc, 0xdf, 0x5a, 0x8b, 0xbb, 0xed, 0x35, 0x2f, 0x0e, 0xe8, 0x9a, 0x17, 0xc7, 0xbd, 0xc0, - 0xf7, 0x58, 0x10, 0x85, 0x6b, 0xc3, 0xf3, 0x5e, 0x2f, 0xee, 0x78, 0xe7, 0xd7, 0xda, 0x24, 0x24, - 0x89, 0xc7, 0x48, 0xab, 0x1e, 0x27, 0x11, 0x8b, 0xd0, 0x27, 0x8d, 0xaa, 0x7a, 0xaa, 0x4a, 0x3c, - 0x7c, 0xd1, 0x6f, 0xd5, 0xe3, 0x6e, 0xbb, 0xce, 0x55, 0xd5, 0x2d, 0x55, 0xf5, 0x54, 0xd5, 0xd9, - 0xe7, 0x2d, 0x2b, 0xda, 0x51, 0x3b, 0x5a, 0x13, 0x1a, 0x6f, 0x0f, 0xf6, 0xc4, 0x9b, 0x78, 0x11, - 0x4f, 0x12, 0xe9, 0xec, 0xc7, 0xba, 0x97, 0x68, 0x3d, 0x88, 0xb8, 0x6d, 0x7d, 0xcf, 0xef, 0x04, - 0x21, 0x49, 0x46, 0xc6, 0xd8, 0x3e, 0x61, 0xde, 0xda, 0x70, 0xcc, 0xbe, 0xb3, 0x6b, 0x47, 0x7d, - 0x95, 0x0c, 0x42, 0x16, 0xf4, 0xc9, 0xd8, 0x07, 0x1f, 0x3f, 0xee, 0x03, 0xea, 0x77, 0x48, 0xdf, - 0x1b, 0xfb, 0xee, 0xa3, 0x47, 0x7d, 0x37, 0x60, 0x41, 0x6f, 0x2d, 0x08, 0x19, 0x65, 0x49, 0xfe, - 0x23, 0xf7, 0x2f, 0x0e, 0xc0, 0x7a, 0x1c, 0xef, 0x24, 0xd1, 0x1d, 0xe2, 0x33, 0xf4, 0x25, 0xa8, - 0xf0, 0x75, 0xb4, 0x3c, 0xe6, 0x2d, 0x39, 0xab, 0xce, 0xb9, 0xda, 0x85, 0x8f, 0xd4, 0xa5, 0xda, - 0xba, 0xad, 0xd6, 0xf8, 0x95, 0x4b, 0xd7, 0x87, 0xe7, 0xeb, 0xb7, 0x6e, 0xf3, 0xef, 0x6f, 0x10, - 0xe6, 0x35, 0xd0, 0xbd, 0xfd, 0x95, 0x53, 0x07, 0xfb, 0x2b, 0x60, 0x68, 0x58, 0x6b, 0x45, 0x5d, - 0x28, 0xd1, 0x98, 0xf8, 0x4b, 0x05, 0xa1, 0x7d, 0xab, 0xfe, 0xd0, 0xbb, 0x57, 0x37, 0x66, 0x37, - 0x63, 0xe2, 0x37, 0xe6, 0x14, 0x6c, 0x89, 0xbf, 0x61, 0x01, 0xe2, 0xbe, 0xed, 0xc0, 0x82, 0x11, - 0xbb, 0x1e, 0x50, 0x86, 0x5e, 0x19, 0x5b, 0x61, 0xfd, 0x64, 0x2b, 0xe4, 0x5f, 0x8b, 0xf5, 0x9d, - 0x56, 0x40, 0x95, 0x94, 0x62, 0xad, 0xee, 0x0e, 0x94, 0x03, 0x46, 0xfa, 0x74, 0xa9, 0xb0, 0x5a, - 0x3c, 0x57, 0xbb, 0x70, 0x79, 0x2a, 0xcb, 0x6b, 0xcc, 0x2b, 0xc4, 0xf2, 0x16, 0xd7, 0x8d, 0x25, - 0x84, 0xfb, 0xcf, 0x82, 0xbd, 0x38, 0xbe, 0x6a, 0x74, 0x1e, 0x6a, 0x34, 0x1a, 0x24, 0x3e, 0xc1, - 0x24, 0x8e, 0xe8, 0x92, 0xb3, 0x5a, 0x3c, 0x57, 0x6d, 0x2c, 0x1e, 0xec, 0xaf, 0xd4, 0x9a, 0x86, - 0x8c, 0x6d, 0x19, 0xf4, 0x1d, 0x07, 0xe6, 0x5a, 0x84, 0xb2, 0x20, 0x14, 0xf8, 0xa9, 0xe5, 0x9f, - 0x9b, 0xcc, 0xf2, 0x94, 0xb8, 0x69, 0x34, 0x37, 0x9e, 0x54, 0xab, 0x98, 0xb3, 0x88, 0x14, 0x67, - 0xc0, 0xd1, 0x45, 0xa8, 0xb5, 0x08, 0xf5, 0x93, 0x20, 0xe6, 0xef, 0x4b, 0xc5, 0x55, 0xe7, 0x5c, - 0xb5, 0xf1, 0x84, 0xfa, 0xb0, 0xb6, 0x69, 0x58, 0xd8, 0x96, 0x43, 0x5d, 0x28, 0x27, 0x51, 0x8f, - 0xd0, 0xa5, 0x92, 0x30, 0xfe, 0xca, 0x04, 0xc6, 0x2b, 0x77, 0xe2, 0xa8, 0x47, 0x8c, 0xdf, 0xf9, - 0x1b, 0xc5, 0x12, 0xc3, 0xfd, 0x7d, 0x11, 0x6a, 0xd6, 0x12, 0x1f, 0xc3, 0x99, 0xe9, 0x65, 0xce, - 0xcc, 0xb5, 0xe9, 0x6c, 0xcd, 0x51, 0x87, 0x06, 0x31, 0x98, 0xa1, 0xcc, 0x63, 0x03, 0x2a, 0xdc, - 0x5f, 0xbb, 0x70, 0x7d, 0x4a, 0x78, 0x42, 0x67, 0x63, 0x41, 0x21, 0xce, 0xc8, 0x77, 0xac, 0xb0, - 0xd0, 0x6b, 0x50, 0x8d, 0x62, 0x9e, 0x9a, 0xf8, 0xbe, 0x97, 0x04, 0xf0, 0xe6, 0x04, 0xc0, 0xb7, - 0x52, 0x5d, 0x8d, 0xf9, 0x83, 0xfd, 0x95, 0xaa, 0x7e, 0xc5, 0x06, 0xc5, 0xf5, 0xe1, 0x49, 0xcb, - 0xbe, 0x8d, 0x28, 0x6c, 0x05, 0x62, 0x43, 0x57, 0xa1, 0xc4, 0x46, 0x31, 0x11, 0x9b, 0x59, 0x35, - 0x2e, 0xda, 0x1d, 0xc5, 0x04, 0x0b, 0x0e, 0xfa, 0x10, 0xcc, 0xf6, 0x09, 0xa5, 0x5e, 0x9b, 0x88, - 0x3d, 0xa9, 0x36, 0x16, 0x95, 0xd0, 0xec, 0x0d, 0x49, 0xc6, 0x29, 0xdf, 0x7d, 0x0d, 0x9e, 0x3e, - 0xfc, 0x3c, 0xa0, 0x0f, 0xc0, 0x0c, 0x25, 0xc9, 0x90, 0x24, 0x0a, 0xc8, 0x78, 0x46, 0x50, 0xb1, - 0xe2, 0xa2, 0x35, 0xa8, 0x86, 0x5e, 0x9f, 0xd0, 0xd8, 0xf3, 0x53, 0xb8, 0x33, 0x4a, 0xb4, 0x7a, - 0x33, 0x65, 0x60, 0x23, 0xe3, 0xfe, 0xd5, 0x81, 0x45, 0x0b, 0xf3, 0x31, 0xa4, 0xbd, 0x6e, 0x36, - 0xed, 0x5d, 0x99, 0x4e, 0xc4, 0x1c, 0x91, 0xf7, 0x7e, 0x5b, 0x84, 0x33, 0x76, 0x5c, 0x89, 0x64, - 0xc6, 0xb7, 0x24, 0x21, 0x71, 0xf4, 0x22, 0xbe, 0xae, 0xdc, 0xa9, 0xb7, 0x04, 0x4b, 0x32, 0x4e, - 0xf9, 0x7c, 0x7f, 0x63, 0x8f, 0x75, 0x94, 0x2f, 0xf5, 0xfe, 0xee, 0x78, 0xac, 0x83, 0x05, 0x87, - 0xa7, 0x21, 0x12, 0x0e, 0x83, 0x24, 0x0a, 0xfb, 0x24, 0x64, 0xf9, 0x34, 0x74, 0xd9, 0xb0, 0xb0, - 0x2d, 0x87, 0x3e, 0x0b, 0x0b, 0xcc, 0x4b, 0xda, 0x84, 0x61, 0x32, 0x0c, 0x68, 0x1a, 0xc8, 0xd5, - 0xc6, 0xd3, 0xea, 0xcb, 0x85, 0xdd, 0x0c, 0x17, 0xe7, 0xa4, 0xd1, 0xaf, 0x1c, 0x78, 0xc6, 0x8f, - 0xfa, 0x71, 0x14, 0x92, 0x90, 0xed, 0x78, 0x89, 0xd7, 0x27, 0x8c, 0x24, 0xb7, 0x86, 0x24, 0x49, - 0x82, 0x16, 0xa1, 0x4b, 0x65, 0xe1, 0xdd, 0x1b, 0x13, 0x78, 0x77, 0x63, 0x4c, 0x7b, 0xe3, 0x59, - 0x65, 0xdc, 0x33, 0x1b, 0x47, 0x23, 0xe3, 0x7f, 0x67, 0x16, 0xaf, 0x3a, 0x43, 0xaf, 0x37, 0x20, - 0xf4, 0x4a, 0xc0, 0x73, 0xf0, 0x8c, 0xa9, 0x3a, 0x2f, 0x19, 0x32, 0xb6, 0x65, 0xdc, 0xdf, 0x14, - 0x32, 0x21, 0xda, 0x4c, 0xf3, 0x8e, 0xd8, 0x4b, 0x15, 0xa0, 0xd3, 0xca, 0x3b, 0x42, 0xa7, 0x75, - 0xba, 0x64, 0xf1, 0x53, 0x58, 0xe8, 0x9b, 0x8e, 0x28, 0x39, 0xe9, 0xa9, 0x54, 0x39, 0xf6, 0x11, - 0x94, 0x3f, 0xbb, 0x8a, 0xa5, 0x44, 0x6c, 0x43, 0xf3, 0x10, 0x8e, 0x65, 0xf5, 0x51, 0x11, 0xa7, - 0x43, 0x38, 0x2d, 0x4a, 0x29, 0xdf, 0xfd, 0xc9, 0x4c, 0xf6, 0x0c, 0xc8, 0x1c, 0xfa, 0x03, 0x07, - 0x4e, 0xf3, 0x8d, 0xf2, 0x92, 0x80, 0x46, 0x21, 0x26, 0x74, 0xd0, 0x63, 0xca, 0x99, 0xdb, 0x13, - 0x06, 0x8d, 0xad, 0xb2, 0xb1, 0xa4, 0xec, 0x3a, 0x9d, 0xe7, 0xe0, 0x31, 0x78, 0xc4, 0x60, 0xb6, - 0x13, 0x50, 0x16, 0x25, 0x23, 0x95, 0x1c, 0x26, 0x69, 0xf9, 0x36, 0x49, 0xdc, 0x8b, 0x46, 0xfc, - 0xac, 0x6d, 0x85, 0x7b, 0x91, 0xf1, 0xcf, 0x55, 0x89, 0x80, 0x53, 0x28, 0xf4, 0x35, 0x07, 0x20, - 0x4e, 0x23, 0x95, 0x17, 0xb2, 0x47, 0x70, 0x70, 0x74, 0xcd, 0xd6, 0x24, 0x8a, 0x2d, 0x50, 0x14, - 0xc1, 0x4c, 0x87, 0x78, 0x3d, 0xd6, 0x51, 0xe5, 0xec, 0x85, 0x09, 0xe0, 0xaf, 0x0a, 0x45, 0xf9, - 0x12, 0x2a, 0xa9, 0x58, 0xc1, 0xa0, 0x6f, 0x38, 0xb0, 0xa0, 0xab, 0x1b, 0x97, 0x25, 0x4b, 0xe5, - 0x89, 0xbb, 0xec, 0x5b, 0x19, 0x85, 0x0d, 0xc4, 0xd3, 0x58, 0x96, 0x86, 0x73, 0xa0, 0xe8, 0xeb, - 0x0e, 0x80, 0x9f, 0x56, 0x53, 0x99, 0x0f, 0x6a, 0x17, 0x6e, 0x4d, 0xe7, 0x44, 0xe9, 0x2a, 0x6d, - 0xdc, 0xaf, 0x49, 0x14, 0x5b, 0xb0, 0xee, 0x3b, 0x0e, 0x3c, 0x65, 0x7d, 0xf8, 0x79, 0x8f, 0xf9, - 0x9d, 0xcb, 0x43, 0x9e, 0xa6, 0xb7, 0x33, 0xf5, 0xfd, 0x13, 0x76, 0x7d, 0x7f, 0x6f, 0x7f, 0xe5, - 0x83, 0x47, 0x8d, 0x51, 0x77, 0xb9, 0x86, 0xba, 0x50, 0x61, 0xb5, 0x02, 0xaf, 0x43, 0xcd, 0xb2, - 0x59, 0xa5, 0x8f, 0x69, 0x15, 0x40, 0x9d, 0x33, 0x2c, 0x22, 0xb6, 0xf1, 0xdc, 0x3f, 0x15, 0x60, - 0x76, 0xa3, 0x37, 0xa0, 0x8c, 0x24, 0x27, 0x6e, 0x28, 0x56, 0xa1, 0xc4, 0x9b, 0x85, 0x7c, 0xfd, - 0xe3, 0xbd, 0x04, 0x16, 0x1c, 0x14, 0xc3, 0x8c, 0x1f, 0x85, 0x7b, 0x41, 0x5b, 0xb5, 0x80, 0x57, - 0x27, 0x39, 0x39, 0xd2, 0xba, 0x0d, 0xa1, 0xcf, 0xd8, 0x24, 0xdf, 0xb1, 0xc2, 0x41, 0xdf, 0x73, - 0x60, 0xd1, 0x8f, 0xc2, 0x90, 0xf8, 0x26, 0x78, 0x4b, 0x13, 0xb7, 0xbb, 0x1b, 0x59, 0x8d, 0x8d, - 0xff, 0x53, 0xe8, 0x8b, 0x39, 0x06, 0xce, 0x63, 0xbb, 0xbf, 0x2c, 0xc0, 0x7c, 0xc6, 0x72, 0xf4, - 0x1c, 0x54, 0x06, 0x94, 0x24, 0xc2, 0x73, 0xd2, 0xbf, 0xba, 0x23, 0x7a, 0x51, 0xd1, 0xb1, 0x96, - 0xe0, 0xd2, 0xb1, 0x47, 0xe9, 0xdd, 0x28, 0x69, 0x29, 0x3f, 0x6b, 0xe9, 0x1d, 0x45, 0xc7, 0x5a, - 0x82, 0xf7, 0x1b, 0xb7, 0x89, 0x97, 0x90, 0x64, 0x37, 0xea, 0x92, 0xb1, 0xb1, 0xa7, 0x61, 0x58, - 0xd8, 0x96, 0x13, 0x4e, 0x63, 0x3d, 0xba, 0xd1, 0x0b, 0x48, 0xc8, 0xa4, 0x99, 0x53, 0x70, 0xda, - 0xee, 0xf5, 0xa6, 0xad, 0xd1, 0x38, 0x2d, 0xc7, 0xc0, 0x79, 0x6c, 0xf7, 0x8f, 0x0e, 0xd4, 0x94, - 0xd3, 0x1e, 0x43, 0xd3, 0xd9, 0xce, 0x36, 0x9d, 0x8d, 0xc9, 0x63, 0xf4, 0x88, 0x86, 0xf3, 0xe7, - 0x45, 0x18, 0xab, 0x74, 0xe8, 0x55, 0x9e, 0xe3, 0x38, 0x8d, 0xb4, 0xd6, 0xd3, 0x22, 0xfb, 0xe1, - 0x93, 0xad, 0x6e, 0x37, 0xe8, 0x13, 0x3b, 0x7d, 0xa5, 0x5a, 0xb0, 0xa5, 0x11, 0xbd, 0xe1, 0x18, - 0x80, 0xdd, 0x48, 0xe5, 0x95, 0xe9, 0xb6, 0x44, 0x63, 0x26, 0xec, 0x46, 0xd8, 0xc2, 0x44, 0x9f, - 0xd2, 0x83, 0x60, 0x59, 0x04, 0xa4, 0x9b, 0x1d, 0xdd, 0xde, 0xcb, 0x34, 0x00, 0xb9, 0x71, 0x6e, - 0x04, 0xd5, 0x84, 0xc8, 0x16, 0x2b, 0xad, 0x00, 0x93, 0x24, 0x11, 0xac, 0x74, 0xc9, 0x63, 0xac, - 0xc7, 0x9f, 0x94, 0x4c, 0xb1, 0x41, 0x73, 0xbf, 0xeb, 0x00, 0x1a, 0x2f, 0xd7, 0x7c, 0x8c, 0xd2, - 0x4d, 0xac, 0x3a, 0xc0, 0x5a, 0x8f, 0x16, 0xc7, 0x46, 0xe6, 0x04, 0x69, 0xf2, 0x59, 0x28, 0x8b, - 0xa6, 0x56, 0x1d, 0x58, 0x1d, 0x3d, 0xa2, 0xed, 0xc5, 0x92, 0xe7, 0xfe, 0xce, 0x81, 0x7c, 0xba, - 0x11, 0x99, 0x5a, 0x7a, 0x36, 0x9f, 0xa9, 0xb3, 0x5e, 0x3c, 0xf9, 0x9c, 0x89, 0x5e, 0x81, 0x9a, - 0xc7, 0x18, 0xe9, 0xc7, 0x4c, 0x04, 0x64, 0xf1, 0x81, 0x03, 0x72, 0x81, 0x47, 0xc2, 0x8d, 0xa8, - 0x15, 0xec, 0x05, 0x22, 0x18, 0x6d, 0x75, 0xee, 0xbb, 0x45, 0x58, 0xc8, 0x36, 0x5f, 0x68, 0x00, - 0x33, 0xa2, 0xd9, 0x91, 0xd7, 0x4c, 0x53, 0xef, 0xae, 0xb4, 0x4b, 0x04, 0x89, 0x62, 0x05, 0xc6, - 0x13, 0x6b, 0x92, 0x4e, 0x57, 0xb9, 0xc4, 0xaa, 0xe7, 0x2a, 0x2d, 0x71, 0xec, 0x44, 0x55, 0xfc, - 0xef, 0x9c, 0xa8, 0x5e, 0x05, 0x68, 0x09, 0x6f, 0x8b, 0xbd, 0x2c, 0x3d, 0x7c, 0x72, 0xd9, 0xd4, - 0x5a, 0xb0, 0xa5, 0x11, 0x9d, 0x85, 0x42, 0xd0, 0x12, 0xa7, 0xba, 0xd8, 0x00, 0x25, 0x5b, 0xd8, - 0xda, 0xc4, 0x85, 0xa0, 0xe5, 0x52, 0x98, 0xb3, 0xbb, 0xcd, 0x13, 0xc7, 0xea, 0xa7, 0x61, 0x5e, - 0x3e, 0x6d, 0x12, 0xe6, 0x05, 0x3d, 0xaa, 0x76, 0xe7, 0x29, 0x25, 0x3e, 0xdf, 0xb4, 0x99, 0x38, - 0x2b, 0xeb, 0xfe, 0xb8, 0x00, 0x70, 0x35, 0x8a, 0xba, 0x0a, 0x33, 0x3d, 0x7a, 0xce, 0x91, 0x47, - 0x6f, 0x15, 0x4a, 0xdd, 0x20, 0x6c, 0xe5, 0x0f, 0xe7, 0x76, 0x10, 0xb6, 0xb0, 0xe0, 0xa0, 0x0b, - 0x00, 0x5e, 0x1c, 0xbc, 0x44, 0x12, 0x6a, 0x6e, 0x12, 0xb5, 0x5f, 0xd6, 0x77, 0xb6, 0x14, 0x07, - 0x5b, 0x52, 0xe8, 0x39, 0xd5, 0x19, 0xca, 0xb1, 0x7d, 0x29, 0xd7, 0x19, 0x56, 0xb8, 0x85, 0x56, - 0xeb, 0x77, 0x29, 0x97, 0x1f, 0x57, 0xc7, 0xf2, 0xa3, 0xe9, 0x94, 0x77, 0x3a, 0x1e, 0x25, 0x87, - 0x9d, 0xeb, 0x99, 0x63, 0xee, 0x8f, 0x02, 0xa8, 0x5c, 0xbb, 0xcb, 0x64, 0xbd, 0xe7, 0x29, 0x2c, - 0x21, 0x1e, 0xd3, 0x25, 0xa7, 0x68, 0xa5, 0xb0, 0x94, 0x81, 0x8d, 0x0c, 0x3f, 0x2c, 0xe4, 0xcb, - 0x71, 0x90, 0x90, 0x75, 0x26, 0x3c, 0x55, 0x34, 0x87, 0xe5, 0xb2, 0xa2, 0x63, 0x2d, 0xe1, 0xfe, - 0xdd, 0x01, 0x73, 0x51, 0x86, 0xf6, 0xa0, 0x44, 0x47, 0xa1, 0xaf, 0x4a, 0xdb, 0x24, 0xc9, 0xbb, - 0x39, 0x0a, 0x7d, 0x73, 0x1f, 0x57, 0x11, 0xd7, 0x8d, 0xa3, 0xd0, 0xc7, 0x42, 0x3f, 0x1a, 0x42, - 0x25, 0x89, 0x7a, 0xbd, 0xdb, 0x9e, 0xdf, 0x9d, 0x42, 0x95, 0xc3, 0x4a, 0x95, 0xc1, 0x9b, 0x13, - 0xa9, 0x41, 0x91, 0xb1, 0xc6, 0x72, 0x7f, 0x51, 0x86, 0xdc, 0x20, 0x83, 0x06, 0xf6, 0x1d, 0xa4, - 0x33, 0xc5, 0x3b, 0x48, 0xbd, 0x4b, 0x87, 0xdd, 0x43, 0xa2, 0x8b, 0x50, 0x8e, 0x79, 0x78, 0xa8, - 0x60, 0x5e, 0x49, 0xcb, 0x88, 0x88, 0x99, 0x43, 0xa2, 0x48, 0x4a, 0xdb, 0x41, 0x54, 0x3c, 0xa6, - 0x38, 0x7c, 0x15, 0x80, 0xfb, 0x5a, 0xdd, 0x08, 0xc8, 0x7c, 0x72, 0x73, 0x5a, 0x3b, 0xaa, 0x2e, - 0x05, 0x44, 0xfd, 0x68, 0x6a, 0x14, 0x6c, 0x21, 0xa2, 0x6f, 0x3b, 0xb0, 0x90, 0x3a, 0x5e, 0x19, - 0x51, 0x7e, 0x24, 0x46, 0x88, 0xf1, 0x14, 0x67, 0x90, 0x70, 0x0e, 0x19, 0x7d, 0x01, 0xaa, 0x94, - 0x79, 0x89, 0x3c, 0x45, 0x33, 0x0f, 0x9c, 0x5b, 0xf5, 0x5e, 0x36, 0x53, 0x25, 0xd8, 0xe8, 0x43, - 0x2f, 0x03, 0xec, 0x05, 0x61, 0x40, 0x3b, 0x42, 0xfb, 0xec, 0xc3, 0x55, 0xe1, 0x2b, 0x5a, 0x03, - 0xb6, 0xb4, 0xb9, 0x7f, 0x70, 0xa0, 0x66, 0xfd, 0x9e, 0x38, 0x41, 0x96, 0x3c, 0x07, 0x95, 0x38, - 0xea, 0x05, 0x7e, 0x40, 0x64, 0x97, 0x5c, 0x95, 0xa7, 0x61, 0x47, 0xd1, 0xb0, 0xe6, 0x22, 0x06, - 0xd5, 0x3b, 0x2a, 0xcd, 0xa4, 0x55, 0x71, 0x63, 0x82, 0xbd, 0x49, 0x53, 0x96, 0xf1, 0x56, 0x4a, - 0xa1, 0xd8, 0x00, 0xb9, 0x7f, 0x2e, 0x00, 0x88, 0xdf, 0x50, 0x81, 0xb8, 0xb5, 0x59, 0x85, 0x52, - 0x42, 0xe2, 0x28, 0xbf, 0x20, 0x2e, 0x81, 0x05, 0x27, 0x33, 0x84, 0x15, 0x1e, 0x68, 0x08, 0x2b, - 0x1e, 0x3b, 0x84, 0xf1, 0x02, 0x46, 0x3b, 0x3b, 0x49, 0x30, 0xf4, 0x18, 0xd9, 0x26, 0x23, 0x55, - 0x05, 0x4c, 0x01, 0x6b, 0x5e, 0x35, 0x4c, 0x9c, 0x95, 0x3d, 0x74, 0x7e, 0x2d, 0xff, 0x07, 0xe7, - 0xd7, 0xb7, 0x1d, 0x58, 0x30, 0x9e, 0xfd, 0xdf, 0xfa, 0xf3, 0x69, 0xec, 0x3e, 0x62, 0x20, 0xfb, - 0x87, 0x03, 0x8b, 0x69, 0xeb, 0xaf, 0x3a, 0x88, 0xa9, 0xb4, 0x0c, 0x99, 0x3f, 0x2d, 0xc5, 0xe3, - 0xff, 0xb4, 0xd8, 0x29, 0xb8, 0x74, 0x4c, 0x0a, 0xfe, 0x4c, 0xae, 0x59, 0x78, 0xdf, 0x58, 0xb3, - 0x80, 0xf4, 0x90, 0x33, 0x0a, 0xfd, 0x6c, 0x73, 0xe5, 0xfe, 0xcc, 0x81, 0xb9, 0x94, 0x7d, 0x33, - 0x6a, 0x89, 0xd1, 0x83, 0x8a, 0x20, 0x73, 0xb2, 0xa3, 0x87, 0x0c, 0x07, 0xc9, 0x43, 0x03, 0xa8, - 0xf8, 0x9d, 0xa0, 0xd7, 0x4a, 0x48, 0xa8, 0xb6, 0xe5, 0x85, 0x29, 0xcc, 0x60, 0x1c, 0xdf, 0x84, - 0xc2, 0x86, 0x02, 0xc0, 0x1a, 0xca, 0xfd, 0x75, 0x11, 0xe6, 0x33, 0x03, 0x1b, 0xba, 0x08, 0x35, - 0xf9, 0xab, 0xa3, 0x69, 0xd9, 0xac, 0xef, 0x37, 0x76, 0x0d, 0x0b, 0xdb, 0x72, 0x7c, 0x3f, 0x7a, - 0xc1, 0x50, 0xea, 0xc8, 0xff, 0xf9, 0xba, 0x9e, 0x32, 0xb0, 0x91, 0xb1, 0x26, 0xd6, 0xe2, 0x03, - 0x4f, 0xac, 0x3f, 0x74, 0x00, 0x89, 0x25, 0x70, 0xcd, 0x7a, 0xb0, 0x54, 0x7f, 0x94, 0xa7, 0xe6, - 0xb7, 0xb3, 0xca, 0x22, 0xb4, 0x31, 0x06, 0x85, 0x0f, 0x81, 0xb7, 0x2e, 0x91, 0xcb, 0x8f, 0xe5, - 0x12, 0xd9, 0xfd, 0x0a, 0x9c, 0x19, 0xeb, 0xa1, 0xd4, 0xbc, 0xe0, 0x1c, 0x36, 0x2f, 0xf0, 0x48, - 0x8c, 0x93, 0x41, 0x28, 0x37, 0xa8, 0x62, 0x22, 0x71, 0x87, 0x13, 0xb1, 0xe4, 0xf1, 0x21, 0xa2, - 0x95, 0x8c, 0xf0, 0x40, 0x36, 0xe2, 0x15, 0x83, 0xbe, 0x29, 0xa8, 0x58, 0x71, 0xdd, 0x6f, 0x15, - 0x60, 0x3e, 0x53, 0xd7, 0x33, 0xf3, 0x9e, 0x73, 0xec, 0xbc, 0x37, 0x4d, 0x63, 0xd0, 0xeb, 0x30, - 0x47, 0xc5, 0x51, 0x4c, 0x3c, 0x46, 0xda, 0xa3, 0x29, 0x5c, 0xe3, 0x37, 0x2d, 0x75, 0x8d, 0xd3, - 0x07, 0xfb, 0x2b, 0x73, 0x36, 0x05, 0x67, 0xe0, 0xdc, 0x9f, 0x16, 0xe0, 0x89, 0x43, 0x7a, 0x1c, - 0x74, 0xd7, 0xbe, 0x5a, 0x91, 0xb3, 0xf7, 0xb5, 0x29, 0x84, 0xa7, 0x4a, 0xa4, 0xf2, 0x7f, 0xf9, - 0x61, 0x17, 0x2b, 0x0f, 0x38, 0x7a, 0xef, 0x41, 0xb9, 0x13, 0x45, 0xdd, 0xb4, 0x9b, 0x98, 0xa4, - 0x20, 0x98, 0xc9, 0xb0, 0x51, 0xe5, 0xbb, 0xc9, 0xdf, 0x29, 0x96, 0xea, 0xdd, 0x77, 0x1d, 0xc8, - 0x78, 0x11, 0xf5, 0xa1, 0xcc, 0xb5, 0x8c, 0xa6, 0xf0, 0x1b, 0xd1, 0xd6, 0xbb, 0xce, 0x75, 0x4a, - 0x7c, 0xf1, 0x88, 0x25, 0x0a, 0x0a, 0xa0, 0xc4, 0x0d, 0x51, 0xb3, 0xcb, 0xf6, 0x94, 0xd0, 0xf8, - 0x12, 0xe5, 0xa8, 0xc4, 0x9f, 0xb0, 0x80, 0x70, 0x2f, 0xc1, 0x99, 0x31, 0x8b, 0x78, 0xc8, 0xef, - 0x45, 0xe9, 0x5f, 0x53, 0x2b, 0xe4, 0xaf, 0x70, 0x22, 0x96, 0x3c, 0x5e, 0x3f, 0x4e, 0xe7, 0xd5, - 0xa3, 0x1f, 0x39, 0x70, 0x86, 0xe6, 0xf5, 0x3d, 0x12, 0xaf, 0xfd, 0xbf, 0x32, 0x6a, 0xdc, 0x7c, - 0x3c, 0x6e, 0x01, 0xdf, 0xd1, 0xfc, 0x5d, 0x33, 0x8f, 0xbd, 0x20, 0xa4, 0xc4, 0x1f, 0x24, 0xe9, - 0x42, 0x75, 0xec, 0x6d, 0x29, 0x3a, 0xd6, 0x12, 0x7c, 0xf6, 0x97, 0xff, 0x3a, 0x6e, 0x9a, 0x46, - 0x51, 0xcf, 0xfe, 0x4d, 0xcd, 0xc1, 0x96, 0x14, 0xef, 0x95, 0x7d, 0x92, 0xb0, 0x4d, 0xde, 0x1e, - 0xf1, 0xbc, 0x30, 0x27, 0x7b, 0xe5, 0x0d, 0x45, 0xc3, 0x9a, 0x8b, 0xde, 0x0f, 0xb3, 0x5d, 0x32, - 0x12, 0x82, 0x25, 0x21, 0x58, 0xe3, 0x15, 0x7f, 0x5b, 0x92, 0x70, 0xca, 0x43, 0x2e, 0xcc, 0xf8, - 0x9e, 0x90, 0x2a, 0x0b, 0x29, 0x10, 0xbf, 0x3d, 0xd6, 0x85, 0x90, 0xe2, 0x34, 0xea, 0xf7, 0xee, - 0x2f, 0x9f, 0x7a, 0xf3, 0xfe, 0xf2, 0xa9, 0xb7, 0xee, 0x2f, 0x9f, 0x7a, 0xe3, 0x60, 0xd9, 0xb9, - 0x77, 0xb0, 0xec, 0xbc, 0x79, 0xb0, 0xec, 0xbc, 0x75, 0xb0, 0xec, 0xfc, 0xed, 0x60, 0xd9, 0xf9, - 0xfe, 0x3b, 0xcb, 0xa7, 0x5e, 0xae, 0xa4, 0xae, 0xfd, 0x57, 0x00, 0x00, 0x00, 0xff, 0xff, 0x99, - 0x62, 0x42, 0x3c, 0x38, 0x29, 0x00, 0x00, + // 2565 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xd4, 0x59, 0x4b, 0x8c, 0x1c, 0x47, + 0x19, 0x76, 0xcf, 0x63, 0x77, 0xe6, 0x9f, 0x7d, 0xd8, 0x95, 0x07, 0x8b, 0x23, 0xed, 0xae, 0x3a, + 0x3c, 0x0c, 0x4a, 0x66, 0xb0, 0xc1, 0x60, 0x1e, 0x42, 0xf2, 0xcc, 0xda, 0xf1, 0x7a, 0xfd, 0x58, + 0x6a, 0x36, 0x89, 0x14, 0xa2, 0x40, 0xbb, 0xa7, 0x76, 0xa6, 0x3c, 0x33, 0xdd, 0x9d, 0xae, 0x9e, + 0xb1, 0x47, 0x22, 0x28, 0x08, 0x21, 0xf1, 0x94, 0x40, 0x08, 0x71, 0xe5, 0xc0, 0x09, 0x21, 0x21, + 0x21, 0x4e, 0x48, 0x1c, 0xe0, 0x80, 0x7c, 0xcc, 0x01, 0x44, 0x14, 0xd0, 0x0a, 0x6f, 0x2e, 0x91, + 0x38, 0x70, 0xe2, 0x92, 0x13, 0xaa, 0x47, 0x77, 0x55, 0xf7, 0xec, 0xb2, 0x6b, 0x4f, 0xdb, 0xc0, + 0xad, 0xfb, 0xff, 0xff, 0xfe, 0xbf, 0xbf, 0xfe, 0xfa, 0xeb, 0x7f, 0x54, 0xc3, 0x66, 0x97, 0x46, + 0xbd, 0xd1, 0xad, 0xba, 0xeb, 0x0f, 0x1b, 0x4e, 0xd8, 0xf5, 0x83, 0xd0, 0xbf, 0x2d, 0x1e, 0x9e, + 0x77, 0x3b, 0x8d, 0xa0, 0xdf, 0x6d, 0x38, 0x01, 0x65, 0x0d, 0x27, 0x08, 0x06, 0xd4, 0x75, 0x22, + 0xea, 0x7b, 0x8d, 0xf1, 0x59, 0x67, 0x10, 0xf4, 0x9c, 0xb3, 0x8d, 0x2e, 0xf1, 0x48, 0xe8, 0x44, + 0xa4, 0x53, 0x0f, 0x42, 0x3f, 0xf2, 0xd1, 0x67, 0xb5, 0xaa, 0x7a, 0xac, 0x4a, 0x3c, 0x7c, 0xc5, + 0xed, 0xd4, 0x83, 0x7e, 0xb7, 0xce, 0x55, 0xd5, 0x0d, 0x55, 0xf5, 0x58, 0xd5, 0xe9, 0xe7, 0x0d, + 0x2b, 0xba, 0x7e, 0xd7, 0x6f, 0x08, 0x8d, 0xb7, 0x46, 0xbb, 0xe2, 0x4d, 0xbc, 0x88, 0x27, 0x89, + 0x74, 0xfa, 0x53, 0xfd, 0x0b, 0xac, 0x4e, 0x7d, 0x6e, 0xdb, 0xd0, 0x71, 0x7b, 0xd4, 0x23, 0xe1, + 0x44, 0x1b, 0x3b, 0x24, 0x91, 0xd3, 0x18, 0x4f, 0xd9, 0x77, 0xba, 0x71, 0xd8, 0x57, 0xe1, 0xc8, + 0x8b, 0xe8, 0x90, 0x4c, 0x7d, 0xf0, 0xe9, 0xa3, 0x3e, 0x60, 0x6e, 0x8f, 0x0c, 0x9d, 0xa9, 0xef, + 0x3e, 0x79, 0xd8, 0x77, 0xa3, 0x88, 0x0e, 0x1a, 0xd4, 0x8b, 0x58, 0x14, 0x66, 0x3f, 0xb2, 0xff, + 0x6a, 0x01, 0x5c, 0x0c, 0x82, 0xed, 0xd0, 0xbf, 0x4d, 0xdc, 0x08, 0x7d, 0x15, 0x2a, 0x7c, 0x1d, + 0x1d, 0x27, 0x72, 0x56, 0xac, 0x75, 0xeb, 0x4c, 0xed, 0xdc, 0x27, 0xea, 0x52, 0x6d, 0xdd, 0x54, + 0xab, 0xfd, 0xca, 0xa5, 0xeb, 0xe3, 0xb3, 0xf5, 0x9b, 0xb7, 0xf8, 0xf7, 0xd7, 0x49, 0xe4, 0x34, + 0xd1, 0xbd, 0xbd, 0xb5, 0x13, 0xfb, 0x7b, 0x6b, 0xa0, 0x69, 0x38, 0xd1, 0x8a, 0xfa, 0x50, 0x62, + 0x01, 0x71, 0x57, 0x0a, 0x42, 0xfb, 0x66, 0xfd, 0xa1, 0x77, 0xaf, 0xae, 0xcd, 0x6e, 0x07, 0xc4, + 0x6d, 0x2e, 0x28, 0xd8, 0x12, 0x7f, 0xc3, 0x02, 0xc4, 0x7e, 0xc7, 0x82, 0x25, 0x2d, 0x76, 0x8d, + 0xb2, 0x08, 0xbd, 0x3a, 0xb5, 0xc2, 0xfa, 0xf1, 0x56, 0xc8, 0xbf, 0x16, 0xeb, 0x3b, 0xa9, 0x80, + 0x2a, 0x31, 0xc5, 0x58, 0xdd, 0x6d, 0x28, 0xd3, 0x88, 0x0c, 0xd9, 0x4a, 0x61, 0xbd, 0x78, 0xa6, + 0x76, 0xee, 0x52, 0x2e, 0xcb, 0x6b, 0x2e, 0x2a, 0xc4, 0xf2, 0x26, 0xd7, 0x8d, 0x25, 0x84, 0xfd, + 0xaf, 0x82, 0xb9, 0x38, 0xbe, 0x6a, 0x74, 0x16, 0x6a, 0xcc, 0x1f, 0x85, 0x2e, 0xc1, 0x24, 0xf0, + 0xd9, 0x8a, 0xb5, 0x5e, 0x3c, 0x53, 0x6d, 0x2e, 0xef, 0xef, 0xad, 0xd5, 0xda, 0x9a, 0x8c, 0x4d, + 0x19, 0xf4, 0x3d, 0x0b, 0x16, 0x3a, 0x84, 0x45, 0xd4, 0x13, 0xf8, 0xb1, 0xe5, 0x5f, 0x9a, 0xcd, + 0xf2, 0x98, 0xb8, 0xa1, 0x35, 0x37, 0x9f, 0x54, 0xab, 0x58, 0x30, 0x88, 0x0c, 0xa7, 0xc0, 0xd1, + 0x79, 0xa8, 0x75, 0x08, 0x73, 0x43, 0x1a, 0xf0, 0xf7, 0x95, 0xe2, 0xba, 0x75, 0xa6, 0xda, 0x7c, + 0x42, 0x7d, 0x58, 0xdb, 0xd0, 0x2c, 0x6c, 0xca, 0xa1, 0x3e, 0x94, 0x43, 0x7f, 0x40, 0xd8, 0x4a, + 0x49, 0x18, 0x7f, 0x79, 0x06, 0xe3, 0x95, 0x3b, 0xb1, 0x3f, 0x20, 0xda, 0xef, 0xfc, 0x8d, 0x61, + 0x89, 0x61, 0xff, 0xb1, 0x08, 0x35, 0x63, 0x89, 0x8f, 0xe1, 0xcc, 0x0c, 0x52, 0x67, 0xe6, 0x6a, + 0x3e, 0x5b, 0x73, 0xd8, 0xa1, 0x41, 0x11, 0xcc, 0xb1, 0xc8, 0x89, 0x46, 0x4c, 0xb8, 0xbf, 0x76, + 0xee, 0x5a, 0x4e, 0x78, 0x42, 0x67, 0x73, 0x49, 0x21, 0xce, 0xc9, 0x77, 0xac, 0xb0, 0xd0, 0xeb, + 0x50, 0xf5, 0x03, 0x9e, 0x9a, 0xf8, 0xbe, 0x97, 0x04, 0xf0, 0xc6, 0x0c, 0xc0, 0x37, 0x63, 0x5d, + 0xcd, 0xc5, 0xfd, 0xbd, 0xb5, 0x6a, 0xf2, 0x8a, 0x35, 0x8a, 0xed, 0xc2, 0x93, 0x86, 0x7d, 0x2d, + 0xdf, 0xeb, 0x50, 0xb1, 0xa1, 0xeb, 0x50, 0x8a, 0x26, 0x01, 0x11, 0x9b, 0x59, 0xd5, 0x2e, 0xda, + 0x99, 0x04, 0x04, 0x0b, 0x0e, 0xfa, 0x18, 0xcc, 0x0f, 0x09, 0x63, 0x4e, 0x97, 0x88, 0x3d, 0xa9, + 0x36, 0x97, 0x95, 0xd0, 0xfc, 0x75, 0x49, 0xc6, 0x31, 0xdf, 0x7e, 0x1d, 0x9e, 0x3e, 0xf8, 0x3c, + 0xa0, 0x8f, 0xc0, 0x1c, 0x23, 0xe1, 0x98, 0x84, 0x0a, 0x48, 0x7b, 0x46, 0x50, 0xb1, 0xe2, 0xa2, + 0x06, 0x54, 0x3d, 0x67, 0x48, 0x58, 0xe0, 0xb8, 0x31, 0xdc, 0x29, 0x25, 0x5a, 0xbd, 0x11, 0x33, + 0xb0, 0x96, 0xb1, 0xff, 0x66, 0xc1, 0xb2, 0x81, 0xf9, 0x18, 0xd2, 0x5e, 0x3f, 0x9d, 0xf6, 0x2e, + 0xe7, 0x13, 0x31, 0x87, 0xe4, 0xbd, 0xdf, 0x17, 0xe1, 0x94, 0x19, 0x57, 0x22, 0x99, 0xf1, 0x2d, + 0x09, 0x49, 0xe0, 0xbf, 0x88, 0xaf, 0x29, 0x77, 0x26, 0x5b, 0x82, 0x25, 0x19, 0xc7, 0x7c, 0xbe, + 0xbf, 0x81, 0x13, 0xf5, 0x94, 0x2f, 0x93, 0xfd, 0xdd, 0x76, 0xa2, 0x1e, 0x16, 0x1c, 0x9e, 0x86, + 0x88, 0x37, 0xa6, 0xa1, 0xef, 0x0d, 0x89, 0x17, 0x65, 0xd3, 0xd0, 0x25, 0xcd, 0xc2, 0xa6, 0x1c, + 0xfa, 0x22, 0x2c, 0x45, 0x4e, 0xd8, 0x25, 0x11, 0x26, 0x63, 0xca, 0xe2, 0x40, 0xae, 0x36, 0x9f, + 0x56, 0x5f, 0x2e, 0xed, 0xa4, 0xb8, 0x38, 0x23, 0x8d, 0x7e, 0x63, 0xc1, 0x33, 0xae, 0x3f, 0x0c, + 0x7c, 0x8f, 0x78, 0xd1, 0xb6, 0x13, 0x3a, 0x43, 0x12, 0x91, 0xf0, 0xe6, 0x98, 0x84, 0x21, 0xed, + 0x10, 0xb6, 0x52, 0x16, 0xde, 0xbd, 0x3e, 0x83, 0x77, 0x5b, 0x53, 0xda, 0x9b, 0xcf, 0x2a, 0xe3, + 0x9e, 0x69, 0x1d, 0x8e, 0x8c, 0xff, 0x93, 0x59, 0xbc, 0xea, 0x8c, 0x9d, 0xc1, 0x88, 0xb0, 0xcb, + 0x94, 0xe7, 0xe0, 0x39, 0x5d, 0x75, 0x5e, 0xd2, 0x64, 0x6c, 0xca, 0xd8, 0xbf, 0x2b, 0xa4, 0x42, + 0xb4, 0x1d, 0xe7, 0x1d, 0xb1, 0x97, 0x2a, 0x40, 0xf3, 0xca, 0x3b, 0x42, 0xa7, 0x71, 0xba, 0x64, + 0xf1, 0x53, 0x58, 0xe8, 0xdb, 0x96, 0x28, 0x39, 0xf1, 0xa9, 0x54, 0x39, 0xf6, 0x11, 0x94, 0x3f, + 0xb3, 0x8a, 0xc5, 0x44, 0x6c, 0x42, 0xf3, 0x10, 0x0e, 0x64, 0xf5, 0x51, 0x11, 0x97, 0x84, 0x70, + 0x5c, 0x94, 0x62, 0xbe, 0xfd, 0xb3, 0xb9, 0xf4, 0x19, 0x90, 0x39, 0xf4, 0x47, 0x16, 0x9c, 0xe4, + 0x1b, 0xe5, 0x84, 0x94, 0xf9, 0x1e, 0x26, 0x6c, 0x34, 0x88, 0x94, 0x33, 0xb7, 0x66, 0x0c, 0x1a, + 0x53, 0x65, 0x73, 0x45, 0xd9, 0x75, 0x32, 0xcb, 0xc1, 0x53, 0xf0, 0x28, 0x82, 0xf9, 0x1e, 0x65, + 0x91, 0x1f, 0x4e, 0x54, 0x72, 0x98, 0xa5, 0xe5, 0xdb, 0x20, 0xc1, 0xc0, 0x9f, 0xf0, 0xb3, 0xb6, + 0xe9, 0xed, 0xfa, 0xda, 0x3f, 0x57, 0x24, 0x02, 0x8e, 0xa1, 0xd0, 0x37, 0x2c, 0x80, 0x20, 0x8e, + 0x54, 0x5e, 0xc8, 0x1e, 0xc1, 0xc1, 0x49, 0x6a, 0x76, 0x42, 0x62, 0xd8, 0x00, 0x45, 0x3e, 0xcc, + 0xf5, 0x88, 0x33, 0x88, 0x7a, 0xaa, 0x9c, 0xbd, 0x30, 0x03, 0xfc, 0x15, 0xa1, 0x28, 0x5b, 0x42, + 0x25, 0x15, 0x2b, 0x18, 0xf4, 0x2d, 0x0b, 0x96, 0x92, 0xea, 0xc6, 0x65, 0xc9, 0x4a, 0x79, 0xe6, + 0x2e, 0xfb, 0x66, 0x4a, 0x61, 0x13, 0xf1, 0x34, 0x96, 0xa6, 0xe1, 0x0c, 0x28, 0xfa, 0xa6, 0x05, + 0xe0, 0xc6, 0xd5, 0x54, 0xe6, 0x83, 0xda, 0xb9, 0x9b, 0xf9, 0x9c, 0xa8, 0xa4, 0x4a, 0x6b, 0xf7, + 0x27, 0x24, 0x86, 0x0d, 0x58, 0xfb, 0x5d, 0x0b, 0x9e, 0x32, 0x3e, 0x7c, 0xd9, 0x89, 0xdc, 0xde, + 0xa5, 0x31, 0x4f, 0xd3, 0x5b, 0xa9, 0xfa, 0xfe, 0x19, 0xb3, 0xbe, 0xbf, 0xbf, 0xb7, 0xf6, 0xd1, + 0xc3, 0xc6, 0xa8, 0x3b, 0x5c, 0x43, 0x5d, 0xa8, 0x30, 0x5a, 0x81, 0x37, 0xa0, 0x66, 0xd8, 0xac, + 0xd2, 0x47, 0x5e, 0x05, 0x30, 0xc9, 0x19, 0x06, 0x11, 0x9b, 0x78, 0xf6, 0x9f, 0x0b, 0x30, 0xdf, + 0x1a, 0x8c, 0x58, 0x44, 0xc2, 0x63, 0x37, 0x14, 0xeb, 0x50, 0xe2, 0xcd, 0x42, 0xb6, 0xfe, 0xf1, + 0x5e, 0x02, 0x0b, 0x0e, 0x0a, 0x60, 0xce, 0xf5, 0xbd, 0x5d, 0xda, 0x55, 0x2d, 0xe0, 0x95, 0x59, + 0x4e, 0x8e, 0xb4, 0xae, 0x25, 0xf4, 0x69, 0x9b, 0xe4, 0x3b, 0x56, 0x38, 0xe8, 0x07, 0x16, 0x2c, + 0xbb, 0xbe, 0xe7, 0x11, 0x57, 0x07, 0x6f, 0x69, 0xe6, 0x76, 0xb7, 0x95, 0xd6, 0xd8, 0xfc, 0x80, + 0x42, 0x5f, 0xce, 0x30, 0x70, 0x16, 0xdb, 0xfe, 0x75, 0x01, 0x16, 0x53, 0x96, 0xa3, 0xe7, 0xa0, + 0x32, 0x62, 0x24, 0x14, 0x9e, 0x93, 0xfe, 0x4d, 0x3a, 0xa2, 0x17, 0x15, 0x1d, 0x27, 0x12, 0x5c, + 0x3a, 0x70, 0x18, 0xbb, 0xe3, 0x87, 0x1d, 0xe5, 0xe7, 0x44, 0x7a, 0x5b, 0xd1, 0x71, 0x22, 0xc1, + 0xfb, 0x8d, 0x5b, 0xc4, 0x09, 0x49, 0xb8, 0xe3, 0xf7, 0xc9, 0xd4, 0xd8, 0xd3, 0xd4, 0x2c, 0x6c, + 0xca, 0x09, 0xa7, 0x45, 0x03, 0xd6, 0x1a, 0x50, 0xe2, 0x45, 0xd2, 0xcc, 0x1c, 0x9c, 0xb6, 0x73, + 0xad, 0x6d, 0x6a, 0xd4, 0x4e, 0xcb, 0x30, 0x70, 0x16, 0xdb, 0xfe, 0x93, 0x05, 0x35, 0xe5, 0xb4, + 0xc7, 0xd0, 0x74, 0x76, 0xd3, 0x4d, 0x67, 0x73, 0xf6, 0x18, 0x3d, 0xa4, 0xe1, 0xfc, 0x65, 0x11, + 0xa6, 0x2a, 0x1d, 0x7a, 0x8d, 0xe7, 0x38, 0x4e, 0x23, 0x9d, 0x8b, 0x71, 0x91, 0xfd, 0xf8, 0xf1, + 0x56, 0xb7, 0x43, 0x87, 0xc4, 0x4c, 0x5f, 0xb1, 0x16, 0x6c, 0x68, 0x44, 0x6f, 0x5a, 0x1a, 0x60, + 0xc7, 0x57, 0x79, 0x25, 0xdf, 0x96, 0x68, 0xca, 0x84, 0x1d, 0x1f, 0x1b, 0x98, 0xe8, 0x73, 0xc9, + 0x20, 0x58, 0x16, 0x01, 0x69, 0xa7, 0x47, 0xb7, 0xf7, 0x53, 0x0d, 0x40, 0x66, 0x9c, 0x9b, 0x40, + 0x35, 0x24, 0xb2, 0xc5, 0x8a, 0x2b, 0xc0, 0x2c, 0x49, 0x04, 0x2b, 0x5d, 0xf2, 0x18, 0x27, 0xe3, + 0x4f, 0x4c, 0x66, 0x58, 0xa3, 0xd9, 0xdf, 0xb7, 0x00, 0x4d, 0x97, 0x6b, 0x3e, 0x46, 0x25, 0x4d, + 0xac, 0x3a, 0xc0, 0x89, 0x9e, 0x44, 0x1c, 0x6b, 0x99, 0x63, 0xa4, 0xc9, 0x67, 0xa1, 0x2c, 0x9a, + 0x5a, 0x75, 0x60, 0x93, 0xe8, 0x11, 0x6d, 0x2f, 0x96, 0x3c, 0xfb, 0x0f, 0x16, 0x64, 0xd3, 0x8d, + 0xc8, 0xd4, 0xd2, 0xb3, 0xd9, 0x4c, 0x9d, 0xf6, 0xe2, 0xf1, 0xe7, 0x4c, 0xf4, 0x2a, 0xd4, 0x9c, + 0x28, 0x22, 0xc3, 0x20, 0x12, 0x01, 0x59, 0x7c, 0xe0, 0x80, 0x5c, 0xe2, 0x91, 0x70, 0xdd, 0xef, + 0xd0, 0x5d, 0x2a, 0x82, 0xd1, 0x54, 0x67, 0xbf, 0x57, 0x84, 0xa5, 0x74, 0xf3, 0x85, 0x46, 0x30, + 0x27, 0x9a, 0x1d, 0x79, 0xcd, 0x94, 0x7b, 0x77, 0x95, 0xb8, 0x44, 0x90, 0x18, 0x56, 0x60, 0x3c, + 0xb1, 0x86, 0xf1, 0x74, 0x95, 0x49, 0xac, 0xc9, 0x5c, 0x95, 0x48, 0x1c, 0x39, 0x51, 0x15, 0xff, + 0x37, 0x27, 0xaa, 0xd7, 0x00, 0x3a, 0xc2, 0xdb, 0x62, 0x2f, 0x4b, 0x0f, 0x9f, 0x5c, 0x36, 0x12, + 0x2d, 0xd8, 0xd0, 0x88, 0x4e, 0x43, 0x81, 0x76, 0xc4, 0xa9, 0x2e, 0x36, 0x41, 0xc9, 0x16, 0x36, + 0x37, 0x70, 0x81, 0x76, 0x6c, 0x06, 0x0b, 0x66, 0xb7, 0x79, 0xec, 0x58, 0xfd, 0x3c, 0x2c, 0xca, + 0xa7, 0x0d, 0x12, 0x39, 0x74, 0xc0, 0xd4, 0xee, 0x3c, 0xa5, 0xc4, 0x17, 0xdb, 0x26, 0x13, 0xa7, + 0x65, 0xed, 0x9f, 0x16, 0x00, 0xae, 0xf8, 0x7e, 0x5f, 0x61, 0xc6, 0x47, 0xcf, 0x3a, 0xf4, 0xe8, + 0xad, 0x43, 0xa9, 0x4f, 0xbd, 0x4e, 0xf6, 0x70, 0x6e, 0x51, 0xaf, 0x83, 0x05, 0x07, 0x9d, 0x03, + 0x70, 0x02, 0xfa, 0x12, 0x09, 0x99, 0xbe, 0x49, 0x4c, 0xfc, 0x72, 0x71, 0x7b, 0x53, 0x71, 0xb0, + 0x21, 0x85, 0x9e, 0x53, 0x9d, 0xa1, 0x1c, 0xdb, 0x57, 0x32, 0x9d, 0x61, 0x85, 0x5b, 0x68, 0xb4, + 0x7e, 0x17, 0x32, 0xf9, 0x71, 0x7d, 0x2a, 0x3f, 0xea, 0x4e, 0x79, 0xbb, 0xe7, 0x30, 0x72, 0xd0, + 0xb9, 0x9e, 0x3b, 0xe2, 0xfe, 0xa8, 0x0d, 0x95, 0xab, 0x2f, 0xef, 0xc8, 0x7a, 0x6f, 0x43, 0x91, + 0x3a, 0x32, 0x79, 0x15, 0x75, 0xd8, 0x6f, 0x32, 0x36, 0x12, 0x3b, 0xcc, 0x99, 0xe8, 0x59, 0x28, + 0x92, 0xbb, 0x81, 0xf0, 0x4b, 0x51, 0x27, 0xb8, 0x4b, 0x77, 0x03, 0x1a, 0x12, 0xc6, 0x85, 0xc8, + 0xdd, 0xc0, 0xfe, 0x87, 0x05, 0xfa, 0x4a, 0x0c, 0xed, 0x42, 0x89, 0x4d, 0x3c, 0x57, 0x15, 0xb1, + 0x59, 0xd2, 0x74, 0x7b, 0xe2, 0xb9, 0xfa, 0xe6, 0xad, 0x22, 0x2e, 0x16, 0x27, 0x9e, 0x8b, 0x85, + 0x7e, 0x34, 0x86, 0x4a, 0xe8, 0x0f, 0x06, 0xb7, 0x1c, 0xb7, 0x9f, 0x43, 0x3d, 0xc3, 0x4a, 0x95, + 0xc6, 0x5b, 0x10, 0x49, 0x40, 0x91, 0x71, 0x82, 0x65, 0xff, 0xaa, 0x0c, 0x99, 0x91, 0x05, 0x8d, + 0xcc, 0xdb, 0x46, 0x2b, 0xc7, 0xdb, 0xc6, 0xc4, 0xe3, 0x07, 0xdd, 0x38, 0xa2, 0xf3, 0x50, 0x0e, + 0x78, 0x20, 0xa8, 0xb0, 0x5d, 0x8b, 0x0b, 0x86, 0x88, 0x8e, 0x03, 0xe2, 0x45, 0x4a, 0x9b, 0xe1, + 0x52, 0x3c, 0xa2, 0x0c, 0x7c, 0x1d, 0x80, 0xfb, 0x5a, 0xcd, 0xfe, 0x32, 0x73, 0xdc, 0xc8, 0x6b, + 0x47, 0xd5, 0xf8, 0x2f, 0x2a, 0x45, 0x3b, 0x41, 0xc1, 0x06, 0x22, 0xfa, 0xae, 0x05, 0x4b, 0xb1, + 0xe3, 0x95, 0x11, 0xe5, 0x47, 0x62, 0x84, 0x18, 0x44, 0x71, 0x0a, 0x09, 0x67, 0x90, 0xd1, 0x97, + 0xa1, 0xca, 0x22, 0x27, 0x94, 0x15, 0x71, 0xee, 0x81, 0xb3, 0x68, 0xb2, 0x97, 0xed, 0x58, 0x09, + 0xd6, 0xfa, 0xd0, 0x2b, 0x00, 0xbb, 0xd4, 0xa3, 0xac, 0x27, 0xb4, 0xcf, 0x3f, 0x5c, 0xbd, 0xbd, + 0x9c, 0x68, 0xc0, 0x86, 0x36, 0xde, 0x33, 0xd4, 0x8c, 0x1f, 0x11, 0xc7, 0xc8, 0x87, 0x67, 0xa0, + 0x12, 0xf8, 0x03, 0xea, 0x52, 0x22, 0xfb, 0xe1, 0xaa, 0x3c, 0x0d, 0xdb, 0x8a, 0x86, 0x13, 0x2e, + 0xea, 0x42, 0x35, 0x4e, 0x28, 0x71, 0xfd, 0x6b, 0xcd, 0xb0, 0x37, 0xb1, 0xae, 0x66, 0x89, 0x5b, + 0x85, 0xb5, 0x6e, 0xfb, 0x2f, 0x05, 0x00, 0xf1, 0x8f, 0x89, 0x8a, 0x2b, 0x99, 0x75, 0x28, 0x85, + 0x24, 0xf0, 0xb3, 0x6b, 0xe0, 0x12, 0x58, 0x70, 0x52, 0x13, 0x56, 0xe1, 0x81, 0x26, 0xac, 0xe2, + 0x91, 0x13, 0x16, 0xaf, 0x4e, 0xac, 0xb7, 0x1d, 0xd2, 0xb1, 0x13, 0x91, 0x2d, 0x32, 0x51, 0x29, + 0x5e, 0x57, 0xa7, 0xf6, 0x15, 0xcd, 0xc4, 0x69, 0xd9, 0x03, 0x87, 0xd3, 0xf2, 0x7f, 0x71, 0x38, + 0x7d, 0xc7, 0x82, 0x25, 0xed, 0xd9, 0xff, 0xaf, 0xdf, 0x9a, 0xda, 0xee, 0x43, 0xa6, 0xad, 0x7f, + 0x5a, 0xb0, 0x1c, 0xf7, 0xf5, 0xaa, 0x3d, 0xc8, 0xa5, 0x1f, 0x48, 0xfd, 0x46, 0x29, 0x1e, 0xfd, + 0x1b, 0xc5, 0xcc, 0xba, 0xa5, 0x23, 0xb2, 0xee, 0x17, 0x32, 0x9d, 0xc0, 0x87, 0xa6, 0x3a, 0x01, + 0x94, 0x4c, 0x30, 0x13, 0xcf, 0x4d, 0x77, 0x4e, 0xf6, 0x2f, 0x2c, 0x58, 0x88, 0xd9, 0x37, 0xfc, + 0x8e, 0x98, 0x2b, 0x98, 0x08, 0x32, 0x2b, 0x3d, 0x57, 0xc8, 0x70, 0x90, 0x3c, 0x34, 0x82, 0x8a, + 0xdb, 0xa3, 0x83, 0x4e, 0x48, 0x3c, 0xb5, 0x2d, 0x2f, 0xe4, 0x30, 0x60, 0x71, 0x7c, 0x1d, 0x0a, + 0x2d, 0x05, 0x80, 0x13, 0x28, 0xfb, 0xb7, 0x45, 0x58, 0x4c, 0x4d, 0x63, 0xe8, 0x3c, 0xd4, 0xe4, + 0x7f, 0x8c, 0xb6, 0x61, 0x73, 0x72, 0x79, 0xb1, 0xa3, 0x59, 0xd8, 0x94, 0xe3, 0xfb, 0x31, 0xa0, + 0x63, 0xa9, 0x23, 0xfb, 0x5b, 0xeb, 0x5a, 0xcc, 0xc0, 0x5a, 0xc6, 0x18, 0x47, 0x8b, 0x0f, 0x3c, + 0x8e, 0xfe, 0xd8, 0x02, 0x24, 0x96, 0xc0, 0x35, 0x27, 0x53, 0xa3, 0xfa, 0x5d, 0x9c, 0x9b, 0xdf, + 0x4e, 0x2b, 0x8b, 0x50, 0x6b, 0x0a, 0x0a, 0x1f, 0x00, 0x6f, 0xdc, 0x10, 0x97, 0x1f, 0xcb, 0x0d, + 0xb1, 0xfd, 0x35, 0x38, 0x35, 0xd5, 0x36, 0xa9, 0x61, 0xc0, 0x3a, 0x68, 0x18, 0xe0, 0x91, 0x18, + 0x84, 0x23, 0x4f, 0x6e, 0x50, 0x45, 0x47, 0xe2, 0x36, 0x27, 0x62, 0xc9, 0xe3, 0x13, 0x42, 0x27, + 0x9c, 0xe0, 0x91, 0xec, 0xb2, 0x2b, 0x1a, 0x7d, 0x43, 0x50, 0xb1, 0xe2, 0xda, 0xdf, 0x29, 0xc0, + 0x62, 0xaa, 0x94, 0xa7, 0x86, 0x39, 0xeb, 0xc8, 0x61, 0x2e, 0x4f, 0x63, 0xd0, 0x1b, 0xb0, 0xc0, + 0xc4, 0x51, 0x0c, 0x9d, 0x88, 0x74, 0x27, 0x39, 0xdc, 0xd1, 0xb7, 0x0d, 0x75, 0xcd, 0x93, 0xfb, + 0x7b, 0x6b, 0x0b, 0x26, 0x05, 0xa7, 0xe0, 0xec, 0x9f, 0x17, 0xe0, 0x89, 0x03, 0xda, 0x1a, 0x74, + 0xc7, 0xbc, 0x37, 0x91, 0x83, 0xf5, 0xd5, 0x1c, 0xc2, 0x53, 0x25, 0x52, 0xf9, 0x33, 0xfc, 0xa0, + 0x5b, 0x93, 0x07, 0x9c, 0xab, 0x77, 0xa1, 0xdc, 0xf3, 0xfd, 0x7e, 0xdc, 0x40, 0xcc, 0x52, 0x10, + 0xf4, 0xd8, 0xd7, 0xac, 0xf2, 0xdd, 0xe4, 0xef, 0x0c, 0x4b, 0xf5, 0xf6, 0x7b, 0x16, 0xa4, 0xbc, + 0x88, 0x86, 0x50, 0xe6, 0x5a, 0x26, 0x39, 0xfc, 0x23, 0x34, 0xf5, 0x5e, 0xe4, 0x3a, 0x25, 0xbe, + 0x78, 0xc4, 0x12, 0x05, 0x51, 0x28, 0x71, 0x43, 0xd4, 0xb8, 0xb2, 0x95, 0x13, 0x1a, 0x5f, 0xa2, + 0x9c, 0x8e, 0xf8, 0x13, 0x16, 0x10, 0xf6, 0x05, 0x38, 0x35, 0x65, 0x11, 0x0f, 0xf9, 0x5d, 0x3f, + 0xfe, 0x25, 0x6a, 0x84, 0xfc, 0x65, 0x4e, 0xc4, 0x92, 0xc7, 0xeb, 0xc7, 0xc9, 0xac, 0x7a, 0xf4, + 0x13, 0x0b, 0x4e, 0xb1, 0xac, 0xbe, 0x47, 0xe2, 0xb5, 0x0f, 0x2a, 0xa3, 0xa6, 0xcd, 0xc7, 0xd3, + 0x16, 0xf0, 0x1d, 0xcd, 0x5e, 0x24, 0xf3, 0xd8, 0xa3, 0x1e, 0x23, 0xee, 0x28, 0x8c, 0x17, 0xaa, + 0x87, 0x5b, 0x45, 0xc7, 0x89, 0x04, 0x1f, 0xec, 0xe5, 0x8f, 0x8c, 0x1b, 0xba, 0x51, 0x4c, 0x06, + 0xfb, 0x76, 0xc2, 0xc1, 0x86, 0x14, 0x6f, 0x8f, 0x5d, 0x12, 0x46, 0x1b, 0xbc, 0x3d, 0xe2, 0x79, + 0x61, 0x41, 0xb6, 0xc7, 0x2d, 0x45, 0xc3, 0x09, 0x17, 0x7d, 0x18, 0xe6, 0xfb, 0x64, 0x22, 0x04, + 0x4b, 0x42, 0xb0, 0xc6, 0x2b, 0xfe, 0x96, 0x24, 0xe1, 0x98, 0x87, 0x6c, 0x98, 0x73, 0x1d, 0x21, + 0x55, 0x16, 0x52, 0x20, 0xfe, 0x69, 0x5c, 0x14, 0x42, 0x8a, 0xd3, 0xac, 0xdf, 0xbb, 0xbf, 0x7a, + 0xe2, 0xad, 0xfb, 0xab, 0x27, 0xde, 0xbe, 0xbf, 0x7a, 0xe2, 0xcd, 0xfd, 0x55, 0xeb, 0xde, 0xfe, + 0xaa, 0xf5, 0xd6, 0xfe, 0xaa, 0xf5, 0xf6, 0xfe, 0xaa, 0xf5, 0xf7, 0xfd, 0x55, 0xeb, 0x87, 0xef, + 0xae, 0x9e, 0x78, 0xa5, 0x12, 0xbb, 0xf6, 0xdf, 0x01, 0x00, 0x00, 0xff, 0xff, 0xcd, 0x46, 0x67, + 0x25, 0x15, 0x29, 0x00, 0x00, } diff --git a/pkg/apis/application/v1alpha1/generated.proto b/pkg/apis/application/v1alpha1/generated.proto index 0c084704a3fd5..9e65840162370 100644 --- a/pkg/apis/application/v1alpha1/generated.proto +++ b/pkg/apis/application/v1alpha1/generated.proto @@ -254,11 +254,11 @@ message HookStatus { optional string message = 6; } -// JwtToken holds the createdAt and expiresAt time of a token -message JwtToken { - optional int64 createdAt = 1; +// JWTToken holds the issuedAt and expiresAt values of a token +message JWTToken { + optional int64 iat = 1; - optional int64 expireAt = 2; + optional int64 exp = 2; } // Operation contains requested operation parameters. @@ -298,7 +298,7 @@ message ProjectRole { repeated string policies = 2; - repeated JwtToken jwtTokens = 3; + repeated JWTToken JWTTokens = 3; } // Repository is a Git repository holding application configurations diff --git a/pkg/apis/application/v1alpha1/types.go b/pkg/apis/application/v1alpha1/types.go index c0d3b33ac2163..1cf9e09c600e6 100644 --- a/pkg/apis/application/v1alpha1/types.go +++ b/pkg/apis/application/v1alpha1/types.go @@ -470,13 +470,13 @@ type AppProjectSpec struct { type ProjectRole struct { Name string `json:"name" protobuf:"bytes,1,opt,name=name"` Policies []string `json:"policies" protobuf:"bytes,2,rep,name=policies"` - JwtTokens []JwtToken `json:"jwtTokens" protobuf:"bytes,3,rep,name=jwtTokens"` + JWTTokens []JWTToken `json:"JWTTokens" protobuf:"bytes,3,rep,name=JWTTokens"` } -// JwtToken holds the createdAt and expiresAt time of a token -type JwtToken struct { - CreatedAt int64 `json:"createdAt" protobuf:"int64,1,opt,name=createdAt"` - ExpireAt int64 `json:"expireAt" protobuf:"int64,2,opt,name=expireAt"` +// JWTToken holds the issuedAt and expiresAt values of a token +type JWTToken struct { + IssuedAt int64 `json:"iat,omitempty" protobuf:"int64,1,opt,name=iat"` + ExpiresAt int64 `json:"exp,omitempty" protobuf:"int64,2,opt,name=exp"` } func GetDefaultProject(namespace string) AppProject { diff --git a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go index 12d3787d0391d..b3f99492c0053 100644 --- a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go @@ -494,17 +494,17 @@ func (in *HookStatus) DeepCopy() *HookStatus { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *JwtToken) DeepCopyInto(out *JwtToken) { +func (in *JWTToken) DeepCopyInto(out *JWTToken) { *out = *in return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JwtToken. -func (in *JwtToken) DeepCopy() *JwtToken { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTToken. +func (in *JWTToken) DeepCopy() *JWTToken { if in == nil { return nil } - out := new(JwtToken) + out := new(JWTToken) in.DeepCopyInto(out) return out } @@ -596,9 +596,9 @@ func (in *ProjectRole) DeepCopyInto(out *ProjectRole) { *out = make([]string, len(*in)) copy(*out, *in) } - if in.JwtTokens != nil { - in, out := &in.JwtTokens, &out.JwtTokens - *out = make([]JwtToken, len(*in)) + if in.JWTTokens != nil { + in, out := &in.JWTTokens, &out.JWTTokens + *out = make([]JWTToken, len(*in)) copy(*out, *in) } return diff --git a/server/project/project.go b/server/project/project.go index 4ff7a135592b9..36d2ef6e1bb77 100644 --- a/server/project/project.go +++ b/server/project/project.go @@ -26,8 +26,8 @@ import ( ) const ( - // JwtTokenSubTemplate format of the JWT token subject that ArgoCD vends out. - JwtTokenSubFormat = "proj:%s:%s" + // JWTTokenSubFormat format of the JWT token subject that ArgoCD vends out. + JWTTokenSubFormat = "proj:%s:%s" ) // Server provides a Project service @@ -69,7 +69,7 @@ func (s *Server) CreateToken(ctx context.Context, q *ProjectTokenCreateRequest) return nil, status.Errorf(codes.NotFound, "project '%s' does not have role '%s'", q.Project, q.Role) } - tokenName := fmt.Sprintf(JwtTokenSubFormat, q.Project, q.Role) + tokenName := fmt.Sprintf(JWTTokenSubFormat, q.Project, q.Role) jwtToken, err := s.sessionMgr.Create(tokenName, q.SecondsBeforeExpiry) if err != nil { return nil, status.Error(codes.InvalidArgument, err.Error()) @@ -83,9 +83,9 @@ func (s *Server) CreateToken(ctx context.Context, q *ProjectTokenCreateRequest) return nil, status.Error(codes.InvalidArgument, err.Error()) } issuedAt := jwtUtil.GetInt64Field(mapClaims, "iat") - expireAt := jwtUtil.GetInt64Field(mapClaims, "exp") + expiresAt := jwtUtil.GetInt64Field(mapClaims, "exp") - project.Spec.Roles[index].JwtTokens = append(project.Spec.Roles[index].JwtTokens, v1alpha1.JwtToken{CreatedAt: issuedAt, ExpireAt: expireAt}) + project.Spec.Roles[index].JWTTokens = append(project.Spec.Roles[index].JWTTokens, v1alpha1.JWTToken{IssuedAt: issuedAt, ExpiresAt: expiresAt}) _, err = s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Update(project) if err != nil { return nil, err @@ -179,7 +179,7 @@ func getRemovedSources(oldProj, newProj *v1alpha1.AppProject) map[string]bool { return removed } -func validateJwtToken(proj string, token string, policy string) error { +func validateJWTToken(proj string, token string, policy string) error { err := validatePolicy(proj, policy) if err != nil { return err @@ -257,8 +257,8 @@ func validateProject(p *v1alpha1.AppProject) error { existingPolicies := make(map[string]bool) for _, policy := range role.Policies { var err error - if role.JwtTokens != nil { - err = validateJwtToken(p.Name, role.Name, policy) + if role.JWTTokens != nil { + err = validateJWTToken(p.Name, role.Name, policy) } else { err = validatePolicy(p.Name, policy) } @@ -303,15 +303,15 @@ func (s *Server) DeleteToken(ctx context.Context, q *ProjectTokenDeleteRequest) if err != nil { return nil, status.Error(codes.NotFound, err.Error()) } - if project.Spec.Roles[roleIndex].JwtTokens == nil { + if project.Spec.Roles[roleIndex].JWTTokens == nil { return nil, status.Errorf(codes.NotFound, "Role '%s' does not have a JWT token", q.Role) } - jwtTokenIndex, err := projectUtil.GetJwtTokenIndexByCreatedAt(project, roleIndex, q.CreatedAt) + jwtTokenIndex, err := projectUtil.GetJWTTokenIndexByIssuedAt(project, roleIndex, q.IssuedAt) if err != nil { return nil, status.Error(codes.NotFound, err.Error()) } - project.Spec.Roles[roleIndex].JwtTokens[jwtTokenIndex] = project.Spec.Roles[roleIndex].JwtTokens[len(project.Spec.Roles[roleIndex].JwtTokens)-1] - project.Spec.Roles[roleIndex].JwtTokens = project.Spec.Roles[roleIndex].JwtTokens[:len(project.Spec.Roles[roleIndex].JwtTokens)-1] + project.Spec.Roles[roleIndex].JWTTokens[jwtTokenIndex] = project.Spec.Roles[roleIndex].JWTTokens[len(project.Spec.Roles[roleIndex].JWTTokens)-1] + project.Spec.Roles[roleIndex].JWTTokens = project.Spec.Roles[roleIndex].JWTTokens[:len(project.Spec.Roles[roleIndex].JWTTokens)-1] _, err = s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Update(project) if err != nil { return nil, err diff --git a/server/project/project.pb.go b/server/project/project.pb.go index 8a62d0aee3d5a..710c9364f50f3 100644 --- a/server/project/project.pb.go +++ b/server/project/project.pb.go @@ -66,9 +66,9 @@ func (m *ProjectCreateRequest) GetProject() *github_com_argoproj_argo_cd_pkg_api // ProjectTokenCreateRequest defines project token deletion parameters. type ProjectTokenDeleteRequest struct { - Project string `protobuf:"bytes,1,opt,name=project,proto3" json:"project,omitempty"` - Role string `protobuf:"bytes,2,opt,name=role,proto3" json:"role,omitempty"` - CreatedAt int64 `protobuf:"varint,3,opt,name=createdAt,proto3" json:"createdAt,omitempty"` + Project string `protobuf:"bytes,1,opt,name=project,proto3" json:"project,omitempty"` + Role string `protobuf:"bytes,2,opt,name=role,proto3" json:"role,omitempty"` + IssuedAt int64 `protobuf:"varint,3,opt,name=issuedAt,proto3" json:"issuedAt,omitempty"` } func (m *ProjectTokenDeleteRequest) Reset() { *m = ProjectTokenDeleteRequest{} } @@ -90,9 +90,9 @@ func (m *ProjectTokenDeleteRequest) GetRole() string { return "" } -func (m *ProjectTokenDeleteRequest) GetCreatedAt() int64 { +func (m *ProjectTokenDeleteRequest) GetIssuedAt() int64 { if m != nil { - return m.CreatedAt + return m.IssuedAt } return 0 } @@ -572,10 +572,10 @@ func (m *ProjectTokenDeleteRequest) MarshalTo(dAtA []byte) (int, error) { i = encodeVarintProject(dAtA, i, uint64(len(m.Role))) i += copy(dAtA[i:], m.Role) } - if m.CreatedAt != 0 { + if m.IssuedAt != 0 { dAtA[i] = 0x18 i++ - i = encodeVarintProject(dAtA, i, uint64(m.CreatedAt)) + i = encodeVarintProject(dAtA, i, uint64(m.IssuedAt)) } return i, nil } @@ -739,8 +739,8 @@ func (m *ProjectTokenDeleteRequest) Size() (n int) { if l > 0 { n += 1 + l + sovProject(uint64(l)) } - if m.CreatedAt != 0 { - n += 1 + sovProject(uint64(m.CreatedAt)) + if m.IssuedAt != 0 { + n += 1 + sovProject(uint64(m.IssuedAt)) } return n } @@ -983,9 +983,9 @@ func (m *ProjectTokenDeleteRequest) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 3: if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field CreatedAt", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field IssuedAt", wireType) } - m.CreatedAt = 0 + m.IssuedAt = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowProject @@ -995,7 +995,7 @@ func (m *ProjectTokenDeleteRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.CreatedAt |= (int64(b) & 0x7F) << shift + m.IssuedAt |= (int64(b) & 0x7F) << shift if b < 0x80 { break } @@ -1547,47 +1547,47 @@ var ( func init() { proto.RegisterFile("server/project/project.proto", fileDescriptorProject) } var fileDescriptorProject = []byte{ - // 665 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x95, 0xcf, 0x4f, 0x13, 0x41, - 0x14, 0xc7, 0xb3, 0x80, 0x25, 0x0c, 0xfe, 0xca, 0x08, 0x58, 0x0a, 0x54, 0x9c, 0x83, 0x21, 0x8d, - 0xcc, 0x5a, 0xf0, 0x40, 0xbc, 0x81, 0x36, 0x86, 0xc4, 0x83, 0x56, 0x4d, 0x8c, 0x17, 0x32, 0xec, - 0x3e, 0x97, 0xa5, 0xed, 0xce, 0x38, 0x3b, 0xac, 0x36, 0xc4, 0x0b, 0xf1, 0xe6, 0xd1, 0x3f, 0xc1, - 0x7f, 0xc6, 0xa3, 0x89, 0xff, 0x80, 0x21, 0xfe, 0x0d, 0x9e, 0xcd, 0xbc, 0xdd, 0xa5, 0x2c, 0xed, - 0x92, 0x98, 0x34, 0x9e, 0x3a, 0x3b, 0xf3, 0x66, 0x3e, 0xdf, 0xef, 0x7b, 0xf3, 0x3a, 0x64, 0x39, - 0x06, 0x9d, 0x80, 0x76, 0x95, 0x96, 0x87, 0xe0, 0x99, 0xfc, 0x97, 0x2b, 0x2d, 0x8d, 0xa4, 0xd3, - 0xd9, 0x67, 0x6d, 0x2e, 0x90, 0x81, 0xc4, 0x39, 0xd7, 0x8e, 0xd2, 0xe5, 0xda, 0x72, 0x20, 0x65, - 0xd0, 0x05, 0x57, 0xa8, 0xd0, 0x15, 0x51, 0x24, 0x8d, 0x30, 0xa1, 0x8c, 0xe2, 0x6c, 0x95, 0x75, - 0xb6, 0x62, 0x1e, 0x4a, 0x5c, 0xf5, 0xa4, 0x06, 0x37, 0x69, 0xba, 0x01, 0x44, 0xa0, 0x85, 0x01, - 0x3f, 0x8b, 0x79, 0x38, 0x88, 0xe9, 0x09, 0xef, 0x20, 0x8c, 0x40, 0xf7, 0x5d, 0xd5, 0x09, 0xec, - 0x44, 0xec, 0xf6, 0xc0, 0x88, 0x51, 0xbb, 0x76, 0x83, 0xd0, 0x1c, 0x1c, 0xed, 0x73, 0x4f, 0xf6, - 0x5c, 0xa1, 0x51, 0xd8, 0x21, 0x0e, 0xd6, 0x3d, 0x7f, 0xb0, 0x5b, 0x28, 0xd5, 0x0d, 0x3d, 0x94, - 0xe4, 0x26, 0x4d, 0xd1, 0x55, 0x07, 0x62, 0xe8, 0x28, 0xf6, 0x81, 0xcc, 0x3d, 0x4f, 0x3d, 0x3e, - 0xd6, 0x20, 0x0c, 0xb4, 0xe1, 0xfd, 0x11, 0xc4, 0x86, 0xee, 0x91, 0xdc, 0x7b, 0xd5, 0x59, 0x75, - 0xd6, 0x66, 0x37, 0x5a, 0x7c, 0x00, 0xe5, 0x39, 0x14, 0x07, 0x7b, 0x9e, 0xcf, 0x55, 0x27, 0xe0, - 0x16, 0xca, 0xcf, 0x41, 0x79, 0x0e, 0xe5, 0xdb, 0x4a, 0x65, 0x90, 0x76, 0x7e, 0x2a, 0x0b, 0xc8, - 0x62, 0x36, 0xf7, 0x4a, 0x76, 0x20, 0x7a, 0x02, 0x5d, 0x18, 0xd0, 0xab, 0x45, 0xfa, 0xcc, 0xd9, - 0x36, 0x4a, 0xc9, 0x94, 0x96, 0x5d, 0xa8, 0x4e, 0xe0, 0x34, 0x8e, 0xe9, 0x32, 0x99, 0xf1, 0x50, - 0xbc, 0xbf, 0x6d, 0xaa, 0x93, 0xab, 0xce, 0xda, 0x64, 0x7b, 0x30, 0xc1, 0x8e, 0x8b, 0xa0, 0xa2, - 0xcd, 0x7f, 0x03, 0x3d, 0x20, 0xb7, 0x62, 0xf0, 0x64, 0xe4, 0xc7, 0x3b, 0xf0, 0x4e, 0x6a, 0x68, - 0x7d, 0x54, 0xa1, 0xee, 0x67, 0xc8, 0x51, 0x4b, 0xec, 0xfe, 0x59, 0x7a, 0x11, 0xde, 0x86, 0x58, - 0xc9, 0x28, 0x06, 0x3a, 0x47, 0xae, 0x18, 0x3b, 0x91, 0x51, 0xd3, 0x0f, 0xc6, 0xc8, 0xd5, 0x2c, - 0xfa, 0xc5, 0x11, 0xe8, 0xbe, 0xd5, 0x10, 0x89, 0x1e, 0x64, 0x41, 0x38, 0x3e, 0x57, 0xb0, 0xd7, - 0xca, 0xff, 0x9f, 0x05, 0xbb, 0x41, 0xae, 0xb5, 0x7a, 0xca, 0xf4, 0x73, 0x0f, 0x1b, 0x7f, 0xa6, - 0xc9, 0xf5, 0x2c, 0xea, 0x25, 0xe8, 0x24, 0xf4, 0x80, 0xc6, 0x64, 0x36, 0xcd, 0x2f, 0xba, 0xa5, - 0x8c, 0xe7, 0xed, 0x54, 0x5a, 0x81, 0xda, 0xca, 0xc8, 0x98, 0x1c, 0xc2, 0xee, 0x9e, 0xfc, 0xfc, - 0xfd, 0x75, 0x62, 0x89, 0x2d, 0x60, 0x1b, 0x25, 0xcd, 0xbc, 0x41, 0x63, 0x17, 0x53, 0xf6, 0xc8, - 0x69, 0xd0, 0x90, 0xcc, 0xa6, 0xb7, 0xe7, 0x32, 0x68, 0xe1, 0x7e, 0xd5, 0x16, 0xce, 0x62, 0x0a, - 0x96, 0x58, 0x1d, 0x69, 0xd5, 0x46, 0x09, 0x8d, 0x7e, 0x71, 0x48, 0x25, 0x95, 0x4f, 0x87, 0x74, - 0x17, 0x6d, 0x8d, 0x27, 0xfb, 0x6c, 0x09, 0x05, 0xcd, 0xb3, 0x9b, 0x17, 0x05, 0x59, 0xe3, 0x27, - 0x0e, 0x99, 0x7a, 0x16, 0xc6, 0x86, 0xce, 0x5f, 0xd4, 0x82, 0xd7, 0xa7, 0xb6, 0x3b, 0x16, 0x0d, - 0x96, 0xc0, 0xaa, 0xa8, 0x83, 0xd2, 0x21, 0x1d, 0xf4, 0xb3, 0x43, 0x26, 0x9f, 0x42, 0xa9, 0x86, - 0x31, 0xe5, 0xe1, 0x0e, 0xf2, 0x17, 0xe9, 0xed, 0xa1, 0xc2, 0x1c, 0xdb, 0xae, 0xf8, 0x44, 0xbf, - 0x39, 0xa4, 0x92, 0x36, 0xc4, 0x70, 0x65, 0x0a, 0x8d, 0x32, 0x2e, 0x45, 0x9b, 0xa8, 0x68, 0xbd, - 0xb6, 0x36, 0xac, 0x28, 0xc7, 0xdb, 0xbf, 0x6f, 0x5f, 0x18, 0xc1, 0x51, 0xa2, 0xad, 0xd8, 0x1b, - 0x52, 0x49, 0x2f, 0x62, 0x59, 0xba, 0xca, 0x2e, 0x66, 0xe6, 0xbf, 0x51, 0xea, 0xff, 0x90, 0x10, - 0x5b, 0xa8, 0x56, 0x02, 0x91, 0x89, 0xcb, 0x4e, 0x5f, 0xe1, 0xe9, 0x73, 0x63, 0x1d, 0x72, 0xfb, - 0x24, 0xf1, 0xa4, 0xc9, 0x71, 0x0b, 0x16, 0xf9, 0x1e, 0x42, 0x56, 0x69, 0xbd, 0x04, 0xe2, 0x02, - 0x9e, 0xbe, 0xb3, 0xf5, 0xfd, 0xb4, 0xee, 0xfc, 0x38, 0xad, 0x3b, 0xbf, 0x4e, 0xeb, 0xce, 0xdb, - 0xc6, 0x65, 0x8f, 0x51, 0xf1, 0x75, 0xdd, 0xaf, 0xe0, 0xa3, 0xb3, 0xf9, 0x37, 0x00, 0x00, 0xff, - 0xff, 0x1d, 0x14, 0x43, 0x64, 0x76, 0x07, 0x00, 0x00, + // 666 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x95, 0x4f, 0x6f, 0xd3, 0x30, + 0x18, 0xc6, 0x95, 0x6d, 0x74, 0xe0, 0xf1, 0x4f, 0x66, 0x1b, 0x5d, 0xb6, 0x95, 0xe1, 0x03, 0x9a, + 0x2a, 0xe6, 0xd0, 0x8d, 0xc3, 0xc4, 0x6d, 0x83, 0x0a, 0x4d, 0xe2, 0x00, 0x05, 0x24, 0xc4, 0x65, + 0xf2, 0x92, 0x97, 0x2c, 0x6b, 0x1b, 0x1b, 0xdb, 0x0d, 0x54, 0x13, 0x97, 0x89, 0x1b, 0x47, 0x3e, + 0x02, 0x5f, 0x86, 0x23, 0x12, 0x5f, 0x00, 0x4d, 0x7c, 0x06, 0xce, 0xc8, 0x4e, 0xd2, 0x2e, 0x6b, + 0x33, 0x09, 0xa9, 0xe2, 0x54, 0xc7, 0x7e, 0xed, 0xdf, 0xf3, 0xbc, 0xaf, 0xdf, 0x1a, 0xad, 0x28, + 0x90, 0x09, 0x48, 0x4f, 0x48, 0x7e, 0x04, 0xbe, 0xce, 0x7f, 0xa9, 0x90, 0x5c, 0x73, 0x3c, 0x9b, + 0x7d, 0xba, 0xf3, 0x21, 0x0f, 0xb9, 0x9d, 0xf3, 0xcc, 0x28, 0x5d, 0x76, 0x57, 0x42, 0xce, 0xc3, + 0x0e, 0x78, 0x4c, 0x44, 0x1e, 0x8b, 0x63, 0xae, 0x99, 0x8e, 0x78, 0xac, 0xb2, 0x55, 0xd2, 0xde, + 0x56, 0x34, 0xe2, 0x76, 0xd5, 0xe7, 0x12, 0xbc, 0xa4, 0xe1, 0x85, 0x10, 0x83, 0x64, 0x1a, 0x82, + 0x2c, 0xe6, 0xe1, 0x30, 0xa6, 0xcb, 0xfc, 0xc3, 0x28, 0x06, 0xd9, 0xf7, 0x44, 0x3b, 0x34, 0x13, + 0xca, 0xeb, 0x82, 0x66, 0xe3, 0x76, 0xed, 0x85, 0x91, 0x3e, 0xec, 0x1d, 0x50, 0x9f, 0x77, 0x3d, + 0x26, 0xad, 0xb0, 0x23, 0x3b, 0xd8, 0xf0, 0x83, 0xe1, 0x6e, 0x26, 0x44, 0x27, 0xf2, 0xad, 0x24, + 0x2f, 0x69, 0xb0, 0x8e, 0x38, 0x64, 0x23, 0x47, 0x91, 0x0f, 0x68, 0xfe, 0x79, 0xea, 0xf1, 0xb1, + 0x04, 0xa6, 0xa1, 0x05, 0xef, 0x7b, 0xa0, 0x34, 0xde, 0x47, 0xb9, 0xf7, 0xaa, 0xb3, 0xe6, 0xac, + 0xcf, 0x6d, 0x36, 0xe9, 0x10, 0x4a, 0x73, 0xa8, 0x1d, 0xec, 0xfb, 0x01, 0x15, 0xed, 0x90, 0x1a, + 0x28, 0x3d, 0x03, 0xa5, 0x39, 0x94, 0xee, 0x08, 0x91, 0x41, 0x5a, 0xf9, 0xa9, 0x04, 0xd0, 0x52, + 0x36, 0xf7, 0x8a, 0xb7, 0x21, 0x7e, 0x02, 0x1d, 0x18, 0xd2, 0xab, 0x45, 0xfa, 0x95, 0xc1, 0x36, + 0x8c, 0xd1, 0x8c, 0xe4, 0x1d, 0xa8, 0x4e, 0xd9, 0x69, 0x3b, 0xc6, 0x2e, 0xba, 0x1c, 0x29, 0xd5, + 0x83, 0x60, 0x47, 0x57, 0xa7, 0xd7, 0x9c, 0xf5, 0xe9, 0xd6, 0xe0, 0x9b, 0x1c, 0x17, 0x31, 0x45, + 0x93, 0xff, 0x86, 0x79, 0x80, 0x6e, 0x29, 0xf0, 0x79, 0x1c, 0xa8, 0x5d, 0x78, 0xc7, 0x25, 0x34, + 0x3f, 0x8a, 0x48, 0xf6, 0x33, 0xe2, 0xb8, 0x25, 0x72, 0x7f, 0x90, 0x5c, 0x0b, 0x6f, 0x81, 0x12, + 0x3c, 0x56, 0x80, 0xe7, 0xd1, 0x25, 0x6d, 0x26, 0x32, 0x6a, 0xfa, 0x41, 0x08, 0xba, 0x9a, 0x45, + 0xbf, 0xe8, 0x81, 0xec, 0x1b, 0x0d, 0x31, 0xeb, 0x42, 0x16, 0x64, 0xc7, 0x67, 0xca, 0xf5, 0x5a, + 0x04, 0xff, 0xb3, 0x5c, 0x37, 0xd0, 0xb5, 0x66, 0x57, 0xe8, 0x7e, 0xee, 0x61, 0xf3, 0xcf, 0x2c, + 0xba, 0x9e, 0x45, 0xbd, 0x04, 0x99, 0x44, 0x3e, 0x60, 0x85, 0xe6, 0xd2, 0xfc, 0x5a, 0xb7, 0x98, + 0xd0, 0xbc, 0x99, 0x4a, 0x2b, 0xe0, 0xae, 0x8e, 0x8d, 0xc9, 0x21, 0xe4, 0xee, 0xc9, 0xcf, 0xdf, + 0x5f, 0xa7, 0x96, 0xc9, 0xa2, 0x6d, 0xa2, 0xa4, 0x91, 0xb7, 0xa7, 0xf2, 0x6c, 0xca, 0x1e, 0x39, + 0x75, 0x1c, 0xa1, 0xb9, 0xf4, 0xee, 0x5c, 0x04, 0x2d, 0xdc, 0x2e, 0x77, 0x71, 0x10, 0x53, 0xb0, + 0x44, 0x6a, 0x96, 0x56, 0xad, 0x97, 0xd0, 0xf0, 0x17, 0x07, 0x55, 0x52, 0xf9, 0x78, 0x44, 0x77, + 0xd1, 0xd6, 0x64, 0xb2, 0x4f, 0x96, 0xad, 0xa0, 0x05, 0x72, 0xf3, 0xbc, 0x20, 0x63, 0xfc, 0xc4, + 0x41, 0x33, 0xcf, 0x22, 0xa5, 0xf1, 0xc2, 0x79, 0x2d, 0xf6, 0xfa, 0xb8, 0x7b, 0x13, 0xd1, 0x60, + 0x08, 0xa4, 0x6a, 0x75, 0x60, 0x3c, 0xa2, 0x03, 0x7f, 0x76, 0xd0, 0xf4, 0x53, 0x28, 0xd5, 0x30, + 0xa1, 0x3c, 0xdc, 0xb1, 0xfc, 0x25, 0x7c, 0x7b, 0xa4, 0x30, 0xc7, 0xa6, 0x2b, 0x3e, 0xe1, 0x6f, + 0x0e, 0xaa, 0xa4, 0x0d, 0x31, 0x5a, 0x99, 0x42, 0xa3, 0x4c, 0x4a, 0xd1, 0x96, 0x55, 0xb4, 0xe1, + 0xae, 0x8f, 0x2a, 0xca, 0xf1, 0xe6, 0xcf, 0x3b, 0x60, 0x9a, 0x51, 0x2b, 0xd1, 0x54, 0xec, 0x0d, + 0xaa, 0xa4, 0x17, 0xb1, 0x2c, 0x5d, 0x65, 0x17, 0x33, 0xf3, 0x5f, 0x2f, 0xf5, 0x7f, 0x84, 0x90, + 0x29, 0x54, 0x33, 0x81, 0x58, 0xab, 0xb2, 0xd3, 0x57, 0x69, 0xfa, 0xd8, 0x18, 0x87, 0xd4, 0x3c, + 0x48, 0x34, 0x69, 0x50, 0xbb, 0xc5, 0x16, 0xf9, 0x9e, 0x85, 0xac, 0xe1, 0x5a, 0x09, 0xc4, 0x03, + 0x7b, 0xfa, 0xee, 0xf6, 0xf7, 0xd3, 0x9a, 0xf3, 0xe3, 0xb4, 0xe6, 0xfc, 0x3a, 0xad, 0x39, 0x6f, + 0xeb, 0x17, 0x3d, 0x45, 0xc5, 0xb7, 0xf5, 0xa0, 0x62, 0x9f, 0x9c, 0xad, 0xbf, 0x01, 0x00, 0x00, + 0xff, 0xff, 0x0b, 0x18, 0x5a, 0x25, 0x74, 0x07, 0x00, 0x00, } diff --git a/server/project/project.proto b/server/project/project.proto index cc3fec82790a6..5d6495660f26e 100644 --- a/server/project/project.proto +++ b/server/project/project.proto @@ -22,7 +22,7 @@ message ProjectCreateRequest { message ProjectTokenDeleteRequest { string project = 1; string role = 2; - int64 createdAt = 3; + int64 issuedAt = 3; } // ProjectTokenCreateRequest defines project token creation parameters. diff --git a/server/project/project_test.go b/server/project/project_test.go index fd932d7d244d0..b1c067861d9ec 100644 --- a/server/project/project_test.go +++ b/server/project/project_test.go @@ -144,7 +144,7 @@ func TestProjectServer(t *testing.T) { mapClaims, err := jwtUtil.MapClaims(claims) subject, ok := mapClaims["sub"].(string) assert.True(t, ok) - expectedSubject := fmt.Sprintf(JwtTokenSubFormat, projectWithRole.Name, tokenName) + expectedSubject := fmt.Sprintf(JWTTokenSubFormat, projectWithRole.Name, tokenName) assert.Equal(t, expectedSubject, subject) assert.Nil(t, err) }) @@ -153,26 +153,26 @@ func TestProjectServer(t *testing.T) { sessionMgr := session.NewSessionManager(&settings.ArgoCDSettings{}) projWithToken := existingProj.DeepCopy() tokenName := "testToken" - createdAt := int64(1) - secondCreatedAt := createdAt + 1 - token := v1alpha1.ProjectRole{Name: tokenName, JwtTokens: []v1alpha1.JwtToken{{CreatedAt: createdAt}, {CreatedAt: secondCreatedAt}}} + issuedAt := int64(1) + secondIssuedAt := issuedAt + 1 + token := v1alpha1.ProjectRole{Name: tokenName, JWTTokens: []v1alpha1.JWTToken{{IssuedAt: issuedAt}, {IssuedAt: secondIssuedAt}}} projWithToken.Spec.Roles = append(projWithToken.Spec.Roles, token) projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, util.NewKeyLock(), sessionMgr) - _, err := projectServer.DeleteToken(context.Background(), &ProjectTokenDeleteRequest{Project: projWithToken.Name, Role: tokenName, CreatedAt: createdAt}) + _, err := projectServer.DeleteToken(context.Background(), &ProjectTokenDeleteRequest{Project: projWithToken.Name, Role: tokenName, IssuedAt: issuedAt}) assert.Nil(t, err) projWithoutToken, err := projectServer.Get(context.Background(), &ProjectQuery{Name: projWithToken.Name}) assert.Nil(t, err) assert.Len(t, projWithoutToken.Spec.Roles, 1) - assert.Len(t, projWithoutToken.Spec.Roles[0].JwtTokens, 1) - assert.Equal(t, projWithoutToken.Spec.Roles[0].JwtTokens[0].CreatedAt, secondCreatedAt) + assert.Len(t, projWithoutToken.Spec.Roles[0].JWTTokens, 1) + assert.Equal(t, projWithoutToken.Spec.Roles[0].JWTTokens[0].IssuedAt, secondIssuedAt) }) t.Run("TestCreateTwoTokensInRoleSuccess", func(t *testing.T) { sessionMgr := session.NewSessionManager(&settings.ArgoCDSettings{}) projWithToken := existingProj.DeepCopy() tokenName := "testToken" - token := v1alpha1.ProjectRole{Name: tokenName, JwtTokens: []v1alpha1.JwtToken{{CreatedAt: 1}}} + token := v1alpha1.ProjectRole{Name: tokenName, JWTTokens: []v1alpha1.JWTToken{{IssuedAt: 1}}} projWithToken.Spec.Roles = append(projWithToken.Spec.Roles, token) projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, util.NewKeyLock(), sessionMgr) _, err := projectServer.CreateToken(context.Background(), &ProjectTokenCreateRequest{Project: projWithToken.Name, Role: tokenName}) @@ -180,7 +180,7 @@ func TestProjectServer(t *testing.T) { projWithTwoTokens, err := projectServer.Get(context.Background(), &ProjectQuery{Name: projWithToken.Name}) assert.Nil(t, err) assert.Len(t, projWithTwoTokens.Spec.Roles, 1) - assert.Len(t, projWithTwoTokens.Spec.Roles[0].JwtTokens, 2) + assert.Len(t, projWithTwoTokens.Spec.Roles[0].JWTTokens, 2) }) t.Run("TestCreateRolePolicySuccessfully", func(t *testing.T) { @@ -190,7 +190,7 @@ func TestProjectServer(t *testing.T) { effect := "allow" projWithRole := existingProj.DeepCopy() - role := v1alpha1.ProjectRole{Name: roleName, JwtTokens: []v1alpha1.JwtToken{{CreatedAt: 1}}} + role := v1alpha1.ProjectRole{Name: roleName, JWTTokens: []v1alpha1.JWTToken{{IssuedAt: 1}}} policy := fmt.Sprintf(policyTemplate, projWithRole.Name, roleName, action, projWithRole.Name, object, effect) role.Policies = append(role.Policies, policy) projWithRole.Spec.Roles = append(projWithRole.Spec.Roles, role) @@ -211,7 +211,7 @@ func TestProjectServer(t *testing.T) { effect := "allow" projWithRole := existingProj.DeepCopy() - role := v1alpha1.ProjectRole{Name: roleName, JwtTokens: []v1alpha1.JwtToken{{CreatedAt: 1}}} + role := v1alpha1.ProjectRole{Name: roleName, JWTTokens: []v1alpha1.JWTToken{{IssuedAt: 1}}} policy := fmt.Sprintf(policyTemplate, projWithRole.Name, roleName, action, projWithRole.Name, object, effect) role.Policies = append(role.Policies, policy) role.Policies = append(role.Policies, policy) @@ -232,7 +232,7 @@ func TestProjectServer(t *testing.T) { effect := "allow" projWithRole := existingProj.DeepCopy() - role := v1alpha1.ProjectRole{Name: roleName, JwtTokens: []v1alpha1.JwtToken{{CreatedAt: 1}}} + role := v1alpha1.ProjectRole{Name: roleName, JWTTokens: []v1alpha1.JWTToken{{IssuedAt: 1}}} policy := fmt.Sprintf(policyTemplate, projWithRole.Name, roleName, action, otherProject, object, effect) role.Policies = append(role.Policies, policy) projWithRole.Spec.Roles = append(projWithRole.Spec.Roles, role) @@ -252,7 +252,7 @@ func TestProjectServer(t *testing.T) { effect := "allow" projWithRole := existingProj.DeepCopy() - role := v1alpha1.ProjectRole{Name: roleName, JwtTokens: []v1alpha1.JwtToken{{CreatedAt: 1}}} + role := v1alpha1.ProjectRole{Name: roleName, JWTTokens: []v1alpha1.JWTToken{{IssuedAt: 1}}} invalidPolicy := fmt.Sprintf(policyTemplate, otherProject, roleName, action, projWithRole.Name, object, effect) role.Policies = append(role.Policies, invalidPolicy) projWithRole.Spec.Roles = append(projWithRole.Spec.Roles, role) @@ -272,7 +272,7 @@ func TestProjectServer(t *testing.T) { effect := "allow" projWithRole := existingProj.DeepCopy() - role := v1alpha1.ProjectRole{Name: roleName, JwtTokens: []v1alpha1.JwtToken{{CreatedAt: 1}}} + role := v1alpha1.ProjectRole{Name: roleName, JWTTokens: []v1alpha1.JWTToken{{IssuedAt: 1}}} invalidPolicy := fmt.Sprintf(policyTemplate, projWithRole.Name, otherToken, action, projWithRole.Name, object, effect) role.Policies = append(role.Policies, invalidPolicy) projWithRole.Spec.Roles = append(projWithRole.Spec.Roles, role) @@ -291,7 +291,7 @@ func TestProjectServer(t *testing.T) { effect := "testEffect" projWithRole := existingProj.DeepCopy() - role := v1alpha1.ProjectRole{Name: roleName, JwtTokens: []v1alpha1.JwtToken{{CreatedAt: 1}}} + role := v1alpha1.ProjectRole{Name: roleName, JWTTokens: []v1alpha1.JWTToken{{IssuedAt: 1}}} invalidPolicy := fmt.Sprintf(policyTemplate, projWithRole.Name, roleName, action, projWithRole.Name, object, effect) role.Policies = append(role.Policies, invalidPolicy) projWithRole.Spec.Roles = append(projWithRole.Spec.Roles, role) diff --git a/server/server.go b/server/server.go index ac9be4fb19995..91044f6900a3e 100644 --- a/server/server.go +++ b/server/server.go @@ -622,14 +622,14 @@ func DefaultEnforceClaims(enf *rbac.Enforcer, a appclientset.Interface, namespac } user := jwtUtil.GetField(mapClaims, "sub") if strings.HasPrefix(user, "proj:") { - return enforceJwtToken(enf, a, namespace, user, mapClaims, rvals...) + return enforceJWTToken(enf, a, namespace, user, mapClaims, rvals...) } vals := append([]interface{}{user}, rvals[1:]...) return enf.Enforce(vals...) } } -func enforceJwtToken(enf *rbac.Enforcer, a appclientset.Interface, namespace string, user string, mapClaims jwt.MapClaims, rvals ...interface{}) bool { +func enforceJWTToken(enf *rbac.Enforcer, a appclientset.Interface, namespace string, user string, mapClaims jwt.MapClaims, rvals ...interface{}) bool { userSplit := strings.Split(user, ":") if len(userSplit) != 3 { return false @@ -644,11 +644,11 @@ func enforceJwtToken(enf *rbac.Enforcer, a appclientset.Interface, namespace str if err != nil { return false } - if proj.Spec.Roles[index].JwtTokens == nil { + if proj.Spec.Roles[index].JWTTokens == nil { return false } iat := jwtUtil.GetInt64Field(mapClaims, "iat") - _, err = projectUtil.GetJwtTokenIndexByCreatedAt(proj, index, iat) + _, err = projectUtil.GetJWTTokenIndexByIssuedAt(proj, index, iat) if err != nil { return false } diff --git a/server/server_test.go b/server/server_test.go index fed2a18b0f0cd..d8bedf4c4dc12 100644 --- a/server/server_test.go +++ b/server/server_test.go @@ -52,7 +52,7 @@ func fakeSecret(policy ...string) *apiv1.Secret { return &secret } -func TestEnforceJwtToken(t *testing.T) { +func TestEnforceJWTToken(t *testing.T) { projectName := "testProj" roleName := "testRole" subFormat := "proj:%s:%s" @@ -61,11 +61,11 @@ func TestEnforceJwtToken(t *testing.T) { defaultObject := "*" defaultEffect := "allow" defaultTestObject := fmt.Sprintf("%s/%s", projectName, "test") - defaultCreatedAt := int64(1) + defaultIssuedAt := int64(1) defaultSub := fmt.Sprintf(subFormat, projectName, roleName) defaultPolicy := fmt.Sprintf(policyTemplate, defaultSub, projectName, defaultObject, defaultEffect) - role := v1alpha1.ProjectRole{Name: roleName, Policies: []string{defaultPolicy}, JwtTokens: []v1alpha1.JwtToken{{CreatedAt: defaultCreatedAt}}} + role := v1alpha1.ProjectRole{Name: roleName, Policies: []string{defaultPolicy}, JWTTokens: []v1alpha1.JWTToken{{IssuedAt: defaultIssuedAt}}} existingProj := v1alpha1.AppProject{ ObjectMeta: v1.ObjectMeta{Name: projectName, Namespace: fakeNamespace}, Spec: v1alpha1.AppProjectSpec{ @@ -76,60 +76,60 @@ func TestEnforceJwtToken(t *testing.T) { secret := fakeSecret() kubeclientset := fake.NewSimpleClientset(cm, secret) - t.Run("TestEnforceJwtTokenSuccessful", func(t *testing.T) { + t.Run("TestEnforceJWTTokenSuccessful", func(t *testing.T) { s := NewServer(ArgoCDServerOpts{Namespace: fakeNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj)}) s.newGRPCServer() - claims := jwt.MapClaims{"sub": defaultSub, "iat": defaultCreatedAt} + claims := jwt.MapClaims{"sub": defaultSub, "iat": defaultIssuedAt} assert.True(t, s.enf.EnforceClaims(claims, "applications", "get", defaultTestObject)) }) - t.Run("TestEnforceJwtTokenWithDiffCreateAtFailure", func(t *testing.T) { + t.Run("TestEnforceJWTTokenWithDiffCreateAtFailure", func(t *testing.T) { s := NewServer(ArgoCDServerOpts{Namespace: fakeNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj)}) s.newGRPCServer() - diffCreateAt := defaultCreatedAt + 1 + diffCreateAt := defaultIssuedAt + 1 claims := jwt.MapClaims{"sub": defaultSub, "iat": diffCreateAt} assert.False(t, s.enf.EnforceClaims(claims, "applications", "get", defaultTestObject)) }) - t.Run("TestEnforceJwtTokenIncorrectSubFormatFailure", func(t *testing.T) { + t.Run("TestEnforceJWTTokenIncorrectSubFormatFailure", func(t *testing.T) { s := NewServer(ArgoCDServerOpts{Namespace: fakeNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj)}) s.newGRPCServer() invalidSub := "proj:test" - claims := jwt.MapClaims{"sub": invalidSub, "iat": defaultCreatedAt} + claims := jwt.MapClaims{"sub": invalidSub, "iat": defaultIssuedAt} assert.False(t, s.enf.EnforceClaims(claims, "applications", "get", defaultTestObject)) }) - t.Run("TestEnforceJwtTokenNoTokenFailure", func(t *testing.T) { + t.Run("TestEnforceJWTTokenNoTokenFailure", func(t *testing.T) { s := NewServer(ArgoCDServerOpts{Namespace: fakeNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj)}) s.newGRPCServer() nonExistentToken := "fake-token" invalidSub := fmt.Sprintf(subFormat, projectName, nonExistentToken) - claims := jwt.MapClaims{"sub": invalidSub, "iat": defaultCreatedAt} + claims := jwt.MapClaims{"sub": invalidSub, "iat": defaultIssuedAt} assert.False(t, s.enf.EnforceClaims(claims, "applications", "get", defaultTestObject)) }) - t.Run("TestEnforceJwtTokenNotJwtTokenFailure", func(t *testing.T) { + t.Run("TestEnforceJWTTokenNotJWTTokenFailure", func(t *testing.T) { proj := existingProj.DeepCopy() - proj.Spec.Roles[0].JwtTokens = nil + proj.Spec.Roles[0].JWTTokens = nil s := NewServer(ArgoCDServerOpts{Namespace: fakeNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(proj)}) s.newGRPCServer() - claims := jwt.MapClaims{"sub": defaultSub, "iat": defaultCreatedAt} + claims := jwt.MapClaims{"sub": defaultSub, "iat": defaultIssuedAt} assert.False(t, s.enf.EnforceClaims(claims, "applications", "get", defaultTestObject)) }) - t.Run("TestEnforceJwtTokenExplicitDeny", func(t *testing.T) { + t.Run("TestEnforceJWTTokenExplicitDeny", func(t *testing.T) { denyApp := "testDenyApp" allowPolicy := fmt.Sprintf(policyTemplate, defaultSub, projectName, defaultObject, defaultEffect) denyPolicy := fmt.Sprintf(policyTemplate, defaultSub, projectName, denyApp, "deny") - role := v1alpha1.ProjectRole{Name: roleName, Policies: []string{allowPolicy, denyPolicy}, JwtTokens: []v1alpha1.JwtToken{{CreatedAt: defaultCreatedAt}}} + role := v1alpha1.ProjectRole{Name: roleName, Policies: []string{allowPolicy, denyPolicy}, JWTTokens: []v1alpha1.JWTToken{{IssuedAt: defaultIssuedAt}}} proj := existingProj.DeepCopy() proj.Spec.Roles[0] = role s := NewServer(ArgoCDServerOpts{Namespace: fakeNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(proj)}) s.newGRPCServer() - claims := jwt.MapClaims{"sub": defaultSub, "iat": defaultCreatedAt} + claims := jwt.MapClaims{"sub": defaultSub, "iat": defaultIssuedAt} allowedObject := fmt.Sprintf("%s/%s", projectName, "test") denyObject := fmt.Sprintf("%s/%s", projectName, denyApp) assert.True(t, s.enf.EnforceClaims(claims, "applications", "get", allowedObject)) diff --git a/server/swagger.json b/server/swagger.json index 25121996c82fc..7703a73295335 100644 --- a/server/swagger.json +++ b/server/swagger.json @@ -2291,15 +2291,15 @@ } } }, - "v1alpha1JwtToken": { + "v1alpha1JWTToken": { "type": "object", - "title": "JwtToken holds the createdAt and expiresAt time of a token", + "title": "JWTToken holds the issuedAt and expiresAt values of a token", "properties": { - "createdAt": { + "exp": { "type": "string", "format": "int64" }, - "expireAt": { + "iat": { "type": "string", "format": "int64" } @@ -2350,10 +2350,10 @@ "type": "object", "title": "ProjectRole represents a role that has access to a project", "properties": { - "jwtTokens": { + "JWTTokens": { "type": "array", "items": { - "$ref": "#/definitions/v1alpha1JwtToken" + "$ref": "#/definitions/v1alpha1JWTToken" } }, "name": { diff --git a/test/e2e/project_management_test.go b/test/e2e/project_management_test.go index 0454b4db6786f..f8352e29a08a4 100644 --- a/test/e2e/project_management_test.go +++ b/test/e2e/project_management_test.go @@ -247,7 +247,7 @@ func TestProjectManagement(t *testing.T) { assertProjHasEvent(proj, "update", argo.EventReasonResourceUpdated) }) - t.Run("TestUseJwtToken", func(t *testing.T) { + t.Run("TestUseJWTToken", func(t *testing.T) { projectName := "proj-" + strconv.FormatInt(time.Now().Unix(), 10) appName := "app-" + strconv.FormatInt(time.Now().Unix(), 10) roleName := "roleTest" diff --git a/util/project/util.go b/util/project/util.go index 80de5d166cf63..f6a1dc2818460 100644 --- a/util/project/util.go +++ b/util/project/util.go @@ -13,12 +13,12 @@ func GetRoleIndexByName(proj *v1alpha1.AppProject, name string) (int, error) { return -1, fmt.Errorf("role '%s' does not exist in project '%s'", name, proj.Name) } -// GetJwtTokenIndexByCreatedAt looks up the index of a JwtToken in a project by the created at time -func GetJwtTokenIndexByCreatedAt(proj *v1alpha1.AppProject, roleIndex int, createdAt int64) (int, error) { - for i, token := range proj.Spec.Roles[roleIndex].JwtTokens { - if createdAt == token.CreatedAt { +// GetJWTTokenIndexByIssuedAt looks up the index of a JWTToken in a project by the issue at time +func GetJWTTokenIndexByIssuedAt(proj *v1alpha1.AppProject, roleIndex int, issuedAt int64) (int, error) { + for i, token := range proj.Spec.Roles[roleIndex].JWTTokens { + if issuedAt == token.IssuedAt { return i, nil } } - return -1, fmt.Errorf("JwtToken for role '%s' with '%d' created time does not exist in project '%s'", proj.Spec.Roles[roleIndex].Name, createdAt, proj.Name) + return -1, fmt.Errorf("JWTToken for role '%s' with '%d' created time does not exist in project '%s'", proj.Spec.Roles[roleIndex].Name, issuedAt, proj.Name) } From fdb6a40f22db841db2ebc07eaade28dbdedc2bf9 Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Mon, 13 Aug 2018 11:59:38 -0700 Subject: [PATCH 26/43] Refactor create/delete token api --- cmd/argocd/commands/project.go | 54 ++++++++-------- server/project/project.go | 76 +++++++++++----------- server/project/project.pb.go | 91 +++++++++++++------------- server/project/project.pb.gw.go | 64 ++++++++++++++++++- server/project/project.proto | 6 +- server/swagger.json | 110 ++++++++++++++++++++------------ 6 files changed, 243 insertions(+), 158 deletions(-) diff --git a/cmd/argocd/commands/project.go b/cmd/argocd/commands/project.go index 526341f5c7ec6..27ff92972c460 100644 --- a/cmd/argocd/commands/project.go +++ b/cmd/argocd/commands/project.go @@ -314,6 +314,33 @@ func NewProjectRoleCreateTokenCommand(clientOpts *argocdclient.ClientOptions) *c return command } +// NewProjectRoleDeleteTokenCommand returns a new instance of an `argocd proj role delete-token` command +func NewProjectRoleDeleteTokenCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { + var command = &cobra.Command{ + Use: "delete-token PROJECT ROLE-NAME CREATED_AT", + Short: "Delete a project token", + Run: func(c *cobra.Command, args []string) { + if len(args) != 3 { + c.HelpFunc()(c, args) + os.Exit(1) + } + projName := args[0] + roleName := args[1] + issuedAt, err := strconv.ParseInt(args[2], 10, 64) + if err != nil { + log.Fatal(err) + } + + conn, projIf := argocdclient.NewClientOrDie(clientOpts).NewProjectClientOrDie() + defer util.Close(conn) + + _, err = projIf.DeleteToken(context.Background(), &project.ProjectTokenDeleteRequest{Project: projName, Role: roleName, IssuedAt: issuedAt}) + errors.CheckError(err) + }, + } + return command +} + // NewProjectRoleListCommand returns a new instance of an `argocd proj roles list` command func NewProjectRoleListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { var command = &cobra.Command{ @@ -350,33 +377,6 @@ func NewProjectRoleListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co return command } -// NewProjectRoleDeleteTokenCommand returns a new instance of an `argocd proj role delete-token` command -func NewProjectRoleDeleteTokenCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - var command = &cobra.Command{ - Use: "delete-token PROJECT ROLE-NAME CREATED_AT", - Short: "Delete a project token", - Run: func(c *cobra.Command, args []string) { - if len(args) != 3 { - c.HelpFunc()(c, args) - os.Exit(1) - } - projName := args[0] - roleName := args[1] - issuedAt, err := strconv.ParseInt(args[2], 10, 64) - if err != nil { - log.Fatal(err) - } - - conn, projIf := argocdclient.NewClientOrDie(clientOpts).NewProjectClientOrDie() - defer util.Close(conn) - - _, err = projIf.DeleteToken(context.Background(), &project.ProjectTokenDeleteRequest{Project: projName, Role: roleName, IssuedAt: issuedAt}) - errors.CheckError(err) - }, - } - return command -} - // NewProjectCreateCommand returns a new instance of an `argocd proj create` command func NewProjectCreateCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { var ( diff --git a/server/project/project.go b/server/project/project.go index 36d2ef6e1bb77..7d0f60f2fc3ff 100644 --- a/server/project/project.go +++ b/server/project/project.go @@ -95,6 +95,44 @@ func (s *Server) CreateToken(ctx context.Context, q *ProjectTokenCreateRequest) } +// DeleteToken deletes a token in a project +func (s *Server) DeleteToken(ctx context.Context, q *ProjectTokenDeleteRequest) (*EmptyResponse, error) { + if !s.enf.EnforceClaims(ctx.Value("claims"), "projects", "delete", q.Project) { + return nil, grpc.ErrPermissionDenied + } + project, err := s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Get(q.Project, metav1.GetOptions{}) + if err != nil { + return nil, err + } + err = validateProject(project) + if err != nil { + return nil, err + } + + s.projectLock.Lock(q.Project) + defer s.projectLock.Unlock(q.Project) + + roleIndex, err := projectUtil.GetRoleIndexByName(project, q.Role) + if err != nil { + return nil, status.Error(codes.NotFound, err.Error()) + } + if project.Spec.Roles[roleIndex].JWTTokens == nil { + return nil, status.Errorf(codes.NotFound, "Role '%s' does not have a JWT token", q.Role) + } + jwtTokenIndex, err := projectUtil.GetJWTTokenIndexByIssuedAt(project, roleIndex, q.IssuedAt) + if err != nil { + return nil, status.Error(codes.NotFound, err.Error()) + } + project.Spec.Roles[roleIndex].JWTTokens[jwtTokenIndex] = project.Spec.Roles[roleIndex].JWTTokens[len(project.Spec.Roles[roleIndex].JWTTokens)-1] + project.Spec.Roles[roleIndex].JWTTokens = project.Spec.Roles[roleIndex].JWTTokens[:len(project.Spec.Roles[roleIndex].JWTTokens)-1] + _, err = s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Update(project) + if err != nil { + return nil, err + } + s.logEvent(project, ctx, argo.EventReasonResourceDeleted, "deleted token") + return &EmptyResponse{}, nil +} + // Create a new project. func (s *Server) Create(ctx context.Context, q *ProjectCreateRequest) (*v1alpha1.AppProject, error) { if !s.enf.EnforceClaims(ctx.Value("claims"), "projects", "create", q.Project.Name) { @@ -282,44 +320,6 @@ func validateProject(p *v1alpha1.AppProject) error { return nil } -// DeleteToken deletes a token in a project -func (s *Server) DeleteToken(ctx context.Context, q *ProjectTokenDeleteRequest) (*EmptyResponse, error) { - if !s.enf.EnforceClaims(ctx.Value("claims"), "projects", "delete", q.Project) { - return nil, grpc.ErrPermissionDenied - } - project, err := s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Get(q.Project, metav1.GetOptions{}) - if err != nil { - return nil, err - } - err = validateProject(project) - if err != nil { - return nil, err - } - - s.projectLock.Lock(q.Project) - defer s.projectLock.Unlock(q.Project) - - roleIndex, err := projectUtil.GetRoleIndexByName(project, q.Role) - if err != nil { - return nil, status.Error(codes.NotFound, err.Error()) - } - if project.Spec.Roles[roleIndex].JWTTokens == nil { - return nil, status.Errorf(codes.NotFound, "Role '%s' does not have a JWT token", q.Role) - } - jwtTokenIndex, err := projectUtil.GetJWTTokenIndexByIssuedAt(project, roleIndex, q.IssuedAt) - if err != nil { - return nil, status.Error(codes.NotFound, err.Error()) - } - project.Spec.Roles[roleIndex].JWTTokens[jwtTokenIndex] = project.Spec.Roles[roleIndex].JWTTokens[len(project.Spec.Roles[roleIndex].JWTTokens)-1] - project.Spec.Roles[roleIndex].JWTTokens = project.Spec.Roles[roleIndex].JWTTokens[:len(project.Spec.Roles[roleIndex].JWTTokens)-1] - _, err = s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Update(project) - if err != nil { - return nil, err - } - s.logEvent(project, ctx, argo.EventReasonResourceDeleted, "deleted token") - return &EmptyResponse{}, nil -} - // Update updates a project func (s *Server) Update(ctx context.Context, q *ProjectUpdateRequest) (*v1alpha1.AppProject, error) { if q.Project.Name == common.DefaultAppProjectName { diff --git a/server/project/project.pb.go b/server/project/project.pb.go index 710c9364f50f3..370ceeb308895 100644 --- a/server/project/project.pb.go +++ b/server/project/project.pb.go @@ -211,7 +211,7 @@ const _ = grpc.SupportPackageIsVersion4 type ProjectServiceClient interface { // Create a new project token. CreateToken(ctx context.Context, in *ProjectTokenCreateRequest, opts ...grpc.CallOption) (*ProjectTokenResponse, error) - // Create a new project token. + // Delete a new project token. DeleteToken(ctx context.Context, in *ProjectTokenDeleteRequest, opts ...grpc.CallOption) (*EmptyResponse, error) // Create a new project. Create(ctx context.Context, in *ProjectCreateRequest, opts ...grpc.CallOption) (*github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.AppProject, error) @@ -312,7 +312,7 @@ func (c *projectServiceClient) ListEvents(ctx context.Context, in *ProjectQuery, type ProjectServiceServer interface { // Create a new project token. CreateToken(context.Context, *ProjectTokenCreateRequest) (*ProjectTokenResponse, error) - // Create a new project token. + // Delete a new project token. DeleteToken(context.Context, *ProjectTokenDeleteRequest) (*EmptyResponse, error) // Create a new project. Create(context.Context, *ProjectCreateRequest) (*github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.AppProject, error) @@ -1547,47 +1547,48 @@ var ( func init() { proto.RegisterFile("server/project/project.proto", fileDescriptorProject) } var fileDescriptorProject = []byte{ - // 666 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x95, 0x4f, 0x6f, 0xd3, 0x30, - 0x18, 0xc6, 0x95, 0x6d, 0x74, 0xe0, 0xf1, 0x4f, 0x66, 0x1b, 0x5d, 0xb6, 0x95, 0xe1, 0x03, 0x9a, - 0x2a, 0xe6, 0xd0, 0x8d, 0xc3, 0xc4, 0x6d, 0x83, 0x0a, 0x4d, 0xe2, 0x00, 0x05, 0x24, 0xc4, 0x65, - 0xf2, 0x92, 0x97, 0x2c, 0x6b, 0x1b, 0x1b, 0xdb, 0x0d, 0x54, 0x13, 0x97, 0x89, 0x1b, 0x47, 0x3e, - 0x02, 0x5f, 0x86, 0x23, 0x12, 0x5f, 0x00, 0x4d, 0x7c, 0x06, 0xce, 0xc8, 0x4e, 0xd2, 0x2e, 0x6b, - 0x33, 0x09, 0xa9, 0xe2, 0x54, 0xc7, 0x7e, 0xed, 0xdf, 0xf3, 0xbc, 0xaf, 0xdf, 0x1a, 0xad, 0x28, - 0x90, 0x09, 0x48, 0x4f, 0x48, 0x7e, 0x04, 0xbe, 0xce, 0x7f, 0xa9, 0x90, 0x5c, 0x73, 0x3c, 0x9b, - 0x7d, 0xba, 0xf3, 0x21, 0x0f, 0xb9, 0x9d, 0xf3, 0xcc, 0x28, 0x5d, 0x76, 0x57, 0x42, 0xce, 0xc3, - 0x0e, 0x78, 0x4c, 0x44, 0x1e, 0x8b, 0x63, 0xae, 0x99, 0x8e, 0x78, 0xac, 0xb2, 0x55, 0xd2, 0xde, - 0x56, 0x34, 0xe2, 0x76, 0xd5, 0xe7, 0x12, 0xbc, 0xa4, 0xe1, 0x85, 0x10, 0x83, 0x64, 0x1a, 0x82, - 0x2c, 0xe6, 0xe1, 0x30, 0xa6, 0xcb, 0xfc, 0xc3, 0x28, 0x06, 0xd9, 0xf7, 0x44, 0x3b, 0x34, 0x13, - 0xca, 0xeb, 0x82, 0x66, 0xe3, 0x76, 0xed, 0x85, 0x91, 0x3e, 0xec, 0x1d, 0x50, 0x9f, 0x77, 0x3d, - 0x26, 0xad, 0xb0, 0x23, 0x3b, 0xd8, 0xf0, 0x83, 0xe1, 0x6e, 0x26, 0x44, 0x27, 0xf2, 0xad, 0x24, - 0x2f, 0x69, 0xb0, 0x8e, 0x38, 0x64, 0x23, 0x47, 0x91, 0x0f, 0x68, 0xfe, 0x79, 0xea, 0xf1, 0xb1, - 0x04, 0xa6, 0xa1, 0x05, 0xef, 0x7b, 0xa0, 0x34, 0xde, 0x47, 0xb9, 0xf7, 0xaa, 0xb3, 0xe6, 0xac, - 0xcf, 0x6d, 0x36, 0xe9, 0x10, 0x4a, 0x73, 0xa8, 0x1d, 0xec, 0xfb, 0x01, 0x15, 0xed, 0x90, 0x1a, - 0x28, 0x3d, 0x03, 0xa5, 0x39, 0x94, 0xee, 0x08, 0x91, 0x41, 0x5a, 0xf9, 0xa9, 0x04, 0xd0, 0x52, - 0x36, 0xf7, 0x8a, 0xb7, 0x21, 0x7e, 0x02, 0x1d, 0x18, 0xd2, 0xab, 0x45, 0xfa, 0x95, 0xc1, 0x36, - 0x8c, 0xd1, 0x8c, 0xe4, 0x1d, 0xa8, 0x4e, 0xd9, 0x69, 0x3b, 0xc6, 0x2e, 0xba, 0x1c, 0x29, 0xd5, - 0x83, 0x60, 0x47, 0x57, 0xa7, 0xd7, 0x9c, 0xf5, 0xe9, 0xd6, 0xe0, 0x9b, 0x1c, 0x17, 0x31, 0x45, - 0x93, 0xff, 0x86, 0x79, 0x80, 0x6e, 0x29, 0xf0, 0x79, 0x1c, 0xa8, 0x5d, 0x78, 0xc7, 0x25, 0x34, - 0x3f, 0x8a, 0x48, 0xf6, 0x33, 0xe2, 0xb8, 0x25, 0x72, 0x7f, 0x90, 0x5c, 0x0b, 0x6f, 0x81, 0x12, - 0x3c, 0x56, 0x80, 0xe7, 0xd1, 0x25, 0x6d, 0x26, 0x32, 0x6a, 0xfa, 0x41, 0x08, 0xba, 0x9a, 0x45, - 0xbf, 0xe8, 0x81, 0xec, 0x1b, 0x0d, 0x31, 0xeb, 0x42, 0x16, 0x64, 0xc7, 0x67, 0xca, 0xf5, 0x5a, - 0x04, 0xff, 0xb3, 0x5c, 0x37, 0xd0, 0xb5, 0x66, 0x57, 0xe8, 0x7e, 0xee, 0x61, 0xf3, 0xcf, 0x2c, - 0xba, 0x9e, 0x45, 0xbd, 0x04, 0x99, 0x44, 0x3e, 0x60, 0x85, 0xe6, 0xd2, 0xfc, 0x5a, 0xb7, 0x98, - 0xd0, 0xbc, 0x99, 0x4a, 0x2b, 0xe0, 0xae, 0x8e, 0x8d, 0xc9, 0x21, 0xe4, 0xee, 0xc9, 0xcf, 0xdf, - 0x5f, 0xa7, 0x96, 0xc9, 0xa2, 0x6d, 0xa2, 0xa4, 0x91, 0xb7, 0xa7, 0xf2, 0x6c, 0xca, 0x1e, 0x39, - 0x75, 0x1c, 0xa1, 0xb9, 0xf4, 0xee, 0x5c, 0x04, 0x2d, 0xdc, 0x2e, 0x77, 0x71, 0x10, 0x53, 0xb0, - 0x44, 0x6a, 0x96, 0x56, 0xad, 0x97, 0xd0, 0xf0, 0x17, 0x07, 0x55, 0x52, 0xf9, 0x78, 0x44, 0x77, - 0xd1, 0xd6, 0x64, 0xb2, 0x4f, 0x96, 0xad, 0xa0, 0x05, 0x72, 0xf3, 0xbc, 0x20, 0x63, 0xfc, 0xc4, - 0x41, 0x33, 0xcf, 0x22, 0xa5, 0xf1, 0xc2, 0x79, 0x2d, 0xf6, 0xfa, 0xb8, 0x7b, 0x13, 0xd1, 0x60, - 0x08, 0xa4, 0x6a, 0x75, 0x60, 0x3c, 0xa2, 0x03, 0x7f, 0x76, 0xd0, 0xf4, 0x53, 0x28, 0xd5, 0x30, - 0xa1, 0x3c, 0xdc, 0xb1, 0xfc, 0x25, 0x7c, 0x7b, 0xa4, 0x30, 0xc7, 0xa6, 0x2b, 0x3e, 0xe1, 0x6f, - 0x0e, 0xaa, 0xa4, 0x0d, 0x31, 0x5a, 0x99, 0x42, 0xa3, 0x4c, 0x4a, 0xd1, 0x96, 0x55, 0xb4, 0xe1, - 0xae, 0x8f, 0x2a, 0xca, 0xf1, 0xe6, 0xcf, 0x3b, 0x60, 0x9a, 0x51, 0x2b, 0xd1, 0x54, 0xec, 0x0d, - 0xaa, 0xa4, 0x17, 0xb1, 0x2c, 0x5d, 0x65, 0x17, 0x33, 0xf3, 0x5f, 0x2f, 0xf5, 0x7f, 0x84, 0x90, - 0x29, 0x54, 0x33, 0x81, 0x58, 0xab, 0xb2, 0xd3, 0x57, 0x69, 0xfa, 0xd8, 0x18, 0x87, 0xd4, 0x3c, - 0x48, 0x34, 0x69, 0x50, 0xbb, 0xc5, 0x16, 0xf9, 0x9e, 0x85, 0xac, 0xe1, 0x5a, 0x09, 0xc4, 0x03, - 0x7b, 0xfa, 0xee, 0xf6, 0xf7, 0xd3, 0x9a, 0xf3, 0xe3, 0xb4, 0xe6, 0xfc, 0x3a, 0xad, 0x39, 0x6f, - 0xeb, 0x17, 0x3d, 0x45, 0xc5, 0xb7, 0xf5, 0xa0, 0x62, 0x9f, 0x9c, 0xad, 0xbf, 0x01, 0x00, 0x00, - 0xff, 0xff, 0x0b, 0x18, 0x5a, 0x25, 0x74, 0x07, 0x00, 0x00, + // 679 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x55, 0xdd, 0x6a, 0x13, 0x41, + 0x14, 0x66, 0xdb, 0x1a, 0xeb, 0xd4, 0x3f, 0xc6, 0x56, 0xd3, 0xd8, 0xc6, 0x32, 0x17, 0x52, 0x82, + 0x9d, 0x31, 0xad, 0x42, 0xf1, 0xae, 0xd5, 0x20, 0x05, 0x2f, 0x34, 0x2a, 0x88, 0x37, 0x65, 0xba, + 0x39, 0x6e, 0xb7, 0x49, 0x76, 0xc6, 0x99, 0xc9, 0x6a, 0x28, 0x05, 0x29, 0x5e, 0xe9, 0xa5, 0x8f, + 0x20, 0xf8, 0x2c, 0x5e, 0x0a, 0xbe, 0x80, 0x14, 0x1f, 0x44, 0x66, 0x76, 0x37, 0xe9, 0x36, 0xdd, + 0x42, 0x21, 0x78, 0xb5, 0x67, 0x66, 0xce, 0xcc, 0xf7, 0x7d, 0xe7, 0x67, 0x0f, 0x5a, 0xd0, 0xa0, + 0x62, 0x50, 0x4c, 0x2a, 0xb1, 0x07, 0xbe, 0xc9, 0xbe, 0x54, 0x2a, 0x61, 0x04, 0xbe, 0x98, 0x2e, + 0x2b, 0xb3, 0x81, 0x08, 0x84, 0xdb, 0x63, 0xd6, 0x4a, 0x8e, 0x2b, 0x0b, 0x81, 0x10, 0x41, 0x07, + 0x18, 0x97, 0x21, 0xe3, 0x51, 0x24, 0x0c, 0x37, 0xa1, 0x88, 0x74, 0x7a, 0x4a, 0xda, 0xeb, 0x9a, + 0x86, 0xc2, 0x9d, 0xfa, 0x42, 0x01, 0x8b, 0xeb, 0x2c, 0x80, 0x08, 0x14, 0x37, 0xd0, 0x4a, 0x7d, + 0x1e, 0x0c, 0x7d, 0xba, 0xdc, 0xdf, 0x0d, 0x23, 0x50, 0x7d, 0x26, 0xdb, 0x81, 0xdd, 0xd0, 0xac, + 0x0b, 0x86, 0x9f, 0x76, 0x6b, 0x2b, 0x08, 0xcd, 0x6e, 0x6f, 0x87, 0xfa, 0xa2, 0xcb, 0xb8, 0x72, + 0xc4, 0xf6, 0x9c, 0xb1, 0xe2, 0xb7, 0x86, 0xb7, 0xb9, 0x94, 0x9d, 0xd0, 0x77, 0x94, 0x58, 0x5c, + 0xe7, 0x1d, 0xb9, 0xcb, 0x47, 0x9e, 0x22, 0x1f, 0xd0, 0xec, 0xf3, 0x44, 0xe3, 0x63, 0x05, 0xdc, + 0x40, 0x13, 0xde, 0xf7, 0x40, 0x1b, 0xbc, 0x8d, 0x32, 0xed, 0x65, 0x6f, 0xc9, 0x5b, 0x9e, 0x59, + 0x6d, 0xd0, 0x21, 0x28, 0xcd, 0x40, 0x9d, 0xb1, 0xed, 0xb7, 0xa8, 0x6c, 0x07, 0xd4, 0x82, 0xd2, + 0x63, 0xa0, 0x34, 0x03, 0xa5, 0x1b, 0x52, 0xa6, 0x20, 0xcd, 0xec, 0x55, 0x02, 0x68, 0x3e, 0xdd, + 0x7b, 0x25, 0xda, 0x10, 0x3d, 0x81, 0x0e, 0x0c, 0xd1, 0xcb, 0x79, 0xf4, 0x4b, 0x83, 0x6b, 0x18, + 0xa3, 0x29, 0x25, 0x3a, 0x50, 0x9e, 0x70, 0xdb, 0xce, 0xc6, 0x15, 0x34, 0x1d, 0x6a, 0xdd, 0x83, + 0xd6, 0x86, 0x29, 0x4f, 0x2e, 0x79, 0xcb, 0x93, 0xcd, 0xc1, 0x9a, 0xec, 0xe7, 0x61, 0xf2, 0x22, + 0xcf, 0x07, 0x73, 0x1f, 0xdd, 0xd0, 0xe0, 0x8b, 0xa8, 0xa5, 0x37, 0xe1, 0x9d, 0x50, 0xd0, 0xf8, + 0x28, 0x43, 0xd5, 0x4f, 0x11, 0x4f, 0x3b, 0x22, 0xf7, 0x06, 0xc1, 0x75, 0xe0, 0x4d, 0xd0, 0x52, + 0x44, 0x1a, 0xf0, 0x2c, 0xba, 0x60, 0xec, 0x46, 0x8a, 0x9a, 0x2c, 0x08, 0x41, 0x97, 0x53, 0xef, + 0x17, 0x3d, 0x50, 0x7d, 0xcb, 0x21, 0xe2, 0x5d, 0x48, 0x9d, 0x9c, 0x7d, 0x2c, 0x5d, 0xaf, 0x65, + 0xeb, 0x7f, 0xa6, 0xeb, 0x1a, 0xba, 0xd2, 0xe8, 0x4a, 0xd3, 0xcf, 0x34, 0xac, 0xfe, 0x98, 0x46, + 0x57, 0x53, 0xaf, 0x97, 0xa0, 0xe2, 0xd0, 0x07, 0xfc, 0xc5, 0x43, 0x33, 0x49, 0x80, 0x9d, 0x5c, + 0x4c, 0x68, 0xd6, 0x4d, 0x85, 0x29, 0xa8, 0x2c, 0x9e, 0xea, 0x93, 0xa1, 0x90, 0xf5, 0xc3, 0xdf, + 0x7f, 0xbf, 0x4d, 0xac, 0x92, 0x15, 0xd7, 0x45, 0x71, 0x3d, 0xeb, 0x4f, 0xcd, 0xf6, 0x53, 0xeb, + 0x80, 0xd9, 0xe4, 0x68, 0xb6, 0x6f, 0x3f, 0x07, 0xcc, 0x85, 0xf2, 0x91, 0x57, 0xc3, 0x9f, 0x3c, + 0x34, 0x93, 0x14, 0xd5, 0x59, 0x64, 0x72, 0x65, 0x57, 0xb9, 0x39, 0xf0, 0xc9, 0x69, 0x25, 0x0f, + 0x1d, 0x0b, 0x56, 0x3b, 0x1f, 0x0b, 0xfc, 0xd5, 0x43, 0xa5, 0x44, 0x2d, 0x1e, 0x91, 0x99, 0x8f, + 0xc2, 0x78, 0xb2, 0x45, 0x6e, 0x3b, 0x9e, 0x73, 0xe4, 0xfa, 0x49, 0x9e, 0x36, 0x20, 0x87, 0x1e, + 0x9a, 0x7a, 0x16, 0x6a, 0x83, 0xe7, 0x4e, 0x72, 0x71, 0xe5, 0x56, 0xd9, 0x1a, 0x0b, 0x07, 0x8b, + 0x40, 0xca, 0x8e, 0x07, 0xc6, 0x23, 0x3c, 0xf0, 0x67, 0x0f, 0x4d, 0x3e, 0x85, 0x42, 0x0e, 0x63, + 0x8a, 0xc3, 0x1d, 0x87, 0x3f, 0x8f, 0x6f, 0x8d, 0xe6, 0xcb, 0x76, 0xd1, 0x01, 0xfe, 0xee, 0xa1, + 0x52, 0xd2, 0x40, 0xa3, 0x99, 0xc9, 0x35, 0xd6, 0xb8, 0x18, 0xad, 0x39, 0x46, 0x2b, 0x95, 0xe5, + 0xc2, 0x0a, 0xa2, 0xf6, 0x67, 0xdf, 0xe2, 0x86, 0x53, 0x47, 0xd1, 0x66, 0xec, 0x0d, 0x2a, 0x25, + 0xf5, 0x59, 0x14, 0xae, 0xa2, 0x7a, 0x4d, 0xf5, 0xd7, 0x0a, 0xf5, 0xef, 0x21, 0x64, 0x13, 0xd5, + 0x88, 0x21, 0x32, 0xba, 0xe8, 0xf5, 0x45, 0x9a, 0x0c, 0x27, 0xab, 0x90, 0xda, 0x01, 0x46, 0xe3, + 0x3a, 0x75, 0x57, 0x5c, 0x92, 0xef, 0x3a, 0x90, 0x25, 0x5c, 0x2d, 0x00, 0x61, 0xe0, 0x5e, 0xdf, + 0x5c, 0xff, 0x79, 0x54, 0xf5, 0x7e, 0x1d, 0x55, 0xbd, 0x3f, 0x47, 0x55, 0xef, 0x6d, 0xed, 0xac, + 0xd1, 0x95, 0x9f, 0xc5, 0x3b, 0x25, 0x37, 0xa2, 0xd6, 0xfe, 0x05, 0x00, 0x00, 0xff, 0xff, 0x49, + 0xa0, 0x8a, 0x0e, 0xa4, 0x07, 0x00, 0x00, } diff --git a/server/project/project.pb.gw.go b/server/project/project.pb.gw.go index 3b86c74d99eec..6b128b882233a 100644 --- a/server/project/project.pb.gw.go +++ b/server/project/project.pb.gw.go @@ -36,19 +36,77 @@ func request_ProjectService_CreateToken_0(ctx context.Context, marshaler runtime return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) } + var ( + val string + ok bool + err error + _ = err + ) + + val, ok = pathParams["project"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "project") + } + + protoReq.Project, err = runtime.String(val) + + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "project", err) + } + + val, ok = pathParams["role"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "role") + } + + protoReq.Role, err = runtime.String(val) + + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "role", err) + } + msg, err := client.CreateToken(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) return msg, metadata, err } var ( - filter_ProjectService_DeleteToken_0 = &utilities.DoubleArray{Encoding: map[string]int{}, Base: []int(nil), Check: []int(nil)} + filter_ProjectService_DeleteToken_0 = &utilities.DoubleArray{Encoding: map[string]int{"project": 0, "role": 1}, Base: []int{1, 1, 2, 0, 0}, Check: []int{0, 1, 1, 2, 3}} ) func request_ProjectService_DeleteToken_0(ctx context.Context, marshaler runtime.Marshaler, client ProjectServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { var protoReq ProjectTokenDeleteRequest var metadata runtime.ServerMetadata + var ( + val string + ok bool + err error + _ = err + ) + + val, ok = pathParams["project"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "project") + } + + protoReq.Project, err = runtime.String(val) + + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "project", err) + } + + val, ok = pathParams["role"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "role") + } + + protoReq.Role, err = runtime.String(val) + + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "role", err) + } + if err := runtime.PopulateQueryParameters(&protoReq, req.URL.Query(), filter_ProjectService_DeleteToken_0); err != nil { return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) } @@ -474,9 +532,9 @@ func RegisterProjectServiceHandlerClient(ctx context.Context, mux *runtime.Serve } var ( - pattern_ProjectService_CreateToken_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"api", "v1", "projects", "token"}, "")) + pattern_ProjectService_CreateToken_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3, 2, 4, 1, 0, 4, 1, 5, 5, 2, 6}, []string{"api", "v1", "projects", "project", "roles", "role", "token"}, "")) - pattern_ProjectService_DeleteToken_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"api", "v1", "projects", "token"}, "")) + pattern_ProjectService_DeleteToken_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3, 2, 4, 1, 0, 4, 1, 5, 5, 2, 6}, []string{"api", "v1", "projects", "project", "roles", "role", "token"}, "")) pattern_ProjectService_Create_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"api", "v1", "projects"}, "")) diff --git a/server/project/project.proto b/server/project/project.proto index 5d6495660f26e..960b3d61e33c5 100644 --- a/server/project/project.proto +++ b/server/project/project.proto @@ -54,14 +54,14 @@ service ProjectService { // Create a new project token. rpc CreateToken(ProjectTokenCreateRequest) returns (ProjectTokenResponse) { option (google.api.http) = { - post: "/api/v1/projects/token" + post: "/api/v1/projects/{project}/roles/{role}/token" body: "*" }; } - // Create a new project token. + // Delete a new project token. rpc DeleteToken(ProjectTokenDeleteRequest) returns (EmptyResponse) { - option (google.api.http).delete = "/api/v1/projects/token"; + option (google.api.http).delete = "/api/v1/projects/{project}/roles/{role}/token"; } // Create a new project. diff --git a/server/swagger.json b/server/swagger.json index 7703a73295335..7414b28862bcb 100644 --- a/server/swagger.json +++ b/server/swagger.json @@ -695,48 +695,6 @@ } } }, - "/api/v1/projects/token": { - "post": { - "tags": [ - "ProjectService" - ], - "summary": "Create a new project token.", - "operationId": "CreateToken", - "parameters": [ - { - "name": "body", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/projectProjectTokenCreateRequest" - } - } - ], - "responses": { - "200": { - "description": "(empty)", - "schema": { - "$ref": "#/definitions/projectProjectTokenResponse" - } - } - } - }, - "delete": { - "tags": [ - "ProjectService" - ], - "summary": "Create a new project token.", - "operationId": "DeleteToken", - "responses": { - "200": { - "description": "(empty)", - "schema": { - "$ref": "#/definitions/projectEmptyResponse" - } - } - } - } - }, "/api/v1/projects/{name}": { "get": { "tags": [ @@ -843,6 +801,74 @@ } } }, + "/api/v1/projects/{project}/roles/{role}/token": { + "post": { + "tags": [ + "ProjectService" + ], + "summary": "Create a new project token.", + "operationId": "CreateToken", + "parameters": [ + { + "type": "string", + "name": "project", + "in": "path", + "required": true + }, + { + "type": "string", + "name": "role", + "in": "path", + "required": true + }, + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/projectProjectTokenCreateRequest" + } + } + ], + "responses": { + "200": { + "description": "(empty)", + "schema": { + "$ref": "#/definitions/projectProjectTokenResponse" + } + } + } + }, + "delete": { + "tags": [ + "ProjectService" + ], + "summary": "Delete a new project token.", + "operationId": "DeleteToken", + "parameters": [ + { + "type": "string", + "name": "project", + "in": "path", + "required": true + }, + { + "type": "string", + "name": "role", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "(empty)", + "schema": { + "$ref": "#/definitions/projectEmptyResponse" + } + } + } + } + }, "/api/v1/repositories": { "get": { "tags": [ From 84a377e3294719d396ca67bacd11b346de8b0c6e Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Mon, 13 Aug 2018 12:05:22 -0700 Subject: [PATCH 27/43] Rename imports to not use camelCase --- cmd/argocd/commands/project.go | 10 +++++----- server/project/project.go | 16 ++++++++-------- server/project/project_test.go | 4 ++-- server/server.go | 16 ++++++++-------- 4 files changed, 23 insertions(+), 23 deletions(-) diff --git a/cmd/argocd/commands/project.go b/cmd/argocd/commands/project.go index 27ff92972c460..5460dbff2df5b 100644 --- a/cmd/argocd/commands/project.go +++ b/cmd/argocd/commands/project.go @@ -20,7 +20,7 @@ import ( "github.com/argoproj/argo-cd/server/project" "github.com/argoproj/argo-cd/util" "github.com/argoproj/argo-cd/util/git" - projectUtil "github.com/argoproj/argo-cd/util/project" + projectutil "github.com/argoproj/argo-cd/util/project" timeutil "github.com/argoproj/pkg/time" "github.com/spf13/pflag" "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -146,7 +146,7 @@ func NewProjectRoleAddPolicyCommand(clientOpts *argocdclient.ClientOptions) *cob proj, err := projIf.Get(context.Background(), &project.ProjectQuery{Name: projName}) errors.CheckError(err) - roleIndex, err := projectUtil.GetRoleIndexByName(proj, roleName) + roleIndex, err := projectutil.GetRoleIndexByName(proj, roleName) if err != nil { log.Fatal(err) } @@ -196,7 +196,7 @@ func NewProjectRoleRemovePolicyCommand(clientOpts *argocdclient.ClientOptions) * proj, err := projIf.Get(context.Background(), &project.ProjectQuery{Name: projName}) errors.CheckError(err) - roleIndex, err := projectUtil.GetRoleIndexByName(proj, roleName) + roleIndex, err := projectutil.GetRoleIndexByName(proj, roleName) if err != nil { log.Fatal(err) } @@ -241,7 +241,7 @@ func NewProjectRoleCreateCommand(clientOpts *argocdclient.ClientOptions) *cobra. proj, err := projIf.Get(context.Background(), &project.ProjectQuery{Name: projName}) errors.CheckError(err) - _, err = projectUtil.GetRoleIndexByName(proj, roleName) + _, err = projectutil.GetRoleIndexByName(proj, roleName) if err == nil { log.Fatalf("Role '%s' already exists for '%s'", roleName, projName) } @@ -272,7 +272,7 @@ func NewProjectRoleDeleteCommand(clientOpts *argocdclient.ClientOptions) *cobra. proj, err := projIf.Get(context.Background(), &project.ProjectQuery{Name: projName}) errors.CheckError(err) - index, err := projectUtil.GetRoleIndexByName(proj, roleName) + index, err := projectutil.GetRoleIndexByName(proj, roleName) errors.CheckError(err) proj.Spec.Roles[index] = proj.Spec.Roles[len(proj.Spec.Roles)-1] diff --git a/server/project/project.go b/server/project/project.go index 7d0f60f2fc3ff..860813e97c4d5 100644 --- a/server/project/project.go +++ b/server/project/project.go @@ -13,8 +13,8 @@ import ( "github.com/argoproj/argo-cd/util/argo" "github.com/argoproj/argo-cd/util/git" "github.com/argoproj/argo-cd/util/grpc" - jwtUtil "github.com/argoproj/argo-cd/util/jwt" - projectUtil "github.com/argoproj/argo-cd/util/project" + jwtutil "github.com/argoproj/argo-cd/util/jwt" + projectutil "github.com/argoproj/argo-cd/util/project" "github.com/argoproj/argo-cd/util/rbac" "github.com/argoproj/argo-cd/util/session" "google.golang.org/grpc/codes" @@ -64,7 +64,7 @@ func (s *Server) CreateToken(ctx context.Context, q *ProjectTokenCreateRequest) s.projectLock.Lock(q.Project) defer s.projectLock.Unlock(q.Project) - index, err := projectUtil.GetRoleIndexByName(project, q.Role) + index, err := projectutil.GetRoleIndexByName(project, q.Role) if err != nil { return nil, status.Errorf(codes.NotFound, "project '%s' does not have role '%s'", q.Project, q.Role) } @@ -78,12 +78,12 @@ func (s *Server) CreateToken(ctx context.Context, q *ProjectTokenCreateRequest) if err != nil { return nil, status.Error(codes.InvalidArgument, err.Error()) } - mapClaims, err := jwtUtil.MapClaims(claims) + mapClaims, err := jwtutil.MapClaims(claims) if err != nil { return nil, status.Error(codes.InvalidArgument, err.Error()) } - issuedAt := jwtUtil.GetInt64Field(mapClaims, "iat") - expiresAt := jwtUtil.GetInt64Field(mapClaims, "exp") + issuedAt := jwtutil.GetInt64Field(mapClaims, "iat") + expiresAt := jwtutil.GetInt64Field(mapClaims, "exp") project.Spec.Roles[index].JWTTokens = append(project.Spec.Roles[index].JWTTokens, v1alpha1.JWTToken{IssuedAt: issuedAt, ExpiresAt: expiresAt}) _, err = s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Update(project) @@ -112,14 +112,14 @@ func (s *Server) DeleteToken(ctx context.Context, q *ProjectTokenDeleteRequest) s.projectLock.Lock(q.Project) defer s.projectLock.Unlock(q.Project) - roleIndex, err := projectUtil.GetRoleIndexByName(project, q.Role) + roleIndex, err := projectutil.GetRoleIndexByName(project, q.Role) if err != nil { return nil, status.Error(codes.NotFound, err.Error()) } if project.Spec.Roles[roleIndex].JWTTokens == nil { return nil, status.Errorf(codes.NotFound, "Role '%s' does not have a JWT token", q.Role) } - jwtTokenIndex, err := projectUtil.GetJWTTokenIndexByIssuedAt(project, roleIndex, q.IssuedAt) + jwtTokenIndex, err := projectutil.GetJWTTokenIndexByIssuedAt(project, roleIndex, q.IssuedAt) if err != nil { return nil, status.Error(codes.NotFound, err.Error()) } diff --git a/server/project/project_test.go b/server/project/project_test.go index b1c067861d9ec..3547c9c09d9fc 100644 --- a/server/project/project_test.go +++ b/server/project/project_test.go @@ -16,7 +16,7 @@ import ( apps "github.com/argoproj/argo-cd/pkg/client/clientset/versioned/fake" "github.com/argoproj/argo-cd/test" "github.com/argoproj/argo-cd/util" - jwtUtil "github.com/argoproj/argo-cd/util/jwt" + jwtutil "github.com/argoproj/argo-cd/util/jwt" "github.com/argoproj/argo-cd/util/rbac" "github.com/argoproj/argo-cd/util/session" "github.com/argoproj/argo-cd/util/settings" @@ -141,7 +141,7 @@ func TestProjectServer(t *testing.T) { claims, err := sessionMgr.Parse(tokenResponse.Token) assert.Nil(t, err) - mapClaims, err := jwtUtil.MapClaims(claims) + mapClaims, err := jwtutil.MapClaims(claims) subject, ok := mapClaims["sub"].(string) assert.True(t, ok) expectedSubject := fmt.Sprintf(JWTTokenSubFormat, projectWithRole.Name, tokenName) diff --git a/server/server.go b/server/server.go index 91044f6900a3e..2fdc34ba81b5c 100644 --- a/server/server.go +++ b/server/server.go @@ -32,8 +32,8 @@ import ( dexutil "github.com/argoproj/argo-cd/util/dex" grpc_util "github.com/argoproj/argo-cd/util/grpc" jsonutil "github.com/argoproj/argo-cd/util/json" - jwtUtil "github.com/argoproj/argo-cd/util/jwt" - projectUtil "github.com/argoproj/argo-cd/util/project" + jwtutil "github.com/argoproj/argo-cd/util/jwt" + projectutil "github.com/argoproj/argo-cd/util/project" "github.com/argoproj/argo-cd/util/rbac" util_session "github.com/argoproj/argo-cd/util/session" settings_util "github.com/argoproj/argo-cd/util/settings" @@ -608,19 +608,19 @@ func DefaultEnforceClaims(enf *rbac.Enforcer, a appclientset.Interface, namespac return enf.Enforce(rvals...) } - mapClaims, err := jwtUtil.MapClaims(claims) + mapClaims, err := jwtutil.MapClaims(claims) if err != nil { vals := append([]interface{}{""}, rvals[1:]...) return enf.Enforce(vals...) } - groups := jwtUtil.GetGroups(mapClaims) + groups := jwtutil.GetGroups(mapClaims) for _, group := range groups { vals := append([]interface{}{group}, rvals[1:]...) if enf.Enforcer.Enforce(vals...) { return true } } - user := jwtUtil.GetField(mapClaims, "sub") + user := jwtutil.GetField(mapClaims, "sub") if strings.HasPrefix(user, "proj:") { return enforceJWTToken(enf, a, namespace, user, mapClaims, rvals...) } @@ -640,15 +640,15 @@ func enforceJWTToken(enf *rbac.Enforcer, a appclientset.Interface, namespace str if err != nil { return false } - index, err := projectUtil.GetRoleIndexByName(proj, tokenName) + index, err := projectutil.GetRoleIndexByName(proj, tokenName) if err != nil { return false } if proj.Spec.Roles[index].JWTTokens == nil { return false } - iat := jwtUtil.GetInt64Field(mapClaims, "iat") - _, err = projectUtil.GetJWTTokenIndexByIssuedAt(proj, index, iat) + iat := jwtutil.GetInt64Field(mapClaims, "iat") + _, err = projectutil.GetJWTTokenIndexByIssuedAt(proj, index, iat) if err != nil { return false } From 28188f596def7eeaa3bc22fb8b82684f6e551fa4 Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Mon, 13 Aug 2018 13:55:53 -0700 Subject: [PATCH 28/43] Remove missed created_at --- cmd/argocd/commands/project.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/argocd/commands/project.go b/cmd/argocd/commands/project.go index 5460dbff2df5b..863d2774f84f9 100644 --- a/cmd/argocd/commands/project.go +++ b/cmd/argocd/commands/project.go @@ -317,7 +317,7 @@ func NewProjectRoleCreateTokenCommand(clientOpts *argocdclient.ClientOptions) *c // NewProjectRoleDeleteTokenCommand returns a new instance of an `argocd proj role delete-token` command func NewProjectRoleDeleteTokenCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { var command = &cobra.Command{ - Use: "delete-token PROJECT ROLE-NAME CREATED_AT", + Use: "delete-token PROJECT ROLE-NAME ISSUED_AT", Short: "Delete a project token", Run: func(c *cobra.Command, args []string) { if len(args) != 3 { From 37c1036bdca8d02c7d0b47a6fca21482ef61f15f Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Mon, 13 Aug 2018 14:05:49 -0700 Subject: [PATCH 29/43] Reorder imports to fix style convention --- cmd/argocd/commands/project.go | 17 ++++++------- server/project/project.go | 14 +++++------ server/server.go | 39 +++++++++++++++-------------- server/server_test.go | 10 ++++---- test/e2e/app_management_test.go | 8 +++--- test/e2e/project_management_test.go | 5 ++-- util/settings/settings.go | 11 ++++---- 7 files changed, 52 insertions(+), 52 deletions(-) diff --git a/cmd/argocd/commands/project.go b/cmd/argocd/commands/project.go index 863d2774f84f9..35177c7b4627b 100644 --- a/cmd/argocd/commands/project.go +++ b/cmd/argocd/commands/project.go @@ -1,18 +1,18 @@ package commands import ( + "context" + "fmt" "os" "strconv" + "strings" + "text/tabwriter" + timeutil "github.com/argoproj/pkg/time" log "github.com/sirupsen/logrus" "github.com/spf13/cobra" - - "strings" - - "context" - - "fmt" - "text/tabwriter" + "github.com/spf13/pflag" + "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/argoproj/argo-cd/errors" argocdclient "github.com/argoproj/argo-cd/pkg/apiclient" @@ -21,9 +21,6 @@ import ( "github.com/argoproj/argo-cd/util" "github.com/argoproj/argo-cd/util/git" projectutil "github.com/argoproj/argo-cd/util/project" - timeutil "github.com/argoproj/pkg/time" - "github.com/spf13/pflag" - "k8s.io/apimachinery/pkg/apis/meta/v1" ) const ( diff --git a/server/project/project.go b/server/project/project.go index 860813e97c4d5..1757838d60b9d 100644 --- a/server/project/project.go +++ b/server/project/project.go @@ -3,9 +3,15 @@ package project import ( "context" "fmt" - "strings" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" + "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/fields" + "k8s.io/client-go/kubernetes" + "github.com/argoproj/argo-cd/common" "github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1" appclientset "github.com/argoproj/argo-cd/pkg/client/clientset/versioned" @@ -17,12 +23,6 @@ import ( projectutil "github.com/argoproj/argo-cd/util/project" "github.com/argoproj/argo-cd/util/rbac" "github.com/argoproj/argo-cd/util/session" - "google.golang.org/grpc/codes" - "google.golang.org/grpc/status" - "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/fields" - "k8s.io/client-go/kubernetes" ) const ( diff --git a/server/server.go b/server/server.go index 2fdc34ba81b5c..7ebedc0537519 100644 --- a/server/server.go +++ b/server/server.go @@ -12,6 +12,26 @@ import ( "strings" "time" + jwt "github.com/dgrijalva/jwt-go" + "github.com/gobuffalo/packr" + golang_proto "github.com/golang/protobuf/proto" + "github.com/grpc-ecosystem/go-grpc-middleware" + "github.com/grpc-ecosystem/go-grpc-middleware/auth" + "github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus" + "github.com/grpc-ecosystem/grpc-gateway/runtime" + log "github.com/sirupsen/logrus" + "github.com/soheilhy/cmux" + netCtx "golang.org/x/net/context" + "google.golang.org/grpc" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/credentials" + "google.golang.org/grpc/metadata" + "google.golang.org/grpc/reflection" + "google.golang.org/grpc/status" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/wait" + "k8s.io/client-go/kubernetes" + "github.com/argoproj/argo-cd" "github.com/argoproj/argo-cd/common" "github.com/argoproj/argo-cd/errors" @@ -40,25 +60,6 @@ import ( "github.com/argoproj/argo-cd/util/swagger" tlsutil "github.com/argoproj/argo-cd/util/tls" "github.com/argoproj/argo-cd/util/webhook" - jwt "github.com/dgrijalva/jwt-go" - "github.com/gobuffalo/packr" - golang_proto "github.com/golang/protobuf/proto" - "github.com/grpc-ecosystem/go-grpc-middleware" - "github.com/grpc-ecosystem/go-grpc-middleware/auth" - "github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus" - "github.com/grpc-ecosystem/grpc-gateway/runtime" - log "github.com/sirupsen/logrus" - "github.com/soheilhy/cmux" - netCtx "golang.org/x/net/context" - "google.golang.org/grpc" - "google.golang.org/grpc/codes" - "google.golang.org/grpc/credentials" - "google.golang.org/grpc/metadata" - "google.golang.org/grpc/reflection" - "google.golang.org/grpc/status" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/client-go/kubernetes" ) var ( diff --git a/server/server_test.go b/server/server_test.go index d8bedf4c4dc12..26557a25cc9cf 100644 --- a/server/server_test.go +++ b/server/server_test.go @@ -4,17 +4,17 @@ import ( "fmt" "testing" - "github.com/argoproj/argo-cd/common" - "github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1" - apps "github.com/argoproj/argo-cd/pkg/client/clientset/versioned/fake" - "github.com/argoproj/argo-cd/util/rbac" jwt "github.com/dgrijalva/jwt-go" log "github.com/sirupsen/logrus" "github.com/stretchr/testify/assert" apiv1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/client-go/kubernetes/fake" + + "github.com/argoproj/argo-cd/common" + "github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1" + apps "github.com/argoproj/argo-cd/pkg/client/clientset/versioned/fake" + "github.com/argoproj/argo-cd/util/rbac" ) const ( diff --git a/test/e2e/app_management_test.go b/test/e2e/app_management_test.go index 74c0dc85f7615..3c90b28521fa1 100644 --- a/test/e2e/app_management_test.go +++ b/test/e2e/app_management_test.go @@ -5,16 +5,16 @@ import ( "testing" "time" - // load the gcp plugin (required to authenticate against GKE clusters). - "github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1" - "github.com/argoproj/argo-cd/util/argo" "github.com/stretchr/testify/assert" "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/fields" + // load the gcp plugin (required to authenticate against GKE clusters). _ "k8s.io/client-go/plugin/pkg/client/auth/gcp" - _ "k8s.io/client-go/plugin/pkg/client/auth/oidc" + + "github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1" + "github.com/argoproj/argo-cd/util/argo" ) func TestAppManagement(t *testing.T) { diff --git a/test/e2e/project_management_test.go b/test/e2e/project_management_test.go index f8352e29a08a4..4beee13376b34 100644 --- a/test/e2e/project_management_test.go +++ b/test/e2e/project_management_test.go @@ -6,12 +6,13 @@ import ( "testing" "time" - "github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1" - "github.com/argoproj/argo-cd/util/argo" "github.com/stretchr/testify/assert" "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/fields" + + "github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1" + "github.com/argoproj/argo-cd/util/argo" ) func TestProjectManagement(t *testing.T) { diff --git a/util/settings/settings.go b/util/settings/settings.go index 724c4851d72f5..b0089aa57b63c 100644 --- a/util/settings/settings.go +++ b/util/settings/settings.go @@ -11,11 +11,6 @@ import ( "syscall" "time" - "github.com/argoproj/argo-cd/common" - "github.com/argoproj/argo-cd/errors" - "github.com/argoproj/argo-cd/util" - "github.com/argoproj/argo-cd/util/password" - tlsutil "github.com/argoproj/argo-cd/util/tls" "github.com/ghodss/yaml" log "github.com/sirupsen/logrus" "golang.org/x/crypto/ssh/terminal" @@ -26,6 +21,12 @@ import ( "k8s.io/client-go/informers/core/v1" "k8s.io/client-go/kubernetes" "k8s.io/client-go/tools/cache" + + "github.com/argoproj/argo-cd/common" + "github.com/argoproj/argo-cd/errors" + "github.com/argoproj/argo-cd/util" + "github.com/argoproj/argo-cd/util/password" + tlsutil "github.com/argoproj/argo-cd/util/tls" ) // ArgoCDSettings holds in-memory runtime configuration options. From 3640cd17678da82da5ed5116295ed0cdfa918ad0 Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Mon, 13 Aug 2018 14:20:34 -0700 Subject: [PATCH 30/43] Refactor out GetInt64Field --- server/project/project.go | 14 +++++++------- server/server.go | 13 +++++++++++-- util/jwt/jwt.go | 10 ---------- 3 files changed, 18 insertions(+), 19 deletions(-) diff --git a/server/project/project.go b/server/project/project.go index 1757838d60b9d..9ea672b0c3b75 100644 --- a/server/project/project.go +++ b/server/project/project.go @@ -19,10 +19,10 @@ import ( "github.com/argoproj/argo-cd/util/argo" "github.com/argoproj/argo-cd/util/git" "github.com/argoproj/argo-cd/util/grpc" - jwtutil "github.com/argoproj/argo-cd/util/jwt" projectutil "github.com/argoproj/argo-cd/util/project" "github.com/argoproj/argo-cd/util/rbac" "github.com/argoproj/argo-cd/util/session" + jwt "github.com/dgrijalva/jwt-go" ) const ( @@ -74,16 +74,16 @@ func (s *Server) CreateToken(ctx context.Context, q *ProjectTokenCreateRequest) if err != nil { return nil, status.Error(codes.InvalidArgument, err.Error()) } - claims, err := s.sessionMgr.Parse(jwtToken) - if err != nil { - return nil, status.Error(codes.InvalidArgument, err.Error()) + parser := &jwt.Parser{ + SkipClaimsValidation: true, } - mapClaims, err := jwtutil.MapClaims(claims) + claims := jwt.StandardClaims{} + _, _, err = parser.ParseUnverified(jwtToken, &claims) if err != nil { return nil, status.Error(codes.InvalidArgument, err.Error()) } - issuedAt := jwtutil.GetInt64Field(mapClaims, "iat") - expiresAt := jwtutil.GetInt64Field(mapClaims, "exp") + issuedAt := claims.IssuedAt + expiresAt := claims.ExpiresAt project.Spec.Roles[index].JWTTokens = append(project.Spec.Roles[index].JWTTokens, v1alpha1.JWTToken{IssuedAt: issuedAt, ExpiresAt: expiresAt}) _, err = s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Update(project) diff --git a/server/server.go b/server/server.go index 7ebedc0537519..f2016d034e75d 100644 --- a/server/server.go +++ b/server/server.go @@ -621,6 +621,7 @@ func DefaultEnforceClaims(enf *rbac.Enforcer, a appclientset.Interface, namespac return true } } + user := jwtutil.GetField(mapClaims, "sub") if strings.HasPrefix(user, "proj:") { return enforceJWTToken(enf, a, namespace, user, mapClaims, rvals...) @@ -630,7 +631,7 @@ func DefaultEnforceClaims(enf *rbac.Enforcer, a appclientset.Interface, namespac } } -func enforceJWTToken(enf *rbac.Enforcer, a appclientset.Interface, namespace string, user string, mapClaims jwt.MapClaims, rvals ...interface{}) bool { +func enforceJWTToken(enf *rbac.Enforcer, a appclientset.Interface, namespace string, user string, claims jwt.MapClaims, rvals ...interface{}) bool { userSplit := strings.Split(user, ":") if len(userSplit) != 3 { return false @@ -648,7 +649,15 @@ func enforceJWTToken(enf *rbac.Enforcer, a appclientset.Interface, namespace str if proj.Spec.Roles[index].JWTTokens == nil { return false } - iat := jwtutil.GetInt64Field(mapClaims, "iat") + iatField, ok := claims["iat"] + if !ok { + return false + } + iatFloat, ok := iatField.(float64) + if !ok { + return false + } + iat := int64(iatFloat) _, err = projectutil.GetJWTTokenIndexByIssuedAt(proj, index, iat) if err != nil { return false diff --git a/util/jwt/jwt.go b/util/jwt/jwt.go index 21c913599ce52..7e19664f10da5 100644 --- a/util/jwt/jwt.go +++ b/util/jwt/jwt.go @@ -30,16 +30,6 @@ func GetField(claims jwtgo.MapClaims, fieldName string) string { return "" } -// GetInt64Field extracts a field from the claims as a int64 -func GetInt64Field(claims jwtgo.MapClaims, fieldName string) int64 { - if fieldIf, ok := claims[fieldName]; ok { - if field, ok := fieldIf.(float64); ok { - return int64(field) - } - } - return 0 -} - // GetGroups extracts the groups from a claims func GetGroups(claims jwtgo.MapClaims) []string { groups := make([]string, 0) From 8b866ae518c58cd313b09b0343151492914915e2 Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Mon, 13 Aug 2018 14:24:14 -0700 Subject: [PATCH 31/43] Add Expires at to role list --- cmd/argocd/commands/project.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd/argocd/commands/project.go b/cmd/argocd/commands/project.go index 35177c7b4627b..ffdc8b5e3b63b 100644 --- a/cmd/argocd/commands/project.go +++ b/cmd/argocd/commands/project.go @@ -360,10 +360,10 @@ func NewProjectRoleListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co fmt.Fprintf(w, "%s\n", role.Name) if role.JWTTokens != nil { for _, token := range role.JWTTokens { - fmt.Fprintf(w, "%s\t%d\t\n", role.Name, token.IssuedAt) + fmt.Fprintf(w, "%s\t%d\t%d\n", role.Name, token.IssuedAt, token.ExpiresAt) for _, policy := range role.Policies { - fmt.Fprintf(w, "%s\t%d\t%s\n", role.Name, token.IssuedAt, policy) + fmt.Fprintf(w, "%s\t%d\t%d\t%s\n", role.Name, token.IssuedAt, token.ExpiresAt, policy) } } } From 72eefaf5009b5186a8056a7e8aaf4f16aaf5cfd0 Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Mon, 13 Aug 2018 14:26:08 -0700 Subject: [PATCH 32/43] Make error message more clear --- util/project/util.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/project/util.go b/util/project/util.go index f6a1dc2818460..aaf3c666b5f30 100644 --- a/util/project/util.go +++ b/util/project/util.go @@ -20,5 +20,5 @@ func GetJWTTokenIndexByIssuedAt(proj *v1alpha1.AppProject, roleIndex int, issued return i, nil } } - return -1, fmt.Errorf("JWTToken for role '%s' with '%d' created time does not exist in project '%s'", proj.Spec.Roles[roleIndex].Name, issuedAt, proj.Name) + return -1, fmt.Errorf("JWT token for role '%s' issued at '%d' does not exist in project '%s'", proj.Spec.Roles[roleIndex].Name, issuedAt, proj.Name) } From e8108559ea3682bf6cff38dfd7c5a219165391ee Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Mon, 13 Aug 2018 14:42:59 -0700 Subject: [PATCH 33/43] Add comment to policy in types.go --- pkg/apis/application/v1alpha1/generated.proto | 3 ++- pkg/apis/application/v1alpha1/types.go | 5 +++-- server/swagger.json | 3 ++- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/pkg/apis/application/v1alpha1/generated.proto b/pkg/apis/application/v1alpha1/generated.proto index 9e65840162370..ece09b8e69957 100644 --- a/pkg/apis/application/v1alpha1/generated.proto +++ b/pkg/apis/application/v1alpha1/generated.proto @@ -296,6 +296,7 @@ message OperationState { message ProjectRole { optional string name = 1; + // Policies Stores a list of casbin formated strings that define access policies for the role in the project. repeated string policies = 2; repeated JWTToken JWTTokens = 3; @@ -369,7 +370,7 @@ message SyncOperation { // Prune deletes resources that are no longer tracked in git optional bool prune = 2; - // DryRun will perform a `kubectl apply --dry-run` without actually performing the sync + // DryRun will perform a `kubectl apply --dry-rudn` without actually performing the sync optional bool dryRun = 3; // SyncStrategy describes how to perform the sync diff --git a/pkg/apis/application/v1alpha1/types.go b/pkg/apis/application/v1alpha1/types.go index 1cf9e09c600e6..4d6973e8af8cf 100644 --- a/pkg/apis/application/v1alpha1/types.go +++ b/pkg/apis/application/v1alpha1/types.go @@ -20,7 +20,7 @@ type SyncOperation struct { Revision string `json:"revision,omitempty" protobuf:"bytes,1,opt,name=revision"` // Prune deletes resources that are no longer tracked in git Prune bool `json:"prune,omitempty" protobuf:"bytes,2,opt,name=prune"` - // DryRun will perform a `kubectl apply --dry-run` without actually performing the sync + // DryRun will perform a `kubectl apply --dry-rudn` without actually performing the sync DryRun bool `json:"dryRun,omitempty" protobuf:"bytes,3,opt,name=dryRun"` // SyncStrategy describes how to perform the sync SyncStrategy *SyncStrategy `json:"syncStrategy,omitempty" protobuf:"bytes,4,opt,name=syncStrategy"` @@ -468,7 +468,8 @@ type AppProjectSpec struct { // ProjectRole represents a role that has access to a project type ProjectRole struct { - Name string `json:"name" protobuf:"bytes,1,opt,name=name"` + Name string `json:"name" protobuf:"bytes,1,opt,name=name"` + // Policies Stores a list of casbin formated strings that define access policies for the role in the project. Policies []string `json:"policies" protobuf:"bytes,2,rep,name=policies"` JWTTokens []JWTToken `json:"JWTTokens" protobuf:"bytes,3,rep,name=JWTTokens"` } diff --git a/server/swagger.json b/server/swagger.json index 7414b28862bcb..4930724cf74b7 100644 --- a/server/swagger.json +++ b/server/swagger.json @@ -2386,6 +2386,7 @@ "type": "string" }, "policies": { + "description": "Policies Stores a list of casbin formated strings that define access policies for the role in the project.", "type": "array", "items": { "type": "string" @@ -2512,7 +2513,7 @@ "dryRun": { "type": "boolean", "format": "boolean", - "title": "DryRun will perform a `kubectl apply --dry-run` without actually performing the sync" + "title": "DryRun will perform a `kubectl apply --dry-rudn` without actually performing the sync" }, "prune": { "type": "boolean", From 7f1722f0591fcf9c6a152ca4feb2677f1d662730 Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Mon, 13 Aug 2018 14:52:18 -0700 Subject: [PATCH 34/43] Make create/delete token idempotent --- cmd/argocd/commands/project.go | 9 +++++---- server/project/project.go | 6 +++--- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/cmd/argocd/commands/project.go b/cmd/argocd/commands/project.go index ffdc8b5e3b63b..3fc9a69a31764 100644 --- a/cmd/argocd/commands/project.go +++ b/cmd/argocd/commands/project.go @@ -208,7 +208,7 @@ func NewProjectRoleRemovePolicyCommand(clientOpts *argocdclient.ClientOptions) * } } if duplicateIndex < 0 { - log.Fatal("Policy does not exist in role.") + return } role.Policies[duplicateIndex] = role.Policies[len(role.Policies)-1] proj.Spec.Roles[roleIndex].Policies = role.Policies[:len(role.Policies)-1] @@ -240,7 +240,7 @@ func NewProjectRoleCreateCommand(clientOpts *argocdclient.ClientOptions) *cobra. _, err = projectutil.GetRoleIndexByName(proj, roleName) if err == nil { - log.Fatalf("Role '%s' already exists for '%s'", roleName, projName) + return } proj.Spec.Roles = append(proj.Spec.Roles, v1alpha1.ProjectRole{Name: roleName}) @@ -270,8 +270,9 @@ func NewProjectRoleDeleteCommand(clientOpts *argocdclient.ClientOptions) *cobra. errors.CheckError(err) index, err := projectutil.GetRoleIndexByName(proj, roleName) - errors.CheckError(err) - + if err != nil { + return + } proj.Spec.Roles[index] = proj.Spec.Roles[len(proj.Spec.Roles)-1] proj.Spec.Roles = proj.Spec.Roles[:len(proj.Spec.Roles)-1] diff --git a/server/project/project.go b/server/project/project.go index 9ea672b0c3b75..c57f11e87c339 100644 --- a/server/project/project.go +++ b/server/project/project.go @@ -114,14 +114,14 @@ func (s *Server) DeleteToken(ctx context.Context, q *ProjectTokenDeleteRequest) roleIndex, err := projectutil.GetRoleIndexByName(project, q.Role) if err != nil { - return nil, status.Error(codes.NotFound, err.Error()) + return &EmptyResponse{}, nil } if project.Spec.Roles[roleIndex].JWTTokens == nil { - return nil, status.Errorf(codes.NotFound, "Role '%s' does not have a JWT token", q.Role) + return &EmptyResponse{}, nil } jwtTokenIndex, err := projectutil.GetJWTTokenIndexByIssuedAt(project, roleIndex, q.IssuedAt) if err != nil { - return nil, status.Error(codes.NotFound, err.Error()) + return &EmptyResponse{}, nil } project.Spec.Roles[roleIndex].JWTTokens[jwtTokenIndex] = project.Spec.Roles[roleIndex].JWTTokens[len(project.Spec.Roles[roleIndex].JWTTokens)-1] project.Spec.Roles[roleIndex].JWTTokens = project.Spec.Roles[roleIndex].JWTTokens[:len(project.Spec.Roles[roleIndex].JWTTokens)-1] From 51c320924923f50dc7aca21bff143deafa54aeee Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Mon, 13 Aug 2018 20:47:28 -0700 Subject: [PATCH 35/43] Refactor all role commands into single method --- cmd/argocd/commands/project.go | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/cmd/argocd/commands/project.go b/cmd/argocd/commands/project.go index 3fc9a69a31764..d320ef727e5f3 100644 --- a/cmd/argocd/commands/project.go +++ b/cmd/argocd/commands/project.go @@ -66,15 +66,7 @@ func NewProjectCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { }, } - roleCommand := NewProjectRoleCommand(clientOpts) - roleCommand.AddCommand(NewProjectRoleListCommand(clientOpts)) - roleCommand.AddCommand(NewProjectRoleCreateCommand(clientOpts)) - roleCommand.AddCommand(NewProjectRoleDeleteCommand(clientOpts)) - roleCommand.AddCommand(NewProjectRoleCreateTokenCommand(clientOpts)) - roleCommand.AddCommand(NewProjectRoleDeleteTokenCommand(clientOpts)) - roleCommand.AddCommand(NewProjectRoleAddPolicyCommand(clientOpts)) - roleCommand.AddCommand(NewProjectRoleRemovePolicyCommand(clientOpts)) - command.AddCommand(roleCommand) + command.AddCommand(NewProjectRoleCommand(clientOpts)) command.AddCommand(NewProjectCreateCommand(clientOpts)) command.AddCommand(NewProjectDeleteCommand(clientOpts)) command.AddCommand(NewProjectListCommand(clientOpts)) @@ -101,7 +93,7 @@ func addPolicyFlags(command *cobra.Command, opts *policyOpts) { // NewProjectRoleCommand returns a new instance of the `argocd proj role` command func NewProjectRoleCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - return &cobra.Command{ + roleCommand := &cobra.Command{ Use: "role", Short: "Manage a project's role", Run: func(c *cobra.Command, args []string) { @@ -109,6 +101,14 @@ func NewProjectRoleCommand(clientOpts *argocdclient.ClientOptions) *cobra.Comman os.Exit(1) }, } + roleCommand.AddCommand(NewProjectRoleListCommand(clientOpts)) + roleCommand.AddCommand(NewProjectRoleCreateCommand(clientOpts)) + roleCommand.AddCommand(NewProjectRoleDeleteCommand(clientOpts)) + roleCommand.AddCommand(NewProjectRoleCreateTokenCommand(clientOpts)) + roleCommand.AddCommand(NewProjectRoleDeleteTokenCommand(clientOpts)) + roleCommand.AddCommand(NewProjectRoleAddPolicyCommand(clientOpts)) + roleCommand.AddCommand(NewProjectRoleRemovePolicyCommand(clientOpts)) + return roleCommand } // NewProjectRoleAddPolicyCommand returns a new instance of an `argocd proj role add-policy` command From b387c23308f65945f43f28fff8447c988360605c Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Mon, 13 Aug 2018 20:55:20 -0700 Subject: [PATCH 36/43] Fix typos ammend --- pkg/apis/application/v1alpha1/generated.pb.go | 322 +++++++++--------- pkg/apis/application/v1alpha1/generated.proto | 4 +- pkg/apis/application/v1alpha1/types.go | 6 +- server/server.go | 8 +- server/server_test.go | 20 +- server/swagger.json | 4 +- test/e2e/fixture.go | 2 +- 7 files changed, 183 insertions(+), 183 deletions(-) diff --git a/pkg/apis/application/v1alpha1/generated.pb.go b/pkg/apis/application/v1alpha1/generated.pb.go index ad2973498738b..0880fc85d060b 100644 --- a/pkg/apis/application/v1alpha1/generated.pb.go +++ b/pkg/apis/application/v1alpha1/generated.pb.go @@ -8189,166 +8189,166 @@ func init() { } var fileDescriptorGenerated = []byte{ - // 2565 bytes of a gzipped FileDescriptorProto + // 2570 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xd4, 0x59, 0x4b, 0x8c, 0x1c, 0x47, - 0x19, 0x76, 0xcf, 0x63, 0x77, 0xe6, 0x9f, 0x7d, 0xd8, 0x95, 0x07, 0x8b, 0x23, 0xed, 0xae, 0x3a, - 0x3c, 0x0c, 0x4a, 0x66, 0xb0, 0xc1, 0x60, 0x1e, 0x42, 0xf2, 0xcc, 0xda, 0xf1, 0x7a, 0xfd, 0x58, - 0x6a, 0x36, 0x89, 0x14, 0xa2, 0x40, 0xbb, 0xa7, 0x76, 0xa6, 0x3c, 0x33, 0xdd, 0x9d, 0xae, 0x9e, - 0xb1, 0x47, 0x22, 0x28, 0x08, 0x21, 0xf1, 0x94, 0x40, 0x08, 0x71, 0xe5, 0xc0, 0x09, 0x21, 0x21, - 0x21, 0x4e, 0x48, 0x1c, 0xe0, 0x80, 0x7c, 0xcc, 0x01, 0x44, 0x14, 0xd0, 0x0a, 0x6f, 0x2e, 0x91, - 0x38, 0x70, 0xe2, 0x92, 0x13, 0xaa, 0x47, 0x77, 0x55, 0xf7, 0xec, 0xb2, 0x6b, 0x4f, 0xdb, 0xc0, - 0xad, 0xfb, 0xff, 0xff, 0xfe, 0xbf, 0xbf, 0xfe, 0xfa, 0xeb, 0x7f, 0x54, 0xc3, 0x66, 0x97, 0x46, - 0xbd, 0xd1, 0xad, 0xba, 0xeb, 0x0f, 0x1b, 0x4e, 0xd8, 0xf5, 0x83, 0xd0, 0xbf, 0x2d, 0x1e, 0x9e, - 0x77, 0x3b, 0x8d, 0xa0, 0xdf, 0x6d, 0x38, 0x01, 0x65, 0x0d, 0x27, 0x08, 0x06, 0xd4, 0x75, 0x22, - 0xea, 0x7b, 0x8d, 0xf1, 0x59, 0x67, 0x10, 0xf4, 0x9c, 0xb3, 0x8d, 0x2e, 0xf1, 0x48, 0xe8, 0x44, - 0xa4, 0x53, 0x0f, 0x42, 0x3f, 0xf2, 0xd1, 0x67, 0xb5, 0xaa, 0x7a, 0xac, 0x4a, 0x3c, 0x7c, 0xc5, - 0xed, 0xd4, 0x83, 0x7e, 0xb7, 0xce, 0x55, 0xd5, 0x0d, 0x55, 0xf5, 0x58, 0xd5, 0xe9, 0xe7, 0x0d, - 0x2b, 0xba, 0x7e, 0xd7, 0x6f, 0x08, 0x8d, 0xb7, 0x46, 0xbb, 0xe2, 0x4d, 0xbc, 0x88, 0x27, 0x89, - 0x74, 0xfa, 0x53, 0xfd, 0x0b, 0xac, 0x4e, 0x7d, 0x6e, 0xdb, 0xd0, 0x71, 0x7b, 0xd4, 0x23, 0xe1, - 0x44, 0x1b, 0x3b, 0x24, 0x91, 0xd3, 0x18, 0x4f, 0xd9, 0x77, 0xba, 0x71, 0xd8, 0x57, 0xe1, 0xc8, - 0x8b, 0xe8, 0x90, 0x4c, 0x7d, 0xf0, 0xe9, 0xa3, 0x3e, 0x60, 0x6e, 0x8f, 0x0c, 0x9d, 0xa9, 0xef, - 0x3e, 0x79, 0xd8, 0x77, 0xa3, 0x88, 0x0e, 0x1a, 0xd4, 0x8b, 0x58, 0x14, 0x66, 0x3f, 0xb2, 0xff, - 0x6a, 0x01, 0x5c, 0x0c, 0x82, 0xed, 0xd0, 0xbf, 0x4d, 0xdc, 0x08, 0x7d, 0x15, 0x2a, 0x7c, 0x1d, - 0x1d, 0x27, 0x72, 0x56, 0xac, 0x75, 0xeb, 0x4c, 0xed, 0xdc, 0x27, 0xea, 0x52, 0x6d, 0xdd, 0x54, - 0xab, 0xfd, 0xca, 0xa5, 0xeb, 0xe3, 0xb3, 0xf5, 0x9b, 0xb7, 0xf8, 0xf7, 0xd7, 0x49, 0xe4, 0x34, - 0xd1, 0xbd, 0xbd, 0xb5, 0x13, 0xfb, 0x7b, 0x6b, 0xa0, 0x69, 0x38, 0xd1, 0x8a, 0xfa, 0x50, 0x62, - 0x01, 0x71, 0x57, 0x0a, 0x42, 0xfb, 0x66, 0xfd, 0xa1, 0x77, 0xaf, 0xae, 0xcd, 0x6e, 0x07, 0xc4, - 0x6d, 0x2e, 0x28, 0xd8, 0x12, 0x7f, 0xc3, 0x02, 0xc4, 0x7e, 0xc7, 0x82, 0x25, 0x2d, 0x76, 0x8d, - 0xb2, 0x08, 0xbd, 0x3a, 0xb5, 0xc2, 0xfa, 0xf1, 0x56, 0xc8, 0xbf, 0x16, 0xeb, 0x3b, 0xa9, 0x80, - 0x2a, 0x31, 0xc5, 0x58, 0xdd, 0x6d, 0x28, 0xd3, 0x88, 0x0c, 0xd9, 0x4a, 0x61, 0xbd, 0x78, 0xa6, - 0x76, 0xee, 0x52, 0x2e, 0xcb, 0x6b, 0x2e, 0x2a, 0xc4, 0xf2, 0x26, 0xd7, 0x8d, 0x25, 0x84, 0xfd, - 0xaf, 0x82, 0xb9, 0x38, 0xbe, 0x6a, 0x74, 0x16, 0x6a, 0xcc, 0x1f, 0x85, 0x2e, 0xc1, 0x24, 0xf0, - 0xd9, 0x8a, 0xb5, 0x5e, 0x3c, 0x53, 0x6d, 0x2e, 0xef, 0xef, 0xad, 0xd5, 0xda, 0x9a, 0x8c, 0x4d, - 0x19, 0xf4, 0x3d, 0x0b, 0x16, 0x3a, 0x84, 0x45, 0xd4, 0x13, 0xf8, 0xb1, 0xe5, 0x5f, 0x9a, 0xcd, - 0xf2, 0x98, 0xb8, 0xa1, 0x35, 0x37, 0x9f, 0x54, 0xab, 0x58, 0x30, 0x88, 0x0c, 0xa7, 0xc0, 0xd1, - 0x79, 0xa8, 0x75, 0x08, 0x73, 0x43, 0x1a, 0xf0, 0xf7, 0x95, 0xe2, 0xba, 0x75, 0xa6, 0xda, 0x7c, - 0x42, 0x7d, 0x58, 0xdb, 0xd0, 0x2c, 0x6c, 0xca, 0xa1, 0x3e, 0x94, 0x43, 0x7f, 0x40, 0xd8, 0x4a, - 0x49, 0x18, 0x7f, 0x79, 0x06, 0xe3, 0x95, 0x3b, 0xb1, 0x3f, 0x20, 0xda, 0xef, 0xfc, 0x8d, 0x61, - 0x89, 0x61, 0xff, 0xb1, 0x08, 0x35, 0x63, 0x89, 0x8f, 0xe1, 0xcc, 0x0c, 0x52, 0x67, 0xe6, 0x6a, - 0x3e, 0x5b, 0x73, 0xd8, 0xa1, 0x41, 0x11, 0xcc, 0xb1, 0xc8, 0x89, 0x46, 0x4c, 0xb8, 0xbf, 0x76, - 0xee, 0x5a, 0x4e, 0x78, 0x42, 0x67, 0x73, 0x49, 0x21, 0xce, 0xc9, 0x77, 0xac, 0xb0, 0xd0, 0xeb, - 0x50, 0xf5, 0x03, 0x9e, 0x9a, 0xf8, 0xbe, 0x97, 0x04, 0xf0, 0xc6, 0x0c, 0xc0, 0x37, 0x63, 0x5d, - 0xcd, 0xc5, 0xfd, 0xbd, 0xb5, 0x6a, 0xf2, 0x8a, 0x35, 0x8a, 0xed, 0xc2, 0x93, 0x86, 0x7d, 0x2d, - 0xdf, 0xeb, 0x50, 0xb1, 0xa1, 0xeb, 0x50, 0x8a, 0x26, 0x01, 0x11, 0x9b, 0x59, 0xd5, 0x2e, 0xda, - 0x99, 0x04, 0x04, 0x0b, 0x0e, 0xfa, 0x18, 0xcc, 0x0f, 0x09, 0x63, 0x4e, 0x97, 0x88, 0x3d, 0xa9, - 0x36, 0x97, 0x95, 0xd0, 0xfc, 0x75, 0x49, 0xc6, 0x31, 0xdf, 0x7e, 0x1d, 0x9e, 0x3e, 0xf8, 0x3c, - 0xa0, 0x8f, 0xc0, 0x1c, 0x23, 0xe1, 0x98, 0x84, 0x0a, 0x48, 0x7b, 0x46, 0x50, 0xb1, 0xe2, 0xa2, - 0x06, 0x54, 0x3d, 0x67, 0x48, 0x58, 0xe0, 0xb8, 0x31, 0xdc, 0x29, 0x25, 0x5a, 0xbd, 0x11, 0x33, - 0xb0, 0x96, 0xb1, 0xff, 0x66, 0xc1, 0xb2, 0x81, 0xf9, 0x18, 0xd2, 0x5e, 0x3f, 0x9d, 0xf6, 0x2e, - 0xe7, 0x13, 0x31, 0x87, 0xe4, 0xbd, 0xdf, 0x17, 0xe1, 0x94, 0x19, 0x57, 0x22, 0x99, 0xf1, 0x2d, - 0x09, 0x49, 0xe0, 0xbf, 0x88, 0xaf, 0x29, 0x77, 0x26, 0x5b, 0x82, 0x25, 0x19, 0xc7, 0x7c, 0xbe, - 0xbf, 0x81, 0x13, 0xf5, 0x94, 0x2f, 0x93, 0xfd, 0xdd, 0x76, 0xa2, 0x1e, 0x16, 0x1c, 0x9e, 0x86, - 0x88, 0x37, 0xa6, 0xa1, 0xef, 0x0d, 0x89, 0x17, 0x65, 0xd3, 0xd0, 0x25, 0xcd, 0xc2, 0xa6, 0x1c, - 0xfa, 0x22, 0x2c, 0x45, 0x4e, 0xd8, 0x25, 0x11, 0x26, 0x63, 0xca, 0xe2, 0x40, 0xae, 0x36, 0x9f, - 0x56, 0x5f, 0x2e, 0xed, 0xa4, 0xb8, 0x38, 0x23, 0x8d, 0x7e, 0x63, 0xc1, 0x33, 0xae, 0x3f, 0x0c, - 0x7c, 0x8f, 0x78, 0xd1, 0xb6, 0x13, 0x3a, 0x43, 0x12, 0x91, 0xf0, 0xe6, 0x98, 0x84, 0x21, 0xed, - 0x10, 0xb6, 0x52, 0x16, 0xde, 0xbd, 0x3e, 0x83, 0x77, 0x5b, 0x53, 0xda, 0x9b, 0xcf, 0x2a, 0xe3, - 0x9e, 0x69, 0x1d, 0x8e, 0x8c, 0xff, 0x93, 0x59, 0xbc, 0xea, 0x8c, 0x9d, 0xc1, 0x88, 0xb0, 0xcb, - 0x94, 0xe7, 0xe0, 0x39, 0x5d, 0x75, 0x5e, 0xd2, 0x64, 0x6c, 0xca, 0xd8, 0xbf, 0x2b, 0xa4, 0x42, - 0xb4, 0x1d, 0xe7, 0x1d, 0xb1, 0x97, 0x2a, 0x40, 0xf3, 0xca, 0x3b, 0x42, 0xa7, 0x71, 0xba, 0x64, - 0xf1, 0x53, 0x58, 0xe8, 0xdb, 0x96, 0x28, 0x39, 0xf1, 0xa9, 0x54, 0x39, 0xf6, 0x11, 0x94, 0x3f, - 0xb3, 0x8a, 0xc5, 0x44, 0x6c, 0x42, 0xf3, 0x10, 0x0e, 0x64, 0xf5, 0x51, 0x11, 0x97, 0x84, 0x70, - 0x5c, 0x94, 0x62, 0xbe, 0xfd, 0xb3, 0xb9, 0xf4, 0x19, 0x90, 0x39, 0xf4, 0x47, 0x16, 0x9c, 0xe4, - 0x1b, 0xe5, 0x84, 0x94, 0xf9, 0x1e, 0x26, 0x6c, 0x34, 0x88, 0x94, 0x33, 0xb7, 0x66, 0x0c, 0x1a, - 0x53, 0x65, 0x73, 0x45, 0xd9, 0x75, 0x32, 0xcb, 0xc1, 0x53, 0xf0, 0x28, 0x82, 0xf9, 0x1e, 0x65, - 0x91, 0x1f, 0x4e, 0x54, 0x72, 0x98, 0xa5, 0xe5, 0xdb, 0x20, 0xc1, 0xc0, 0x9f, 0xf0, 0xb3, 0xb6, - 0xe9, 0xed, 0xfa, 0xda, 0x3f, 0x57, 0x24, 0x02, 0x8e, 0xa1, 0xd0, 0x37, 0x2c, 0x80, 0x20, 0x8e, - 0x54, 0x5e, 0xc8, 0x1e, 0xc1, 0xc1, 0x49, 0x6a, 0x76, 0x42, 0x62, 0xd8, 0x00, 0x45, 0x3e, 0xcc, - 0xf5, 0x88, 0x33, 0x88, 0x7a, 0xaa, 0x9c, 0xbd, 0x30, 0x03, 0xfc, 0x15, 0xa1, 0x28, 0x5b, 0x42, - 0x25, 0x15, 0x2b, 0x18, 0xf4, 0x2d, 0x0b, 0x96, 0x92, 0xea, 0xc6, 0x65, 0xc9, 0x4a, 0x79, 0xe6, - 0x2e, 0xfb, 0x66, 0x4a, 0x61, 0x13, 0xf1, 0x34, 0x96, 0xa6, 0xe1, 0x0c, 0x28, 0xfa, 0xa6, 0x05, - 0xe0, 0xc6, 0xd5, 0x54, 0xe6, 0x83, 0xda, 0xb9, 0x9b, 0xf9, 0x9c, 0xa8, 0xa4, 0x4a, 0x6b, 0xf7, - 0x27, 0x24, 0x86, 0x0d, 0x58, 0xfb, 0x5d, 0x0b, 0x9e, 0x32, 0x3e, 0x7c, 0xd9, 0x89, 0xdc, 0xde, - 0xa5, 0x31, 0x4f, 0xd3, 0x5b, 0xa9, 0xfa, 0xfe, 0x19, 0xb3, 0xbe, 0xbf, 0xbf, 0xb7, 0xf6, 0xd1, - 0xc3, 0xc6, 0xa8, 0x3b, 0x5c, 0x43, 0x5d, 0xa8, 0x30, 0x5a, 0x81, 0x37, 0xa0, 0x66, 0xd8, 0xac, - 0xd2, 0x47, 0x5e, 0x05, 0x30, 0xc9, 0x19, 0x06, 0x11, 0x9b, 0x78, 0xf6, 0x9f, 0x0b, 0x30, 0xdf, - 0x1a, 0x8c, 0x58, 0x44, 0xc2, 0x63, 0x37, 0x14, 0xeb, 0x50, 0xe2, 0xcd, 0x42, 0xb6, 0xfe, 0xf1, - 0x5e, 0x02, 0x0b, 0x0e, 0x0a, 0x60, 0xce, 0xf5, 0xbd, 0x5d, 0xda, 0x55, 0x2d, 0xe0, 0x95, 0x59, - 0x4e, 0x8e, 0xb4, 0xae, 0x25, 0xf4, 0x69, 0x9b, 0xe4, 0x3b, 0x56, 0x38, 0xe8, 0x07, 0x16, 0x2c, - 0xbb, 0xbe, 0xe7, 0x11, 0x57, 0x07, 0x6f, 0x69, 0xe6, 0x76, 0xb7, 0x95, 0xd6, 0xd8, 0xfc, 0x80, - 0x42, 0x5f, 0xce, 0x30, 0x70, 0x16, 0xdb, 0xfe, 0x75, 0x01, 0x16, 0x53, 0x96, 0xa3, 0xe7, 0xa0, - 0x32, 0x62, 0x24, 0x14, 0x9e, 0x93, 0xfe, 0x4d, 0x3a, 0xa2, 0x17, 0x15, 0x1d, 0x27, 0x12, 0x5c, - 0x3a, 0x70, 0x18, 0xbb, 0xe3, 0x87, 0x1d, 0xe5, 0xe7, 0x44, 0x7a, 0x5b, 0xd1, 0x71, 0x22, 0xc1, - 0xfb, 0x8d, 0x5b, 0xc4, 0x09, 0x49, 0xb8, 0xe3, 0xf7, 0xc9, 0xd4, 0xd8, 0xd3, 0xd4, 0x2c, 0x6c, - 0xca, 0x09, 0xa7, 0x45, 0x03, 0xd6, 0x1a, 0x50, 0xe2, 0x45, 0xd2, 0xcc, 0x1c, 0x9c, 0xb6, 0x73, - 0xad, 0x6d, 0x6a, 0xd4, 0x4e, 0xcb, 0x30, 0x70, 0x16, 0xdb, 0xfe, 0x93, 0x05, 0x35, 0xe5, 0xb4, - 0xc7, 0xd0, 0x74, 0x76, 0xd3, 0x4d, 0x67, 0x73, 0xf6, 0x18, 0x3d, 0xa4, 0xe1, 0xfc, 0x65, 0x11, - 0xa6, 0x2a, 0x1d, 0x7a, 0x8d, 0xe7, 0x38, 0x4e, 0x23, 0x9d, 0x8b, 0x71, 0x91, 0xfd, 0xf8, 0xf1, - 0x56, 0xb7, 0x43, 0x87, 0xc4, 0x4c, 0x5f, 0xb1, 0x16, 0x6c, 0x68, 0x44, 0x6f, 0x5a, 0x1a, 0x60, - 0xc7, 0x57, 0x79, 0x25, 0xdf, 0x96, 0x68, 0xca, 0x84, 0x1d, 0x1f, 0x1b, 0x98, 0xe8, 0x73, 0xc9, - 0x20, 0x58, 0x16, 0x01, 0x69, 0xa7, 0x47, 0xb7, 0xf7, 0x53, 0x0d, 0x40, 0x66, 0x9c, 0x9b, 0x40, - 0x35, 0x24, 0xb2, 0xc5, 0x8a, 0x2b, 0xc0, 0x2c, 0x49, 0x04, 0x2b, 0x5d, 0xf2, 0x18, 0x27, 0xe3, - 0x4f, 0x4c, 0x66, 0x58, 0xa3, 0xd9, 0xdf, 0xb7, 0x00, 0x4d, 0x97, 0x6b, 0x3e, 0x46, 0x25, 0x4d, - 0xac, 0x3a, 0xc0, 0x89, 0x9e, 0x44, 0x1c, 0x6b, 0x99, 0x63, 0xa4, 0xc9, 0x67, 0xa1, 0x2c, 0x9a, - 0x5a, 0x75, 0x60, 0x93, 0xe8, 0x11, 0x6d, 0x2f, 0x96, 0x3c, 0xfb, 0x0f, 0x16, 0x64, 0xd3, 0x8d, - 0xc8, 0xd4, 0xd2, 0xb3, 0xd9, 0x4c, 0x9d, 0xf6, 0xe2, 0xf1, 0xe7, 0x4c, 0xf4, 0x2a, 0xd4, 0x9c, - 0x28, 0x22, 0xc3, 0x20, 0x12, 0x01, 0x59, 0x7c, 0xe0, 0x80, 0x5c, 0xe2, 0x91, 0x70, 0xdd, 0xef, - 0xd0, 0x5d, 0x2a, 0x82, 0xd1, 0x54, 0x67, 0xbf, 0x57, 0x84, 0xa5, 0x74, 0xf3, 0x85, 0x46, 0x30, - 0x27, 0x9a, 0x1d, 0x79, 0xcd, 0x94, 0x7b, 0x77, 0x95, 0xb8, 0x44, 0x90, 0x18, 0x56, 0x60, 0x3c, - 0xb1, 0x86, 0xf1, 0x74, 0x95, 0x49, 0xac, 0xc9, 0x5c, 0x95, 0x48, 0x1c, 0x39, 0x51, 0x15, 0xff, - 0x37, 0x27, 0xaa, 0xd7, 0x00, 0x3a, 0xc2, 0xdb, 0x62, 0x2f, 0x4b, 0x0f, 0x9f, 0x5c, 0x36, 0x12, - 0x2d, 0xd8, 0xd0, 0x88, 0x4e, 0x43, 0x81, 0x76, 0xc4, 0xa9, 0x2e, 0x36, 0x41, 0xc9, 0x16, 0x36, - 0x37, 0x70, 0x81, 0x76, 0x6c, 0x06, 0x0b, 0x66, 0xb7, 0x79, 0xec, 0x58, 0xfd, 0x3c, 0x2c, 0xca, - 0xa7, 0x0d, 0x12, 0x39, 0x74, 0xc0, 0xd4, 0xee, 0x3c, 0xa5, 0xc4, 0x17, 0xdb, 0x26, 0x13, 0xa7, - 0x65, 0xed, 0x9f, 0x16, 0x00, 0xae, 0xf8, 0x7e, 0x5f, 0x61, 0xc6, 0x47, 0xcf, 0x3a, 0xf4, 0xe8, - 0xad, 0x43, 0xa9, 0x4f, 0xbd, 0x4e, 0xf6, 0x70, 0x6e, 0x51, 0xaf, 0x83, 0x05, 0x07, 0x9d, 0x03, - 0x70, 0x02, 0xfa, 0x12, 0x09, 0x99, 0xbe, 0x49, 0x4c, 0xfc, 0x72, 0x71, 0x7b, 0x53, 0x71, 0xb0, - 0x21, 0x85, 0x9e, 0x53, 0x9d, 0xa1, 0x1c, 0xdb, 0x57, 0x32, 0x9d, 0x61, 0x85, 0x5b, 0x68, 0xb4, - 0x7e, 0x17, 0x32, 0xf9, 0x71, 0x7d, 0x2a, 0x3f, 0xea, 0x4e, 0x79, 0xbb, 0xe7, 0x30, 0x72, 0xd0, - 0xb9, 0x9e, 0x3b, 0xe2, 0xfe, 0xa8, 0x0d, 0x95, 0xab, 0x2f, 0xef, 0xc8, 0x7a, 0x6f, 0x43, 0x91, - 0x3a, 0x32, 0x79, 0x15, 0x75, 0xd8, 0x6f, 0x32, 0x36, 0x12, 0x3b, 0xcc, 0x99, 0xe8, 0x59, 0x28, - 0x92, 0xbb, 0x81, 0xf0, 0x4b, 0x51, 0x27, 0xb8, 0x4b, 0x77, 0x03, 0x1a, 0x12, 0xc6, 0x85, 0xc8, - 0xdd, 0xc0, 0xfe, 0x87, 0x05, 0xfa, 0x4a, 0x0c, 0xed, 0x42, 0x89, 0x4d, 0x3c, 0x57, 0x15, 0xb1, - 0x59, 0xd2, 0x74, 0x7b, 0xe2, 0xb9, 0xfa, 0xe6, 0xad, 0x22, 0x2e, 0x16, 0x27, 0x9e, 0x8b, 0x85, - 0x7e, 0x34, 0x86, 0x4a, 0xe8, 0x0f, 0x06, 0xb7, 0x1c, 0xb7, 0x9f, 0x43, 0x3d, 0xc3, 0x4a, 0x95, - 0xc6, 0x5b, 0x10, 0x49, 0x40, 0x91, 0x71, 0x82, 0x65, 0xff, 0xaa, 0x0c, 0x99, 0x91, 0x05, 0x8d, - 0xcc, 0xdb, 0x46, 0x2b, 0xc7, 0xdb, 0xc6, 0xc4, 0xe3, 0x07, 0xdd, 0x38, 0xa2, 0xf3, 0x50, 0x0e, - 0x78, 0x20, 0xa8, 0xb0, 0x5d, 0x8b, 0x0b, 0x86, 0x88, 0x8e, 0x03, 0xe2, 0x45, 0x4a, 0x9b, 0xe1, - 0x52, 0x3c, 0xa2, 0x0c, 0x7c, 0x1d, 0x80, 0xfb, 0x5a, 0xcd, 0xfe, 0x32, 0x73, 0xdc, 0xc8, 0x6b, - 0x47, 0xd5, 0xf8, 0x2f, 0x2a, 0x45, 0x3b, 0x41, 0xc1, 0x06, 0x22, 0xfa, 0xae, 0x05, 0x4b, 0xb1, - 0xe3, 0x95, 0x11, 0xe5, 0x47, 0x62, 0x84, 0x18, 0x44, 0x71, 0x0a, 0x09, 0x67, 0x90, 0xd1, 0x97, - 0xa1, 0xca, 0x22, 0x27, 0x94, 0x15, 0x71, 0xee, 0x81, 0xb3, 0x68, 0xb2, 0x97, 0xed, 0x58, 0x09, - 0xd6, 0xfa, 0xd0, 0x2b, 0x00, 0xbb, 0xd4, 0xa3, 0xac, 0x27, 0xb4, 0xcf, 0x3f, 0x5c, 0xbd, 0xbd, - 0x9c, 0x68, 0xc0, 0x86, 0x36, 0xde, 0x33, 0xd4, 0x8c, 0x1f, 0x11, 0xc7, 0xc8, 0x87, 0x67, 0xa0, - 0x12, 0xf8, 0x03, 0xea, 0x52, 0x22, 0xfb, 0xe1, 0xaa, 0x3c, 0x0d, 0xdb, 0x8a, 0x86, 0x13, 0x2e, - 0xea, 0x42, 0x35, 0x4e, 0x28, 0x71, 0xfd, 0x6b, 0xcd, 0xb0, 0x37, 0xb1, 0xae, 0x66, 0x89, 0x5b, - 0x85, 0xb5, 0x6e, 0xfb, 0x2f, 0x05, 0x00, 0xf1, 0x8f, 0x89, 0x8a, 0x2b, 0x99, 0x75, 0x28, 0x85, - 0x24, 0xf0, 0xb3, 0x6b, 0xe0, 0x12, 0x58, 0x70, 0x52, 0x13, 0x56, 0xe1, 0x81, 0x26, 0xac, 0xe2, - 0x91, 0x13, 0x16, 0xaf, 0x4e, 0xac, 0xb7, 0x1d, 0xd2, 0xb1, 0x13, 0x91, 0x2d, 0x32, 0x51, 0x29, - 0x5e, 0x57, 0xa7, 0xf6, 0x15, 0xcd, 0xc4, 0x69, 0xd9, 0x03, 0x87, 0xd3, 0xf2, 0x7f, 0x71, 0x38, - 0x7d, 0xc7, 0x82, 0x25, 0xed, 0xd9, 0xff, 0xaf, 0xdf, 0x9a, 0xda, 0xee, 0x43, 0xa6, 0xad, 0x7f, - 0x5a, 0xb0, 0x1c, 0xf7, 0xf5, 0xaa, 0x3d, 0xc8, 0xa5, 0x1f, 0x48, 0xfd, 0x46, 0x29, 0x1e, 0xfd, - 0x1b, 0xc5, 0xcc, 0xba, 0xa5, 0x23, 0xb2, 0xee, 0x17, 0x32, 0x9d, 0xc0, 0x87, 0xa6, 0x3a, 0x01, - 0x94, 0x4c, 0x30, 0x13, 0xcf, 0x4d, 0x77, 0x4e, 0xf6, 0x2f, 0x2c, 0x58, 0x88, 0xd9, 0x37, 0xfc, - 0x8e, 0x98, 0x2b, 0x98, 0x08, 0x32, 0x2b, 0x3d, 0x57, 0xc8, 0x70, 0x90, 0x3c, 0x34, 0x82, 0x8a, - 0xdb, 0xa3, 0x83, 0x4e, 0x48, 0x3c, 0xb5, 0x2d, 0x2f, 0xe4, 0x30, 0x60, 0x71, 0x7c, 0x1d, 0x0a, - 0x2d, 0x05, 0x80, 0x13, 0x28, 0xfb, 0xb7, 0x45, 0x58, 0x4c, 0x4d, 0x63, 0xe8, 0x3c, 0xd4, 0xe4, - 0x7f, 0x8c, 0xb6, 0x61, 0x73, 0x72, 0x79, 0xb1, 0xa3, 0x59, 0xd8, 0x94, 0xe3, 0xfb, 0x31, 0xa0, - 0x63, 0xa9, 0x23, 0xfb, 0x5b, 0xeb, 0x5a, 0xcc, 0xc0, 0x5a, 0xc6, 0x18, 0x47, 0x8b, 0x0f, 0x3c, - 0x8e, 0xfe, 0xd8, 0x02, 0x24, 0x96, 0xc0, 0x35, 0x27, 0x53, 0xa3, 0xfa, 0x5d, 0x9c, 0x9b, 0xdf, - 0x4e, 0x2b, 0x8b, 0x50, 0x6b, 0x0a, 0x0a, 0x1f, 0x00, 0x6f, 0xdc, 0x10, 0x97, 0x1f, 0xcb, 0x0d, - 0xb1, 0xfd, 0x35, 0x38, 0x35, 0xd5, 0x36, 0xa9, 0x61, 0xc0, 0x3a, 0x68, 0x18, 0xe0, 0x91, 0x18, - 0x84, 0x23, 0x4f, 0x6e, 0x50, 0x45, 0x47, 0xe2, 0x36, 0x27, 0x62, 0xc9, 0xe3, 0x13, 0x42, 0x27, - 0x9c, 0xe0, 0x91, 0xec, 0xb2, 0x2b, 0x1a, 0x7d, 0x43, 0x50, 0xb1, 0xe2, 0xda, 0xdf, 0x29, 0xc0, - 0x62, 0xaa, 0x94, 0xa7, 0x86, 0x39, 0xeb, 0xc8, 0x61, 0x2e, 0x4f, 0x63, 0xd0, 0x1b, 0xb0, 0xc0, - 0xc4, 0x51, 0x0c, 0x9d, 0x88, 0x74, 0x27, 0x39, 0xdc, 0xd1, 0xb7, 0x0d, 0x75, 0xcd, 0x93, 0xfb, - 0x7b, 0x6b, 0x0b, 0x26, 0x05, 0xa7, 0xe0, 0xec, 0x9f, 0x17, 0xe0, 0x89, 0x03, 0xda, 0x1a, 0x74, - 0xc7, 0xbc, 0x37, 0x91, 0x83, 0xf5, 0xd5, 0x1c, 0xc2, 0x53, 0x25, 0x52, 0xf9, 0x33, 0xfc, 0xa0, - 0x5b, 0x93, 0x07, 0x9c, 0xab, 0x77, 0xa1, 0xdc, 0xf3, 0xfd, 0x7e, 0xdc, 0x40, 0xcc, 0x52, 0x10, - 0xf4, 0xd8, 0xd7, 0xac, 0xf2, 0xdd, 0xe4, 0xef, 0x0c, 0x4b, 0xf5, 0xf6, 0x7b, 0x16, 0xa4, 0xbc, - 0x88, 0x86, 0x50, 0xe6, 0x5a, 0x26, 0x39, 0xfc, 0x23, 0x34, 0xf5, 0x5e, 0xe4, 0x3a, 0x25, 0xbe, - 0x78, 0xc4, 0x12, 0x05, 0x51, 0x28, 0x71, 0x43, 0xd4, 0xb8, 0xb2, 0x95, 0x13, 0x1a, 0x5f, 0xa2, - 0x9c, 0x8e, 0xf8, 0x13, 0x16, 0x10, 0xf6, 0x05, 0x38, 0x35, 0x65, 0x11, 0x0f, 0xf9, 0x5d, 0x3f, - 0xfe, 0x25, 0x6a, 0x84, 0xfc, 0x65, 0x4e, 0xc4, 0x92, 0xc7, 0xeb, 0xc7, 0xc9, 0xac, 0x7a, 0xf4, - 0x13, 0x0b, 0x4e, 0xb1, 0xac, 0xbe, 0x47, 0xe2, 0xb5, 0x0f, 0x2a, 0xa3, 0xa6, 0xcd, 0xc7, 0xd3, - 0x16, 0xf0, 0x1d, 0xcd, 0x5e, 0x24, 0xf3, 0xd8, 0xa3, 0x1e, 0x23, 0xee, 0x28, 0x8c, 0x17, 0xaa, - 0x87, 0x5b, 0x45, 0xc7, 0x89, 0x04, 0x1f, 0xec, 0xe5, 0x8f, 0x8c, 0x1b, 0xba, 0x51, 0x4c, 0x06, - 0xfb, 0x76, 0xc2, 0xc1, 0x86, 0x14, 0x6f, 0x8f, 0x5d, 0x12, 0x46, 0x1b, 0xbc, 0x3d, 0xe2, 0x79, - 0x61, 0x41, 0xb6, 0xc7, 0x2d, 0x45, 0xc3, 0x09, 0x17, 0x7d, 0x18, 0xe6, 0xfb, 0x64, 0x22, 0x04, - 0x4b, 0x42, 0xb0, 0xc6, 0x2b, 0xfe, 0x96, 0x24, 0xe1, 0x98, 0x87, 0x6c, 0x98, 0x73, 0x1d, 0x21, - 0x55, 0x16, 0x52, 0x20, 0xfe, 0x69, 0x5c, 0x14, 0x42, 0x8a, 0xd3, 0xac, 0xdf, 0xbb, 0xbf, 0x7a, - 0xe2, 0xad, 0xfb, 0xab, 0x27, 0xde, 0xbe, 0xbf, 0x7a, 0xe2, 0xcd, 0xfd, 0x55, 0xeb, 0xde, 0xfe, - 0xaa, 0xf5, 0xd6, 0xfe, 0xaa, 0xf5, 0xf6, 0xfe, 0xaa, 0xf5, 0xf7, 0xfd, 0x55, 0xeb, 0x87, 0xef, - 0xae, 0x9e, 0x78, 0xa5, 0x12, 0xbb, 0xf6, 0xdf, 0x01, 0x00, 0x00, 0xff, 0xff, 0xcd, 0x46, 0x67, - 0x25, 0x15, 0x29, 0x00, 0x00, + 0x19, 0x76, 0xcf, 0x6b, 0x67, 0xfe, 0xd9, 0x87, 0x5d, 0x79, 0xb0, 0x38, 0xd2, 0xee, 0xaa, 0xcd, + 0xc3, 0xa0, 0x64, 0x06, 0x1b, 0x0c, 0xe6, 0x21, 0x24, 0xcf, 0xac, 0x1d, 0xaf, 0xd7, 0x8f, 0xa5, + 0x66, 0x93, 0x48, 0x21, 0x0a, 0xb4, 0x7b, 0x6a, 0x67, 0xda, 0x33, 0xd3, 0xdd, 0xe9, 0xaa, 0x19, + 0x7b, 0x24, 0x82, 0x82, 0x10, 0x12, 0x4f, 0x09, 0x84, 0x10, 0x57, 0x0e, 0x9c, 0x10, 0x12, 0x12, + 0xe2, 0x84, 0xc4, 0x01, 0x0e, 0xc8, 0x37, 0x72, 0x00, 0x11, 0x05, 0xb4, 0xc2, 0x9b, 0x4b, 0x24, + 0x0e, 0x9c, 0xb8, 0xe4, 0x84, 0xea, 0xd1, 0x5d, 0xd5, 0x3d, 0xbb, 0xec, 0xae, 0x67, 0x6c, 0xc8, + 0xad, 0xfb, 0xff, 0xff, 0xfe, 0xbf, 0xbf, 0xfe, 0xfa, 0xeb, 0x7f, 0x54, 0xc3, 0x46, 0xc7, 0x63, + 0xdd, 0xe1, 0xed, 0x9a, 0x1b, 0x0c, 0xea, 0x4e, 0xd4, 0x09, 0xc2, 0x28, 0xb8, 0x23, 0x1e, 0x9e, + 0x73, 0xdb, 0xf5, 0xb0, 0xd7, 0xa9, 0x3b, 0xa1, 0x47, 0xeb, 0x4e, 0x18, 0xf6, 0x3d, 0xd7, 0x61, + 0x5e, 0xe0, 0xd7, 0x47, 0xe7, 0x9c, 0x7e, 0xd8, 0x75, 0xce, 0xd5, 0x3b, 0xc4, 0x27, 0x91, 0xc3, + 0x48, 0xbb, 0x16, 0x46, 0x01, 0x0b, 0xd0, 0x67, 0xb5, 0xaa, 0x5a, 0xac, 0x4a, 0x3c, 0x7c, 0xc5, + 0x6d, 0xd7, 0xc2, 0x5e, 0xa7, 0xc6, 0x55, 0xd5, 0x0c, 0x55, 0xb5, 0x58, 0xd5, 0xe9, 0xe7, 0x0c, + 0x2b, 0x3a, 0x41, 0x27, 0xa8, 0x0b, 0x8d, 0xb7, 0x87, 0x3b, 0xe2, 0x4d, 0xbc, 0x88, 0x27, 0x89, + 0x74, 0xfa, 0x53, 0xbd, 0x8b, 0xb4, 0xe6, 0x05, 0xdc, 0xb6, 0x81, 0xe3, 0x76, 0x3d, 0x9f, 0x44, + 0x63, 0x6d, 0xec, 0x80, 0x30, 0xa7, 0x3e, 0x9a, 0xb0, 0xef, 0x74, 0xfd, 0xa0, 0xaf, 0xa2, 0xa1, + 0xcf, 0xbc, 0x01, 0x99, 0xf8, 0xe0, 0xd3, 0x87, 0x7d, 0x40, 0xdd, 0x2e, 0x19, 0x38, 0x13, 0xdf, + 0x7d, 0xf2, 0xa0, 0xef, 0x86, 0xcc, 0xeb, 0xd7, 0x3d, 0x9f, 0x51, 0x16, 0x65, 0x3f, 0xb2, 0xff, + 0x66, 0x01, 0x5c, 0x0a, 0xc3, 0xad, 0x28, 0xb8, 0x43, 0x5c, 0x86, 0xbe, 0x0a, 0x65, 0xbe, 0x8e, + 0xb6, 0xc3, 0x9c, 0x65, 0x6b, 0xcd, 0x3a, 0x5b, 0x3d, 0xff, 0x89, 0x9a, 0x54, 0x5b, 0x33, 0xd5, + 0x6a, 0xbf, 0x72, 0xe9, 0xda, 0xe8, 0x5c, 0xed, 0xd6, 0x6d, 0xfe, 0xfd, 0x0d, 0xc2, 0x9c, 0x06, + 0xba, 0xbf, 0xbb, 0x7a, 0x62, 0x6f, 0x77, 0x15, 0x34, 0x0d, 0x27, 0x5a, 0x51, 0x0f, 0x0a, 0x34, + 0x24, 0xee, 0x72, 0x4e, 0x68, 0xdf, 0xa8, 0x3d, 0xf4, 0xee, 0xd5, 0xb4, 0xd9, 0xad, 0x90, 0xb8, + 0x8d, 0x79, 0x05, 0x5b, 0xe0, 0x6f, 0x58, 0x80, 0xd8, 0x6f, 0x5b, 0xb0, 0xa8, 0xc5, 0xae, 0x7b, + 0x94, 0xa1, 0x57, 0x26, 0x56, 0x58, 0x3b, 0xda, 0x0a, 0xf9, 0xd7, 0x62, 0x7d, 0x27, 0x15, 0x50, + 0x39, 0xa6, 0x18, 0xab, 0xbb, 0x03, 0x45, 0x8f, 0x91, 0x01, 0x5d, 0xce, 0xad, 0xe5, 0xcf, 0x56, + 0xcf, 0x5f, 0x9e, 0xc9, 0xf2, 0x1a, 0x0b, 0x0a, 0xb1, 0xb8, 0xc1, 0x75, 0x63, 0x09, 0x61, 0xff, + 0x3b, 0x67, 0x2e, 0x8e, 0xaf, 0x1a, 0x9d, 0x83, 0x2a, 0x0d, 0x86, 0x91, 0x4b, 0x30, 0x09, 0x03, + 0xba, 0x6c, 0xad, 0xe5, 0xcf, 0x56, 0x1a, 0x4b, 0x7b, 0xbb, 0xab, 0xd5, 0x96, 0x26, 0x63, 0x53, + 0x06, 0x7d, 0xcf, 0x82, 0xf9, 0x36, 0xa1, 0xcc, 0xf3, 0x05, 0x7e, 0x6c, 0xf9, 0x97, 0xa6, 0xb3, + 0x3c, 0x26, 0xae, 0x6b, 0xcd, 0x8d, 0x27, 0xd5, 0x2a, 0xe6, 0x0d, 0x22, 0xc5, 0x29, 0x70, 0x74, + 0x01, 0xaa, 0x6d, 0x42, 0xdd, 0xc8, 0x0b, 0xf9, 0xfb, 0x72, 0x7e, 0xcd, 0x3a, 0x5b, 0x69, 0x3c, + 0xa1, 0x3e, 0xac, 0xae, 0x6b, 0x16, 0x36, 0xe5, 0x50, 0x0f, 0x8a, 0x51, 0xd0, 0x27, 0x74, 0xb9, + 0x20, 0x8c, 0xbf, 0x32, 0x85, 0xf1, 0xca, 0x9d, 0x38, 0xe8, 0x13, 0xed, 0x77, 0xfe, 0x46, 0xb1, + 0xc4, 0xb0, 0xff, 0x98, 0x87, 0xaa, 0xb1, 0xc4, 0xc7, 0x70, 0x66, 0xfa, 0xa9, 0x33, 0x73, 0x6d, + 0x36, 0x5b, 0x73, 0xd0, 0xa1, 0x41, 0x0c, 0x4a, 0x94, 0x39, 0x6c, 0x48, 0x85, 0xfb, 0xab, 0xe7, + 0xaf, 0xcf, 0x08, 0x4f, 0xe8, 0x6c, 0x2c, 0x2a, 0xc4, 0x92, 0x7c, 0xc7, 0x0a, 0x0b, 0xbd, 0x06, + 0x95, 0x20, 0xe4, 0xa9, 0x89, 0xef, 0x7b, 0x41, 0x00, 0xaf, 0x4f, 0x01, 0x7c, 0x2b, 0xd6, 0xd5, + 0x58, 0xd8, 0xdb, 0x5d, 0xad, 0x24, 0xaf, 0x58, 0xa3, 0xd8, 0x2e, 0x3c, 0x69, 0xd8, 0xd7, 0x0c, + 0xfc, 0xb6, 0x27, 0x36, 0x74, 0x0d, 0x0a, 0x6c, 0x1c, 0x12, 0xb1, 0x99, 0x15, 0xed, 0xa2, 0xed, + 0x71, 0x48, 0xb0, 0xe0, 0xa0, 0x8f, 0xc1, 0xdc, 0x80, 0x50, 0xea, 0x74, 0x88, 0xd8, 0x93, 0x4a, + 0x63, 0x49, 0x09, 0xcd, 0xdd, 0x90, 0x64, 0x1c, 0xf3, 0xed, 0xd7, 0xe0, 0xe9, 0xfd, 0xcf, 0x03, + 0xfa, 0x08, 0x94, 0x28, 0x89, 0x46, 0x24, 0x52, 0x40, 0xda, 0x33, 0x82, 0x8a, 0x15, 0x17, 0xd5, + 0xa1, 0xe2, 0x3b, 0x03, 0x42, 0x43, 0xc7, 0x8d, 0xe1, 0x4e, 0x29, 0xd1, 0xca, 0xcd, 0x98, 0x81, + 0xb5, 0x8c, 0xfd, 0x77, 0x0b, 0x96, 0x0c, 0xcc, 0xc7, 0x90, 0xf6, 0x7a, 0xe9, 0xb4, 0x77, 0x65, + 0x36, 0x11, 0x73, 0x40, 0xde, 0xfb, 0x7d, 0x1e, 0x4e, 0x99, 0x71, 0x25, 0x92, 0x19, 0xdf, 0x92, + 0x88, 0x84, 0xc1, 0x0b, 0xf8, 0xba, 0x72, 0x67, 0xb2, 0x25, 0x58, 0x92, 0x71, 0xcc, 0xe7, 0xfb, + 0x1b, 0x3a, 0xac, 0xab, 0x7c, 0x99, 0xec, 0xef, 0x96, 0xc3, 0xba, 0x58, 0x70, 0x78, 0x1a, 0x22, + 0xfe, 0xc8, 0x8b, 0x02, 0x7f, 0x40, 0x7c, 0x96, 0x4d, 0x43, 0x97, 0x35, 0x0b, 0x9b, 0x72, 0xe8, + 0x8b, 0xb0, 0xc8, 0x9c, 0xa8, 0x43, 0x18, 0x26, 0x23, 0x8f, 0xc6, 0x81, 0x5c, 0x69, 0x3c, 0xad, + 0xbe, 0x5c, 0xdc, 0x4e, 0x71, 0x71, 0x46, 0x1a, 0xfd, 0xc6, 0x82, 0x67, 0xdc, 0x60, 0x10, 0x06, + 0x3e, 0xf1, 0xd9, 0x96, 0x13, 0x39, 0x03, 0xc2, 0x48, 0x74, 0x6b, 0x44, 0xa2, 0xc8, 0x6b, 0x13, + 0xba, 0x5c, 0x14, 0xde, 0xbd, 0x31, 0x85, 0x77, 0x9b, 0x13, 0xda, 0x1b, 0x67, 0x94, 0x71, 0xcf, + 0x34, 0x0f, 0x46, 0xc6, 0xff, 0xcd, 0x2c, 0x5e, 0x75, 0x46, 0x4e, 0x7f, 0x48, 0xe8, 0x15, 0x8f, + 0xe7, 0xe0, 0x92, 0xae, 0x3a, 0x2f, 0x6a, 0x32, 0x36, 0x65, 0xec, 0xdf, 0xe5, 0x52, 0x21, 0xda, + 0x8a, 0xf3, 0x8e, 0xd8, 0x4b, 0x15, 0xa0, 0xb3, 0xca, 0x3b, 0x42, 0xa7, 0x71, 0xba, 0x64, 0xf1, + 0x53, 0x58, 0xe8, 0xdb, 0x96, 0x28, 0x39, 0xf1, 0xa9, 0x54, 0x39, 0xf6, 0x11, 0x94, 0x3f, 0xb3, + 0x8a, 0xc5, 0x44, 0x6c, 0x42, 0xf3, 0x10, 0x0e, 0x65, 0xf5, 0x51, 0x11, 0x97, 0x84, 0x70, 0x5c, + 0x94, 0x62, 0xbe, 0xfd, 0xb3, 0x52, 0xfa, 0x0c, 0xc8, 0x1c, 0xfa, 0x23, 0x0b, 0x4e, 0xf2, 0x8d, + 0x72, 0x22, 0x8f, 0x06, 0x3e, 0x26, 0x74, 0xd8, 0x67, 0xca, 0x99, 0x9b, 0x53, 0x06, 0x8d, 0xa9, + 0xb2, 0xb1, 0xac, 0xec, 0x3a, 0x99, 0xe5, 0xe0, 0x09, 0x78, 0xc4, 0x60, 0xae, 0xeb, 0x51, 0x16, + 0x44, 0x63, 0x95, 0x1c, 0xa6, 0x69, 0xf9, 0xd6, 0x49, 0xd8, 0x0f, 0xc6, 0xfc, 0xac, 0x6d, 0xf8, + 0x3b, 0x81, 0xf6, 0xcf, 0x55, 0x89, 0x80, 0x63, 0x28, 0xf4, 0x0d, 0x0b, 0x20, 0x8c, 0x23, 0x95, + 0x17, 0xb2, 0x47, 0x70, 0x70, 0x92, 0x9a, 0x9d, 0x90, 0x28, 0x36, 0x40, 0x51, 0x00, 0xa5, 0x2e, + 0x71, 0xfa, 0xac, 0xab, 0xca, 0xd9, 0xf3, 0x53, 0xc0, 0x5f, 0x15, 0x8a, 0xb2, 0x25, 0x54, 0x52, + 0xb1, 0x82, 0x41, 0xdf, 0xb2, 0x60, 0x31, 0xa9, 0x6e, 0x5c, 0x96, 0x2c, 0x17, 0xa7, 0xee, 0xb2, + 0x6f, 0xa5, 0x14, 0x36, 0x10, 0x4f, 0x63, 0x69, 0x1a, 0xce, 0x80, 0xa2, 0x6f, 0x5a, 0x00, 0x6e, + 0x5c, 0x4d, 0x65, 0x3e, 0xa8, 0x9e, 0xbf, 0x35, 0x9b, 0x13, 0x95, 0x54, 0x69, 0xed, 0xfe, 0x84, + 0x44, 0xb1, 0x01, 0x6b, 0xbf, 0x63, 0xc1, 0x53, 0xc6, 0x87, 0x2f, 0x39, 0xcc, 0xed, 0x5e, 0x1e, + 0xf1, 0x34, 0xbd, 0x99, 0xaa, 0xef, 0x9f, 0x31, 0xeb, 0xfb, 0x7b, 0xbb, 0xab, 0x1f, 0x3d, 0x68, + 0x8c, 0xba, 0xcb, 0x35, 0xd4, 0x84, 0x0a, 0xa3, 0x15, 0x78, 0x1d, 0xaa, 0x86, 0xcd, 0x2a, 0x7d, + 0xcc, 0xaa, 0x00, 0x26, 0x39, 0xc3, 0x20, 0x62, 0x13, 0xcf, 0xfe, 0x4b, 0x0e, 0xe6, 0x9a, 0xfd, + 0x21, 0x65, 0x24, 0x3a, 0x72, 0x43, 0xb1, 0x06, 0x05, 0xde, 0x2c, 0x64, 0xeb, 0x1f, 0xef, 0x25, + 0xb0, 0xe0, 0xa0, 0x10, 0x4a, 0x6e, 0xe0, 0xef, 0x78, 0x1d, 0xd5, 0x02, 0x5e, 0x9d, 0xe6, 0xe4, + 0x48, 0xeb, 0x9a, 0x42, 0x9f, 0xb6, 0x49, 0xbe, 0x63, 0x85, 0x83, 0x7e, 0x60, 0xc1, 0x92, 0x1b, + 0xf8, 0x3e, 0x71, 0x75, 0xf0, 0x16, 0xa6, 0x6e, 0x77, 0x9b, 0x69, 0x8d, 0x8d, 0x0f, 0x28, 0xf4, + 0xa5, 0x0c, 0x03, 0x67, 0xb1, 0xed, 0x5f, 0xe7, 0x60, 0x21, 0x65, 0x39, 0x7a, 0x16, 0xca, 0x43, + 0x4a, 0x22, 0xe1, 0x39, 0xe9, 0xdf, 0xa4, 0x23, 0x7a, 0x41, 0xd1, 0x71, 0x22, 0xc1, 0xa5, 0x43, + 0x87, 0xd2, 0xbb, 0x41, 0xd4, 0x56, 0x7e, 0x4e, 0xa4, 0xb7, 0x14, 0x1d, 0x27, 0x12, 0xbc, 0xdf, + 0xb8, 0x4d, 0x9c, 0x88, 0x44, 0xdb, 0x41, 0x8f, 0x4c, 0x8c, 0x3d, 0x0d, 0xcd, 0xc2, 0xa6, 0x9c, + 0x70, 0x1a, 0xeb, 0xd3, 0x66, 0xdf, 0x23, 0x3e, 0x93, 0x66, 0xce, 0xc0, 0x69, 0xdb, 0xd7, 0x5b, + 0xa6, 0x46, 0xed, 0xb4, 0x0c, 0x03, 0x67, 0xb1, 0xed, 0x3f, 0x5b, 0x50, 0x55, 0x4e, 0x7b, 0x0c, + 0x4d, 0x67, 0x27, 0xdd, 0x74, 0x36, 0xa6, 0x8f, 0xd1, 0x03, 0x1a, 0xce, 0x5f, 0xe6, 0x61, 0xa2, + 0xd2, 0xa1, 0x57, 0x79, 0x8e, 0xe3, 0x34, 0xd2, 0xbe, 0x14, 0x17, 0xd9, 0x8f, 0x1f, 0x6d, 0x75, + 0xdb, 0xde, 0x80, 0x98, 0xe9, 0x2b, 0xd6, 0x82, 0x0d, 0x8d, 0xe8, 0x0d, 0x4b, 0x03, 0x6c, 0x07, + 0x2a, 0xaf, 0xcc, 0xb6, 0x25, 0x9a, 0x30, 0x61, 0x3b, 0xc0, 0x06, 0x26, 0xfa, 0x5c, 0x32, 0x08, + 0x16, 0x45, 0x40, 0xda, 0xe9, 0xd1, 0xed, 0xbd, 0x54, 0x03, 0x90, 0x19, 0xe7, 0xc6, 0x50, 0x89, + 0x88, 0x6c, 0xb1, 0xe2, 0x0a, 0x30, 0x4d, 0x12, 0xc1, 0x4a, 0x97, 0x3c, 0xc6, 0xc9, 0xf8, 0x13, + 0x93, 0x29, 0xd6, 0x68, 0xf6, 0xf7, 0x2d, 0x40, 0x93, 0xe5, 0x9a, 0x8f, 0x51, 0x49, 0x13, 0xab, + 0x0e, 0x70, 0xa2, 0x27, 0x11, 0xc7, 0x5a, 0xe6, 0x08, 0x69, 0xf2, 0x0c, 0x14, 0x45, 0x53, 0xab, + 0x0e, 0x6c, 0x12, 0x3d, 0xa2, 0xed, 0xc5, 0x92, 0x67, 0xff, 0xc1, 0x82, 0x6c, 0xba, 0x11, 0x99, + 0x5a, 0x7a, 0x36, 0x9b, 0xa9, 0xd3, 0x5e, 0x3c, 0xfa, 0x9c, 0x89, 0x5e, 0x81, 0xaa, 0xc3, 0x18, + 0x19, 0x84, 0x4c, 0x04, 0x64, 0xfe, 0xd8, 0x01, 0xb9, 0xc8, 0x23, 0xe1, 0x46, 0xd0, 0xf6, 0x76, + 0x3c, 0x11, 0x8c, 0xa6, 0x3a, 0xfb, 0xdd, 0x3c, 0x2c, 0xa6, 0x9b, 0x2f, 0x34, 0x84, 0x92, 0x68, + 0x76, 0xe4, 0x35, 0xd3, 0xcc, 0xbb, 0xab, 0xc4, 0x25, 0x82, 0x44, 0xb1, 0x02, 0xe3, 0x89, 0x35, + 0x8a, 0xa7, 0xab, 0x4c, 0x62, 0x4d, 0xe6, 0xaa, 0x44, 0xe2, 0xd0, 0x89, 0x2a, 0xff, 0xff, 0x39, + 0x51, 0xbd, 0x0a, 0xd0, 0x16, 0xde, 0x16, 0x7b, 0x59, 0x78, 0xf8, 0xe4, 0xb2, 0x9e, 0x68, 0xc1, + 0x86, 0x46, 0x74, 0x1a, 0x72, 0x5e, 0x5b, 0x9c, 0xea, 0x7c, 0x03, 0x94, 0x6c, 0x6e, 0x63, 0x1d, + 0xe7, 0xbc, 0xb6, 0x4d, 0x61, 0xde, 0xec, 0x36, 0x8f, 0x1c, 0xab, 0x9f, 0x87, 0x05, 0xf9, 0xb4, + 0x4e, 0x98, 0xe3, 0xf5, 0xa9, 0xda, 0x9d, 0xa7, 0x94, 0xf8, 0x42, 0xcb, 0x64, 0xe2, 0xb4, 0xac, + 0xfd, 0xd3, 0x1c, 0xc0, 0xd5, 0x20, 0xe8, 0x29, 0xcc, 0xf8, 0xe8, 0x59, 0x07, 0x1e, 0xbd, 0x35, + 0x28, 0xf4, 0x3c, 0xbf, 0x9d, 0x3d, 0x9c, 0x9b, 0x9e, 0xdf, 0xc6, 0x82, 0x83, 0xce, 0x03, 0x38, + 0xa1, 0xf7, 0x22, 0x89, 0xa8, 0xbe, 0x49, 0x4c, 0xfc, 0x72, 0x69, 0x6b, 0x43, 0x71, 0xb0, 0x21, + 0x85, 0x9e, 0x55, 0x9d, 0xa1, 0x1c, 0xdb, 0x97, 0x33, 0x9d, 0x61, 0x99, 0x5b, 0x68, 0xb4, 0x7e, + 0x17, 0x33, 0xf9, 0x71, 0x6d, 0x22, 0x3f, 0xea, 0x4e, 0x79, 0xab, 0xeb, 0x50, 0xb2, 0xdf, 0xb9, + 0x2e, 0x1d, 0x72, 0x7f, 0xd4, 0x82, 0xf2, 0xb5, 0x97, 0xb6, 0x65, 0xbd, 0xb7, 0x21, 0xef, 0x39, + 0x32, 0x79, 0xe5, 0x75, 0xd8, 0x6f, 0x50, 0x3a, 0x14, 0x3b, 0xcc, 0x99, 0xe8, 0x0c, 0xe4, 0xc9, + 0xbd, 0x50, 0xf8, 0x25, 0xaf, 0x13, 0xdc, 0xe5, 0x7b, 0xa1, 0x17, 0x11, 0xca, 0x85, 0xc8, 0xbd, + 0xd0, 0xfe, 0xa7, 0x05, 0xfa, 0x4a, 0x0c, 0xed, 0x40, 0x81, 0x8e, 0x7d, 0x57, 0x15, 0xb1, 0x69, + 0xd2, 0x74, 0x6b, 0xec, 0xbb, 0xfa, 0xe6, 0xad, 0x2c, 0x2e, 0x16, 0xc7, 0xbe, 0x8b, 0x85, 0x7e, + 0x34, 0x82, 0x72, 0x14, 0xf4, 0xfb, 0xb7, 0x1d, 0xb7, 0x37, 0x83, 0x7a, 0x86, 0x95, 0x2a, 0x8d, + 0x37, 0x2f, 0x92, 0x80, 0x22, 0xe3, 0x04, 0xcb, 0xfe, 0x55, 0x11, 0x32, 0x23, 0x0b, 0x1a, 0x9a, + 0xb7, 0x8d, 0xd6, 0x0c, 0x6f, 0x1b, 0x13, 0x8f, 0xef, 0x77, 0xe3, 0x88, 0x2e, 0x40, 0x31, 0xe4, + 0x81, 0xa0, 0xc2, 0x76, 0x35, 0x2e, 0x18, 0x22, 0x3a, 0xf6, 0x89, 0x17, 0x29, 0x6d, 0x86, 0x4b, + 0xfe, 0x90, 0x32, 0xf0, 0x75, 0x00, 0xee, 0x6b, 0x35, 0xfb, 0xcb, 0xcc, 0x71, 0x73, 0x56, 0x3b, + 0xaa, 0xc6, 0x7f, 0x51, 0x29, 0x5a, 0x09, 0x0a, 0x36, 0x10, 0xd1, 0x77, 0x2d, 0x58, 0x8c, 0x1d, + 0xaf, 0x8c, 0x28, 0x3e, 0x12, 0x23, 0xc4, 0x20, 0x8a, 0x53, 0x48, 0x38, 0x83, 0x8c, 0xbe, 0x0c, + 0x15, 0xca, 0x9c, 0x48, 0x56, 0xc4, 0xd2, 0xb1, 0xb3, 0x68, 0xb2, 0x97, 0xad, 0x58, 0x09, 0xd6, + 0xfa, 0xd0, 0xcb, 0x00, 0x3b, 0x9e, 0xef, 0xd1, 0xae, 0xd0, 0x3e, 0xf7, 0x70, 0xf5, 0xf6, 0x4a, + 0xa2, 0x01, 0x1b, 0xda, 0xec, 0x3f, 0x59, 0x50, 0x35, 0x7e, 0x44, 0x1c, 0x21, 0x1f, 0x9e, 0x85, + 0x72, 0x18, 0xf4, 0x3d, 0xd7, 0x23, 0xb2, 0x1f, 0xae, 0xc8, 0xd3, 0xb0, 0xa5, 0x68, 0x38, 0xe1, + 0x22, 0x06, 0x95, 0x3b, 0x77, 0x99, 0x48, 0x28, 0x71, 0xfd, 0x6b, 0x4e, 0xb1, 0x37, 0x71, 0x72, + 0xd2, 0xde, 0x8a, 0x29, 0x14, 0x6b, 0x20, 0xfb, 0xaf, 0x39, 0x00, 0xf1, 0xc3, 0xc9, 0x13, 0xf7, + 0x33, 0x6b, 0x50, 0x88, 0x48, 0x18, 0x64, 0x17, 0xc4, 0x25, 0xb0, 0xe0, 0xa4, 0xc6, 0xad, 0xdc, + 0xb1, 0xc6, 0xad, 0xfc, 0xa1, 0xe3, 0x16, 0x2f, 0x55, 0xb4, 0xbb, 0x15, 0x79, 0x23, 0x87, 0x91, + 0x4d, 0x32, 0x56, 0xf9, 0x5e, 0x97, 0xaa, 0xd6, 0x55, 0xcd, 0xc4, 0x69, 0xd9, 0x7d, 0x27, 0xd5, + 0xe2, 0xff, 0x70, 0x52, 0x7d, 0xdb, 0x82, 0x45, 0xed, 0xd9, 0xf7, 0xd7, 0x3f, 0x4e, 0x6d, 0xf7, + 0x01, 0xa3, 0xd7, 0xbf, 0x2c, 0x58, 0x8a, 0x9b, 0x7c, 0xd5, 0x2b, 0xcc, 0xa4, 0x39, 0x48, 0xfd, + 0x53, 0xc9, 0x1f, 0xfe, 0x4f, 0xc5, 0x4c, 0xc1, 0x85, 0x43, 0x52, 0xf0, 0x17, 0x32, 0x6d, 0xc1, + 0x87, 0x26, 0xda, 0x02, 0x94, 0x8c, 0x33, 0x63, 0xdf, 0x4d, 0xb7, 0x51, 0xf6, 0x2f, 0x2c, 0x98, + 0x8f, 0xd9, 0x37, 0x83, 0xb6, 0x18, 0x32, 0xa8, 0x08, 0x32, 0x2b, 0x3d, 0x64, 0xc8, 0x70, 0x90, + 0x3c, 0x34, 0x84, 0xb2, 0xdb, 0xf5, 0xfa, 0xed, 0x88, 0xf8, 0x6a, 0x5b, 0x9e, 0x9f, 0xc1, 0xb4, + 0xc5, 0xf1, 0x75, 0x28, 0x34, 0x15, 0x00, 0x4e, 0xa0, 0xec, 0xdf, 0xe6, 0x61, 0x21, 0x35, 0x9a, + 0xa1, 0x0b, 0x50, 0x95, 0x3f, 0x35, 0x5a, 0x86, 0xcd, 0xc9, 0x4d, 0xc6, 0xb6, 0x66, 0x61, 0x53, + 0x8e, 0xef, 0x47, 0xdf, 0x1b, 0x49, 0x1d, 0xd9, 0x7f, 0x5c, 0xd7, 0x63, 0x06, 0xd6, 0x32, 0xc6, + 0x6c, 0x9a, 0x3f, 0xf6, 0x6c, 0xfa, 0x63, 0x0b, 0x90, 0x58, 0x02, 0xd7, 0x9c, 0x8c, 0x90, 0xea, + 0xdf, 0xf1, 0xcc, 0xfc, 0x76, 0x5a, 0x59, 0x84, 0x9a, 0x13, 0x50, 0x78, 0x1f, 0x78, 0xe3, 0xba, + 0xb8, 0xf8, 0x58, 0xae, 0x8b, 0xed, 0xaf, 0xc1, 0xa9, 0x89, 0x1e, 0x4a, 0x4d, 0x06, 0xd6, 0x7e, + 0x93, 0x01, 0x8f, 0xc4, 0x30, 0x1a, 0xfa, 0x72, 0x83, 0xca, 0x3a, 0x12, 0xb7, 0x38, 0x11, 0x4b, + 0x1e, 0x1f, 0x17, 0xda, 0xd1, 0x18, 0x0f, 0x65, 0xcb, 0x5d, 0xd6, 0xe8, 0xeb, 0x82, 0x8a, 0x15, + 0xd7, 0xfe, 0x4e, 0x0e, 0x16, 0x52, 0x75, 0x3d, 0x35, 0xd9, 0x59, 0x87, 0x4e, 0x76, 0xb3, 0x34, + 0x06, 0xbd, 0x0e, 0xf3, 0x54, 0x1c, 0xc5, 0xc8, 0x61, 0xa4, 0x33, 0x9e, 0xc1, 0x85, 0x7d, 0xcb, + 0x50, 0xd7, 0x38, 0xb9, 0xb7, 0xbb, 0x3a, 0x6f, 0x52, 0x70, 0x0a, 0xce, 0xfe, 0x79, 0x0e, 0x9e, + 0xd8, 0xa7, 0xc7, 0x41, 0x77, 0xcd, 0x4b, 0x14, 0x39, 0x65, 0x5f, 0x9b, 0x41, 0x78, 0xaa, 0x44, + 0x2a, 0xff, 0x8c, 0xef, 0x77, 0x85, 0x72, 0xcc, 0x21, 0x7b, 0x07, 0x8a, 0xdd, 0x20, 0xe8, 0xc5, + 0xdd, 0xc4, 0x34, 0x05, 0x41, 0xcf, 0x80, 0x8d, 0x0a, 0xdf, 0x4d, 0xfe, 0x4e, 0xb1, 0x54, 0x6f, + 0xbf, 0x6b, 0x41, 0xca, 0x8b, 0x68, 0x00, 0x45, 0xae, 0x65, 0x3c, 0x83, 0x1f, 0x86, 0xa6, 0xde, + 0x4b, 0x5c, 0xa7, 0xc4, 0x17, 0x8f, 0x58, 0xa2, 0x20, 0x0f, 0x0a, 0xdc, 0x10, 0x35, 0xbb, 0x6c, + 0xce, 0x08, 0x8d, 0x2f, 0x51, 0x8e, 0x4a, 0xfc, 0x09, 0x0b, 0x08, 0xfb, 0x22, 0x9c, 0x9a, 0xb0, + 0x88, 0x87, 0xfc, 0x4e, 0x10, 0xff, 0x1f, 0x35, 0x42, 0xfe, 0x0a, 0x27, 0x62, 0xc9, 0xe3, 0xf5, + 0xe3, 0x64, 0x56, 0x3d, 0xfa, 0x89, 0x05, 0xa7, 0x68, 0x56, 0xdf, 0x23, 0xf1, 0xda, 0x07, 0x95, + 0x51, 0x93, 0xe6, 0xe3, 0x49, 0x0b, 0xf8, 0x8e, 0x66, 0x6f, 0x95, 0x79, 0xec, 0x79, 0x3e, 0x25, + 0xee, 0x30, 0x8a, 0x17, 0xaa, 0x27, 0x5d, 0x45, 0xc7, 0x89, 0x04, 0x9f, 0xf2, 0xe5, 0x5f, 0x8d, + 0x9b, 0xba, 0x51, 0x4c, 0xa6, 0xfc, 0x56, 0xc2, 0xc1, 0x86, 0x14, 0xef, 0x95, 0x5d, 0x12, 0xb1, + 0x75, 0xde, 0x1e, 0xf1, 0xbc, 0x30, 0x2f, 0x7b, 0xe5, 0xa6, 0xa2, 0xe1, 0x84, 0x8b, 0x3e, 0x0c, + 0x73, 0x3d, 0x32, 0x16, 0x82, 0x05, 0x21, 0x58, 0xe5, 0x15, 0x7f, 0x53, 0x92, 0x70, 0xcc, 0x43, + 0x36, 0x94, 0x5c, 0x47, 0x48, 0x15, 0x85, 0x14, 0x88, 0x1f, 0x1c, 0x97, 0x84, 0x90, 0xe2, 0x34, + 0x6a, 0xf7, 0x1f, 0xac, 0x9c, 0x78, 0xf3, 0xc1, 0xca, 0x89, 0xb7, 0x1e, 0xac, 0x9c, 0x78, 0x63, + 0x6f, 0xc5, 0xba, 0xbf, 0xb7, 0x62, 0xbd, 0xb9, 0xb7, 0x62, 0xbd, 0xb5, 0xb7, 0x62, 0xfd, 0x63, + 0x6f, 0xc5, 0xfa, 0xe1, 0x3b, 0x2b, 0x27, 0x5e, 0x2e, 0xc7, 0xae, 0xfd, 0x4f, 0x00, 0x00, 0x00, + 0xff, 0xff, 0x2d, 0x35, 0xcf, 0x09, 0x22, 0x29, 0x00, 0x00, } diff --git a/pkg/apis/application/v1alpha1/generated.proto b/pkg/apis/application/v1alpha1/generated.proto index ece09b8e69957..7898ba6d583f9 100644 --- a/pkg/apis/application/v1alpha1/generated.proto +++ b/pkg/apis/application/v1alpha1/generated.proto @@ -299,7 +299,7 @@ message ProjectRole { // Policies Stores a list of casbin formated strings that define access policies for the role in the project. repeated string policies = 2; - repeated JWTToken JWTTokens = 3; + repeated JWTToken jwtTokens = 3; } // Repository is a Git repository holding application configurations @@ -370,7 +370,7 @@ message SyncOperation { // Prune deletes resources that are no longer tracked in git optional bool prune = 2; - // DryRun will perform a `kubectl apply --dry-rudn` without actually performing the sync + // DryRun will perform a `kubectl apply --dry-run` without actually performing the sync optional bool dryRun = 3; // SyncStrategy describes how to perform the sync diff --git a/pkg/apis/application/v1alpha1/types.go b/pkg/apis/application/v1alpha1/types.go index 4d6973e8af8cf..cde02d947b0b3 100644 --- a/pkg/apis/application/v1alpha1/types.go +++ b/pkg/apis/application/v1alpha1/types.go @@ -20,7 +20,7 @@ type SyncOperation struct { Revision string `json:"revision,omitempty" protobuf:"bytes,1,opt,name=revision"` // Prune deletes resources that are no longer tracked in git Prune bool `json:"prune,omitempty" protobuf:"bytes,2,opt,name=prune"` - // DryRun will perform a `kubectl apply --dry-rudn` without actually performing the sync + // DryRun will perform a `kubectl apply --dry-run` without actually performing the sync DryRun bool `json:"dryRun,omitempty" protobuf:"bytes,3,opt,name=dryRun"` // SyncStrategy describes how to perform the sync SyncStrategy *SyncStrategy `json:"syncStrategy,omitempty" protobuf:"bytes,4,opt,name=syncStrategy"` @@ -443,7 +443,7 @@ type AppProject struct { Spec AppProjectSpec `json:"spec" protobuf:"bytes,2,opt,name=spec"` } -//ProjectPoliciesString returns Casabin formated string of a project's polcies for each role +// ProjectPoliciesString returns Casbin formated string of a project's polcies for each role func (proj *AppProject) ProjectPoliciesString() string { var policies []string for _, role := range proj.Spec.Roles { @@ -471,7 +471,7 @@ type ProjectRole struct { Name string `json:"name" protobuf:"bytes,1,opt,name=name"` // Policies Stores a list of casbin formated strings that define access policies for the role in the project. Policies []string `json:"policies" protobuf:"bytes,2,rep,name=policies"` - JWTTokens []JWTToken `json:"JWTTokens" protobuf:"bytes,3,rep,name=JWTTokens"` + JWTTokens []JWTToken `json:"jwtTokens" protobuf:"bytes,3,rep,name=jwtTokens"` } // JWTToken holds the issuedAt and expiresAt values of a token diff --git a/server/server.go b/server/server.go index f2016d034e75d..aacbc7ea04da4 100644 --- a/server/server.go +++ b/server/server.go @@ -336,7 +336,7 @@ func (a *ArgoCDServer) newGRPCServer() *grpc.Server { grpc_util.ErrorCodeUnaryServerInterceptor(), grpc_util.PanicLoggerUnaryServerInterceptor(a.log), ))) - a.enf.SetClaimsEnforcerFunc(DefaultEnforceClaims(a.enf, a.AppClientset, a.Namespace)) + a.enf.SetClaimsEnforcerFunc(EnforceClaims(a.enf, a.AppClientset, a.Namespace)) grpcS := grpc.NewServer(sOpts...) db := db.NewDB(a.Namespace, a.KubeClientset) clusterService := cluster.NewServer(db, a.enf) @@ -598,7 +598,7 @@ func bug21955WorkaroundInterceptor(ctx context.Context, req interface{}, _ *grpc return handler(ctx, req) } -func DefaultEnforceClaims(enf *rbac.Enforcer, a appclientset.Interface, namespace string) func(rvals ...interface{}) bool { +func EnforceClaims(enf *rbac.Enforcer, a appclientset.Interface, namespace string) func(rvals ...interface{}) bool { return func(rvals ...interface{}) bool { claims, ok := rvals[0].(jwt.Claims) if !ok { @@ -624,14 +624,14 @@ func DefaultEnforceClaims(enf *rbac.Enforcer, a appclientset.Interface, namespac user := jwtutil.GetField(mapClaims, "sub") if strings.HasPrefix(user, "proj:") { - return enforceJWTToken(enf, a, namespace, user, mapClaims, rvals...) + return enforceProjectToken(enf, a, namespace, user, mapClaims, rvals...) } vals := append([]interface{}{user}, rvals[1:]...) return enf.Enforce(vals...) } } -func enforceJWTToken(enf *rbac.Enforcer, a appclientset.Interface, namespace string, user string, claims jwt.MapClaims, rvals ...interface{}) bool { +func enforceProjectToken(enf *rbac.Enforcer, a appclientset.Interface, namespace string, user string, claims jwt.MapClaims, rvals ...interface{}) bool { userSplit := strings.Split(user, ":") if len(userSplit) != 3 { return false diff --git a/server/server_test.go b/server/server_test.go index 26557a25cc9cf..46a564a1446a4 100644 --- a/server/server_test.go +++ b/server/server_test.go @@ -52,7 +52,7 @@ func fakeSecret(policy ...string) *apiv1.Secret { return &secret } -func TestEnforceJWTToken(t *testing.T) { +func TestEnforceProjectToken(t *testing.T) { projectName := "testProj" roleName := "testRole" subFormat := "proj:%s:%s" @@ -76,14 +76,14 @@ func TestEnforceJWTToken(t *testing.T) { secret := fakeSecret() kubeclientset := fake.NewSimpleClientset(cm, secret) - t.Run("TestEnforceJWTTokenSuccessful", func(t *testing.T) { + t.Run("TestEnforceProjectTokenSuccessful", func(t *testing.T) { s := NewServer(ArgoCDServerOpts{Namespace: fakeNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj)}) s.newGRPCServer() claims := jwt.MapClaims{"sub": defaultSub, "iat": defaultIssuedAt} assert.True(t, s.enf.EnforceClaims(claims, "applications", "get", defaultTestObject)) }) - t.Run("TestEnforceJWTTokenWithDiffCreateAtFailure", func(t *testing.T) { + t.Run("TestEnforceProjectTokenWithDiffCreateAtFailure", func(t *testing.T) { s := NewServer(ArgoCDServerOpts{Namespace: fakeNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj)}) s.newGRPCServer() diffCreateAt := defaultIssuedAt + 1 @@ -91,7 +91,7 @@ func TestEnforceJWTToken(t *testing.T) { assert.False(t, s.enf.EnforceClaims(claims, "applications", "get", defaultTestObject)) }) - t.Run("TestEnforceJWTTokenIncorrectSubFormatFailure", func(t *testing.T) { + t.Run("TestEnforceProjectTokenIncorrectSubFormatFailure", func(t *testing.T) { s := NewServer(ArgoCDServerOpts{Namespace: fakeNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj)}) s.newGRPCServer() invalidSub := "proj:test" @@ -99,7 +99,7 @@ func TestEnforceJWTToken(t *testing.T) { assert.False(t, s.enf.EnforceClaims(claims, "applications", "get", defaultTestObject)) }) - t.Run("TestEnforceJWTTokenNoTokenFailure", func(t *testing.T) { + t.Run("TestEnforceProjectTokenNoTokenFailure", func(t *testing.T) { s := NewServer(ArgoCDServerOpts{Namespace: fakeNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj)}) s.newGRPCServer() nonExistentToken := "fake-token" @@ -109,7 +109,7 @@ func TestEnforceJWTToken(t *testing.T) { assert.False(t, s.enf.EnforceClaims(claims, "applications", "get", defaultTestObject)) }) - t.Run("TestEnforceJWTTokenNotJWTTokenFailure", func(t *testing.T) { + t.Run("TestEnforceProjectTokenNotJWTTokenFailure", func(t *testing.T) { proj := existingProj.DeepCopy() proj.Spec.Roles[0].JWTTokens = nil s := NewServer(ArgoCDServerOpts{Namespace: fakeNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(proj)}) @@ -118,7 +118,7 @@ func TestEnforceJWTToken(t *testing.T) { assert.False(t, s.enf.EnforceClaims(claims, "applications", "get", defaultTestObject)) }) - t.Run("TestEnforceJWTTokenExplicitDeny", func(t *testing.T) { + t.Run("TestEnforceProjectTokenExplicitDeny", func(t *testing.T) { denyApp := "testDenyApp" allowPolicy := fmt.Sprintf(policyTemplate, defaultSub, projectName, defaultObject, defaultEffect) denyPolicy := fmt.Sprintf(policyTemplate, defaultSub, projectName, denyApp, "deny") @@ -142,7 +142,7 @@ func TestEnforceClaims(t *testing.T) { enf := rbac.NewEnforcer(kubeclientset, fakeNamespace, common.ArgoCDConfigMapName, nil) enf.SetBuiltinPolicy(box.String(builtinPolicyFile)) - enf.SetClaimsEnforcerFunc(DefaultEnforceClaims(enf, nil, fakeNamespace)) + enf.SetClaimsEnforcerFunc(EnforceClaims(enf, nil, fakeNamespace)) policy := ` g, org2:team2, role:admin g, bob, role:admin @@ -173,7 +173,7 @@ func TestDefaultRoleWithClaims(t *testing.T) { kubeclientset := fake.NewSimpleClientset() enf := rbac.NewEnforcer(kubeclientset, fakeNamespace, common.ArgoCDConfigMapName, nil) enf.SetBuiltinPolicy(box.String(builtinPolicyFile)) - enf.SetClaimsEnforcerFunc(DefaultEnforceClaims(enf, nil, fakeNamespace)) + enf.SetClaimsEnforcerFunc(EnforceClaims(enf, nil, fakeNamespace)) claims := jwt.MapClaims{"groups": []string{"org1:team1", "org2:team2"}} assert.False(t, enf.EnforceClaims(claims, "applications", "get", "foo/bar")) @@ -186,7 +186,7 @@ func TestEnforceNilClaims(t *testing.T) { kubeclientset := fake.NewSimpleClientset(fakeConfigMap()) enf := rbac.NewEnforcer(kubeclientset, fakeNamespace, common.ArgoCDConfigMapName, nil) enf.SetBuiltinPolicy(box.String(builtinPolicyFile)) - enf.SetClaimsEnforcerFunc(DefaultEnforceClaims(enf, nil, fakeNamespace)) + enf.SetClaimsEnforcerFunc(EnforceClaims(enf, nil, fakeNamespace)) assert.False(t, enf.EnforceClaims(nil, "applications", "get", "foo/obj")) enf.SetDefaultRole("role:readonly") assert.True(t, enf.EnforceClaims(nil, "applications", "get", "foo/obj")) diff --git a/server/swagger.json b/server/swagger.json index 4930724cf74b7..5aa7777a9b1a3 100644 --- a/server/swagger.json +++ b/server/swagger.json @@ -2376,7 +2376,7 @@ "type": "object", "title": "ProjectRole represents a role that has access to a project", "properties": { - "JWTTokens": { + "jwtTokens": { "type": "array", "items": { "$ref": "#/definitions/v1alpha1JWTToken" @@ -2513,7 +2513,7 @@ "dryRun": { "type": "boolean", "format": "boolean", - "title": "DryRun will perform a `kubectl apply --dry-rudn` without actually performing the sync" + "title": "DryRun will perform a `kubectl apply --dry-run` without actually performing the sync" }, "prune": { "type": "boolean", diff --git a/test/e2e/fixture.go b/test/e2e/fixture.go index 23450cf512f17..bc199f29afea8 100644 --- a/test/e2e/fixture.go +++ b/test/e2e/fixture.go @@ -259,7 +259,7 @@ func NewFixture() (*Fixture, error) { } db := db.NewDB(namespace, kubeClient) enforcer := rbac.NewEnforcer(kubeClient, namespace, common.ArgoCDRBACConfigMapName, nil) - enforcer.SetClaimsEnforcerFunc(server.DefaultEnforceClaims(enforcer, appClient, namespace)) + enforcer.SetClaimsEnforcerFunc(server.EnforceClaims(enforcer, appClient, namespace)) err = enforcer.SetBuiltinPolicy(test.BuiltinPolicy) if err != nil { return nil, err From 2841b89d1ada6e34a6a800ae555d35a861b990ec Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Mon, 13 Aug 2018 21:06:05 -0700 Subject: [PATCH 37/43] Refactor to make errors cleaner --- test/e2e/project_management_test.go | 25 +++++++------------------ util/session/sessionmanager.go | 6 +----- 2 files changed, 8 insertions(+), 23 deletions(-) diff --git a/test/e2e/project_management_test.go b/test/e2e/project_management_test.go index 4beee13376b34..48734ebcf9bdb 100644 --- a/test/e2e/project_management_test.go +++ b/test/e2e/project_management_test.go @@ -43,9 +43,7 @@ func TestProjectManagement(t *testing.T) { "-d", "https://192.168.99.100:8443,default", "-d", "https://192.168.99.100:8443,service", "-s", "https://github.com/argoproj/argo-cd.git") - if err != nil { - t.Fatalf("Unable to create project %v", err) - } + assert.Nil(t, err) proj, err := fixture.AppClient.ArgoprojV1alpha1().AppProjects(fixture.Namespace).Get(projectName, metav1.GetOptions{}) if err != nil { @@ -268,28 +266,19 @@ func TestProjectManagement(t *testing.T) { }, } _, err := fixture.AppClient.ArgoprojV1alpha1().AppProjects(fixture.Namespace).Create(&v1alpha1.AppProject{ObjectMeta: metav1.ObjectMeta{Name: projectName}}) - if err != nil { - t.Fatalf("Unable to create project %v", err) - } + assert.Nil(t, err) _, err = fixture.AppClient.ArgoprojV1alpha1().Applications(fixture.Namespace).Create(testApp) - if err != nil { - t.Fatalf("Unable to create app %v", err) - } + assert.Nil(t, err) _, err = fixture.RunCli("proj", "role", "create", projectName, roleName) - if err != nil { - t.Fatalf("Unable to get project %v", err) - } + assert.Nil(t, err) + _, err = fixture.RunCli("proj", "role", "create-token", projectName, roleName) - if err != nil { - t.Fatalf("Unable to get create token %v", err) - } + assert.Nil(t, err) _, err = fixture.RunCli("proj", "role", "add-policy", projectName, roleName, "-a", "get", "-o", "*", "-p", "allow") - if err != nil { - t.Fatalf("Unable to get add policy token %v", err) - } + assert.Nil(t, err) }) } diff --git a/util/session/sessionmanager.go b/util/session/sessionmanager.go index a4e187431ad1a..cbcfc33c69a7f 100644 --- a/util/session/sessionmanager.go +++ b/util/session/sessionmanager.go @@ -87,11 +87,7 @@ func (mgr *SessionManager) Create(subject string, secondsBeforeExpiry int64) (st claims.ExpiresAt = expires.Unix() } - token, err := mgr.signClaims(claims) - if err != nil { - return "", err - } - return token, nil + return mgr.signClaims(claims) } func (mgr *SessionManager) signClaims(claims jwt.Claims) (string, error) { From b2218a41f74a9bd93911a9241d7ebe2ed9734223 Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Mon, 13 Aug 2018 21:16:23 -0700 Subject: [PATCH 38/43] Rerun dep ensure after upgrading v5 --- Gopkg.lock | 374 +++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 331 insertions(+), 43 deletions(-) diff --git a/Gopkg.lock b/Gopkg.lock index 61bba59813815..b48deb6ded804 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -2,64 +2,83 @@ [[projects]] + digest = "1:9702dc153c9bb6ee7ee0587c248b7024700e89e4a7be284faaeeab9da32e1c6b" name = "cloud.google.com/go" packages = ["compute/metadata"] + pruneopts = "" revision = "767c40d6a2e058483c25fa193e963a22da17236d" version = "v0.18.0" [[projects]] + digest = "1:6204a59b379aadf05380cf8cf3ae0f5867588ba028fe84f260312a79ae717272" name = "github.com/GeertJohan/go.rice" packages = [ ".", - "embedded" + "embedded", ] + pruneopts = "" revision = "c02ca9a983da5807ddf7d796784928f5be4afd09" [[projects]] + digest = "1:8ec1618fc3ee146af104d6c13be250f25e5976e34557d4afbfe4b28035ce6c05" name = "github.com/Knetic/govaluate" packages = ["."] + pruneopts = "" revision = "d216395917cc49052c7c7094cf57f09657ca08a8" version = "v3.0.0" [[projects]] + digest = "1:71c0dfb843260bfb9b03357cae8eac261b8d82e149ad8f76938b87a23aa47c43" name = "github.com/PuerkitoBio/purell" packages = ["."] + pruneopts = "" revision = "b938d81255b5473c57635324295cb0fe398c7a58" [[projects]] branch = "master" + digest = "1:331a419049c2be691e5ba1d24342fc77c7e767a80c666a18fd8a9f7b82419c1c" name = "github.com/PuerkitoBio/urlesc" packages = ["."] + pruneopts = "" revision = "de5bf2ad457846296e2031421a34e2568e304e35" [[projects]] + digest = "1:26a8fd03a1fb25aa92c58080d8ca76363d56694c148f6175266e0393c0d2e729" name = "github.com/argoproj/argo" packages = [ "pkg/apis/workflow", - "pkg/apis/workflow/v1alpha1" + "pkg/apis/workflow/v1alpha1", ] + pruneopts = "" revision = "ac241c95c13f08e868cd6f5ee32c9ce273e239ff" version = "v2.1.1" [[projects]] branch = "master" + digest = "1:0667628f85b38f0422880ad3a503b1cf139bca5a817d29cd4e7ffccd5914869c" name = "github.com/argoproj/pkg" packages = ["time"] + pruneopts = "" revision = "881057947d921c5d62af84ad15cd3c6fb36d6077" [[projects]] + digest = "1:d8a2bb36a048d1571bcc1aee208b61f39dc16c6c53823feffd37449dde162507" name = "github.com/asaskevich/govalidator" packages = ["."] + pruneopts = "" revision = "ccb8e960c48f04d6935e72476ae4a51028f9e22f" version = "v9" [[projects]] + digest = "1:79421244ba5848aae4b0a5c41e633a04e4894cb0b164a219dc8c15ec7facb7f1" name = "github.com/blang/semver" packages = ["."] + pruneopts = "" revision = "2ee87856327ba09384cabd113bc6b5d174e9ec0f" version = "v3.5.1" [[projects]] + digest = "1:e04162bd6a6d4950541bae744c968108e14913b1cebccf29f7650b573f44adb3" name = "github.com/casbin/casbin" packages = [ ".", @@ -70,87 +89,113 @@ "persist/file-adapter", "rbac", "rbac/default-role-manager", - "util" + "util", ] + pruneopts = "" revision = "d71629e497929858300c38cd442098c178121c30" version = "v1.5.0" [[projects]] + digest = "1:65bad35bfcdd839cb26bb4ff31de49be39dd6bd2ade0c7c57d010f7d0412a4a5" name = "github.com/coreos/dex" packages = ["api"] + pruneopts = "" revision = "218d671a96865df2a4cf7f310efb99b8bfc5a5e2" version = "v2.10.0" [[projects]] branch = "v2" + digest = "1:d8ee1b165eb7f4fd9ada718e1e7eeb0bc1fd462592d0bd823df694443f448681" name = "github.com/coreos/go-oidc" packages = ["."] + pruneopts = "" revision = "1180514eaf4d9f38d0d19eef639a1d695e066e72" [[projects]] branch = "master" + digest = "1:5fd5c4d4282935b7a575299494f2c09e9d2cacded7815c83aff7c1602aff3154" name = "github.com/daaku/go.zipexe" packages = ["."] + pruneopts = "" revision = "a5fe2436ffcb3236e175e5149162b41cd28bd27d" [[projects]] + digest = "1:56c130d885a4aacae1dd9c7b71cfe39912c7ebc1ff7d2b46083c8812996dc43b" name = "github.com/davecgh/go-spew" packages = ["spew"] + pruneopts = "" revision = "346938d642f2ec3594ed81d874461961cd0faa76" version = "v1.1.0" [[projects]] + digest = "1:6098222470fe0172157ce9bbef5d2200df4edde17ee649c5d6e48330e4afa4c6" name = "github.com/dgrijalva/jwt-go" packages = ["."] + pruneopts = "" revision = "06ea1031745cb8b3dab3f6a236daf2b0aa468b7e" version = "v3.2.0" [[projects]] + digest = "1:971e9ba63a417c5f1f83ab358677bc59e96ff04285f26c6646ff089fb60b15e8" name = "github.com/emicklei/go-restful" packages = [ ".", - "log" + "log", ] + pruneopts = "" revision = "3658237ded108b4134956c1b3050349d93e7b895" version = "v2.7.1" [[projects]] + digest = "1:b13707423743d41665fd23f0c36b2f37bb49c30e94adb813319c44188a51ba22" name = "github.com/ghodss/yaml" packages = ["."] + pruneopts = "" revision = "0ca9ea5df5451ffdf184b4428c902747c2c11cd7" [[projects]] branch = "master" + digest = "1:eb77b66abaf9649747230eb973350bd1c311a0d0362213192efbdd222082b072" name = "github.com/go-openapi/analysis" packages = ["."] + pruneopts = "" revision = "5957818e100395077187fb7ef3b8a28227af06c6" [[projects]] branch = "master" + digest = "1:ee273c95c1414ef11bd4da259b40e83f41c1d5a6bee7d1b54a05ef5f3565fd92" name = "github.com/go-openapi/errors" packages = ["."] + pruneopts = "" revision = "b2b2befaf267d082d779bcef52d682a47c779517" [[projects]] branch = "master" + digest = "1:1287439f7765209116509fffff2b8f853845e4b35572b41a1aadda42cbcffcc2" name = "github.com/go-openapi/jsonpointer" packages = ["."] + pruneopts = "" revision = "779f45308c19820f1a69e9a4cd965f496e0da10f" [[projects]] branch = "master" + digest = "1:07ac8ac445f68b0bc063d11845d479fb7e09c906ead7a8c4165b59777df09d74" name = "github.com/go-openapi/jsonreference" packages = ["."] + pruneopts = "" revision = "36d33bfe519efae5632669801b180bf1a245da3b" [[projects]] branch = "master" + digest = "1:c4a8c916364abeda1c5cf36684320298bbf4d87718b0b2bd9c4ca663157fdc75" name = "github.com/go-openapi/loads" packages = ["."] + pruneopts = "" revision = "2a2b323bab96e6b1fdee110e57d959322446e9c9" [[projects]] branch = "master" + digest = "1:1d9c762f6695e6e7ed0b4c055fa0eab7d20c2b36c935943282273d37f114e302" name = "github.com/go-openapi/runtime" packages = [ ".", @@ -159,45 +204,57 @@ "middleware/denco", "middleware/header", "middleware/untyped", - "security" + "security", ] + pruneopts = "" revision = "cd9d8ed52e4b4665463cbc655500e4faa09c3c16" [[projects]] branch = "master" + digest = "1:fd4008f8283b993180f0626d0c7b2f48880e9dbb6bd92a91cac7ded30dc66777" name = "github.com/go-openapi/spec" packages = ["."] + pruneopts = "" revision = "1de3e0542de65ad8d75452a595886fdd0befb363" [[projects]] branch = "master" + digest = "1:4ddc424130bcfbf6f782f433192ca2502a02a09e4ac55dcbecf91f22ed4e3138" name = "github.com/go-openapi/strfmt" packages = ["."] + pruneopts = "" revision = "481808443b00a14745fada967cb5eeff0f9b1df2" [[projects]] branch = "master" + digest = "1:366052ef634d344217d6720719c9f8e95de13a94d211f09785b0ba3c4c181b06" name = "github.com/go-openapi/swag" packages = ["."] + pruneopts = "" revision = "84f4bee7c0a6db40e3166044c7983c1c32125429" [[projects]] branch = "master" + digest = "1:671e25496d550c80a9d6e7e588d32b380c6b4877f113750724f69acc6ce6790f" name = "github.com/go-openapi/validate" packages = ["."] + pruneopts = "" revision = "b0a3ed684d0fdd3e1eda00433382188ce8aa7169" [[projects]] + digest = "1:024c9473f363a12918e87e7efc778091839beab514b01309a6ecd8aa336c8065" name = "github.com/go-redis/cache" packages = [ ".", "internal/lrucache", - "internal/singleflight" + "internal/singleflight", ] + pruneopts = "" revision = "c58ada1e23a3b66593f81c70572c20a0bb805a90" version = "v6.3.5" [[projects]] + digest = "1:34c6632be33dacedc5acf9f4489cfa64e0d716a55b00e2f6ff839a4437c3f7da" name = "github.com/go-redis/redis" packages = [ ".", @@ -207,18 +264,22 @@ "internal/pool", "internal/proto", "internal/singleflight", - "internal/util" + "internal/util", ] + pruneopts = "" revision = "877867d2845fbaf86798befe410b6ceb6f5c29a3" version = "v6.10.2" [[projects]] + digest = "1:842c1acbacc80da775cfc0c412c4fe322c2d1b86c260db632987730d0d67a6bd" name = "github.com/gobuffalo/packr" packages = ["."] + pruneopts = "" revision = "7f4074995d431987caaa35088199f13c44b24440" version = "v1.11.0" [[projects]] + digest = "1:0a3f6a0c68ab8f3d455f8892295503b179e571b7fefe47cc6c556405d1f83411" name = "github.com/gogo/protobuf" packages = [ "gogoproto", @@ -247,19 +308,23 @@ "protoc-gen-gogofast", "sortkeys", "vanity", - "vanity/command" + "vanity/command", ] + pruneopts = "" revision = "1adfc126b41513cc696b209667c8656ea7aac67c" version = "v1.0.0" [[projects]] branch = "master" + digest = "1:107b233e45174dbab5b1324201d092ea9448e58243ab9f039e4c0f332e121e3a" name = "github.com/golang/glog" packages = ["."] + pruneopts = "" revision = "23def4e6c14b4da8ac2ed8007337bc5eb5007998" [[projects]] branch = "master" + digest = "1:27828cf74799ad14fcafece9f78f350cdbcd4fbe92c14ad4cba256fbbfa328ef" name = "github.com/golang/protobuf" packages = [ "jsonpb", @@ -274,37 +339,45 @@ "ptypes/duration", "ptypes/empty", "ptypes/struct", - "ptypes/timestamp" + "ptypes/timestamp", ] + pruneopts = "" revision = "e09c5db296004fbe3f74490e84dcd62c3c5ddb1b" [[projects]] + digest = "1:14d826ee25139b4674e9768ac287a135f4e7c14e1134a5b15e4e152edfd49f41" name = "github.com/google/go-jsonnet" packages = [ ".", "ast", - "parser" + "parser", ] + pruneopts = "" revision = "dfddf2b4e3aec377b0dcdf247ff92e7d078b8179" [[projects]] branch = "master" + digest = "1:754f77e9c839b24778a4b64422236d38515301d2baeb63113aa3edc42e6af692" name = "github.com/google/gofuzz" packages = ["."] + pruneopts = "" revision = "24818f796faf91cd76ec7bddd72458fbced7a6c1" [[projects]] + digest = "1:2a131706ff80636629ab6373f2944569b8252ecc018cda8040931b05d32e3c16" name = "github.com/googleapis/gnostic" packages = [ "OpenAPIv2", "compiler", - "extensions" + "extensions", ] + pruneopts = "" revision = "ee43cbb60db7bd22502942cccbc39059117352ab" version = "v0.1.0" [[projects]] branch = "master" + digest = "1:9dca8c981b8aed7448d94e78bc68a76784867a38b3036d5aabc0b32d92ffd1f4" name = "github.com/grpc-ecosystem/go-grpc-middleware" packages = [ ".", @@ -314,11 +387,13 @@ "logging/logrus/ctxlogrus", "tags", "tags/logrus", - "util/metautils" + "util/metautils", ] + pruneopts = "" revision = "bc372cc64f55abd91995ba3f219b380ffbc59e9d" [[projects]] + digest = "1:9feb7485bc57adbcbc1e1037ca05588e9d8b0a3a1875fbf730021fc118859b75" name = "github.com/grpc-ecosystem/grpc-gateway" packages = [ "protoc-gen-grpc-gateway", @@ -331,51 +406,65 @@ "protoc-gen-swagger/options", "runtime", "runtime/internal", - "utilities" + "utilities", ] + pruneopts = "" revision = "07f5e79768022f9a3265235f0db4ac8c3f675fec" version = "v1.3.1" [[projects]] branch = "master" + digest = "1:9c776d7d9c54b7ed89f119e449983c3f24c0023e75001d6092442412ebca6b94" name = "github.com/hashicorp/golang-lru" packages = [ ".", - "simplelru" + "simplelru", ] + pruneopts = "" revision = "0fb14efe8c47ae851c0034ed7a448854d3d34cf3" [[projects]] branch = "master" + digest = "1:f81c8d7354cc0c6340f2f7a48724ee6c2b3db3e918ecd441c985b4d2d97dd3e7" name = "github.com/howeyc/gopass" packages = ["."] + pruneopts = "" revision = "bf9dde6d0d2c004a008c27aaee91170c786f6db8" [[projects]] + digest = "1:23bc0b496ba341c6e3ba24d6358ff4a40a704d9eb5f9a3bd8e8fbd57ad869013" name = "github.com/imdario/mergo" packages = ["."] + pruneopts = "" revision = "163f41321a19dd09362d4c63cc2489db2015f1f4" version = "0.3.2" [[projects]] + digest = "1:870d441fe217b8e689d7949fef6e43efbc787e50f200cb1e70dbca9204a1d6be" name = "github.com/inconshreveable/mousetrap" packages = ["."] + pruneopts = "" revision = "76626ae9c91c4f2a10f34cad8ce83ea42c93bb75" version = "v1.0" [[projects]] + digest = "1:dd5cdbd84daf24b2a009364f3c24859b1e4de1eab87c451fb3bce09935d909fc" name = "github.com/json-iterator/go" packages = ["."] + pruneopts = "" revision = "e7c7f3b33712573affdcc7a107218e7926b9a05b" version = "1.0.6" [[projects]] branch = "master" + digest = "1:2c5ad58492804c40bdaf5d92039b0cde8b5becd2b7feeb37d7d1cc36a8aa8dbe" name = "github.com/kardianos/osext" packages = ["."] + pruneopts = "" revision = "ae77be60afb1dcacde03767a8c37337fad28ac14" [[projects]] + digest = "1:2fe45da14d25bce0a58c5a991967149cc5d07f94be327b928a9fd306466815a3" name = "github.com/ksonnet/ksonnet" packages = [ "metadata/params", @@ -390,12 +479,14 @@ "pkg/schema", "pkg/util/jsonnet", "pkg/util/kslib", - "pkg/util/strings" + "pkg/util/strings", ] + pruneopts = "" revision = "e943ae55d4fe256c8330a047ce8426ad9dac110c" version = "v0.11.0" [[projects]] + digest = "1:a165d7829bc54ec7952629870058b748512edb2fcbe244aba797d8de31bb4f03" name = "github.com/ksonnet/ksonnet-lib" packages = [ "ksonnet-gen/astext", @@ -404,156 +495,198 @@ "ksonnet-gen/kubespec", "ksonnet-gen/kubeversion", "ksonnet-gen/nodemaker", - "ksonnet-gen/printer" + "ksonnet-gen/printer", ] + pruneopts = "" revision = "dfcaa3d01d0c4948cb596403c35e966c774f2678" version = "v0.1.8" [[projects]] branch = "master" + digest = "1:ccc20cacf54eb16464dad02efa1c14fa7c0b9e124639b0d2a51dcc87b0154e4c" name = "github.com/mailru/easyjson" packages = [ "buffer", "jlexer", - "jwriter" + "jwriter", ] + pruneopts = "" revision = "32fa128f234d041f196a9f3e0fea5ac9772c08e1" [[projects]] branch = "master" + digest = "1:eb9117392ee8e7aa44f78e0db603f70b1050ee0ebda4bd40040befb5b218c546" name = "github.com/mitchellh/mapstructure" packages = ["."] + pruneopts = "" revision = "bb74f1db0675b241733089d5a1faa5dd8b0ef57b" [[projects]] + digest = "1:4c0404dc03d974acd5fcd8b8d3ce687b13bd169db032b89275e8b9d77b98ce8c" name = "github.com/patrickmn/go-cache" packages = ["."] + pruneopts = "" revision = "a3647f8e31d79543b2d0f0ae2fe5c379d72cedc0" version = "v2.1.0" [[projects]] + digest = "1:7365acd48986e205ccb8652cc746f09c8b7876030d53710ea6ef7d0bd0dcd7ca" name = "github.com/pkg/errors" packages = ["."] + pruneopts = "" revision = "645ef00459ed84a119197bfb8d8205042c6df63d" version = "v0.8.0" [[projects]] + digest = "1:256484dbbcd271f9ecebc6795b2df8cad4c458dd0f5fd82a8c2fa0c29f233411" name = "github.com/pmezard/go-difflib" packages = ["difflib"] + pruneopts = "" revision = "792786c7400a136282c1664665ae0a8db921c6c2" version = "v1.0.0" [[projects]] branch = "master" + digest = "1:90daff4630a8cf2fa207dbd3ccaed0e860936ead1851a473019674e6b5993a13" name = "github.com/pquerna/cachecontrol" packages = [ ".", - "cacheobject" + "cacheobject", ] + pruneopts = "" revision = "525d0eb5f91d30e3b1548de401b7ef9ea6898520" [[projects]] branch = "master" + digest = "1:1ee3e3e12ffdb5ba70b918148685cab6340bbc0d03ba723bcb46062d1bea69c6" name = "github.com/qiangmzsx/string-adapter" packages = ["."] + pruneopts = "" revision = "38f25303bb0cd40e674a6fac01e0171ab905f5a1" [[projects]] + digest = "1:3962f553b77bf6c03fc07cd687a22dd3b00fe11aa14d31194f5505f5bb65cdc8" name = "github.com/sergi/go-diff" packages = ["diffmatchpatch"] + pruneopts = "" revision = "1744e2970ca51c86172c8190fadad617561ed6e7" version = "v1.0.0" [[projects]] + digest = "1:c92f01303e3ab3b5da92657841639cb53d1548f0d2733d12ef3b9fd9d47c869e" name = "github.com/sirupsen/logrus" packages = ["."] + pruneopts = "" revision = "ea8897e79973357ba785ac2533559a6297e83c44" [[projects]] branch = "master" + digest = "1:50b5be512f924d289f20e8b2aef8951d98b9bd8c44666cf169514906df597a4c" name = "github.com/skratchdot/open-golang" packages = ["open"] + pruneopts = "" revision = "75fb7ed4208cf72d323d7d02fd1a5964a7a9073c" [[projects]] + digest = "1:022a4e2a8c327eb46a99088a51c0dda5d5be86928ace2afd72145dc1d746a323" name = "github.com/soheilhy/cmux" packages = ["."] + pruneopts = "" revision = "e09e9389d85d8492d313d73d1469c029e710623f" version = "v0.1.4" [[projects]] + digest = "1:a35a4db30a6094deac33fdb99de9ed99fefc39a7bf06b57d9f04bcaa425bb183" name = "github.com/spf13/afero" packages = [ ".", - "mem" + "mem", ] + pruneopts = "" revision = "9be650865eab0c12963d8753212f4f9c66cdcf12" [[projects]] + digest = "1:2208a80fc3259291e43b30f42f844d18f4218036dff510f42c653ec9890d460a" name = "github.com/spf13/cobra" packages = ["."] + pruneopts = "" revision = "7b2c5ac9fc04fc5efafb60700713d4fa609b777b" version = "v0.0.1" [[projects]] + digest = "1:261bc565833ef4f02121450d74eb88d5ae4bd74bfe5d0e862cddb8550ec35000" name = "github.com/spf13/pflag" packages = ["."] + pruneopts = "" revision = "e57e3eeb33f795204c1ca35f56c44f83227c6e66" version = "v1.0.0" [[projects]] + digest = "1:306417ea2f31ea733df356a2b895de63776b6a5107085b33458e5cd6eb1d584d" name = "github.com/stretchr/objx" packages = ["."] + pruneopts = "" revision = "facf9a85c22f48d2f52f2380e4efce1768749a89" version = "v0.1" [[projects]] + digest = "1:a30066593578732a356dc7e5d7f78d69184ca65aeeff5939241a3ab10559bb06" name = "github.com/stretchr/testify" packages = [ "assert", - "mock" + "mock", ] + pruneopts = "" revision = "12b6f73e6084dad08a7c6e575284b177ecafbc71" version = "v1.2.1" [[projects]] + digest = "1:51cf0fca93f4866709ceaf01b750e51d997c299a7bd2edf7ccd79e3b428754ae" name = "github.com/vmihailenco/msgpack" packages = [ ".", - "codes" + "codes", ] + pruneopts = "" revision = "a053f3dac71df214bfe8b367f34220f0029c9c02" version = "v3.3.1" [[projects]] + digest = "1:529ed3f98838f69e13761788d0cc71b44e130058fab13bae2ce09f7a176bced4" name = "github.com/yudai/gojsondiff" packages = [ ".", - "formatter" + "formatter", ] + pruneopts = "" revision = "7b1b7adf999dab73a6eb02669c3d82dbb27a3dd6" version = "1.0.0" [[projects]] branch = "master" + digest = "1:9857bb2293f372b2181004d8b62179bbdb4ab0982ec6f762abe6cf2bfedaff85" name = "github.com/yudai/golcs" packages = ["."] + pruneopts = "" revision = "ecda9a501e8220fae3b4b600c3db4b0ba22cfc68" [[projects]] branch = "master" + digest = "1:2ea6df0f542cc95a5e374e9cdd81eaa599ed0d55366eef92d2f6b9efa2795c07" name = "golang.org/x/crypto" packages = [ "bcrypt", "blowfish", "ed25519", "ed25519/internal/edwards25519", - "ssh/terminal" + "ssh/terminal", ] + pruneopts = "" revision = "432090b8f568c018896cd8a0fb0345872bbac6ce" [[projects]] branch = "master" + digest = "1:b4ba046df563f56fe42b6270b20039107a37e1ab47c97aa47a16f848aa5b6d9a" name = "golang.org/x/net" packages = [ "context", @@ -563,38 +696,46 @@ "idna", "internal/timeseries", "lex/httplex", - "trace" + "trace", ] + pruneopts = "" revision = "cbe0f9307d0156177f9dd5dc85da1a31abc5f2fb" [[projects]] + digest = "1:8a58c605e58272e3d280181a24749b07499cf98968da6f7c1d19c8d5649c6b1b" name = "golang.org/x/oauth2" packages = [ ".", "google", "internal", "jws", - "jwt" + "jwt", ] + pruneopts = "" revision = "cce311a261e6fcf29de72ca96827bdb0b7d9c9e6" [[projects]] branch = "master" + digest = "1:8aad4e360d6645abe564e925bd6d8d3b94975e52ce68af0c28f91b5aedb0637f" name = "golang.org/x/sync" packages = ["errgroup"] + pruneopts = "" revision = "fd80eb99c8f653c847d294a001bdf2a3a6f768f5" [[projects]] branch = "master" + digest = "1:407b5f905024dd94ee08c1777fabb380fb3d380f92a7f7df2592be005337eeb3" name = "golang.org/x/sys" packages = [ "unix", - "windows" + "windows", ] + pruneopts = "" revision = "37707fdb30a5b38865cfb95e5aab41707daec7fd" [[projects]] branch = "master" + digest = "1:31985a0ed491dba5ba7fe92e18be008acd92ca9435ed9b35b06f3e6c00fd82cb" name = "golang.org/x/text" packages = [ "collate", @@ -611,28 +752,34 @@ "unicode/cldr", "unicode/norm", "unicode/rangetable", - "width" + "width", ] + pruneopts = "" revision = "4e4a3210bb54bb31f6ab2cdca2edcc0b50c420c1" [[projects]] branch = "master" + digest = "1:55a681cb66f28755765fa5fa5104cbd8dc85c55c02d206f9f89566451e3fe1aa" name = "golang.org/x/time" packages = ["rate"] + pruneopts = "" revision = "fbb02b2291d28baffd63558aa44b4b56f178d650" [[projects]] branch = "master" + digest = "1:77e1d6ed91936b206979806b0aacbf817ec54b840803d8f8cd7a1de5bfbf92a4" name = "golang.org/x/tools" packages = [ "cmd/cover", "cover", "go/ast/astutil", - "imports" + "imports", ] + pruneopts = "" revision = "5e776fee60db37e560cee3fb46db699d2f095386" [[projects]] + digest = "1:934fb8966f303ede63aa405e2c8d7f0a427a05ea8df335dfdc1833dd4d40756f" name = "google.golang.org/appengine" packages = [ ".", @@ -645,21 +792,25 @@ "internal/modules", "internal/remote_api", "internal/urlfetch", - "urlfetch" + "urlfetch", ] + pruneopts = "" revision = "150dc57a1b433e64154302bdc40b6bb8aefa313a" version = "v1.0.0" [[projects]] branch = "master" + digest = "1:2d833b53e432cd69645da559b822661ebc5c0a13c571dee1c1f80fb1a0241330" name = "google.golang.org/genproto" packages = [ "googleapis/api/annotations", - "googleapis/rpc/status" + "googleapis/rpc/status", ] + pruneopts = "" revision = "2b5a72b8730b0b16380010cfe5286c42108d88e7" [[projects]] + digest = "1:d2dc833c73202298c92b63a7e180e2b007b5a3c3c763e3b9fe1da249b5c7f5b9" name = "google.golang.org/grpc" packages = [ ".", @@ -686,54 +837,66 @@ "stats", "status", "tap", - "transport" + "transport", ] + pruneopts = "" revision = "8e4536a86ab602859c20df5ebfd0bd4228d08655" version = "v1.10.0" [[projects]] + digest = "1:bf7444e1e6a36e633f4f1624a67b9e4734cfb879c27ac0a2082ac16aff8462ac" name = "gopkg.in/go-playground/webhooks.v3" packages = [ ".", "bitbucket", "github", - "gitlab" + "gitlab", ] + pruneopts = "" revision = "5580947e3ec83427ef5f6f2392eddca8dde5d99a" version = "v3.11.0" [[projects]] + digest = "1:e5d1fb981765b6f7513f793a3fcaac7158408cca77f75f7311ac82cc88e9c445" name = "gopkg.in/inf.v0" packages = ["."] + pruneopts = "" revision = "3887ee99ecf07df5b447e9b00d9c0b2adaa9f3e4" version = "v0.9.0" [[projects]] branch = "v2" + digest = "1:c80894778314c7fb90d94a5ab925214900e1341afeddc953cda7398b8cdcd006" name = "gopkg.in/mgo.v2" packages = [ "bson", - "internal/json" + "internal/json", ] + pruneopts = "" revision = "3f83fa5005286a7fe593b055f0d7771a7dce4655" [[projects]] + digest = "1:de0ec5755ee1a5e61f079c8855cf2073b5a5f614ae3b51db65f2c4e1044455fd" name = "gopkg.in/square/go-jose.v2" packages = [ ".", "cipher", - "json" + "json", ] + pruneopts = "" revision = "76dd09796242edb5b897103a75df2645c028c960" version = "v2.1.6" [[projects]] + digest = "1:81314a486195626940617e43740b4fa073f265b0715c9f54ce2027fee1cb5f61" name = "gopkg.in/yaml.v2" packages = ["."] + pruneopts = "" revision = "eb3733d160e74a9c7e442f435eb3bea458e1d19f" [[projects]] branch = "release-1.10" + digest = "1:5beb32094452970c0d73a2bdacd79aa9cfaa4947a774d521c1bed4b4c2705f15" name = "k8s.io/api" packages = [ "admission/v1beta1", @@ -765,24 +928,28 @@ "settings/v1alpha1", "storage/v1", "storage/v1alpha1", - "storage/v1beta1" + "storage/v1beta1", ] + pruneopts = "" revision = "8b7507fac302640dd5f1efbf9643199952cc58db" [[projects]] branch = "release-1.10" + digest = "1:7cb811fe9560718bd0ada29f2091acab5c4b4380ed23ef2824f64ce7038d899e" name = "k8s.io/apiextensions-apiserver" packages = [ "pkg/apis/apiextensions", "pkg/apis/apiextensions/v1beta1", "pkg/client/clientset/clientset", "pkg/client/clientset/clientset/scheme", - "pkg/client/clientset/clientset/typed/apiextensions/v1beta1" + "pkg/client/clientset/clientset/typed/apiextensions/v1beta1", ] + pruneopts = "" revision = "b13a681559816a9c14f93086bbeeed1c7baf2bcb" [[projects]] branch = "release-1.10" + digest = "1:b9c6e8e91bab6a419c58a63377532782a9f5616552164c38a9527f91c9309bbe" name = "k8s.io/apimachinery" packages = [ "pkg/api/equality", @@ -829,12 +996,14 @@ "pkg/version", "pkg/watch", "third_party/forked/golang/json", - "third_party/forked/golang/reflect" + "third_party/forked/golang/reflect", ] + pruneopts = "" revision = "f6313580a4d36c7c74a3d845dda6e116642c4f90" [[projects]] branch = "release-7.0" + digest = "1:3a45889089f89cc371fb45b3f8a478248b755e4af17a8cf592e49bdf3481a0b3" name = "k8s.io/client-go" packages = [ "discovery", @@ -991,43 +1160,51 @@ "util/integer", "util/jsonpath", "util/retry", - "util/workqueue" + "util/workqueue", ] + pruneopts = "" revision = "26a26f55b28aa1b338fbaf6fbbe0bcd76aed05e0" [[projects]] branch = "release-1.10" + digest = "1:34b0b3400ffdc2533ed4ea23721956638c2776ba49ca4c5def71dddcf0cdfd9b" name = "k8s.io/code-generator" packages = [ "cmd/go-to-protobuf", "cmd/go-to-protobuf/protobuf", "pkg/util", - "third_party/forked/golang/reflect" + "third_party/forked/golang/reflect", ] + pruneopts = "" revision = "9de8e796a74d16d2a285165727d04c185ebca6dc" [[projects]] branch = "master" + digest = "1:15710582bd5ceff07eee4726884f75f97f90366fde9307b8dd09500c75722456" name = "k8s.io/gengo" packages = [ "args", "generator", "namer", "parser", - "types" + "types", ] + pruneopts = "" revision = "8394c995ab8fbe52216f38d0e1a37de36d820528" [[projects]] branch = "master" + digest = "1:9a648ff9eb89673d2870c22fc011ec5db0fcff6c4e5174a650298e51be71bbf1" name = "k8s.io/kube-openapi" packages = [ "pkg/common", - "pkg/util/proto" + "pkg/util/proto", ] + pruneopts = "" revision = "50ae88d24ede7b8bad68e23c805b5d3da5c8abaf" [[projects]] + digest = "1:ad247ab9725165a7f289779d46747da832e33a4efe8ae264461afc571f65dac8" name = "k8s.io/kubernetes" packages = [ "pkg/apis/apps", @@ -1036,14 +1213,125 @@ "pkg/apis/core", "pkg/apis/extensions", "pkg/apis/networking", - "pkg/kubectl/scheme" + "pkg/kubectl/scheme", ] + pruneopts = "" revision = "81753b10df112992bf51bbc2c2f85208aad78335" version = "v1.10.2" [solve-meta] analyzer-name = "dep" analyzer-version = 1 - inputs-digest = "3f7be63d38bb177fbf37d388370cb2c32a7a94973084d0664beb48dcf4f7c74f" + input-imports = [ + "github.com/argoproj/argo/pkg/apis/workflow/v1alpha1", + "github.com/argoproj/pkg/time", + "github.com/casbin/casbin", + "github.com/casbin/casbin/model", + "github.com/coreos/dex/api", + "github.com/coreos/go-oidc", + "github.com/dgrijalva/jwt-go", + "github.com/ghodss/yaml", + "github.com/go-openapi/loads", + "github.com/go-openapi/runtime/middleware", + "github.com/go-redis/cache", + "github.com/go-redis/redis", + "github.com/gobuffalo/packr", + "github.com/gogo/protobuf/gogoproto", + "github.com/gogo/protobuf/proto", + "github.com/gogo/protobuf/protoc-gen-gofast", + "github.com/gogo/protobuf/protoc-gen-gogofast", + "github.com/golang/glog", + "github.com/golang/protobuf/proto", + "github.com/golang/protobuf/protoc-gen-go", + "github.com/golang/protobuf/ptypes/empty", + "github.com/grpc-ecosystem/go-grpc-middleware", + "github.com/grpc-ecosystem/go-grpc-middleware/auth", + "github.com/grpc-ecosystem/go-grpc-middleware/logging", + "github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus", + "github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus", + "github.com/grpc-ecosystem/grpc-gateway/protoc-gen-grpc-gateway", + "github.com/grpc-ecosystem/grpc-gateway/protoc-gen-swagger", + "github.com/grpc-ecosystem/grpc-gateway/runtime", + "github.com/grpc-ecosystem/grpc-gateway/utilities", + "github.com/ksonnet/ksonnet/pkg/app", + "github.com/ksonnet/ksonnet/pkg/component", + "github.com/patrickmn/go-cache", + "github.com/pkg/errors", + "github.com/qiangmzsx/string-adapter", + "github.com/sirupsen/logrus", + "github.com/skratchdot/open-golang/open", + "github.com/soheilhy/cmux", + "github.com/spf13/afero", + "github.com/spf13/cobra", + "github.com/spf13/pflag", + "github.com/stretchr/testify/assert", + "github.com/stretchr/testify/mock", + "github.com/vmihailenco/msgpack", + "github.com/yudai/gojsondiff", + "github.com/yudai/gojsondiff/formatter", + "golang.org/x/crypto/bcrypt", + "golang.org/x/crypto/ssh/terminal", + "golang.org/x/net/context", + "golang.org/x/oauth2", + "golang.org/x/sync/errgroup", + "golang.org/x/tools/cmd/cover", + "google.golang.org/genproto/googleapis/api/annotations", + "google.golang.org/grpc", + "google.golang.org/grpc/codes", + "google.golang.org/grpc/credentials", + "google.golang.org/grpc/grpclog", + "google.golang.org/grpc/metadata", + "google.golang.org/grpc/reflection", + "google.golang.org/grpc/status", + "gopkg.in/go-playground/webhooks.v3", + "gopkg.in/go-playground/webhooks.v3/bitbucket", + "gopkg.in/go-playground/webhooks.v3/github", + "gopkg.in/go-playground/webhooks.v3/gitlab", + "k8s.io/api/apps/v1", + "k8s.io/api/apps/v1beta1", + "k8s.io/api/apps/v1beta2", + "k8s.io/api/core/v1", + "k8s.io/api/extensions/v1beta1", + "k8s.io/api/rbac/v1", + "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset", + "k8s.io/apimachinery/pkg/api/equality", + "k8s.io/apimachinery/pkg/api/errors", + "k8s.io/apimachinery/pkg/apis/meta/v1", + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured", + "k8s.io/apimachinery/pkg/fields", + "k8s.io/apimachinery/pkg/labels", + "k8s.io/apimachinery/pkg/runtime", + "k8s.io/apimachinery/pkg/runtime/schema", + "k8s.io/apimachinery/pkg/runtime/serializer", + "k8s.io/apimachinery/pkg/selection", + "k8s.io/apimachinery/pkg/types", + "k8s.io/apimachinery/pkg/util/intstr", + "k8s.io/apimachinery/pkg/util/runtime", + "k8s.io/apimachinery/pkg/util/strategicpatch", + "k8s.io/apimachinery/pkg/util/wait", + "k8s.io/apimachinery/pkg/watch", + "k8s.io/client-go/discovery", + "k8s.io/client-go/discovery/fake", + "k8s.io/client-go/dynamic", + "k8s.io/client-go/dynamic/fake", + "k8s.io/client-go/informers", + "k8s.io/client-go/informers/core/v1", + "k8s.io/client-go/kubernetes", + "k8s.io/client-go/kubernetes/fake", + "k8s.io/client-go/plugin/pkg/client/auth/gcp", + "k8s.io/client-go/plugin/pkg/client/auth/oidc", + "k8s.io/client-go/rest", + "k8s.io/client-go/testing", + "k8s.io/client-go/tools/cache", + "k8s.io/client-go/tools/clientcmd", + "k8s.io/client-go/tools/clientcmd/api", + "k8s.io/client-go/util/flowcontrol", + "k8s.io/client-go/util/workqueue", + "k8s.io/code-generator/cmd/go-to-protobuf", + "k8s.io/kubernetes/pkg/apis/apps", + "k8s.io/kubernetes/pkg/apis/batch", + "k8s.io/kubernetes/pkg/apis/core", + "k8s.io/kubernetes/pkg/kubectl/scheme", + ] solver-name = "gps-cdcl" solver-version = 1 From 3d390f2e69d3911f46c22e9692af5485464baef5 Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Tue, 14 Aug 2018 10:50:14 -0700 Subject: [PATCH 39/43] Rename cli variable for better consistency --- cmd/argocd/commands/project.go | 14 ++-- server/project/project.go | 4 +- server/project/project.pb.go | 136 ++++++++++++++++----------------- server/project/project.proto | 7 +- server/project/project_test.go | 4 +- server/swagger.json | 9 ++- 6 files changed, 88 insertions(+), 86 deletions(-) diff --git a/cmd/argocd/commands/project.go b/cmd/argocd/commands/project.go index d320ef727e5f3..dea5846a4458f 100644 --- a/cmd/argocd/commands/project.go +++ b/cmd/argocd/commands/project.go @@ -286,10 +286,10 @@ func NewProjectRoleDeleteCommand(clientOpts *argocdclient.ClientOptions) *cobra. // NewProjectRoleCreateTokenCommand returns a new instance of an `argocd proj role create-token` command func NewProjectRoleCreateTokenCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { var ( - timeBeforeExpiry string + expiresIn string ) var command = &cobra.Command{ - Use: "create-token PROJECT TOKEN-NAME [--seconds seconds]", + Use: "create-token PROJECT TOKEN-NAME [--expires-in 1d]", Short: "Create a project token", Run: func(c *cobra.Command, args []string) { if len(args) != 2 { @@ -300,14 +300,14 @@ func NewProjectRoleCreateTokenCommand(clientOpts *argocdclient.ClientOptions) *c roleName := args[1] conn, projIf := argocdclient.NewClientOrDie(clientOpts).NewProjectClientOrDie() defer util.Close(conn) - duration, err := timeutil.ParseDuration(timeBeforeExpiry) + duration, err := timeutil.ParseDuration(expiresIn) errors.CheckError(err) - token, err := projIf.CreateToken(context.Background(), &project.ProjectTokenCreateRequest{Project: projName, Role: roleName, SecondsBeforeExpiry: int64(duration.Seconds())}) + token, err := projIf.CreateToken(context.Background(), &project.ProjectTokenCreateRequest{Project: projName, Role: roleName, ExpiresIn: int64(duration.Seconds())}) errors.CheckError(err) fmt.Print(token.Token) }, } - command.Flags().StringVarP(&timeBeforeExpiry, "timeBeforeExpiry", "s", "0s", "Time before the token will expire. (Default: No expiration)") + command.Flags().StringVarP(&expiresIn, "expires-in", "e", "0s", "Duration before the token will expire. (Default: No expiration)") return command } @@ -315,7 +315,7 @@ func NewProjectRoleCreateTokenCommand(clientOpts *argocdclient.ClientOptions) *c // NewProjectRoleDeleteTokenCommand returns a new instance of an `argocd proj role delete-token` command func NewProjectRoleDeleteTokenCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { var command = &cobra.Command{ - Use: "delete-token PROJECT ROLE-NAME ISSUED_AT", + Use: "delete-token PROJECT ROLE-NAME ISSUED-AT", Short: "Delete a project token", Run: func(c *cobra.Command, args []string) { if len(args) != 3 { @@ -332,7 +332,7 @@ func NewProjectRoleDeleteTokenCommand(clientOpts *argocdclient.ClientOptions) *c conn, projIf := argocdclient.NewClientOrDie(clientOpts).NewProjectClientOrDie() defer util.Close(conn) - _, err = projIf.DeleteToken(context.Background(), &project.ProjectTokenDeleteRequest{Project: projName, Role: roleName, IssuedAt: issuedAt}) + _, err = projIf.DeleteToken(context.Background(), &project.ProjectTokenDeleteRequest{Project: projName, Role: roleName, Iat: issuedAt}) errors.CheckError(err) }, } diff --git a/server/project/project.go b/server/project/project.go index c57f11e87c339..f42078a63be2b 100644 --- a/server/project/project.go +++ b/server/project/project.go @@ -70,7 +70,7 @@ func (s *Server) CreateToken(ctx context.Context, q *ProjectTokenCreateRequest) } tokenName := fmt.Sprintf(JWTTokenSubFormat, q.Project, q.Role) - jwtToken, err := s.sessionMgr.Create(tokenName, q.SecondsBeforeExpiry) + jwtToken, err := s.sessionMgr.Create(tokenName, q.ExpiresIn) if err != nil { return nil, status.Error(codes.InvalidArgument, err.Error()) } @@ -119,7 +119,7 @@ func (s *Server) DeleteToken(ctx context.Context, q *ProjectTokenDeleteRequest) if project.Spec.Roles[roleIndex].JWTTokens == nil { return &EmptyResponse{}, nil } - jwtTokenIndex, err := projectutil.GetJWTTokenIndexByIssuedAt(project, roleIndex, q.IssuedAt) + jwtTokenIndex, err := projectutil.GetJWTTokenIndexByIssuedAt(project, roleIndex, q.Iat) if err != nil { return &EmptyResponse{}, nil } diff --git a/server/project/project.pb.go b/server/project/project.pb.go index 370ceeb308895..d02814ef21341 100644 --- a/server/project/project.pb.go +++ b/server/project/project.pb.go @@ -66,9 +66,9 @@ func (m *ProjectCreateRequest) GetProject() *github_com_argoproj_argo_cd_pkg_api // ProjectTokenCreateRequest defines project token deletion parameters. type ProjectTokenDeleteRequest struct { - Project string `protobuf:"bytes,1,opt,name=project,proto3" json:"project,omitempty"` - Role string `protobuf:"bytes,2,opt,name=role,proto3" json:"role,omitempty"` - IssuedAt int64 `protobuf:"varint,3,opt,name=issuedAt,proto3" json:"issuedAt,omitempty"` + Project string `protobuf:"bytes,1,opt,name=project,proto3" json:"project,omitempty"` + Role string `protobuf:"bytes,2,opt,name=role,proto3" json:"role,omitempty"` + Iat int64 `protobuf:"varint,3,opt,name=iat,proto3" json:"iat,omitempty"` } func (m *ProjectTokenDeleteRequest) Reset() { *m = ProjectTokenDeleteRequest{} } @@ -90,18 +90,19 @@ func (m *ProjectTokenDeleteRequest) GetRole() string { return "" } -func (m *ProjectTokenDeleteRequest) GetIssuedAt() int64 { +func (m *ProjectTokenDeleteRequest) GetIat() int64 { if m != nil { - return m.IssuedAt + return m.Iat } return 0 } // ProjectTokenCreateRequest defines project token creation parameters. type ProjectTokenCreateRequest struct { - Project string `protobuf:"bytes,1,opt,name=project,proto3" json:"project,omitempty"` - Role string `protobuf:"bytes,2,opt,name=role,proto3" json:"role,omitempty"` - SecondsBeforeExpiry int64 `protobuf:"varint,3,opt,name=secondsBeforeExpiry,proto3" json:"secondsBeforeExpiry,omitempty"` + Project string `protobuf:"bytes,1,opt,name=project,proto3" json:"project,omitempty"` + Role string `protobuf:"bytes,2,opt,name=role,proto3" json:"role,omitempty"` + // expiresIn represents a duration in seconds + ExpiresIn int64 `protobuf:"varint,3,opt,name=expiresIn,proto3" json:"expiresIn,omitempty"` } func (m *ProjectTokenCreateRequest) Reset() { *m = ProjectTokenCreateRequest{} } @@ -123,9 +124,9 @@ func (m *ProjectTokenCreateRequest) GetRole() string { return "" } -func (m *ProjectTokenCreateRequest) GetSecondsBeforeExpiry() int64 { +func (m *ProjectTokenCreateRequest) GetExpiresIn() int64 { if m != nil { - return m.SecondsBeforeExpiry + return m.ExpiresIn } return 0 } @@ -572,10 +573,10 @@ func (m *ProjectTokenDeleteRequest) MarshalTo(dAtA []byte) (int, error) { i = encodeVarintProject(dAtA, i, uint64(len(m.Role))) i += copy(dAtA[i:], m.Role) } - if m.IssuedAt != 0 { + if m.Iat != 0 { dAtA[i] = 0x18 i++ - i = encodeVarintProject(dAtA, i, uint64(m.IssuedAt)) + i = encodeVarintProject(dAtA, i, uint64(m.Iat)) } return i, nil } @@ -607,10 +608,10 @@ func (m *ProjectTokenCreateRequest) MarshalTo(dAtA []byte) (int, error) { i = encodeVarintProject(dAtA, i, uint64(len(m.Role))) i += copy(dAtA[i:], m.Role) } - if m.SecondsBeforeExpiry != 0 { + if m.ExpiresIn != 0 { dAtA[i] = 0x18 i++ - i = encodeVarintProject(dAtA, i, uint64(m.SecondsBeforeExpiry)) + i = encodeVarintProject(dAtA, i, uint64(m.ExpiresIn)) } return i, nil } @@ -739,8 +740,8 @@ func (m *ProjectTokenDeleteRequest) Size() (n int) { if l > 0 { n += 1 + l + sovProject(uint64(l)) } - if m.IssuedAt != 0 { - n += 1 + sovProject(uint64(m.IssuedAt)) + if m.Iat != 0 { + n += 1 + sovProject(uint64(m.Iat)) } return n } @@ -756,8 +757,8 @@ func (m *ProjectTokenCreateRequest) Size() (n int) { if l > 0 { n += 1 + l + sovProject(uint64(l)) } - if m.SecondsBeforeExpiry != 0 { - n += 1 + sovProject(uint64(m.SecondsBeforeExpiry)) + if m.ExpiresIn != 0 { + n += 1 + sovProject(uint64(m.ExpiresIn)) } return n } @@ -983,9 +984,9 @@ func (m *ProjectTokenDeleteRequest) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 3: if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field IssuedAt", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Iat", wireType) } - m.IssuedAt = 0 + m.Iat = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowProject @@ -995,7 +996,7 @@ func (m *ProjectTokenDeleteRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.IssuedAt |= (int64(b) & 0x7F) << shift + m.Iat |= (int64(b) & 0x7F) << shift if b < 0x80 { break } @@ -1110,9 +1111,9 @@ func (m *ProjectTokenCreateRequest) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 3: if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field SecondsBeforeExpiry", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ExpiresIn", wireType) } - m.SecondsBeforeExpiry = 0 + m.ExpiresIn = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowProject @@ -1122,7 +1123,7 @@ func (m *ProjectTokenCreateRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.SecondsBeforeExpiry |= (int64(b) & 0x7F) << shift + m.ExpiresIn |= (int64(b) & 0x7F) << shift if b < 0x80 { break } @@ -1547,48 +1548,47 @@ var ( func init() { proto.RegisterFile("server/project/project.proto", fileDescriptorProject) } var fileDescriptorProject = []byte{ - // 679 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x55, 0xdd, 0x6a, 0x13, 0x41, - 0x14, 0x66, 0xdb, 0x1a, 0xeb, 0xd4, 0x3f, 0xc6, 0x56, 0xd3, 0xd8, 0xc6, 0x32, 0x17, 0x52, 0x82, - 0x9d, 0x31, 0xad, 0x42, 0xf1, 0xae, 0xd5, 0x20, 0x05, 0x2f, 0x34, 0x2a, 0x88, 0x37, 0x65, 0xba, - 0x39, 0x6e, 0xb7, 0x49, 0x76, 0xc6, 0x99, 0xc9, 0x6a, 0x28, 0x05, 0x29, 0x5e, 0xe9, 0xa5, 0x8f, - 0x20, 0xf8, 0x2c, 0x5e, 0x0a, 0xbe, 0x80, 0x14, 0x1f, 0x44, 0x66, 0x76, 0x37, 0xe9, 0x36, 0xdd, - 0x42, 0x21, 0x78, 0xb5, 0x67, 0x66, 0xce, 0xcc, 0xf7, 0x7d, 0xe7, 0x67, 0x0f, 0x5a, 0xd0, 0xa0, - 0x62, 0x50, 0x4c, 0x2a, 0xb1, 0x07, 0xbe, 0xc9, 0xbe, 0x54, 0x2a, 0x61, 0x04, 0xbe, 0x98, 0x2e, - 0x2b, 0xb3, 0x81, 0x08, 0x84, 0xdb, 0x63, 0xd6, 0x4a, 0x8e, 0x2b, 0x0b, 0x81, 0x10, 0x41, 0x07, - 0x18, 0x97, 0x21, 0xe3, 0x51, 0x24, 0x0c, 0x37, 0xa1, 0x88, 0x74, 0x7a, 0x4a, 0xda, 0xeb, 0x9a, - 0x86, 0xc2, 0x9d, 0xfa, 0x42, 0x01, 0x8b, 0xeb, 0x2c, 0x80, 0x08, 0x14, 0x37, 0xd0, 0x4a, 0x7d, - 0x1e, 0x0c, 0x7d, 0xba, 0xdc, 0xdf, 0x0d, 0x23, 0x50, 0x7d, 0x26, 0xdb, 0x81, 0xdd, 0xd0, 0xac, - 0x0b, 0x86, 0x9f, 0x76, 0x6b, 0x2b, 0x08, 0xcd, 0x6e, 0x6f, 0x87, 0xfa, 0xa2, 0xcb, 0xb8, 0x72, - 0xc4, 0xf6, 0x9c, 0xb1, 0xe2, 0xb7, 0x86, 0xb7, 0xb9, 0x94, 0x9d, 0xd0, 0x77, 0x94, 0x58, 0x5c, - 0xe7, 0x1d, 0xb9, 0xcb, 0x47, 0x9e, 0x22, 0x1f, 0xd0, 0xec, 0xf3, 0x44, 0xe3, 0x63, 0x05, 0xdc, - 0x40, 0x13, 0xde, 0xf7, 0x40, 0x1b, 0xbc, 0x8d, 0x32, 0xed, 0x65, 0x6f, 0xc9, 0x5b, 0x9e, 0x59, - 0x6d, 0xd0, 0x21, 0x28, 0xcd, 0x40, 0x9d, 0xb1, 0xed, 0xb7, 0xa8, 0x6c, 0x07, 0xd4, 0x82, 0xd2, - 0x63, 0xa0, 0x34, 0x03, 0xa5, 0x1b, 0x52, 0xa6, 0x20, 0xcd, 0xec, 0x55, 0x02, 0x68, 0x3e, 0xdd, - 0x7b, 0x25, 0xda, 0x10, 0x3d, 0x81, 0x0e, 0x0c, 0xd1, 0xcb, 0x79, 0xf4, 0x4b, 0x83, 0x6b, 0x18, - 0xa3, 0x29, 0x25, 0x3a, 0x50, 0x9e, 0x70, 0xdb, 0xce, 0xc6, 0x15, 0x34, 0x1d, 0x6a, 0xdd, 0x83, - 0xd6, 0x86, 0x29, 0x4f, 0x2e, 0x79, 0xcb, 0x93, 0xcd, 0xc1, 0x9a, 0xec, 0xe7, 0x61, 0xf2, 0x22, - 0xcf, 0x07, 0x73, 0x1f, 0xdd, 0xd0, 0xe0, 0x8b, 0xa8, 0xa5, 0x37, 0xe1, 0x9d, 0x50, 0xd0, 0xf8, - 0x28, 0x43, 0xd5, 0x4f, 0x11, 0x4f, 0x3b, 0x22, 0xf7, 0x06, 0xc1, 0x75, 0xe0, 0x4d, 0xd0, 0x52, - 0x44, 0x1a, 0xf0, 0x2c, 0xba, 0x60, 0xec, 0x46, 0x8a, 0x9a, 0x2c, 0x08, 0x41, 0x97, 0x53, 0xef, - 0x17, 0x3d, 0x50, 0x7d, 0xcb, 0x21, 0xe2, 0x5d, 0x48, 0x9d, 0x9c, 0x7d, 0x2c, 0x5d, 0xaf, 0x65, - 0xeb, 0x7f, 0xa6, 0xeb, 0x1a, 0xba, 0xd2, 0xe8, 0x4a, 0xd3, 0xcf, 0x34, 0xac, 0xfe, 0x98, 0x46, - 0x57, 0x53, 0xaf, 0x97, 0xa0, 0xe2, 0xd0, 0x07, 0xfc, 0xc5, 0x43, 0x33, 0x49, 0x80, 0x9d, 0x5c, - 0x4c, 0x68, 0xd6, 0x4d, 0x85, 0x29, 0xa8, 0x2c, 0x9e, 0xea, 0x93, 0xa1, 0x90, 0xf5, 0xc3, 0xdf, - 0x7f, 0xbf, 0x4d, 0xac, 0x92, 0x15, 0xd7, 0x45, 0x71, 0x3d, 0xeb, 0x4f, 0xcd, 0xf6, 0x53, 0xeb, - 0x80, 0xd9, 0xe4, 0x68, 0xb6, 0x6f, 0x3f, 0x07, 0xcc, 0x85, 0xf2, 0x91, 0x57, 0xc3, 0x9f, 0x3c, - 0x34, 0x93, 0x14, 0xd5, 0x59, 0x64, 0x72, 0x65, 0x57, 0xb9, 0x39, 0xf0, 0xc9, 0x69, 0x25, 0x0f, - 0x1d, 0x0b, 0x56, 0x3b, 0x1f, 0x0b, 0xfc, 0xd5, 0x43, 0xa5, 0x44, 0x2d, 0x1e, 0x91, 0x99, 0x8f, - 0xc2, 0x78, 0xb2, 0x45, 0x6e, 0x3b, 0x9e, 0x73, 0xe4, 0xfa, 0x49, 0x9e, 0x36, 0x20, 0x87, 0x1e, - 0x9a, 0x7a, 0x16, 0x6a, 0x83, 0xe7, 0x4e, 0x72, 0x71, 0xe5, 0x56, 0xd9, 0x1a, 0x0b, 0x07, 0x8b, - 0x40, 0xca, 0x8e, 0x07, 0xc6, 0x23, 0x3c, 0xf0, 0x67, 0x0f, 0x4d, 0x3e, 0x85, 0x42, 0x0e, 0x63, - 0x8a, 0xc3, 0x1d, 0x87, 0x3f, 0x8f, 0x6f, 0x8d, 0xe6, 0xcb, 0x76, 0xd1, 0x01, 0xfe, 0xee, 0xa1, - 0x52, 0xd2, 0x40, 0xa3, 0x99, 0xc9, 0x35, 0xd6, 0xb8, 0x18, 0xad, 0x39, 0x46, 0x2b, 0x95, 0xe5, - 0xc2, 0x0a, 0xa2, 0xf6, 0x67, 0xdf, 0xe2, 0x86, 0x53, 0x47, 0xd1, 0x66, 0xec, 0x0d, 0x2a, 0x25, - 0xf5, 0x59, 0x14, 0xae, 0xa2, 0x7a, 0x4d, 0xf5, 0xd7, 0x0a, 0xf5, 0xef, 0x21, 0x64, 0x13, 0xd5, - 0x88, 0x21, 0x32, 0xba, 0xe8, 0xf5, 0x45, 0x9a, 0x0c, 0x27, 0xab, 0x90, 0xda, 0x01, 0x46, 0xe3, - 0x3a, 0x75, 0x57, 0x5c, 0x92, 0xef, 0x3a, 0x90, 0x25, 0x5c, 0x2d, 0x00, 0x61, 0xe0, 0x5e, 0xdf, - 0x5c, 0xff, 0x79, 0x54, 0xf5, 0x7e, 0x1d, 0x55, 0xbd, 0x3f, 0x47, 0x55, 0xef, 0x6d, 0xed, 0xac, - 0xd1, 0x95, 0x9f, 0xc5, 0x3b, 0x25, 0x37, 0xa2, 0xd6, 0xfe, 0x05, 0x00, 0x00, 0xff, 0xff, 0x49, - 0xa0, 0x8a, 0x0e, 0xa4, 0x07, 0x00, 0x00, + // 669 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x55, 0x5d, 0x6b, 0x13, 0x4d, + 0x14, 0x66, 0x9b, 0xbe, 0x79, 0xed, 0xd4, 0x8f, 0x32, 0xb4, 0x9a, 0xc6, 0x36, 0x96, 0xb9, 0x90, + 0x12, 0xec, 0x0c, 0x69, 0x15, 0x8a, 0x77, 0x7e, 0x14, 0x29, 0x78, 0xa1, 0x51, 0x41, 0xf4, 0xa2, + 0x4c, 0x37, 0x87, 0xed, 0x36, 0xc9, 0xce, 0x38, 0x3b, 0x5d, 0x2d, 0xa5, 0x20, 0xc5, 0x2b, 0xbd, + 0xf4, 0x27, 0x08, 0xfe, 0x16, 0x2f, 0x05, 0xff, 0x80, 0x14, 0x7f, 0x88, 0xcc, 0xd9, 0xdd, 0xa4, + 0xdb, 0x74, 0x0b, 0x85, 0xe0, 0x55, 0xce, 0x9e, 0x39, 0x73, 0x9e, 0xe7, 0x39, 0x1f, 0x19, 0xb2, + 0x10, 0x83, 0x49, 0xc0, 0x08, 0x6d, 0xd4, 0x2e, 0xf8, 0x36, 0xff, 0xe5, 0xda, 0x28, 0xab, 0xe8, + 0xff, 0xd9, 0x67, 0x7d, 0x36, 0x50, 0x81, 0x42, 0x9f, 0x70, 0x56, 0x7a, 0x5c, 0x5f, 0x08, 0x94, + 0x0a, 0x7a, 0x20, 0xa4, 0x0e, 0x85, 0x8c, 0x22, 0x65, 0xa5, 0x0d, 0x55, 0x14, 0x67, 0xa7, 0xac, + 0xbb, 0x1e, 0xf3, 0x50, 0xe1, 0xa9, 0xaf, 0x0c, 0x88, 0xa4, 0x25, 0x02, 0x88, 0xc0, 0x48, 0x0b, + 0x9d, 0x2c, 0xe6, 0xee, 0x30, 0xa6, 0x2f, 0xfd, 0x9d, 0x30, 0x02, 0xb3, 0x2f, 0x74, 0x37, 0x70, + 0x8e, 0x58, 0xf4, 0xc1, 0xca, 0xb3, 0x6e, 0x6d, 0x06, 0xa1, 0xdd, 0xd9, 0xdb, 0xe6, 0xbe, 0xea, + 0x0b, 0x69, 0x90, 0xd8, 0x2e, 0x1a, 0x2b, 0x7e, 0x67, 0x78, 0x5b, 0x6a, 0xdd, 0x0b, 0x7d, 0xa4, + 0x24, 0x92, 0x96, 0xec, 0xe9, 0x1d, 0x39, 0x92, 0x8a, 0xbd, 0x27, 0xb3, 0xcf, 0x52, 0x8d, 0x8f, + 0x0c, 0x48, 0x0b, 0x6d, 0x78, 0xb7, 0x07, 0xb1, 0xa5, 0x5b, 0x24, 0xd7, 0x5e, 0xf3, 0x96, 0xbc, + 0xe5, 0xe9, 0xd5, 0x0d, 0x3e, 0x04, 0xe5, 0x39, 0x28, 0x1a, 0x5b, 0x7e, 0x87, 0xeb, 0x6e, 0xc0, + 0x1d, 0x28, 0x3f, 0x01, 0xca, 0x73, 0x50, 0xfe, 0x40, 0xeb, 0x0c, 0xa4, 0x9d, 0x67, 0x65, 0x6f, + 0xc9, 0x7c, 0xe6, 0x7b, 0xa9, 0xba, 0x10, 0x3d, 0x86, 0x1e, 0x0c, 0xd1, 0x6b, 0x45, 0xf4, 0xa9, + 0xc1, 0x35, 0x4a, 0xc9, 0xa4, 0x51, 0x3d, 0xa8, 0x4d, 0xa0, 0x1b, 0x6d, 0x3a, 0x43, 0x2a, 0xa1, + 0xb4, 0xb5, 0xca, 0x92, 0xb7, 0x5c, 0x69, 0x3b, 0x93, 0x05, 0xc5, 0xe4, 0x45, 0x69, 0x17, 0x4b, + 0xbe, 0x40, 0xa6, 0xe0, 0x83, 0x0e, 0x0d, 0xc4, 0x9b, 0x51, 0x06, 0x31, 0x74, 0xb0, 0x3b, 0x83, + 0xf2, 0x21, 0x50, 0x1b, 0x62, 0xad, 0xa2, 0x18, 0xe8, 0x2c, 0xf9, 0xcf, 0x3a, 0x47, 0x86, 0x90, + 0x7e, 0x30, 0x46, 0x2e, 0x67, 0xd1, 0xcf, 0xf7, 0xc0, 0xec, 0x3b, 0xbc, 0x48, 0xf6, 0x21, 0x0b, + 0x42, 0xfb, 0x44, 0x43, 0x5e, 0xe9, 0xce, 0xbf, 0x6c, 0xc8, 0x35, 0x72, 0x65, 0xa3, 0xaf, 0xed, + 0x7e, 0xae, 0x61, 0xf5, 0xfb, 0x25, 0x72, 0x35, 0x8b, 0x7a, 0x01, 0x26, 0x09, 0x7d, 0xa0, 0x9f, + 0x3d, 0x32, 0x9d, 0x16, 0x13, 0xe5, 0x52, 0xc6, 0xf3, 0x7d, 0x29, 0x2d, 0x77, 0x7d, 0xf1, 0xcc, + 0x98, 0x1c, 0x85, 0xad, 0x1f, 0xfd, 0xfa, 0xf3, 0x75, 0x62, 0x95, 0xad, 0xe0, 0x9e, 0x24, 0xad, + 0x7c, 0x03, 0x63, 0x71, 0x90, 0x59, 0x87, 0xc2, 0x35, 0x22, 0x16, 0x07, 0xee, 0xe7, 0x50, 0x60, + 0x29, 0xef, 0x7b, 0x4d, 0xfa, 0xd1, 0x23, 0xd3, 0xe9, 0xd8, 0x9c, 0x47, 0xa6, 0x30, 0x58, 0xf5, + 0xeb, 0x83, 0x98, 0x82, 0x56, 0x76, 0x0f, 0x59, 0x88, 0xe6, 0xc5, 0x58, 0xd0, 0x2f, 0x1e, 0xa9, + 0xa6, 0x6a, 0xe9, 0x88, 0xcc, 0x62, 0x15, 0xc6, 0xd3, 0x2d, 0x76, 0x13, 0x79, 0xce, 0xb1, 0x99, + 0xd3, 0x3c, 0x5d, 0x41, 0x8e, 0x3c, 0x32, 0xf9, 0x34, 0x8c, 0x2d, 0x9d, 0x3b, 0xcd, 0x05, 0xc7, + 0xad, 0xbe, 0x39, 0x16, 0x0e, 0x0e, 0x81, 0xd5, 0x90, 0x07, 0xa5, 0x23, 0x3c, 0xe8, 0x27, 0x8f, + 0x54, 0x9e, 0x40, 0x29, 0x87, 0x31, 0xd5, 0xe1, 0x16, 0xe2, 0xcf, 0xd3, 0x1b, 0xa3, 0xfd, 0x72, + 0x5b, 0x74, 0x48, 0xbf, 0x79, 0xa4, 0x9a, 0x2e, 0xd0, 0x68, 0x67, 0x0a, 0x8b, 0x35, 0x2e, 0x46, + 0x6b, 0xc8, 0x68, 0xa5, 0xbe, 0x5c, 0x3a, 0x41, 0xdc, 0xfd, 0x9d, 0x77, 0xa4, 0x95, 0x1c, 0x29, + 0xba, 0x8e, 0xbd, 0x26, 0xd5, 0x74, 0x3e, 0xcb, 0xca, 0x55, 0x36, 0xaf, 0x99, 0xfe, 0x66, 0xa9, + 0xfe, 0x5d, 0x42, 0x5c, 0xa3, 0x36, 0x12, 0x88, 0x6c, 0x5c, 0x96, 0x7d, 0x91, 0xa7, 0xcf, 0x8f, + 0x53, 0xc8, 0xdd, 0x13, 0xc5, 0x93, 0x16, 0xc7, 0x2b, 0xd8, 0xe4, 0xdb, 0x08, 0xb2, 0x44, 0x1b, + 0x25, 0x20, 0x02, 0x30, 0xfb, 0xc3, 0xf5, 0x1f, 0xc7, 0x0d, 0xef, 0xe7, 0x71, 0xc3, 0xfb, 0x7d, + 0xdc, 0xf0, 0xde, 0x34, 0xcf, 0x7b, 0x9c, 0x8a, 0xaf, 0xed, 0x76, 0x15, 0x1f, 0xa1, 0xb5, 0xbf, + 0x01, 0x00, 0x00, 0xff, 0xff, 0xea, 0x51, 0x0e, 0x79, 0x86, 0x07, 0x00, 0x00, } diff --git a/server/project/project.proto b/server/project/project.proto index 960b3d61e33c5..aa03745bb2c95 100644 --- a/server/project/project.proto +++ b/server/project/project.proto @@ -22,14 +22,15 @@ message ProjectCreateRequest { message ProjectTokenDeleteRequest { string project = 1; string role = 2; - int64 issuedAt = 3; + int64 iat = 3; } -// ProjectTokenCreateRequest defines project token creation parameters. +// ProjectTokenCreateRequest defines project token creation parameters. message ProjectTokenCreateRequest { string project = 1; string role = 2; - int64 secondsBeforeExpiry = 3; + // expiresIn represents a duration in seconds + int64 expiresIn = 3; } // ProjectTokenResponse wraps the created token or returns an empty string if deleted. message ProjectTokenResponse { diff --git a/server/project/project_test.go b/server/project/project_test.go index 3547c9c09d9fc..981b8ce71a9a7 100644 --- a/server/project/project_test.go +++ b/server/project/project_test.go @@ -136,7 +136,7 @@ func TestProjectServer(t *testing.T) { tokenName := "testToken" projectWithRole.Spec.Roles = []v1alpha1.ProjectRole{{Name: tokenName}} projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projectWithRole), enforcer, util.NewKeyLock(), sessionMgr) - tokenResponse, err := projectServer.CreateToken(context.Background(), &ProjectTokenCreateRequest{Project: projectWithRole.Name, Role: tokenName, SecondsBeforeExpiry: 1}) + tokenResponse, err := projectServer.CreateToken(context.Background(), &ProjectTokenCreateRequest{Project: projectWithRole.Name, Role: tokenName, ExpiresIn: 1}) assert.Nil(t, err) claims, err := sessionMgr.Parse(tokenResponse.Token) assert.Nil(t, err) @@ -159,7 +159,7 @@ func TestProjectServer(t *testing.T) { projWithToken.Spec.Roles = append(projWithToken.Spec.Roles, token) projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, util.NewKeyLock(), sessionMgr) - _, err := projectServer.DeleteToken(context.Background(), &ProjectTokenDeleteRequest{Project: projWithToken.Name, Role: tokenName, IssuedAt: issuedAt}) + _, err := projectServer.DeleteToken(context.Background(), &ProjectTokenDeleteRequest{Project: projWithToken.Name, Role: tokenName, Iat: issuedAt}) assert.Nil(t, err) projWithoutToken, err := projectServer.Get(context.Background(), &ProjectQuery{Name: projWithToken.Name}) assert.Nil(t, err) diff --git a/server/swagger.json b/server/swagger.json index 5aa7777a9b1a3..091b9da85dc89 100644 --- a/server/swagger.json +++ b/server/swagger.json @@ -1407,15 +1407,16 @@ "description": "ProjectTokenCreateRequest defines project token creation parameters.", "type": "object", "properties": { + "expiresIn": { + "type": "string", + "format": "int64", + "title": "expiresIn represents a duration in seconds" + }, "project": { "type": "string" }, "role": { "type": "string" - }, - "secondsBeforeExpiry": { - "type": "string", - "format": "int64" } } }, From b394685ba965eb6d3d182a1361fc7400a12ba5ba Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Tue, 14 Aug 2018 10:53:39 -0700 Subject: [PATCH 40/43] Remove duplicate validation in CLI --- cmd/argocd/commands/project.go | 3 --- 1 file changed, 3 deletions(-) diff --git a/cmd/argocd/commands/project.go b/cmd/argocd/commands/project.go index dea5846a4458f..b7f6332d9591a 100644 --- a/cmd/argocd/commands/project.go +++ b/cmd/argocd/commands/project.go @@ -131,9 +131,6 @@ func NewProjectRoleAddPolicyCommand(clientOpts *argocdclient.ClientOptions) *cob log.Fatal("Objects needs to longer than 0 characters") } - if opts.permission != "allow" && opts.permission != "deny" { - log.Fatal("Permission flag can only have the values 'allow' or 'deny'") - } projName := args[0] roleName := args[1] From b90118e769dafcbfc940449d05a81841239eee68 Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Tue, 14 Aug 2018 11:07:53 -0700 Subject: [PATCH 41/43] Add description to the role --- cmd/argocd/commands/project.go | 14 +- pkg/apis/application/v1alpha1/generated.pb.go | 365 ++++++++++-------- pkg/apis/application/v1alpha1/generated.proto | 6 +- pkg/apis/application/v1alpha1/types.go | 7 +- server/project/project.pb.go | 143 ++++--- server/project/project.proto | 5 +- server/swagger.json | 6 + 7 files changed, 323 insertions(+), 223 deletions(-) diff --git a/cmd/argocd/commands/project.go b/cmd/argocd/commands/project.go index b7f6332d9591a..eb70875ef7021 100644 --- a/cmd/argocd/commands/project.go +++ b/cmd/argocd/commands/project.go @@ -219,6 +219,9 @@ func NewProjectRoleRemovePolicyCommand(clientOpts *argocdclient.ClientOptions) * // NewProjectRoleCreateCommand returns a new instance of an `argocd proj role create` command func NewProjectRoleCreateCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { + var ( + description string + ) var command = &cobra.Command{ Use: "create PROJECT ROLE-NAME", Short: "Create a project role", @@ -239,12 +242,13 @@ func NewProjectRoleCreateCommand(clientOpts *argocdclient.ClientOptions) *cobra. if err == nil { return } - proj.Spec.Roles = append(proj.Spec.Roles, v1alpha1.ProjectRole{Name: roleName}) + proj.Spec.Roles = append(proj.Spec.Roles, v1alpha1.ProjectRole{Name: roleName, Description: description}) _, err = projIf.Update(context.Background(), &project.ProjectUpdateRequest{Project: proj}) errors.CheckError(err) }, } + command.Flags().StringVarP(&description, "description", "", "desc", "Project description") return command } @@ -286,7 +290,7 @@ func NewProjectRoleCreateTokenCommand(clientOpts *argocdclient.ClientOptions) *c expiresIn string ) var command = &cobra.Command{ - Use: "create-token PROJECT TOKEN-NAME [--expires-in 1d]", + Use: "create-token PROJECT TOKEN-NAME", Short: "Create a project token", Run: func(c *cobra.Command, args []string) { if len(args) != 2 { @@ -353,15 +357,15 @@ func NewProjectRoleListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co project, err := projIf.Get(context.Background(), &project.ProjectQuery{Name: projName}) errors.CheckError(err) w := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0) - fmt.Fprintf(w, "ROLE-NAME\tISSUED-AT\tEXPIRES-AT\tPOLICIES\n") + fmt.Fprintf(w, "ROLE-NAME\tDESCRIPTION\tISSUED-AT\tEXPIRES-AT\tPOLICIES\n") for _, role := range project.Spec.Roles { fmt.Fprintf(w, "%s\n", role.Name) if role.JWTTokens != nil { for _, token := range role.JWTTokens { - fmt.Fprintf(w, "%s\t%d\t%d\n", role.Name, token.IssuedAt, token.ExpiresAt) + fmt.Fprintf(w, "%s\t%s\t%d\t%d\n", role.Name, role.Description, token.IssuedAt, token.ExpiresAt) for _, policy := range role.Policies { - fmt.Fprintf(w, "%s\t%d\t%d\t%s\n", role.Name, token.IssuedAt, token.ExpiresAt, policy) + fmt.Fprintf(w, "%s\t%s\t%d\t%d\t%s\n", role.Name, role.Description, token.IssuedAt, token.ExpiresAt, policy) } } } diff --git a/pkg/apis/application/v1alpha1/generated.pb.go b/pkg/apis/application/v1alpha1/generated.pb.go index 0880fc85d060b..c5be0bc4bc0b6 100644 --- a/pkg/apis/application/v1alpha1/generated.pb.go +++ b/pkg/apis/application/v1alpha1/generated.pb.go @@ -1249,9 +1249,13 @@ func (m *ProjectRole) MarshalTo(dAtA []byte) (int, error) { i++ i = encodeVarintGenerated(dAtA, i, uint64(len(m.Name))) i += copy(dAtA[i:], m.Name) + dAtA[i] = 0x12 + i++ + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Description))) + i += copy(dAtA[i:], m.Description) if len(m.Policies) > 0 { for _, s := range m.Policies { - dAtA[i] = 0x12 + dAtA[i] = 0x1a i++ l = len(s) for l >= 1<<7 { @@ -1266,7 +1270,7 @@ func (m *ProjectRole) MarshalTo(dAtA []byte) (int, error) { } if len(m.JWTTokens) > 0 { for _, msg := range m.JWTTokens { - dAtA[i] = 0x1a + dAtA[i] = 0x22 i++ i = encodeVarintGenerated(dAtA, i, uint64(msg.Size())) n, err := msg.MarshalTo(dAtA[i:]) @@ -2129,6 +2133,8 @@ func (m *ProjectRole) Size() (n int) { _ = l l = len(m.Name) n += 1 + l + sovGenerated(uint64(l)) + l = len(m.Description) + n += 1 + l + sovGenerated(uint64(l)) if len(m.Policies) > 0 { for _, s := range m.Policies { l = len(s) @@ -2622,6 +2628,7 @@ func (this *ProjectRole) String() string { } s := strings.Join([]string{`&ProjectRole{`, `Name:` + fmt.Sprintf("%v", this.Name) + `,`, + `Description:` + fmt.Sprintf("%v", this.Description) + `,`, `Policies:` + fmt.Sprintf("%v", this.Policies) + `,`, `JWTTokens:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.JWTTokens), "JWTToken", "JWTToken", 1), `&`, ``, 1) + `,`, `}`, @@ -6329,6 +6336,35 @@ func (m *ProjectRole) Unmarshal(dAtA []byte) error { m.Name = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Description", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Description = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field Policies", wireType) } @@ -6357,7 +6393,7 @@ func (m *ProjectRole) Unmarshal(dAtA []byte) error { } m.Policies = append(m.Policies, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex - case 3: + case 4: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field JWTTokens", wireType) } @@ -8189,166 +8225,167 @@ func init() { } var fileDescriptorGenerated = []byte{ - // 2570 bytes of a gzipped FileDescriptorProto + // 2577 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xd4, 0x59, 0x4b, 0x8c, 0x1c, 0x47, - 0x19, 0x76, 0xcf, 0x6b, 0x67, 0xfe, 0xd9, 0x87, 0x5d, 0x79, 0xb0, 0x38, 0xd2, 0xee, 0xaa, 0xcd, - 0xc3, 0xa0, 0x64, 0x06, 0x1b, 0x0c, 0xe6, 0x21, 0x24, 0xcf, 0xac, 0x1d, 0xaf, 0xd7, 0x8f, 0xa5, - 0x66, 0x93, 0x48, 0x21, 0x0a, 0xb4, 0x7b, 0x6a, 0x67, 0xda, 0x33, 0xd3, 0xdd, 0xe9, 0xaa, 0x19, - 0x7b, 0x24, 0x82, 0x82, 0x10, 0x12, 0x4f, 0x09, 0x84, 0x10, 0x57, 0x0e, 0x9c, 0x10, 0x12, 0x12, - 0xe2, 0x84, 0xc4, 0x01, 0x0e, 0xc8, 0x37, 0x72, 0x00, 0x11, 0x05, 0xb4, 0xc2, 0x9b, 0x4b, 0x24, - 0x0e, 0x9c, 0xb8, 0xe4, 0x84, 0xea, 0xd1, 0x5d, 0xd5, 0x3d, 0xbb, 0xec, 0xae, 0x67, 0x6c, 0xc8, - 0xad, 0xfb, 0xff, 0xff, 0xfe, 0xbf, 0xbf, 0xfe, 0xfa, 0xeb, 0x7f, 0x54, 0xc3, 0x46, 0xc7, 0x63, - 0xdd, 0xe1, 0xed, 0x9a, 0x1b, 0x0c, 0xea, 0x4e, 0xd4, 0x09, 0xc2, 0x28, 0xb8, 0x23, 0x1e, 0x9e, - 0x73, 0xdb, 0xf5, 0xb0, 0xd7, 0xa9, 0x3b, 0xa1, 0x47, 0xeb, 0x4e, 0x18, 0xf6, 0x3d, 0xd7, 0x61, - 0x5e, 0xe0, 0xd7, 0x47, 0xe7, 0x9c, 0x7e, 0xd8, 0x75, 0xce, 0xd5, 0x3b, 0xc4, 0x27, 0x91, 0xc3, - 0x48, 0xbb, 0x16, 0x46, 0x01, 0x0b, 0xd0, 0x67, 0xb5, 0xaa, 0x5a, 0xac, 0x4a, 0x3c, 0x7c, 0xc5, - 0x6d, 0xd7, 0xc2, 0x5e, 0xa7, 0xc6, 0x55, 0xd5, 0x0c, 0x55, 0xb5, 0x58, 0xd5, 0xe9, 0xe7, 0x0c, - 0x2b, 0x3a, 0x41, 0x27, 0xa8, 0x0b, 0x8d, 0xb7, 0x87, 0x3b, 0xe2, 0x4d, 0xbc, 0x88, 0x27, 0x89, - 0x74, 0xfa, 0x53, 0xbd, 0x8b, 0xb4, 0xe6, 0x05, 0xdc, 0xb6, 0x81, 0xe3, 0x76, 0x3d, 0x9f, 0x44, - 0x63, 0x6d, 0xec, 0x80, 0x30, 0xa7, 0x3e, 0x9a, 0xb0, 0xef, 0x74, 0xfd, 0xa0, 0xaf, 0xa2, 0xa1, - 0xcf, 0xbc, 0x01, 0x99, 0xf8, 0xe0, 0xd3, 0x87, 0x7d, 0x40, 0xdd, 0x2e, 0x19, 0x38, 0x13, 0xdf, - 0x7d, 0xf2, 0xa0, 0xef, 0x86, 0xcc, 0xeb, 0xd7, 0x3d, 0x9f, 0x51, 0x16, 0x65, 0x3f, 0xb2, 0xff, - 0x66, 0x01, 0x5c, 0x0a, 0xc3, 0xad, 0x28, 0xb8, 0x43, 0x5c, 0x86, 0xbe, 0x0a, 0x65, 0xbe, 0x8e, - 0xb6, 0xc3, 0x9c, 0x65, 0x6b, 0xcd, 0x3a, 0x5b, 0x3d, 0xff, 0x89, 0x9a, 0x54, 0x5b, 0x33, 0xd5, - 0x6a, 0xbf, 0x72, 0xe9, 0xda, 0xe8, 0x5c, 0xed, 0xd6, 0x6d, 0xfe, 0xfd, 0x0d, 0xc2, 0x9c, 0x06, - 0xba, 0xbf, 0xbb, 0x7a, 0x62, 0x6f, 0x77, 0x15, 0x34, 0x0d, 0x27, 0x5a, 0x51, 0x0f, 0x0a, 0x34, - 0x24, 0xee, 0x72, 0x4e, 0x68, 0xdf, 0xa8, 0x3d, 0xf4, 0xee, 0xd5, 0xb4, 0xd9, 0xad, 0x90, 0xb8, - 0x8d, 0x79, 0x05, 0x5b, 0xe0, 0x6f, 0x58, 0x80, 0xd8, 0x6f, 0x5b, 0xb0, 0xa8, 0xc5, 0xae, 0x7b, - 0x94, 0xa1, 0x57, 0x26, 0x56, 0x58, 0x3b, 0xda, 0x0a, 0xf9, 0xd7, 0x62, 0x7d, 0x27, 0x15, 0x50, - 0x39, 0xa6, 0x18, 0xab, 0xbb, 0x03, 0x45, 0x8f, 0x91, 0x01, 0x5d, 0xce, 0xad, 0xe5, 0xcf, 0x56, - 0xcf, 0x5f, 0x9e, 0xc9, 0xf2, 0x1a, 0x0b, 0x0a, 0xb1, 0xb8, 0xc1, 0x75, 0x63, 0x09, 0x61, 0xff, - 0x3b, 0x67, 0x2e, 0x8e, 0xaf, 0x1a, 0x9d, 0x83, 0x2a, 0x0d, 0x86, 0x91, 0x4b, 0x30, 0x09, 0x03, - 0xba, 0x6c, 0xad, 0xe5, 0xcf, 0x56, 0x1a, 0x4b, 0x7b, 0xbb, 0xab, 0xd5, 0x96, 0x26, 0x63, 0x53, - 0x06, 0x7d, 0xcf, 0x82, 0xf9, 0x36, 0xa1, 0xcc, 0xf3, 0x05, 0x7e, 0x6c, 0xf9, 0x97, 0xa6, 0xb3, - 0x3c, 0x26, 0xae, 0x6b, 0xcd, 0x8d, 0x27, 0xd5, 0x2a, 0xe6, 0x0d, 0x22, 0xc5, 0x29, 0x70, 0x74, - 0x01, 0xaa, 0x6d, 0x42, 0xdd, 0xc8, 0x0b, 0xf9, 0xfb, 0x72, 0x7e, 0xcd, 0x3a, 0x5b, 0x69, 0x3c, - 0xa1, 0x3e, 0xac, 0xae, 0x6b, 0x16, 0x36, 0xe5, 0x50, 0x0f, 0x8a, 0x51, 0xd0, 0x27, 0x74, 0xb9, - 0x20, 0x8c, 0xbf, 0x32, 0x85, 0xf1, 0xca, 0x9d, 0x38, 0xe8, 0x13, 0xed, 0x77, 0xfe, 0x46, 0xb1, - 0xc4, 0xb0, 0xff, 0x98, 0x87, 0xaa, 0xb1, 0xc4, 0xc7, 0x70, 0x66, 0xfa, 0xa9, 0x33, 0x73, 0x6d, - 0x36, 0x5b, 0x73, 0xd0, 0xa1, 0x41, 0x0c, 0x4a, 0x94, 0x39, 0x6c, 0x48, 0x85, 0xfb, 0xab, 0xe7, - 0xaf, 0xcf, 0x08, 0x4f, 0xe8, 0x6c, 0x2c, 0x2a, 0xc4, 0x92, 0x7c, 0xc7, 0x0a, 0x0b, 0xbd, 0x06, - 0x95, 0x20, 0xe4, 0xa9, 0x89, 0xef, 0x7b, 0x41, 0x00, 0xaf, 0x4f, 0x01, 0x7c, 0x2b, 0xd6, 0xd5, - 0x58, 0xd8, 0xdb, 0x5d, 0xad, 0x24, 0xaf, 0x58, 0xa3, 0xd8, 0x2e, 0x3c, 0x69, 0xd8, 0xd7, 0x0c, - 0xfc, 0xb6, 0x27, 0x36, 0x74, 0x0d, 0x0a, 0x6c, 0x1c, 0x12, 0xb1, 0x99, 0x15, 0xed, 0xa2, 0xed, - 0x71, 0x48, 0xb0, 0xe0, 0xa0, 0x8f, 0xc1, 0xdc, 0x80, 0x50, 0xea, 0x74, 0x88, 0xd8, 0x93, 0x4a, - 0x63, 0x49, 0x09, 0xcd, 0xdd, 0x90, 0x64, 0x1c, 0xf3, 0xed, 0xd7, 0xe0, 0xe9, 0xfd, 0xcf, 0x03, - 0xfa, 0x08, 0x94, 0x28, 0x89, 0x46, 0x24, 0x52, 0x40, 0xda, 0x33, 0x82, 0x8a, 0x15, 0x17, 0xd5, - 0xa1, 0xe2, 0x3b, 0x03, 0x42, 0x43, 0xc7, 0x8d, 0xe1, 0x4e, 0x29, 0xd1, 0xca, 0xcd, 0x98, 0x81, - 0xb5, 0x8c, 0xfd, 0x77, 0x0b, 0x96, 0x0c, 0xcc, 0xc7, 0x90, 0xf6, 0x7a, 0xe9, 0xb4, 0x77, 0x65, - 0x36, 0x11, 0x73, 0x40, 0xde, 0xfb, 0x7d, 0x1e, 0x4e, 0x99, 0x71, 0x25, 0x92, 0x19, 0xdf, 0x92, - 0x88, 0x84, 0xc1, 0x0b, 0xf8, 0xba, 0x72, 0x67, 0xb2, 0x25, 0x58, 0x92, 0x71, 0xcc, 0xe7, 0xfb, - 0x1b, 0x3a, 0xac, 0xab, 0x7c, 0x99, 0xec, 0xef, 0x96, 0xc3, 0xba, 0x58, 0x70, 0x78, 0x1a, 0x22, - 0xfe, 0xc8, 0x8b, 0x02, 0x7f, 0x40, 0x7c, 0x96, 0x4d, 0x43, 0x97, 0x35, 0x0b, 0x9b, 0x72, 0xe8, - 0x8b, 0xb0, 0xc8, 0x9c, 0xa8, 0x43, 0x18, 0x26, 0x23, 0x8f, 0xc6, 0x81, 0x5c, 0x69, 0x3c, 0xad, - 0xbe, 0x5c, 0xdc, 0x4e, 0x71, 0x71, 0x46, 0x1a, 0xfd, 0xc6, 0x82, 0x67, 0xdc, 0x60, 0x10, 0x06, - 0x3e, 0xf1, 0xd9, 0x96, 0x13, 0x39, 0x03, 0xc2, 0x48, 0x74, 0x6b, 0x44, 0xa2, 0xc8, 0x6b, 0x13, - 0xba, 0x5c, 0x14, 0xde, 0xbd, 0x31, 0x85, 0x77, 0x9b, 0x13, 0xda, 0x1b, 0x67, 0x94, 0x71, 0xcf, - 0x34, 0x0f, 0x46, 0xc6, 0xff, 0xcd, 0x2c, 0x5e, 0x75, 0x46, 0x4e, 0x7f, 0x48, 0xe8, 0x15, 0x8f, - 0xe7, 0xe0, 0x92, 0xae, 0x3a, 0x2f, 0x6a, 0x32, 0x36, 0x65, 0xec, 0xdf, 0xe5, 0x52, 0x21, 0xda, - 0x8a, 0xf3, 0x8e, 0xd8, 0x4b, 0x15, 0xa0, 0xb3, 0xca, 0x3b, 0x42, 0xa7, 0x71, 0xba, 0x64, 0xf1, - 0x53, 0x58, 0xe8, 0xdb, 0x96, 0x28, 0x39, 0xf1, 0xa9, 0x54, 0x39, 0xf6, 0x11, 0x94, 0x3f, 0xb3, - 0x8a, 0xc5, 0x44, 0x6c, 0x42, 0xf3, 0x10, 0x0e, 0x65, 0xf5, 0x51, 0x11, 0x97, 0x84, 0x70, 0x5c, - 0x94, 0x62, 0xbe, 0xfd, 0xb3, 0x52, 0xfa, 0x0c, 0xc8, 0x1c, 0xfa, 0x23, 0x0b, 0x4e, 0xf2, 0x8d, - 0x72, 0x22, 0x8f, 0x06, 0x3e, 0x26, 0x74, 0xd8, 0x67, 0xca, 0x99, 0x9b, 0x53, 0x06, 0x8d, 0xa9, - 0xb2, 0xb1, 0xac, 0xec, 0x3a, 0x99, 0xe5, 0xe0, 0x09, 0x78, 0xc4, 0x60, 0xae, 0xeb, 0x51, 0x16, - 0x44, 0x63, 0x95, 0x1c, 0xa6, 0x69, 0xf9, 0xd6, 0x49, 0xd8, 0x0f, 0xc6, 0xfc, 0xac, 0x6d, 0xf8, - 0x3b, 0x81, 0xf6, 0xcf, 0x55, 0x89, 0x80, 0x63, 0x28, 0xf4, 0x0d, 0x0b, 0x20, 0x8c, 0x23, 0x95, - 0x17, 0xb2, 0x47, 0x70, 0x70, 0x92, 0x9a, 0x9d, 0x90, 0x28, 0x36, 0x40, 0x51, 0x00, 0xa5, 0x2e, - 0x71, 0xfa, 0xac, 0xab, 0xca, 0xd9, 0xf3, 0x53, 0xc0, 0x5f, 0x15, 0x8a, 0xb2, 0x25, 0x54, 0x52, - 0xb1, 0x82, 0x41, 0xdf, 0xb2, 0x60, 0x31, 0xa9, 0x6e, 0x5c, 0x96, 0x2c, 0x17, 0xa7, 0xee, 0xb2, - 0x6f, 0xa5, 0x14, 0x36, 0x10, 0x4f, 0x63, 0x69, 0x1a, 0xce, 0x80, 0xa2, 0x6f, 0x5a, 0x00, 0x6e, - 0x5c, 0x4d, 0x65, 0x3e, 0xa8, 0x9e, 0xbf, 0x35, 0x9b, 0x13, 0x95, 0x54, 0x69, 0xed, 0xfe, 0x84, - 0x44, 0xb1, 0x01, 0x6b, 0xbf, 0x63, 0xc1, 0x53, 0xc6, 0x87, 0x2f, 0x39, 0xcc, 0xed, 0x5e, 0x1e, - 0xf1, 0x34, 0xbd, 0x99, 0xaa, 0xef, 0x9f, 0x31, 0xeb, 0xfb, 0x7b, 0xbb, 0xab, 0x1f, 0x3d, 0x68, - 0x8c, 0xba, 0xcb, 0x35, 0xd4, 0x84, 0x0a, 0xa3, 0x15, 0x78, 0x1d, 0xaa, 0x86, 0xcd, 0x2a, 0x7d, - 0xcc, 0xaa, 0x00, 0x26, 0x39, 0xc3, 0x20, 0x62, 0x13, 0xcf, 0xfe, 0x4b, 0x0e, 0xe6, 0x9a, 0xfd, - 0x21, 0x65, 0x24, 0x3a, 0x72, 0x43, 0xb1, 0x06, 0x05, 0xde, 0x2c, 0x64, 0xeb, 0x1f, 0xef, 0x25, - 0xb0, 0xe0, 0xa0, 0x10, 0x4a, 0x6e, 0xe0, 0xef, 0x78, 0x1d, 0xd5, 0x02, 0x5e, 0x9d, 0xe6, 0xe4, - 0x48, 0xeb, 0x9a, 0x42, 0x9f, 0xb6, 0x49, 0xbe, 0x63, 0x85, 0x83, 0x7e, 0x60, 0xc1, 0x92, 0x1b, - 0xf8, 0x3e, 0x71, 0x75, 0xf0, 0x16, 0xa6, 0x6e, 0x77, 0x9b, 0x69, 0x8d, 0x8d, 0x0f, 0x28, 0xf4, - 0xa5, 0x0c, 0x03, 0x67, 0xb1, 0xed, 0x5f, 0xe7, 0x60, 0x21, 0x65, 0x39, 0x7a, 0x16, 0xca, 0x43, - 0x4a, 0x22, 0xe1, 0x39, 0xe9, 0xdf, 0xa4, 0x23, 0x7a, 0x41, 0xd1, 0x71, 0x22, 0xc1, 0xa5, 0x43, - 0x87, 0xd2, 0xbb, 0x41, 0xd4, 0x56, 0x7e, 0x4e, 0xa4, 0xb7, 0x14, 0x1d, 0x27, 0x12, 0xbc, 0xdf, - 0xb8, 0x4d, 0x9c, 0x88, 0x44, 0xdb, 0x41, 0x8f, 0x4c, 0x8c, 0x3d, 0x0d, 0xcd, 0xc2, 0xa6, 0x9c, - 0x70, 0x1a, 0xeb, 0xd3, 0x66, 0xdf, 0x23, 0x3e, 0x93, 0x66, 0xce, 0xc0, 0x69, 0xdb, 0xd7, 0x5b, - 0xa6, 0x46, 0xed, 0xb4, 0x0c, 0x03, 0x67, 0xb1, 0xed, 0x3f, 0x5b, 0x50, 0x55, 0x4e, 0x7b, 0x0c, - 0x4d, 0x67, 0x27, 0xdd, 0x74, 0x36, 0xa6, 0x8f, 0xd1, 0x03, 0x1a, 0xce, 0x5f, 0xe6, 0x61, 0xa2, - 0xd2, 0xa1, 0x57, 0x79, 0x8e, 0xe3, 0x34, 0xd2, 0xbe, 0x14, 0x17, 0xd9, 0x8f, 0x1f, 0x6d, 0x75, - 0xdb, 0xde, 0x80, 0x98, 0xe9, 0x2b, 0xd6, 0x82, 0x0d, 0x8d, 0xe8, 0x0d, 0x4b, 0x03, 0x6c, 0x07, - 0x2a, 0xaf, 0xcc, 0xb6, 0x25, 0x9a, 0x30, 0x61, 0x3b, 0xc0, 0x06, 0x26, 0xfa, 0x5c, 0x32, 0x08, - 0x16, 0x45, 0x40, 0xda, 0xe9, 0xd1, 0xed, 0xbd, 0x54, 0x03, 0x90, 0x19, 0xe7, 0xc6, 0x50, 0x89, - 0x88, 0x6c, 0xb1, 0xe2, 0x0a, 0x30, 0x4d, 0x12, 0xc1, 0x4a, 0x97, 0x3c, 0xc6, 0xc9, 0xf8, 0x13, - 0x93, 0x29, 0xd6, 0x68, 0xf6, 0xf7, 0x2d, 0x40, 0x93, 0xe5, 0x9a, 0x8f, 0x51, 0x49, 0x13, 0xab, - 0x0e, 0x70, 0xa2, 0x27, 0x11, 0xc7, 0x5a, 0xe6, 0x08, 0x69, 0xf2, 0x0c, 0x14, 0x45, 0x53, 0xab, - 0x0e, 0x6c, 0x12, 0x3d, 0xa2, 0xed, 0xc5, 0x92, 0x67, 0xff, 0xc1, 0x82, 0x6c, 0xba, 0x11, 0x99, - 0x5a, 0x7a, 0x36, 0x9b, 0xa9, 0xd3, 0x5e, 0x3c, 0xfa, 0x9c, 0x89, 0x5e, 0x81, 0xaa, 0xc3, 0x18, - 0x19, 0x84, 0x4c, 0x04, 0x64, 0xfe, 0xd8, 0x01, 0xb9, 0xc8, 0x23, 0xe1, 0x46, 0xd0, 0xf6, 0x76, - 0x3c, 0x11, 0x8c, 0xa6, 0x3a, 0xfb, 0xdd, 0x3c, 0x2c, 0xa6, 0x9b, 0x2f, 0x34, 0x84, 0x92, 0x68, - 0x76, 0xe4, 0x35, 0xd3, 0xcc, 0xbb, 0xab, 0xc4, 0x25, 0x82, 0x44, 0xb1, 0x02, 0xe3, 0x89, 0x35, - 0x8a, 0xa7, 0xab, 0x4c, 0x62, 0x4d, 0xe6, 0xaa, 0x44, 0xe2, 0xd0, 0x89, 0x2a, 0xff, 0xff, 0x39, - 0x51, 0xbd, 0x0a, 0xd0, 0x16, 0xde, 0x16, 0x7b, 0x59, 0x78, 0xf8, 0xe4, 0xb2, 0x9e, 0x68, 0xc1, - 0x86, 0x46, 0x74, 0x1a, 0x72, 0x5e, 0x5b, 0x9c, 0xea, 0x7c, 0x03, 0x94, 0x6c, 0x6e, 0x63, 0x1d, - 0xe7, 0xbc, 0xb6, 0x4d, 0x61, 0xde, 0xec, 0x36, 0x8f, 0x1c, 0xab, 0x9f, 0x87, 0x05, 0xf9, 0xb4, - 0x4e, 0x98, 0xe3, 0xf5, 0xa9, 0xda, 0x9d, 0xa7, 0x94, 0xf8, 0x42, 0xcb, 0x64, 0xe2, 0xb4, 0xac, - 0xfd, 0xd3, 0x1c, 0xc0, 0xd5, 0x20, 0xe8, 0x29, 0xcc, 0xf8, 0xe8, 0x59, 0x07, 0x1e, 0xbd, 0x35, - 0x28, 0xf4, 0x3c, 0xbf, 0x9d, 0x3d, 0x9c, 0x9b, 0x9e, 0xdf, 0xc6, 0x82, 0x83, 0xce, 0x03, 0x38, - 0xa1, 0xf7, 0x22, 0x89, 0xa8, 0xbe, 0x49, 0x4c, 0xfc, 0x72, 0x69, 0x6b, 0x43, 0x71, 0xb0, 0x21, - 0x85, 0x9e, 0x55, 0x9d, 0xa1, 0x1c, 0xdb, 0x97, 0x33, 0x9d, 0x61, 0x99, 0x5b, 0x68, 0xb4, 0x7e, - 0x17, 0x33, 0xf9, 0x71, 0x6d, 0x22, 0x3f, 0xea, 0x4e, 0x79, 0xab, 0xeb, 0x50, 0xb2, 0xdf, 0xb9, - 0x2e, 0x1d, 0x72, 0x7f, 0xd4, 0x82, 0xf2, 0xb5, 0x97, 0xb6, 0x65, 0xbd, 0xb7, 0x21, 0xef, 0x39, - 0x32, 0x79, 0xe5, 0x75, 0xd8, 0x6f, 0x50, 0x3a, 0x14, 0x3b, 0xcc, 0x99, 0xe8, 0x0c, 0xe4, 0xc9, - 0xbd, 0x50, 0xf8, 0x25, 0xaf, 0x13, 0xdc, 0xe5, 0x7b, 0xa1, 0x17, 0x11, 0xca, 0x85, 0xc8, 0xbd, - 0xd0, 0xfe, 0xa7, 0x05, 0xfa, 0x4a, 0x0c, 0xed, 0x40, 0x81, 0x8e, 0x7d, 0x57, 0x15, 0xb1, 0x69, - 0xd2, 0x74, 0x6b, 0xec, 0xbb, 0xfa, 0xe6, 0xad, 0x2c, 0x2e, 0x16, 0xc7, 0xbe, 0x8b, 0x85, 0x7e, - 0x34, 0x82, 0x72, 0x14, 0xf4, 0xfb, 0xb7, 0x1d, 0xb7, 0x37, 0x83, 0x7a, 0x86, 0x95, 0x2a, 0x8d, - 0x37, 0x2f, 0x92, 0x80, 0x22, 0xe3, 0x04, 0xcb, 0xfe, 0x55, 0x11, 0x32, 0x23, 0x0b, 0x1a, 0x9a, - 0xb7, 0x8d, 0xd6, 0x0c, 0x6f, 0x1b, 0x13, 0x8f, 0xef, 0x77, 0xe3, 0x88, 0x2e, 0x40, 0x31, 0xe4, - 0x81, 0xa0, 0xc2, 0x76, 0x35, 0x2e, 0x18, 0x22, 0x3a, 0xf6, 0x89, 0x17, 0x29, 0x6d, 0x86, 0x4b, - 0xfe, 0x90, 0x32, 0xf0, 0x75, 0x00, 0xee, 0x6b, 0x35, 0xfb, 0xcb, 0xcc, 0x71, 0x73, 0x56, 0x3b, - 0xaa, 0xc6, 0x7f, 0x51, 0x29, 0x5a, 0x09, 0x0a, 0x36, 0x10, 0xd1, 0x77, 0x2d, 0x58, 0x8c, 0x1d, - 0xaf, 0x8c, 0x28, 0x3e, 0x12, 0x23, 0xc4, 0x20, 0x8a, 0x53, 0x48, 0x38, 0x83, 0x8c, 0xbe, 0x0c, - 0x15, 0xca, 0x9c, 0x48, 0x56, 0xc4, 0xd2, 0xb1, 0xb3, 0x68, 0xb2, 0x97, 0xad, 0x58, 0x09, 0xd6, - 0xfa, 0xd0, 0xcb, 0x00, 0x3b, 0x9e, 0xef, 0xd1, 0xae, 0xd0, 0x3e, 0xf7, 0x70, 0xf5, 0xf6, 0x4a, - 0xa2, 0x01, 0x1b, 0xda, 0xec, 0x3f, 0x59, 0x50, 0x35, 0x7e, 0x44, 0x1c, 0x21, 0x1f, 0x9e, 0x85, - 0x72, 0x18, 0xf4, 0x3d, 0xd7, 0x23, 0xb2, 0x1f, 0xae, 0xc8, 0xd3, 0xb0, 0xa5, 0x68, 0x38, 0xe1, - 0x22, 0x06, 0x95, 0x3b, 0x77, 0x99, 0x48, 0x28, 0x71, 0xfd, 0x6b, 0x4e, 0xb1, 0x37, 0x71, 0x72, - 0xd2, 0xde, 0x8a, 0x29, 0x14, 0x6b, 0x20, 0xfb, 0xaf, 0x39, 0x00, 0xf1, 0xc3, 0xc9, 0x13, 0xf7, - 0x33, 0x6b, 0x50, 0x88, 0x48, 0x18, 0x64, 0x17, 0xc4, 0x25, 0xb0, 0xe0, 0xa4, 0xc6, 0xad, 0xdc, - 0xb1, 0xc6, 0xad, 0xfc, 0xa1, 0xe3, 0x16, 0x2f, 0x55, 0xb4, 0xbb, 0x15, 0x79, 0x23, 0x87, 0x91, - 0x4d, 0x32, 0x56, 0xf9, 0x5e, 0x97, 0xaa, 0xd6, 0x55, 0xcd, 0xc4, 0x69, 0xd9, 0x7d, 0x27, 0xd5, - 0xe2, 0xff, 0x70, 0x52, 0x7d, 0xdb, 0x82, 0x45, 0xed, 0xd9, 0xf7, 0xd7, 0x3f, 0x4e, 0x6d, 0xf7, - 0x01, 0xa3, 0xd7, 0xbf, 0x2c, 0x58, 0x8a, 0x9b, 0x7c, 0xd5, 0x2b, 0xcc, 0xa4, 0x39, 0x48, 0xfd, - 0x53, 0xc9, 0x1f, 0xfe, 0x4f, 0xc5, 0x4c, 0xc1, 0x85, 0x43, 0x52, 0xf0, 0x17, 0x32, 0x6d, 0xc1, - 0x87, 0x26, 0xda, 0x02, 0x94, 0x8c, 0x33, 0x63, 0xdf, 0x4d, 0xb7, 0x51, 0xf6, 0x2f, 0x2c, 0x98, - 0x8f, 0xd9, 0x37, 0x83, 0xb6, 0x18, 0x32, 0xa8, 0x08, 0x32, 0x2b, 0x3d, 0x64, 0xc8, 0x70, 0x90, - 0x3c, 0x34, 0x84, 0xb2, 0xdb, 0xf5, 0xfa, 0xed, 0x88, 0xf8, 0x6a, 0x5b, 0x9e, 0x9f, 0xc1, 0xb4, - 0xc5, 0xf1, 0x75, 0x28, 0x34, 0x15, 0x00, 0x4e, 0xa0, 0xec, 0xdf, 0xe6, 0x61, 0x21, 0x35, 0x9a, - 0xa1, 0x0b, 0x50, 0x95, 0x3f, 0x35, 0x5a, 0x86, 0xcd, 0xc9, 0x4d, 0xc6, 0xb6, 0x66, 0x61, 0x53, - 0x8e, 0xef, 0x47, 0xdf, 0x1b, 0x49, 0x1d, 0xd9, 0x7f, 0x5c, 0xd7, 0x63, 0x06, 0xd6, 0x32, 0xc6, - 0x6c, 0x9a, 0x3f, 0xf6, 0x6c, 0xfa, 0x63, 0x0b, 0x90, 0x58, 0x02, 0xd7, 0x9c, 0x8c, 0x90, 0xea, - 0xdf, 0xf1, 0xcc, 0xfc, 0x76, 0x5a, 0x59, 0x84, 0x9a, 0x13, 0x50, 0x78, 0x1f, 0x78, 0xe3, 0xba, - 0xb8, 0xf8, 0x58, 0xae, 0x8b, 0xed, 0xaf, 0xc1, 0xa9, 0x89, 0x1e, 0x4a, 0x4d, 0x06, 0xd6, 0x7e, - 0x93, 0x01, 0x8f, 0xc4, 0x30, 0x1a, 0xfa, 0x72, 0x83, 0xca, 0x3a, 0x12, 0xb7, 0x38, 0x11, 0x4b, - 0x1e, 0x1f, 0x17, 0xda, 0xd1, 0x18, 0x0f, 0x65, 0xcb, 0x5d, 0xd6, 0xe8, 0xeb, 0x82, 0x8a, 0x15, - 0xd7, 0xfe, 0x4e, 0x0e, 0x16, 0x52, 0x75, 0x3d, 0x35, 0xd9, 0x59, 0x87, 0x4e, 0x76, 0xb3, 0x34, - 0x06, 0xbd, 0x0e, 0xf3, 0x54, 0x1c, 0xc5, 0xc8, 0x61, 0xa4, 0x33, 0x9e, 0xc1, 0x85, 0x7d, 0xcb, - 0x50, 0xd7, 0x38, 0xb9, 0xb7, 0xbb, 0x3a, 0x6f, 0x52, 0x70, 0x0a, 0xce, 0xfe, 0x79, 0x0e, 0x9e, - 0xd8, 0xa7, 0xc7, 0x41, 0x77, 0xcd, 0x4b, 0x14, 0x39, 0x65, 0x5f, 0x9b, 0x41, 0x78, 0xaa, 0x44, - 0x2a, 0xff, 0x8c, 0xef, 0x77, 0x85, 0x72, 0xcc, 0x21, 0x7b, 0x07, 0x8a, 0xdd, 0x20, 0xe8, 0xc5, - 0xdd, 0xc4, 0x34, 0x05, 0x41, 0xcf, 0x80, 0x8d, 0x0a, 0xdf, 0x4d, 0xfe, 0x4e, 0xb1, 0x54, 0x6f, - 0xbf, 0x6b, 0x41, 0xca, 0x8b, 0x68, 0x00, 0x45, 0xae, 0x65, 0x3c, 0x83, 0x1f, 0x86, 0xa6, 0xde, - 0x4b, 0x5c, 0xa7, 0xc4, 0x17, 0x8f, 0x58, 0xa2, 0x20, 0x0f, 0x0a, 0xdc, 0x10, 0x35, 0xbb, 0x6c, - 0xce, 0x08, 0x8d, 0x2f, 0x51, 0x8e, 0x4a, 0xfc, 0x09, 0x0b, 0x08, 0xfb, 0x22, 0x9c, 0x9a, 0xb0, - 0x88, 0x87, 0xfc, 0x4e, 0x10, 0xff, 0x1f, 0x35, 0x42, 0xfe, 0x0a, 0x27, 0x62, 0xc9, 0xe3, 0xf5, - 0xe3, 0x64, 0x56, 0x3d, 0xfa, 0x89, 0x05, 0xa7, 0x68, 0x56, 0xdf, 0x23, 0xf1, 0xda, 0x07, 0x95, - 0x51, 0x93, 0xe6, 0xe3, 0x49, 0x0b, 0xf8, 0x8e, 0x66, 0x6f, 0x95, 0x79, 0xec, 0x79, 0x3e, 0x25, - 0xee, 0x30, 0x8a, 0x17, 0xaa, 0x27, 0x5d, 0x45, 0xc7, 0x89, 0x04, 0x9f, 0xf2, 0xe5, 0x5f, 0x8d, - 0x9b, 0xba, 0x51, 0x4c, 0xa6, 0xfc, 0x56, 0xc2, 0xc1, 0x86, 0x14, 0xef, 0x95, 0x5d, 0x12, 0xb1, - 0x75, 0xde, 0x1e, 0xf1, 0xbc, 0x30, 0x2f, 0x7b, 0xe5, 0xa6, 0xa2, 0xe1, 0x84, 0x8b, 0x3e, 0x0c, - 0x73, 0x3d, 0x32, 0x16, 0x82, 0x05, 0x21, 0x58, 0xe5, 0x15, 0x7f, 0x53, 0x92, 0x70, 0xcc, 0x43, - 0x36, 0x94, 0x5c, 0x47, 0x48, 0x15, 0x85, 0x14, 0x88, 0x1f, 0x1c, 0x97, 0x84, 0x90, 0xe2, 0x34, - 0x6a, 0xf7, 0x1f, 0xac, 0x9c, 0x78, 0xf3, 0xc1, 0xca, 0x89, 0xb7, 0x1e, 0xac, 0x9c, 0x78, 0x63, - 0x6f, 0xc5, 0xba, 0xbf, 0xb7, 0x62, 0xbd, 0xb9, 0xb7, 0x62, 0xbd, 0xb5, 0xb7, 0x62, 0xfd, 0x63, - 0x6f, 0xc5, 0xfa, 0xe1, 0x3b, 0x2b, 0x27, 0x5e, 0x2e, 0xc7, 0xae, 0xfd, 0x4f, 0x00, 0x00, 0x00, - 0xff, 0xff, 0x2d, 0x35, 0xcf, 0x09, 0x22, 0x29, 0x00, 0x00, + 0xf9, 0x77, 0xcf, 0x6b, 0x67, 0xbe, 0xd9, 0x87, 0x5d, 0x79, 0xfc, 0xf7, 0xef, 0x48, 0xbb, 0xab, + 0x36, 0x0f, 0x83, 0x92, 0x19, 0xbc, 0x10, 0x30, 0x0f, 0x21, 0x79, 0x66, 0xed, 0x78, 0xbd, 0x7e, + 0x2c, 0x35, 0x9b, 0x44, 0x0a, 0x51, 0xa0, 0xdd, 0x53, 0x3b, 0xd3, 0x9e, 0x99, 0xee, 0x4e, 0x57, + 0xcd, 0xd8, 0x23, 0x11, 0x14, 0x84, 0x40, 0x3c, 0x25, 0x10, 0x42, 0x5c, 0x39, 0x70, 0x42, 0x48, + 0x48, 0x88, 0x13, 0x12, 0x07, 0x38, 0x20, 0x1f, 0x73, 0x00, 0x11, 0x05, 0xb4, 0xc2, 0x9b, 0x4b, + 0x24, 0x0e, 0x9c, 0xb8, 0xe4, 0x84, 0xea, 0xd1, 0x5d, 0xd5, 0x3d, 0xbb, 0xec, 0xae, 0x67, 0x6c, + 0xe0, 0xd6, 0xfd, 0x7d, 0x5f, 0x7f, 0xbf, 0xaf, 0xbf, 0xfa, 0xea, 0x7b, 0x54, 0xc1, 0x66, 0xc7, + 0x63, 0xdd, 0xe1, 0xed, 0x9a, 0x1b, 0x0c, 0xea, 0x4e, 0xd4, 0x09, 0xc2, 0x28, 0xb8, 0x23, 0x1e, + 0x9e, 0x73, 0xdb, 0xf5, 0xb0, 0xd7, 0xa9, 0x3b, 0xa1, 0x47, 0xeb, 0x4e, 0x18, 0xf6, 0x3d, 0xd7, + 0x61, 0x5e, 0xe0, 0xd7, 0x47, 0x17, 0x9c, 0x7e, 0xd8, 0x75, 0x2e, 0xd4, 0x3b, 0xc4, 0x27, 0x91, + 0xc3, 0x48, 0xbb, 0x16, 0x46, 0x01, 0x0b, 0xd0, 0xa7, 0xb5, 0xaa, 0x5a, 0xac, 0x4a, 0x3c, 0x7c, + 0xc9, 0x6d, 0xd7, 0xc2, 0x5e, 0xa7, 0xc6, 0x55, 0xd5, 0x0c, 0x55, 0xb5, 0x58, 0xd5, 0xd9, 0xe7, + 0x0c, 0x2b, 0x3a, 0x41, 0x27, 0xa8, 0x0b, 0x8d, 0xb7, 0x87, 0xbb, 0xe2, 0x4d, 0xbc, 0x88, 0x27, + 0x89, 0x74, 0xf6, 0x13, 0xbd, 0x8b, 0xb4, 0xe6, 0x05, 0xdc, 0xb6, 0x81, 0xe3, 0x76, 0x3d, 0x9f, + 0x44, 0x63, 0x6d, 0xec, 0x80, 0x30, 0xa7, 0x3e, 0x9a, 0xb0, 0xef, 0x6c, 0xfd, 0xb0, 0xaf, 0xa2, + 0xa1, 0xcf, 0xbc, 0x01, 0x99, 0xf8, 0xe0, 0x93, 0x47, 0x7d, 0x40, 0xdd, 0x2e, 0x19, 0x38, 0x13, + 0xdf, 0x7d, 0xfc, 0xb0, 0xef, 0x86, 0xcc, 0xeb, 0xd7, 0x3d, 0x9f, 0x51, 0x16, 0x65, 0x3f, 0xb2, + 0xff, 0x62, 0x01, 0x5c, 0x0a, 0xc3, 0xed, 0x28, 0xb8, 0x43, 0x5c, 0x86, 0xbe, 0x0c, 0x65, 0xfe, + 0x1f, 0x6d, 0x87, 0x39, 0xcb, 0xd6, 0x9a, 0x75, 0xbe, 0xba, 0xfe, 0xb1, 0x9a, 0x54, 0x5b, 0x33, + 0xd5, 0x6a, 0xbf, 0x72, 0xe9, 0xda, 0xe8, 0x42, 0xed, 0xd6, 0x6d, 0xfe, 0xfd, 0x0d, 0xc2, 0x9c, + 0x06, 0xba, 0xbf, 0xb7, 0x7a, 0x6a, 0x7f, 0x6f, 0x15, 0x34, 0x0d, 0x27, 0x5a, 0x51, 0x0f, 0x0a, + 0x34, 0x24, 0xee, 0x72, 0x4e, 0x68, 0xdf, 0xac, 0x3d, 0xf4, 0xea, 0xd5, 0xb4, 0xd9, 0xad, 0x90, + 0xb8, 0x8d, 0x79, 0x05, 0x5b, 0xe0, 0x6f, 0x58, 0x80, 0xd8, 0xef, 0x58, 0xb0, 0xa8, 0xc5, 0xae, + 0x7b, 0x94, 0xa1, 0x57, 0x27, 0xfe, 0xb0, 0x76, 0xbc, 0x3f, 0xe4, 0x5f, 0x8b, 0xff, 0x3b, 0xad, + 0x80, 0xca, 0x31, 0xc5, 0xf8, 0xbb, 0x3b, 0x50, 0xf4, 0x18, 0x19, 0xd0, 0xe5, 0xdc, 0x5a, 0xfe, + 0x7c, 0x75, 0xfd, 0xf2, 0x4c, 0x7e, 0xaf, 0xb1, 0xa0, 0x10, 0x8b, 0x9b, 0x5c, 0x37, 0x96, 0x10, + 0xf6, 0x3f, 0x73, 0xe6, 0xcf, 0xf1, 0xbf, 0x46, 0x17, 0xa0, 0x4a, 0x83, 0x61, 0xe4, 0x12, 0x4c, + 0xc2, 0x80, 0x2e, 0x5b, 0x6b, 0xf9, 0xf3, 0x95, 0xc6, 0xd2, 0xfe, 0xde, 0x6a, 0xb5, 0xa5, 0xc9, + 0xd8, 0x94, 0x41, 0xdf, 0xb5, 0x60, 0xbe, 0x4d, 0x28, 0xf3, 0x7c, 0x81, 0x1f, 0x5b, 0xfe, 0x85, + 0xe9, 0x2c, 0x8f, 0x89, 0x1b, 0x5a, 0x73, 0xe3, 0x49, 0xf5, 0x17, 0xf3, 0x06, 0x91, 0xe2, 0x14, + 0x38, 0x7a, 0x1e, 0xaa, 0x6d, 0x42, 0xdd, 0xc8, 0x0b, 0xf9, 0xfb, 0x72, 0x7e, 0xcd, 0x3a, 0x5f, + 0x69, 0x3c, 0xa1, 0x3e, 0xac, 0x6e, 0x68, 0x16, 0x36, 0xe5, 0x50, 0x0f, 0x8a, 0x51, 0xd0, 0x27, + 0x74, 0xb9, 0x20, 0x8c, 0xbf, 0x32, 0x85, 0xf1, 0xca, 0x9d, 0x38, 0xe8, 0x13, 0xed, 0x77, 0xfe, + 0x46, 0xb1, 0xc4, 0xb0, 0xff, 0x90, 0x87, 0xaa, 0xf1, 0x8b, 0x8f, 0x61, 0xcf, 0xf4, 0x53, 0x7b, + 0xe6, 0xda, 0x6c, 0x96, 0xe6, 0xb0, 0x4d, 0x83, 0x18, 0x94, 0x28, 0x73, 0xd8, 0x90, 0x0a, 0xf7, + 0x57, 0xd7, 0xaf, 0xcf, 0x08, 0x4f, 0xe8, 0x6c, 0x2c, 0x2a, 0xc4, 0x92, 0x7c, 0xc7, 0x0a, 0x0b, + 0xbd, 0x0e, 0x95, 0x20, 0xe4, 0xa9, 0x89, 0xaf, 0x7b, 0x41, 0x00, 0x6f, 0x4c, 0x01, 0x7c, 0x2b, + 0xd6, 0xd5, 0x58, 0xd8, 0xdf, 0x5b, 0xad, 0x24, 0xaf, 0x58, 0xa3, 0xd8, 0x2e, 0x3c, 0x69, 0xd8, + 0xd7, 0x0c, 0xfc, 0xb6, 0x27, 0x16, 0x74, 0x0d, 0x0a, 0x6c, 0x1c, 0x12, 0xb1, 0x98, 0x15, 0xed, + 0xa2, 0x9d, 0x71, 0x48, 0xb0, 0xe0, 0xa0, 0x8f, 0xc0, 0xdc, 0x80, 0x50, 0xea, 0x74, 0x88, 0x58, + 0x93, 0x4a, 0x63, 0x49, 0x09, 0xcd, 0xdd, 0x90, 0x64, 0x1c, 0xf3, 0xed, 0xd7, 0xe1, 0xe9, 0x83, + 0xf7, 0x03, 0xfa, 0x10, 0x94, 0x28, 0x89, 0x46, 0x24, 0x52, 0x40, 0xda, 0x33, 0x82, 0x8a, 0x15, + 0x17, 0xd5, 0xa1, 0xe2, 0x3b, 0x03, 0x42, 0x43, 0xc7, 0x8d, 0xe1, 0xce, 0x28, 0xd1, 0xca, 0xcd, + 0x98, 0x81, 0xb5, 0x8c, 0xfd, 0x57, 0x0b, 0x96, 0x0c, 0xcc, 0xc7, 0x90, 0xf6, 0x7a, 0xe9, 0xb4, + 0x77, 0x65, 0x36, 0x11, 0x73, 0x48, 0xde, 0xfb, 0x5d, 0x1e, 0xce, 0x98, 0x71, 0x25, 0x92, 0x19, + 0x5f, 0x92, 0x88, 0x84, 0xc1, 0x8b, 0xf8, 0xba, 0x72, 0x67, 0xb2, 0x24, 0x58, 0x92, 0x71, 0xcc, + 0xe7, 0xeb, 0x1b, 0x3a, 0xac, 0xab, 0x7c, 0x99, 0xac, 0xef, 0xb6, 0xc3, 0xba, 0x58, 0x70, 0x78, + 0x1a, 0x22, 0xfe, 0xc8, 0x8b, 0x02, 0x7f, 0x40, 0x7c, 0x96, 0x4d, 0x43, 0x97, 0x35, 0x0b, 0x9b, + 0x72, 0xe8, 0xf3, 0xb0, 0xc8, 0x9c, 0xa8, 0x43, 0x18, 0x26, 0x23, 0x8f, 0xc6, 0x81, 0x5c, 0x69, + 0x3c, 0xad, 0xbe, 0x5c, 0xdc, 0x49, 0x71, 0x71, 0x46, 0x1a, 0xfd, 0xda, 0x82, 0x67, 0xdc, 0x60, + 0x10, 0x06, 0x3e, 0xf1, 0xd9, 0xb6, 0x13, 0x39, 0x03, 0xc2, 0x48, 0x74, 0x6b, 0x44, 0xa2, 0xc8, + 0x6b, 0x13, 0xba, 0x5c, 0x14, 0xde, 0xbd, 0x31, 0x85, 0x77, 0x9b, 0x13, 0xda, 0x1b, 0xe7, 0x94, + 0x71, 0xcf, 0x34, 0x0f, 0x47, 0xc6, 0xff, 0xce, 0x2c, 0x5e, 0x75, 0x46, 0x4e, 0x7f, 0x48, 0xe8, + 0x15, 0x8f, 0xe7, 0xe0, 0x92, 0xae, 0x3a, 0x2f, 0x69, 0x32, 0x36, 0x65, 0xec, 0xdf, 0xe6, 0x52, + 0x21, 0xda, 0x8a, 0xf3, 0x8e, 0x58, 0x4b, 0x15, 0xa0, 0xb3, 0xca, 0x3b, 0x42, 0xa7, 0xb1, 0xbb, + 0x64, 0xf1, 0x53, 0x58, 0xe8, 0x5b, 0x96, 0x28, 0x39, 0xf1, 0xae, 0x54, 0x39, 0xf6, 0x11, 0x94, + 0x3f, 0xb3, 0x8a, 0xc5, 0x44, 0x6c, 0x42, 0xf3, 0x10, 0x0e, 0x65, 0xf5, 0x51, 0x11, 0x97, 0x84, + 0x70, 0x5c, 0x94, 0x62, 0xbe, 0xfd, 0xd3, 0x52, 0x7a, 0x0f, 0xc8, 0x1c, 0xfa, 0x43, 0x0b, 0x4e, + 0xf3, 0x85, 0x72, 0x22, 0x8f, 0x06, 0x3e, 0x26, 0x74, 0xd8, 0x67, 0xca, 0x99, 0x5b, 0x53, 0x06, + 0x8d, 0xa9, 0xb2, 0xb1, 0xac, 0xec, 0x3a, 0x9d, 0xe5, 0xe0, 0x09, 0x78, 0xc4, 0x60, 0xae, 0xeb, + 0x51, 0x16, 0x44, 0x63, 0x95, 0x1c, 0xa6, 0x69, 0xf9, 0x36, 0x48, 0xd8, 0x0f, 0xc6, 0x7c, 0xaf, + 0x6d, 0xfa, 0xbb, 0x81, 0xf6, 0xcf, 0x55, 0x89, 0x80, 0x63, 0x28, 0xf4, 0x35, 0x0b, 0x20, 0x8c, + 0x23, 0x95, 0x17, 0xb2, 0x47, 0xb0, 0x71, 0x92, 0x9a, 0x9d, 0x90, 0x28, 0x36, 0x40, 0x51, 0x00, + 0xa5, 0x2e, 0x71, 0xfa, 0xac, 0xab, 0xca, 0xd9, 0x0b, 0x53, 0xc0, 0x5f, 0x15, 0x8a, 0xb2, 0x25, + 0x54, 0x52, 0xb1, 0x82, 0x41, 0xdf, 0xb0, 0x60, 0x31, 0xa9, 0x6e, 0x5c, 0x96, 0x2c, 0x17, 0xa7, + 0xee, 0xb2, 0x6f, 0xa5, 0x14, 0x36, 0x10, 0x4f, 0x63, 0x69, 0x1a, 0xce, 0x80, 0xa2, 0xaf, 0x5b, + 0x00, 0x6e, 0x5c, 0x4d, 0x65, 0x3e, 0xa8, 0xae, 0xdf, 0x9a, 0xcd, 0x8e, 0x4a, 0xaa, 0xb4, 0x76, + 0x7f, 0x42, 0xa2, 0xd8, 0x80, 0xb5, 0xdf, 0xb5, 0xe0, 0x29, 0xe3, 0xc3, 0x97, 0x1d, 0xe6, 0x76, + 0x2f, 0x8f, 0x78, 0x9a, 0xde, 0x4a, 0xd5, 0xf7, 0x4f, 0x99, 0xf5, 0xfd, 0xfd, 0xbd, 0xd5, 0x0f, + 0x1f, 0x36, 0x46, 0xdd, 0xe5, 0x1a, 0x6a, 0x42, 0x85, 0xd1, 0x0a, 0xbc, 0x01, 0x55, 0xc3, 0x66, + 0x95, 0x3e, 0x66, 0x55, 0x00, 0x93, 0x9c, 0x61, 0x10, 0xb1, 0x89, 0x67, 0xff, 0x29, 0x07, 0x73, + 0xcd, 0xfe, 0x90, 0x32, 0x12, 0x1d, 0xbb, 0xa1, 0x58, 0x83, 0x02, 0x6f, 0x16, 0xb2, 0xf5, 0x8f, + 0xf7, 0x12, 0x58, 0x70, 0x50, 0x08, 0x25, 0x37, 0xf0, 0x77, 0xbd, 0x8e, 0x6a, 0x01, 0xaf, 0x4e, + 0xb3, 0x73, 0xa4, 0x75, 0x4d, 0xa1, 0x4f, 0xdb, 0x24, 0xdf, 0xb1, 0xc2, 0x41, 0xdf, 0xb7, 0x60, + 0xc9, 0x0d, 0x7c, 0x9f, 0xb8, 0x3a, 0x78, 0x0b, 0x53, 0xb7, 0xbb, 0xcd, 0xb4, 0xc6, 0xc6, 0xff, + 0x29, 0xf4, 0xa5, 0x0c, 0x03, 0x67, 0xb1, 0xed, 0x5f, 0xe5, 0x60, 0x21, 0x65, 0x39, 0x7a, 0x16, + 0xca, 0x43, 0x4a, 0x22, 0xe1, 0x39, 0xe9, 0xdf, 0xa4, 0x23, 0x7a, 0x51, 0xd1, 0x71, 0x22, 0xc1, + 0xa5, 0x43, 0x87, 0xd2, 0xbb, 0x41, 0xd4, 0x56, 0x7e, 0x4e, 0xa4, 0xb7, 0x15, 0x1d, 0x27, 0x12, + 0xbc, 0xdf, 0xb8, 0x4d, 0x9c, 0x88, 0x44, 0x3b, 0x41, 0x8f, 0x4c, 0x8c, 0x3d, 0x0d, 0xcd, 0xc2, + 0xa6, 0x9c, 0x70, 0x1a, 0xeb, 0xd3, 0x66, 0xdf, 0x23, 0x3e, 0x93, 0x66, 0xce, 0xc0, 0x69, 0x3b, + 0xd7, 0x5b, 0xa6, 0x46, 0xed, 0xb4, 0x0c, 0x03, 0x67, 0xb1, 0xed, 0x3f, 0x5a, 0x50, 0x55, 0x4e, + 0x7b, 0x0c, 0x4d, 0x67, 0x27, 0xdd, 0x74, 0x36, 0xa6, 0x8f, 0xd1, 0x43, 0x1a, 0xce, 0x5f, 0xe4, + 0x61, 0xa2, 0xd2, 0xa1, 0xd7, 0x78, 0x8e, 0xe3, 0x34, 0xd2, 0xbe, 0x14, 0x17, 0xd9, 0x8f, 0x1e, + 0xef, 0xef, 0x76, 0xbc, 0x01, 0x31, 0xd3, 0x57, 0xac, 0x05, 0x1b, 0x1a, 0xd1, 0x9b, 0x96, 0x06, + 0xd8, 0x09, 0x54, 0x5e, 0x99, 0x6d, 0x4b, 0x34, 0x61, 0xc2, 0x4e, 0x80, 0x0d, 0x4c, 0xf4, 0x99, + 0x64, 0x10, 0x2c, 0x8a, 0x80, 0xb4, 0xd3, 0xa3, 0xdb, 0xfb, 0xa9, 0x06, 0x20, 0x33, 0xce, 0x8d, + 0xa1, 0x12, 0x11, 0xd9, 0x62, 0xc5, 0x15, 0x60, 0x9a, 0x24, 0x82, 0x95, 0x2e, 0xb9, 0x8d, 0x93, + 0xf1, 0x27, 0x26, 0x53, 0xac, 0xd1, 0xec, 0xef, 0x59, 0x80, 0x26, 0xcb, 0x35, 0x1f, 0xa3, 0x92, + 0x26, 0x56, 0x6d, 0xe0, 0x44, 0x4f, 0x22, 0x8e, 0xb5, 0xcc, 0x31, 0xd2, 0xe4, 0x39, 0x28, 0x8a, + 0xa6, 0x56, 0x6d, 0xd8, 0x24, 0x7a, 0x44, 0xdb, 0x8b, 0x25, 0xcf, 0xfe, 0xbd, 0x05, 0xd9, 0x74, + 0x23, 0x32, 0xb5, 0xf4, 0x6c, 0x36, 0x53, 0xa7, 0xbd, 0x78, 0xfc, 0x39, 0x13, 0xbd, 0x0a, 0x55, + 0x87, 0x31, 0x32, 0x08, 0x99, 0x08, 0xc8, 0xfc, 0x89, 0x03, 0x72, 0x91, 0x47, 0xc2, 0x8d, 0xa0, + 0xed, 0xed, 0x7a, 0x22, 0x18, 0x4d, 0x75, 0xf6, 0x7b, 0x79, 0x58, 0x4c, 0x37, 0x5f, 0x68, 0x08, + 0x25, 0xd1, 0xec, 0xc8, 0x63, 0xa6, 0x99, 0x77, 0x57, 0x89, 0x4b, 0x04, 0x89, 0x62, 0x05, 0xc6, + 0x13, 0x6b, 0x14, 0x4f, 0x57, 0x99, 0xc4, 0x9a, 0xcc, 0x55, 0x89, 0xc4, 0x91, 0x13, 0x55, 0xfe, + 0xbf, 0x73, 0xa2, 0x7a, 0x0d, 0xa0, 0x2d, 0xbc, 0x2d, 0xd6, 0xb2, 0xf0, 0xf0, 0xc9, 0x65, 0x23, + 0xd1, 0x82, 0x0d, 0x8d, 0xe8, 0x2c, 0xe4, 0xbc, 0xb6, 0xd8, 0xd5, 0xf9, 0x06, 0x28, 0xd9, 0xdc, + 0xe6, 0x06, 0xce, 0x79, 0x6d, 0x9b, 0xc2, 0xbc, 0xd9, 0x6d, 0x1e, 0x3b, 0x56, 0x3f, 0x0b, 0x0b, + 0xf2, 0x69, 0x83, 0x30, 0xc7, 0xeb, 0x53, 0xb5, 0x3a, 0x4f, 0x29, 0xf1, 0x85, 0x96, 0xc9, 0xc4, + 0x69, 0x59, 0xfb, 0x27, 0x39, 0x80, 0xab, 0x41, 0xd0, 0x53, 0x98, 0xf1, 0xd6, 0xb3, 0x0e, 0xdd, + 0x7a, 0x6b, 0x50, 0xe8, 0x79, 0x7e, 0x3b, 0xbb, 0x39, 0xb7, 0x3c, 0xbf, 0x8d, 0x05, 0x07, 0xad, + 0x03, 0x38, 0xa1, 0xf7, 0x12, 0x89, 0xa8, 0x3e, 0x49, 0x4c, 0xfc, 0x72, 0x69, 0x7b, 0x53, 0x71, + 0xb0, 0x21, 0x85, 0x9e, 0x55, 0x9d, 0xa1, 0x1c, 0xdb, 0x97, 0x33, 0x9d, 0x61, 0x99, 0x5b, 0x68, + 0xb4, 0x7e, 0x17, 0x33, 0xf9, 0x71, 0x6d, 0x22, 0x3f, 0xea, 0x4e, 0x79, 0xbb, 0xeb, 0x50, 0x72, + 0xd0, 0xbe, 0x2e, 0x1d, 0x71, 0x7e, 0xd4, 0x82, 0xf2, 0xb5, 0x97, 0x77, 0x64, 0xbd, 0xb7, 0x21, + 0xef, 0x39, 0x32, 0x79, 0xe5, 0x75, 0xd8, 0x6f, 0x52, 0x3a, 0x14, 0x2b, 0xcc, 0x99, 0xe8, 0x1c, + 0xe4, 0xc9, 0xbd, 0x50, 0xf8, 0x25, 0xaf, 0x13, 0xdc, 0xe5, 0x7b, 0xa1, 0x17, 0x11, 0xca, 0x85, + 0xc8, 0xbd, 0xd0, 0xfe, 0xbb, 0x05, 0xfa, 0x48, 0x0c, 0xed, 0x42, 0x81, 0x8e, 0x7d, 0x57, 0x15, + 0xb1, 0x69, 0xd2, 0x74, 0x6b, 0xec, 0xbb, 0xfa, 0xe4, 0xad, 0x2c, 0x0e, 0x16, 0xc7, 0xbe, 0x8b, + 0x85, 0x7e, 0x34, 0x82, 0x72, 0x14, 0xf4, 0xfb, 0xb7, 0x1d, 0xb7, 0x37, 0x83, 0x7a, 0x86, 0x95, + 0x2a, 0x8d, 0x37, 0x2f, 0x92, 0x80, 0x22, 0xe3, 0x04, 0xcb, 0xfe, 0x65, 0x11, 0x32, 0x23, 0x0b, + 0x1a, 0x9a, 0xa7, 0x8d, 0xd6, 0x0c, 0x4f, 0x1b, 0x13, 0x8f, 0x1f, 0x74, 0xe2, 0x88, 0x9e, 0x87, + 0x62, 0xc8, 0x03, 0x41, 0x85, 0xed, 0x6a, 0x5c, 0x30, 0x44, 0x74, 0x1c, 0x10, 0x2f, 0x52, 0xda, + 0x0c, 0x97, 0xfc, 0x11, 0x65, 0xe0, 0xab, 0x00, 0xdc, 0xd7, 0x6a, 0xf6, 0x97, 0x99, 0xe3, 0xe6, + 0xac, 0x56, 0x54, 0x8d, 0xff, 0xa2, 0x52, 0xb4, 0x12, 0x14, 0x6c, 0x20, 0xa2, 0xef, 0x58, 0xb0, + 0x18, 0x3b, 0x5e, 0x19, 0x51, 0x7c, 0x24, 0x46, 0x88, 0x41, 0x14, 0xa7, 0x90, 0x70, 0x06, 0x19, + 0x7d, 0x11, 0x2a, 0x94, 0x39, 0x91, 0xac, 0x88, 0xa5, 0x13, 0x67, 0xd1, 0x64, 0x2d, 0x5b, 0xb1, + 0x12, 0xac, 0xf5, 0xa1, 0x57, 0x00, 0x76, 0x3d, 0xdf, 0xa3, 0x5d, 0xa1, 0x7d, 0xee, 0xe1, 0xea, + 0xed, 0x95, 0x44, 0x03, 0x36, 0xb4, 0xd9, 0xdf, 0xcc, 0x41, 0xd5, 0xb8, 0x88, 0x38, 0x46, 0x3e, + 0xcc, 0x5c, 0x9c, 0xe4, 0x8e, 0x79, 0x71, 0x72, 0x1e, 0xca, 0x61, 0xd0, 0xf7, 0x5c, 0x4f, 0xd5, + 0xc2, 0x8a, 0xdc, 0x44, 0xdb, 0x8a, 0x86, 0x13, 0x2e, 0x62, 0x50, 0xb9, 0x73, 0x97, 0x89, 0x3c, + 0x14, 0x5f, 0xb3, 0x34, 0xa7, 0x58, 0xd2, 0x38, 0xa7, 0x69, 0x27, 0xc7, 0x14, 0x8a, 0x35, 0x90, + 0xfd, 0xe7, 0x1c, 0x80, 0xb8, 0xa7, 0xf2, 0xc4, 0xb1, 0xce, 0x1a, 0x14, 0x22, 0x12, 0x06, 0x59, + 0x3f, 0x70, 0x09, 0x2c, 0x38, 0xa9, 0x29, 0x2d, 0x77, 0xa2, 0x29, 0x2d, 0x7f, 0xe4, 0x94, 0xc6, + 0x2b, 0x1c, 0xed, 0x6e, 0x47, 0xde, 0xc8, 0x61, 0x64, 0x8b, 0x8c, 0x55, 0x99, 0xd0, 0x15, 0xae, + 0x75, 0x55, 0x33, 0x71, 0x5a, 0xf6, 0xc0, 0x01, 0xb7, 0xf8, 0x1f, 0x1c, 0x70, 0xdf, 0xb1, 0x60, + 0x51, 0x7b, 0xf6, 0x7f, 0xeb, 0x6a, 0x54, 0xdb, 0x7d, 0xc8, 0xc4, 0xf6, 0x0f, 0x0b, 0x96, 0xe2, + 0xd9, 0x40, 0xb5, 0x18, 0x33, 0xe9, 0x29, 0x52, 0x57, 0x31, 0xf9, 0xa3, 0xaf, 0x62, 0xcc, 0xcc, + 0x5d, 0x38, 0x22, 0x73, 0x7f, 0x2e, 0xd3, 0x4d, 0x7c, 0x60, 0xa2, 0x9b, 0x40, 0xc9, 0x14, 0x34, + 0xf6, 0xdd, 0x74, 0xf7, 0x65, 0xff, 0xdc, 0x82, 0xf9, 0x98, 0x7d, 0x33, 0x68, 0x8b, 0xd9, 0x84, + 0x8a, 0x20, 0xb3, 0xd2, 0xb3, 0x89, 0x0c, 0x07, 0xc9, 0x43, 0x43, 0x28, 0xbb, 0x5d, 0xaf, 0xdf, + 0x8e, 0x88, 0xaf, 0x96, 0xe5, 0x85, 0x19, 0x0c, 0x69, 0x1c, 0x5f, 0x87, 0x42, 0x53, 0x01, 0xe0, + 0x04, 0xca, 0xfe, 0x4d, 0x1e, 0x16, 0x52, 0x13, 0x1d, 0x4f, 0x5f, 0xf2, 0x2e, 0xa4, 0x65, 0xd8, + 0x9c, 0xa4, 0xaf, 0x1d, 0xcd, 0xc2, 0xa6, 0x1c, 0x5f, 0x8f, 0xbe, 0x37, 0x92, 0x3a, 0xb2, 0x57, + 0x63, 0xd7, 0x63, 0x06, 0xd6, 0x32, 0xc6, 0x48, 0x9b, 0x3f, 0xf1, 0x48, 0xfb, 0x23, 0x0b, 0x90, + 0xf8, 0x05, 0xae, 0x39, 0x99, 0x3c, 0x55, 0x2e, 0x9c, 0x99, 0xdf, 0xce, 0x2a, 0x8b, 0x50, 0x73, + 0x02, 0x0a, 0x1f, 0x00, 0x6f, 0x9c, 0x32, 0x17, 0x1f, 0xcb, 0x29, 0xb3, 0xfd, 0x15, 0x38, 0x33, + 0xd1, 0x7a, 0xa9, 0x81, 0xc2, 0x3a, 0x68, 0xa0, 0xe0, 0x91, 0x18, 0x46, 0x43, 0x5f, 0x2e, 0x50, + 0x59, 0x47, 0xe2, 0x36, 0x27, 0x62, 0xc9, 0xe3, 0x53, 0x46, 0x3b, 0x1a, 0xe3, 0xa1, 0xec, 0xd4, + 0xcb, 0x1a, 0x7d, 0x43, 0x50, 0xb1, 0xe2, 0xda, 0xdf, 0xce, 0xc1, 0x42, 0xaa, 0x1d, 0x48, 0x0d, + 0x84, 0xd6, 0x91, 0x03, 0xe1, 0x2c, 0x8d, 0x41, 0x6f, 0xc0, 0x3c, 0x15, 0x5b, 0x31, 0x72, 0x18, + 0xe9, 0x8c, 0x67, 0x70, 0xce, 0xdf, 0x32, 0xd4, 0x35, 0x4e, 0xef, 0xef, 0xad, 0xce, 0x9b, 0x14, + 0x9c, 0x82, 0xb3, 0x7f, 0x96, 0x83, 0x27, 0x0e, 0x68, 0x8d, 0xd0, 0x5d, 0xf3, 0xec, 0x45, 0x0e, + 0xe7, 0xd7, 0x66, 0x10, 0x9e, 0x2a, 0x91, 0xca, 0x0b, 0xf5, 0x83, 0x4e, 0x5e, 0x4e, 0x38, 0x9b, + 0xef, 0x42, 0xb1, 0x1b, 0x04, 0xbd, 0x78, 0x08, 0x9f, 0xa6, 0x20, 0xe8, 0xd1, 0xb1, 0x51, 0xe1, + 0xab, 0xc9, 0xdf, 0x29, 0x96, 0xea, 0xed, 0xf7, 0x2c, 0x48, 0x79, 0x11, 0x0d, 0xa0, 0xc8, 0xb5, + 0x8c, 0x67, 0x70, 0xcf, 0x68, 0xea, 0xbd, 0xc4, 0x75, 0x4a, 0x7c, 0xf1, 0x88, 0x25, 0x0a, 0xf2, + 0xa0, 0xc0, 0x0d, 0x51, 0x23, 0xcf, 0xd6, 0x8c, 0xd0, 0xf8, 0x2f, 0xca, 0x09, 0x8b, 0x3f, 0x61, + 0x01, 0x61, 0x5f, 0x84, 0x33, 0x13, 0x16, 0xf1, 0x90, 0xdf, 0x0d, 0xe2, 0x6b, 0x55, 0x23, 0xe4, + 0xaf, 0x70, 0x22, 0x96, 0x3c, 0x5e, 0x3f, 0x4e, 0x67, 0xd5, 0xa3, 0x1f, 0x5b, 0x70, 0x86, 0x66, + 0xf5, 0x3d, 0x12, 0xaf, 0xfd, 0xbf, 0x32, 0x6a, 0xd2, 0x7c, 0x3c, 0x69, 0x01, 0x5f, 0xd1, 0xec, + 0x61, 0x34, 0x8f, 0x3d, 0xcf, 0xa7, 0xc4, 0x1d, 0x46, 0xf1, 0x8f, 0xea, 0x01, 0x59, 0xd1, 0x71, + 0x22, 0x81, 0xd6, 0x01, 0xe4, 0x65, 0xc8, 0x4d, 0xdd, 0x28, 0x26, 0x87, 0x03, 0xad, 0x84, 0x83, + 0x0d, 0x29, 0xde, 0x2b, 0xbb, 0x24, 0x62, 0x1b, 0xbc, 0x3d, 0xe2, 0x79, 0x61, 0x5e, 0xf6, 0xca, + 0x4d, 0x45, 0xc3, 0x09, 0x17, 0x7d, 0x10, 0xe6, 0x7a, 0x64, 0x2c, 0x04, 0x0b, 0x42, 0xb0, 0xca, + 0x2b, 0xfe, 0x96, 0x24, 0xe1, 0x98, 0x87, 0x6c, 0x28, 0xb9, 0x8e, 0x90, 0x2a, 0x0a, 0x29, 0x10, + 0xf7, 0x22, 0x97, 0x84, 0x90, 0xe2, 0x34, 0x6a, 0xf7, 0x1f, 0xac, 0x9c, 0x7a, 0xeb, 0xc1, 0xca, + 0xa9, 0xb7, 0x1f, 0xac, 0x9c, 0x7a, 0x73, 0x7f, 0xc5, 0xba, 0xbf, 0xbf, 0x62, 0xbd, 0xb5, 0xbf, + 0x62, 0xbd, 0xbd, 0xbf, 0x62, 0xfd, 0x6d, 0x7f, 0xc5, 0xfa, 0xc1, 0xbb, 0x2b, 0xa7, 0x5e, 0x29, + 0xc7, 0xae, 0xfd, 0x57, 0x00, 0x00, 0x00, 0xff, 0xff, 0x38, 0x84, 0xaf, 0x0d, 0x59, 0x29, 0x00, + 0x00, } diff --git a/pkg/apis/application/v1alpha1/generated.proto b/pkg/apis/application/v1alpha1/generated.proto index 7898ba6d583f9..16b3057f006cb 100644 --- a/pkg/apis/application/v1alpha1/generated.proto +++ b/pkg/apis/application/v1alpha1/generated.proto @@ -296,10 +296,12 @@ message OperationState { message ProjectRole { optional string name = 1; + optional string description = 2; + // Policies Stores a list of casbin formated strings that define access policies for the role in the project. - repeated string policies = 2; + repeated string policies = 3; - repeated JWTToken jwtTokens = 3; + repeated JWTToken jwtTokens = 4; } // Repository is a Git repository holding application configurations diff --git a/pkg/apis/application/v1alpha1/types.go b/pkg/apis/application/v1alpha1/types.go index cde02d947b0b3..7d78659d42380 100644 --- a/pkg/apis/application/v1alpha1/types.go +++ b/pkg/apis/application/v1alpha1/types.go @@ -468,10 +468,11 @@ type AppProjectSpec struct { // ProjectRole represents a role that has access to a project type ProjectRole struct { - Name string `json:"name" protobuf:"bytes,1,opt,name=name"` + Name string `json:"name" protobuf:"bytes,1,opt,name=name"` + Description string `json:"description" protobuf:"bytes,2,opt,name=description"` // Policies Stores a list of casbin formated strings that define access policies for the role in the project. - Policies []string `json:"policies" protobuf:"bytes,2,rep,name=policies"` - JWTTokens []JWTToken `json:"jwtTokens" protobuf:"bytes,3,rep,name=jwtTokens"` + Policies []string `json:"policies" protobuf:"bytes,3,rep,name=policies"` + JWTTokens []JWTToken `json:"jwtTokens" protobuf:"bytes,4,rep,name=jwtTokens"` } // JWTToken holds the issuedAt and expiresAt values of a token diff --git a/server/project/project.pb.go b/server/project/project.pb.go index d02814ef21341..f5009b7085afe 100644 --- a/server/project/project.pb.go +++ b/server/project/project.pb.go @@ -99,10 +99,11 @@ func (m *ProjectTokenDeleteRequest) GetIat() int64 { // ProjectTokenCreateRequest defines project token creation parameters. type ProjectTokenCreateRequest struct { - Project string `protobuf:"bytes,1,opt,name=project,proto3" json:"project,omitempty"` - Role string `protobuf:"bytes,2,opt,name=role,proto3" json:"role,omitempty"` + Project string `protobuf:"bytes,1,opt,name=project,proto3" json:"project,omitempty"` + Description string `protobuf:"bytes,2,opt,name=description,proto3" json:"description,omitempty"` + Role string `protobuf:"bytes,3,opt,name=role,proto3" json:"role,omitempty"` // expiresIn represents a duration in seconds - ExpiresIn int64 `protobuf:"varint,3,opt,name=expiresIn,proto3" json:"expiresIn,omitempty"` + ExpiresIn int64 `protobuf:"varint,4,opt,name=expiresIn,proto3" json:"expiresIn,omitempty"` } func (m *ProjectTokenCreateRequest) Reset() { *m = ProjectTokenCreateRequest{} } @@ -117,6 +118,13 @@ func (m *ProjectTokenCreateRequest) GetProject() string { return "" } +func (m *ProjectTokenCreateRequest) GetDescription() string { + if m != nil { + return m.Description + } + return "" +} + func (m *ProjectTokenCreateRequest) GetRole() string { if m != nil { return m.Role @@ -602,14 +610,20 @@ func (m *ProjectTokenCreateRequest) MarshalTo(dAtA []byte) (int, error) { i = encodeVarintProject(dAtA, i, uint64(len(m.Project))) i += copy(dAtA[i:], m.Project) } - if len(m.Role) > 0 { + if len(m.Description) > 0 { dAtA[i] = 0x12 i++ + i = encodeVarintProject(dAtA, i, uint64(len(m.Description))) + i += copy(dAtA[i:], m.Description) + } + if len(m.Role) > 0 { + dAtA[i] = 0x1a + i++ i = encodeVarintProject(dAtA, i, uint64(len(m.Role))) i += copy(dAtA[i:], m.Role) } if m.ExpiresIn != 0 { - dAtA[i] = 0x18 + dAtA[i] = 0x20 i++ i = encodeVarintProject(dAtA, i, uint64(m.ExpiresIn)) } @@ -753,6 +767,10 @@ func (m *ProjectTokenCreateRequest) Size() (n int) { if l > 0 { n += 1 + l + sovProject(uint64(l)) } + l = len(m.Description) + if l > 0 { + n += 1 + l + sovProject(uint64(l)) + } l = len(m.Role) if l > 0 { n += 1 + l + sovProject(uint64(l)) @@ -1081,6 +1099,35 @@ func (m *ProjectTokenCreateRequest) Unmarshal(dAtA []byte) error { m.Project = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Description", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProject + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthProject + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Description = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field Role", wireType) } @@ -1109,7 +1156,7 @@ func (m *ProjectTokenCreateRequest) Unmarshal(dAtA []byte) error { } m.Role = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 3: + case 4: if wireType != 0 { return fmt.Errorf("proto: wrong wireType = %d for field ExpiresIn", wireType) } @@ -1548,47 +1595,49 @@ var ( func init() { proto.RegisterFile("server/project/project.proto", fileDescriptorProject) } var fileDescriptorProject = []byte{ - // 669 bytes of a gzipped FileDescriptorProto + // 689 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x55, 0x5d, 0x6b, 0x13, 0x4d, - 0x14, 0x66, 0x9b, 0xbe, 0x79, 0xed, 0xd4, 0x8f, 0x32, 0xb4, 0x9a, 0xc6, 0x36, 0x96, 0xb9, 0x90, + 0x14, 0x66, 0x9a, 0xbe, 0x79, 0xed, 0xc4, 0x8f, 0x32, 0xb4, 0x9a, 0xc6, 0x36, 0x86, 0xb9, 0x90, 0x12, 0xec, 0x0c, 0x69, 0x15, 0x8a, 0x77, 0x7e, 0x14, 0x29, 0x78, 0xa1, 0x51, 0x41, 0xf4, 0xa2, - 0x4c, 0x37, 0x87, 0xed, 0x36, 0xc9, 0xce, 0x38, 0x3b, 0x5d, 0x2d, 0xa5, 0x20, 0xc5, 0x2b, 0xbd, - 0xf4, 0x27, 0x08, 0xfe, 0x16, 0x2f, 0x05, 0xff, 0x80, 0x14, 0x7f, 0x88, 0xcc, 0xd9, 0xdd, 0xa4, - 0xdb, 0x74, 0x0b, 0x85, 0xe0, 0x55, 0xce, 0x9e, 0x39, 0x73, 0x9e, 0xe7, 0x39, 0x1f, 0x19, 0xb2, - 0x10, 0x83, 0x49, 0xc0, 0x08, 0x6d, 0xd4, 0x2e, 0xf8, 0x36, 0xff, 0xe5, 0xda, 0x28, 0xab, 0xe8, - 0xff, 0xd9, 0x67, 0x7d, 0x36, 0x50, 0x81, 0x42, 0x9f, 0x70, 0x56, 0x7a, 0x5c, 0x5f, 0x08, 0x94, - 0x0a, 0x7a, 0x20, 0xa4, 0x0e, 0x85, 0x8c, 0x22, 0x65, 0xa5, 0x0d, 0x55, 0x14, 0x67, 0xa7, 0xac, - 0xbb, 0x1e, 0xf3, 0x50, 0xe1, 0xa9, 0xaf, 0x0c, 0x88, 0xa4, 0x25, 0x02, 0x88, 0xc0, 0x48, 0x0b, - 0x9d, 0x2c, 0xe6, 0xee, 0x30, 0xa6, 0x2f, 0xfd, 0x9d, 0x30, 0x02, 0xb3, 0x2f, 0x74, 0x37, 0x70, - 0x8e, 0x58, 0xf4, 0xc1, 0xca, 0xb3, 0x6e, 0x6d, 0x06, 0xa1, 0xdd, 0xd9, 0xdb, 0xe6, 0xbe, 0xea, - 0x0b, 0x69, 0x90, 0xd8, 0x2e, 0x1a, 0x2b, 0x7e, 0x67, 0x78, 0x5b, 0x6a, 0xdd, 0x0b, 0x7d, 0xa4, - 0x24, 0x92, 0x96, 0xec, 0xe9, 0x1d, 0x39, 0x92, 0x8a, 0xbd, 0x27, 0xb3, 0xcf, 0x52, 0x8d, 0x8f, - 0x0c, 0x48, 0x0b, 0x6d, 0x78, 0xb7, 0x07, 0xb1, 0xa5, 0x5b, 0x24, 0xd7, 0x5e, 0xf3, 0x96, 0xbc, - 0xe5, 0xe9, 0xd5, 0x0d, 0x3e, 0x04, 0xe5, 0x39, 0x28, 0x1a, 0x5b, 0x7e, 0x87, 0xeb, 0x6e, 0xc0, - 0x1d, 0x28, 0x3f, 0x01, 0xca, 0x73, 0x50, 0xfe, 0x40, 0xeb, 0x0c, 0xa4, 0x9d, 0x67, 0x65, 0x6f, - 0xc9, 0x7c, 0xe6, 0x7b, 0xa9, 0xba, 0x10, 0x3d, 0x86, 0x1e, 0x0c, 0xd1, 0x6b, 0x45, 0xf4, 0xa9, - 0xc1, 0x35, 0x4a, 0xc9, 0xa4, 0x51, 0x3d, 0xa8, 0x4d, 0xa0, 0x1b, 0x6d, 0x3a, 0x43, 0x2a, 0xa1, - 0xb4, 0xb5, 0xca, 0x92, 0xb7, 0x5c, 0x69, 0x3b, 0x93, 0x05, 0xc5, 0xe4, 0x45, 0x69, 0x17, 0x4b, - 0xbe, 0x40, 0xa6, 0xe0, 0x83, 0x0e, 0x0d, 0xc4, 0x9b, 0x51, 0x06, 0x31, 0x74, 0xb0, 0x3b, 0x83, - 0xf2, 0x21, 0x50, 0x1b, 0x62, 0xad, 0xa2, 0x18, 0xe8, 0x2c, 0xf9, 0xcf, 0x3a, 0x47, 0x86, 0x90, - 0x7e, 0x30, 0x46, 0x2e, 0x67, 0xd1, 0xcf, 0xf7, 0xc0, 0xec, 0x3b, 0xbc, 0x48, 0xf6, 0x21, 0x0b, - 0x42, 0xfb, 0x44, 0x43, 0x5e, 0xe9, 0xce, 0xbf, 0x6c, 0xc8, 0x35, 0x72, 0x65, 0xa3, 0xaf, 0xed, - 0x7e, 0xae, 0x61, 0xf5, 0xfb, 0x25, 0x72, 0x35, 0x8b, 0x7a, 0x01, 0x26, 0x09, 0x7d, 0xa0, 0x9f, - 0x3d, 0x32, 0x9d, 0x16, 0x13, 0xe5, 0x52, 0xc6, 0xf3, 0x7d, 0x29, 0x2d, 0x77, 0x7d, 0xf1, 0xcc, - 0x98, 0x1c, 0x85, 0xad, 0x1f, 0xfd, 0xfa, 0xf3, 0x75, 0x62, 0x95, 0xad, 0xe0, 0x9e, 0x24, 0xad, - 0x7c, 0x03, 0x63, 0x71, 0x90, 0x59, 0x87, 0xc2, 0x35, 0x22, 0x16, 0x07, 0xee, 0xe7, 0x50, 0x60, - 0x29, 0xef, 0x7b, 0x4d, 0xfa, 0xd1, 0x23, 0xd3, 0xe9, 0xd8, 0x9c, 0x47, 0xa6, 0x30, 0x58, 0xf5, - 0xeb, 0x83, 0x98, 0x82, 0x56, 0x76, 0x0f, 0x59, 0x88, 0xe6, 0xc5, 0x58, 0xd0, 0x2f, 0x1e, 0xa9, - 0xa6, 0x6a, 0xe9, 0x88, 0xcc, 0x62, 0x15, 0xc6, 0xd3, 0x2d, 0x76, 0x13, 0x79, 0xce, 0xb1, 0x99, - 0xd3, 0x3c, 0x5d, 0x41, 0x8e, 0x3c, 0x32, 0xf9, 0x34, 0x8c, 0x2d, 0x9d, 0x3b, 0xcd, 0x05, 0xc7, - 0xad, 0xbe, 0x39, 0x16, 0x0e, 0x0e, 0x81, 0xd5, 0x90, 0x07, 0xa5, 0x23, 0x3c, 0xe8, 0x27, 0x8f, - 0x54, 0x9e, 0x40, 0x29, 0x87, 0x31, 0xd5, 0xe1, 0x16, 0xe2, 0xcf, 0xd3, 0x1b, 0xa3, 0xfd, 0x72, - 0x5b, 0x74, 0x48, 0xbf, 0x79, 0xa4, 0x9a, 0x2e, 0xd0, 0x68, 0x67, 0x0a, 0x8b, 0x35, 0x2e, 0x46, - 0x6b, 0xc8, 0x68, 0xa5, 0xbe, 0x5c, 0x3a, 0x41, 0xdc, 0xfd, 0x9d, 0x77, 0xa4, 0x95, 0x1c, 0x29, - 0xba, 0x8e, 0xbd, 0x26, 0xd5, 0x74, 0x3e, 0xcb, 0xca, 0x55, 0x36, 0xaf, 0x99, 0xfe, 0x66, 0xa9, - 0xfe, 0x5d, 0x42, 0x5c, 0xa3, 0x36, 0x12, 0x88, 0x6c, 0x5c, 0x96, 0x7d, 0x91, 0xa7, 0xcf, 0x8f, - 0x53, 0xc8, 0xdd, 0x13, 0xc5, 0x93, 0x16, 0xc7, 0x2b, 0xd8, 0xe4, 0xdb, 0x08, 0xb2, 0x44, 0x1b, - 0x25, 0x20, 0x02, 0x30, 0xfb, 0xc3, 0xf5, 0x1f, 0xc7, 0x0d, 0xef, 0xe7, 0x71, 0xc3, 0xfb, 0x7d, - 0xdc, 0xf0, 0xde, 0x34, 0xcf, 0x7b, 0x9c, 0x8a, 0xaf, 0xed, 0x76, 0x15, 0x1f, 0xa1, 0xb5, 0xbf, - 0x01, 0x00, 0x00, 0xff, 0xff, 0xea, 0x51, 0x0e, 0x79, 0x86, 0x07, 0x00, 0x00, + 0x4c, 0x37, 0x87, 0xed, 0x36, 0xc9, 0xce, 0x38, 0x3b, 0x5d, 0x2d, 0xa5, 0x20, 0xc5, 0x1b, 0xf5, + 0xd2, 0x9f, 0x20, 0xf8, 0x5b, 0xbc, 0x14, 0xfc, 0x03, 0x12, 0xfc, 0x21, 0x32, 0xb3, 0xbb, 0x49, + 0xb6, 0xe9, 0x16, 0x84, 0xe0, 0x55, 0xce, 0x9e, 0x39, 0x73, 0x9e, 0xe7, 0x39, 0x1f, 0x19, 0xbc, + 0x1c, 0x81, 0x8e, 0x41, 0x73, 0xa5, 0xe5, 0x3e, 0x78, 0x26, 0xfb, 0x65, 0x4a, 0x4b, 0x23, 0xc9, + 0xff, 0xe9, 0x67, 0x6d, 0xc1, 0x97, 0xbe, 0x74, 0x3e, 0x6e, 0xad, 0xe4, 0xb8, 0xb6, 0xec, 0x4b, + 0xe9, 0xf7, 0x80, 0x0b, 0x15, 0x70, 0x11, 0x86, 0xd2, 0x08, 0x13, 0xc8, 0x30, 0x4a, 0x4f, 0x69, + 0x77, 0x33, 0x62, 0x81, 0x74, 0xa7, 0x9e, 0xd4, 0xc0, 0xe3, 0x16, 0xf7, 0x21, 0x04, 0x2d, 0x0c, + 0x74, 0xd2, 0x98, 0xdb, 0xa3, 0x98, 0xbe, 0xf0, 0xf6, 0x82, 0x10, 0xf4, 0x21, 0x57, 0x5d, 0xdf, + 0x3a, 0x22, 0xde, 0x07, 0x23, 0xce, 0xba, 0xb5, 0xed, 0x07, 0x66, 0xef, 0x60, 0x97, 0x79, 0xb2, + 0xcf, 0x85, 0x76, 0xc4, 0xf6, 0x9d, 0xb1, 0xe6, 0x75, 0x46, 0xb7, 0x85, 0x52, 0xbd, 0xc0, 0x73, + 0x94, 0x78, 0xdc, 0x12, 0x3d, 0xb5, 0x27, 0x26, 0x52, 0xd1, 0xb7, 0x78, 0xe1, 0x49, 0xa2, 0xf1, + 0x81, 0x06, 0x61, 0xa0, 0x0d, 0x6f, 0x0e, 0x20, 0x32, 0x64, 0x07, 0x67, 0xda, 0xab, 0xa8, 0x81, + 0x56, 0x2b, 0xeb, 0x5b, 0x6c, 0x04, 0xca, 0x32, 0x50, 0x67, 0xec, 0x78, 0x1d, 0xa6, 0xba, 0x3e, + 0xb3, 0xa0, 0x6c, 0x0c, 0x94, 0x65, 0xa0, 0xec, 0x9e, 0x52, 0x29, 0x48, 0x3b, 0xcb, 0x4a, 0x5f, + 0xe3, 0xa5, 0xd4, 0xf7, 0x5c, 0x76, 0x21, 0x7c, 0x08, 0x3d, 0x18, 0xa1, 0x57, 0xf3, 0xe8, 0x73, + 0xc3, 0x6b, 0x84, 0xe0, 0x59, 0x2d, 0x7b, 0x50, 0x9d, 0x71, 0x6e, 0x67, 0x93, 0x79, 0x5c, 0x0a, + 0x84, 0xa9, 0x96, 0x1a, 0x68, 0xb5, 0xd4, 0xb6, 0x26, 0xfd, 0x88, 0xf2, 0xd9, 0xf3, 0xda, 0x8a, + 0xb3, 0x37, 0x70, 0xa5, 0x03, 0x91, 0xa7, 0x03, 0x65, 0x05, 0xa4, 0x20, 0xe3, 0xae, 0x21, 0x7e, + 0x69, 0x0c, 0x7f, 0x19, 0xcf, 0xc1, 0x3b, 0x15, 0x68, 0x88, 0xb6, 0xc3, 0xea, 0xac, 0x63, 0x31, + 0x72, 0xd0, 0x5b, 0xc3, 0x0a, 0x3b, 0x2a, 0x6d, 0x88, 0x94, 0x0c, 0x23, 0x20, 0x0b, 0xf8, 0x3f, + 0x63, 0x1d, 0x29, 0x87, 0xe4, 0x83, 0x52, 0x7c, 0x31, 0x8d, 0x7e, 0x7a, 0x00, 0xfa, 0xd0, 0xe2, + 0x85, 0xa2, 0x0f, 0x69, 0x90, 0xb3, 0xc7, 0x7a, 0xf6, 0x42, 0x75, 0xfe, 0x65, 0xcf, 0xae, 0xe0, + 0x4b, 0x5b, 0x7d, 0x65, 0x0e, 0x33, 0x0d, 0xeb, 0xdf, 0x2e, 0xe0, 0xcb, 0x69, 0xd4, 0x33, 0xd0, + 0x71, 0xe0, 0x01, 0xf9, 0x84, 0x70, 0x25, 0x29, 0xb7, 0x93, 0x4b, 0x28, 0xcb, 0x56, 0xaa, 0xb0, + 0x21, 0xb5, 0x95, 0x33, 0x63, 0x32, 0x14, 0xba, 0x79, 0xf2, 0xf3, 0xf7, 0x97, 0x99, 0x75, 0xba, + 0xe6, 0x56, 0x29, 0x6e, 0x65, 0x4b, 0x1a, 0xf1, 0xa3, 0xd4, 0x3a, 0xe6, 0xb6, 0x11, 0x11, 0x3f, + 0xb2, 0x3f, 0xc7, 0xdc, 0x95, 0xf2, 0x2e, 0x6a, 0x92, 0xf7, 0x08, 0x57, 0x92, 0xc9, 0x3a, 0x8f, + 0x4c, 0x6e, 0xf6, 0x6a, 0x57, 0x87, 0x31, 0x39, 0xad, 0xf4, 0x8e, 0x63, 0xc1, 0x9b, 0x7f, 0xc7, + 0x82, 0x7c, 0x46, 0xb8, 0x9c, 0xa8, 0x25, 0x13, 0x32, 0xf3, 0x55, 0x98, 0x4e, 0xb7, 0xe8, 0x75, + 0xc7, 0x73, 0x91, 0xce, 0x9f, 0xe6, 0x69, 0x0b, 0x72, 0x82, 0xf0, 0xec, 0xe3, 0x20, 0x32, 0x64, + 0xf1, 0x34, 0x17, 0x37, 0x6e, 0xb5, 0xed, 0xa9, 0x70, 0xb0, 0x08, 0xb4, 0xea, 0x78, 0x10, 0x32, + 0xc1, 0x83, 0x7c, 0x40, 0xb8, 0xf4, 0x08, 0x0a, 0x39, 0x4c, 0xa9, 0x0e, 0x37, 0x1c, 0xfe, 0x12, + 0xb9, 0x36, 0xd9, 0x2f, 0xbb, 0x45, 0xc7, 0xe4, 0x2b, 0xc2, 0xe5, 0x64, 0x81, 0x26, 0x3b, 0x93, + 0x5b, 0xac, 0x69, 0x31, 0xda, 0x70, 0x8c, 0xd6, 0x6a, 0xab, 0x85, 0x13, 0xc4, 0xec, 0x3f, 0x7e, + 0x47, 0x18, 0xc1, 0x1c, 0x45, 0xdb, 0xb1, 0x97, 0xb8, 0x9c, 0xcc, 0x67, 0x51, 0xb9, 0x8a, 0xe6, + 0x35, 0xd5, 0xdf, 0x2c, 0xd4, 0xbf, 0x8f, 0xb1, 0x6d, 0xd4, 0x56, 0x0c, 0xa1, 0x89, 0x8a, 0xb2, + 0xaf, 0xb0, 0xe4, 0x85, 0xb2, 0x0a, 0x99, 0x7d, 0xc5, 0x58, 0xdc, 0x62, 0xee, 0x8a, 0x6b, 0xf2, + 0x4d, 0x07, 0xd2, 0x20, 0xf5, 0x02, 0x10, 0x0e, 0x2e, 0xfb, 0xfd, 0xcd, 0xef, 0x83, 0x3a, 0xfa, + 0x31, 0xa8, 0xa3, 0x5f, 0x83, 0x3a, 0x7a, 0xd5, 0x3c, 0xef, 0xfd, 0xca, 0x3f, 0xc8, 0xbb, 0x65, + 0xf7, 0x4e, 0x6d, 0xfc, 0x09, 0x00, 0x00, 0xff, 0xff, 0x53, 0xd4, 0xec, 0x49, 0xa9, 0x07, 0x00, + 0x00, } diff --git a/server/project/project.proto b/server/project/project.proto index aa03745bb2c95..5cd75d61485fc 100644 --- a/server/project/project.proto +++ b/server/project/project.proto @@ -28,9 +28,10 @@ message ProjectTokenDeleteRequest { // ProjectTokenCreateRequest defines project token creation parameters. message ProjectTokenCreateRequest { string project = 1; - string role = 2; + string description = 2; + string role = 3; // expiresIn represents a duration in seconds - int64 expiresIn = 3; + int64 expiresIn = 4; } // ProjectTokenResponse wraps the created token or returns an empty string if deleted. message ProjectTokenResponse { diff --git a/server/swagger.json b/server/swagger.json index 091b9da85dc89..9ff607b887108 100644 --- a/server/swagger.json +++ b/server/swagger.json @@ -1407,6 +1407,9 @@ "description": "ProjectTokenCreateRequest defines project token creation parameters.", "type": "object", "properties": { + "description": { + "type": "string" + }, "expiresIn": { "type": "string", "format": "int64", @@ -2377,6 +2380,9 @@ "type": "object", "title": "ProjectRole represents a role that has access to a project", "properties": { + "description": { + "type": "string" + }, "jwtTokens": { "type": "array", "items": { From d6d5fcede88905b7c078a907aa95f57ed5b82693 Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Tue, 14 Aug 2018 15:44:24 -0700 Subject: [PATCH 42/43] Refactor CLI to getting role cleaner --- cmd/argocd/commands/project.go | 62 ++++++++++++++++++++++++++++------ 1 file changed, 51 insertions(+), 11 deletions(-) diff --git a/cmd/argocd/commands/project.go b/cmd/argocd/commands/project.go index eb70875ef7021..87fe734aed6eb 100644 --- a/cmd/argocd/commands/project.go +++ b/cmd/argocd/commands/project.go @@ -7,8 +7,10 @@ import ( "strconv" "strings" "text/tabwriter" + "time" timeutil "github.com/argoproj/pkg/time" + "github.com/dustin/go-humanize" log "github.com/sirupsen/logrus" "github.com/spf13/cobra" "github.com/spf13/pflag" @@ -65,7 +67,6 @@ func NewProjectCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { os.Exit(1) }, } - command.AddCommand(NewProjectRoleCommand(clientOpts)) command.AddCommand(NewProjectCreateCommand(clientOpts)) command.AddCommand(NewProjectDeleteCommand(clientOpts)) @@ -102,6 +103,7 @@ func NewProjectRoleCommand(clientOpts *argocdclient.ClientOptions) *cobra.Comman }, } roleCommand.AddCommand(NewProjectRoleListCommand(clientOpts)) + roleCommand.AddCommand(NewProjectRoleGetCommand(clientOpts)) roleCommand.AddCommand(NewProjectRoleCreateCommand(clientOpts)) roleCommand.AddCommand(NewProjectRoleDeleteCommand(clientOpts)) roleCommand.AddCommand(NewProjectRoleCreateTokenCommand(clientOpts)) @@ -357,18 +359,51 @@ func NewProjectRoleListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co project, err := projIf.Get(context.Background(), &project.ProjectQuery{Name: projName}) errors.CheckError(err) w := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0) - fmt.Fprintf(w, "ROLE-NAME\tDESCRIPTION\tISSUED-AT\tEXPIRES-AT\tPOLICIES\n") + fmt.Fprintf(w, "ROLE-NAME\tDESCRIPTION\n") for _, role := range project.Spec.Roles { - fmt.Fprintf(w, "%s\n", role.Name) - if role.JWTTokens != nil { - for _, token := range role.JWTTokens { - fmt.Fprintf(w, "%s\t%s\t%d\t%d\n", role.Name, role.Description, token.IssuedAt, token.ExpiresAt) - - for _, policy := range role.Policies { - fmt.Fprintf(w, "%s\t%s\t%d\t%d\t%s\n", role.Name, role.Description, token.IssuedAt, token.ExpiresAt, policy) - } - } + fmt.Fprintf(w, "%s\t%s\n", role.Name, role.Description) + } + _ = w.Flush() + }, + } + return command +} + +// NewProjectRoleGetCommand returns a new instance of an `argocd proj roles get` command +func NewProjectRoleGetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { + var command = &cobra.Command{ + Use: "get PROJECT ROLE-NAME", + Short: "Get the details of a specific role", + Run: func(c *cobra.Command, args []string) { + if len(args) != 2 { + c.HelpFunc()(c, args) + os.Exit(1) + } + projName := args[0] + roleName := args[1] + conn, projIf := argocdclient.NewClientOrDie(clientOpts).NewProjectClientOrDie() + defer util.Close(conn) + + project, err := projIf.Get(context.Background(), &project.ProjectQuery{Name: projName}) + errors.CheckError(err) + + index, err := projectutil.GetRoleIndexByName(project, roleName) + errors.CheckError(err) + role := project.Spec.Roles[index] + + w := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0) + fmt.Fprintf(w, "Role Name: %s\n", roleName) + fmt.Fprintf(w, "Description:%s\n", role.Description) + fmt.Fprintf(w, "Policies:\n") + fmt.Fprintf(w, "%s\n", project.ProjectPoliciesString()) + fmt.Fprintf(w, "Jwt Tokens:\n") + fmt.Fprintf(w, "ID\tISSUED-AT\tEXPIRES-AT\n") + for _, token := range role.JWTTokens { + expiresAt := "" + if token.ExpiresAt > 0 { + expiresAt = humanizeTimestamp(token.ExpiresAt) } + fmt.Fprintf(w, "%d\t%s\t%s\n", token.IssuedAt, humanizeTimestamp(token.IssuedAt), expiresAt) } _ = w.Flush() }, @@ -376,6 +411,11 @@ func NewProjectRoleListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co return command } +func humanizeTimestamp(epoch int64) string { + ts := time.Unix(epoch, 0) + return fmt.Sprintf("%s (%s)", ts.Format("Mon Jan 02 15:04:05 -0700"), humanize.Time(ts)) +} + // NewProjectCreateCommand returns a new instance of an `argocd proj create` command func NewProjectCreateCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { var ( From 1a9d159b51e3dd33dd91ab90dbbd5f7644cfb222 Mon Sep 17 00:00:00 2001 From: Danny Thomson Date: Tue, 14 Aug 2018 16:06:35 -0700 Subject: [PATCH 43/43] Humanize IssueAt and ExpiredAt values in CLI --- Gopkg.lock | 9 +++++++++ Gopkg.toml | 1 + cmd/argocd/commands/project.go | 4 ++-- 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/Gopkg.lock b/Gopkg.lock index b48deb6ded804..58c86ccec3520 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -135,6 +135,14 @@ revision = "06ea1031745cb8b3dab3f6a236daf2b0aa468b7e" version = "v3.2.0" +[[projects]] + branch = "master" + digest = "1:f1a75a8e00244e5ea77ff274baa9559eb877437b240ee7b278f3fc560d9f08bf" + name = "github.com/dustin/go-humanize" + packages = ["."] + pruneopts = "" + revision = "9f541cc9db5d55bce703bd99987c9d5cb8eea45e" + [[projects]] digest = "1:971e9ba63a417c5f1f83ab358677bc59e96ff04285f26c6646ff089fb60b15e8" name = "github.com/emicklei/go-restful" @@ -1230,6 +1238,7 @@ "github.com/coreos/dex/api", "github.com/coreos/go-oidc", "github.com/dgrijalva/jwt-go", + "github.com/dustin/go-humanize", "github.com/ghodss/yaml", "github.com/go-openapi/loads", "github.com/go-openapi/runtime/middleware", diff --git a/Gopkg.toml b/Gopkg.toml index c74711aa542c7..fd823280b247c 100644 --- a/Gopkg.toml +++ b/Gopkg.toml @@ -8,6 +8,7 @@ required = [ "github.com/golang/protobuf/protoc-gen-go", "golang.org/x/tools/cmd/cover", "github.com/argoproj/pkg/time", + "github.com/dustin/go-humanize", ] [[constraint]] diff --git a/cmd/argocd/commands/project.go b/cmd/argocd/commands/project.go index 87fe734aed6eb..49a31df420cad 100644 --- a/cmd/argocd/commands/project.go +++ b/cmd/argocd/commands/project.go @@ -399,7 +399,7 @@ func NewProjectRoleGetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Com fmt.Fprintf(w, "Jwt Tokens:\n") fmt.Fprintf(w, "ID\tISSUED-AT\tEXPIRES-AT\n") for _, token := range role.JWTTokens { - expiresAt := "" + expiresAt := "" if token.ExpiresAt > 0 { expiresAt = humanizeTimestamp(token.ExpiresAt) } @@ -413,7 +413,7 @@ func NewProjectRoleGetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Com func humanizeTimestamp(epoch int64) string { ts := time.Unix(epoch, 0) - return fmt.Sprintf("%s (%s)", ts.Format("Mon Jan 02 15:04:05 -0700"), humanize.Time(ts)) + return fmt.Sprintf("%s (%s)", ts.Format(time.RFC3339), humanize.Time(ts)) } // NewProjectCreateCommand returns a new instance of an `argocd proj create` command