From 1c35713ceb981689cb45e19cb8e13de9213edb4f Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Wed, 25 Jan 2023 22:46:16 -0800 Subject: [PATCH 01/47] operator-sts patch-crd files no longer needed add policy binding CRD to olm fix kustomizations Adding KES example with cert-manager (#1415) Deprecating audit logs from kustomization examples (#1425) deprecating audit logs from kustomization Parse .spec.features.domains.minio array elements (#1378) * Infer schema from tenant TLS, if not explicit in `.spec.features.domains.minio` Tenant field. --- .gitignore | 4 +- Makefile | 17 +- README.md | 3 +- docs/console.md | 2 +- docs/kes.md | 2 +- docs/operator-fields.md | 2 +- docs/policybinding_crd.adoc | 118 ++ docs/sidecars.md | 2 +- docs/tenat_crd.adoc | 1108 +++++++++++++++++ examples/kustomization/base/tenant.yaml | 99 +- .../tenant-PolicyBinding/kustomization.yaml | 14 + .../policy-binded-client.yaml | 37 + .../tenant-PolicyBinding/setup-bucket.yaml | 65 + .../tenant-PolicyBinding/tenant.yaml | 26 + .../tenant-PolicyBinding/tenantNamePatch.yaml | 3 + .../tenant-certmanager-kes/certificates.yaml | 35 + .../tenant-certmanager-kes/kustomization.yaml | 18 + .../tenant-certmanager-kes/tenant.yaml | 29 + .../tenantNamePatch.yaml | 4 + .../tenant-certmanager-kes/ubuntu.yaml | 24 + .../tenant-certmanager-kes/vault.yaml | 50 + helm/operator/templates/cluster-role.yaml | 7 + helm/operator/templates/operator-service.yaml | 15 + .../templates/sts.min.io_policybindings.yaml | 78 ++ k8s/update-codegen.sh | 2 +- kustomization.yaml | 2 +- main.go | 16 + pkg/apis/minio.min.io/v2/helper.go | 62 +- pkg/apis/minio.min.io/v2/helper_test.go | 16 +- .../minio.min.io/v2/zz_generated.deepcopy.go | 5 + pkg/apis/sts.min.io/register.go | 20 + pkg/apis/sts.min.io/v1beta1/doc.go | 21 + pkg/apis/sts.min.io/v1beta1/register.go | 57 + pkg/apis/sts.min.io/v1beta1/types.go | 91 ++ .../v1beta1/zz_generated.deepcopy.go | 162 +++ pkg/client/clientset/versioned/clientset.go | 58 +- .../versioned/fake/clientset_generated.go | 12 +- .../clientset/versioned/fake/register.go | 2 + .../clientset/versioned/scheme/register.go | 2 + .../typed/minio.min.io/v1/fake/fake_tenant.go | 2 +- .../minio.min.io/v1/minio.min.io_client.go | 20 +- .../typed/minio.min.io/v2/fake/fake_tenant.go | 2 +- .../minio.min.io/v2/minio.min.io_client.go | 20 +- .../versioned/typed/sts.min.io/v1beta1/doc.go | 20 + .../typed/sts.min.io/v1beta1/fake/doc.go | 20 + .../v1beta1/fake/fake_policybinding.go | 142 +++ .../v1beta1/fake/fake_sts.min.io_client.go | 40 + .../sts.min.io/v1beta1/generated_expansion.go | 21 + .../typed/sts.min.io/v1beta1/policybinding.go | 195 +++ .../sts.min.io/v1beta1/sts.min.io_client.go | 107 ++ .../informers/externalversions/factory.go | 6 + .../informers/externalversions/generic.go | 5 + .../externalversions/sts.min.io/interface.go | 46 + .../sts.min.io/v1beta1/interface.go | 45 + .../sts.min.io/v1beta1/policybinding.go | 90 ++ .../sts.min.io/v1beta1/expansion_generated.go | 27 + .../sts.min.io/v1beta1/policybinding.go | 99 ++ pkg/controller/cluster/http_handlers.go | 162 +++ pkg/controller/cluster/main-controller.go | 179 ++- pkg/controller/cluster/sts.go | 394 ++++++ pkg/controller/cluster/tls.go | 94 +- pkg/internal/http.go | 182 +++ .../statefulsets/minio-statefulset.go | 12 +- release.sh | 2 +- resources/base/cluster-role.yaml | 7 + resources/base/crds/kustomization.yaml | 7 + .../crds/policybinding/crd-conversion.yaml | 11 + .../crds/policybinding/kustomization.yaml | 8 + .../sts.min.io_policybindings.yaml | 78 ++ .../crds/tenant}/crd-conversion.yaml | 0 .../crds/tenant}/kustomization.yaml | 3 +- .../{ => tenant}/minio.min.io_tenants.yaml | 0 resources/base/deployment.yaml | 2 + resources/base/kustomization.yaml | 2 +- resources/base/service.yaml | 18 + resources/kustomization.yaml | 3 +- resources/templates/olm-template.yaml | 3 + 77 files changed, 4194 insertions(+), 170 deletions(-) create mode 100644 docs/policybinding_crd.adoc create mode 100644 docs/tenat_crd.adoc create mode 100644 examples/kustomization/tenant-PolicyBinding/kustomization.yaml create mode 100644 examples/kustomization/tenant-PolicyBinding/policy-binded-client.yaml create mode 100644 examples/kustomization/tenant-PolicyBinding/setup-bucket.yaml create mode 100644 examples/kustomization/tenant-PolicyBinding/tenant.yaml create mode 100644 examples/kustomization/tenant-PolicyBinding/tenantNamePatch.yaml create mode 100644 examples/kustomization/tenant-certmanager-kes/certificates.yaml create mode 100644 examples/kustomization/tenant-certmanager-kes/kustomization.yaml create mode 100644 examples/kustomization/tenant-certmanager-kes/tenant.yaml create mode 100644 examples/kustomization/tenant-certmanager-kes/tenantNamePatch.yaml create mode 100644 examples/kustomization/tenant-certmanager-kes/ubuntu.yaml create mode 100644 examples/kustomization/tenant-certmanager-kes/vault.yaml create mode 100644 helm/operator/templates/sts.min.io_policybindings.yaml create mode 100644 pkg/apis/sts.min.io/register.go create mode 100644 pkg/apis/sts.min.io/v1beta1/doc.go create mode 100644 pkg/apis/sts.min.io/v1beta1/register.go create mode 100644 pkg/apis/sts.min.io/v1beta1/types.go create mode 100644 pkg/apis/sts.min.io/v1beta1/zz_generated.deepcopy.go create mode 100644 pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/doc.go create mode 100644 pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/fake/doc.go create mode 100644 pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/fake/fake_policybinding.go create mode 100644 pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/fake/fake_sts.min.io_client.go create mode 100644 pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/generated_expansion.go create mode 100644 pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/policybinding.go create mode 100644 pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/sts.min.io_client.go create mode 100644 pkg/client/informers/externalversions/sts.min.io/interface.go create mode 100644 pkg/client/informers/externalversions/sts.min.io/v1beta1/interface.go create mode 100644 pkg/client/informers/externalversions/sts.min.io/v1beta1/policybinding.go create mode 100644 pkg/client/listers/sts.min.io/v1beta1/expansion_generated.go create mode 100644 pkg/client/listers/sts.min.io/v1beta1/policybinding.go create mode 100644 pkg/controller/cluster/sts.go create mode 100644 pkg/internal/http.go create mode 100644 resources/base/crds/kustomization.yaml create mode 100644 resources/base/crds/policybinding/crd-conversion.yaml create mode 100644 resources/base/crds/policybinding/kustomization.yaml create mode 100644 resources/base/crds/policybinding/sts.min.io_policybindings.yaml rename resources/{patch-crd => base/crds/tenant}/crd-conversion.yaml (100%) rename resources/{patch-crd => base/crds/tenant}/kustomization.yaml (80%) rename resources/base/crds/{ => tenant}/minio.min.io_tenants.yaml (100%) diff --git a/.gitignore b/.gitignore index 2b48f341ff4..38fbecb1dfb 100644 --- a/.gitignore +++ b/.gitignore @@ -14,4 +14,6 @@ logsearchapi-bin *.log .vscode minio.yaml -nancy \ No newline at end of file +nancy +examples/.DS_Store + diff --git a/Makefile b/Makefile index 9279dfc7975..136a5a83ec7 100644 --- a/Makefile +++ b/Makefile @@ -7,7 +7,8 @@ VERSIONV ?= $(shell git describe --tags | sed 's,v,,g') endif TAG ?= "minio/operator:$(VERSION)" LDFLAGS ?= "-s -w -X main.Version=$(VERSION)" -TMPFILE := $(shell mktemp) +TMP_TENANT_CRD_FILE := $(shell mktemp) +TMP_PB_CRD_FILE := $(shell mktemp) GOPATH := $(shell go env GOPATH) GOARCH := $(shell go env GOARCH) GOOS := $(shell go env GOOS) @@ -67,13 +68,19 @@ clean: regen-crd: @go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.11.1 @${GOPATH}/bin/controller-gen crd:maxDescLen=0,generateEmbeddedObjectMeta=true paths="./..." output:crd:artifacts:config=$(KUSTOMIZE_CRDS) - @kustomize build resources/patch-crd > $(TMPFILE) - @mv -f $(TMPFILE) resources/base/crds/minio.min.io_tenants.yaml - @sed 's#namespace: minio-operator#namespace: {{ .Release.Namespace }}#g' resources/base/crds/minio.min.io_tenants.yaml > $(HELM_TEMPLATES)/minio.min.io_tenants.yaml + @mv $(KUSTOMIZE_CRDS)/minio.min.io_tenants.yaml $(KUSTOMIZE_CRDS)/tenant + @mv $(KUSTOMIZE_CRDS)/sts.min.io_policybindings.yaml $(KUSTOMIZE_CRDS)/policybinding + @kustomize build resources/base/crds/tenant > $(TMP_TENANT_CRD_FILE) + @mv -f $(TMP_TENANT_CRD_FILE) resources/base/crds/tenant/minio.min.io_tenants.yaml + @sed 's#namespace: minio-operator#namespace: {{ .Release.Namespace }}#g' resources/base/crds/tenant/minio.min.io_tenants.yaml > $(HELM_TEMPLATES)/minio.min.io_tenants.yaml + @kustomize build resources/base/crds/policybinding > $(TMP_PB_CRD_FILE) + @mv -f $(TMP_PB_CRD_FILE) resources/base/crds/policybinding/sts.min.io_policybindings.yaml + @sed 's#namespace: minio-operator#namespace: {{ .Release.Namespace }}#g' resources/base/crds/policybinding/sts.min.io_policybindings.yaml > $(HELM_TEMPLATES)/sts.min.io_policybindings.yaml regen-crd-docs: @which crd-ref-docs 1>/dev/null || (echo "Installing crd-ref-docs" && GO111MODULE=on go install -v github.com/elastic/crd-ref-docs@latest) - @${GOPATH}/bin/crd-ref-docs --source-path=./pkg/apis/minio.min.io/v2 --config=docs/templates/config.yaml --renderer=asciidoctor --output-path=docs/crd.adoc --templates-dir=docs/templates/asciidoctor/ + @${GOPATH}/bin/crd-ref-docs --source-path=./pkg/apis/minio.min.io/v2 --config=docs/templates/config.yaml --renderer=asciidoctor --output-path=docs/tenat_crd.adoc --templates-dir=docs/templates/asciidoctor/ + @${GOPATH}/bin/crd-ref-docs --source-path=./pkg/apis/sts.min.io/v1beta1 --config=docs/templates/config.yaml --renderer=asciidoctor --output-path=docs/policybinding_crd.adoc --templates-dir=docs/templates/asciidoctor/ plugin: regen-crd @echo "Building 'kubectl-minio' binary" diff --git a/README.md b/README.md index 89c00155350..bf36e26bbe3 100644 --- a/README.md +++ b/README.md @@ -318,4 +318,5 @@ Use of MinIO Operator is governed by the GNU AGPLv3 or later, found in the [LICE - [Apply PodSecurityPolicy](https://github.com/minio/operator/blob/master/docs/pod-security-policy.md). - [Deploy MinIO Tenant with Console](https://github.com/minio/operator/blob/master/docs/console.md). - [Deploy MinIO Tenant with KES](https://github.com/minio/operator/blob/master/docs/kes.md). -- [Tenant API Documentation](docs/crd.adoc) +- [Tenant API Documentation](docs/tenat_crd.adoc) +- [Policy Binding API Documentation](docs/policybinding_crd.adoc) diff --git a/docs/console.md b/docs/console.md index 2856c3ed0b5..37e96550301 100644 --- a/docs/console.md +++ b/docs/console.md @@ -20,4 +20,4 @@ kubectl create -f https://raw.githubusercontent.com/minio/operator/master/exampl kubectl minio tenant create --name tenant1 --secret tenant1-secret --servers 4 --volumes 16 --capacity 16Ti --namespace tenant1-ns --console-secret console-secret ``` -A complete list of values is available [here](crd.adoc##consoleconfiguration) in the API reference. +A complete list of values is available [here](tenat_crd.adoc##consoleconfiguration) in the API reference. diff --git a/docs/kes.md b/docs/kes.md index b5be3d18ba9..43a291fb21c 100644 --- a/docs/kes.md +++ b/docs/kes.md @@ -36,4 +36,4 @@ KES Configuration is a part of Tenant yaml file. Check the sample file [availabl | spec.kes.kesSecret | Secret to specify KES Configuration. This is a mandatory field. | | spec.kes.metadata | This allows a way to map metadata to the KES pods. Internally `metadata` is a struct type as [explained here](https://godoc.org/k8s.io/apimachinery/pkg/apis/meta/v1#ObjectMeta). | -A complete list of values is available [here](crd.adoc#kesconfig) in the API reference. +A complete list of values is available [here](tenat_crd.adoc#kesconfig) in the API reference. diff --git a/docs/operator-fields.md b/docs/operator-fields.md index 6d9d38e6796..4976ff9935e 100644 --- a/docs/operator-fields.md +++ b/docs/operator-fields.md @@ -45,4 +45,4 @@ MinIO Operator creates native Kubernetes resources within the cluster. If the Te | spec.pools.volumesPerServer | Set the number of volume mounts per MinIO node. For example if you set `spec.pools[0].Servers = 4`, `spec.pools[1].Servers = 8` and `spec.volumesPerServer = 4`, then you'll have total 12 MinIO Pods, with 4 volume mounts on each Pod. Note that `volumesPerServer` is static per cluster and that expanding a cluster will add new nodes. | | spec.pools.tolerations | Define a toleration for the Tenant pod to match a taint. Refer [this document](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) for details. | -A complete list of values is available [here](crd.adoc) in the API reference. +A complete list of values is available [here](tenat_crd.adoc) in the API reference. diff --git a/docs/policybinding_crd.adoc b/docs/policybinding_crd.adoc new file mode 100644 index 00000000000..1fff95d2fb0 --- /dev/null +++ b/docs/policybinding_crd.adoc @@ -0,0 +1,118 @@ +// Generated documentation. Please do not edit. +:anchor_prefix: k8s-api + +[id="{p}-api-reference"] +== API Reference + +:minio-image: https://hub.docker.com/r/minio/minio/tags[minio/minio:RELEASE.2023-01-12T02-06-16Z] +:kes-image: https://hub.docker.com/r/minio/kes/tags[minio/kes:v0.18.0] +:prometheus-image: https://quay.io/prometheus/prometheus:latest[prometheus/prometheus:latest] +:logsearch-image: https://hub.docker.com/r/minio/operator/tags[minio/operator:v4.5.8] +:postgres-image: https://github.com/docker-library/postgres[library/postgres] + + +[id="{anchor_prefix}-sts-min-io-v1beta1"] +=== sts.min.io/v1beta1 + +Package v1beta1 is the v1beta1 version of the API. + + + +[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-sts-min-io-v1beta1-application"] +==== Application + +Application defines the `Namespace` and `ServiceAccount` + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-sts-min-io-v1beta1-policybindingspec[$$PolicyBindingSpec$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description + +|*`namespace`* __string__ +|*Required* + + +|*`serviceaccount`* __string__ +|*Required* + + +|=== + + +[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-sts-min-io-v1beta1-policybinding"] +==== PolicyBinding + +PolicyBinding is a https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/[Kubernetes object] describing a MinIO PolicyBinding. + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-sts-min-io-v1beta1-policybindinglist[$$PolicyBindingList$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description + +|*`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#objectmeta-v1-meta[$$ObjectMeta$$]__ +|Refer to Kubernetes API documentation for fields of `metadata`. + + +|*`spec`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-sts-min-io-v1beta1-policybindingspec[$$PolicyBindingSpec$$]__ +|*Required* + + The root field for the MinIO PolicyBinding object. + +|=== + + + + +[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-sts-min-io-v1beta1-policybindingspec"] +==== PolicyBindingSpec + +PolicyBindingSpec (`spec`) defines the configuration of a MinIO PolicyBinding object. + + The following parameters are specific to the `sts.min.io/v1beta1` MinIO Policy Binding CRD API `spec` definition added as part of the MinIO Operator v5.0.0. + + PolicyBinding is a Auhtorization mechanism managed by the Minio Operator using Kubernetes ServiceAccount native object, the Binding allow to an ServiceAccount to assume policies inside a tenant. For more complete documentation on this object, see the https://docs.min.io/minio/k8s/reference/minio-operator-reference.html#minio-operator-yaml-reference[MinIO Kubernetes Documentation]. + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-sts-min-io-v1beta1-policybinding[$$PolicyBinding$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description + +|*`application`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-sts-min-io-v1beta1-application[$$Application$$]__ +|*Required* + + The Application Property identifies the namespace and service account that will be authorized + +|*`policies`* __string array__ +|*Required* + + +|=== + + + + +[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-sts-min-io-v1beta1-policybindingusage"] +==== PolicyBindingUsage + +PolicyBindingUsage are metrics regarding the usage of the policyBinding + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-sts-min-io-v1beta1-policybindingstatus[$$PolicyBindingStatus$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description + +|*`authotizations`* __integer__ +| + +|=== + + diff --git a/docs/sidecars.md b/docs/sidecars.md index 433c99933a9..d7c130be4a0 100644 --- a/docs/sidecars.md +++ b/docs/sidecars.md @@ -32,4 +32,4 @@ The following example configures a warp container to run in the same pod as the **Note:** the MinIO Service for the tenant won't expose the ports added in the sidecar. It's up to the user to expose these ports with their own services. -A complete list of values is available [here](crd.adoc##sidecars) in the API reference. \ No newline at end of file +A complete list of values is available [here](tenat_crd.adoc##sidecars) in the API reference. \ No newline at end of file diff --git a/docs/tenat_crd.adoc b/docs/tenat_crd.adoc new file mode 100644 index 00000000000..56f68544faa --- /dev/null +++ b/docs/tenat_crd.adoc @@ -0,0 +1,1108 @@ +// Generated documentation. Please do not edit. +:anchor_prefix: k8s-api + +[id="{p}-api-reference"] +== API Reference + +:minio-image: https://hub.docker.com/r/minio/minio/tags[minio/minio:RELEASE.2023-01-12T02-06-16Z] +:kes-image: https://hub.docker.com/r/minio/kes/tags[minio/kes:v0.18.0] +:prometheus-image: https://quay.io/prometheus/prometheus:latest[prometheus/prometheus:latest] +:logsearch-image: https://hub.docker.com/r/minio/operator/tags[minio/operator:v4.5.8] +:postgres-image: https://github.com/docker-library/postgres[library/postgres] + + +[id="{anchor_prefix}-minio-min-io-v2"] +=== minio.min.io/v2 + +Package v2 - This page provides a quick automatically generated reference for the MinIO Operator `minio.min.io/v2` CRD. For more complete documentation on the MinIO Operator CRD, see https://min.io/docs/minio/kubernetes/upstream/index.html[MinIO Kubernetes Documentation]. + + +The `minio.min.io/v2` API was released with the v4.0.0 MinIO Operator. The MinIO Operator automatically converts existing tenants using the `/v1` API to `/v2`. + + + + + +[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-auditconfig"] +==== AuditConfig + +AuditConfig defines configuration parameters for Audit (type) logs + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-logconfig[$$LogConfig$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description + +|*`diskCapacityGB`* __integer__ +|*Required* + + Specify the amount of storage to request in Gigabytes (GB) for storing audit logs. + +|=== + + +[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-bucket"] +==== Bucket + +Bucket describes the default created buckets + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantspec[$$TenantSpec$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description + +|*`name`* __string__ +| + +|*`region`* __string__ +| + +|*`objectLock`* __boolean__ +| + +|=== + + +[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-certificateconfig"] +==== CertificateConfig + +CertificateConfig (`certConfig`) defines controlling attributes associated to any TLS certificate automatically generated by the Operator as part of tenant creation. These fields have no effect if `spec.autoCert: false`. + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantspec[$$TenantSpec$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description + +|*`commonName`* __string__ +|*Optional* + + The `CommonName` or `CN` attribute to associate to automatically generated TLS certificates. + + +|*`organizationName`* __string array__ +|*Optional* + + Specify one or more `OrganizationName` or `O` attributes to associate to automatically generated TLS certificates. + + +|*`dnsNames`* __string array__ +|*Optional* + + Specify one or more x.509 Subject Alternative Names (SAN) to associate to automatically generated TLS certificates. MinIO Server pods use SNI to determine which certificate to respond with based on the requested hostname. + +|=== + + +[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-certificatestatus"] +==== CertificateStatus + +CertificateStatus keeps track of all the certificates managed by the operator + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantstatus[$$TenantStatus$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description + +|*`autoCertEnabled`* __boolean__ +|AutoCertEnabled registers whether we know if the tenant has autocert enabled + +|=== + + +[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-exposeservices"] +==== ExposeServices + +ExposeServices (`exposeServices`) defines the exposure of the MinIO object storage and Console services. + + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantspec[$$TenantSpec$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description + +|*`minio`* __boolean__ +|*Optional* + + Directs the Operator to expose the MinIO service. Defaults to `true`. + + +|*`console`* __boolean__ +|*Optional* + + Directs the Operator to expose the MinIO Console service. Defaults to `true`. + + +|=== + + +[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-features"] +==== Features + +Features (`features`) - Object describing which MinIO features to enable/disable in the MinIO Tenant. + + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantspec[$$TenantSpec$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description + +|*`bucketDNS`* __boolean__ +|*Optional* + + Specify `true` to allow clients to access buckets using the DNS path `.minio.default.svc.cluster.local`. Defaults to `false`. + +|*`domains`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantdomains[$$TenantDomains$$]__ +|*Optional* + + Specify a list of domains used to access MinIO and Console. + +|=== + + +[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-healthstatus"] +==== HealthStatus (string) + +HealthStatus represents whether the tenant is healthy, with decreased service or offline + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantstatus[$$TenantStatus$$] +**** + + + +[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-kesconfig"] +==== KESConfig + +KESConfig (`kes`) defines the configuration of the https://github.com/minio/kes[MinIO Key Encryption Service] (KES) StatefulSet deployed as part of the MinIO Tenant. KES supports Server-Side Encryption of objects using an external Key Management Service (KMS). + + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantspec[$$TenantSpec$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description + +|*`replicas`* __integer__ +|*Optional* + + Specify the number of replica KES pods to deploy in the tenant. Defaults to `2`. + +|*`image`* __string__ +|*Optional* + + The Docker image to use for deploying MinIO KES. Defaults to {kes-image}. + + +|*`imagePullPolicy`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#pullpolicy-v1-core[$$PullPolicy$$]__ +|*Optional* + + The pull policy for the MinIO Docker image. Specify one of the following: + + * `Always` + + * `Never` + + * `IfNotPresent` (Default) + + Refer to the Kubernetes documentation for details https://kubernetes.io/docs/concepts/containers/images#updating-images + +|*`serviceAccountName`* __string__ +|*Optional* + + The https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/[Kubernetes Service Account] to use for running MinIO KES pods created as part of the Tenant. + + +|*`kesSecret`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#localobjectreference-v1-core[$$LocalObjectReference$$]__ +|*Required* + + Specify a https://kubernetes.io/docs/concepts/configuration/secret/[Kubernetes opaque secret] which contains environment variables to use for setting up the MinIO KES service. + + See the https://github.com/minio/operator/blob/master/examples/kes-secret.yaml[MinIO Operator `console-secret.yaml`] for an example. + +|*`externalCertSecret`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-localcertificatereference[$$LocalCertificateReference$$]__ +|*Optional* + + Enables TLS with SNI support on each MinIO KES pod in the tenant. If `externalCertSecret` is omitted *and* `spec.requestAutoCert` is set to `false`, MinIO KES pods deploy *without* TLS enabled. + + Specify a https://kubernetes.io/docs/concepts/configuration/secret/[Kubernetes TLS secret]. The MinIO Operator copies the specified certificate to every MinIO pod in the tenant. When the MinIO pod/service responds to a TLS connection request, it uses SNI to select the certificate with matching `subjectAlternativeName`. + + Specify an object containing the following fields: + + * - `name` - The name of the Kubernetes secret containing the TLS certificate. + + * - `type` - Specify `kubernetes.io/tls` + + See the https://min.io/docs/minio/kubernetes/upstream/operations/install-deploy-manage/deploy-minio-tenant.html#procedure-command-line[MinIO Operator CRD] reference for examples and more complete documentation on configuring TLS for MinIO Tenants. + +|*`clientCertSecret`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-localcertificatereference[$$LocalCertificateReference$$]__ +|*Optional* + + Specify a a https://kubernetes.io/docs/concepts/configuration/secret/[Kubernetes TLS secret] containing a custom root Certificate Authority and x.509 certificate to use for performing mTLS authentication with an external Key Management Service, such as Hashicorp Vault. + + Specify an object containing the following fields: + + * - `name` - The name of the Kubernetes secret containing the Certificate Authority and x.509 Certificate. + + * - `type` - Specify `kubernetes.io/tls` + + +|*`annotations`* __object (keys:string, values:string)__ +|*Optional* + + If provided, use these annotations for KES Object Meta annotations + +|*`labels`* __object (keys:string, values:string)__ +|*Optional* + + If provided, use these labels for KES Object Meta labels + +|*`resources`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#resourcerequirements-v1-core[$$ResourceRequirements$$]__ +|*Optional* + + Object specification for specifying CPU and memory https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/[resource allocations] or limits in the MinIO tenant. + + +|*`nodeSelector`* __object (keys:string, values:string)__ +|*Optional* + + The filter for the Operator to apply when selecting which nodes on which to deploy MinIO KES pods. The Operator only selects those nodes whose labels match the specified selector. + + See the Kubernetes documentation on https://kubernetes.io/docs/concepts/configuration/assign-pod-node/[Assigning Pods to Nodes] for more information. + +|*`tolerations`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#toleration-v1-core[$$Toleration$$] array__ +|*Optional* + + Specify one or more https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/[Kubernetes tolerations] to apply to MinIO KES pods. + +|*`affinity`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#affinity-v1-core[$$Affinity$$]__ +|*Optional* + + Specify node affinity, pod affinity, and pod anti-affinity for the KES pods. + + +|*`topologySpreadConstraints`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#topologyspreadconstraint-v1-core[$$TopologySpreadConstraint$$] array__ +|*Optional* + + Specify one or more https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/[Kubernetes Topology Spread Constraints] to apply to pods deployed in the MinIO pool. + +|*`keyName`* __string__ +|*Optional* + + If provided, use this as the name of the key that KES creates on the KMS backend + +|*`securityContext`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podsecuritycontext-v1-core[$$PodSecurityContext$$]__ +|Specify the https://kubernetes.io/docs/tasks/configure-pod-container/security-context/[Security Context] of MinIO KES pods. The Operator supports only the following pod security fields: + + * `fsGroup` + + * `fsGroupChangePolicy` + + * `runAsGroup` + + * `runAsNonRoot` + + * `runAsUser` + + * `seLinuxOptions` + + +|*`env`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvar-v1-core[$$EnvVar$$] array__ +|*Optional* + + If provided, the MinIO Operator adds the specified environment variables when deploying the KES resource. + +|=== + + +[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-localcertificatereference"] +==== LocalCertificateReference + +LocalCertificateReference (`externalCertSecret`, `externalCaCertSecret`,`clientCertSecret`) contains a Kubernetes secret containing TLS certificates or Certificate Authority files for use with enabling TLS in the MinIO Tenant. + + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-kesconfig[$$KESConfig$$] +- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantspec[$$TenantSpec$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description + +|*`name`* __string__ +|*Required* + + The name of the Kubernetes secret containing the TLS certificate or Certificate Authority file. + + +|*`type`* __string__ +|*Required* + + The type of Kubernetes secret. Specify `kubernetes.io/tls` + + +|=== + + +[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-logconfig"] +==== LogConfig + +LogConfig (`log`) defines the configuration of the MinIO Log Search API deployed as part of the MinIO Tenant. The Operator deploys a PostgreSQL instance as part of the tenant to support storing and querying MinIO logs. + + If the tenant specification includes the `console` object, the Operator automatically configures and enables MinIO Log Search via the Console UI. + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantspec[$$TenantSpec$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description + +|*`image`* __string__ +|*Optional* + + The Docker image to use for deploying the MinIO Log Search API. Defaults to {logsearch-image}. + + +|*`resources`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#resourcerequirements-v1-core[$$ResourceRequirements$$]__ +|*Optional* + + Object specification for specifying CPU and memory https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/[resource allocations] or limits in the MinIO tenant. + + +|*`nodeSelector`* __object (keys:string, values:string)__ +|*Optional* + + The filter for the Operator to apply when selecting which nodes on which to deploy MinIO Log Search API pods. The Operator only selects those nodes whose labels match the specified selector. + + See the Kubernetes documentation on https://kubernetes.io/docs/concepts/configuration/assign-pod-node/[Assigning Pods to Nodes] for more information. + +|*`affinity`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#affinity-v1-core[$$Affinity$$]__ +|*Optional* + + Specify node affinity, pod affinity, and pod anti-affinity for LogSearch API pods. + + +|*`tolerations`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#toleration-v1-core[$$Toleration$$] array__ +|*Optional* + + Specify one or more https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/[Kubernetes tolerations] to apply to MinIO Log Search API pods. + +|*`topologySpreadConstraints`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#topologyspreadconstraint-v1-core[$$TopologySpreadConstraint$$] array__ +|*Optional* + + Specify one or more https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/[Kubernetes Topology Spread Constraints] to apply to pods deployed in the MinIO pool. + +|*`annotations`* __object (keys:string, values:string)__ +|*Optional* + + If provided, use these annotations for Log Search Object Meta annotations + +|*`labels`* __object (keys:string, values:string)__ +|*Optional* + + If provided, use these labels for Log Search Object Meta labels + +|*`db`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-logdbconfig[$$LogDbConfig$$]__ +|*Optional* + + Object specification for configuring the backing PostgreSQL database for the LogSearch API. + + +|*`audit`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-auditconfig[$$AuditConfig$$]__ +|*Required* + + Object specification for configuring LogSearch API. + +|*`securityContext`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podsecuritycontext-v1-core[$$PodSecurityContext$$]__ +|*Optional* + + Specify the https://kubernetes.io/docs/tasks/configure-pod-container/security-context/[Security Context] of pods deployed as part of the Log Search API. The Operator supports only the following pod security fields: + + * `fsGroup` + + * `fsGroupChangePolicy` + + * `runAsGroup` + + * `runAsNonRoot` + + * `runAsUser` + + * `seLinuxOptions` + + +|*`serviceAccountName`* __string__ +|*Optional* + + The https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/[Kubernetes Service Account] to use for running MinIO KES pods created as part of the Tenant. + + +|*`env`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvar-v1-core[$$EnvVar$$] array__ +|*Optional* + + If provided, the MinIO Operator adds the specified environment variables when deploying the Log Search API resource. + +|=== + + +[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-logdbconfig"] +==== LogDbConfig + +LogDbConfig (`db`) defines the configuration of the PostgreSQL StatefulSet deployed to support the MinIO LogSearch API. + + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-logconfig[$$LogConfig$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description + +|*`image`* __string__ +|*Optional* + + The Docker image to use for deploying PostgreSQL. Defaults to {postgres-image}. + + +|*`initimage`* __string__ +|*Optional* + + Defines the Docker image to use as the init container for running the postgres server. Defaults to `busybox`. + + The specified Docker image *must* be the https://hub.docker.com/_/busybox[`busybox`] package. + + +|*`volumeClaimTemplate`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#persistentvolumeclaim-v1-core[$$PersistentVolumeClaim$$]__ +|*Optional* + + Specify the configuration options for the MinIO Operator to use when generating Persistent Volume Claims for the PostgreSQL pod. + + +|*`resources`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#resourcerequirements-v1-core[$$ResourceRequirements$$]__ +|*Optional* + + Object specification for specifying CPU and memory https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/[resource allocations] or limits for the PostgreSQL pod. + +|*`nodeSelector`* __object (keys:string, values:string)__ +|*Optional* + + The filter for the Operator to apply when selecting which nodes on which to deploy the PostgreSQL pod. The Operator only selects those nodes whose labels match the specified selector. + + See the Kubernetes documentation on https://kubernetes.io/docs/concepts/configuration/assign-pod-node/[Assigning Pods to Nodes] for more information. + +|*`affinity`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#affinity-v1-core[$$Affinity$$]__ +|*Optional* + + Specify node affinity, pod affinity, and pod anti-affinity for the PostgreSQL pods. + + +|*`tolerations`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#toleration-v1-core[$$Toleration$$] array__ +|*Optional* + + Specify one or more https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/[Kubernetes tolerations] to apply to the PostgreSQL pods. + +|*`topologySpreadConstraints`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#topologyspreadconstraint-v1-core[$$TopologySpreadConstraint$$] array__ +|*Optional* + + Specify one or more https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/[Kubernetes Topology Spread Constraints] to apply to pods deployed in the MinIO pool. + +|*`annotations`* __object (keys:string, values:string)__ +|*Optional* + + If provided, use these annotations for PostgreSQL Object Meta annotations + +|*`labels`* __object (keys:string, values:string)__ +|*Optional* + + If provided, use these labels for PostgreSQL Object Meta labels + +|*`securityContext`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podsecuritycontext-v1-core[$$PodSecurityContext$$]__ +|*Optional* + + Specify the https://kubernetes.io/docs/tasks/configure-pod-container/security-context/[Security Context] of the PostgreSQL pods. The Operator supports only the following pod security fields: + + * `fsGroup` + + * `fsGroupChangePolicy` + + * `runAsGroup` + + * `runAsNonRoot` + + * `runAsUser` + + * `seLinuxOptions` + + +|*`serviceAccountName`* __string__ +|*Optional* + + The https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/[Kubernetes Service Account] to use for running MinIO KES pods created as part of the Tenant. + + +|*`env`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvar-v1-core[$$EnvVar$$] array__ +|*Optional* + + If provided, the MinIO Operator adds the specified environment variables when deploying the Postgres resource. + +|=== + + +[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-logging"] +==== Logging + +Logging describes Logging for MinIO tenants. + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantspec[$$TenantSpec$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description + +|*`json`* __boolean__ +| + +|*`anonymous`* __boolean__ +| + +|*`quiet`* __boolean__ +| + +|=== + + +[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-pool"] +==== Pool + +Pool (`pools`) defines a MinIO server pool on a Tenant. Each pool consists of a set of MinIO server pods which "pool" their storage resources for supporting object storage and retrieval requests. Each server pool is independent of all others and supports horizontal scaling of available storage resources in the MinIO Tenant. + + See the https://min.io/docs/minio/kubernetes/upstream/operations/install-deploy-manage/deploy-minio-tenant.html#procedure-command-line[MinIO Operator CRD] reference for the `pools` object for examples and more complete documentation. + + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantspec[$$TenantSpec$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description + +|*`name`* __string__ +|*Optional* + + Specify the name of the pool. The Operator automatically generates the pool name if this field is omitted. + +|*`servers`* __integer__ +|*Required* + The number of MinIO server pods to deploy in the pool. The minimum value is `2`. + The MinIO Operator requires a minimum of `4` volumes per pool. Specifically, the result of `pools.servers X pools.volumesPerServer` must be greater than `4`. + + +|*`volumesPerServer`* __integer__ +|*Required* + + The number of Persistent Volume Claims to generate for each MinIO server pod in the pool. + + The MinIO Operator requires a minimum of `4` volumes per pool. Specifically, the result of `pools.servers X pools.volumesPerServer` must be greater than `4`. + + +|*`volumeClaimTemplate`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#persistentvolumeclaim-v1-core[$$PersistentVolumeClaim$$]__ +|*Required* + + Specify the configuration options for the MinIO Operator to use when generating Persistent Volume Claims for the MinIO tenant. + + +|*`resources`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#resourcerequirements-v1-core[$$ResourceRequirements$$]__ +|*Optional* + + Object specification for specifying CPU and memory https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/[resource allocations] or limits in the MinIO tenant. + + +|*`nodeSelector`* __object (keys:string, values:string)__ +|*Optional* + + The filter for the Operator to apply when selecting which nodes on which to deploy pods in the pool. The Operator only selects those nodes whose labels match the specified selector. + + See the Kubernetes documentation on https://kubernetes.io/docs/concepts/configuration/assign-pod-node/[Assigning Pods to Nodes] for more information. + +|*`affinity`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#affinity-v1-core[$$Affinity$$]__ +|*Optional* + + Specify node affinity, pod affinity, and pod anti-affinity for pods in the MinIO pool. + + +|*`tolerations`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#toleration-v1-core[$$Toleration$$] array__ +|*Optional* + + Specify one or more https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/[Kubernetes tolerations] to apply to pods deployed in the MinIO pool. + +|*`topologySpreadConstraints`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#topologyspreadconstraint-v1-core[$$TopologySpreadConstraint$$] array__ +|*Optional* + + Specify one or more https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/[Kubernetes Topology Spread Constraints] to apply to pods deployed in the MinIO pool. + +|*`securityContext`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podsecuritycontext-v1-core[$$PodSecurityContext$$]__ +|*Optional* + + Specify the https://kubernetes.io/docs/tasks/configure-pod-container/security-context/[Security Context] of pods in the pool. The Operator supports only the following pod security fields: + + * `fsGroup` + + * `fsGroupChangePolicy` + + * `runAsGroup` + + * `runAsNonRoot` + + * `runAsUser` + + +|*`containerSecurityContext`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#securitycontext-v1-core[$$SecurityContext$$]__ +|Specify the https://kubernetes.io/docs/tasks/configure-pod-container/security-context/[Security Context] of containers in the pool. The Operator supports only the following container security fields: + + * `runAsGroup` + + * `runAsNonRoot` + + * `runAsUser` + + +|*`annotations`* __object (keys:string, values:string)__ +|*Optional* + + Specify custom labels and annotations to append to the Pool. *Optional* + + If provided, use these annotations for the Pool Objects Meta annotations (Statefulset and Pod template) + +|*`labels`* __object (keys:string, values:string)__ +|*Optional* + + If provided, use these labels for the Pool Objects Meta annotations (Statefulset and Pod template) + +|*`runtimeClassName`* __string__ +|*Optional* + + If provided, each pod on the Statefulset will run with the specified RuntimeClassName, for more info https://kubernetes.io/docs/concepts/containers/runtime-class/ + +|=== + + +[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-poolstate"] +==== PoolState (string) + +PoolState represents the state of a pool + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-poolstatus[$$PoolStatus$$] +**** + + + +[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-poolstatus"] +==== PoolStatus + +PoolStatus keeps track of all the pools and their current state + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantstatus[$$TenantStatus$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description + +|*`ssName`* __string__ +| + +|*`state`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-poolstate[$$PoolState$$]__ +| + +|*`legacySecurityContext`* __boolean__ +|LegacySecurityContext stands for Legacy SecurityContext. It represents that these pool was created before v4.2.3 when we introduced the default securityContext as non-root, thus we should keep running this Pool without a Security Context + +|=== + + +[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-prometheusconfig"] +==== PrometheusConfig + +PrometheusConfig (`prometheus`) defines the configuration of a Prometheus instance as part of the MinIO tenant. The Operator automatically configures the Prometheus instance to scrape and store metrics from the MinIO tenant. + + The Operator deploys each Prometheus pod using the {prometheus-image} Docker image. + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantspec[$$TenantSpec$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description + +|*`image`* __string__ +|*Optional* + + Defines the Docker image to use for deploying Prometheus pods. Defaults to {prometheus-image}. + + +|*`sidecarimage`* __string__ +|*Optional* + + *Deprecated in Operator v4.0.1* + + Defines the Docker image to use as a sidecar for the Prometheus server. Defaults to `alpine`. + + The specified Docker image *must* be the https://hub.docker.com/_/alpine[`alpine`] package. + + +|*`initimage`* __string__ +|*Optional* + + *Deprecated in Operator v4.0.1* + + Defines the Docker image to use as the init container for running the Prometheus server. Defaults to `busybox`. + + The specified Docker image *must* be the https://hub.docker.com/_/busybox[`busybox`] package. + + +|*`diskCapacityGB`* __integer__ +|*Optional* + + Specify the amount of storage to request in Gigabytes (GB) for supporting the Prometheus pod. + +|*`storageClassName`* __string__ +|*Optional* + + Specify the storage class for the PVC to support the Prometheus pod. + +|*`annotations`* __object (keys:string, values:string)__ +|*Optional* + + If provided, use these annotations for Prometheus Object Meta annotations + +|*`labels`* __object (keys:string, values:string)__ +|*Optional* + + If provided, use these labels for Prometheus Object Meta labels + +|*`nodeSelector`* __object (keys:string, values:string)__ +|*Optional* + + The filter for the Operator to apply when selecting which nodes on which to deploy the Prometheus pod. The Operator only selects those nodes whose labels match the specified selector. + + See the Kubernetes documentation on https://kubernetes.io/docs/concepts/configuration/assign-pod-node/[Assigning Pods to Nodes] for more information. + +|*`affinity`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#affinity-v1-core[$$Affinity$$]__ +|*Optional* + + Specify node affinity, pod affinity, and pod anti-affinity for the Prometheus pods. + + +|*`tolerations`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#toleration-v1-core[$$Toleration$$] array__ +|*Optional* + + Specify one or more https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/[Kubernetes tolerations] to apply to the Prometheus pods. + +|*`topologySpreadConstraints`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#topologyspreadconstraint-v1-core[$$TopologySpreadConstraint$$] array__ +|*Optional* + + Specify one or more https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/[Kubernetes Topology Spread Constraints] to apply to pods deployed in the MinIO pool. + +|*`resources`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#resourcerequirements-v1-core[$$ResourceRequirements$$]__ +|*Optional* + + Object specification for specifying CPU and memory https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/[resource allocations] or limits of the Prometheus pod. + + +|*`securityContext`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podsecuritycontext-v1-core[$$PodSecurityContext$$]__ +|*Optional* + + Specify the https://kubernetes.io/docs/tasks/configure-pod-container/security-context/[Security Context] of the Prometheus pod. The Operator supports only the following pod security fields: + + * `fsGroup` + + * `fsGroupChangePolicy` + + * `runAsGroup` + + * `runAsNonRoot` + + * `runAsUser` + + * `seLinuxOptions` + + +|*`serviceAccountName`* __string__ +|*Optional* + + The https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/[Kubernetes Service Account] to use for running MinIO KES pods created as part of the Tenant. + + +|*`env`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvar-v1-core[$$EnvVar$$] array__ +|*Optional* + + If provided, the MinIO Operator adds the specified environment variables when deploying the Prometheus resource. + +|=== + + +[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-s3features"] +==== S3Features + +S3Features (`s3`) - Object describing which MinIO features to enable/disable in the MinIO Tenant. + *Deprecated in Operator v4.3.2* + + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantspec[$$TenantSpec$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description + +|*`bucketDNS`* __boolean__ +|*Optional* + + Specify `true` to allow clients to access buckets using the DNS path `.minio.default.svc.cluster.local`. Defaults to `false`. + +|=== + + +[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-servicemetadata"] +==== ServiceMetadata + +ServiceMetadata (`serviceMetadata`) defines custom labels and annotations for the MinIO Object Storage service and/or MinIO Console service. + + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantspec[$$TenantSpec$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description + +|*`minioServiceLabels`* __object (keys:string, values:string)__ +|*Optional* + + If provided, append these labels to the MinIO service + +|*`minioServiceAnnotations`* __object (keys:string, values:string)__ +|*Optional* + + If provided, append these annotations to the MinIO service + +|*`consoleServiceLabels`* __object (keys:string, values:string)__ +|*Optional* + + If provided, append these labels to the Console service + +|*`consoleServiceAnnotations`* __object (keys:string, values:string)__ +|*Optional* + + If provided, append these annotations to the Console service + +|=== + + +[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-sidecars"] +==== SideCars + +SideCars (`sidecars`) defines a list of containers that the Operator attaches to each MinIO server pods in the `pool`. + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantspec[$$TenantSpec$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description + +|*`containers`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#container-v1-core[$$Container$$] array__ +|*Optional* + + List of containers to run inside the Pod + +|*`volumeClaimTemplates`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#persistentvolumeclaim-v1-core[$$PersistentVolumeClaim$$] array__ +|*Optional* + + volumeClaimTemplates is a list of claims that pods are allowed to reference. The StatefulSet controller is responsible for mapping network identities to claims in a way that maintains the identity of a pod. Every claim in this list must have at least one matching (by name) volumeMount in one container in the template. A claim in this list takes precedence over any volumes in the template, with the same name. + +|*`volumes`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#volume-v1-core[$$Volume$$] array__ +|*Optional* + + List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes + +|=== + + +[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenant"] +==== Tenant + +Tenant is a https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/[Kubernetes object] describing a MinIO Tenant. + + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantlist[$$TenantList$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description + +|*`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#objectmeta-v1-meta[$$ObjectMeta$$]__ +|Refer to Kubernetes API documentation for fields of `metadata`. + + +|*`scheduler`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantscheduler[$$TenantScheduler$$]__ +| + +|*`spec`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantspec[$$TenantSpec$$]__ +|*Required* + + The root field for the MinIO Tenant object. + +|=== + + +[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantdomains"] +==== TenantDomains + +TenantDomains (`domains`) - List of domains used to access the tenant from outside the kubernetes clusters. this will only configure MinIO for the domains listed, but external DNS configuration is still needed. The listed domains should include schema and port if any is used, i.e. https://minio.domain.com:8123 + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-features[$$Features$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description + +|*`minio`* __string array__ +|List of Domains used by MinIO. This will enable DNS style access to the object store where the bucket name is inferred from a subdomain in the domain. + +|*`console`* __string__ +|Domain used to expose the MinIO Console, this will configure the redirect on MinIO when visiting from the browser If Console is exposed via a subpath, the domain should include it, i.e. https://console.domain.com:8123/subpath/ + +|=== + + + + +[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantscheduler"] +==== TenantScheduler + +TenantScheduler (`scheduler`) - Object describing Kubernetes Scheduler to use for deploying the MinIO Tenant. + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenant[$$Tenant$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description + +|*`name`* __string__ +|*Optional* + + Specify the name of the https://kubernetes.io/docs/concepts/scheduling-eviction/kube-scheduler/[Kubernetes scheduler] to be used to schedule Tenant pods + +|=== + + +[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantspec"] +==== TenantSpec + +TenantSpec (`spec`) defines the configuration of a MinIO Tenant object. + + The following parameters are specific to the `minio.min.io/v2` MinIO CRD API `spec` definition added as part of the MinIO Operator v4.0.0. + + For more complete documentation on this object, see the https://min.io/docs/minio/kubernetes/upstream/operations/installation.html[MinIO Kubernetes Documentation]. + + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenant[$$Tenant$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description + +|*`pools`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-pool[$$Pool$$] array__ +|*Required* + + An array of objects describing each MinIO server pool deployed in the MinIO Tenant. Each pool consists of a set of MinIO server pods which "pool" their storage resources for supporting object storage and retrieval requests. Each server pool is independent of all others and supports horizontal scaling of available storage resources in the MinIO Tenant. + + The MinIO Tenant `spec` *must have* at least *one* element in the `pools` array. + + See the https://min.io/docs/minio/kubernetes/upstream/operations/install-deploy-manage/deploy-minio-tenant.html[MinIO Operator CRD] reference for the `pools` object for examples and more complete documentation. + +|*`image`* __string__ +|*Optional* + + The Docker image to use when deploying `minio` server pods. Defaults to {minio-image}. + + +|*`imagePullSecret`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#localobjectreference-v1-core[$$LocalObjectReference$$]__ +|*Optional* + + Specify the secret key to use for pulling images from a private Docker repository. + + +|*`podManagementPolicy`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podmanagementpolicytype-v1-apps[$$PodManagementPolicyType$$]__ +|*Optional* + + Pod Management Policy for pod created by StatefulSet + +|*`credsSecret`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#localobjectreference-v1-core[$$LocalObjectReference$$]__ +|*optional* + + Specify a https://kubernetes.io/docs/concepts/configuration/secret/[Kubernetes opaque secret] to use for setting the MinIO root access key and secret key. Specify the secret as `name: `. The Kubernetes secret must contain the following fields: + + * `data.accesskey` - The access key for the root credentials + + * `data.secretkey` - The secret key for the root credentials + + +|*`env`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvar-v1-core[$$EnvVar$$] array__ +|*Optional* + + If provided, the MinIO Operator adds the specified environment variables when deploying the Tenant resource. + +|*`externalCertSecret`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-localcertificatereference[$$LocalCertificateReference$$] array__ +|*Optional* + + Enables TLS with SNI support on each MinIO pod in the tenant. If `externalCertSecret` is omitted *and* `requestAutoCert` is set to `false`, the MinIO Tenant deploys *without* TLS enabled. + + Specify an array of https://kubernetes.io/docs/concepts/configuration/secret/[Kubernetes TLS secrets]. The MinIO Operator copies the specified certificates to every MinIO server pod in the tenant. When the MinIO pod/service responds to a TLS connection request, it uses SNI to select the certificate with matching `subjectAlternativeName`. + + Each element in the `externalCertSecret` array is an object containing the following fields: + + * - `name` - The name of the Kubernetes secret containing the TLS certificate. + + * - `type` - Specify `kubernetes.io/tls` + + See the https://min.io/docs/minio/kubernetes/upstream/operations/install-deploy-manage/deploy-minio-tenant.html#create-tenant-security-section[MinIO Operator CRD] reference for examples and more complete documentation on configuring TLS for MinIO Tenants. + +|*`externalCaCertSecret`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-localcertificatereference[$$LocalCertificateReference$$] array__ +|*Optional* + + Allows MinIO server pods to verify client TLS certificates signed by a Certificate Authority not in the pod's trust store. + + Specify an array of https://kubernetes.io/docs/concepts/configuration/secret/[Kubernetes TLS secrets]. The MinIO Operator copies the specified certificates to every MinIO server pod in the tenant. + + Each element in the `externalCertSecret` array is an object containing the following fields: + + * - `name` - The name of the Kubernetes secret containing the Certificate Authority. + + * - `type` - Specify `kubernetes.io/tls`. + + See the https://min.io/docs/minio/kubernetes/upstream/operations/install-deploy-manage/deploy-minio-tenant.html#create-tenant-security-section[MinIO Operator CRD] reference for examples and more complete documentation on configuring TLS for MinIO Tenants. + +|*`externalClientCertSecret`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-localcertificatereference[$$LocalCertificateReference$$]__ +|*Optional* + + Enables mTLS authentication between the MinIO Tenant pods and https://github.com/minio/kes[MinIO KES]. *Required* for enabling connectivity between the MinIO Tenant and MinIO KES. + + Specify a https://kubernetes.io/docs/concepts/configuration/secret/[Kubernetes TLS secrets]. The MinIO Operator copies the specified certificate to every MinIO server pod in the tenant. The secret *must* contain the following fields: + + * `name` - The name of the Kubernetes secret containing the TLS certificate. + + * `type` - Specify `kubernetes.io/tls` + + The specified certificate *must* correspond to an identity on the KES server. See the https://github.com/minio/kes/wiki/Configuration#policy-configuration[KES Wiki] for more information on KES identities. + + If deploying KES with the MinIO Operator, include the hash of the certificate as part of the <> object specification. + + See the https://min.io/docs/minio/kubernetes/upstream/operations/install-deploy-manage/deploy-minio-tenant.html#create-tenant-security-section[MinIO Operator CRD] reference for examples and more complete documentation on configuring TLS for MinIO Tenants. + +|*`externalClientCertSecrets`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-localcertificatereference[$$LocalCertificateReference$$] array__ +|*Optional* + + Provide support for mounting additional client certificate into MinIO Tenant pods Multiple client certificates will be mounted using the following folder structure: + certs | | + client.crt | + client.key | + client.crt | + client.key | + client.crt | + client.key + Specify a https://kubernetes.io/docs/concepts/configuration/secret/[Kubernetes TLS secrets]. The MinIO Operator copies the specified certificate to every MinIO server pod in the tenant that later can be referenced using environment variables. The secret *must* contain the following fields: + + * `name` - The name of the Kubernetes secret containing the TLS certificate. + + * `type` - Specify `kubernetes.io/tls` + + +|*`mountPath`* __string__ +|*Optional* + + Mount path for MinIO volume (PV). Defaults to `/export` + +|*`subPath`* __string__ +|*Optional* + + Subpath inside mount path. This is the directory where MinIO stores data. Default to `""`` (empty) + +|*`requestAutoCert`* __boolean__ +|*Optional* + + Enables using https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/[Kubernetes-based TLS certificate generation] and signing for pods and services in the MinIO Tenant. + + * Specify `true` to explicitly enable automatic certificate generate (Default). + + * Specify `false` to disable automatic certificate generation. + + If `requestAutoCert` is set to `false` *and* `externalCertSecret` is omitted, the MinIO Tenant deploys *without* TLS enabled. + See the https://min.io/docs/minio/kubernetes/upstream/operations/install-deploy-manage/deploy-minio-tenant.html#create-tenant-security-section[MinIO Operator CRD] reference for examples and more complete documentation on configuring TLS for MinIO Tenants. + +|*`liveness`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#probe-v1-core[$$Probe$$]__ +|Liveness Probe for container liveness. Container will be restarted if the probe fails. + +|*`readiness`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#probe-v1-core[$$Probe$$]__ +|Readiness Probe for container readiness. Container will be removed from service endpoints if the probe fails. + +|*`startup`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#probe-v1-core[$$Probe$$]__ +|Startup Probe allows to configure a max grace period for a pod to start before getting traffic routed to it. + +|*`s3`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-s3features[$$S3Features$$]__ +|*Optional* + *Deprecated in Operator v4.3.2* + + S3 related features can be disabled or enabled such as `bucketDNS` etc. + +|*`features`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-features[$$Features$$]__ +|S3 related features can be disabled or enabled such as `bucketDNS` etc. + +|*`certConfig`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-certificateconfig[$$CertificateConfig$$]__ +|*Optional* + + Enables setting the `CommonName`, `Organization`, and `dnsName` attributes for all TLS certificates automatically generated by the Operator. Configuring this object has no effect if `requestAutoCert` is `false`. + + +|*`kes`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-kesconfig[$$KESConfig$$]__ +|*Optional* + + Directs the MinIO Operator to deploy the https://github.com/minio/kes[MinIO Key Encryption Service] (KES) using the specified configuration. The MinIO KES supports performing server-side encryption of objects on the MiNIO Tenant. + + +|*`log`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-logconfig[$$LogConfig$$]__ +|*Optional* + + Directs the MinIO Operator to deploy and configure the MinIO Log Search API. The Operator deploys a PostgreSQL instance as part of the tenant to support storing and querying MinIO logs. + + If the tenant spec includes the `log` configuration, the Operator automatically configures and enables MinIO log search via the Console UI. + + +|*`prometheus`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-prometheusconfig[$$PrometheusConfig$$]__ +|*Optional* + + Directs the MinIO Operator to deploy and configure Prometheus for collecting tenant metrics. + + For example, `minio..svc../minio/v2/metrics/cluster`. The specific DNS name for the service depends on your Kubernetes cluster configuration. See the Kubernetes documentation on https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/[DNS for Services and Pods] for more information. + +|*`prometheusOperator`* __boolean__ +|*Optional* + + Directs the MinIO Operator to use prometheus operator. + + Tenant scrape configuration will be added to prometheus managed by the prometheus-operator. + +|*`serviceAccountName`* __string__ +|*Optional* + + The https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/[Kubernetes Service Account] to use for running MinIO pods created as part of the Tenant. + + +|*`priorityClassName`* __string__ +|*Optional* + + Indicates the Pod priority and therefore importance of a Pod relative to other Pods in the cluster. This is applied to MinIO pods only. + + Refer Kubernetes https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass[Priority Class documentation] for more complete documentation. + +|*`imagePullPolicy`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#pullpolicy-v1-core[$$PullPolicy$$]__ +|*Optional* + + The pull policy for the MinIO Docker image. Specify one of the following: + + * `Always` + + * `Never` + + * `IfNotPresent` (Default) + + Refer Kubernetes documentation for details https://kubernetes.io/docs/concepts/containers/images#updating-images + +|*`sideCars`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-sidecars[$$SideCars$$]__ +|*Optional* + + A list of containers to run as sidecars along every MinIO Pod deployed in the tenant. + +|*`exposeServices`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-exposeservices[$$ExposeServices$$]__ +|*Optional* + + Directs the Operator to expose the MinIO and/or Console services. + + +|*`serviceMetadata`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-servicemetadata[$$ServiceMetadata$$]__ +|*Optional* + + Specify custom labels and annotations to append to the MinIO service and/or Console service. + +|*`users`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#localobjectreference-v1-core[$$LocalObjectReference$$] array__ +|*Optional* + + An array of https://kubernetes.io/docs/concepts/configuration/secret/[Kubernetes opaque secrets] to use for generating MinIO users during tenant provisioning. + + Each element in the array is an object consisting of a key-value pair `name: `, where the `` references an opaque Kubernetes secret. + + Each referenced Kubernetes secret must include the following fields: + + * `CONSOLE_ACCESS_KEY` - The "Username" for the MinIO user + + * `CONSOLE_SECRET_KEY` - The "Password" for the MinIO user + + The Operator creates each user with the `consoleAdmin` policy by default. You can change the assigned policy after the Tenant starts. + + +|*`buckets`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-bucket[$$Bucket$$] array__ +|*Optional* + + Create buckets when creating a new tenant. Skip if bucket with given name already exists + +|*`logging`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-logging[$$Logging$$]__ +|*Optional* + + Enable JSON, Anonymous logging for MinIO tenants. + +|*`configuration`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#localobjectreference-v1-core[$$LocalObjectReference$$]__ +|*Optional* + + Specify a secret that contains additional environment variable configurations to be used for the MinIO pools. The secret is expected to have a key named config.env containing all exported environment variables for MinIO+ + +|=== + + + + +[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantusage"] +==== TenantUsage + +TenantUsage are metrics regarding the usage and capacity of the tenant + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantstatus[$$TenantStatus$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description + +|*`capacity`* __integer__ +|Capacity the usage capacity of this tenant in bytes. + +|*`rawCapacity`* __integer__ +|Capacity the raw capacity of this tenant in bytes. + +|*`usage`* __integer__ +|Usage is how much data is managed by MinIO in bytes. + +|*`rawUsage`* __integer__ +|Usage is the raw usage on disks in bytes. + +|*`tiers`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tierusage[$$TierUsage$$] array__ +|Tiers includes the usage of individual tiers in the tenant + +|=== + + +[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tierusage"] +==== TierUsage + +TierUsage represents the usage from a tier setup by the tenant + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantusage[$$TenantUsage$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description + +|*`Name`* __string__ +|Name of the tier + +|*`Type`* __string__ +|type of the tier + +|*`totalSize`* __integer__ +|TotalSize usage of the tier + +|=== + + diff --git a/examples/kustomization/base/tenant.yaml b/examples/kustomization/base/tenant.yaml index 8b4586e52ed..8cd8ca24ddb 100644 --- a/examples/kustomization/base/tenant.yaml +++ b/examples/kustomization/base/tenant.yaml @@ -228,53 +228,54 @@ spec: # prometheusOperator: # labels: # app: minio-sm + ## Audit Logs will be deprecated soon, commenting out for now!. ## LogSearch API setup for MinIO Tenant. - log: - image: "" # defaults to minio/operator:v4.5.8 - env: [ ] - resources: { } - nodeSelector: { } - affinity: - nodeAffinity: { } - podAffinity: { } - podAntiAffinity: { } - tolerations: [ ] - annotations: { } - labels: { } - audit: - diskCapacityGB: 1 - ## Postgres setup for LogSearch API - db: - image: "" # defaults to library/postgres - env: [ ] - initimage: "" # defaults to busybox:1.33.1 - volumeClaimTemplate: - metadata: { } - spec: - storageClassName: standard - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - resources: { } - nodeSelector: { } - affinity: - nodeAffinity: { } - podAffinity: { } - podAntiAffinity: { } - tolerations: [ ] - annotations: { } - labels: { } - serviceAccountName: "" - securityContext: - runAsUser: 999 - runAsGroup: 999 - runAsNonRoot: true - fsGroup: 999 - serviceAccountName: "" - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - runAsNonRoot: true - fsGroup: 1000 + # log: + # image: "" # defaults to minio/operator:v4.5.8 + # env: [ ] + # resources: { } + # nodeSelector: { } + # affinity: + # nodeAffinity: { } + # podAffinity: { } + # podAntiAffinity: { } + # tolerations: [ ] + # annotations: { } + # labels: { } + # audit: + # diskCapacityGB: 1 + # ## Postgres setup for LogSearch API + # db: + # image: "" # defaults to library/postgres + # env: [ ] + # initimage: "" # defaults to busybox:1.33.1 + # volumeClaimTemplate: + # metadata: { } + # spec: + # storageClassName: standard + # accessModes: + # - ReadWriteOnce + # resources: + # requests: + # storage: 1Gi + # resources: { } + # nodeSelector: { } + # affinity: + # nodeAffinity: { } + # podAffinity: { } + # podAntiAffinity: { } + # tolerations: [ ] + # annotations: { } + # labels: { } + # serviceAccountName: "" + # securityContext: + # runAsUser: 999 + # runAsGroup: 999 + # runAsNonRoot: true + # fsGroup: 999 + # serviceAccountName: "" + # securityContext: + # runAsUser: 1000 + # runAsGroup: 1000 + # runAsNonRoot: true + # fsGroup: 1000 diff --git a/examples/kustomization/tenant-PolicyBinding/kustomization.yaml b/examples/kustomization/tenant-PolicyBinding/kustomization.yaml new file mode 100644 index 00000000000..e0dd615154a --- /dev/null +++ b/examples/kustomization/tenant-PolicyBinding/kustomization.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base +namespace: tenant-PolicyBinding +patchesStrategicMerge: + - tenant.yaml +patchesJson6902: + - target: + group: minio.min.io + version: v2 + kind: Tenant + name: storage + path: tenantNamePatch.yaml \ No newline at end of file diff --git a/examples/kustomization/tenant-PolicyBinding/policy-binded-client.yaml b/examples/kustomization/tenant-PolicyBinding/policy-binded-client.yaml new file mode 100644 index 00000000000..0005388491c --- /dev/null +++ b/examples/kustomization/tenant-PolicyBinding/policy-binded-client.yaml @@ -0,0 +1,37 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: gosdk +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: gosdk + name: goapp +--- +apiVersion: sts.min.io/v1beta1 +kind: PolicyBinding +metadata: + name: binding-1 + namespace: minio-tenant-1 +spec: + application: + namespace: gosdk + serviceaccount: goapp + policies: + - test-bucket-rw +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: go-example + namespace: gosdk +spec: + backoffLimit: 5 + template: + spec: + restartPolicy: OnFailure + serviceAccountName: goapp + containers: + - name: go-sdk + image: pjuarezd/minio-operator-sts-example:go diff --git a/examples/kustomization/tenant-PolicyBinding/setup-bucket.yaml b/examples/kustomization/tenant-PolicyBinding/setup-bucket.yaml new file mode 100644 index 00000000000..c510fd29514 --- /dev/null +++ b/examples/kustomization/tenant-PolicyBinding/setup-bucket.yaml @@ -0,0 +1,65 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: start-config-script + namespace: minio-tenant-1 +data: + setup.sh: | + #!/bin/bash + mc mb local/test-bucket + mc admin policy add local test-bucket-rw /start-config/bucket-policy.json + mc admin user add local bucket-user bucket-user + mc admin policy set local test-bucket-rw user=bucket-user + bucket-policy.json: | + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "s3:*" + ], + "Resource": [ + "arn:aws:s3:::test-bucket", + "arn:aws:s3:::test-bucket/*" + ] + } + ] + } + +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: setup-bucket + namespace: minio-tenant-1 +spec: + backoffLimit: 1 + template: + spec: + restartPolicy: OnFailure + volumes: + - name: start-config + configMap: + name: start-config-script + defaultMode: 0744 + containers: + - name: mc + image: minio/mc + command: ["/start-config/setup.sh"] + volumeMounts: + - name: start-config + mountPath: /start-config/ + env: + - name: ACCESS_KEY + valueFrom: + secretKeyRef: + name: minio-tenant-1-user-0 + key: CONSOLE_ACCESS_KEY + - name: SECRET_KEY + valueFrom: + secretKeyRef: + name: minio-tenant-1-user-0 + key: CONSOLE_SECRET_KEY + - name: MC_HOST_local + value: https://$(ACCESS_KEY):$(SECRET_KEY)@minio.minio-tenant-1.svc.cluster.local diff --git a/examples/kustomization/tenant-PolicyBinding/tenant.yaml b/examples/kustomization/tenant-PolicyBinding/tenant.yaml new file mode 100644 index 00000000000..6615726a688 --- /dev/null +++ b/examples/kustomization/tenant-PolicyBinding/tenant.yaml @@ -0,0 +1,26 @@ +apiVersion: minio.min.io/v2 +kind: Tenant +metadata: + name: storage + namespace: minio-tenant-1 +spec: + ## Specification for MinIO Pool(s) in this Tenant. + pools: + ## Servers specifies the number of MinIO Tenant Pods / Servers in this pool. + ## For standalone mode, supply 1. For distributed mode, supply 4 or more. + ## Note that the operator does not support upgrading from standalone to distributed mode. + - servers: 4 + ## custom pool name + name: pool-0 + ## volumesPerServer specifies the number of volumes attached per MinIO Tenant Pod / Server. + volumesPerServer: 2 + ## This VolumeClaimTemplate is used across all the volumes provisioned for MinIO Tenant in this Pool. + volumeClaimTemplate: + metadata: + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi diff --git a/examples/kustomization/tenant-PolicyBinding/tenantNamePatch.yaml b/examples/kustomization/tenant-PolicyBinding/tenantNamePatch.yaml new file mode 100644 index 00000000000..6c8aaecaca1 --- /dev/null +++ b/examples/kustomization/tenant-PolicyBinding/tenantNamePatch.yaml @@ -0,0 +1,3 @@ +- op: replace + path: /metadata/name + value: policybinding \ No newline at end of file diff --git a/examples/kustomization/tenant-certmanager-kes/certificates.yaml b/examples/kustomization/tenant-certmanager-kes/certificates.yaml new file mode 100644 index 00000000000..2a953fa5ca6 --- /dev/null +++ b/examples/kustomization/tenant-certmanager-kes/certificates.yaml @@ -0,0 +1,35 @@ +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: tenant-certmanager-issuer + namespace: minio-tenant +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: tenant-certmanager-cert + namespace: minio-tenant +spec: + dnsNames: + - "*.tenant-certmanager.svc.cluster.local" + - "*.storage-certmanager.tenant-certmanager.svc.cluster.local" + - "*.storage-certmanager-hl.tenant-certmanager.svc.cluster.local" + secretName: tenant-certmanager-tls + issuerRef: + name: tenant-certmanager-issuer +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: tenant-certmanager-2-cert + namespace: tenant-certmanager +spec: + dnsNames: + - "*.tenant-certmanager.svc.cluster.local" + - "*.storage-certmanager.tenant-certmanager.svc.cluster.local" + - "*.storage-certmanager-hl.tenant-certmanager.svc.cluster.local" + secretName: tenant-certmanager-2-tls + issuerRef: + name: tenant-certmanager-issuer diff --git a/examples/kustomization/tenant-certmanager-kes/kustomization.yaml b/examples/kustomization/tenant-certmanager-kes/kustomization.yaml new file mode 100644 index 00000000000..c9778df1fd2 --- /dev/null +++ b/examples/kustomization/tenant-certmanager-kes/kustomization.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - certificates.yaml + - vault.yaml + - ubuntu.yaml + - ../base +namespace: tenant-certmanager +patchesStrategicMerge: + - tenant.yaml +patchesJson6902: + - target: + group: minio.min.io + version: v2 + kind: Tenant + name: storage + path: tenantNamePatch.yaml + diff --git a/examples/kustomization/tenant-certmanager-kes/tenant.yaml b/examples/kustomization/tenant-certmanager-kes/tenant.yaml new file mode 100644 index 00000000000..4a1d5ae9fec --- /dev/null +++ b/examples/kustomization/tenant-certmanager-kes/tenant.yaml @@ -0,0 +1,29 @@ +apiVersion: minio.min.io/v2 +kind: Tenant +metadata: + name: storage + namespace: minio-tenant +spec: + ## Disable default tls certificates. + requestAutoCert: false + ## Use certificates generated by cert-manager. + externalCertSecret: + - name: tenant-certmanager-tls + type: cert-manager.io/v1 + kes: + externalCertSecret: + name: tenant-certmanager-2-tls + type: cert-manager.io/v1 + image: minio/kes:v0.17.6 + imagePullPolicy: IfNotPresent + kesSecret: + name: storage-certmanager-secret-kes-configuration + keyName: my-minio-key + replicas: 1 + resources: {} + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: Always + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 diff --git a/examples/kustomization/tenant-certmanager-kes/tenantNamePatch.yaml b/examples/kustomization/tenant-certmanager-kes/tenantNamePatch.yaml new file mode 100644 index 00000000000..8a6d5902b3c --- /dev/null +++ b/examples/kustomization/tenant-certmanager-kes/tenantNamePatch.yaml @@ -0,0 +1,4 @@ +- op: replace + path: /metadata/name + value: storage-certmanager + diff --git a/examples/kustomization/tenant-certmanager-kes/ubuntu.yaml b/examples/kustomization/tenant-certmanager-kes/ubuntu.yaml new file mode 100644 index 00000000000..95092415669 --- /dev/null +++ b/examples/kustomization/tenant-certmanager-kes/ubuntu.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Pod +metadata: + name: ubuntu + namespace: tenant-certmanager + labels: + app: ubuntu +spec: + volumes: + - name: socket + hostPath: + path: /run/containerd/containerd.sock + containers: + - volumeMounts: + - mountPath: /run/containerd/containerd.sock + name: socket + readOnly: false + image: ubuntu + command: + - "sleep" + - "604800" + imagePullPolicy: IfNotPresent + name: ubuntu + restartPolicy: Always diff --git a/examples/kustomization/tenant-certmanager-kes/vault.yaml b/examples/kustomization/tenant-certmanager-kes/vault.yaml new file mode 100644 index 00000000000..e906e5a53b5 --- /dev/null +++ b/examples/kustomization/tenant-certmanager-kes/vault.yaml @@ -0,0 +1,50 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: vault + namespace: tenant-certmanager + labels: + name: vault +spec: + ports: + - port: 8200 + name: http + selector: + app: vault +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: vault + namespace: tenant-certmanager +spec: + replicas: 1 + selector: + matchLabels: + app: vault + template: + metadata: + labels: + app: vault + spec: + containers: + - name: vault + image: vault:latest + imagePullPolicy: "IfNotPresent" + env: + - name: SECRET_SHARES + value: "5" + - name: SECRET_THRESHOLD + value: "3" + - name: SELF_SIGNED_CERT + value: "true" + - name: TOTAL_INIT_RETRIES + value: "5" + ports: + - containerPort: 8200 + name: http + securityContext: + capabilities: + add: + - IPC_LOCK diff --git a/helm/operator/templates/cluster-role.yaml b/helm/operator/templates/cluster-role.yaml index f90749e7ea3..1ccbb0b7ec3 100644 --- a/helm/operator/templates/cluster-role.yaml +++ b/helm/operator/templates/cluster-role.yaml @@ -105,6 +105,12 @@ rules: verbs: - approve - sign + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create - apiGroups: - minio.min.io resources: @@ -113,6 +119,7 @@ rules: - "*" - apiGroups: - min.io + - sts.min.io resources: - "*" verbs: diff --git a/helm/operator/templates/operator-service.yaml b/helm/operator/templates/operator-service.yaml index 1a5273338c0..a4636e135f7 100644 --- a/helm/operator/templates/operator-service.yaml +++ b/helm/operator/templates/operator-service.yaml @@ -13,3 +13,18 @@ spec: selector: operator: leader {{- include "minio-operator.selectorLabels" . | nindent 4 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: "sts" + namespace: {{ .Release.Namespace }} + labels: + {{- include "minio-operator.labels" . | nindent 4 }} +spec: + type: LoadBalancer + ports: + - port: 4223 + name: https + selector: + {{- include "minio-operator.selectorLabels" . | nindent 4 }} diff --git a/helm/operator/templates/sts.min.io_policybindings.yaml b/helm/operator/templates/sts.min.io_policybindings.yaml new file mode 100644 index 00000000000..df95ef38080 --- /dev/null +++ b/helm/operator/templates/sts.min.io_policybindings.yaml @@ -0,0 +1,78 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + meta.helm.sh/release-name: minio-operator + meta.helm.sh/release-namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/managed-by: Helm + name: policybindings.sts.min.io +spec: + group: sts.min.io + names: + kind: PolicyBinding + listKind: PolicyBindingList + plural: policybindings + shortNames: + - policybinding + singular: policybinding + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.currentState + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + application: + properties: + namespace: + type: string + serviceaccount: + type: string + required: + - namespace + - serviceaccount + type: object + policies: + items: + type: string + type: array + required: + - application + - policies + type: object + status: + properties: + currentState: + type: string + usage: + nullable: true + properties: + authotizations: + format: int64 + type: integer + type: object + required: + - currentState + - usage + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/k8s/update-codegen.sh b/k8s/update-codegen.sh index b66cbd19462..13fc60b4d1a 100755 --- a/k8s/update-codegen.sh +++ b/k8s/update-codegen.sh @@ -42,7 +42,7 @@ chmod +x ${CODEGEN_PKG}/generate-groups.sh cd ${SCRIPT_ROOT} ${CODEGEN_PKG}/generate-groups.sh "all" \ $ROOT_PKG/pkg/client $ROOT_PKG/pkg/apis \ - "minio.min.io:v1 minio.min.io:v2" \ + "minio.min.io:v1 minio.min.io:v2 sts.min.io:v1beta1" \ --output-base "${TEMP_DIR}" \ --go-header-file "k8s/boilerplate.go.txt" diff --git a/kustomization.yaml b/kustomization.yaml index 7f06121d548..5d6c4a3b481 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -11,7 +11,7 @@ resources: - resources/base/service-account.yaml - resources/base/cluster-role.yaml - resources/base/cluster-role-binding.yaml - - resources/base/crds/minio.min.io_tenants.yaml + - resources/base/crds - resources/base/service.yaml - resources/base/deployment.yaml - resources/base/console-ui.yaml diff --git a/main.go b/main.go index ae60c2e9189..2411d7c7564 100644 --- a/main.go +++ b/main.go @@ -162,6 +162,21 @@ func main() { caContent = append(caContent, val...) } } + + // certificate for Operator STS, we need tenants to also trust the Operator STS + stsCert, err := kubeClient.CoreV1().Secrets(miniov2.GetNSFromFile()).Get(ctx, cluster.STSTLSSecretName, metav1.GetOptions{}) + if err == nil && stsCert != nil { + if cert, ok := stsCert.Data["public.crt"]; ok { + caContent = append(caContent, cert...) + } + if val, ok := operatorTLSCert.Data["tls.crt"]; ok { + caContent = append(caContent, val...) + } + if val, ok := operatorTLSCert.Data["ca.crt"]; ok { + caContent = append(caContent, val...) + } + } + if len(caContent) > 0 { crd, err := extClient.ApiextensionsV1().CustomResourceDefinitions().Get(context.Background(), "tenants.minio.min.io", metav1.GetOptions{}) if err != nil { @@ -197,6 +212,7 @@ func main() { kubeInformerFactory.Apps().V1().Deployments(), kubeInformerFactory.Core().V1().Pods(), minioInformerFactory.Minio().V2().Tenants(), + minioInformerFactory.Sts().V1beta1().PolicyBindings(), kubeInformerFactory.Core().V1().Services(), hostsTemplate, version, diff --git a/pkg/apis/minio.min.io/v2/helper.go b/pkg/apis/minio.min.io/v2/helper.go index 77553f7935b..179126c9e63 100644 --- a/pkg/apis/minio.min.io/v2/helper.go +++ b/pkg/apis/minio.min.io/v2/helper.go @@ -93,6 +93,12 @@ const ( WebhookCRDConversaion = WebhookAPIVersion + "/crd-conversion" ) +// STS API constants +const ( + STSDefaultPort = "4223" + STSEndpoint = "/sts" +) + type hostsTemplateValues struct { StatefulSet string CIService string @@ -1141,22 +1147,36 @@ func (t *Tenant) HasConsoleDomains() bool { func (t *Tenant) ValidateDomains() error { if t.HasMinIODomains() { domains := t.Spec.Features.Domains.Minio + var globalDomains []string if len(domains) != 0 { - for _, domainName := range domains { - _, err := url.Parse(domainName) + for _, domain := range domains { + // Infer schema from tenant TLS, if not explicit + if !strings.HasPrefix(domain, "http") { + useSchema := "http" + if t.TLS() { + useSchema = "https" + } + domain = fmt.Sprintf("%s://%s", useSchema, domain) + } + + u, err := url.Parse(domain) if err != nil { return err } - if _, ok := dns.IsDomainName(domainName); !ok { - return fmt.Errorf("invalid domain `%s`", domainName) + if _, ok := dns.IsDomainName(domain); !ok { + return fmt.Errorf("invalid domain `%s`", domain) } + + // Remove ports if any + domain := strings.Split(u.Host, ":")[0] + globalDomains = append(globalDomains, domain) } - sort.Strings(domains) - lcpSuf := lcpSuffix(domains) - for _, domainName := range domains { - if domainName == lcpSuf && len(domains) > 1 { - return fmt.Errorf("overlapping domains `%s` not allowed", domainName) + sort.Strings(globalDomains) + lcpSuf := lcpSuffix(globalDomains) + for _, domain := range globalDomains { + if domain == lcpSuf && len(globalDomains) > 1 { + return fmt.Errorf("overlapping domains `%s` not allowed", domain) } } } @@ -1169,14 +1189,28 @@ func (t *Tenant) GetDomainHosts() []string { if t.HasMinIODomains() { domains := t.Spec.Features.Domains.Minio var hosts []string - for _, d := range domains { - u, err := url.Parse(d) + for _, domain := range domains { + // Infer schema from tenant TLS, if not explicit + if !strings.HasPrefix(domain, "http") { + useSchema := "http" + if t.TLS() { + useSchema = "https" + } + domain = fmt.Sprintf("%s://%s", useSchema, domain) + } + + if _, ok := dns.IsDomainName(domain); !ok { + continue + } + + u, err := url.Parse(domain) if err != nil { continue } - // remove ports if any - hostParts := strings.Split(u.Host, ":") - hosts = append(hosts, hostParts[0]) + + // Remove ports if any + host := strings.Split(u.Host, ":")[0] + hosts = append(hosts, host) } return hosts } diff --git a/pkg/apis/minio.min.io/v2/helper_test.go b/pkg/apis/minio.min.io/v2/helper_test.go index ab7cf5812ed..d8bc4cccda0 100644 --- a/pkg/apis/minio.min.io/v2/helper_test.go +++ b/pkg/apis/minio.min.io/v2/helper_test.go @@ -338,8 +338,8 @@ func TestTenant_GetDomainHosts(t1 *testing.T) { Features: &Features{ Domains: &TenantDomains{ Minio: []string{ - "https://domain1.com:8080", - "http://domain2.com", + "domain1.com:8080", + "domain2.com", }, }, }, @@ -460,8 +460,10 @@ func TestTenant_ValidateDomains(t1 *testing.T) { Features: &Features{ Domains: &TenantDomains{ Minio: []string{ - "https://domain1.com:8080", - "http://domain2.com", + "domain1.com:8080", + "domain2.com", + "http://domain3.com:8080", + "https://domain4.com", }, }, }, @@ -478,6 +480,8 @@ func TestTenant_ValidateDomains(t1 *testing.T) { Minio: []string{ "http s://domain1.com:8080", "http://domain2.com", + "httx://domain3.com", + ":8080", }, }, }, @@ -492,8 +496,8 @@ func TestTenant_ValidateDomains(t1 *testing.T) { Features: &Features{ Domains: &TenantDomains{ Minio: []string{ - "http://domain2.com", - "http://domain2.com", + "domain2.com", + "other.domain2.com:8080", }, }, }, diff --git a/pkg/apis/minio.min.io/v2/zz_generated.deepcopy.go b/pkg/apis/minio.min.io/v2/zz_generated.deepcopy.go index e5845078d25..7828ab00fc6 100644 --- a/pkg/apis/minio.min.io/v2/zz_generated.deepcopy.go +++ b/pkg/apis/minio.min.io/v2/zz_generated.deepcopy.go @@ -456,6 +456,11 @@ func (in *Pool) DeepCopyInto(out *Pool) { *out = new(v1.PodSecurityContext) (*in).DeepCopyInto(*out) } + if in.ContainerSecurityContext != nil { + in, out := &in.ContainerSecurityContext, &out.ContainerSecurityContext + *out = new(v1.SecurityContext) + (*in).DeepCopyInto(*out) + } if in.Annotations != nil { in, out := &in.Annotations, &out.Annotations *out = make(map[string]string, len(*in)) diff --git a/pkg/apis/sts.min.io/register.go b/pkg/apis/sts.min.io/register.go new file mode 100644 index 00000000000..7959139efe2 --- /dev/null +++ b/pkg/apis/sts.min.io/register.go @@ -0,0 +1,20 @@ +// Copyright (C) 2022, MinIO, Inc. +// +// This code is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License, version 3, +// as published by the Free Software Foundation. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License, version 3, +// along with this program. If not, see + +package operator + +// MinIO Operator STS group name. +const ( + GroupName = "sts.min.io" +) diff --git a/pkg/apis/sts.min.io/v1beta1/doc.go b/pkg/apis/sts.min.io/v1beta1/doc.go new file mode 100644 index 00000000000..d6efb49bf8d --- /dev/null +++ b/pkg/apis/sts.min.io/v1beta1/doc.go @@ -0,0 +1,21 @@ +// Copyright (C) 2022, MinIO, Inc. +// +// This code is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License, version 3, +// as published by the Free Software Foundation. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License, version 3, +// along with this program. If not, see + +// +k8s:deepcopy-gen=package,register +// go:generate controller-gen crd:trivialVersions=true paths=. output:dir=. + +// Package v1beta1 is the v1beta1 version of the API. +// +groupName=sts.min.io +// +versionName=v1beta1 +package v1beta1 diff --git a/pkg/apis/sts.min.io/v1beta1/register.go b/pkg/apis/sts.min.io/v1beta1/register.go new file mode 100644 index 00000000000..498c0318ac0 --- /dev/null +++ b/pkg/apis/sts.min.io/v1beta1/register.go @@ -0,0 +1,57 @@ +// Copyright (C) 2022, MinIO, Inc. +// +// This code is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License, version 3, +// as published by the Free Software Foundation. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License, version 3, +// along with this program. If not, see + +package v1beta1 + +import ( + operator "github.com/minio/operator/pkg/apis/sts.min.io" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +// Version specifies the API Version +const Version = "v1beta1" + +// SchemeGroupVersion is group version used to register these objects +var SchemeGroupVersion = schema.GroupVersion{Group: operator.GroupName, Version: Version} + +// Kind takes an unqualified kind and returns back a Group qualified GroupKind +func Kind(kind string) schema.GroupKind { + return SchemeGroupVersion.WithKind(kind).GroupKind() +} + +// Resource takes an unqualified resource and returns a Group qualified GroupResource +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} + +var ( + // SchemeBuilder collects the scheme builder functions for the MinIO + // Operator API. + SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) + + // AddToScheme applies the SchemeBuilder functions to a specified scheme. + AddToScheme = SchemeBuilder.AddToScheme +) + +// Adds the list of known types to Scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &PolicyBinding{}, + &PolicyBindingList{}, + ) + metav1.AddToGroupVersion(scheme, SchemeGroupVersion) + return nil +} diff --git a/pkg/apis/sts.min.io/v1beta1/types.go b/pkg/apis/sts.min.io/v1beta1/types.go new file mode 100644 index 00000000000..853706becfb --- /dev/null +++ b/pkg/apis/sts.min.io/v1beta1/types.go @@ -0,0 +1,91 @@ +// Copyright (C) 2022, MinIO, Inc. +// +// This code is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License, version 3, +// as published by the Free Software Foundation. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License, version 3, +// along with this program. If not, see + +package v1beta1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +k8s:defaulter-gen=true +// +kubebuilder:subresource:status +// +kubebuilder:resource:scope=Namespaced,shortName=policybinding,singular=policybinding +// +kubebuilder:printcolumn:name="State",type="string",JSONPath=".status.currentState" +// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:storageversion + +// PolicyBinding is a https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/[Kubernetes object] describing a MinIO PolicyBinding. +type PolicyBinding struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // *Required* + + // + // The root field for the MinIO PolicyBinding object. + Spec PolicyBindingSpec `json:"spec,omitempty"` + + // Status provides details of the state of the PolicyBinding + // +optional + Status PolicyBindingStatus `json:"status,omitempty"` +} + +// PolicyBindingStatus is the status for a PolicyBinding resource +type PolicyBindingStatus struct { + // *Required* + + CurrentState string `json:"currentState"` + + // Keeps track of the invocations related to the PolicyBinding + // +nullable + Usage PolicyBindingUsage `json:"usage"` +} + +// PolicyBindingUsage are metrics regarding the usage of the policyBinding +type PolicyBindingUsage struct { + Authorizations int64 `json:"authotizations,omitempty"` +} + +// PolicyBindingSpec (`spec`) defines the configuration of a MinIO PolicyBinding object. + +// +// The following parameters are specific to the `sts.min.io/v1beta1` MinIO Policy Binding CRD API `spec` definition added as part of the MinIO Operator v5.0.0. + +// +// PolicyBinding is a Auhtorization mechanism managed by the Minio Operator using Kubernetes ServiceAccount native object, the Binding allow to an ServiceAccount to assume policies inside a tenant. +// For more complete documentation on this object, see the https://docs.min.io/minio/k8s/reference/minio-operator-reference.html#minio-operator-yaml-reference[MinIO Kubernetes Documentation]. +type PolicyBindingSpec struct { + // *Required* + + // + // The Application Property identifies the namespace and service account that will be authorized + Application *Application `json:"application"` + // *Required* + + Policies []string `json:"policies"` +} + +// Application defines the `Namespace` and `ServiceAccount` +type Application struct { + // *Required* + + Namespace string `json:"namespace"` + // *Required* + + ServiceAccount string `json:"serviceaccount"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// PolicyBindingList is a list of PolicyBinding resources +type PolicyBindingList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + + Items []PolicyBinding `json:"items"` +} diff --git a/pkg/apis/sts.min.io/v1beta1/zz_generated.deepcopy.go b/pkg/apis/sts.min.io/v1beta1/zz_generated.deepcopy.go new file mode 100644 index 00000000000..1208ad21fcc --- /dev/null +++ b/pkg/apis/sts.min.io/v1beta1/zz_generated.deepcopy.go @@ -0,0 +1,162 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package v1beta1 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Application) DeepCopyInto(out *Application) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Application. +func (in *Application) DeepCopy() *Application { + if in == nil { + return nil + } + out := new(Application) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PolicyBinding) DeepCopyInto(out *PolicyBinding) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + out.Status = in.Status + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyBinding. +func (in *PolicyBinding) DeepCopy() *PolicyBinding { + if in == nil { + return nil + } + out := new(PolicyBinding) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PolicyBinding) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PolicyBindingList) DeepCopyInto(out *PolicyBindingList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]PolicyBinding, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyBindingList. +func (in *PolicyBindingList) DeepCopy() *PolicyBindingList { + if in == nil { + return nil + } + out := new(PolicyBindingList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PolicyBindingList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PolicyBindingSpec) DeepCopyInto(out *PolicyBindingSpec) { + *out = *in + if in.Application != nil { + in, out := &in.Application, &out.Application + *out = new(Application) + **out = **in + } + if in.Policies != nil { + in, out := &in.Policies, &out.Policies + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyBindingSpec. +func (in *PolicyBindingSpec) DeepCopy() *PolicyBindingSpec { + if in == nil { + return nil + } + out := new(PolicyBindingSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PolicyBindingStatus) DeepCopyInto(out *PolicyBindingStatus) { + *out = *in + out.Usage = in.Usage + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyBindingStatus. +func (in *PolicyBindingStatus) DeepCopy() *PolicyBindingStatus { + if in == nil { + return nil + } + out := new(PolicyBindingStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PolicyBindingUsage) DeepCopyInto(out *PolicyBindingUsage) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyBindingUsage. +func (in *PolicyBindingUsage) DeepCopy() *PolicyBindingUsage { + if in == nil { + return nil + } + out := new(PolicyBindingUsage) + in.DeepCopyInto(out) + return out +} diff --git a/pkg/client/clientset/versioned/clientset.go b/pkg/client/clientset/versioned/clientset.go index 7da785520b6..3a59baa14d2 100644 --- a/pkg/client/clientset/versioned/clientset.go +++ b/pkg/client/clientset/versioned/clientset.go @@ -20,9 +20,11 @@ package versioned import ( "fmt" + "net/http" miniov1 "github.com/minio/operator/pkg/client/clientset/versioned/typed/minio.min.io/v1" miniov2 "github.com/minio/operator/pkg/client/clientset/versioned/typed/minio.min.io/v2" + stsv1beta1 "github.com/minio/operator/pkg/client/clientset/versioned/typed/sts.min.io/v1beta1" discovery "k8s.io/client-go/discovery" rest "k8s.io/client-go/rest" flowcontrol "k8s.io/client-go/util/flowcontrol" @@ -32,14 +34,16 @@ type Interface interface { Discovery() discovery.DiscoveryInterface MinioV1() miniov1.MinioV1Interface MinioV2() miniov2.MinioV2Interface + StsV1beta1() stsv1beta1.StsV1beta1Interface } // Clientset contains the clients for groups. Each group has exactly one // version included in a Clientset. type Clientset struct { *discovery.DiscoveryClient - minioV1 *miniov1.MinioV1Client - minioV2 *miniov2.MinioV2Client + minioV1 *miniov1.MinioV1Client + minioV2 *miniov2.MinioV2Client + stsV1beta1 *stsv1beta1.StsV1beta1Client } // MinioV1 retrieves the MinioV1Client @@ -52,6 +56,11 @@ func (c *Clientset) MinioV2() miniov2.MinioV2Interface { return c.minioV2 } +// StsV1beta1 retrieves the StsV1beta1Client +func (c *Clientset) StsV1beta1() stsv1beta1.StsV1beta1Interface { + return c.stsV1beta1 +} + // Discovery retrieves the DiscoveryClient func (c *Clientset) Discovery() discovery.DiscoveryInterface { if c == nil { @@ -63,26 +72,53 @@ func (c *Clientset) Discovery() discovery.DiscoveryInterface { // NewForConfig creates a new Clientset for the given config. // If config's RateLimiter is not set and QPS and Burst are acceptable, // NewForConfig will generate a rate-limiter in configShallowCopy. +// NewForConfig is equivalent to NewForConfigAndClient(c, httpClient), +// where httpClient was generated with rest.HTTPClientFor(c). func NewForConfig(c *rest.Config) (*Clientset, error) { configShallowCopy := *c + + if configShallowCopy.UserAgent == "" { + configShallowCopy.UserAgent = rest.DefaultKubernetesUserAgent() + } + + // share the transport between all clients + httpClient, err := rest.HTTPClientFor(&configShallowCopy) + if err != nil { + return nil, err + } + + return NewForConfigAndClient(&configShallowCopy, httpClient) +} + +// NewForConfigAndClient creates a new Clientset for the given config and http client. +// Note the http client provided takes precedence over the configured transport values. +// If config's RateLimiter is not set and QPS and Burst are acceptable, +// NewForConfigAndClient will generate a rate-limiter in configShallowCopy. +func NewForConfigAndClient(c *rest.Config, httpClient *http.Client) (*Clientset, error) { + configShallowCopy := *c if configShallowCopy.RateLimiter == nil && configShallowCopy.QPS > 0 { if configShallowCopy.Burst <= 0 { return nil, fmt.Errorf("burst is required to be greater than 0 when RateLimiter is not set and QPS is set to greater than 0") } configShallowCopy.RateLimiter = flowcontrol.NewTokenBucketRateLimiter(configShallowCopy.QPS, configShallowCopy.Burst) } + var cs Clientset var err error - cs.minioV1, err = miniov1.NewForConfig(&configShallowCopy) + cs.minioV1, err = miniov1.NewForConfigAndClient(&configShallowCopy, httpClient) + if err != nil { + return nil, err + } + cs.minioV2, err = miniov2.NewForConfigAndClient(&configShallowCopy, httpClient) if err != nil { return nil, err } - cs.minioV2, err = miniov2.NewForConfig(&configShallowCopy) + cs.stsV1beta1, err = stsv1beta1.NewForConfigAndClient(&configShallowCopy, httpClient) if err != nil { return nil, err } - cs.DiscoveryClient, err = discovery.NewDiscoveryClientForConfig(&configShallowCopy) + cs.DiscoveryClient, err = discovery.NewDiscoveryClientForConfigAndClient(&configShallowCopy, httpClient) if err != nil { return nil, err } @@ -92,12 +128,11 @@ func NewForConfig(c *rest.Config) (*Clientset, error) { // NewForConfigOrDie creates a new Clientset for the given config and // panics if there is an error in the config. func NewForConfigOrDie(c *rest.Config) *Clientset { - var cs Clientset - cs.minioV1 = miniov1.NewForConfigOrDie(c) - cs.minioV2 = miniov2.NewForConfigOrDie(c) - - cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c) - return &cs + cs, err := NewForConfig(c) + if err != nil { + panic(err) + } + return cs } // New creates a new Clientset for the given RESTClient. @@ -105,6 +140,7 @@ func New(c rest.Interface) *Clientset { var cs Clientset cs.minioV1 = miniov1.New(c) cs.minioV2 = miniov2.New(c) + cs.stsV1beta1 = stsv1beta1.New(c) cs.DiscoveryClient = discovery.NewDiscoveryClient(c) return &cs diff --git a/pkg/client/clientset/versioned/fake/clientset_generated.go b/pkg/client/clientset/versioned/fake/clientset_generated.go index f716a75c968..8112ae94e97 100644 --- a/pkg/client/clientset/versioned/fake/clientset_generated.go +++ b/pkg/client/clientset/versioned/fake/clientset_generated.go @@ -24,6 +24,8 @@ import ( fakeminiov1 "github.com/minio/operator/pkg/client/clientset/versioned/typed/minio.min.io/v1/fake" miniov2 "github.com/minio/operator/pkg/client/clientset/versioned/typed/minio.min.io/v2" fakeminiov2 "github.com/minio/operator/pkg/client/clientset/versioned/typed/minio.min.io/v2/fake" + stsv1beta1 "github.com/minio/operator/pkg/client/clientset/versioned/typed/sts.min.io/v1beta1" + fakestsv1beta1 "github.com/minio/operator/pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/fake" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/watch" "k8s.io/client-go/discovery" @@ -76,7 +78,10 @@ func (c *Clientset) Tracker() testing.ObjectTracker { return c.tracker } -var _ clientset.Interface = &Clientset{} +var ( + _ clientset.Interface = &Clientset{} + _ testing.FakeClient = &Clientset{} +) // MinioV1 retrieves the MinioV1Client func (c *Clientset) MinioV1() miniov1.MinioV1Interface { @@ -87,3 +92,8 @@ func (c *Clientset) MinioV1() miniov1.MinioV1Interface { func (c *Clientset) MinioV2() miniov2.MinioV2Interface { return &fakeminiov2.FakeMinioV2{Fake: &c.Fake} } + +// StsV1beta1 retrieves the StsV1beta1Client +func (c *Clientset) StsV1beta1() stsv1beta1.StsV1beta1Interface { + return &fakestsv1beta1.FakeStsV1beta1{Fake: &c.Fake} +} diff --git a/pkg/client/clientset/versioned/fake/register.go b/pkg/client/clientset/versioned/fake/register.go index 6859abbe1a1..19284fe5afc 100644 --- a/pkg/client/clientset/versioned/fake/register.go +++ b/pkg/client/clientset/versioned/fake/register.go @@ -21,6 +21,7 @@ package fake import ( miniov1 "github.com/minio/operator/pkg/apis/minio.min.io/v1" miniov2 "github.com/minio/operator/pkg/apis/minio.min.io/v2" + stsv1beta1 "github.com/minio/operator/pkg/apis/sts.min.io/v1beta1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" schema "k8s.io/apimachinery/pkg/runtime/schema" @@ -34,6 +35,7 @@ var codecs = serializer.NewCodecFactory(scheme) var localSchemeBuilder = runtime.SchemeBuilder{ miniov1.AddToScheme, miniov2.AddToScheme, + stsv1beta1.AddToScheme, } // AddToScheme adds all types of this clientset into the given scheme. This allows composition diff --git a/pkg/client/clientset/versioned/scheme/register.go b/pkg/client/clientset/versioned/scheme/register.go index 9d955deab02..158b312a8c2 100644 --- a/pkg/client/clientset/versioned/scheme/register.go +++ b/pkg/client/clientset/versioned/scheme/register.go @@ -21,6 +21,7 @@ package scheme import ( miniov1 "github.com/minio/operator/pkg/apis/minio.min.io/v1" miniov2 "github.com/minio/operator/pkg/apis/minio.min.io/v2" + stsv1beta1 "github.com/minio/operator/pkg/apis/sts.min.io/v1beta1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" schema "k8s.io/apimachinery/pkg/runtime/schema" @@ -34,6 +35,7 @@ var ParameterCodec = runtime.NewParameterCodec(Scheme) var localSchemeBuilder = runtime.SchemeBuilder{ miniov1.AddToScheme, miniov2.AddToScheme, + stsv1beta1.AddToScheme, } // AddToScheme adds all types of this clientset into the given scheme. This allows composition diff --git a/pkg/client/clientset/versioned/typed/minio.min.io/v1/fake/fake_tenant.go b/pkg/client/clientset/versioned/typed/minio.min.io/v1/fake/fake_tenant.go index c6bec76d96b..99e2dbfd8ea 100644 --- a/pkg/client/clientset/versioned/typed/minio.min.io/v1/fake/fake_tenant.go +++ b/pkg/client/clientset/versioned/typed/minio.min.io/v1/fake/fake_tenant.go @@ -117,7 +117,7 @@ func (c *FakeTenants) UpdateStatus(ctx context.Context, tenant *miniominiov1.Ten // Delete takes name of the tenant and deletes it. Returns an error if one occurs. func (c *FakeTenants) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { _, err := c.Fake. - Invokes(testing.NewDeleteAction(tenantsResource, c.ns, name), &miniominiov1.Tenant{}) + Invokes(testing.NewDeleteActionWithOptions(tenantsResource, c.ns, name, opts), &miniominiov1.Tenant{}) return err } diff --git a/pkg/client/clientset/versioned/typed/minio.min.io/v1/minio.min.io_client.go b/pkg/client/clientset/versioned/typed/minio.min.io/v1/minio.min.io_client.go index 5c22aba4164..914773b222c 100644 --- a/pkg/client/clientset/versioned/typed/minio.min.io/v1/minio.min.io_client.go +++ b/pkg/client/clientset/versioned/typed/minio.min.io/v1/minio.min.io_client.go @@ -19,6 +19,8 @@ package v1 import ( + "net/http" + v1 "github.com/minio/operator/pkg/apis/minio.min.io/v1" "github.com/minio/operator/pkg/client/clientset/versioned/scheme" rest "k8s.io/client-go/rest" @@ -39,12 +41,28 @@ func (c *MinioV1Client) Tenants(namespace string) TenantInterface { } // NewForConfig creates a new MinioV1Client for the given config. +// NewForConfig is equivalent to NewForConfigAndClient(c, httpClient), +// where httpClient was generated with rest.HTTPClientFor(c). func NewForConfig(c *rest.Config) (*MinioV1Client, error) { config := *c if err := setConfigDefaults(&config); err != nil { return nil, err } - client, err := rest.RESTClientFor(&config) + httpClient, err := rest.HTTPClientFor(&config) + if err != nil { + return nil, err + } + return NewForConfigAndClient(&config, httpClient) +} + +// NewForConfigAndClient creates a new MinioV1Client for the given config and http client. +// Note the http client provided takes precedence over the configured transport values. +func NewForConfigAndClient(c *rest.Config, h *http.Client) (*MinioV1Client, error) { + config := *c + if err := setConfigDefaults(&config); err != nil { + return nil, err + } + client, err := rest.RESTClientForConfigAndClient(&config, h) if err != nil { return nil, err } diff --git a/pkg/client/clientset/versioned/typed/minio.min.io/v2/fake/fake_tenant.go b/pkg/client/clientset/versioned/typed/minio.min.io/v2/fake/fake_tenant.go index 3d4130b106f..dae675fcdf0 100644 --- a/pkg/client/clientset/versioned/typed/minio.min.io/v2/fake/fake_tenant.go +++ b/pkg/client/clientset/versioned/typed/minio.min.io/v2/fake/fake_tenant.go @@ -117,7 +117,7 @@ func (c *FakeTenants) UpdateStatus(ctx context.Context, tenant *v2.Tenant, opts // Delete takes name of the tenant and deletes it. Returns an error if one occurs. func (c *FakeTenants) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { _, err := c.Fake. - Invokes(testing.NewDeleteAction(tenantsResource, c.ns, name), &v2.Tenant{}) + Invokes(testing.NewDeleteActionWithOptions(tenantsResource, c.ns, name, opts), &v2.Tenant{}) return err } diff --git a/pkg/client/clientset/versioned/typed/minio.min.io/v2/minio.min.io_client.go b/pkg/client/clientset/versioned/typed/minio.min.io/v2/minio.min.io_client.go index 2d70b9cdd40..d776d583b96 100644 --- a/pkg/client/clientset/versioned/typed/minio.min.io/v2/minio.min.io_client.go +++ b/pkg/client/clientset/versioned/typed/minio.min.io/v2/minio.min.io_client.go @@ -19,6 +19,8 @@ package v2 import ( + "net/http" + v2 "github.com/minio/operator/pkg/apis/minio.min.io/v2" "github.com/minio/operator/pkg/client/clientset/versioned/scheme" rest "k8s.io/client-go/rest" @@ -39,12 +41,28 @@ func (c *MinioV2Client) Tenants(namespace string) TenantInterface { } // NewForConfig creates a new MinioV2Client for the given config. +// NewForConfig is equivalent to NewForConfigAndClient(c, httpClient), +// where httpClient was generated with rest.HTTPClientFor(c). func NewForConfig(c *rest.Config) (*MinioV2Client, error) { config := *c if err := setConfigDefaults(&config); err != nil { return nil, err } - client, err := rest.RESTClientFor(&config) + httpClient, err := rest.HTTPClientFor(&config) + if err != nil { + return nil, err + } + return NewForConfigAndClient(&config, httpClient) +} + +// NewForConfigAndClient creates a new MinioV2Client for the given config and http client. +// Note the http client provided takes precedence over the configured transport values. +func NewForConfigAndClient(c *rest.Config, h *http.Client) (*MinioV2Client, error) { + config := *c + if err := setConfigDefaults(&config); err != nil { + return nil, err + } + client, err := rest.RESTClientForConfigAndClient(&config, h) if err != nil { return nil, err } diff --git a/pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/doc.go b/pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/doc.go new file mode 100644 index 00000000000..d2271211ef7 --- /dev/null +++ b/pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/doc.go @@ -0,0 +1,20 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by client-gen. DO NOT EDIT. + +// This package has the automatically generated typed clients. +package v1beta1 diff --git a/pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/fake/doc.go b/pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/fake/doc.go new file mode 100644 index 00000000000..af8d23ae280 --- /dev/null +++ b/pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/fake/doc.go @@ -0,0 +1,20 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by client-gen. DO NOT EDIT. + +// Package fake has the automatically generated clients. +package fake diff --git a/pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/fake/fake_policybinding.go b/pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/fake/fake_policybinding.go new file mode 100644 index 00000000000..b7318b30065 --- /dev/null +++ b/pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/fake/fake_policybinding.go @@ -0,0 +1,142 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1beta1 "github.com/minio/operator/pkg/apis/sts.min.io/v1beta1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + schema "k8s.io/apimachinery/pkg/runtime/schema" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakePolicyBindings implements PolicyBindingInterface +type FakePolicyBindings struct { + Fake *FakeStsV1beta1 + ns string +} + +var policybindingsResource = schema.GroupVersionResource{Group: "sts.min.io", Version: "v1beta1", Resource: "policybindings"} + +var policybindingsKind = schema.GroupVersionKind{Group: "sts.min.io", Version: "v1beta1", Kind: "PolicyBinding"} + +// Get takes name of the policyBinding, and returns the corresponding policyBinding object, and an error if there is any. +func (c *FakePolicyBindings) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.PolicyBinding, err error) { + obj, err := c.Fake. + Invokes(testing.NewGetAction(policybindingsResource, c.ns, name), &v1beta1.PolicyBinding{}) + + if obj == nil { + return nil, err + } + return obj.(*v1beta1.PolicyBinding), err +} + +// List takes label and field selectors, and returns the list of PolicyBindings that match those selectors. +func (c *FakePolicyBindings) List(ctx context.Context, opts v1.ListOptions) (result *v1beta1.PolicyBindingList, err error) { + obj, err := c.Fake. + Invokes(testing.NewListAction(policybindingsResource, policybindingsKind, c.ns, opts), &v1beta1.PolicyBindingList{}) + + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1beta1.PolicyBindingList{ListMeta: obj.(*v1beta1.PolicyBindingList).ListMeta} + for _, item := range obj.(*v1beta1.PolicyBindingList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested policyBindings. +func (c *FakePolicyBindings) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchAction(policybindingsResource, c.ns, opts)) + +} + +// Create takes the representation of a policyBinding and creates it. Returns the server's representation of the policyBinding, and an error, if there is any. +func (c *FakePolicyBindings) Create(ctx context.Context, policyBinding *v1beta1.PolicyBinding, opts v1.CreateOptions) (result *v1beta1.PolicyBinding, err error) { + obj, err := c.Fake. + Invokes(testing.NewCreateAction(policybindingsResource, c.ns, policyBinding), &v1beta1.PolicyBinding{}) + + if obj == nil { + return nil, err + } + return obj.(*v1beta1.PolicyBinding), err +} + +// Update takes the representation of a policyBinding and updates it. Returns the server's representation of the policyBinding, and an error, if there is any. +func (c *FakePolicyBindings) Update(ctx context.Context, policyBinding *v1beta1.PolicyBinding, opts v1.UpdateOptions) (result *v1beta1.PolicyBinding, err error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateAction(policybindingsResource, c.ns, policyBinding), &v1beta1.PolicyBinding{}) + + if obj == nil { + return nil, err + } + return obj.(*v1beta1.PolicyBinding), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakePolicyBindings) UpdateStatus(ctx context.Context, policyBinding *v1beta1.PolicyBinding, opts v1.UpdateOptions) (*v1beta1.PolicyBinding, error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateSubresourceAction(policybindingsResource, "status", c.ns, policyBinding), &v1beta1.PolicyBinding{}) + + if obj == nil { + return nil, err + } + return obj.(*v1beta1.PolicyBinding), err +} + +// Delete takes name of the policyBinding and deletes it. Returns an error if one occurs. +func (c *FakePolicyBindings) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteActionWithOptions(policybindingsResource, c.ns, name, opts), &v1beta1.PolicyBinding{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakePolicyBindings) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewDeleteCollectionAction(policybindingsResource, c.ns, listOpts) + + _, err := c.Fake.Invokes(action, &v1beta1.PolicyBindingList{}) + return err +} + +// Patch applies the patch and returns the patched policyBinding. +func (c *FakePolicyBindings) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.PolicyBinding, err error) { + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(policybindingsResource, c.ns, name, pt, data, subresources...), &v1beta1.PolicyBinding{}) + + if obj == nil { + return nil, err + } + return obj.(*v1beta1.PolicyBinding), err +} diff --git a/pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/fake/fake_sts.min.io_client.go b/pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/fake/fake_sts.min.io_client.go new file mode 100644 index 00000000000..9509c8c88a4 --- /dev/null +++ b/pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/fake/fake_sts.min.io_client.go @@ -0,0 +1,40 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + v1beta1 "github.com/minio/operator/pkg/client/clientset/versioned/typed/sts.min.io/v1beta1" + rest "k8s.io/client-go/rest" + testing "k8s.io/client-go/testing" +) + +type FakeStsV1beta1 struct { + *testing.Fake +} + +func (c *FakeStsV1beta1) PolicyBindings(namespace string) v1beta1.PolicyBindingInterface { + return &FakePolicyBindings{c, namespace} +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *FakeStsV1beta1) RESTClient() rest.Interface { + var ret *rest.RESTClient + return ret +} diff --git a/pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/generated_expansion.go b/pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/generated_expansion.go new file mode 100644 index 00000000000..d6ea4870f09 --- /dev/null +++ b/pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/generated_expansion.go @@ -0,0 +1,21 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by client-gen. DO NOT EDIT. + +package v1beta1 + +type PolicyBindingExpansion interface{} diff --git a/pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/policybinding.go b/pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/policybinding.go new file mode 100644 index 00000000000..4feac7f0b05 --- /dev/null +++ b/pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/policybinding.go @@ -0,0 +1,195 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by client-gen. DO NOT EDIT. + +package v1beta1 + +import ( + "context" + "time" + + v1beta1 "github.com/minio/operator/pkg/apis/sts.min.io/v1beta1" + scheme "github.com/minio/operator/pkg/client/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// PolicyBindingsGetter has a method to return a PolicyBindingInterface. +// A group's client should implement this interface. +type PolicyBindingsGetter interface { + PolicyBindings(namespace string) PolicyBindingInterface +} + +// PolicyBindingInterface has methods to work with PolicyBinding resources. +type PolicyBindingInterface interface { + Create(ctx context.Context, policyBinding *v1beta1.PolicyBinding, opts v1.CreateOptions) (*v1beta1.PolicyBinding, error) + Update(ctx context.Context, policyBinding *v1beta1.PolicyBinding, opts v1.UpdateOptions) (*v1beta1.PolicyBinding, error) + UpdateStatus(ctx context.Context, policyBinding *v1beta1.PolicyBinding, opts v1.UpdateOptions) (*v1beta1.PolicyBinding, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1beta1.PolicyBinding, error) + List(ctx context.Context, opts v1.ListOptions) (*v1beta1.PolicyBindingList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.PolicyBinding, err error) + PolicyBindingExpansion +} + +// policyBindings implements PolicyBindingInterface +type policyBindings struct { + client rest.Interface + ns string +} + +// newPolicyBindings returns a PolicyBindings +func newPolicyBindings(c *StsV1beta1Client, namespace string) *policyBindings { + return &policyBindings{ + client: c.RESTClient(), + ns: namespace, + } +} + +// Get takes name of the policyBinding, and returns the corresponding policyBinding object, and an error if there is any. +func (c *policyBindings) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.PolicyBinding, err error) { + result = &v1beta1.PolicyBinding{} + err = c.client.Get(). + Namespace(c.ns). + Resource("policybindings"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of PolicyBindings that match those selectors. +func (c *policyBindings) List(ctx context.Context, opts v1.ListOptions) (result *v1beta1.PolicyBindingList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1beta1.PolicyBindingList{} + err = c.client.Get(). + Namespace(c.ns). + Resource("policybindings"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested policyBindings. +func (c *policyBindings) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Namespace(c.ns). + Resource("policybindings"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a policyBinding and creates it. Returns the server's representation of the policyBinding, and an error, if there is any. +func (c *policyBindings) Create(ctx context.Context, policyBinding *v1beta1.PolicyBinding, opts v1.CreateOptions) (result *v1beta1.PolicyBinding, err error) { + result = &v1beta1.PolicyBinding{} + err = c.client.Post(). + Namespace(c.ns). + Resource("policybindings"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(policyBinding). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a policyBinding and updates it. Returns the server's representation of the policyBinding, and an error, if there is any. +func (c *policyBindings) Update(ctx context.Context, policyBinding *v1beta1.PolicyBinding, opts v1.UpdateOptions) (result *v1beta1.PolicyBinding, err error) { + result = &v1beta1.PolicyBinding{} + err = c.client.Put(). + Namespace(c.ns). + Resource("policybindings"). + Name(policyBinding.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(policyBinding). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *policyBindings) UpdateStatus(ctx context.Context, policyBinding *v1beta1.PolicyBinding, opts v1.UpdateOptions) (result *v1beta1.PolicyBinding, err error) { + result = &v1beta1.PolicyBinding{} + err = c.client.Put(). + Namespace(c.ns). + Resource("policybindings"). + Name(policyBinding.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(policyBinding). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the policyBinding and deletes it. Returns an error if one occurs. +func (c *policyBindings) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + return c.client.Delete(). + Namespace(c.ns). + Resource("policybindings"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *policyBindings) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Namespace(c.ns). + Resource("policybindings"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched policyBinding. +func (c *policyBindings) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.PolicyBinding, err error) { + result = &v1beta1.PolicyBinding{} + err = c.client.Patch(pt). + Namespace(c.ns). + Resource("policybindings"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/sts.min.io_client.go b/pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/sts.min.io_client.go new file mode 100644 index 00000000000..8f4c01c158a --- /dev/null +++ b/pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/sts.min.io_client.go @@ -0,0 +1,107 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by client-gen. DO NOT EDIT. + +package v1beta1 + +import ( + "net/http" + + v1beta1 "github.com/minio/operator/pkg/apis/sts.min.io/v1beta1" + "github.com/minio/operator/pkg/client/clientset/versioned/scheme" + rest "k8s.io/client-go/rest" +) + +type StsV1beta1Interface interface { + RESTClient() rest.Interface + PolicyBindingsGetter +} + +// StsV1beta1Client is used to interact with features provided by the sts.min.io group. +type StsV1beta1Client struct { + restClient rest.Interface +} + +func (c *StsV1beta1Client) PolicyBindings(namespace string) PolicyBindingInterface { + return newPolicyBindings(c, namespace) +} + +// NewForConfig creates a new StsV1beta1Client for the given config. +// NewForConfig is equivalent to NewForConfigAndClient(c, httpClient), +// where httpClient was generated with rest.HTTPClientFor(c). +func NewForConfig(c *rest.Config) (*StsV1beta1Client, error) { + config := *c + if err := setConfigDefaults(&config); err != nil { + return nil, err + } + httpClient, err := rest.HTTPClientFor(&config) + if err != nil { + return nil, err + } + return NewForConfigAndClient(&config, httpClient) +} + +// NewForConfigAndClient creates a new StsV1beta1Client for the given config and http client. +// Note the http client provided takes precedence over the configured transport values. +func NewForConfigAndClient(c *rest.Config, h *http.Client) (*StsV1beta1Client, error) { + config := *c + if err := setConfigDefaults(&config); err != nil { + return nil, err + } + client, err := rest.RESTClientForConfigAndClient(&config, h) + if err != nil { + return nil, err + } + return &StsV1beta1Client{client}, nil +} + +// NewForConfigOrDie creates a new StsV1beta1Client for the given config and +// panics if there is an error in the config. +func NewForConfigOrDie(c *rest.Config) *StsV1beta1Client { + client, err := NewForConfig(c) + if err != nil { + panic(err) + } + return client +} + +// New creates a new StsV1beta1Client for the given RESTClient. +func New(c rest.Interface) *StsV1beta1Client { + return &StsV1beta1Client{c} +} + +func setConfigDefaults(config *rest.Config) error { + gv := v1beta1.SchemeGroupVersion + config.GroupVersion = &gv + config.APIPath = "/apis" + config.NegotiatedSerializer = scheme.Codecs.WithoutConversion() + + if config.UserAgent == "" { + config.UserAgent = rest.DefaultKubernetesUserAgent() + } + + return nil +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *StsV1beta1Client) RESTClient() rest.Interface { + if c == nil { + return nil + } + return c.restClient +} diff --git a/pkg/client/informers/externalversions/factory.go b/pkg/client/informers/externalversions/factory.go index 15ca0b05c91..05b54fc5ac2 100644 --- a/pkg/client/informers/externalversions/factory.go +++ b/pkg/client/informers/externalversions/factory.go @@ -26,6 +26,7 @@ import ( versioned "github.com/minio/operator/pkg/client/clientset/versioned" internalinterfaces "github.com/minio/operator/pkg/client/informers/externalversions/internalinterfaces" miniominio "github.com/minio/operator/pkg/client/informers/externalversions/minio.min.io" + stsminio "github.com/minio/operator/pkg/client/informers/externalversions/sts.min.io" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" schema "k8s.io/apimachinery/pkg/runtime/schema" @@ -173,8 +174,13 @@ type SharedInformerFactory interface { WaitForCacheSync(stopCh <-chan struct{}) map[reflect.Type]bool Minio() miniominio.Interface + Sts() stsminio.Interface } func (f *sharedInformerFactory) Minio() miniominio.Interface { return miniominio.New(f, f.namespace, f.tweakListOptions) } + +func (f *sharedInformerFactory) Sts() stsminio.Interface { + return stsminio.New(f, f.namespace, f.tweakListOptions) +} diff --git a/pkg/client/informers/externalversions/generic.go b/pkg/client/informers/externalversions/generic.go index 7d0ebca9089..e25fc3fd1bf 100644 --- a/pkg/client/informers/externalversions/generic.go +++ b/pkg/client/informers/externalversions/generic.go @@ -23,6 +23,7 @@ import ( v1 "github.com/minio/operator/pkg/apis/minio.min.io/v1" v2 "github.com/minio/operator/pkg/apis/minio.min.io/v2" + v1beta1 "github.com/minio/operator/pkg/apis/sts.min.io/v1beta1" schema "k8s.io/apimachinery/pkg/runtime/schema" cache "k8s.io/client-go/tools/cache" ) @@ -61,6 +62,10 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource case v2.SchemeGroupVersion.WithResource("tenants"): return &genericInformer{resource: resource.GroupResource(), informer: f.Minio().V2().Tenants().Informer()}, nil + // Group=sts.min.io, Version=v1beta1 + case v1beta1.SchemeGroupVersion.WithResource("policybindings"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Sts().V1beta1().PolicyBindings().Informer()}, nil + } return nil, fmt.Errorf("no informer found for %v", resource) diff --git a/pkg/client/informers/externalversions/sts.min.io/interface.go b/pkg/client/informers/externalversions/sts.min.io/interface.go new file mode 100644 index 00000000000..2b73dae7a06 --- /dev/null +++ b/pkg/client/informers/externalversions/sts.min.io/interface.go @@ -0,0 +1,46 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by informer-gen. DO NOT EDIT. + +package sts + +import ( + internalinterfaces "github.com/minio/operator/pkg/client/informers/externalversions/internalinterfaces" + v1beta1 "github.com/minio/operator/pkg/client/informers/externalversions/sts.min.io/v1beta1" +) + +// Interface provides access to each of this group's versions. +type Interface interface { + // V1beta1 provides access to shared informers for resources in V1beta1. + V1beta1() v1beta1.Interface +} + +type group struct { + factory internalinterfaces.SharedInformerFactory + namespace string + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// New returns a new Interface. +func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { + return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} +} + +// V1beta1 returns a new v1beta1.Interface. +func (g *group) V1beta1() v1beta1.Interface { + return v1beta1.New(g.factory, g.namespace, g.tweakListOptions) +} diff --git a/pkg/client/informers/externalversions/sts.min.io/v1beta1/interface.go b/pkg/client/informers/externalversions/sts.min.io/v1beta1/interface.go new file mode 100644 index 00000000000..f8fd788562a --- /dev/null +++ b/pkg/client/informers/externalversions/sts.min.io/v1beta1/interface.go @@ -0,0 +1,45 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by informer-gen. DO NOT EDIT. + +package v1beta1 + +import ( + internalinterfaces "github.com/minio/operator/pkg/client/informers/externalversions/internalinterfaces" +) + +// Interface provides access to all the informers in this group version. +type Interface interface { + // PolicyBindings returns a PolicyBindingInformer. + PolicyBindings() PolicyBindingInformer +} + +type version struct { + factory internalinterfaces.SharedInformerFactory + namespace string + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// New returns a new Interface. +func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { + return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} +} + +// PolicyBindings returns a PolicyBindingInformer. +func (v *version) PolicyBindings() PolicyBindingInformer { + return &policyBindingInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +} diff --git a/pkg/client/informers/externalversions/sts.min.io/v1beta1/policybinding.go b/pkg/client/informers/externalversions/sts.min.io/v1beta1/policybinding.go new file mode 100644 index 00000000000..3e55249bdb3 --- /dev/null +++ b/pkg/client/informers/externalversions/sts.min.io/v1beta1/policybinding.go @@ -0,0 +1,90 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by informer-gen. DO NOT EDIT. + +package v1beta1 + +import ( + "context" + time "time" + + stsminiov1beta1 "github.com/minio/operator/pkg/apis/sts.min.io/v1beta1" + versioned "github.com/minio/operator/pkg/client/clientset/versioned" + internalinterfaces "github.com/minio/operator/pkg/client/informers/externalversions/internalinterfaces" + v1beta1 "github.com/minio/operator/pkg/client/listers/sts.min.io/v1beta1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// PolicyBindingInformer provides access to a shared informer and lister for +// PolicyBindings. +type PolicyBindingInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1beta1.PolicyBindingLister +} + +type policyBindingInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string +} + +// NewPolicyBindingInformer constructs a new informer for PolicyBinding type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewPolicyBindingInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredPolicyBindingInformer(client, namespace, resyncPeriod, indexers, nil) +} + +// NewFilteredPolicyBindingInformer constructs a new informer for PolicyBinding type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredPolicyBindingInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.StsV1beta1().PolicyBindings(namespace).List(context.TODO(), options) + }, + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.StsV1beta1().PolicyBindings(namespace).Watch(context.TODO(), options) + }, + }, + &stsminiov1beta1.PolicyBinding{}, + resyncPeriod, + indexers, + ) +} + +func (f *policyBindingInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredPolicyBindingInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *policyBindingInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&stsminiov1beta1.PolicyBinding{}, f.defaultInformer) +} + +func (f *policyBindingInformer) Lister() v1beta1.PolicyBindingLister { + return v1beta1.NewPolicyBindingLister(f.Informer().GetIndexer()) +} diff --git a/pkg/client/listers/sts.min.io/v1beta1/expansion_generated.go b/pkg/client/listers/sts.min.io/v1beta1/expansion_generated.go new file mode 100644 index 00000000000..20111d51faf --- /dev/null +++ b/pkg/client/listers/sts.min.io/v1beta1/expansion_generated.go @@ -0,0 +1,27 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by lister-gen. DO NOT EDIT. + +package v1beta1 + +// PolicyBindingListerExpansion allows custom methods to be added to +// PolicyBindingLister. +type PolicyBindingListerExpansion interface{} + +// PolicyBindingNamespaceListerExpansion allows custom methods to be added to +// PolicyBindingNamespaceLister. +type PolicyBindingNamespaceListerExpansion interface{} diff --git a/pkg/client/listers/sts.min.io/v1beta1/policybinding.go b/pkg/client/listers/sts.min.io/v1beta1/policybinding.go new file mode 100644 index 00000000000..bce936756f7 --- /dev/null +++ b/pkg/client/listers/sts.min.io/v1beta1/policybinding.go @@ -0,0 +1,99 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by lister-gen. DO NOT EDIT. + +package v1beta1 + +import ( + v1beta1 "github.com/minio/operator/pkg/apis/sts.min.io/v1beta1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// PolicyBindingLister helps list PolicyBindings. +// All objects returned here must be treated as read-only. +type PolicyBindingLister interface { + // List lists all PolicyBindings in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1beta1.PolicyBinding, err error) + // PolicyBindings returns an object that can list and get PolicyBindings. + PolicyBindings(namespace string) PolicyBindingNamespaceLister + PolicyBindingListerExpansion +} + +// policyBindingLister implements the PolicyBindingLister interface. +type policyBindingLister struct { + indexer cache.Indexer +} + +// NewPolicyBindingLister returns a new PolicyBindingLister. +func NewPolicyBindingLister(indexer cache.Indexer) PolicyBindingLister { + return &policyBindingLister{indexer: indexer} +} + +// List lists all PolicyBindings in the indexer. +func (s *policyBindingLister) List(selector labels.Selector) (ret []*v1beta1.PolicyBinding, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1beta1.PolicyBinding)) + }) + return ret, err +} + +// PolicyBindings returns an object that can list and get PolicyBindings. +func (s *policyBindingLister) PolicyBindings(namespace string) PolicyBindingNamespaceLister { + return policyBindingNamespaceLister{indexer: s.indexer, namespace: namespace} +} + +// PolicyBindingNamespaceLister helps list and get PolicyBindings. +// All objects returned here must be treated as read-only. +type PolicyBindingNamespaceLister interface { + // List lists all PolicyBindings in the indexer for a given namespace. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1beta1.PolicyBinding, err error) + // Get retrieves the PolicyBinding from the indexer for a given namespace and name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1beta1.PolicyBinding, error) + PolicyBindingNamespaceListerExpansion +} + +// policyBindingNamespaceLister implements the PolicyBindingNamespaceLister +// interface. +type policyBindingNamespaceLister struct { + indexer cache.Indexer + namespace string +} + +// List lists all PolicyBindings in the indexer for a given namespace. +func (s policyBindingNamespaceLister) List(selector labels.Selector) (ret []*v1beta1.PolicyBinding, err error) { + err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { + ret = append(ret, m.(*v1beta1.PolicyBinding)) + }) + return ret, err +} + +// Get retrieves the PolicyBinding from the indexer for a given namespace and name. +func (s policyBindingNamespaceLister) Get(name string) (*v1beta1.PolicyBinding, error) { + obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1beta1.Resource("policybinding"), name) + } + return obj.(*v1beta1.PolicyBinding), nil +} diff --git a/pkg/controller/cluster/http_handlers.go b/pkg/controller/cluster/http_handlers.go index b4a86a1c91f..7c00ce43620 100644 --- a/pkg/controller/cluster/http_handlers.go +++ b/pkg/controller/cluster/http_handlers.go @@ -17,6 +17,7 @@ package cluster import ( + "bytes" "context" "encoding/json" "fmt" @@ -29,13 +30,16 @@ import ( v1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" miniov1 "github.com/minio/operator/pkg/apis/minio.min.io/v1" + "github.com/minio/operator/pkg/apis/sts.min.io/v1beta1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime" "github.com/minio/operator/pkg/resources/statefulsets" + iampolicy "github.com/minio/pkg/iam/policy" "github.com/gorilla/mux" miniov2 "github.com/minio/operator/pkg/apis/minio.min.io/v2" + xhttp "github.com/minio/operator/pkg/internal" "github.com/minio/operator/pkg/resources/services" k8serrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -50,6 +54,8 @@ const ( updatePath = "/tmp" + miniov2.WebhookAPIUpdate + slashSeparator ) +const contextLogKey = contextKeyType("operatorlog") + // BucketSrvHandler - POST /webhook/v1/bucketsrv/{namespace}/{name}?bucket={bucket} func (c *Controller) BucketSrvHandler(w http.ResponseWriter, r *http.Request) { vars := mux.Vars(r) @@ -315,3 +321,159 @@ func (c *Controller) CRDConversionHandler(w http.ResponseWriter, r *http.Request log.Println(err) } } + +// AssumeRoleWithWebIdentityHandler - POST /sts/{tenantNamespace} +// AssumeRoleWithWebIdentity - implementation of AWS STS API. +// Authenticates a Kubernetes Service accounts using a JWT Token +// Evalues a PolicyBinding CRD as Mapping of the Minio Policies that the ServiceAccount can assume on a minio tenant +// Eg:- +// $ curl -k -X POST https://operator:9443/sts/{tenantNamespace} -d "Action=AssumeRoleWithWebIdentity&WebIdentityToken=" -H "Content-Type: application/x-www-form-urlencoded" +func (c *Controller) AssumeRoleWithWebIdentityHandler(w http.ResponseWriter, r *http.Request) { + routerVars := mux.Vars(r) + tenantNamespace := "" + tenantNamespace, err := xhttp.UnescapeQueryPath(routerVars["tenantNamespace"]) + + reqInfo := ReqInfo{ + RequestID: w.Header().Get(AmzRequestID), + RemoteHost: xhttp.GetSourceIPFromHeaders(r), + Host: r.Host, + UserAgent: r.UserAgent(), + API: webIdentity, + TenantNamespace: tenantNamespace, + } + + ctx := context.WithValue(r.Context(), contextLogKey, &reqInfo) + + if err != nil { + writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue, fmt.Errorf("tenant namespace is missing")) + } + + // Parse the incoming form data. + if err := xhttp.ParseForm(r); err != nil { + writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue, err) + return + } + + if r.Form.Get(stsVersion) != stsAPIVersion { + err := fmt.Errorf("invalid STS API version %s, expecting %s", r.Form.Get("Version"), stsAPIVersion) + writeSTSErrorResponse(ctx, w, true, ErrSTSMissingParameter, err) + return + } + + action := r.Form.Get(stsAction) + switch action { + // For now we only do WebIdentity, leaving it in case we want to implement certificate authentication + case webIdentity: + default: + writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue, fmt.Errorf("unsupported action %s", action)) + return + } + + token := strings.TrimSpace(r.Form.Get(stsWebIdentityToken)) + + if token == "" { + writeSTSErrorResponse(ctx, w, true, ErrSTSMissingParameter, fmt.Errorf("missing %s", stsWebIdentityToken)) + return + } + + // roleArn is ignored + // roleArn := strings.TrimSpace(r.Form.Get(stsRoleArn)) + + // VALIDATE JWT + accessToken := r.Form.Get(stsWebIdentityToken) + + saAuthResult, err := c.ValidateServiceAccountJWT(&ctx, accessToken) + if err != nil { + writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidIdentityToken, err) + return + } + + if !saAuthResult.Status.Authenticated { + writeSTSErrorResponse(ctx, w, true, ErrSTSAccessDenied, fmt.Errorf("access denied: Invalid Token")) + return + } + pbs, err := c.minioClientSet.StsV1beta1().PolicyBindings(tenantNamespace).List(ctx, metav1.ListOptions{}) + if err != nil { + writeSTSErrorResponse(ctx, w, true, ErrSTSInternalError, fmt.Errorf("error obtaining PolicyBindings: %s", err)) + return + } + + chunks := strings.Split(strings.Replace(saAuthResult.Status.User.Username, "system:serviceaccount:", "", -1), ":") + // saNamespace Service account Namespace + saNamespace := chunks[0] + // saName service account username + saName := chunks[1] + // Authorized PolicyBindings for the Service Account + // Need to optimize it with a Cache (probably) + policyBindings := []v1beta1.PolicyBinding{} + for _, pb := range pbs.Items { + if pb.Spec.Application.Namespace == saNamespace && pb.Spec.Application.ServiceAccount == saName { + policyBindings = append(policyBindings, pb) + } + } + + if len(policyBindings) == 0 { + writeSTSErrorResponse(ctx, w, true, ErrSTSAccessDenied, fmt.Errorf("service Account '%s' is not granted to AssumeRole in any Tenant", saAuthResult.Status.User.Username)) + return + } + + tenants, err := c.minioClientSet.MinioV2().Tenants(tenantNamespace).List(ctx, metav1.ListOptions{}) + if err != nil || len(tenants.Items) == 0 { + writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue, fmt.Errorf("no Tenants available in the namespace '%s'", tenantNamespace)) + return + } + + // Only one tenant is allowed in a single namespace, gathering the first tenant in the list + tenant := tenants.Items[0] + + // Session Policy + sessionPolicyStr := r.Form.Get(stsPolicy) + // The plain text that you use for both inline and managed session + // policies shouldn't exceed 2048 characters. + if len(sessionPolicyStr) > 2048 { + writeSTSErrorResponse(ctx, w, true, ErrSTSPackedPolicyTooLarge, fmt.Errorf("session policy should not exceed 2048 characters")) + return + } + + if len(sessionPolicyStr) > 0 { + sessionPolicy, err := iampolicy.ParseConfig(bytes.NewReader([]byte(sessionPolicyStr))) + if err != nil { + writeSTSErrorResponse(ctx, w, true, ErrSTSMalformedPolicyDocument, err) + return + } + + // Version in policy must not be empty + if sessionPolicy.Version == "" { + writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue, fmt.Errorf("invalid session policy version")) + return + } + } + + durationStr := r.Form.Get(stsDurationSeconds) + duration, err := strconv.Atoi(durationStr) + if err != nil { + writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue, fmt.Errorf("invalid token expiry")) + } + + if duration < 900 || duration > 31536000 { + writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue, fmt.Errorf("invalid token expiry: min 900s, max 31536000s")) + } + + stsCredentials, err := AssumeRole(ctx, c, &tenant, sessionPolicyStr, duration) + if err != nil { + writeSTSErrorResponse(ctx, w, true, ErrSTSInternalError, err) + } + + assumeRoleResponse := &AssumeRoleWithWebIdentityResponse{ + Result: WebIdentityResult{ + Credentials: Credentials{ + AccessKey: stsCredentials.AccessKeyID, + SecretKey: stsCredentials.SecretAccessKey, + SessionToken: stsCredentials.SessionToken, + }, + }, + } + + assumeRoleResponse.ResponseMetadata.RequestID = w.Header().Get(AmzRequestID) + writeSuccessResponseXML(w, xhttp.EncodeResponse(assumeRoleResponse)) +} diff --git a/pkg/controller/cluster/main-controller.go b/pkg/controller/cluster/main-controller.go index 65206c1ba97..80958338644 100644 --- a/pkg/controller/cluster/main-controller.go +++ b/pkg/controller/cluster/main-controller.go @@ -23,6 +23,7 @@ import ( "os" "os/signal" "strings" + "sync" "syscall" "time" @@ -66,12 +67,15 @@ import ( "k8s.io/client-go/tools/cache" "k8s.io/client-go/tools/record" + "k8s.io/client-go/util/workqueue" queue "k8s.io/client-go/util/workqueue" miniov2 "github.com/minio/operator/pkg/apis/minio.min.io/v2" + stsv1beta1 "github.com/minio/operator/pkg/apis/sts.min.io/v1beta1" clientset "github.com/minio/operator/pkg/client/clientset/versioned" minioscheme "github.com/minio/operator/pkg/client/clientset/versioned/scheme" informers "github.com/minio/operator/pkg/client/informers/externalversions/minio.min.io/v2" + stsInformers "github.com/minio/operator/pkg/client/informers/externalversions/sts.min.io/v1beta1" "github.com/minio/operator/pkg/resources/services" "github.com/minio/operator/pkg/resources/statefulsets" ) @@ -187,6 +191,9 @@ type Controller struct { // HTTP Upgrade server instance us *http.Server + // STS API server instance + sts *http.Server + // Client transport transport *http.Transport @@ -199,10 +206,21 @@ type Controller struct { // time, and makes it easy to ensure we are never processing the same item // simultaneously in two different workers. healthCheckQueue queue.RateLimitingInterface + + // queue is a rate limited work queue. This is used to queue work to be + // processed instead of performing it as soon as a change happens. This + // means we can ensure we only process a fixed amount of resources at a + // time, and makes it easy to ensure we are never processing the same item + // simultaneously in two different workers. + policyBindingQueue queue.RateLimitingInterface + + // policyBindingListerSynced returns true if the PolicyBinding shared informer + // has synced at least once. + policyBindingListerSynced cache.InformerSynced } // NewController returns a new sample controller -func NewController(podName string, namespacesToWatch set.StringSet, kubeClientSet kubernetes.Interface, minioClientSet clientset.Interface, promClient promclientset.Interface, statefulSetInformer appsinformers.StatefulSetInformer, deploymentInformer appsinformers.DeploymentInformer, podInformer coreinformers.PodInformer, tenantInformer informers.TenantInformer, serviceInformer coreinformers.ServiceInformer, hostsTemplate, operatorVersion string) *Controller { +func NewController(podName string, namespacesToWatch set.StringSet, kubeClientSet kubernetes.Interface, minioClientSet clientset.Interface, promClient promclientset.Interface, statefulSetInformer appsinformers.StatefulSetInformer, deploymentInformer appsinformers.DeploymentInformer, podInformer coreinformers.PodInformer, tenantInformer informers.TenantInformer, policyBindingInformer stsInformers.PolicyBindingInformer, serviceInformer coreinformers.ServiceInformer, hostsTemplate, operatorVersion string) *Controller { // Create event broadcaster // Add minio-controller types to the default Kubernetes Scheme so Events can be // logged for minio-controller types. @@ -214,24 +232,26 @@ func NewController(podName string, namespacesToWatch set.StringSet, kubeClientSe recorder := eventBroadcaster.NewRecorder(scheme.Scheme, corev1.EventSource{Component: controllerAgentName}) controller := &Controller{ - podName: podName, - namespacesToWatch: namespacesToWatch, - kubeClientSet: kubeClientSet, - minioClientSet: minioClientSet, - promClient: promClient, - statefulSetLister: statefulSetInformer.Lister(), - statefulSetListerSynced: statefulSetInformer.Informer().HasSynced, - podInformer: podInformer.Informer(), - deploymentLister: deploymentInformer.Lister(), - deploymentListerSynced: deploymentInformer.Informer().HasSynced, - tenantsSynced: tenantInformer.Informer().HasSynced, - serviceLister: serviceInformer.Lister(), - serviceListerSynced: serviceInformer.Informer().HasSynced, - workqueue: queue.NewNamedRateLimitingQueue(MinIOControllerRateLimiter(), "Tenants"), - healthCheckQueue: queue.NewNamedRateLimitingQueue(MinIOControllerRateLimiter(), "TenantsHealth"), - recorder: recorder, - hostsTemplate: hostsTemplate, - operatorVersion: operatorVersion, + podName: podName, + namespacesToWatch: namespacesToWatch, + kubeClientSet: kubeClientSet, + minioClientSet: minioClientSet, + promClient: promClient, + statefulSetLister: statefulSetInformer.Lister(), + statefulSetListerSynced: statefulSetInformer.Informer().HasSynced, + podInformer: podInformer.Informer(), + deploymentLister: deploymentInformer.Lister(), + deploymentListerSynced: deploymentInformer.Informer().HasSynced, + tenantsSynced: tenantInformer.Informer().HasSynced, + serviceLister: serviceInformer.Lister(), + serviceListerSynced: serviceInformer.Informer().HasSynced, + workqueue: queue.NewNamedRateLimitingQueue(MinIOControllerRateLimiter(), "Tenants"), + healthCheckQueue: queue.NewNamedRateLimitingQueue(MinIOControllerRateLimiter(), "TenantsHealth"), + recorder: recorder, + hostsTemplate: hostsTemplate, + operatorVersion: operatorVersion, + policyBindingQueue: queue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "PolicyBindings"), + policyBindingListerSynced: policyBindingInformer.Informer().HasSynced, } // Initialize operator webhook handlers @@ -240,6 +260,9 @@ func NewController(podName string, namespacesToWatch set.StringSet, kubeClientSe // Initialize operator HTTP upgrade server handlers controller.us = configureHTTPUpgradeServer(controller) + // Initialize STS API server handlers + controller.sts = configureSTSServer(controller) + klog.Info("Setting up event handlers") // Set up an event handler for when Tenant resources change tenantInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{ @@ -255,6 +278,18 @@ func NewController(podName string, namespacesToWatch set.StringSet, kubeClientSe controller.enqueueTenant(new) }, }) + // Event handler for PolicyBinding resources changes + policyBindingInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{ + AddFunc: controller.enqueuePB, + UpdateFunc: func(old, new interface{}) { + oldPB := old.(*stsv1beta1.PolicyBinding) + newPB := new.(*stsv1beta1.PolicyBinding) + if newPB.ResourceVersion == oldPB.ResourceVersion { + return + } + controller.enqueuePB(new) + }, + }) // Set up an event handler for when StatefulSet resources change. This // handler will lookup the owner of the given StatefulSet, and if it is // owned by a Tenant resource will enqueue that Tenant resource for @@ -339,12 +374,16 @@ func getSecretForTenant(tenant *miniov2.Tenant, accessKey, secretKey string) *v1 func (c *Controller) Start(threadiness int, stopCh <-chan struct{}) error { // Start the API and the Controller, but only if this pod is the leader run := func(ctx context.Context) { - // we need to make sure the API is ready before starting operator - apiServerWillStart := make(chan interface{}) - // we need to make sure the HTTP Upgrade server is ready before starting operator - upgradeServerWillStart := make(chan interface{}) - // pausing the process until console has it's TLS certificate (if enabled) - consoleTLS := make(chan interface{}) + var wg sync.WaitGroup + + // 1) we need to make sure the API server is ready before starting operator + // 2) wait for STS API to be ready before starting operator + // 3) we need to make sure the HTTP Upgrade server is ready before starting operator + // 4) pausing the process until console has it's TLS certificate (if enabled) + wg.Add(3) + klog.Info("Waiting for API to start") + klog.Info("Waiting for Upgrade Server to start") + klog.Info("Waiting for Console TLS") go func() { // Request kubernetes version from Kube ApiServer @@ -354,7 +393,7 @@ func (c *Controller) Start(threadiness int, stopCh <-chan struct{}) error { if isOperatorTLS() { publicCertPath, publicKeyPath := c.generateOperatorTLSCert() klog.Infof("Starting HTTPS API server") - close(apiServerWillStart) + wg.Done() certsManager, err := xcerts.NewManager(ctx, *publicCertPath, *publicKeyPath, LoadX509KeyPair) if err != nil { klog.Infof("HTTPS server ListenAndServeTLS failed: %v", err) @@ -368,7 +407,7 @@ func (c *Controller) Start(threadiness int, stopCh <-chan struct{}) error { } } else { klog.Infof("Starting HTTP API server") - close(apiServerWillStart) + wg.Done() // start server without TLS if err := c.ws.ListenAndServe(); err != http.ErrServerClosed { klog.Infof("HTTP server ListenAndServe failed: %v", err) @@ -379,7 +418,7 @@ func (c *Controller) Start(threadiness int, stopCh <-chan struct{}) error { go func() { klog.Infof("Starting HTTP Upgrade Tenant Image server") - close(upgradeServerWillStart) + wg.Done() if err := c.us.ListenAndServe(); err != http.ErrServerClosed { klog.Infof("HTTP Upgrade Tenant Image server ListenAndServe failed: %v", err) panic(err) @@ -387,11 +426,10 @@ func (c *Controller) Start(threadiness int, stopCh <-chan struct{}) error { }() go func() { - klog.Infof("Starting console TLS certificate setup") if isOperatorConsoleTLS() { - klog.Infof("Console TLS enabled") + klog.Infof("Console TLS enabled, starting console TLS certificate setup") err := c.recreateOperatorConsoleCertsIfRequired(ctx) - close(consoleTLS) + wg.Done() if err != nil { panic(err) } @@ -402,25 +440,27 @@ func (c *Controller) Start(threadiness int, stopCh <-chan struct{}) error { } } else { klog.Infof("Console TLS is not enabled") - close(consoleTLS) + wg.Done() } }() - klog.Info("Waiting for API to start") - <-apiServerWillStart - - klog.Info("Waiting for Upgrade Server to start") - <-upgradeServerWillStart + if IsSTSEnabled() { + wg.Add(1) + go func() { + klog.Infof("STS is enabled, starting STS API certificate setup") + c.generateSTSTLSCert() + wg.Done() + }() + } - klog.Info("Waiting for Console TLS") - <-consoleTLS + wg.Wait() // Start the informer factories to begin populating the informer caches klog.Info("Starting Tenant controller") // Wait for the caches to be synced before starting workers klog.Info("Waiting for informer caches to sync") - if ok := cache.WaitForCacheSync(stopCh, c.statefulSetListerSynced, c.deploymentListerSynced, c.tenantsSynced); !ok { + if ok := cache.WaitForCacheSync(stopCh, c.statefulSetListerSynced, c.deploymentListerSynced, c.tenantsSynced, c.policyBindingListerSynced); !ok { panic("failed to wait for caches to sync") } @@ -439,6 +479,34 @@ func (c *Controller) Start(threadiness int, stopCh <-chan struct{}) error { select {} } + // runSTS starts the STS API even if the pod is not the leader + runSTS := func(ctx context.Context) { + // stsServerWillStart is a channel for the STS Server API + stsServerWillStart := make(chan interface{}) + + go func() { + klog.Infof("Starting STS API server") + close(stsServerWillStart) + publicCertPath, publicKeyPath := c.waitSTSTLSCert() + certsManager, err := xcerts.NewManager(ctx, *publicCertPath, *publicKeyPath, LoadX509KeyPair) + if err != nil { + klog.Infof("STS HTTPS server ListenAndServeTLS failed: %v", err) + panic(err) + } + serverCertsManager = certsManager + c.sts.TLSConfig = c.createTLSConfig(serverCertsManager) + if err := c.sts.ListenAndServeTLS("", ""); err != http.ErrServerClosed { + klog.Infof("STS HTTPS server ListenAndServeTLS failed: %v", err) + panic(err) + } + }() + + klog.Info("Waiting for STS API to start") + <-stsServerWillStart + + select {} + } + // use a Go context so we can tell the leaderelection code when we // want to step down ctx, cancel := context.WithCancel(context.Background()) @@ -471,6 +539,12 @@ func (c *Controller) Start(threadiness int, stopCh <-chan struct{}) error { }, } + if IsSTSEnabled() { + go runSTS(ctx) + } else { + klog.Info("STS Api server is not enabled, not starting") + } + // start the leader election code loop leaderelection.RunOrDie(ctx, leaderelection.LeaderElectionConfig{ Lock: lock, @@ -547,6 +621,7 @@ func (c *Controller) Stop() { klog.Info("Stopping the minio controller") c.workqueue.ShutDown() c.healthCheckQueue.ShutDown() + c.policyBindingQueue.ShutDown() } // runWorker is a long-running function that will continually call the @@ -1322,6 +1397,30 @@ func (c *Controller) enqueueTenant(obj interface{}) { c.workqueue.AddRateLimited(key) } +// enqueuePolicyBinding takes a PolicyBinding resource and converts it into a namespance/name string +// This key is put into the workqueue. +// It will ignore any PolicyBinding not in the namespaces that the Operator watches. +// Only PolicyBindings in the watched namespaces where Operator manage tenants are Honored. +func (c *Controller) enqueuePB(obj interface{}) { + key, err := cache.MetaNamespaceKeyFunc(obj) + if err != nil { + runtime.HandleError(err) + return + } + if !c.namespacesToWatch.IsEmpty() { + meta, err := meta.Accessor(obj) + if err != nil { + runtime.HandleError(err) + return + } + if !c.namespacesToWatch.Contains(meta.GetNamespace()) { + klog.Infof("Ignoring PolicyBindig `%s` in namespace that is not watched by this controller.", key) + return + } + } + c.policyBindingQueue.AddRateLimited(key) +} + // handleObject will take any resource implementing metav1.Object and attempt // to find the Tenant resource that 'owns' it. It does this by looking at the // objects metadata.ownerReferences field for an appropriate OwnerReference. diff --git a/pkg/controller/cluster/sts.go b/pkg/controller/cluster/sts.go new file mode 100644 index 00000000000..e06a302a578 --- /dev/null +++ b/pkg/controller/cluster/sts.go @@ -0,0 +1,394 @@ +package cluster + +import ( + "context" + "encoding/xml" + "errors" + "net/http" + "os" + "sync" + "time" + + "github.com/gorilla/mux" + "github.com/minio/minio-go/v7/pkg/credentials" + miniov2 "github.com/minio/operator/pkg/apis/minio.min.io/v2" + xhttp "github.com/minio/operator/pkg/internal" + authv1 "k8s.io/api/authentication/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/klog/v2" +) + +// STS Handler constants +const ( + webIdentity = "AssumeRoleWithWebIdentity" + stsAPIVersion = "2011-06-15" + stsVersion = "Version" + stsAction = "Action" + stsPolicy = "Policy" + stsWebIdentityToken = "WebIdentityToken" + stsDurationSeconds = "DurationSeconds" + AmzRequestID = "x-amz-request-id" + // stsRoleArn = "RoleArn" +) + +const ( + // STSEnabled Env variable name to turn on and off the STS Service is enabled, disabled by default + STSEnabled = "OPERATOR_STS_ENABLED" + + // STSTLSSecretName is the name of secret created for the Operator STS TLS certs + STSTLSSecretName = "sts-tls" +) + +type contextKeyType string + +//go:generate stringer -type=STSErrorCode -trimprefix=Err $GOFILE + +// Error codes, non exhaustive list - http://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithSAML.html +const ( + ErrSTSNone STSErrorCode = iota + ErrSTSAccessDenied + ErrSTSInvalidIdentityToken + ErrSTSMissingParameter + ErrSTSInvalidParameterValue + ErrSTSWebIdentityExpiredToken + ErrSTSClientGrantsExpiredToken + ErrSTSInvalidClientGrantsToken + ErrSTSMalformedPolicyDocument + ErrSTSInsecureConnection + ErrSTSInvalidClientCertificate + ErrSTSNotInitialized + ErrSTSUpstreamError + ErrSTSInternalError + ErrSTSIDPCommunicationError + ErrSTSPackedPolicyTooLarge +) + +type stsErrorCodeMap map[STSErrorCode]APIError + +// ReqInfo stores the request info. +// Reading/writing directly to struct requires appropriate R/W lock. +type ReqInfo struct { + RemoteHost string // Client Host/IP + Host string // Node Host/IP + UserAgent string // User Agent + RequestID string // x-amz-request-id + API string // API name + AccessKey string // Access Key + TenantNamespace string // tenant namespace + sync.RWMutex +} + +// Credentials holds access and secret keys. +type Credentials struct { + AccessKey string `xml:"AccessKeyId" json:"accessKey,omitempty"` + SecretKey string `xml:"SecretAccessKey" json:"secretKey,omitempty"` + Expiration time.Time `xml:"Expiration" json:"expiration,omitempty"` + SessionToken string `xml:"SessionToken" json:"sessionToken,omitempty"` + Status string `xml:"-" json:"status,omitempty"` + ParentUser string `xml:"-" json:"parentUser,omitempty"` + Groups []string `xml:"-" json:"groups,omitempty"` + Claims map[string]interface{} `xml:"-" json:"claims,omitempty"` +} + +// STSErrorCode type of error status. +type STSErrorCode int + +// APIError structure +type APIError struct { + Code string + Description string + HTTPStatusCode int +} + +// STSErrorResponse - error response format +type STSErrorResponse struct { + XMLName xml.Name `xml:"https://sts.amazonaws.com/doc/2011-06-15/ ErrorResponse" json:"-"` + Error struct { + Type string `xml:"Type"` + Code string `xml:"Code"` + Message string `xml:"Message"` + } `xml:"Error"` + RequestID string `xml:"RequestId"` +} + +// error code to STSError structure, these fields carry respective +// descriptions for all the error responses. +var stsErrCodes = stsErrorCodeMap{ + ErrSTSAccessDenied: { + Code: "AccessDenied", + Description: "Generating temporary credentials not allowed for this request.", + HTTPStatusCode: http.StatusForbidden, + }, + ErrSTSInvalidIdentityToken: { + Code: "InvalidIdentityToken", + Description: "The web identity token that was passed could not be validated. Get a new identity token from the identity provider and then retry the request.", + HTTPStatusCode: http.StatusBadRequest, + }, + ErrSTSMissingParameter: { + Code: "MissingParameter", + Description: "A required parameter for the specified action is not supplied.", + HTTPStatusCode: http.StatusBadRequest, + }, + ErrSTSInvalidParameterValue: { + Code: "InvalidParameterValue", + Description: "An invalid or out-of-range value was supplied for the input parameter.", + HTTPStatusCode: http.StatusBadRequest, + }, + ErrSTSWebIdentityExpiredToken: { + Code: "ExpiredToken", + Description: "The web identity token that was passed is expired or is not valid. Get a new identity token from the identity provider and then retry the request.", + HTTPStatusCode: http.StatusBadRequest, + }, + ErrSTSClientGrantsExpiredToken: { + Code: "ExpiredToken", + Description: "The client grants that was passed is expired or is not valid. Get a new client grants token from the identity provider and then retry the request.", + HTTPStatusCode: http.StatusBadRequest, + }, + ErrSTSInvalidClientGrantsToken: { + Code: "InvalidClientGrantsToken", + Description: "The client grants token that was passed could not be validated by MinIO.", + HTTPStatusCode: http.StatusBadRequest, + }, + ErrSTSMalformedPolicyDocument: { + Code: "MalformedPolicyDocument", + Description: "The request was rejected because the policy document was malformed.", + HTTPStatusCode: http.StatusBadRequest, + }, + ErrSTSInsecureConnection: { + Code: "InsecureConnection", + Description: "The request was made over a plain HTTP connection. A TLS connection is required.", + HTTPStatusCode: http.StatusBadRequest, + }, + ErrSTSInvalidClientCertificate: { + Code: "InvalidClientCertificate", + Description: "The provided client certificate is invalid. Retry with a different certificate.", + HTTPStatusCode: http.StatusBadRequest, + }, + ErrSTSNotInitialized: { + Code: "STSNotInitialized", + Description: "STS API not initialized, please try again.", + HTTPStatusCode: http.StatusServiceUnavailable, + }, + ErrSTSUpstreamError: { + Code: "InternalError", + Description: "An upstream service required for this operation failed - please try again or contact an administrator.", + HTTPStatusCode: http.StatusInternalServerError, + }, + ErrSTSInternalError: { + Code: "InternalError", + Description: "We encountered an internal error generating credentials, please try again.", + HTTPStatusCode: http.StatusInternalServerError, + }, + ErrSTSIDPCommunicationError: { + Code: "IDPCommunicationError", + Description: "The request could not be fulfilled because the identity provider (IDP) that was asked to verify the incoming identity token could not be reached.", + HTTPStatusCode: http.StatusBadRequest, + }, + ErrSTSPackedPolicyTooLarge: { + Code: "PackedPolicyTooLarge", + Description: "The request was rejected because the total packed size of the session policies and session tags combined was too large", + HTTPStatusCode: http.StatusBadRequest, + }, +} + +// AssumedRoleUser - The identifiers for the temporary security credentials that +// the operation returns. Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumedRoleUser +type AssumedRoleUser struct { + Arn string + AssumedRoleID string `xml:"AssumeRoleId"` +} + +// WebIdentityResult - Contains the response to a successful AssumeRoleWithWebIdentity +// request, including temporary credentials that can be used to make MinIO API requests. +type WebIdentityResult struct { + // The identifiers for the temporary security credentials that the operation + // returns. + AssumedRoleUser AssumedRoleUser `xml:",omitempty"` + + // The intended audience (also known as client ID) of the web identity token. + // This is traditionally the client identifier issued to the application that + // requested the client grants. + Audience string `xml:",omitempty"` + + // The temporary security credentials, which include an access key ID, a secret + // access key, and a security (or session) token. + // + // Note: The size of the security token that STS APIs return is not fixed. We + // strongly recommend that you make no assumptions about the maximum size. As + // of this writing, the typical size is less than 4096 bytes, but that can vary. + // Also, future updates to AWS might require larger sizes. + Credentials Credentials `xml:",omitempty"` + + // A percentage value that indicates the size of the policy in packed form. + // The service rejects any policy with a packed size greater than 100 percent, + // which means the policy exceeded the allowed space. + PackedPolicySize int `xml:",omitempty"` + + // The issuing authority of the web identity token presented. For OpenID Connect + // ID tokens, this contains the value of the iss field. For OAuth 2.0 id_tokens, + // this contains the value of the ProviderId parameter that was passed in the + // AssumeRoleWithWebIdentity request. + Provider string `xml:",omitempty"` + + // The unique user identifier that is returned by the identity provider. + // This identifier is associated with the Token that was submitted + // with the AssumeRoleWithWebIdentity call. The identifier is typically unique to + // the user and the application that acquired the WebIdentityToken (pairwise identifier). + // For OpenID Connect ID tokens, this field contains the value returned by the identity + // provider as the token's sub (Subject) claim. + SubjectFromWebIdentityToken string `xml:",omitempty"` +} + +// AssumeRoleWithWebIdentityResponse contains the result of successful AssumeRoleWithWebIdentity request. +type AssumeRoleWithWebIdentityResponse struct { + XMLName xml.Name `xml:"https://sts.amazonaws.com/doc/2011-06-15/ AssumeRoleWithWebIdentityResponse" json:"-"` + Result WebIdentityResult `xml:"AssumeRoleWithWebIdentityResult"` + ResponseMetadata struct { + RequestID string `xml:"RequestId,omitempty"` + } `xml:"ResponseMetadata,omitempty"` +} + +func configureSTSServer(c *Controller) *http.Server { + router := mux.NewRouter().SkipClean(true).UseEncodedPath() + + router.Methods(http.MethodPost). + Path(miniov2.STSEndpoint + "/{tenantNamespace}"). + HandlerFunc(c.AssumeRoleWithWebIdentityHandler) + + router.NotFoundHandler = http.NotFoundHandler() + + s := &http.Server{ + Addr: ":" + miniov2.STSDefaultPort, + Handler: router, + ReadTimeout: time.Minute, + WriteTimeout: time.Minute, + MaxHeaderBytes: 1 << 20, + } + + return s +} + +// writeSTSErrorRespone writes error headers +func writeSTSErrorResponse(ctx context.Context, w http.ResponseWriter, isErrCodeSTS bool, errCode STSErrorCode, errCtxt error) { + var err APIError + if isErrCodeSTS { + err = stsErrCodes.ToSTSErr(errCode) + } + + stsErrorResponse := STSErrorResponse{} + stsErrorResponse.Error.Code = err.Code + stsErrorResponse.RequestID = w.Header().Get(AmzRequestID) + stsErrorResponse.Error.Message = err.Description + if errCtxt != nil { + stsErrorResponse.Error.Message = errCtxt.Error() + } + switch errCode { + case ErrSTSInternalError, ErrSTSNotInitialized, ErrSTSUpstreamError: + klog.Errorf("Error:%s/%s, err:%s", err.Code, stsErrorResponse.RequestID, errCtxt) + } + encodedErrorResponse := xhttp.EncodeResponse(stsErrorResponse) + xhttp.WriteResponse(w, err.HTTPStatusCode, encodedErrorResponse, xhttp.MimeXML) +} + +func writeSuccessResponseXML(w http.ResponseWriter, response []byte) { + xhttp.WriteResponse(w, http.StatusOK, response, xhttp.MimeXML) +} + +func (e stsErrorCodeMap) ToSTSErr(errCode STSErrorCode) APIError { + apiErr, ok := e[errCode] + if !ok { + return e[ErrSTSInternalError] + } + return apiErr +} + +// AssumeRole invokes the AssumeRole method in the Minio Tenant +func AssumeRole(ctx context.Context, c *Controller, tenant *miniov2.Tenant, sessionPolicy string, duration int) (*credentials.Value, error) { + client, accessKey, secretKey, err := getTenantClient(ctx, c, tenant) + if err != nil { + return nil, err + } + + host := tenant.MinIOServerEndpoint() + if host == "" { + return nil, errors.New("MinIO server host is empty") + } + + stsOptions := credentials.STSAssumeRoleOptions{ + AccessKey: accessKey, + SecretKey: secretKey, + Policy: sessionPolicy, + DurationSeconds: duration, + } + + stsAssumeRole := &credentials.STSAssumeRole{ + Client: client, + STSEndpoint: host, + Options: stsOptions, + } + + stsCredentialsResponse, err := stsAssumeRole.Retrieve() + if err != nil { + return nil, err + } + return &stsCredentialsResponse, nil +} + +// getTenantClient returns an http client that can be used to connect with the tenant +func getTenantClient(ctx context.Context, c *Controller, tenant *miniov2.Tenant) (*http.Client, string, string, error) { + tenantConfiguration, err := c.getTenantCredentials(ctx, tenant) + transport := c.getTransport() + if err != nil { + return nil, "", "", err + } + + accessKey, ok := tenantConfiguration["accesskey"] + if !ok { + return nil, "", "", errors.New("MinIO server accesskey not set") + } + + secretKey, ok := tenantConfiguration["secretkey"] + if !ok { + return nil, "", "", errors.New("MinIO server secretkey not set") + } + + client := &http.Client{ + Transport: transport, + } + return client, string(accessKey), string(secretKey), nil +} + +// ValidateServiceAccountJWT Executes a call to TokenReview API to verify if the JWT Token received from the client +// is a valid Service Account JWT Token +func (c *Controller) ValidateServiceAccountJWT(ctx *context.Context, token string) (*authv1.TokenReview, error) { + tr := authv1.TokenReview{ + Spec: authv1.TokenReviewSpec{ + Token: token, + }, + } + + tokenReviewResult, err := c.kubeClientSet.AuthenticationV1().TokenReviews().Create(*ctx, &tr, metav1.CreateOptions{}) + if err != nil { + klog.Fatalf("Error building Kubernetes clientset: %s", err.Error()) + return nil, err + } + + return tokenReviewResult, nil +} + +// IsSTSEnabled Validates if the STS API is turned on, STS is disabled by default +// **WARNING** This will change and will be default to "on" in operator v5 +func IsSTSEnabled() bool { + value, set := os.LookupEnv(STSEnabled) + return (set && value == "on") +} + +// generateConsoleTLSCert Issues the Operator Console TLS Certificate +func (c *Controller) generateSTSTLSCert() (*string, *string) { + return c.generateTLSCert("sts", STSTLSSecretName, getOperatorDeploymentName()) +} + +// waitSTSTLSCert Waits for the Operator leader to issue the TLS Certificate for STS +func (c *Controller) waitSTSTLSCert() (*string, *string) { + return c.waitForCertSecretReady("sts", STSTLSSecretName) +} diff --git a/pkg/controller/cluster/tls.go b/pkg/controller/cluster/tls.go index 14f6e0e9050..708da947701 100644 --- a/pkg/controller/cluster/tls.go +++ b/pkg/controller/cluster/tls.go @@ -39,17 +39,43 @@ import ( "k8s.io/klog/v2" ) -// generateTLSCert Generic method to generate TLS Certificartes for different services -func (c *Controller) generateTLSCert(serviceName string, secretName string, deploymentName string) (*string, *string) { +// waitForCertSecretReady Function designed to run in a non-leader operator container to wait for the leader to issue a TLS certificate +func (c *Controller) waitForCertSecretReady(serviceName string, secretName string) (*string, *string) { ctx := context.Background() namespace := miniov2.GetNSFromFile() - csrName := getCSRName(serviceName) - // operator deployment for owner reference - operatorDeployment, err := c.kubeClientSet.AppsV1().Deployments(namespace).Get(ctx, deploymentName, metav1.GetOptions{}) - if err != nil { + var publicCertPath, publicKeyPath string + + for { + tlsCertSecret, err := c.getCertificateSecret(ctx, namespace, secretName) + if err != nil { + if k8serrors.IsNotFound(err) { + klog.Infof("Waiting for the %s certificates secret to be issued", serviceName) + time.Sleep(time.Second * 10) + } else { + klog.Infof(err.Error()) + } + } else { + publicCertPath, publicKeyPath = c.writeCertSecretToFile(tlsCertSecret, serviceName) + break + } + } + + // validate certificates if they are valid, if not panic right here. + if _, err := tls.LoadX509KeyPair(publicCertPath, publicKeyPath); err != nil { panic(err) } + return &publicCertPath, &publicKeyPath +} + +// getCertificateSecret gets a TLS Certificate secret +func (c *Controller) getCertificateSecret(ctx context.Context, namespace string, secretName string) (*corev1.Secret, error) { + return c.kubeClientSet.CoreV1().Secrets(namespace).Get(ctx, secretName, metav1.GetOptions{}) +} + +// writeCertSecretToFile receives a [corev1.Secret] and save it's contain to the filesystem. +// returns publicCertPath (filesystem path to the public certificate file), publicKeyPath, (filesystem path to the private key file) +func (c *Controller) writeCertSecretToFile(tlsCertSecret *corev1.Secret, serviceName string) (string, string) { mkdirerr := os.MkdirAll(fmt.Sprintf("/tmp/%s", serviceName), 0o777) if mkdirerr != nil { panic(mkdirerr) @@ -57,13 +83,47 @@ func (c *Controller) generateTLSCert(serviceName string, secretName string, depl publicCertPath := fmt.Sprintf("/tmp/%s/public.crt", serviceName) publicKeyPath := fmt.Sprintf("/tmp/%s/private.key", serviceName) + publicCertKey, privateKeyKey := c.getKeyNames(tlsCertSecret) + + if val, ok := tlsCertSecret.Data[publicCertKey]; ok { + err := os.WriteFile(publicCertPath, val, 0o644) + if err != nil { + panic(err) + } + } else { + panic(fmt.Errorf("missing '%s' in %s/%s", publicCertKey, tlsCertSecret.Namespace, tlsCertSecret.Name)) + } + if val, ok := tlsCertSecret.Data[privateKeyKey]; ok { + err := os.WriteFile(publicKeyPath, val, 0o644) + if err != nil { + panic(err) + } + } else { + panic(fmt.Errorf("missing '%s' in %s/%s", privateKeyKey, tlsCertSecret.Namespace, tlsCertSecret.Name)) + } + return publicCertPath, publicKeyPath +} + +// generateTLSCert Generic method to generate TLS Certificartes for different services +func (c *Controller) generateTLSCert(serviceName string, secretName string, deploymentName string) (*string, *string) { + ctx := context.Background() + namespace := miniov2.GetNSFromFile() + csrName := getCSRName(serviceName) + var publicCertPath, publicKeyPath string + // operator deployment for owner reference + operatorDeployment, err := c.kubeClientSet.AppsV1().Deployments(namespace).Get(ctx, deploymentName, metav1.GetOptions{}) + if err != nil { + panic(err) + } for { // TLS certificates - tlsCertSecret, err := c.kubeClientSet.CoreV1().Secrets(namespace).Get(ctx, secretName, metav1.GetOptions{}) + tlsCertSecret, err := c.getCertificateSecret(ctx, namespace, secretName) if err != nil { if k8serrors.IsNotFound(err) { - klog.Infof("%s TLS secret not found: %v", serviceName, err) + if k8serrors.IsNotFound(err) { + klog.Infof("%s TLS secret not found: %v", secretName, err) + } if err = c.checkAndCreateCSR(ctx, operatorDeployment, serviceName, csrName, secretName); err != nil { klog.Infof("Waiting for the %s certificates to be issued %v", serviceName, err.Error()) time.Sleep(time.Second * 10) @@ -75,23 +135,7 @@ func (c *Controller) generateTLSCert(serviceName string, secretName string, depl } } } else { - publicCertKey, privateKeyKey := c.getKeyNames(tlsCertSecret) - if val, ok := tlsCertSecret.Data[publicCertKey]; ok { - err := os.WriteFile(publicCertPath, val, 0o644) - if err != nil { - panic(err) - } - } else { - panic(fmt.Errorf("missing '%s' in %s/%s", publicCertKey, tlsCertSecret.Namespace, tlsCertSecret.Name)) - } - if val, ok := tlsCertSecret.Data[privateKeyKey]; ok { - err := os.WriteFile(publicKeyPath, val, 0o644) - if err != nil { - panic(err) - } - } else { - panic(fmt.Errorf("missing '%s' in %s/%s", publicCertKey, tlsCertSecret.Namespace, tlsCertSecret.Name)) - } + publicCertPath, publicKeyPath = c.writeCertSecretToFile(tlsCertSecret, serviceName) break } } diff --git a/pkg/internal/http.go b/pkg/internal/http.go new file mode 100644 index 00000000000..3b4b3513d0e --- /dev/null +++ b/pkg/internal/http.go @@ -0,0 +1,182 @@ +package http + +import ( + "bytes" + "encoding/xml" + "fmt" + "net" + "net/http" + "net/url" + "path" + "regexp" + "strconv" + "strings" + + "k8s.io/klog/v2" +) + +var ( + // De-facto standard header keys. + xForwardedFor = http.CanonicalHeaderKey("X-Forwarded-For") + xRealIP = http.CanonicalHeaderKey("X-Real-IP") + // RFC7239 defines a new "Forwarded: " header designed to replace the + // existing use of X-Forwarded-* headers. + // e.g. Forwarded: for=192.0.2.60;proto=https;by=203.0.113.43 + forwarded = http.CanonicalHeaderKey("Forwarded") + // Allows for a sub-match of the first value after 'for=' to the next + // comma, semi-colon or space. The match is case-insensitive. + forRegex = regexp.MustCompile(`(?i)(?:for=)([^(;|,| )]+)(.*)`) +) + +// Standard S3 HTTP response constants +const ( + LastModified = "Last-Modified" + Date = "Date" + ETag = "ETag" + ContentType = "Content-Type" + ContentMD5 = "Content-Md5" + ContentEncoding = "Content-Encoding" + Expires = "Expires" + ContentLength = "Content-Length" + ContentLanguage = "Content-Language" + ContentRange = "Content-Range" + Connection = "Connection" + AcceptRanges = "Accept-Ranges" + AmzBucketRegion = "X-Amz-Bucket-Region" + ServerInfo = "Server" + RetryAfter = "Retry-After" + Location = "Location" + CacheControl = "Cache-Control" + ContentDisposition = "Content-Disposition" + Authorization = "Authorization" + Action = "Action" + Range = "Range" +) + +// mimeType represents various MIME type used API responses. +type mimeType string + +const ( + // MimeNone Means no response type. + MimeNone mimeType = "" + // MimeJSON Means response type is JSON. + MimeJSON mimeType = "application/json" + // MimeXML Means response type is XML. + MimeXML mimeType = "application/xml" +) + +// UnescapeQueryPath URL unencode the path +func UnescapeQueryPath(ep string) (string, error) { + ep, err := url.QueryUnescape(ep) + if err != nil { + return "", err + } + return TrimLeadingSlash(ep), nil +} + +// TrimLeadingSlash Cleans and ensure there is a leading slash path in the URL +func TrimLeadingSlash(ep string) string { + if len(ep) > 0 && ep[0] == '/' { + // Path ends with '/' preserve it + if ep[len(ep)-1] == '/' && len(ep) > 1 { + ep = path.Clean(ep) + ep += "/" + } else { + ep = path.Clean(ep) + } + ep = ep[1:] + } + return ep +} + +// GetSourceIPFromHeaders retrieves the IP from the X-Forwarded-For, X-Real-IP +// and RFC7239 Forwarded headers (in that order) +func GetSourceIPFromHeaders(r *http.Request) string { + var addr string + + if fwd := r.Header.Get(xForwardedFor); fwd != "" { + // Only grab the first (client) address. Note that '192.168.0.1, + // 10.1.1.1' is a valid key for X-Forwarded-For where addresses after + // the first may represent forwarding proxies earlier in the chain. + s := strings.Index(fwd, ", ") + if s == -1 { + s = len(fwd) + } + addr = fwd[:s] + } else if fwd := r.Header.Get(xRealIP); fwd != "" { + // X-Real-IP should only contain one IP address (the client making the + // request). + addr = fwd + } else if fwd := r.Header.Get(forwarded); fwd != "" { + // match should contain at least two elements if the protocol was + // specified in the Forwarded header. The first element will always be + // the 'for=' capture, which we ignore. In the case of multiple IP + // addresses (for=8.8.8.8, 8.8.4.4, 172.16.1.20 is valid) we only + // extract the first, which should be the client IP. + if match := forRegex.FindStringSubmatch(fwd); len(match) > 1 { + // IPv6 addresses in Forwarded headers are quoted-strings. We strip + // these quotes. + addr = strings.Trim(match[1], `"`) + } + } + + if addr != "" { + return addr + } + // Default to remote address if headers not set. + addr, _, _ = net.SplitHostPort(r.RemoteAddr) + if strings.ContainsRune(addr, ':') { + return "[" + addr + "]" + } + return addr +} + +// EncodeResponse Encodes the response headers into XML format. +func EncodeResponse(response interface{}) []byte { + var bytesBuffer bytes.Buffer + bytesBuffer.WriteString(xml.Header) + e := xml.NewEncoder(&bytesBuffer) + e.Encode(response) + return bytesBuffer.Bytes() +} + +// ParseForm Parses form fields +func ParseForm(r *http.Request) error { + if err := r.ParseForm(); err != nil { + return err + } + for k, v := range r.PostForm { + if _, ok := r.Form[k]; !ok { + r.Form[k] = v + } + } + return nil +} + +// WriteResponse writes ressponse to http.ResponseWriter +func WriteResponse(w http.ResponseWriter, statusCode int, response []byte, mType mimeType) { + if statusCode == 0 { + statusCode = 200 + } + // Similar check to http.checkWriteHeaderCode + if statusCode < 100 || statusCode > 999 { + klog.Errorf(fmt.Sprintf("invalid WriteHeader code %v", statusCode)) + statusCode = http.StatusInternalServerError + } + SetCommonHeaders(w) + if mType != MimeNone { + w.Header().Set(ContentType, string(mType)) + } + w.Header().Set(ContentLength, strconv.Itoa(len(response))) + w.WriteHeader(statusCode) + if response != nil { + w.Write(response) + } +} + +// SetCommonHeaders writes http common headers +func SetCommonHeaders(w http.ResponseWriter) { + // Set the "Server" http header. + w.Header().Set(ServerInfo, "MinIO") + w.Header().Set(AcceptRanges, "bytes") +} diff --git a/pkg/resources/statefulsets/minio-statefulset.go b/pkg/resources/statefulsets/minio-statefulset.go index 2d91a44f20d..454bb4c6a66 100644 --- a/pkg/resources/statefulsets/minio-statefulset.go +++ b/pkg/resources/statefulsets/minio-statefulset.go @@ -141,7 +141,14 @@ func minioEnvironmentVars(t *miniov2.Tenant, skipEnvVars map[string][]byte, opVe // provided we will use the first domain. serverURL := t.MinIOServerEndpoint() if t.HasMinIODomains() { - serverURL = t.Spec.Features.Domains.Minio[0] + // Infer schema from tenant TLS, if not explicit + if !strings.HasPrefix(t.Spec.Features.Domains.Minio[0], "http") { + useSchema := "http" + if t.TLS() { + useSchema = "https" + } + serverURL = fmt.Sprintf("%s://%s", useSchema, t.Spec.Features.Domains.Minio[0]) + } } envVarsMap[miniov2.MinIOServerURL] = corev1.EnvVar{ Name: miniov2.MinIOServerURL, @@ -151,12 +158,13 @@ func minioEnvironmentVars(t *miniov2.Tenant, skipEnvVars map[string][]byte, opVe // Set the redirect url for console if t.HasConsoleDomains() { consoleDomain := t.Spec.Features.Domains.Console + // Infer schema from tenant TLS, if not explicit if !strings.HasPrefix(consoleDomain, "http") { useSchema := "http" if t.TLS() { useSchema = "https" } - consoleDomain = fmt.Sprintf("%s://%s", useSchema, t.Spec.Features.Domains.Console) + consoleDomain = fmt.Sprintf("%s://%s", useSchema, consoleDomain) } envVarsMap[miniov2.MinIOBrowserRedirectURL] = corev1.EnvVar{ Name: miniov2.MinIOBrowserRedirectURL, diff --git a/release.sh b/release.sh index e16a5facf53..1cd6ac9bcde 100755 --- a/release.sh +++ b/release.sh @@ -15,7 +15,7 @@ CONSOLE_RELEASE="${CONSOLE_RELEASE:1}" # Figure out the FROM console release we are updating from CONSOLE_CURRENT_RELEASE=$(grep -Eo 'minio\/console:v([0-9]?[0-9].[0-9]?[0-9].[0-9]?[0-9])' resources/base/console-ui.yaml | grep -Eo '([0-9]?[0-9].[0-9]?[0-9].[0-9]?[0-9])') -files=("docs/crd.adoc" "docs/templates/asciidoctor/gv_list.tpl" "examples/kustomization/base/tenant.yaml" "helm/operator/Chart.yaml" "helm/operator/values.yaml" "helm/tenant/Chart.yaml" "helm/tenant/values.yaml" "kubectl-minio/README.md" "kubectl-minio/cmd/helpers/constants.go" "kubectl-minio/cmd/tenant-upgrade.go" "pkg/apis/minio.min.io/v2/constants.go" "resources/base/deployment.yaml" "update-operator-krew.py" "resources/base/console-ui.yaml") +files=("docs/tenat_crd.adoc" "docs/policybinding_crd.adoc" "docs/templates/asciidoctor/gv_list.tpl" "examples/kustomization/base/tenant.yaml" "helm/operator/Chart.yaml" "helm/operator/values.yaml" "helm/tenant/Chart.yaml" "helm/tenant/values.yaml" "kubectl-minio/README.md" "kubectl-minio/cmd/helpers/constants.go" "kubectl-minio/cmd/tenant-upgrade.go" "pkg/apis/minio.min.io/v2/constants.go" "resources/base/deployment.yaml" "update-operator-krew.py" "resources/base/console-ui.yaml") CURRENT_RELEASE=$(get_latest_release minio/operator) CURRENT_RELEASE="${CURRENT_RELEASE:1}" diff --git a/resources/base/cluster-role.yaml b/resources/base/cluster-role.yaml index f90749e7ea3..d949eea5253 100644 --- a/resources/base/cluster-role.yaml +++ b/resources/base/cluster-role.yaml @@ -105,8 +105,15 @@ rules: verbs: - approve - sign + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create - apiGroups: - minio.min.io + - sts.min.io resources: - "*" verbs: diff --git a/resources/base/crds/kustomization.yaml b/resources/base/crds/kustomization.yaml new file mode 100644 index 00000000000..b6d76d97a9a --- /dev/null +++ b/resources/base/crds/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + + +resources: + - policybinding/ + - tenant/ \ No newline at end of file diff --git a/resources/base/crds/policybinding/crd-conversion.yaml b/resources/base/crds/policybinding/crd-conversion.yaml new file mode 100644 index 00000000000..0e0b339eede --- /dev/null +++ b/resources/base/crds/policybinding/crd-conversion.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/managed-by: Helm + annotations: + meta.helm.sh/release-namespace: minio-operator + meta.helm.sh/release-name: minio-operator + name: policybindings.sts.min.io + namespace: minio-operator \ No newline at end of file diff --git a/resources/base/crds/policybinding/kustomization.yaml b/resources/base/crds/policybinding/kustomization.yaml new file mode 100644 index 00000000000..e6cba87898f --- /dev/null +++ b/resources/base/crds/policybinding/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - sts.min.io_policybindings.yaml + +patchesStrategicMerge: + - crd-conversion.yaml diff --git a/resources/base/crds/policybinding/sts.min.io_policybindings.yaml b/resources/base/crds/policybinding/sts.min.io_policybindings.yaml new file mode 100644 index 00000000000..862581c470d --- /dev/null +++ b/resources/base/crds/policybinding/sts.min.io_policybindings.yaml @@ -0,0 +1,78 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + meta.helm.sh/release-name: minio-operator + meta.helm.sh/release-namespace: minio-operator + labels: + app.kubernetes.io/managed-by: Helm + name: policybindings.sts.min.io +spec: + group: sts.min.io + names: + kind: PolicyBinding + listKind: PolicyBindingList + plural: policybindings + shortNames: + - policybinding + singular: policybinding + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.currentState + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + application: + properties: + namespace: + type: string + serviceaccount: + type: string + required: + - namespace + - serviceaccount + type: object + policies: + items: + type: string + type: array + required: + - application + - policies + type: object + status: + properties: + currentState: + type: string + usage: + nullable: true + properties: + authotizations: + format: int64 + type: integer + type: object + required: + - currentState + - usage + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/resources/patch-crd/crd-conversion.yaml b/resources/base/crds/tenant/crd-conversion.yaml similarity index 100% rename from resources/patch-crd/crd-conversion.yaml rename to resources/base/crds/tenant/crd-conversion.yaml diff --git a/resources/patch-crd/kustomization.yaml b/resources/base/crds/tenant/kustomization.yaml similarity index 80% rename from resources/patch-crd/kustomization.yaml rename to resources/base/crds/tenant/kustomization.yaml index 91e512419d0..67448448c0d 100644 --- a/resources/patch-crd/kustomization.yaml +++ b/resources/base/crds/tenant/kustomization.yaml @@ -1,9 +1,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization - resources: - - ../base + - minio.min.io_tenants.yaml patchesStrategicMerge: - crd-conversion.yaml diff --git a/resources/base/crds/minio.min.io_tenants.yaml b/resources/base/crds/tenant/minio.min.io_tenants.yaml similarity index 100% rename from resources/base/crds/minio.min.io_tenants.yaml rename to resources/base/crds/tenant/minio.min.io_tenants.yaml diff --git a/resources/base/deployment.yaml b/resources/base/deployment.yaml index de5256b0bf8..bbef3fe808a 100644 --- a/resources/base/deployment.yaml +++ b/resources/base/deployment.yaml @@ -35,6 +35,8 @@ spec: env: - name: MINIO_CONSOLE_TLS_ENABLE value: "off" + - name: OPERATOR_STS_ENABLED + value: "off" affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: diff --git a/resources/base/kustomization.yaml b/resources/base/kustomization.yaml index 9cba433c140..a3a265ff81b 100644 --- a/resources/base/kustomization.yaml +++ b/resources/base/kustomization.yaml @@ -3,4 +3,4 @@ kind: Kustomization resources: - - crds/minio.min.io_tenants.yaml + - crds/ \ No newline at end of file diff --git a/resources/base/service.yaml b/resources/base/service.yaml index 22d9809594f..d85af78c691 100644 --- a/resources/base/service.yaml +++ b/resources/base/service.yaml @@ -20,3 +20,21 @@ spec: selector: name: minio-operator operator: leader +--- +apiVersion: v1 +kind: Service +metadata: + name: sts # Please do not change this value + labels: + name: minio-operator + namespace: minio-operator + annotations: + service.alpha.openshift.io/serving-cert-secret-name: operator-tls # To solve "remote error: tls: bad certificate" +spec: + type: ClusterIP + ports: + - port: 4223 + targetPort: 4223 + name: https + selector: + name: minio-operator diff --git a/resources/kustomization.yaml b/resources/kustomization.yaml index 38869891dac..90393217b6d 100644 --- a/resources/kustomization.yaml +++ b/resources/kustomization.yaml @@ -11,7 +11,8 @@ resources: - base/service-account.yaml - base/cluster-role.yaml - base/cluster-role-binding.yaml - - base/crds/minio.min.io_tenants.yaml + - base/crds/tenant/minio.min.io_tenants.yaml + - base/crds/policybinding/sts.min.io_policybindings.yaml - base/service.yaml - base/deployment.yaml - base/console-ui.yaml diff --git a/resources/templates/olm-template.yaml b/resources/templates/olm-template.yaml index 6d8f37fc5cb..61a0d0f1fb2 100644 --- a/resources/templates/olm-template.yaml +++ b/resources/templates/olm-template.yaml @@ -19,6 +19,9 @@ spec: - kind: Tenant name: tenants.minio.min.io version: v2 + - kind: PolicyBinding + name: policybindings.sts.min.io + version: v1beta1 keywords: - S3 - MinIO From c2409bb370bfa562add07647cf3e44c6723f7e7e Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Wed, 8 Feb 2023 11:59:14 -0800 Subject: [PATCH 02/47] fix conflicts --- Makefile | 6 +-- .../templates/minio.min.io_tenants.yaml | 2 +- .../templates/sts.min.io_policybindings.yaml | 6 +-- kustomization.yaml | 2 +- .../minio.min.io/v2/zz_generated.deepcopy.go | 44 +++++++++---------- pkg/client/clientset/versioned/clientset.go | 7 ++- pkg/controller/cluster/sts.go | 2 - resources/base/crds/kustomization.yaml | 6 +-- .../{tenant => }/minio.min.io_tenants.yaml | 2 +- .../crds/policybinding/crd-conversion.yaml | 11 ----- .../crds/policybinding/kustomization.yaml | 8 ---- .../sts.min.io_policybindings.yaml | 6 +-- resources/kustomization.yaml | 3 +- 13 files changed, 40 insertions(+), 65 deletions(-) rename resources/base/crds/{tenant => }/minio.min.io_tenants.yaml (99%) delete mode 100644 resources/base/crds/policybinding/crd-conversion.yaml delete mode 100644 resources/base/crds/policybinding/kustomization.yaml rename resources/base/crds/{policybinding => }/sts.min.io_policybindings.yaml (92%) diff --git a/Makefile b/Makefile index 4cef378c1a8..81c2fd41726 100644 --- a/Makefile +++ b/Makefile @@ -66,10 +66,8 @@ clean: regen-crd: @go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.11.1 @${GOPATH}/bin/controller-gen crd:maxDescLen=0,generateEmbeddedObjectMeta=true paths="./..." output:crd:artifacts:config=$(KUSTOMIZE_CRDS) - @mv $(KUSTOMIZE_CRDS)/minio.min.io_tenants.yaml $(KUSTOMIZE_CRDS)/tenant - @mv $(KUSTOMIZE_CRDS)/sts.min.io_policybindings.yaml $(KUSTOMIZE_CRDS)/policybinding - @sed 's#namespace: minio-operator#namespace: {{ .Release.Namespace }}#g' resources/base/crds/tenant/minio.min.io_tenants.yaml > $(HELM_TEMPLATES)/minio.min.io_tenants.yaml - @sed 's#namespace: minio-operator#namespace: {{ .Release.Namespace }}#g' resources/base/crds/policybinding/sts.min.io_policybindings.yaml > $(HELM_TEMPLATES)/sts.min.io_policybindings.yaml + @sed 's#namespace: minio-operator#namespace: {{ .Release.Namespace }}#g' resources/base/crds/minio.min.io_tenants.yaml > $(HELM_TEMPLATES)/minio.min.io_tenants.yaml + @sed 's#namespace: minio-operator#namespace: {{ .Release.Namespace }}#g' resources/base/crds/sts.min.io_policybindings.yaml > $(HELM_TEMPLATES)/sts.min.io_policybindings.yaml regen-crd-docs: @which crd-ref-docs 1>/dev/null || (echo "Installing crd-ref-docs" && GO111MODULE=on go install -v github.com/elastic/crd-ref-docs@latest) diff --git a/helm/operator/templates/minio.min.io_tenants.yaml b/helm/operator/templates/minio.min.io_tenants.yaml index af4c11bcca1..247c58ac674 100644 --- a/helm/operator/templates/minio.min.io_tenants.yaml +++ b/helm/operator/templates/minio.min.io_tenants.yaml @@ -5504,4 +5504,4 @@ spec: served: true storage: true subresources: - status: {} \ No newline at end of file + status: {} diff --git a/helm/operator/templates/sts.min.io_policybindings.yaml b/helm/operator/templates/sts.min.io_policybindings.yaml index df95ef38080..0f78899ae35 100644 --- a/helm/operator/templates/sts.min.io_policybindings.yaml +++ b/helm/operator/templates/sts.min.io_policybindings.yaml @@ -1,12 +1,10 @@ +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.11.1 - meta.helm.sh/release-name: minio-operator - meta.helm.sh/release-namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/managed-by: Helm + creationTimestamp: null name: policybindings.sts.min.io spec: group: sts.min.io diff --git a/kustomization.yaml b/kustomization.yaml index 5d6c4a3b481..dbaaf8f8a94 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -11,7 +11,7 @@ resources: - resources/base/service-account.yaml - resources/base/cluster-role.yaml - resources/base/cluster-role-binding.yaml - - resources/base/crds + - resources/base/crds/ - resources/base/service.yaml - resources/base/deployment.yaml - resources/base/console-ui.yaml diff --git a/pkg/apis/minio.min.io/v2/zz_generated.deepcopy.go b/pkg/apis/minio.min.io/v2/zz_generated.deepcopy.go index 0bcdb1b5372..c5b6e7af966 100644 --- a/pkg/apis/minio.min.io/v2/zz_generated.deepcopy.go +++ b/pkg/apis/minio.min.io/v2/zz_generated.deepcopy.go @@ -115,6 +115,27 @@ func (in *CertificateStatus) DeepCopy() *CertificateStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CustomCertificateConfig) DeepCopyInto(out *CustomCertificateConfig) { + *out = *in + if in.Domains != nil { + in, out := &in.Domains, &out.Domains + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomCertificateConfig. +func (in *CustomCertificateConfig) DeepCopy() *CustomCertificateConfig { + if in == nil { + return nil + } + out := new(CustomCertificateConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CustomCertificates) DeepCopyInto(out *CustomCertificates) { *out = *in @@ -154,7 +175,7 @@ func (in *CustomCertificates) DeepCopyInto(out *CustomCertificates) { return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomCertificate. +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomCertificates. func (in *CustomCertificates) DeepCopy() *CustomCertificates { if in == nil { return nil @@ -164,27 +185,6 @@ func (in *CustomCertificates) DeepCopy() *CustomCertificates { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CustomCertificateConfig) DeepCopyInto(out *CustomCertificateConfig) { - *out = *in - if in.Domains != nil { - in, out := &in.Domains, &out.Domains - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomCertificateConfig. -func (in *CustomCertificateConfig) DeepCopy() *CustomCertificateConfig { - if in == nil { - return nil - } - out := new(CustomCertificateConfig) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ExposeServices) DeepCopyInto(out *ExposeServices) { *out = *in diff --git a/pkg/client/clientset/versioned/clientset.go b/pkg/client/clientset/versioned/clientset.go index 9dda91fb709..3a3c4b5864c 100644 --- a/pkg/client/clientset/versioned/clientset.go +++ b/pkg/client/clientset/versioned/clientset.go @@ -39,7 +39,8 @@ type Interface interface { // version included in a Clientset. type Clientset struct { *discovery.DiscoveryClient - minioV2 *miniov2.MinioV2Client + minioV2 *miniov2.MinioV2Client + stsV1beta1 *stsv1beta1.StsV1beta1Client } // MinioV2 retrieves the MinioV2Client @@ -100,6 +101,10 @@ func NewForConfigAndClient(c *rest.Config, httpClient *http.Client) (*Clientset, if err != nil { return nil, err } + cs.stsV1beta1, err = stsv1beta1.NewForConfigAndClient(&configShallowCopy, httpClient) + if err != nil { + return nil, err + } cs.DiscoveryClient, err = discovery.NewDiscoveryClientForConfigAndClient(&configShallowCopy, httpClient) if err != nil { diff --git a/pkg/controller/cluster/sts.go b/pkg/controller/cluster/sts.go index e06a302a578..c526c7fd3d8 100644 --- a/pkg/controller/cluster/sts.go +++ b/pkg/controller/cluster/sts.go @@ -41,8 +41,6 @@ const ( type contextKeyType string -//go:generate stringer -type=STSErrorCode -trimprefix=Err $GOFILE - // Error codes, non exhaustive list - http://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithSAML.html const ( ErrSTSNone STSErrorCode = iota diff --git a/resources/base/crds/kustomization.yaml b/resources/base/crds/kustomization.yaml index b6d76d97a9a..8d240e41c29 100644 --- a/resources/base/crds/kustomization.yaml +++ b/resources/base/crds/kustomization.yaml @@ -1,7 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization - - resources: - - policybinding/ - - tenant/ \ No newline at end of file + - minio.min.io_tenants.yaml + - sts.min.io_policybindings.yaml \ No newline at end of file diff --git a/resources/base/crds/tenant/minio.min.io_tenants.yaml b/resources/base/crds/minio.min.io_tenants.yaml similarity index 99% rename from resources/base/crds/tenant/minio.min.io_tenants.yaml rename to resources/base/crds/minio.min.io_tenants.yaml index af4c11bcca1..247c58ac674 100644 --- a/resources/base/crds/tenant/minio.min.io_tenants.yaml +++ b/resources/base/crds/minio.min.io_tenants.yaml @@ -5504,4 +5504,4 @@ spec: served: true storage: true subresources: - status: {} \ No newline at end of file + status: {} diff --git a/resources/base/crds/policybinding/crd-conversion.yaml b/resources/base/crds/policybinding/crd-conversion.yaml deleted file mode 100644 index 0e0b339eede..00000000000 --- a/resources/base/crds/policybinding/crd-conversion.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - app.kubernetes.io/managed-by: Helm - annotations: - meta.helm.sh/release-namespace: minio-operator - meta.helm.sh/release-name: minio-operator - name: policybindings.sts.min.io - namespace: minio-operator \ No newline at end of file diff --git a/resources/base/crds/policybinding/kustomization.yaml b/resources/base/crds/policybinding/kustomization.yaml deleted file mode 100644 index e6cba87898f..00000000000 --- a/resources/base/crds/policybinding/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: - - sts.min.io_policybindings.yaml - -patchesStrategicMerge: - - crd-conversion.yaml diff --git a/resources/base/crds/policybinding/sts.min.io_policybindings.yaml b/resources/base/crds/sts.min.io_policybindings.yaml similarity index 92% rename from resources/base/crds/policybinding/sts.min.io_policybindings.yaml rename to resources/base/crds/sts.min.io_policybindings.yaml index 862581c470d..0f78899ae35 100644 --- a/resources/base/crds/policybinding/sts.min.io_policybindings.yaml +++ b/resources/base/crds/sts.min.io_policybindings.yaml @@ -1,12 +1,10 @@ +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.11.1 - meta.helm.sh/release-name: minio-operator - meta.helm.sh/release-namespace: minio-operator - labels: - app.kubernetes.io/managed-by: Helm + creationTimestamp: null name: policybindings.sts.min.io spec: group: sts.min.io diff --git a/resources/kustomization.yaml b/resources/kustomization.yaml index 90393217b6d..9ddaa92a528 100644 --- a/resources/kustomization.yaml +++ b/resources/kustomization.yaml @@ -11,8 +11,7 @@ resources: - base/service-account.yaml - base/cluster-role.yaml - base/cluster-role-binding.yaml - - base/crds/tenant/minio.min.io_tenants.yaml - - base/crds/policybinding/sts.min.io_policybindings.yaml + - base/crds/ - base/service.yaml - base/deployment.yaml - base/console-ui.yaml From b0dd7146c315550f133e25b5e649eb76081f8a9a Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Thu, 9 Feb 2023 17:31:51 -0800 Subject: [PATCH 03/47] WIP operator tls example client --- .../tenant-PolicyBinding/client/Dockerfile | 14 ++++++ .../tenant-PolicyBinding/client/go.mod | 23 +++++++++ .../tenant-PolicyBinding/client/go.sum | 48 +++++++++++++++++++ .../tenant-PolicyBinding/client/main.go | 46 ++++++++++++++++++ .../tenant-PolicyBinding/client/start.sh | 7 +++ .../tenant-PolicyBinding/kustomization.yaml | 8 +--- .../policy-binded-client.yaml | 31 ++++++++---- .../tenant-PolicyBinding/setup-bucket.yaml | 2 +- .../tenant-PolicyBinding/tenantNamePatch.yaml | 3 -- 9 files changed, 161 insertions(+), 21 deletions(-) create mode 100644 examples/kustomization/tenant-PolicyBinding/client/Dockerfile create mode 100644 examples/kustomization/tenant-PolicyBinding/client/go.mod create mode 100644 examples/kustomization/tenant-PolicyBinding/client/go.sum create mode 100644 examples/kustomization/tenant-PolicyBinding/client/main.go create mode 100644 examples/kustomization/tenant-PolicyBinding/client/start.sh delete mode 100644 examples/kustomization/tenant-PolicyBinding/tenantNamePatch.yaml diff --git a/examples/kustomization/tenant-PolicyBinding/client/Dockerfile b/examples/kustomization/tenant-PolicyBinding/client/Dockerfile new file mode 100644 index 00000000000..95b5614da07 --- /dev/null +++ b/examples/kustomization/tenant-PolicyBinding/client/Dockerfile @@ -0,0 +1,14 @@ + +FROM ubuntu:latest + +RUN mkdir /app +WORKDIR /app +COPY client /app/ +COPY start.sh /app/ +RUN chmod +x /app/start.sh + +RUN \ + apt-get update && \ + apt-get install -y curl ca-certificates golang-go + +CMD ["./app/start.sh"] diff --git a/examples/kustomization/tenant-PolicyBinding/client/go.mod b/examples/kustomization/tenant-PolicyBinding/client/go.mod new file mode 100644 index 00000000000..ffbd42e8909 --- /dev/null +++ b/examples/kustomization/tenant-PolicyBinding/client/go.mod @@ -0,0 +1,23 @@ +module min.io/operator-sts-example + +go 1.18 + +require ( + github.com/dustin/go-humanize v1.0.0 // indirect + github.com/google/uuid v1.3.0 // indirect + github.com/json-iterator/go v1.1.12 // indirect + github.com/klauspost/compress v1.15.9 // indirect + github.com/klauspost/cpuid/v2 v2.1.0 // indirect + github.com/minio/md5-simd v1.1.2 // indirect + github.com/minio/minio-go/v7 v7.0.33 // indirect + github.com/minio/sha256-simd v1.0.0 // indirect + github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect + github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/rs/xid v1.4.0 // indirect + github.com/sirupsen/logrus v1.9.0 // indirect + golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa // indirect + golang.org/x/net v0.0.0-20220722155237-a158d28d115b // indirect + golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect + golang.org/x/text v0.3.7 // indirect + gopkg.in/ini.v1 v1.66.6 // indirect +) diff --git a/examples/kustomization/tenant-PolicyBinding/client/go.sum b/examples/kustomization/tenant-PolicyBinding/client/go.sum new file mode 100644 index 00000000000..f29f06041c8 --- /dev/null +++ b/examples/kustomization/tenant-PolicyBinding/client/go.sum @@ -0,0 +1,48 @@ +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo= +github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= +github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= +github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= +github.com/klauspost/compress v1.15.9 h1:wKRjX6JRtDdrE9qwa4b/Cip7ACOshUI4smpCQanqjSY= +github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU= +github.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= +github.com/klauspost/cpuid/v2 v2.0.4/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= +github.com/klauspost/cpuid/v2 v2.1.0 h1:eyi1Ad2aNJMW95zcSbmGg7Cg6cq3ADwLpMAP96d8rF0= +github.com/klauspost/cpuid/v2 v2.1.0/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= +github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34= +github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM= +github.com/minio/minio-go/v7 v7.0.33 h1:jLEHTp9jg2zWBa5w9W1i8WXq6o+oGRcjsdk9HbFgdlc= +github.com/minio/minio-go/v7 v7.0.33/go.mod h1:nCrRzjoSUQh8hgKKtu3Y708OLvRLtuASMg2/nvmbarw= +github.com/minio/sha256-simd v1.0.0 h1:v1ta+49hkWZyvaKwrQB8elexRqm6Y0aMLjCNsrYxo6g= +github.com/minio/sha256-simd v1.0.0/go.mod h1:OuYzVNI5vcoYIAmbIvHPl3N3jUzVedXbKy5RFepssQM= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= +github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/rs/xid v1.4.0 h1:qd7wPTDkN6KQx2VmMBLrpHkiyQwgFXRnkOLacUiaSNY= +github.com/rs/xid v1.4.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= +github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0= +github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa h1:zuSxTR4o9y82ebqCUJYNGJbGPo6sKVl54f/TVDObg1c= +golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b h1:PxfKdU9lEEDYjdIzOtC4qFWgkU2rGHdKlKowJSMN9h0= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f h1:v4INt8xihDGvnrfjMDVXGxw9wrfxYyCjk0KbXjhR55s= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/ini.v1 v1.66.6 h1:LATuAqN/shcYAOkv3wl2L4rkaKqkcgTBQjOyYDvcPKI= +gopkg.in/ini.v1 v1.66.6/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/examples/kustomization/tenant-PolicyBinding/client/main.go b/examples/kustomization/tenant-PolicyBinding/client/main.go new file mode 100644 index 00000000000..c0bef5eca57 --- /dev/null +++ b/examples/kustomization/tenant-PolicyBinding/client/main.go @@ -0,0 +1,46 @@ +package main + +import ( + "context" + "fmt" + + "github.com/minio/minio-go/v7" + "github.com/minio/minio-go/v7/pkg/credentials" +) + +func main() { + endpoint := "minio.minio-tenant-1.svc.cluster" + operatorEndpoint := "http://sts.minio-operator.svc.cluster.local:4222/sts/" + useSSL := true + + sts, err := credentials.NewSTSWebIdentity(operatorEndpoint, getWebTokenExpiry) + if err != nil { + fmt.Println(fmt.Errorf("Could not get STS credentials: %s", err)) + return + } + + minioClient, err := minio.New(endpoint, &minio.Options{ + Creds: sts, + Secure: useSSL, + }) + + if err != nil { + fmt.Println(err) + return + } + + opts := minio.ListObjectsOptions{ + UseV1: true, + Prefix: "/", + Recursive: true, + } + + for object := range minioClient.ListObjects(context.Background(), "test-bucket", opts) { + if object.Err != nil { + fmt.Println(object.Err) + return + } + fmt.Println(object) + } + return +} diff --git a/examples/kustomization/tenant-PolicyBinding/client/start.sh b/examples/kustomization/tenant-PolicyBinding/client/start.sh new file mode 100644 index 00000000000..5a9678f3184 --- /dev/null +++ b/examples/kustomization/tenant-PolicyBinding/client/start.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +cp /var/run/secrets/kubernetes.io/serviceaccount/ca.crt /usr/local/share/ca-certificates/minio-ca.pem +chmod 644 /usr/local/share/ca-certificates/minio-ca.pem +#chmod 644 /usr/local/share/ca-certificates/minio-ca.pem +update-ca-certificates +/app/client \ No newline at end of file diff --git a/examples/kustomization/tenant-PolicyBinding/kustomization.yaml b/examples/kustomization/tenant-PolicyBinding/kustomization.yaml index e0dd615154a..b315e6267bb 100644 --- a/examples/kustomization/tenant-PolicyBinding/kustomization.yaml +++ b/examples/kustomization/tenant-PolicyBinding/kustomization.yaml @@ -5,10 +5,4 @@ resources: namespace: tenant-PolicyBinding patchesStrategicMerge: - tenant.yaml -patchesJson6902: - - target: - group: minio.min.io - version: v2 - kind: Tenant - name: storage - path: tenantNamePatch.yaml \ No newline at end of file + diff --git a/examples/kustomization/tenant-PolicyBinding/policy-binded-client.yaml b/examples/kustomization/tenant-PolicyBinding/policy-binded-client.yaml index 0005388491c..9a7bacd43d4 100644 --- a/examples/kustomization/tenant-PolicyBinding/policy-binded-client.yaml +++ b/examples/kustomization/tenant-PolicyBinding/policy-binded-client.yaml @@ -1,13 +1,13 @@ apiVersion: v1 kind: Namespace metadata: - name: gosdk + name: client --- apiVersion: v1 kind: ServiceAccount metadata: - namespace: gosdk - name: goapp + namespace: client + name: sdkclient-sa --- apiVersion: sts.min.io/v1beta1 kind: PolicyBinding @@ -16,22 +16,33 @@ metadata: namespace: minio-tenant-1 spec: application: - namespace: gosdk - serviceaccount: goapp + namespace: client + serviceaccount: sdkclient-sa policies: - test-bucket-rw --- apiVersion: batch/v1 kind: Job metadata: - name: go-example - namespace: gosdk + name: miniosdk-example + namespace: client spec: backoffLimit: 5 template: spec: restartPolicy: OnFailure - serviceAccountName: goapp + serviceAccountName: sdkclient-sa + serviceAccount: sdkclient-sa containers: - - name: go-sdk - image: pjuarezd/minio-operator-sts-example:go + - name: miniosdk-sts-example + image: mino/operator-sts-example:local + env: + - name: MINIO_HOST + value: https://minio.minio-tenant-1.svc.cluster.local + - name: STS_HOST + value: https://operator@minio.minio-operator.svc.cluster.local + - name: BUCKET + value: test-bucket + - name: USE_SSL + value: "true" + diff --git a/examples/kustomization/tenant-PolicyBinding/setup-bucket.yaml b/examples/kustomization/tenant-PolicyBinding/setup-bucket.yaml index c510fd29514..ad9354be9db 100644 --- a/examples/kustomization/tenant-PolicyBinding/setup-bucket.yaml +++ b/examples/kustomization/tenant-PolicyBinding/setup-bucket.yaml @@ -34,7 +34,7 @@ metadata: name: setup-bucket namespace: minio-tenant-1 spec: - backoffLimit: 1 + backoffLimit: 5 template: spec: restartPolicy: OnFailure diff --git a/examples/kustomization/tenant-PolicyBinding/tenantNamePatch.yaml b/examples/kustomization/tenant-PolicyBinding/tenantNamePatch.yaml deleted file mode 100644 index 6c8aaecaca1..00000000000 --- a/examples/kustomization/tenant-PolicyBinding/tenantNamePatch.yaml +++ /dev/null @@ -1,3 +0,0 @@ -- op: replace - path: /metadata/name - value: policybinding \ No newline at end of file From f70779e6a7a166d7b96c58028d13f1380080252d Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Thu, 23 Feb 2023 18:45:22 -0800 Subject: [PATCH 04/47] bundle Policies --- pkg/apis/minio.min.io/v2/utils.go | 12 +++ pkg/controller/cluster/http_handlers.go | 105 ++++++++++++++++++------ pkg/controller/cluster/sts.go | 7 ++ 3 files changed, 97 insertions(+), 27 deletions(-) diff --git a/pkg/apis/minio.min.io/v2/utils.go b/pkg/apis/minio.min.io/v2/utils.go index b90401cc1d5..f6690cb2037 100644 --- a/pkg/apis/minio.min.io/v2/utils.go +++ b/pkg/apis/minio.min.io/v2/utils.go @@ -15,7 +15,9 @@ package v2 import ( + "bytes" "crypto/rand" + "encoding/json" "fmt" "io" "strings" @@ -89,3 +91,13 @@ func GenerateTenantConfigurationFile(configuration map[string]string) string { } return rawConfiguration.String() } + +// CompactJSONString removes white spaces, tabs and line return +func CompactJSONString(jsonObject string) (string, error) { + objectByte := []byte(jsonObject) + buffer := new(bytes.Buffer) + if err := json.Compact(buffer, objectByte); err != nil { + return jsonObject, err + } + return buffer.String(), nil +} diff --git a/pkg/controller/cluster/http_handlers.go b/pkg/controller/cluster/http_handlers.go index 9a4f93c128f..be8f5e1bcd6 100644 --- a/pkg/controller/cluster/http_handlers.go +++ b/pkg/controller/cluster/http_handlers.go @@ -16,9 +16,13 @@ package cluster +//lint:file-ignore ST1005 Incorrectly formatted error string + import ( "bytes" "context" + "encoding/json" + "errors" "fmt" "net/http" "strconv" @@ -130,7 +134,7 @@ func validateBucketName(bucket string) (bool, error) { // Authenticates a Kubernetes Service accounts using a JWT Token // Evalues a PolicyBinding CRD as Mapping of the Minio Policies that the ServiceAccount can assume on a minio tenant // Eg:- -// $ curl -k -X POST https://operator:9443/sts/{tenantNamespace} -d "Action=AssumeRoleWithWebIdentity&WebIdentityToken=" -H "Content-Type: application/x-www-form-urlencoded" +// $ curl -k -X POST https://operator:9443/sts/{tenantNamespace} -d "Version=2011-06-15&Action=AssumeRoleWithWebIdentity&WebIdentityToken=" -H "Content-Type: application/x-www-form-urlencoded" func (c *Controller) AssumeRoleWithWebIdentityHandler(w http.ResponseWriter, r *http.Request) { routerVars := mux.Vars(r) tenantNamespace := "" @@ -179,92 +183,139 @@ func (c *Controller) AssumeRoleWithWebIdentityHandler(w http.ResponseWriter, r * return } - // roleArn is ignored - // roleArn := strings.TrimSpace(r.Form.Get(stsRoleArn)) - // VALIDATE JWT accessToken := r.Form.Get(stsWebIdentityToken) - saAuthResult, err := c.ValidateServiceAccountJWT(&ctx, accessToken) if err != nil { writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidIdentityToken, err) return } - if !saAuthResult.Status.Authenticated { - writeSTSErrorResponse(ctx, w, true, ErrSTSAccessDenied, fmt.Errorf("access denied: Invalid Token")) - return - } - pbs, err := c.minioClientSet.StsV1beta1().PolicyBindings(tenantNamespace).List(ctx, metav1.ListOptions{}) - if err != nil { - writeSTSErrorResponse(ctx, w, true, ErrSTSInternalError, fmt.Errorf("error obtaining PolicyBindings: %s", err)) + writeSTSErrorResponse(ctx, w, true, ErrSTSAccessDenied, fmt.Errorf("Access denied: Invalid Token")) return } - chunks := strings.Split(strings.Replace(saAuthResult.Status.User.Username, "system:serviceaccount:", "", -1), ":") // saNamespace Service account Namespace saNamespace := chunks[0] // saName service account username saName := chunks[1] + // Authorized PolicyBindings for the Service Account - // Need to optimize it with a Cache (probably) policyBindings := []v1beta1.PolicyBinding{} + pbs, err := c.minioClientSet.StsV1beta1().PolicyBindings(tenantNamespace).List(ctx, metav1.ListOptions{}) + if err != nil { + writeSTSErrorResponse(ctx, w, true, ErrSTSInternalError, fmt.Errorf("Error obtaining PolicyBindings: %s", err)) + return + } + for _, pb := range pbs.Items { if pb.Spec.Application.Namespace == saNamespace && pb.Spec.Application.ServiceAccount == saName { policyBindings = append(policyBindings, pb) } } - if len(policyBindings) == 0 { - writeSTSErrorResponse(ctx, w, true, ErrSTSAccessDenied, fmt.Errorf("service Account '%s' is not granted to AssumeRole in any Tenant", saAuthResult.Status.User.Username)) + writeSTSErrorResponse(ctx, w, true, ErrSTSAccessDenied, fmt.Errorf("Service account '%s' has no PolicyBindings in namespace '%s'", saAuthResult.Status.User.Username, tenantNamespace)) return } tenants, err := c.minioClientSet.MinioV2().Tenants(tenantNamespace).List(ctx, metav1.ListOptions{}) if err != nil || len(tenants.Items) == 0 { - writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue, fmt.Errorf("no Tenants available in the namespace '%s'", tenantNamespace)) + writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue, fmt.Errorf("No Tenants available in the namespace '%s'", tenantNamespace)) return } // Only one tenant is allowed in a single namespace, gathering the first tenant in the list tenant := tenants.Items[0] - // Session Policy - sessionPolicyStr := r.Form.Get(stsPolicy) - // The plain text that you use for both inline and managed session - // policies shouldn't exceed 2048 characters. - if len(sessionPolicyStr) > 2048 { - writeSTSErrorResponse(ctx, w, true, ErrSTSPackedPolicyTooLarge, fmt.Errorf("session policy should not exceed 2048 characters")) + tenantConfiguration, err := c.getTenantCredentials(ctx, &tenant) + if err != nil { + if errors.Is(err, ErrEmptyRootCredentials) { + writeSTSErrorResponse(ctx, w, true, ErrSTSInternalError, fmt.Errorf("Tenant '%s' is missing root credentials", tenant.Name)) + return + } + writeSTSErrorResponse(ctx, w, true, ErrSTSInternalError, fmt.Errorf("Error getting tenant '%s' root credentials: %s", tenant.Name, err)) + return + } + adminClient, err := tenant.NewMinIOAdmin(tenantConfiguration, c.getTransport()) + if err != nil { + writeSTSErrorResponse(ctx, w, true, ErrSTSInternalError, fmt.Errorf("Error communicating with tenant '%s': %s", tenant.Name, err)) return } + // Session Policy + sessionPolicyStr := r.Form.Get(stsPolicy) + var compactedSessionPolicy string + var sessionPolicy *iampolicy.Policy if len(sessionPolicyStr) > 0 { - sessionPolicy, err := iampolicy.ParseConfig(bytes.NewReader([]byte(sessionPolicyStr))) + compactedSessionPolicy, err = miniov2.CompactJSONString(sessionPolicyStr) + if err != nil { + writeSTSErrorResponse(ctx, w, true, ErrSTSMalformedPolicyDocument, err) + return + } + sessionPolicy, err = iampolicy.ParseConfig(bytes.NewReader([]byte(compactedSessionPolicy))) if err != nil { writeSTSErrorResponse(ctx, w, true, ErrSTSMalformedPolicyDocument, err) return } - // Version in policy must not be empty if sessionPolicy.Version == "" { - writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue, fmt.Errorf("invalid session policy version")) + writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue, fmt.Errorf("Invalid session policy version")) return } + // The plain text that you use for both inline and managed session + // policies shouldn't exceed 2048 characters. + if len(compactedSessionPolicy) > 2048 { + writeSTSErrorResponse(ctx, w, true, ErrSTSPackedPolicyTooLarge, fmt.Errorf("Session policy should not exceed 2048 characters")) + return + } + } + + var bfPolicy iampolicy.Policy + for _, pb := range policyBindings { + if sessionPolicy != nil { + bfPolicy = bfPolicy.Merge(*sessionPolicy) + } + for _, policyName := range pb.Spec.Policies { + policy, err := GetPolicy(ctx, adminClient, policyName) + if err != nil { + klog.Error(fmt.Errorf("Invalid policy %s, ignoring: %s", policyName, err)) + continue + } + parsedPolicy, err := iampolicy.ParseConfig(bytes.NewReader([]byte(policy.Policy))) + if err != nil { + klog.Error(fmt.Errorf("Invalid policy, not parseable %s, ignoring: %s", policyName, err)) + continue + } + bfPolicy = bfPolicy.Merge(*parsedPolicy) + } + } + bfJSONPolicy, _ := json.Marshal(bfPolicy) + bfCompact, err := miniov2.CompactJSONString(string(bfJSONPolicy)) + if err != nil { + writeSTSErrorResponse(ctx, w, true, ErrSTSMalformedPolicyDocument, err) + return + } + if len(bfCompact) > 2048 { + writeSTSErrorResponse(ctx, w, true, ErrSTSPackedPolicyTooLarge, fmt.Errorf("PolicyBinding resulting policy is too long, Policy should not exceed 2048 characters")) + return } durationStr := r.Form.Get(stsDurationSeconds) duration, err := strconv.Atoi(durationStr) if err != nil { writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue, fmt.Errorf("invalid token expiry")) + return } if duration < 900 || duration > 31536000 { writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue, fmt.Errorf("invalid token expiry: min 900s, max 31536000s")) + return } - stsCredentials, err := AssumeRole(ctx, c, &tenant, sessionPolicyStr, duration) + stsCredentials, err := AssumeRole(ctx, c, &tenant, bfCompact, duration) if err != nil { writeSTSErrorResponse(ctx, w, true, ErrSTSInternalError, err) + return } assumeRoleResponse := &AssumeRoleWithWebIdentityResponse{ diff --git a/pkg/controller/cluster/sts.go b/pkg/controller/cluster/sts.go index c526c7fd3d8..f31e738f900 100644 --- a/pkg/controller/cluster/sts.go +++ b/pkg/controller/cluster/sts.go @@ -10,6 +10,7 @@ import ( "time" "github.com/gorilla/mux" + "github.com/minio/madmin-go" "github.com/minio/minio-go/v7/pkg/credentials" miniov2 "github.com/minio/operator/pkg/apis/minio.min.io/v2" xhttp "github.com/minio/operator/pkg/internal" @@ -300,6 +301,12 @@ func (e stsErrorCodeMap) ToSTSErr(errCode STSErrorCode) APIError { return apiErr } +// GetPolicy returns a tenant Policy by Name +func GetPolicy(ctx context.Context, adminClient *madmin.AdminClient, policyName string) (*madmin.PolicyInfo, error) { + policy, err := adminClient.InfoCannedPolicyV2(ctx, policyName) + return policy, err +} + // AssumeRole invokes the AssumeRole method in the Minio Tenant func AssumeRole(ctx context.Context, c *Controller, tenant *miniov2.Tenant, sessionPolicy string, duration int) (*credentials.Value, error) { client, accessKey, secretKey, err := getTenantClient(ctx, c, tenant) From 4a6846d48f03c99c4bebd2ea94b9a14b220f07ca Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Fri, 24 Feb 2023 00:28:56 -0800 Subject: [PATCH 05/47] example clients WIP --- .../awssdk/python/Dockerfile | 11 ++ .../awssdk/python/job.yaml | 39 +++++++ .../awssdk/python/main.py | 46 ++++++++ .../awssdk/python/requirements.txt | 1 + .../tenant-PolicyBinding/client/main.go | 46 -------- .../tenant-PolicyBinding/client/start.sh | 7 -- .../{client => miniosdk/go}/Dockerfile | 2 +- .../{client => miniosdk/go}/go.mod | 0 .../{client => miniosdk/go}/go.sum | 0 .../tenant-PolicyBinding/miniosdk/go/main.go | 106 ++++++++++++++++++ .../miniosdk/java/Dockerfile | 14 +++ .../miniosdk/java/main.java | 38 +++++++ .../miniosdk/javascript/Dockerfile | 14 +++ .../miniosdk/python/Dockerfile | 11 ++ .../miniosdk/python/main.py | 27 +++++ .../miniosdk/python/requirements.txt | 1 + .../policy-binded-client.yaml | 28 +++-- 17 files changed, 326 insertions(+), 65 deletions(-) create mode 100644 examples/kustomization/tenant-PolicyBinding/awssdk/python/Dockerfile create mode 100644 examples/kustomization/tenant-PolicyBinding/awssdk/python/job.yaml create mode 100644 examples/kustomization/tenant-PolicyBinding/awssdk/python/main.py create mode 100644 examples/kustomization/tenant-PolicyBinding/awssdk/python/requirements.txt delete mode 100644 examples/kustomization/tenant-PolicyBinding/client/main.go delete mode 100644 examples/kustomization/tenant-PolicyBinding/client/start.sh rename examples/kustomization/tenant-PolicyBinding/{client => miniosdk/go}/Dockerfile (89%) rename examples/kustomization/tenant-PolicyBinding/{client => miniosdk/go}/go.mod (100%) rename examples/kustomization/tenant-PolicyBinding/{client => miniosdk/go}/go.sum (100%) create mode 100644 examples/kustomization/tenant-PolicyBinding/miniosdk/go/main.go create mode 100644 examples/kustomization/tenant-PolicyBinding/miniosdk/java/Dockerfile create mode 100644 examples/kustomization/tenant-PolicyBinding/miniosdk/java/main.java create mode 100644 examples/kustomization/tenant-PolicyBinding/miniosdk/javascript/Dockerfile create mode 100644 examples/kustomization/tenant-PolicyBinding/miniosdk/python/Dockerfile create mode 100644 examples/kustomization/tenant-PolicyBinding/miniosdk/python/main.py create mode 100644 examples/kustomization/tenant-PolicyBinding/miniosdk/python/requirements.txt diff --git a/examples/kustomization/tenant-PolicyBinding/awssdk/python/Dockerfile b/examples/kustomization/tenant-PolicyBinding/awssdk/python/Dockerfile new file mode 100644 index 00000000000..1ec3b61208c --- /dev/null +++ b/examples/kustomization/tenant-PolicyBinding/awssdk/python/Dockerfile @@ -0,0 +1,11 @@ +FROM ubuntu:latest + +RUN \ + apt-get update && \ + apt-get install -y curl ca-certificates python3 python3-pip +RUN mkdir app +WORKDIR /app +COPY main.py /app/main.py +COPY requirements.txt /app/requirements.txt +RUN pip3 install -r requirements.txt +CMD ["python3", "/app/main.py"] diff --git a/examples/kustomization/tenant-PolicyBinding/awssdk/python/job.yaml b/examples/kustomization/tenant-PolicyBinding/awssdk/python/job.yaml new file mode 100644 index 00000000000..f75a65f0102 --- /dev/null +++ b/examples/kustomization/tenant-PolicyBinding/awssdk/python/job.yaml @@ -0,0 +1,39 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: myapplication +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: myapplication + name: app +--- +apiVersion: sts.min.io/v1beta1 +kind: PolicyBinding +metadata: + namespace: minio-tenant-1 +spec: + application: + namespace: myapplication + serviceaccount: app + policies: + - kafka-rw +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: python-example + namespace: myapplication +spec: + serviceAccountName: app + backoffLimit: 1 + template: + spec: + restartPolicy: Never + containers: + - name: python-sdk + image: pjuarezd/minio-operator-sts-example-python + # env: + # - name: AWS_WEB_IDENTITY_TOKEN_FILE + # value: /var/run/secrets/kubernetes.io/serviceaccount/token diff --git a/examples/kustomization/tenant-PolicyBinding/awssdk/python/main.py b/examples/kustomization/tenant-PolicyBinding/awssdk/python/main.py new file mode 100644 index 00000000000..508753e48fd --- /dev/null +++ b/examples/kustomization/tenant-PolicyBinding/awssdk/python/main.py @@ -0,0 +1,46 @@ +#Example with AWS Python SDK +import boto3 + +an_policy = """ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "s3:*" + ], + "Resource": [ + "arn:aws:s3:::*" + ] + } + ] +} +""" +#boto3.set_stream_logger(name='botocore') +sts = boto3.client('sts', endpoint_url='http://sts.minio-operator.svc.cluster.local:4223/sts/minio-tenant-1', verify=False) + +jwt_token_path = '/var/run/secrets/kubernetes.io/serviceaccount/token' + +sa_jwt = open(jwt_token_path, "r") + +assumed_role_object = sts.assume_role_with_web_identity( + RoleArn='arn:aws:iam::111111111:root', + RoleSessionName='optional-session-name', + Policy=an_policy, + DurationSeconds=25536, + WebIdentityToken=sa_jwt.read() +) + +credentials = assumed_role_object['Credentials'] +print(credentials) + +s3_client = boto3.resource('s3', + aws_access_key_id=credentials['AccessKeyId'], + aws_secret_access_key=credentials['SecretAccessKey'], + aws_session_token=credentials['SessionToken'], + endpoint_url='https://minio.minio-tenant-1.svc.cluster.local', verify=False) + +my_bucket = s3_client.Bucket('test-bucket') +for my_bucket_object in my_bucket.objects.all(): + print(my_bucket_object) diff --git a/examples/kustomization/tenant-PolicyBinding/awssdk/python/requirements.txt b/examples/kustomization/tenant-PolicyBinding/awssdk/python/requirements.txt new file mode 100644 index 00000000000..a195582a4e7 --- /dev/null +++ b/examples/kustomization/tenant-PolicyBinding/awssdk/python/requirements.txt @@ -0,0 +1 @@ +boto3>=1.24 \ No newline at end of file diff --git a/examples/kustomization/tenant-PolicyBinding/client/main.go b/examples/kustomization/tenant-PolicyBinding/client/main.go deleted file mode 100644 index c0bef5eca57..00000000000 --- a/examples/kustomization/tenant-PolicyBinding/client/main.go +++ /dev/null @@ -1,46 +0,0 @@ -package main - -import ( - "context" - "fmt" - - "github.com/minio/minio-go/v7" - "github.com/minio/minio-go/v7/pkg/credentials" -) - -func main() { - endpoint := "minio.minio-tenant-1.svc.cluster" - operatorEndpoint := "http://sts.minio-operator.svc.cluster.local:4222/sts/" - useSSL := true - - sts, err := credentials.NewSTSWebIdentity(operatorEndpoint, getWebTokenExpiry) - if err != nil { - fmt.Println(fmt.Errorf("Could not get STS credentials: %s", err)) - return - } - - minioClient, err := minio.New(endpoint, &minio.Options{ - Creds: sts, - Secure: useSSL, - }) - - if err != nil { - fmt.Println(err) - return - } - - opts := minio.ListObjectsOptions{ - UseV1: true, - Prefix: "/", - Recursive: true, - } - - for object := range minioClient.ListObjects(context.Background(), "test-bucket", opts) { - if object.Err != nil { - fmt.Println(object.Err) - return - } - fmt.Println(object) - } - return -} diff --git a/examples/kustomization/tenant-PolicyBinding/client/start.sh b/examples/kustomization/tenant-PolicyBinding/client/start.sh deleted file mode 100644 index 5a9678f3184..00000000000 --- a/examples/kustomization/tenant-PolicyBinding/client/start.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -cp /var/run/secrets/kubernetes.io/serviceaccount/ca.crt /usr/local/share/ca-certificates/minio-ca.pem -chmod 644 /usr/local/share/ca-certificates/minio-ca.pem -#chmod 644 /usr/local/share/ca-certificates/minio-ca.pem -update-ca-certificates -/app/client \ No newline at end of file diff --git a/examples/kustomization/tenant-PolicyBinding/client/Dockerfile b/examples/kustomization/tenant-PolicyBinding/miniosdk/go/Dockerfile similarity index 89% rename from examples/kustomization/tenant-PolicyBinding/client/Dockerfile rename to examples/kustomization/tenant-PolicyBinding/miniosdk/go/Dockerfile index 95b5614da07..3592f01346d 100644 --- a/examples/kustomization/tenant-PolicyBinding/client/Dockerfile +++ b/examples/kustomization/tenant-PolicyBinding/miniosdk/go/Dockerfile @@ -11,4 +11,4 @@ RUN \ apt-get update && \ apt-get install -y curl ca-certificates golang-go -CMD ["./app/start.sh"] +CMD ["./app/client"] diff --git a/examples/kustomization/tenant-PolicyBinding/client/go.mod b/examples/kustomization/tenant-PolicyBinding/miniosdk/go/go.mod similarity index 100% rename from examples/kustomization/tenant-PolicyBinding/client/go.mod rename to examples/kustomization/tenant-PolicyBinding/miniosdk/go/go.mod diff --git a/examples/kustomization/tenant-PolicyBinding/client/go.sum b/examples/kustomization/tenant-PolicyBinding/miniosdk/go/go.sum similarity index 100% rename from examples/kustomization/tenant-PolicyBinding/client/go.sum rename to examples/kustomization/tenant-PolicyBinding/miniosdk/go/go.sum diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/go/main.go b/examples/kustomization/tenant-PolicyBinding/miniosdk/go/main.go new file mode 100644 index 00000000000..e71abfad620 --- /dev/null +++ b/examples/kustomization/tenant-PolicyBinding/miniosdk/go/main.go @@ -0,0 +1,106 @@ +package main + +import ( + "context" + "fmt" + "io" + "io/ioutil" + "log" + "net/url" + "os" + + "github.com/minio/minio-go/v7" + "github.com/minio/minio-go/v7/pkg/credentials" +) + +func main() { + tenantEndpoint := os.Getenv("MINIO_ENDPOINT") + stsEndpoint := os.Getenv("STS_ENDPOINT") + sessionPolicyFile := os.Getenv("STS_POLICY") + + token, err := getToken() + if err != nil { + log.Fatalf("Could not get Service account JWT: %s", err) + panic(1) + } + if token == "" { + log.Fatalf("Service account JWT is empty", err) + panic(1) + } + + var stsOpts credentials.STSAssumeRoleOptions + + if sessionPolicyFile != "" { + var policy string + if f, err := os.Open(sessionPolicyFile); err != nil { + log.Fatalf("Unable to open session policy file: %v", err) + } else { + bs, err := io.ReadAll(f) + if err != nil { + log.Fatalf("Error reading session policy file: %v", err) + } + policy = string(bs) + } + stsOpts.Policy = policy + } + + stsEndpointURL, err := url.Parse(stsEndpoint) + if err != nil { + log.Fatalf("Error parsing sts endpoint: %v", err) + } + sts, err := credentials.NewSTSAssumeRole(stsEndpointURL.String(), stsOpts) + if err != nil { + log.Fatalf("Error initializing STS Identity: %v", err) + } + retrievedCredentials, err := sts.Get() + if err != nil { + log.Fatalf("Error retrieving STS credentials: %v", err) + } + fmt.Println("AccessKeyID:", retrievedCredentials.AccessKeyID) + fmt.Println("SecretAccessKey:", retrievedCredentials.SecretAccessKey) + fmt.Println("SessionToken:", retrievedCredentials.SessionToken) + + tenantEndpointURL, err := url.Parse(tenantEndpoint) + if err != nil { + log.Fatalf("Error parsing tenant endpoint: %v", err) + } + + minioClient, err := minio.New(tenantEndpointURL.Host, &minio.Options{ + Creds: sts, + Secure: tenantEndpointURL.Scheme == "https", + }) + + if err != nil { + log.Fatalf("Error initializing client: %v", err) + } + + opts := minio.ListObjectsOptions{ + UseV1: true, + Prefix: "/", + Recursive: true, + } + + for object := range minioClient.ListObjects(context.Background(), "test-bucket", opts) { + if object.Err != nil { + fmt.Println(object.Err) + panic(1) + } + fmt.Println(object) + } + +} + +func getToken() (string, error) { + tokenpath := os.Getenv("AWS_WEB_IDENTITY_TOKEN_FILE") + fileContent, err := ioutil.ReadFile(tokenpath) + if err != nil { + return "", err + } + return string(fileContent), nil +} + +func getKubernetesCACertificates() (string, error) { + kubeRootCApath := "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" + operatorSTSCApath := os.Getenv("STS_CA_PATH") + +} diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/java/Dockerfile b/examples/kustomization/tenant-PolicyBinding/miniosdk/java/Dockerfile new file mode 100644 index 00000000000..3592f01346d --- /dev/null +++ b/examples/kustomization/tenant-PolicyBinding/miniosdk/java/Dockerfile @@ -0,0 +1,14 @@ + +FROM ubuntu:latest + +RUN mkdir /app +WORKDIR /app +COPY client /app/ +COPY start.sh /app/ +RUN chmod +x /app/start.sh + +RUN \ + apt-get update && \ + apt-get install -y curl ca-certificates golang-go + +CMD ["./app/client"] diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/java/main.java b/examples/kustomization/tenant-PolicyBinding/miniosdk/java/main.java new file mode 100644 index 00000000000..3af67fef8a3 --- /dev/null +++ b/examples/kustomization/tenant-PolicyBinding/miniosdk/java/main.java @@ -0,0 +1,38 @@ +import io.minio.ListObjectsArgs; +import io.minio.MinioClient; +import io.minio.Result; +import io.minio.errors.MinioException; +import io.minio.messages.Item; +import java.io.IOException; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; + +public class ListObjects { + public static void main(String[] args) throws Exception{ + try { + String operatorEndpoint = "http://operator.minio-operator.svc.cluster.local:4221/sts/"; + String minioEndpoint = "http://minio.minio-tenant-1.svc.cluster.local"; + SSLSocketFactory sslSocketFactory = null; + X509TrustManager trustManager = null; + + Provider provider = new CertificateIdentityProvider(operatorEndpoint, sslSocketFactory, trustManager, null, + null); + + /* play.min.io for test and development. */ + MinioClient minioClient = MinioClient.builder() + .endpoint("https://MINIO-HOST:MINIO-PORT") + .credentialsProvider(provider) + .build(); + + // Lists objects information. + Iterable> results = minioClient.listObjects(ListObjectsArgs.builder().bucket("kafka").build()); + + for (Result result : results) { + Item item = result.get(); + System.out.println(item.lastModified() + "\t" + item.size() + "\t" + item.objectName()); + } + } catch (MinioException e) { + System.out.println("Error occurred: " + e); + } + } +} \ No newline at end of file diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/javascript/Dockerfile b/examples/kustomization/tenant-PolicyBinding/miniosdk/javascript/Dockerfile new file mode 100644 index 00000000000..3592f01346d --- /dev/null +++ b/examples/kustomization/tenant-PolicyBinding/miniosdk/javascript/Dockerfile @@ -0,0 +1,14 @@ + +FROM ubuntu:latest + +RUN mkdir /app +WORKDIR /app +COPY client /app/ +COPY start.sh /app/ +RUN chmod +x /app/start.sh + +RUN \ + apt-get update && \ + apt-get install -y curl ca-certificates golang-go + +CMD ["./app/client"] diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/python/Dockerfile b/examples/kustomization/tenant-PolicyBinding/miniosdk/python/Dockerfile new file mode 100644 index 00000000000..1ec3b61208c --- /dev/null +++ b/examples/kustomization/tenant-PolicyBinding/miniosdk/python/Dockerfile @@ -0,0 +1,11 @@ +FROM ubuntu:latest + +RUN \ + apt-get update && \ + apt-get install -y curl ca-certificates python3 python3-pip +RUN mkdir app +WORKDIR /app +COPY main.py /app/main.py +COPY requirements.txt /app/requirements.txt +RUN pip3 install -r requirements.txt +CMD ["python3", "/app/main.py"] diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/python/main.py b/examples/kustomization/tenant-PolicyBinding/miniosdk/python/main.py new file mode 100644 index 00000000000..ef5d0552a1d --- /dev/null +++ b/examples/kustomization/tenant-PolicyBinding/miniosdk/python/main.py @@ -0,0 +1,27 @@ +from minio import Minio +from minio.credentials import AssumeRoleProvider +import os +from urllib.parse import urlparse + +# STS endpoint usually point to MinIO server. +sts_endpoint = os.getenv("STS_ENDPOINT") +tenant_endpoint = os.getenv("MINIO_ENDPOINT") +bucket = os.getenv("BUCKET") +# Policy if available. +policy_path = os.getenv("STS_POLICY") +policy = "" + +if policy_path is not None: + f = open("demofile.txt", "r") + policy =f.read() + +provider = AssumeRoleProvider( + sts_endpoint, + policy=policy +) +tenantUrl = urlparse(tenant_endpoint) +client = Minio(f"{tenantUrl.hostname}:{tenantUrl.port}", credentials=provider, secure=tenantUrl.scheme == "https") + +# Get information of an object. +stat = client.list_objects(bucket) +print(stat) diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/python/requirements.txt b/examples/kustomization/tenant-PolicyBinding/miniosdk/python/requirements.txt new file mode 100644 index 00000000000..32e16febc78 --- /dev/null +++ b/examples/kustomization/tenant-PolicyBinding/miniosdk/python/requirements.txt @@ -0,0 +1 @@ +minio>=7.1.13 \ No newline at end of file diff --git a/examples/kustomization/tenant-PolicyBinding/policy-binded-client.yaml b/examples/kustomization/tenant-PolicyBinding/policy-binded-client.yaml index 9a7bacd43d4..87b966a9eaa 100644 --- a/examples/kustomization/tenant-PolicyBinding/policy-binded-client.yaml +++ b/examples/kustomization/tenant-PolicyBinding/policy-binded-client.yaml @@ -34,15 +34,21 @@ spec: serviceAccountName: sdkclient-sa serviceAccount: sdkclient-sa containers: - - name: miniosdk-sts-example - image: mino/operator-sts-example:local - env: - - name: MINIO_HOST - value: https://minio.minio-tenant-1.svc.cluster.local - - name: STS_HOST - value: https://operator@minio.minio-operator.svc.cluster.local - - name: BUCKET - value: test-bucket - - name: USE_SSL - value: "true" + - name: miniosdk-sts-go + image: mino/operator-sts:go + env: + - name: MINIO_ENPOINT + value: https://minio.minio-tenant-1.svc.cluster.local:9443 + - name: STS_ENDPOINT + value: https://sts.minio-operator.svc.cluster.local:4223 + - name: TENANT_NAMESPACE + value: minio-tenant-1 + - name: BUCKET + value: test-bucket + - name: AWS_WEB_IDENTITY_TOKEN_FILE + value: "/var/run/secrets/kubernetes.io/serviceaccount/token" + - name: STS_POLICY + value: "/var/run/secrets/sts.min.io/policy.json" + - name: STS_CA_PATH + value: "/var/run/secrets/sts.min.io/ca.crt" From 9cfbfa31d30b3454bff4cab736786fd0a67bbc11 Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Sun, 26 Feb 2023 14:44:42 -0800 Subject: [PATCH 06/47] example operator sts clients checkpoint --- .../tenant-PolicyBinding/Makefile | 20 ++++ .../awssdk/python/Dockerfile | 1 + ...etup-bucket.yaml => iam-setup-bucket.yaml} | 0 .../miniosdk/go/Dockerfile | 10 +- .../tenant-PolicyBinding/miniosdk/go/go.mod | 5 +- .../tenant-PolicyBinding/miniosdk/go/go.sum | 4 + .../tenant-PolicyBinding/miniosdk/go/main.go | 95 ++++++++++++------- .../miniosdk/java/Dockerfile | 12 +-- .../miniosdk/java/pom.xml | 48 ++++++++++ .../operator/sts/OperatorSTSExample.java} | 24 +++-- .../policy-binded-client.yaml | 54 ----------- .../tenant-PolicyBinding/sts-client.yaml | 84 ++++++++++++++++ 12 files changed, 243 insertions(+), 114 deletions(-) create mode 100644 examples/kustomization/tenant-PolicyBinding/Makefile rename examples/kustomization/tenant-PolicyBinding/{setup-bucket.yaml => iam-setup-bucket.yaml} (100%) create mode 100644 examples/kustomization/tenant-PolicyBinding/miniosdk/java/pom.xml rename examples/kustomization/tenant-PolicyBinding/miniosdk/java/{main.java => src/main/java/operator/sts/OperatorSTSExample.java} (62%) delete mode 100644 examples/kustomization/tenant-PolicyBinding/policy-binded-client.yaml create mode 100644 examples/kustomization/tenant-PolicyBinding/sts-client.yaml diff --git a/examples/kustomization/tenant-PolicyBinding/Makefile b/examples/kustomization/tenant-PolicyBinding/Makefile new file mode 100644 index 00000000000..890b8311a4b --- /dev/null +++ b/examples/kustomization/tenant-PolicyBinding/Makefile @@ -0,0 +1,20 @@ + +all: build + +build: miniosdkgo miniosdkjava awssdkpython + +miniosdkgo: + @cd miniosdk/go/ && \ + go install && GOOS=linux GOARCH=amd64 go build -o client + @cd miniosdk/go/ && \ + docker buildx build --platform=linux/amd64 -t minio/operator-sts-example:minio-go . + +miniosdkjava: + @cd miniosdk/java/ && \ + mvn package + @cd miniosdk/java/ && \ + docker buildx build --platform=linux/amd64 -t minio/operator-sts-example:minio-java . + +awssdkpython: + @cd awssdk/python/ && \ + docker buildx build --platform=linux/amd64 -t minio/operator-sts-example:aws-python . \ No newline at end of file diff --git a/examples/kustomization/tenant-PolicyBinding/awssdk/python/Dockerfile b/examples/kustomization/tenant-PolicyBinding/awssdk/python/Dockerfile index 1ec3b61208c..e4eb92d406c 100644 --- a/examples/kustomization/tenant-PolicyBinding/awssdk/python/Dockerfile +++ b/examples/kustomization/tenant-PolicyBinding/awssdk/python/Dockerfile @@ -3,6 +3,7 @@ FROM ubuntu:latest RUN \ apt-get update && \ apt-get install -y curl ca-certificates python3 python3-pip + RUN mkdir app WORKDIR /app COPY main.py /app/main.py diff --git a/examples/kustomization/tenant-PolicyBinding/setup-bucket.yaml b/examples/kustomization/tenant-PolicyBinding/iam-setup-bucket.yaml similarity index 100% rename from examples/kustomization/tenant-PolicyBinding/setup-bucket.yaml rename to examples/kustomization/tenant-PolicyBinding/iam-setup-bucket.yaml diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/go/Dockerfile b/examples/kustomization/tenant-PolicyBinding/miniosdk/go/Dockerfile index 3592f01346d..44b41cf1fed 100644 --- a/examples/kustomization/tenant-PolicyBinding/miniosdk/go/Dockerfile +++ b/examples/kustomization/tenant-PolicyBinding/miniosdk/go/Dockerfile @@ -1,14 +1,12 @@ FROM ubuntu:latest -RUN mkdir /app -WORKDIR /app -COPY client /app/ -COPY start.sh /app/ -RUN chmod +x /app/start.sh - RUN \ apt-get update && \ apt-get install -y curl ca-certificates golang-go +RUN mkdir /app +WORKDIR /app +COPY client /app/ + CMD ["./app/client"] diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/go/go.mod b/examples/kustomization/tenant-PolicyBinding/miniosdk/go/go.mod index ffbd42e8909..4650f639828 100644 --- a/examples/kustomization/tenant-PolicyBinding/miniosdk/go/go.mod +++ b/examples/kustomization/tenant-PolicyBinding/miniosdk/go/go.mod @@ -1,6 +1,8 @@ module min.io/operator-sts-example -go 1.18 +go 1.20 + +require github.com/minio/minio-go/v7 v7.0.33 require ( github.com/dustin/go-humanize v1.0.0 // indirect @@ -9,7 +11,6 @@ require ( github.com/klauspost/compress v1.15.9 // indirect github.com/klauspost/cpuid/v2 v2.1.0 // indirect github.com/minio/md5-simd v1.1.2 // indirect - github.com/minio/minio-go/v7 v7.0.33 // indirect github.com/minio/sha256-simd v1.0.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/go/go.sum b/examples/kustomization/tenant-PolicyBinding/miniosdk/go/go.sum index f29f06041c8..87de8f2b1db 100644 --- a/examples/kustomization/tenant-PolicyBinding/miniosdk/go/go.sum +++ b/examples/kustomization/tenant-PolicyBinding/miniosdk/go/go.sum @@ -1,4 +1,5 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= @@ -24,6 +25,7 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/rs/xid v1.4.0 h1:qd7wPTDkN6KQx2VmMBLrpHkiyQwgFXRnkOLacUiaSNY= github.com/rs/xid v1.4.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= @@ -31,6 +33,7 @@ github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0 github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa h1:zuSxTR4o9y82ebqCUJYNGJbGPo6sKVl54f/TVDObg1c= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= @@ -45,4 +48,5 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/ini.v1 v1.66.6 h1:LATuAqN/shcYAOkv3wl2L4rkaKqkcgTBQjOyYDvcPKI= gopkg.in/ini.v1 v1.66.6/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/go/main.go b/examples/kustomization/tenant-PolicyBinding/miniosdk/go/main.go index e71abfad620..3925992020f 100644 --- a/examples/kustomization/tenant-PolicyBinding/miniosdk/go/main.go +++ b/examples/kustomization/tenant-PolicyBinding/miniosdk/go/main.go @@ -1,13 +1,30 @@ +/* + * MinIO Go Library for Amazon S3 Compatible Cloud Storage + * Copyright 2015-2023 MinIO, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + package main import ( "context" "fmt" - "io" "io/ioutil" "log" "net/url" "os" + "path" "github.com/minio/minio-go/v7" "github.com/minio/minio-go/v7/pkg/credentials" @@ -16,7 +33,8 @@ import ( func main() { tenantEndpoint := os.Getenv("MINIO_ENDPOINT") stsEndpoint := os.Getenv("STS_ENDPOINT") - sessionPolicyFile := os.Getenv("STS_POLICY") + tenantNamespace := os.Getenv("TENANT_NAMESPACE") + bucketName := os.Getenv("BUCKET") token, err := getToken() if err != nil { @@ -24,50 +42,59 @@ func main() { panic(1) } if token == "" { - log.Fatalf("Service account JWT is empty", err) + log.Fatal("Service account JWT is empty") panic(1) } - var stsOpts credentials.STSAssumeRoleOptions - - if sessionPolicyFile != "" { - var policy string - if f, err := os.Open(sessionPolicyFile); err != nil { - log.Fatalf("Unable to open session policy file: %v", err) - } else { - bs, err := io.ReadAll(f) - if err != nil { - log.Fatalf("Error reading session policy file: %v", err) - } - policy = string(bs) - } - stsOpts.Policy = policy - } - stsEndpointURL, err := url.Parse(stsEndpoint) + stsEndpointURL.Path = path.Join(stsEndpointURL.Path, tenantNamespace) if err != nil { log.Fatalf("Error parsing sts endpoint: %v", err) } - sts, err := credentials.NewSTSAssumeRole(stsEndpointURL.String(), stsOpts) + sts := credentials.NewIAM(stsEndpointURL.String()) + if err != nil { log.Fatalf("Error initializing STS Identity: %v", err) + panic(1) } - retrievedCredentials, err := sts.Get() + // This might fail for https with self-signed certificates, + // need to find a way to set trust CA certificate to credentials.Credentials.Get() + // retrievedCredentials, err := sts.Get() + // if err != nil { + // log.Fatalf("Error retrieving STS credentials: %v", err) + // panic(1) + // } + // fmt.Println("AccessKeyID:", retrievedCredentials.AccessKeyID) + // fmt.Println("SecretAccessKey:", retrievedCredentials.SecretAccessKey) + // fmt.Println("SessionToken:", retrievedCredentials.SessionToken) + + tenantEndpointURL, err := url.Parse(tenantEndpoint) if err != nil { - log.Fatalf("Error retrieving STS credentials: %v", err) + log.Fatalf("Error parsing tenant endpoint: %s", err) + panic(1) } - fmt.Println("AccessKeyID:", retrievedCredentials.AccessKeyID) - fmt.Println("SecretAccessKey:", retrievedCredentials.SecretAccessKey) - fmt.Println("SessionToken:", retrievedCredentials.SessionToken) - tenantEndpointURL, err := url.Parse(tenantEndpoint) + caCertificate, err := getKubernetesCACertificates() if err != nil { - log.Fatalf("Error parsing tenant endpoint: %v", err) + log.Fatalf("Error loading CA Certifiate : %s", err) + panic(1) + } + + transport, err := minio.DefaultTransport(tenantEndpointURL.Scheme == "https") + if err != nil { + log.Fatalf("Error creating default transport : %s", err) + panic(1) + } + + if ok := transport.TLSClientConfig.RootCAs.AppendCertsFromPEM(caCertificate); !ok { + log.Fatalf("Error parsing CA Certifiate : %s", err) + panic(1) } minioClient, err := minio.New(tenantEndpointURL.Host, &minio.Options{ - Creds: sts, - Secure: tenantEndpointURL.Scheme == "https", + Creds: sts, + Secure: tenantEndpointURL.Scheme == "https", + Transport: transport, }) if err != nil { @@ -75,19 +102,18 @@ func main() { } opts := minio.ListObjectsOptions{ - UseV1: true, Prefix: "/", Recursive: true, } - for object := range minioClient.ListObjects(context.Background(), "test-bucket", opts) { + for object := range minioClient.ListObjects(context.Background(), bucketName, opts) { if object.Err != nil { fmt.Println(object.Err) panic(1) } fmt.Println(object) } - + return } func getToken() (string, error) { @@ -99,8 +125,7 @@ func getToken() (string, error) { return string(fileContent), nil } -func getKubernetesCACertificates() (string, error) { +func getKubernetesCACertificates() ([]byte, error) { kubeRootCApath := "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" - operatorSTSCApath := os.Getenv("STS_CA_PATH") - + return ioutil.ReadFile(kubeRootCApath) } diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/java/Dockerfile b/examples/kustomization/tenant-PolicyBinding/miniosdk/java/Dockerfile index 3592f01346d..4f020237a0b 100644 --- a/examples/kustomization/tenant-PolicyBinding/miniosdk/java/Dockerfile +++ b/examples/kustomization/tenant-PolicyBinding/miniosdk/java/Dockerfile @@ -1,14 +1,8 @@ -FROM ubuntu:latest +FROM openjdk:11 RUN mkdir /app WORKDIR /app -COPY client /app/ -COPY start.sh /app/ -RUN chmod +x /app/start.sh +COPY target/operator-sts-0.1.0.jar /app/app.jar -RUN \ - apt-get update && \ - apt-get install -y curl ca-certificates golang-go - -CMD ["./app/client"] +CMD ["java", "-jar", "./app/app.jar"] diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/java/pom.xml b/examples/kustomization/tenant-PolicyBinding/miniosdk/java/pom.xml new file mode 100644 index 00000000000..659842dc9cc --- /dev/null +++ b/examples/kustomization/tenant-PolicyBinding/miniosdk/java/pom.xml @@ -0,0 +1,48 @@ + + + 4.0.0 + + org.springframework + operator-sts + jar + 0.1.0 + + + 1.8 + 1.8 + + + + io.minio + minio + 8.5.2 + + + + + + org.apache.maven.plugins + maven-shade-plugin + 3.2.4 + + + package + + shade + + + + + main.OperatorSTSExample + + + + + + + + + \ No newline at end of file diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/java/main.java b/examples/kustomization/tenant-PolicyBinding/miniosdk/java/src/main/java/operator/sts/OperatorSTSExample.java similarity index 62% rename from examples/kustomization/tenant-PolicyBinding/miniosdk/java/main.java rename to examples/kustomization/tenant-PolicyBinding/miniosdk/java/src/main/java/operator/sts/OperatorSTSExample.java index 3af67fef8a3..63e96a38cd1 100644 --- a/examples/kustomization/tenant-PolicyBinding/miniosdk/java/main.java +++ b/examples/kustomization/tenant-PolicyBinding/miniosdk/java/src/main/java/operator/sts/OperatorSTSExample.java @@ -1,31 +1,39 @@ +package sts; import io.minio.ListObjectsArgs; import io.minio.MinioClient; import io.minio.Result; import io.minio.errors.MinioException; import io.minio.messages.Item; +import io.minio.credentials.CertificateIdentityProvider; +import io.minio.credentials.Provider; import java.io.IOException; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; -public class ListObjects { +import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.X509TrustManager; + + +public class OperatorSTSExample { public static void main(String[] args) throws Exception{ try { - String operatorEndpoint = "http://operator.minio-operator.svc.cluster.local:4221/sts/"; - String minioEndpoint = "http://minio.minio-tenant-1.svc.cluster.local"; + String operatorEndpoint = System.getenv("OPERATOR_ENDPOINT"); + String minioEndpoint = System.getenv("TENANT_ENDPOINT"); + String tenantNamespace = System.getenv("TENANT_NAMESPACE"); + String bucketName = System.getenv("BUCKET"); + SSLSocketFactory sslSocketFactory = null; X509TrustManager trustManager = null; - Provider provider = new CertificateIdentityProvider(operatorEndpoint, sslSocketFactory, trustManager, null, - null); + Provider provider = new CertificateIdentityProvider(operatorEndpoint, sslSocketFactory, trustManager, null, null); - /* play.min.io for test and development. */ MinioClient minioClient = MinioClient.builder() - .endpoint("https://MINIO-HOST:MINIO-PORT") + .endpoint(minioEndpoint) .credentialsProvider(provider) .build(); // Lists objects information. - Iterable> results = minioClient.listObjects(ListObjectsArgs.builder().bucket("kafka").build()); + Iterable> results = minioClient.listObjects(ListObjectsArgs.builder().bucket(bucketName).build()); for (Result result : results) { Item item = result.get(); diff --git a/examples/kustomization/tenant-PolicyBinding/policy-binded-client.yaml b/examples/kustomization/tenant-PolicyBinding/policy-binded-client.yaml deleted file mode 100644 index 87b966a9eaa..00000000000 --- a/examples/kustomization/tenant-PolicyBinding/policy-binded-client.yaml +++ /dev/null @@ -1,54 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: client ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - namespace: client - name: sdkclient-sa ---- -apiVersion: sts.min.io/v1beta1 -kind: PolicyBinding -metadata: - name: binding-1 - namespace: minio-tenant-1 -spec: - application: - namespace: client - serviceaccount: sdkclient-sa - policies: - - test-bucket-rw ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: miniosdk-example - namespace: client -spec: - backoffLimit: 5 - template: - spec: - restartPolicy: OnFailure - serviceAccountName: sdkclient-sa - serviceAccount: sdkclient-sa - containers: - - name: miniosdk-sts-go - image: mino/operator-sts:go - env: - - name: MINIO_ENPOINT - value: https://minio.minio-tenant-1.svc.cluster.local:9443 - - name: STS_ENDPOINT - value: https://sts.minio-operator.svc.cluster.local:4223 - - name: TENANT_NAMESPACE - value: minio-tenant-1 - - name: BUCKET - value: test-bucket - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: "/var/run/secrets/kubernetes.io/serviceaccount/token" - - name: STS_POLICY - value: "/var/run/secrets/sts.min.io/policy.json" - - name: STS_CA_PATH - value: "/var/run/secrets/sts.min.io/ca.crt" - diff --git a/examples/kustomization/tenant-PolicyBinding/sts-client.yaml b/examples/kustomization/tenant-PolicyBinding/sts-client.yaml new file mode 100644 index 00000000000..0ef2c8ec3f0 --- /dev/null +++ b/examples/kustomization/tenant-PolicyBinding/sts-client.yaml @@ -0,0 +1,84 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: client +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: client + name: stsclient-sa +--- +apiVersion: sts.min.io/v1beta1 +kind: PolicyBinding +metadata: + name: binding-1 + namespace: minio-tenant-1 +spec: + application: + namespace: client + serviceaccount: stsclient-sa + policies: + - test-bucket-rw +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: sts-policy + namespace: client +data: + policy.json: | + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "s3:ListAllMyBuckets" + ], + "Resource": [ + "*" + ] + } + ] + } +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: sts-example-job + namespace: client +spec: + backoffLimit: 5 + template: + spec: + restartPolicy: OnFailure + serviceAccountName: stsclient-sa + serviceAccount: stsclient-sa + containers: + - name: sts-client + image: minio/operator-sts-example:minio-go + env: + - name: MINIO_ENPOINT + value: https://minio.minio-tenant-1.svc.cluster.local:9443 + - name: STS_ENDPOINT + value: https://sts.minio-operator.svc.cluster.local:4223 + - name: TENANT_NAMESPACE + value: minio-tenant-1 + - name: BUCKET + value: test-bucket + - name: AWS_WEB_IDENTITY_TOKEN_FILE + value: /var/run/secrets/kubernetes.io/serviceaccount/token + - name: STS_POLICY + value: /var/run/secrets/sts.min.io/policy.json + - name: STS_CA_PATH + value: /var/run/secrets/sts.min.io/ca.crt + volumeMounts: + - name: sts-policy + mountPath: /var/run/secrets/sts.min.io/policy.json + subPath: policy.json + volumes: + - name: sts-policy + configMap: + name: sts-policy + defaultMode: 0744 From 92bd682e98c513d1b79b9782fc59f01887514d4f Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Mon, 27 Feb 2023 01:06:29 -0800 Subject: [PATCH 07/47] example clients and tests checkpoint --- .github/workflows/kubernetes-tests.yml | 45 +++++++++++++- .../awssdk/python/job.yaml | 39 ------------ .../awssdk/python/main.py | 61 ++++++++++--------- .../iam-setup-bucket.yaml | 6 +- .../tenant-PolicyBinding/kustomization.yaml | 8 --- .../tenant-PolicyBinding/miniosdk/go/main.go | 8 +-- .../miniosdk/python/main.py | 31 +++++----- .../tenant-PolicyBinding/policy-binding.yaml | 11 ++++ .../tenant-PolicyBinding/sts-client.yaml | 37 +++++------ .../tenant-PolicyBinding/tenant.yaml | 26 -------- testing/common.sh | 42 +++++++++++++ .../setup-bucket/kustomization.yaml | 6 ++ .../sts-client/kustomization.yaml | 5 ++ .../tenant-certmanager/kustomization.yaml | 13 ++++ .../tenant-certmanager/tenantNamePatch.yaml | 3 + .../tenant/kustomization.yaml | 13 ++++ .../tenant/tenantNamePatch.yaml | 3 + testing/test-policy-binding+certmanager.sh | 41 +++++++++++++ testing/test-policy-binding.sh | 41 +++++++++++++ 19 files changed, 296 insertions(+), 143 deletions(-) delete mode 100644 examples/kustomization/tenant-PolicyBinding/awssdk/python/job.yaml delete mode 100644 examples/kustomization/tenant-PolicyBinding/kustomization.yaml create mode 100644 examples/kustomization/tenant-PolicyBinding/policy-binding.yaml delete mode 100644 examples/kustomization/tenant-PolicyBinding/tenant.yaml create mode 100644 testing/tenant-policyBinding/setup-bucket/kustomization.yaml create mode 100644 testing/tenant-policyBinding/sts-client/kustomization.yaml create mode 100644 testing/tenant-policyBinding/tenant-certmanager/kustomization.yaml create mode 100644 testing/tenant-policyBinding/tenant-certmanager/tenantNamePatch.yaml create mode 100644 testing/tenant-policyBinding/tenant/kustomization.yaml create mode 100644 testing/tenant-policyBinding/tenant/tenantNamePatch.yaml create mode 100644 testing/test-policy-binding+certmanager.sh create mode 100644 testing/test-policy-binding.sh diff --git a/.github/workflows/kubernetes-tests.yml b/.github/workflows/kubernetes-tests.yml index c2b860f8f35..38773153cc6 100644 --- a/.github/workflows/kubernetes-tests.yml +++ b/.github/workflows/kubernetes-tests.yml @@ -240,4 +240,47 @@ jobs: - name: Tenant KES run: | "${GITHUB_WORKSPACE}/testing/console-tenant+kes.sh" - + + test-policy-binding: + runs-on: ${{ matrix.os }} + needs: + - logsearch + - operator + - lint + - gotest + - getdeps + - govet + strategy: + matrix: + go-version: [ 1.19.x ] + os: [ ubuntu-latest ] + steps: + - uses: actions/checkout@v2 + - uses: actions/setup-go@v2 + with: + go-version: ${{ matrix.go-version }} + - name: Test PolicyBinding CRD and sts call on kind + run: | + "${GITHUB_WORKSPACE}/testing/test-policy-binding.sh" + + test-policy-binding: + runs-on: ${{ matrix.os }} + needs: + - logsearch + - operator + - lint + - gotest + - getdeps + - govet + strategy: + matrix: + go-version: [ 1.19.x ] + os: [ ubuntu-latest ] + steps: + - uses: actions/checkout@v2 + - uses: actions/setup-go@v2 + with: + go-version: ${{ matrix.go-version }} + - name: Test PolicyBinding CRD and sts call on kind with certmanager + run: | + "${GITHUB_WORKSPACE}/testing/test-policy-binding+certmanager.sh" \ No newline at end of file diff --git a/examples/kustomization/tenant-PolicyBinding/awssdk/python/job.yaml b/examples/kustomization/tenant-PolicyBinding/awssdk/python/job.yaml deleted file mode 100644 index f75a65f0102..00000000000 --- a/examples/kustomization/tenant-PolicyBinding/awssdk/python/job.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: myapplication ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - namespace: myapplication - name: app ---- -apiVersion: sts.min.io/v1beta1 -kind: PolicyBinding -metadata: - namespace: minio-tenant-1 -spec: - application: - namespace: myapplication - serviceaccount: app - policies: - - kafka-rw ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: python-example - namespace: myapplication -spec: - serviceAccountName: app - backoffLimit: 1 - template: - spec: - restartPolicy: Never - containers: - - name: python-sdk - image: pjuarezd/minio-operator-sts-example-python - # env: - # - name: AWS_WEB_IDENTITY_TOKEN_FILE - # value: /var/run/secrets/kubernetes.io/serviceaccount/token diff --git a/examples/kustomization/tenant-PolicyBinding/awssdk/python/main.py b/examples/kustomization/tenant-PolicyBinding/awssdk/python/main.py index 508753e48fd..a9bc1727665 100644 --- a/examples/kustomization/tenant-PolicyBinding/awssdk/python/main.py +++ b/examples/kustomization/tenant-PolicyBinding/awssdk/python/main.py @@ -1,46 +1,51 @@ -#Example with AWS Python SDK import boto3 +import os +import sys +from urllib.parse import urlparse -an_policy = """ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "s3:*" - ], - "Resource": [ - "arn:aws:s3:::*" - ] - } - ] -} -""" -#boto3.set_stream_logger(name='botocore') -sts = boto3.client('sts', endpoint_url='http://sts.minio-operator.svc.cluster.local:4223/sts/minio-tenant-1', verify=False) - -jwt_token_path = '/var/run/secrets/kubernetes.io/serviceaccount/token' - -sa_jwt = open(jwt_token_path, "r") +sts_endpoint = os.getenv("STS_ENDPOINT") +tenant_endpoint = os.getenv("MINIO_ENDPOINT") +tenant_namespace = os.getenv("TENANT_NAMESPACE") +token_path = os.getenv("AWS_WEB_IDENTITY_TOKEN_FILE") +bucket = os.getenv("BUCKET") +policy_path = os.getenv("STS_POLICY") + +policy = None + +if policy_path is not None: + with open(policy_path, "r") as f: + policy = f.read() + +stsUrl = urlparse(tenant_endpoint) +stsUrl.path = stsUrl.path + f"/{tenant_namespace}" + +sts = boto3.client('sts', endpoint_url=stsUrl.geturl(), verify=False) + +with open(token_path, "r") as f: + sa_jwt = f.read() + +if sa_jwt is "" or sa_jwt is None: + print("Token is empty") + sys.exit(1) assumed_role_object = sts.assume_role_with_web_identity( - RoleArn='arn:aws:iam::111111111:root', + RoleArn='arn:aws:iam::111111111:root', #In AWS SDK RoleArn parameter is mandatory RoleSessionName='optional-session-name', - Policy=an_policy, + Policy=policy, DurationSeconds=25536, - WebIdentityToken=sa_jwt.read() + WebIdentityToken=sa_jwt ) credentials = assumed_role_object['Credentials'] print(credentials) +tenantUrl = urlparse(tenant_endpoint) s3_client = boto3.resource('s3', aws_access_key_id=credentials['AccessKeyId'], aws_secret_access_key=credentials['SecretAccessKey'], aws_session_token=credentials['SessionToken'], - endpoint_url='https://minio.minio-tenant-1.svc.cluster.local', verify=False) + endpoint_url=tenantUrl.geturl(), verify=False) -my_bucket = s3_client.Bucket('test-bucket') +my_bucket = s3_client.Bucket(bucket) for my_bucket_object in my_bucket.objects.all(): print(my_bucket_object) diff --git a/examples/kustomization/tenant-PolicyBinding/iam-setup-bucket.yaml b/examples/kustomization/tenant-PolicyBinding/iam-setup-bucket.yaml index ad9354be9db..5257ddac812 100644 --- a/examples/kustomization/tenant-PolicyBinding/iam-setup-bucket.yaml +++ b/examples/kustomization/tenant-PolicyBinding/iam-setup-bucket.yaml @@ -2,14 +2,12 @@ apiVersion: v1 kind: ConfigMap metadata: name: start-config-script - namespace: minio-tenant-1 data: setup.sh: | #!/bin/bash mc mb local/test-bucket + mc mb local/other-bucket mc admin policy add local test-bucket-rw /start-config/bucket-policy.json - mc admin user add local bucket-user bucket-user - mc admin policy set local test-bucket-rw user=bucket-user bucket-policy.json: | { "Version": "2012-10-17", @@ -26,13 +24,11 @@ data: } ] } - --- apiVersion: batch/v1 kind: Job metadata: name: setup-bucket - namespace: minio-tenant-1 spec: backoffLimit: 5 template: diff --git a/examples/kustomization/tenant-PolicyBinding/kustomization.yaml b/examples/kustomization/tenant-PolicyBinding/kustomization.yaml deleted file mode 100644 index b315e6267bb..00000000000 --- a/examples/kustomization/tenant-PolicyBinding/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ../base -namespace: tenant-PolicyBinding -patchesStrategicMerge: - - tenant.yaml - diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/go/main.go b/examples/kustomization/tenant-PolicyBinding/miniosdk/go/main.go index 3925992020f..f7aa048482a 100644 --- a/examples/kustomization/tenant-PolicyBinding/miniosdk/go/main.go +++ b/examples/kustomization/tenant-PolicyBinding/miniosdk/go/main.go @@ -35,6 +35,7 @@ func main() { stsEndpoint := os.Getenv("STS_ENDPOINT") tenantNamespace := os.Getenv("TENANT_NAMESPACE") bucketName := os.Getenv("BUCKET") + kubeRootCApath := os.Getenv("KUBERNETES_CA_PATH") token, err := getToken() if err != nil { @@ -74,7 +75,7 @@ func main() { panic(1) } - caCertificate, err := getKubernetesCACertificates() + caCertificate, err := getFile(kubeRootCApath) if err != nil { log.Fatalf("Error loading CA Certifiate : %s", err) panic(1) @@ -125,7 +126,6 @@ func getToken() (string, error) { return string(fileContent), nil } -func getKubernetesCACertificates() ([]byte, error) { - kubeRootCApath := "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" - return ioutil.ReadFile(kubeRootCApath) +func getFile(path string) ([]byte, error) { + return ioutil.ReadFile(path) } diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/python/main.py b/examples/kustomization/tenant-PolicyBinding/miniosdk/python/main.py index ef5d0552a1d..afac4bbbcc6 100644 --- a/examples/kustomization/tenant-PolicyBinding/miniosdk/python/main.py +++ b/examples/kustomization/tenant-PolicyBinding/miniosdk/python/main.py @@ -1,26 +1,29 @@ from minio import Minio -from minio.credentials import AssumeRoleProvider -import os +from minio.credentials import IamAwsProvider from urllib.parse import urlparse +import os +import sys -# STS endpoint usually point to MinIO server. sts_endpoint = os.getenv("STS_ENDPOINT") tenant_endpoint = os.getenv("MINIO_ENDPOINT") +tenant_namespace = os.getenv("TENANT_NAMESPACE") +token_path = os.getenv("AWS_WEB_IDENTITY_TOKEN_FILE") bucket = os.getenv("BUCKET") -# Policy if available. -policy_path = os.getenv("STS_POLICY") -policy = "" -if policy_path is not None: - f = open("demofile.txt", "r") - policy =f.read() +with open(token_path, "r") as f: + sa_jwt = f.read() + +if sa_jwt is "" or sa_jwt is None: + print("Token is empty") + sys.exit(1) + +stsUrl = urlparse(tenant_endpoint) +stsUrl.path = stsUrl.path + f"/{tenant_namespace}" + +provider = IamAwsProvider(stsUrl.geturl()) -provider = AssumeRoleProvider( - sts_endpoint, - policy=policy -) tenantUrl = urlparse(tenant_endpoint) -client = Minio(f"{tenantUrl.hostname}:{tenantUrl.port}", credentials=provider, secure=tenantUrl.scheme == "https") +client = Minio(f"{tenantUrl.hostname}:{tenantUrl.port}/{tenantUrl.path}", credentials=provider, secure=tenantUrl.scheme == "https") # Get information of an object. stat = client.list_objects(bucket) diff --git a/examples/kustomization/tenant-PolicyBinding/policy-binding.yaml b/examples/kustomization/tenant-PolicyBinding/policy-binding.yaml new file mode 100644 index 00000000000..bafaca030f8 --- /dev/null +++ b/examples/kustomization/tenant-PolicyBinding/policy-binding.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: sts.min.io/v1beta1 +kind: PolicyBinding +metadata: + name: binding-1 +spec: + application: + namespace: sts-client + serviceaccount: stsclient-sa + policies: + - test-bucket-rw diff --git a/examples/kustomization/tenant-PolicyBinding/sts-client.yaml b/examples/kustomization/tenant-PolicyBinding/sts-client.yaml index 0ef2c8ec3f0..a0642b5bce9 100644 --- a/examples/kustomization/tenant-PolicyBinding/sts-client.yaml +++ b/examples/kustomization/tenant-PolicyBinding/sts-client.yaml @@ -1,26 +1,14 @@ apiVersion: v1 kind: Namespace metadata: - name: client + name: sts-client --- apiVersion: v1 kind: ServiceAccount metadata: - namespace: client + namespace: sts-client name: stsclient-sa --- -apiVersion: sts.min.io/v1beta1 -kind: PolicyBinding -metadata: - name: binding-1 - namespace: minio-tenant-1 -spec: - application: - namespace: client - serviceaccount: stsclient-sa - policies: - - test-bucket-rw ---- apiVersion: v1 kind: ConfigMap metadata: @@ -47,7 +35,7 @@ apiVersion: batch/v1 kind: Job metadata: name: sts-example-job - namespace: client + namespace: sts-client spec: backoffLimit: 5 template: @@ -70,15 +58,28 @@ spec: - name: AWS_WEB_IDENTITY_TOKEN_FILE value: /var/run/secrets/kubernetes.io/serviceaccount/token - name: STS_POLICY - value: /var/run/secrets/sts.min.io/policy.json - - name: STS_CA_PATH + value: /tmp/policy.json + - name: STS_CA_PATH # When Certmanager is used will load the ca in this file value: /var/run/secrets/sts.min.io/ca.crt + - name: KUBERNETES_CA_PATH + value: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt volumeMounts: - name: sts-policy - mountPath: /var/run/secrets/sts.min.io/policy.json + mountPath: /tmp/policy.json subPath: policy.json + - name: tenant-certmanager-tls + mountPath: /var/run/secrets/sts.min.io/ volumes: - name: sts-policy configMap: name: sts-policy defaultMode: 0744 + - name: tenant-certmanager-tls + projected: + sources: + - secret: + name: tenant-certmanager-tls + optional: true + items: + - key: ca.crt + path: ca.crt diff --git a/examples/kustomization/tenant-PolicyBinding/tenant.yaml b/examples/kustomization/tenant-PolicyBinding/tenant.yaml deleted file mode 100644 index 6615726a688..00000000000 --- a/examples/kustomization/tenant-PolicyBinding/tenant.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: minio.min.io/v2 -kind: Tenant -metadata: - name: storage - namespace: minio-tenant-1 -spec: - ## Specification for MinIO Pool(s) in this Tenant. - pools: - ## Servers specifies the number of MinIO Tenant Pods / Servers in this pool. - ## For standalone mode, supply 1. For distributed mode, supply 4 or more. - ## Note that the operator does not support upgrading from standalone to distributed mode. - - servers: 4 - ## custom pool name - name: pool-0 - ## volumesPerServer specifies the number of volumes attached per MinIO Tenant Pod / Server. - volumesPerServer: 2 - ## This VolumeClaimTemplate is used across all the volumes provisioned for MinIO Tenant in this Pool. - volumeClaimTemplate: - metadata: - name: data - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 2Gi diff --git a/testing/common.sh b/testing/common.sh index 9a61a362f63..008c207c455 100644 --- a/testing/common.sh +++ b/testing/common.sh @@ -284,6 +284,20 @@ function install_tenant() { echo "Installing lite tenant from current branch" try kubectl apply -k "${SCRIPT_DIR}/../testing/tenant-prometheus" + elif [ "$1" = "policyBinding" ]; then + namespace="minio-tenant-1" + key=v1.min.io/tenant + value=storage-policyBinding + echo "Installing policyBinding tenant from current branch" + + try kubectl apply -k "${SCRIPT_DIR}/../testing/tenant-policyBinding/tenant" + elif [ "$1" = "policyBinding-cm" ]; then + namespace="minio-tenant-1" + key=v1.min.io/tenant + value=storage-policyBinding + echo "Installing policyBinding tenant with cert manager from current branch" + + try kubectl apply -k "${SCRIPT_DIR}/../testing/tenant-policyBinding/tenant-certmanager" elif [ -e $1 ]; then namespace="tenant-lite" key=v1.min.io/tenant @@ -316,6 +330,34 @@ function install_tenant() { } +function setup_sts_bucket() { + try kubectl apply -k "${SCRIPT_DIR}/../testing/tenant-policyBinding/setup-bucket" + # TODO wait for job to end +} + +function install_sts_client() { + + client_namespace = "$1" + key=batch/v1 + value=sts-example-job + + if [ $# -ge 2 ]; then + tenant_namespace = "$2" + echo "Second argument provided" + if [ "$3" = "cm" ]; then + # When certmanager issues the certificates, we copy the certificate to a secret in the client namespace + try kubectl get secrets -n $tenant_namespace tenant-certmanager-tls -o=jsonpath='{.data.ca\.crt}' | base64 -d > ca.crt + try kubectl create secret generic tenant-certmanager-tls --from-file=ca.crt -n $client_namespace + fi + else + echo "No third argument provided" + fi + + try kubectl apply -k "${SCRIPT_DIR}/../testing/tenant-policyBinding/sts-client" + # TODO wait for job to end + +} + # Port forward function port_forward() { namespace=$1 diff --git a/testing/tenant-policyBinding/setup-bucket/kustomization.yaml b/testing/tenant-policyBinding/setup-bucket/kustomization.yaml new file mode 100644 index 00000000000..569af5e0423 --- /dev/null +++ b/testing/tenant-policyBinding/setup-bucket/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: minio-tenant-1 +resources: + - ../../../examples/kustomization/tenant-PolicyBinding/iam-setup-bucket.yaml + - ../../../examples/kustomization/tenant-PolicyBinding/policy-binding.yaml diff --git a/testing/tenant-policyBinding/sts-client/kustomization.yaml b/testing/tenant-policyBinding/sts-client/kustomization.yaml new file mode 100644 index 00000000000..73aba1e6be5 --- /dev/null +++ b/testing/tenant-policyBinding/sts-client/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../../examples/kustomization/tenant-PolicyBinding/sts-client.yaml diff --git a/testing/tenant-policyBinding/tenant-certmanager/kustomization.yaml b/testing/tenant-policyBinding/tenant-certmanager/kustomization.yaml new file mode 100644 index 00000000000..6f53adf1c55 --- /dev/null +++ b/testing/tenant-policyBinding/tenant-certmanager/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../../examples/kustomization/tenant-certmanager +namespace: tenant-policyBinding +patchesJson6902: + - target: + group: minio.min.io + version: v2 + kind: Tenant + name: storage-certmanager + path: tenantNamePatch.yaml diff --git a/testing/tenant-policyBinding/tenant-certmanager/tenantNamePatch.yaml b/testing/tenant-policyBinding/tenant-certmanager/tenantNamePatch.yaml new file mode 100644 index 00000000000..419a10a4564 --- /dev/null +++ b/testing/tenant-policyBinding/tenant-certmanager/tenantNamePatch.yaml @@ -0,0 +1,3 @@ +- op: replace + path: /metadata/name + value: storage-policyBinding \ No newline at end of file diff --git a/testing/tenant-policyBinding/tenant/kustomization.yaml b/testing/tenant-policyBinding/tenant/kustomization.yaml new file mode 100644 index 00000000000..5b647412631 --- /dev/null +++ b/testing/tenant-policyBinding/tenant/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../../examples/kustomization/tenant-lite +namespace: tenant-policyBinding +patchesJson6902: + - target: + group: minio.min.io + version: v2 + kind: Tenant + name: storage-lite + path: tenantNamePatch.yaml \ No newline at end of file diff --git a/testing/tenant-policyBinding/tenant/tenantNamePatch.yaml b/testing/tenant-policyBinding/tenant/tenantNamePatch.yaml new file mode 100644 index 00000000000..419a10a4564 --- /dev/null +++ b/testing/tenant-policyBinding/tenant/tenantNamePatch.yaml @@ -0,0 +1,3 @@ +- op: replace + path: /metadata/name + value: storage-policyBinding \ No newline at end of file diff --git a/testing/test-policy-binding+certmanager.sh b/testing/test-policy-binding+certmanager.sh new file mode 100644 index 00000000000..39a1015226d --- /dev/null +++ b/testing/test-policy-binding+certmanager.sh @@ -0,0 +1,41 @@ +#!/usr/bin/env bash +# Copyright (C) 2023, MinIO, Inc. +# +# This code is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License, version 3, +# as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License, version 3, +# along with this program. If not, see + +# This script requires: kubectl, kind + +SCRIPT_DIR=$(dirname "$0") +export SCRIPT_DIR + +source "${SCRIPT_DIR}/common.sh" + +function main() { + destroy_kind + + setup_kind + + install_operator + + install_tenant "policyBinding-cm" + + check_tenant_status minio-tenant-1 storage-policyBinding + + setup_sts_bucket + + install_sts_client sts-client minio-tenant-1 "cm" + + destroy_kind +} + +main "$@" diff --git a/testing/test-policy-binding.sh b/testing/test-policy-binding.sh new file mode 100644 index 00000000000..4767392d8bd --- /dev/null +++ b/testing/test-policy-binding.sh @@ -0,0 +1,41 @@ +#!/usr/bin/env bash +# Copyright (C) 2023, MinIO, Inc. +# +# This code is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License, version 3, +# as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License, version 3, +# along with this program. If not, see + +# This script requires: kubectl, kind + +SCRIPT_DIR=$(dirname "$0") +export SCRIPT_DIR + +source "${SCRIPT_DIR}/common.sh" + +function main() { + destroy_kind + + setup_kind + + install_operator + + install_tenant "policyBinding" + + check_tenant_status tenant-policyBinding storage-policyBinding + + setup_sts_bucket + + install_sts_client sts-client + + destroy_kind +} + +main "$@" From 1b0fd7008155f5ea0eb1b35bac930bcaa778ba44 Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Mon, 27 Feb 2023 01:13:37 -0800 Subject: [PATCH 08/47] shellcheck linter --- testing/common.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/testing/common.sh b/testing/common.sh index 008c207c455..0e11d74f3de 100644 --- a/testing/common.sh +++ b/testing/common.sh @@ -337,12 +337,12 @@ function setup_sts_bucket() { function install_sts_client() { - client_namespace = "$1" + client_namespace="$1" key=batch/v1 value=sts-example-job if [ $# -ge 2 ]; then - tenant_namespace = "$2" + tenant_namespace="$2" echo "Second argument provided" if [ "$3" = "cm" ]; then # When certmanager issues the certificates, we copy the certificate to a secret in the client namespace From ae3a68bb192ff75881ea1eaf1b2cd34a0651ba15 Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Mon, 27 Feb 2023 03:36:09 -0800 Subject: [PATCH 09/47] one step closer --- .../tenant-PolicyBinding/Makefile | 2 +- .../tenant-PolicyBinding/kustomization.yaml | 5 +++++ .../miniosdk/go/Dockerfile | 4 ++-- .../tenant-PolicyBinding/miniosdk/go/main.go | 5 +++-- .../tenant-PolicyBinding/policy-binding.yaml | 2 +- .../tenant-PolicyBinding/sts-client.yaml | 21 +++++++++++++------ testing/common.sh | 20 ++++++++++-------- .../setup-bucket/kustomization.yaml | 3 +-- .../sts-client/kustomization.yaml | 2 +- testing/test-policy-binding+certmanager.sh | 12 ++++++++++- testing/test-policy-binding.sh | 12 ++++++++++- 11 files changed, 62 insertions(+), 26 deletions(-) create mode 100644 examples/kustomization/tenant-PolicyBinding/kustomization.yaml mode change 100644 => 100755 testing/test-policy-binding+certmanager.sh mode change 100644 => 100755 testing/test-policy-binding.sh diff --git a/examples/kustomization/tenant-PolicyBinding/Makefile b/examples/kustomization/tenant-PolicyBinding/Makefile index 890b8311a4b..f2cab96cebc 100644 --- a/examples/kustomization/tenant-PolicyBinding/Makefile +++ b/examples/kustomization/tenant-PolicyBinding/Makefile @@ -17,4 +17,4 @@ miniosdkjava: awssdkpython: @cd awssdk/python/ && \ - docker buildx build --platform=linux/amd64 -t minio/operator-sts-example:aws-python . \ No newline at end of file + docker buildx build --platform=linux/amd64 -t minio/operator-sts-example:aws-python . diff --git a/examples/kustomization/tenant-PolicyBinding/kustomization.yaml b/examples/kustomization/tenant-PolicyBinding/kustomization.yaml new file mode 100644 index 00000000000..698771d3828 --- /dev/null +++ b/examples/kustomization/tenant-PolicyBinding/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - policy-binding.yaml + - sts-client.yaml \ No newline at end of file diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/go/Dockerfile b/examples/kustomization/tenant-PolicyBinding/miniosdk/go/Dockerfile index 44b41cf1fed..c4823c53c7a 100644 --- a/examples/kustomization/tenant-PolicyBinding/miniosdk/go/Dockerfile +++ b/examples/kustomization/tenant-PolicyBinding/miniosdk/go/Dockerfile @@ -7,6 +7,6 @@ RUN \ RUN mkdir /app WORKDIR /app -COPY client /app/ +COPY client /app/client -CMD ["./app/client"] +CMD ["/app/client"] diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/go/main.go b/examples/kustomization/tenant-PolicyBinding/miniosdk/go/main.go index f7aa048482a..595dadecf57 100644 --- a/examples/kustomization/tenant-PolicyBinding/miniosdk/go/main.go +++ b/examples/kustomization/tenant-PolicyBinding/miniosdk/go/main.go @@ -36,6 +36,7 @@ func main() { tenantNamespace := os.Getenv("TENANT_NAMESPACE") bucketName := os.Getenv("BUCKET") kubeRootCApath := os.Getenv("KUBERNETES_CA_PATH") + // certManagerCAPath := os.Getenv("STS_CA_PATH") token, err := getToken() if err != nil { @@ -81,7 +82,7 @@ func main() { panic(1) } - transport, err := minio.DefaultTransport(tenantEndpointURL.Scheme == "https") + transport, err := minio.DefaultTransport(true) if err != nil { log.Fatalf("Error creating default transport : %s", err) panic(1) @@ -94,7 +95,7 @@ func main() { minioClient, err := minio.New(tenantEndpointURL.Host, &minio.Options{ Creds: sts, - Secure: tenantEndpointURL.Scheme == "https", + Secure: true, Transport: transport, }) diff --git a/examples/kustomization/tenant-PolicyBinding/policy-binding.yaml b/examples/kustomization/tenant-PolicyBinding/policy-binding.yaml index bafaca030f8..ac1ad721354 100644 --- a/examples/kustomization/tenant-PolicyBinding/policy-binding.yaml +++ b/examples/kustomization/tenant-PolicyBinding/policy-binding.yaml @@ -1,8 +1,8 @@ ---- apiVersion: sts.min.io/v1beta1 kind: PolicyBinding metadata: name: binding-1 + namespace: minio-tenant-1 spec: application: namespace: sts-client diff --git a/examples/kustomization/tenant-PolicyBinding/sts-client.yaml b/examples/kustomization/tenant-PolicyBinding/sts-client.yaml index a0642b5bce9..7ad29f0f6c2 100644 --- a/examples/kustomization/tenant-PolicyBinding/sts-client.yaml +++ b/examples/kustomization/tenant-PolicyBinding/sts-client.yaml @@ -10,10 +10,19 @@ metadata: name: stsclient-sa --- apiVersion: v1 +kind: Secret +metadata: + name: sts-client-secret + namespace: sts-client + annotations: + kubernetes.io/service-account.name: stsclient-sa +type: kubernetes.io/service-account-token +--- +apiVersion: v1 kind: ConfigMap metadata: name: sts-policy - namespace: client + namespace: sts-client data: policy.json: | { @@ -78,8 +87,8 @@ spec: projected: sources: - secret: - name: tenant-certmanager-tls - optional: true - items: - - key: ca.crt - path: ca.crt + name: tenant-certmanager-tls + optional: true + items: + - key: ca.crt + path: ca.crt diff --git a/testing/common.sh b/testing/common.sh index 0e11d74f3de..491730c2547 100644 --- a/testing/common.sh +++ b/testing/common.sh @@ -331,31 +331,33 @@ function install_tenant() { } function setup_sts_bucket() { - try kubectl apply -k "${SCRIPT_DIR}/../testing/tenant-policyBinding/setup-bucket" + try kubectl apply -k "${SCRIPT_DIR}/../examples/kustomization/tenant-policyBinding/iam-setup-bucket.yaml" # TODO wait for job to end } function install_sts_client() { - - client_namespace="$1" + clien="$1" key=batch/v1 value=sts-example-job + # Build and load client images + (cd "${SCRIPT_DIR}/../examples/kustomization/tenant-PolicyBinding" && make) + try kind load docker-image "minio/operator-sts-example:${client}" + + client_namespace="sts-client" + tenant_namespace="minio-tenant-1" + if [ $# -ge 2 ]; then - tenant_namespace="$2" - echo "Second argument provided" - if [ "$3" = "cm" ]; then + if [ "$2" = "cm" ]; then + echo "Setting up certmanager CA secret" # When certmanager issues the certificates, we copy the certificate to a secret in the client namespace try kubectl get secrets -n $tenant_namespace tenant-certmanager-tls -o=jsonpath='{.data.ca\.crt}' | base64 -d > ca.crt try kubectl create secret generic tenant-certmanager-tls --from-file=ca.crt -n $client_namespace fi - else - echo "No third argument provided" fi try kubectl apply -k "${SCRIPT_DIR}/../testing/tenant-policyBinding/sts-client" # TODO wait for job to end - } # Port forward diff --git a/testing/tenant-policyBinding/setup-bucket/kustomization.yaml b/testing/tenant-policyBinding/setup-bucket/kustomization.yaml index 569af5e0423..509c76282ea 100644 --- a/testing/tenant-policyBinding/setup-bucket/kustomization.yaml +++ b/testing/tenant-policyBinding/setup-bucket/kustomization.yaml @@ -2,5 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: minio-tenant-1 resources: - - ../../../examples/kustomization/tenant-PolicyBinding/iam-setup-bucket.yaml - - ../../../examples/kustomization/tenant-PolicyBinding/policy-binding.yaml + - ../../../examples/kustomization/tenant-PolicyBinding/ \ No newline at end of file diff --git a/testing/tenant-policyBinding/sts-client/kustomization.yaml b/testing/tenant-policyBinding/sts-client/kustomization.yaml index 73aba1e6be5..bc5d108b872 100644 --- a/testing/tenant-policyBinding/sts-client/kustomization.yaml +++ b/testing/tenant-policyBinding/sts-client/kustomization.yaml @@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ../../../examples/kustomization/tenant-PolicyBinding/sts-client.yaml + - ../../../examples/kustomization/tenant-PolicyBinding/ diff --git a/testing/test-policy-binding+certmanager.sh b/testing/test-policy-binding+certmanager.sh old mode 100644 new mode 100755 index 39a1015226d..e6d982bda9a --- a/testing/test-policy-binding+certmanager.sh +++ b/testing/test-policy-binding+certmanager.sh @@ -33,7 +33,17 @@ function main() { setup_sts_bucket - install_sts_client sts-client minio-tenant-1 "cm" + # install_sts_client "minio-dotnet" "cm" + + install_sts_client "minio-go" "cm" + + install_sts_client "minio-java" "cm" + + # install_sts_client "minio-javascript" + + install_sts_client "minio-python" + + install_sts_client "aws-python" destroy_kind } diff --git a/testing/test-policy-binding.sh b/testing/test-policy-binding.sh old mode 100644 new mode 100755 index 4767392d8bd..62240793070 --- a/testing/test-policy-binding.sh +++ b/testing/test-policy-binding.sh @@ -33,7 +33,17 @@ function main() { setup_sts_bucket - install_sts_client sts-client + # install_sts_client "minio-dotnet" + + install_sts_client "minio-go" + + install_sts_client "minio-java" + + # install_sts_client "minio-javascript" + + install_sts_client "minio-python" + + install_sts_client "aws-python" destroy_kind } From 416b4582f20cbdf0769fcd52d19d68de49c99fb5 Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Mon, 27 Feb 2023 16:03:50 -0800 Subject: [PATCH 10/47] fix typo --- testing/common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testing/common.sh b/testing/common.sh index 491730c2547..e86c8196f95 100644 --- a/testing/common.sh +++ b/testing/common.sh @@ -336,7 +336,7 @@ function setup_sts_bucket() { } function install_sts_client() { - clien="$1" + client="$1" key=batch/v1 value=sts-example-job From c0f614cf021a8d8da2ea051f2e401fd7cd0ab9c7 Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Mon, 27 Feb 2023 17:00:59 -0800 Subject: [PATCH 11/47] madmin-go v2 --- go.sum | 1 + pkg/controller/cluster/sts.go | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/go.sum b/go.sum index bebc27e0d2c..019a4071f50 100644 --- a/go.sum +++ b/go.sum @@ -582,6 +582,7 @@ github.com/minio/colorjson v1.0.4 h1:sNJYTb2uNswdqmGARg9wrogCX8+GRZzEacYbJT86e00 github.com/minio/colorjson v1.0.4/go.mod h1:ZgE8vYon4xC4yfBPclP/2gqMRYw+p+xRsBbLMDKdb9M= github.com/minio/filepath v1.0.0 h1:fvkJu1+6X+ECRA6G3+JJETj4QeAYO9sV43I79H8ubDY= github.com/minio/filepath v1.0.0/go.mod h1:/nRZA2ldl5z6jT9/KQuvZcQlxZIMQoFFQPvEXx9T/Bw= +github.com/minio/madmin-go v1.6.6 h1:YwubKSJFeMXjW8RWOiXIhLaiTEC/rMJH2U0M57xsORA= github.com/minio/madmin-go v1.6.6/go.mod h1:ATvkBOLiP3av4D++2v1UEHC/QzsGtgXD5kYvvRYzdKs= github.com/minio/madmin-go/v2 v2.0.1 h1:WFfe12P18k9WSEFUZzUaBOQ78vjMBafM1YjgtXkkJoM= github.com/minio/madmin-go/v2 v2.0.1/go.mod h1:5aFi/VLWBHC2DEFfGIlUmAeJhaF4ZAjuYpEWZFU14Zw= diff --git a/pkg/controller/cluster/sts.go b/pkg/controller/cluster/sts.go index f31e738f900..eaf76ad5623 100644 --- a/pkg/controller/cluster/sts.go +++ b/pkg/controller/cluster/sts.go @@ -10,7 +10,7 @@ import ( "time" "github.com/gorilla/mux" - "github.com/minio/madmin-go" + "github.com/minio/madmin-go/v2" "github.com/minio/minio-go/v7/pkg/credentials" miniov2 "github.com/minio/operator/pkg/apis/minio.min.io/v2" xhttp "github.com/minio/operator/pkg/internal" From 7a8dca960b7a6e751438df1cadd8904e2d63d3c8 Mon Sep 17 00:00:00 2001 From: Pedro Juarez Date: Mon, 27 Feb 2023 17:14:54 -0800 Subject: [PATCH 12/47] Openshift test - install Minio Operator (#1435) * test Operator install on Openshift using crc * moar debagging * openshift install test almost complete * some bugfixing, save checkpoint * Openshift operator install test Complete * bugfix: test was stuck, test catalogsource pod was unable to pull the container. * shellcheck * rename flag to sync with https://github.com/minio/operator/pull/1441 --- .gitignore | 2 +- testing/deploy-openshift-4.sh | 40 +++ testing/openshift-common.sh | 245 ++++++++++++++++++ testing/openshift/bundle.Dockerfile | 14 + testing/openshift/tenant/kustomization.yaml | 9 + testing/openshift/tenant/tenant.yaml | 8 + .../test-operator-catalogsource.yaml | 13 + testing/openshift/test-subscription.yaml | 11 + 8 files changed, 341 insertions(+), 1 deletion(-) create mode 100755 testing/deploy-openshift-4.sh create mode 100644 testing/openshift-common.sh create mode 100644 testing/openshift/bundle.Dockerfile create mode 100644 testing/openshift/tenant/kustomization.yaml create mode 100644 testing/openshift/tenant/tenant.yaml create mode 100644 testing/openshift/test-operator-catalogsource.yaml create mode 100644 testing/openshift/test-subscription.yaml diff --git a/.gitignore b/.gitignore index 38fbecb1dfb..bbc7a23e91b 100644 --- a/.gitignore +++ b/.gitignore @@ -16,4 +16,4 @@ logsearchapi-bin minio.yaml nancy examples/.DS_Store - +testing/openshift/bundle/* diff --git a/testing/deploy-openshift-4.sh b/testing/deploy-openshift-4.sh new file mode 100755 index 00000000000..fd076f2ffd5 --- /dev/null +++ b/testing/deploy-openshift-4.sh @@ -0,0 +1,40 @@ +#!/usr/bin/env bash +# Copyright (C) 2023, MinIO, Inc. +# +# This code is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License, version 3, +# as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License, version 3, +# along with this program. If not, see + +# This script requires: kubectl, kind + +SCRIPT_DIR=$(dirname "$0") +export SCRIPT_DIR + +source "${SCRIPT_DIR}/openshift-common.sh" + +function main() { + + install_binaries + + setup_crc + + create_marketplace_catalog "certified-operators" + + install_operator "certified-operators" # "community-operators", "redhat-marketplace" + + # install_operator + # install_tenant + # check_tenant_status tenant-lite storage-lite + + destroy_crc +} + +time main "$@" diff --git a/testing/openshift-common.sh b/testing/openshift-common.sh new file mode 100644 index 00000000000..da3af403004 --- /dev/null +++ b/testing/openshift-common.sh @@ -0,0 +1,245 @@ +#!/usr/bin/env bash +# Copyright (C) 2023, MinIO, Inc. +# +# This code is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License, version 3, +# as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License, version 3, +# along with this program. If not, see + +#OPERATOR_SDK_VERSION=v1.22.2 +ARCH=`{ case "$(uname -m)" in "x86_64") echo -n "amd64";; "aarch64") echo -n "arm64";; *) echo -n "$(uname -m)";; esac; }` +MACHINE="$(uname -m)" +OS=$(uname | awk '{print tolower($0)}') +# shellcheck disable=SC2155 +export TMP_BIN_DIR="$(mktemp -d)" + +function install_binaries() { + + echo -e "\e[34mInstalling temporal binaries in $TMP_BIN_DIR\e[0m" + + #echo "kubectl" + #curl -#L "https://dl.k8s.io/release/v1.23.1/bin/$OS/$ARCH/kubectl" -o $TMP_BIN_DIR/kubectl + #chmod +x $TMP_BIN_DIR/kubectl + + #echo "mc" + #curl -#L "https://dl.min.io/client/mc/release/${OS}-${ARCH}/mc" -o $TMP_BIN_DIR/mc + #chmod +x $TMP_BIN_DIR/mc + + echo "yq" + curl -#L "https://github.com/mikefarah/yq/releases/latest/download/yq_${OS}_${ARCH}" -o $TMP_BIN_DIR/yq + chmod +x $TMP_BIN_DIR/yq + + # latest kubectl and oc + # curl -#L "https://mirror.openshift.com/pub/openshift-v4/$MACHINE/clients/ocp/stable/openshift-client-$OS.tar.gz" -o $TMP_BIN_DIR/openshift-client-$OS.tar.gz + # tar -zxvf openshift-client-$OS.tar.gz + + echo "opm" + curl -#L "https://mirror.openshift.com/pub/openshift-v4/$MACHINE/clients/ocp/stable/opm-$OS.tar.gz" -o $TMP_BIN_DIR/opm-$OS.tar.gz + tar -zxf $TMP_BIN_DIR/opm-$OS.tar.gz -C $TMP_BIN_DIR/ + chmod +x $TMP_BIN_DIR/opm + + echo "crc" + curl -#L "https://developers.redhat.com/content-gateway/rest/mirror/pub/openshift-v4/clients/crc/latest/crc-$OS-$ARCH.tar.xz" -o $TMP_BIN_DIR/crc-$OS-$ARCH.tar.xz + tar -xJf $TMP_BIN_DIR/crc-$OS-$ARCH.tar.xz -C $TMP_BIN_DIR/ --strip-components=1 + chmod +x $TMP_BIN_DIR/crc + + #echo "operator-sdk" + #curl -#L "https://github.com/operator-framework/operator-sdk/releases/download/$OPERATOR_SDK_VERSION/operator-sdk_${OS}_${ARCH}" -o ${TMP_BIN_DIR}/operator-sdk + #chmod +x $TMP_BIN_DIR/operator-sdk +} + +function remove_temp_binaries() { + echo -e "\e[34mRemoving temporary binaries in: $TMP_BIN_DIR\e[0m" + rm -rf $TMP_BIN_DIR +} + +yell() { echo "$0: $*" >&2; } + +die() { + yell "$*" + destroy_crc && exit 111 +} + +try() { "$@" || die "cannot $*"; } + +function setup_crc() { + echo -e "\e[34mConfiguring crc\e[0m" + export PATH="$TMP_BIN_DIR:$PATH" + crc config set consent-telemetry no + crc config set skip-check-root-user true + crc config set kubeadmin-password "crclocal" + crc setup + crc start -c 12 -m 20480 + eval $(crc oc-env) + eval $(crc podman-env) + # this creates a symlink "podman" from the "podman-remote", as a hack to solve the a issue with opm: + # opm has hardcoded the command name "podman" causing the index creation to fail + # https://github.com/operator-framework/operator-registry/blob/67e6777b5f5f9d337b94da98b8c550c231a8b47c/pkg/containertools/factory_podman.go#L32 + ocpath=$(dirname $(which podman-remote)) + ln -sf $ocpath/podman-remote $ocpath/podman + try crc version + echo "Waiting for podman vm come online (5m timeout)" + try timeout 600 bash -c -- 'while ! podman image ls 2> /dev/null; do sleep 1 && printf ".";done' +} + +function destroy_crc() { + echo -e "\e[34mdestroy_crc\e[0m" + + # To allow the execution without killing the cluster at the end of the test + # Use below statement to automatically test and kill cluster at the end: + # `unset OPERATOR_DEV_TEST` + # Use below statement to test and keep cluster alive at the end!: + # `export OPERATOR_DEV_TEST="ON"` + if [[ -z "${OPERATOR_DEV_TEST}" ]]; then + # OPERATOR_DEV_TEST is not defined, hence destroy_kind + echo "Cluster will be destroyed for automated testing" + crc stop + crc delete -f + remove_temp_binaries + else + echo -e "\e[33mCluster will remain alive for manual testing\e[0m" + echo "Use the following env varianbles setup" + echo "export PATH=$TMP_BIN_DIR:\$PATH" + echo "eval \$(crc oc-env)" + echo "eval \$(crc podman-env)" + fi +} + +function create_marketplace_catalog(){ + # https://redhat-connect.gitbook.io/certified-operator-guide/ocp-deployment/openshift-deployment + # https://redhat-connect.gitbook.io/certified-operator-guide/ocp-deployment/operator-metadata/bundle-directory + # https://operatorhub.io/preview + + + # Obtain catalog + catalog="$1" + if [ -z "$catalog" ] + then + die "missing catalog to install" + fi + + echo "Create Marketplace for catalog '$catalog'" + + registry="default-route-openshift-image-registry.apps-crc.testing" + operatorNamespace="openshift-operators" + marketplaceNamespace="openshift-marketplace" + operatorContainerImage="$registry/$operatorNamespace/operator:noop" + bundleContainerImage="$registry/$marketplaceNamespace/operator-bundle:noop" + indexContainerImage="$registry/$marketplaceNamespace/minio-operator-index:noop" + package="minio-operator" + if [[ "$catalog" == "redhat-marketplace" ]] + then + package=minio-operator-rhmp + fi + + echo "Compiling operator in current branch" + (cd "${SCRIPT_DIR}/.." && make operator && make logsearchapi && podman build --quiet --no-cache -t $operatorContainerImage .) + + echo "push operator image to crc registry" + podman login -u `oc whoami` -p `oc whoami --show-token` $registry/$operatorNamespace --tls-verify=false + podman push $operatorContainerImage --tls-verify=false + + echo "Image Stream for operator:" + oc get is -n $operatorNamespace operator + try oc set image-lookup operator -n $operatorNamespace + + echo "Compiling operator bundle for $catalog" + cp -r "${SCRIPT_DIR}/../$catalog/." ${SCRIPT_DIR}/openshift/bundle + yq -i ".metadata.annotations.containerImage |= (\"${operatorContainerImage}\")" ${SCRIPT_DIR}/openshift/bundle/manifests/$package.clusterserviceversion.yaml + yq -i ".annotations.\"operators.operatorframework.io.bundle.package.v1\" |= (\"${package}-noop\")" ${SCRIPT_DIR}/openshift/bundle/metadata/annotations.yaml + (cd "${SCRIPT_DIR}/.." && podman build --quiet --no-cache -t $bundleContainerImage -f ${SCRIPT_DIR}/openshift/bundle.Dockerfile ${SCRIPT_DIR}/openshift) + podman login -u `oc whoami` -p `oc whoami --show-token` $registry --tls-verify=false + + echo "push operator-bundle to crc registry" + podman push $bundleContainerImage --tls-verify=false + + echo "Image Stream for operator-bundle" + oc get is -n $marketplaceNamespace operator-bundle + try oc set image-lookup -n $marketplaceNamespace operator-bundle + + echo "Compiling marketplace index" + opm index add --bundles $bundleContainerImage --tag $indexContainerImage --skip-tls-verify=true + + echo "push minio-operator-index to crc registry" + podman push $indexContainerImage --tls-verify=false + echo "Image Stream for minio-operator-index" + try oc set image-lookup -n $marketplaceNamespace minio-operator-index + + echo "Wait for ImageStream minio-operator-index to be local available" + try oc wait -n $marketplaceNamespace is \ + --for=jsonpath='{.spec.lookupPolicy.local}'=true \ + --field-selector metadata.name=minio-operator-index \ + --timeout=300s + + echo "Create 'Test Minio Operators' marketplace catalog source" + oc create -f ${SCRIPT_DIR}/openshift/test-operator-catalogsource.yaml + sleep 5 + echo "Catalog Source:" + oc get catalogsource -n $marketplaceNamespace minio-test-operators + + catalogSourcePod=$(oc get pods -n $marketplaceNamespace -ojson| jq -r '.items[] | select(.metadata.name | startswith("minio-test-operators")) | .metadata.name') + + # Hack, for some reason the original catalgosource pod cannot pull the image. + # deleting the pod forces to create a new pod and the newly scheduled pod does have the grants to access the image registry + echo "deleting pod $catalogSourcePod" -n $marketplaceNamespace + oc delete pod $catalogSourcePod -n $marketplaceNamespace + + echo "Waiting for Package manifest to be ready (5m timeout)" + try timeout 300 bash -c -- 'while ! oc get packagemanifests -n '"$marketplaceNamespace"' | grep "Test Minio Operators" 2> /dev/null; do sleep 1 && printf ".";done' +} + +function install_operator() { + + # Obtain catalog + catalog="$1" + if [ -z "$catalog" ] + then + catalog="certified-operators" + fi + + echo -e "\e[34mInstalling Operator from catalog '$catalog'\e[0m" + + try oc create -f ${SCRIPT_DIR}/openshift/test-subscription.yaml + + echo "Subscription:" + try oc get sub -n openshift-operators test-subscription + #we wait a moment for the resource to get a status field + sleep 10s + + echo "Wait subscription to be ready (10m timeout)" + try oc wait -n openshift-operators \ + --for=jsonpath='{.status.state}'=AtLatestKnown subscription\ + --field-selector metadata.name=$(oc get subscription -n openshift-operators -o json | jq -r '.items[0] | .metadata.name') \ + --timeout=600s + + echo "Install plan:" + try oc get installplan -n openshift-operators + + echo "Waiting for install plan to be completed (10m timeout)" + oc wait -n openshift-operators \ + --for=jsonpath='{.status.phase}'=Complete installplan \ + --field-selector metadata.name=$(oc get installplan -n openshift-operators -o json | jq -r '.items[0] | .metadata.name') \ + --timeout=600s + + echo "Deployment:" + oc -n openshift-operators get deployment minio-operator + + echo "Waiting for Operator Deployment to come online (5m timeout)" + try oc wait -n openshift-operators deployment \ + --for=condition=Available \ + --field-selector metadata.name=minio-operator \ + --timeout=300s + + echo "start - get data to verify proper image is being used" + echo "Pods:" + oc get pods --namespace openshift-operators + echo "Images:" + oc describe pods -n openshift-operators | grep Image +} \ No newline at end of file diff --git a/testing/openshift/bundle.Dockerfile b/testing/openshift/bundle.Dockerfile new file mode 100644 index 00000000000..7bed518421a --- /dev/null +++ b/testing/openshift/bundle.Dockerfile @@ -0,0 +1,14 @@ +FROM scratch + +ARG CATALOG + +# Core bundle labels. +LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 +LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ +LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ +LABEL operators.operatorframework.io.bundle.package.v1=minio-operator-noop +LABEL operators.operatorframework.io.bundle.channels.v1=stable + +# Copy files to locations specified by labels. +COPY bundle/manifests /manifests/ +COPY bundle/metadata /metadata/ diff --git a/testing/openshift/tenant/kustomization.yaml b/testing/openshift/tenant/kustomization.yaml new file mode 100644 index 00000000000..1701800291d --- /dev/null +++ b/testing/openshift/tenant/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../../../examples/kustomization/tenant-lite + +patchesStrategicMerge: + - tenant.yaml + diff --git a/testing/openshift/tenant/tenant.yaml b/testing/openshift/tenant/tenant.yaml new file mode 100644 index 00000000000..3388e264ced --- /dev/null +++ b/testing/openshift/tenant/tenant.yaml @@ -0,0 +1,8 @@ +apiVersion: minio.min.io/v2 +kind: Tenant +metadata: + name: storage + namespace: minio-tenant +spec: + log: + image: quay.io/minio/operator:noop diff --git a/testing/openshift/test-operator-catalogsource.yaml b/testing/openshift/test-operator-catalogsource.yaml new file mode 100644 index 00000000000..6a8e66e33b4 --- /dev/null +++ b/testing/openshift/test-operator-catalogsource.yaml @@ -0,0 +1,13 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: CatalogSource +metadata: + name: minio-test-operators + namespace: openshift-marketplace +spec: + sourceType: grpc + image: default-route-openshift-image-registry.apps-crc.testing/openshift-marketplace/minio-operator-index:noop + displayName: Test Minio Operators + publisher: MinIO + updateStrategy: + registryPoll: + interval: 5m \ No newline at end of file diff --git a/testing/openshift/test-subscription.yaml b/testing/openshift/test-subscription.yaml new file mode 100644 index 00000000000..e15e1c41fca --- /dev/null +++ b/testing/openshift/test-subscription.yaml @@ -0,0 +1,11 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: Subscription +metadata: + name: test-subscription + namespace: openshift-operators +spec: + channel: stable + installPlanApproval: Automatic + name: minio-operator-noop + source: minio-test-operators + sourceNamespace: openshift-marketplace \ No newline at end of file From ee3e13f2114a80e12423d56fa10f257cd5bccd88 Mon Sep 17 00:00:00 2001 From: V Aretakis Date: Tue, 28 Feb 2023 20:42:13 +0100 Subject: [PATCH 13/47] Helm chart: Add priorityClass support for operator (#1423) Add priorityClass support for operator helm chart --- helm/operator/templates/operator-deployment.yaml | 3 +++ helm/operator/values.yaml | 1 + 2 files changed, 4 insertions(+) diff --git a/helm/operator/templates/operator-deployment.yaml b/helm/operator/templates/operator-deployment.yaml index b48d64cf672..af3d6fc2d8d 100644 --- a/helm/operator/templates/operator-deployment.yaml +++ b/helm/operator/templates/operator-deployment.yaml @@ -40,6 +40,9 @@ spec: topologySpreadConstraints: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.operator.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.operator.image.repository }}:{{ .Values.operator.image.tag }}" diff --git a/helm/operator/values.yaml b/helm/operator/values.yaml index 223ece07c29..44a8e03fd78 100644 --- a/helm/operator/values.yaml +++ b/helm/operator/values.yaml @@ -28,6 +28,7 @@ operator: runAsGroup: 1000 runAsNonRoot: true nodeSelector: { } + priorityClassName: "" affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: From c5f719dccd7b53d2c65ed2663445d882c761b0ef Mon Sep 17 00:00:00 2001 From: Cesar Celis Hernandez Date: Tue, 28 Feb 2023 15:20:32 -0600 Subject: [PATCH 14/47] Update versions and fix KES Test (#1457) --- .github/workflows/goreleaser.yml | 6 +-- .github/workflows/helm.yaml | 12 ++--- .github/workflows/kubernetes-tests.yml | 72 +++++++++++++------------- .github/workflows/shellcheck.yaml | 2 +- .github/workflows/vulncheck.yml | 2 +- .golangci.yml | 2 +- .goreleaser.yml | 2 +- Makefile | 2 +- go.mod | 2 +- kubectl-minio/go.mod | 2 +- logsearchapi/go.mod | 2 +- testing/common.sh | 6 --- testing/console-tenant+kes.sh | 34 +++++------- testing/kes-config.yaml | 59 +++++++++++++++++++++ 14 files changed, 126 insertions(+), 79 deletions(-) create mode 100644 testing/kes-config.yaml diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml index 72acc067844..ab4a4f3b2e8 100644 --- a/.github/workflows/goreleaser.yml +++ b/.github/workflows/goreleaser.yml @@ -10,12 +10,12 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Set up Go - uses: actions/setup-go@v2 + uses: actions/setup-go@v3 with: - go-version: 1.19.x + go-version: 1.20.x - # Add support for more platforms with QEMU (optional) # https://github.com/docker/setup-qemu-action diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index 0a6ac585eee..b52448529d8 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -22,14 +22,14 @@ jobs: runs-on: ${{ matrix.os }} strategy: matrix: - go-version: [ 1.19.x ] + go-version: [ 1.20.x ] os: [ ubuntu-latest ] # Steps represent a sequence of tasks that will be executed as part of the job steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v2 - - uses: actions/setup-go@v2 + - uses: actions/checkout@v3 + - uses: actions/setup-go@v3 with: go-version: ${{ matrix.go-version }} @@ -45,14 +45,14 @@ jobs: runs-on: ${{ matrix.os }} strategy: matrix: - go-version: [ 1.19.x ] + go-version: [ 1.20.x ] os: [ ubuntu-latest ] # Steps represent a sequence of tasks that will be executed as part of the job steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v2 - - uses: actions/setup-go@v2 + - uses: actions/checkout@v3 + - uses: actions/setup-go@v3 with: go-version: ${{ matrix.go-version }} diff --git a/.github/workflows/kubernetes-tests.yml b/.github/workflows/kubernetes-tests.yml index 38773153cc6..c654e6fc537 100644 --- a/.github/workflows/kubernetes-tests.yml +++ b/.github/workflows/kubernetes-tests.yml @@ -10,11 +10,11 @@ jobs: runs-on: ${{ matrix.os }} strategy: matrix: - go-version: [ 1.19.x ] + go-version: [ 1.20.x ] os: [ ubuntu-latest ] steps: - - uses: actions/checkout@v2 - - uses: actions/setup-go@v2 + - uses: actions/checkout@v3 + - uses: actions/setup-go@v3 with: go-version: ${{ matrix.go-version }} - name: Get Dependedencies @@ -26,12 +26,12 @@ jobs: - getdeps strategy: matrix: - go-version: [ 1.19.x ] + go-version: [ 1.20.x ] os: [ ubuntu-latest ] steps: - - uses: actions/checkout@v2 - - uses: actions/setup-go@v2 + - uses: actions/checkout@v3 + - uses: actions/setup-go@v3 with: go-version: ${{ matrix.go-version }} - name: Lint @@ -43,12 +43,12 @@ jobs: - getdeps strategy: matrix: - go-version: [ 1.19.x ] + go-version: [ 1.20.x ] os: [ ubuntu-latest ] steps: - - uses: actions/checkout@v2 - - uses: actions/setup-go@v2 + - uses: actions/checkout@v3 + - uses: actions/setup-go@v3 with: go-version: ${{ matrix.go-version }} - name: govet @@ -60,12 +60,12 @@ jobs: - getdeps strategy: matrix: - go-version: [ 1.19.x ] + go-version: [ 1.20.x ] os: [ ubuntu-latest ] steps: - - uses: actions/checkout@v2 - - uses: actions/setup-go@v2 + - uses: actions/checkout@v3 + - uses: actions/setup-go@v3 with: go-version: ${{ matrix.go-version }} - name: Go Test @@ -77,12 +77,12 @@ jobs: - getdeps strategy: matrix: - go-version: [ 1.19.x ] + go-version: [ 1.20.x ] os: [ ubuntu-latest ] steps: - - uses: actions/checkout@v2 - - uses: actions/setup-go@v2 + - uses: actions/checkout@v3 + - uses: actions/setup-go@v3 with: go-version: ${{ matrix.go-version }} - name: Logsearch Binary @@ -94,12 +94,12 @@ jobs: - getdeps strategy: matrix: - go-version: [ 1.19.x ] + go-version: [ 1.20.x ] os: [ ubuntu-latest ] steps: - - uses: actions/checkout@v2 - - uses: actions/setup-go@v2 + - uses: actions/checkout@v3 + - uses: actions/setup-go@v3 with: go-version: ${{ matrix.go-version }} - name: Operator Binary @@ -112,12 +112,12 @@ jobs: - operator strategy: matrix: - go-version: [ 1.19.x ] + go-version: [ 1.20.x ] os: [ ubuntu-latest ] steps: - - uses: actions/checkout@v2 - - uses: actions/setup-go@v2 + - uses: actions/checkout@v3 + - uses: actions/setup-go@v3 with: go-version: ${{ matrix.go-version }} - name: Docker Container @@ -136,12 +136,12 @@ jobs: - govet strategy: matrix: - go-version: [ 1.19.x ] + go-version: [ 1.20.x ] os: [ ubuntu-latest ] steps: - - uses: actions/checkout@v2 - - uses: actions/setup-go@v2 + - uses: actions/checkout@v3 + - uses: actions/setup-go@v3 with: go-version: ${{ matrix.go-version }} - name: Prometheus test on Kind @@ -158,12 +158,12 @@ jobs: - govet strategy: matrix: - go-version: [ 1.19.x ] + go-version: [ 1.20.x ] os: [ ubuntu-latest ] steps: - - uses: actions/checkout@v2 - - uses: actions/setup-go@v2 + - uses: actions/checkout@v3 + - uses: actions/setup-go@v3 with: go-version: ${{ matrix.go-version }} - name: Tenant upgrade test on Kind @@ -180,12 +180,12 @@ jobs: - govet strategy: matrix: - go-version: [ 1.19.x ] + go-version: [ 1.20.x ] os: [ ubuntu-latest ] steps: - - uses: actions/checkout@v2 - - uses: actions/setup-go@v2 + - uses: actions/checkout@v3 + - uses: actions/setup-go@v3 with: go-version: ${{ matrix.go-version }} @@ -204,12 +204,12 @@ jobs: - govet strategy: matrix: - go-version: [ 1.19.x ] + go-version: [ 1.20.x ] os: [ ubuntu-latest ] steps: - - uses: actions/checkout@v2 - - uses: actions/setup-go@v2 + - uses: actions/checkout@v3 + - uses: actions/setup-go@v3 with: go-version: ${{ matrix.go-version }} @@ -228,12 +228,12 @@ jobs: - govet strategy: matrix: - go-version: [ 1.19.x ] + go-version: [ 1.20.x ] os: [ ubuntu-latest ] steps: - - uses: actions/checkout@v2 - - uses: actions/setup-go@v2 + - uses: actions/checkout@v3 + - uses: actions/setup-go@v3 with: go-version: ${{ matrix.go-version }} diff --git a/.github/workflows/shellcheck.yaml b/.github/workflows/shellcheck.yaml index 1d36c630100..a0262ff2fe5 100644 --- a/.github/workflows/shellcheck.yaml +++ b/.github/workflows/shellcheck.yaml @@ -11,7 +11,7 @@ jobs: name: Shellcheck runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - uses: actions/setup-go@v3 - name: Run ShellCheck diff --git a/.github/workflows/vulncheck.yml b/.github/workflows/vulncheck.yml index 94bd14a45b1..e81fa320ba3 100644 --- a/.github/workflows/vulncheck.yml +++ b/.github/workflows/vulncheck.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - go-version: [ 1.19 ] + go-version: [ 1.20.x ] steps: - name: Check out code into the Go module directory uses: actions/checkout@v3 diff --git a/.golangci.yml b/.golangci.yml index e26f67e376e..938d86426a2 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -5,7 +5,7 @@ linters-settings: locale: US run: - go: '1.19' + go: '1.20' linters: disable-all: true diff --git a/.goreleaser.yml b/.goreleaser.yml index c835fb25fe5..b1e44504494 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -15,7 +15,7 @@ before: hooks: - make clean - go generate ./... - - go mod tidy -compat=1.19 + - go mod tidy -compat=1.20 - go mod download builds: diff --git a/Makefile b/Makefile index 60115ddaf3e..94999a5f3b0 100644 --- a/Makefile +++ b/Makefile @@ -27,7 +27,7 @@ getdeps: @echo "Checking dependencies" @mkdir -p ${GOPATH}/bin @echo "Installing golangci-lint" && \ - go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.49.0 && \ + go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest && \ echo "Installing govulncheck" && \ go install golang.org/x/vuln/cmd/govulncheck@latest diff --git a/go.mod b/go.mod index 3082d48045a..883bcdba6c7 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/minio/operator -go 1.19 +go 1.20 require ( github.com/blang/semver/v4 v4.0.0 diff --git a/kubectl-minio/go.mod b/kubectl-minio/go.mod index 8a7ffa4f677..c355ac52c27 100644 --- a/kubectl-minio/go.mod +++ b/kubectl-minio/go.mod @@ -1,6 +1,6 @@ module github.com/minio/kubectl-minio -go 1.19 +go 1.20 replace github.com/minio/operator => ../ diff --git a/logsearchapi/go.mod b/logsearchapi/go.mod index a69f5e6cd75..fbd84571b15 100644 --- a/logsearchapi/go.mod +++ b/logsearchapi/go.mod @@ -1,6 +1,6 @@ module github.com/minio/operator/logsearchapi -go 1.19 +go 1.20 require ( github.com/georgysavva/scany v1.2.1 diff --git a/testing/common.sh b/testing/common.sh index e86c8196f95..8b97ae487c2 100644 --- a/testing/common.sh +++ b/testing/common.sh @@ -88,9 +88,6 @@ function install_operator() { value=minio-operator fi - echo "Scaling down MinIO Operator Deployment" - try kubectl -n minio-operator scale deployment minio-operator --replicas=1 - # Reusing the wait for both, Kustomize and Helm echo "Waiting for k8s api" sleep 10 @@ -128,9 +125,6 @@ function install_operator_version() { # Initialize the MinIO Kubernetes Operator kubectl minio init - echo "Scaling down MinIO Operator Deployment" - try kubectl -n minio-operator scale deployment minio-operator --replicas=1 - # Verify installation of the plugin echo "Installed operator release: $(kubectl minio version)" diff --git a/testing/console-tenant+kes.sh b/testing/console-tenant+kes.sh index f46d61749cb..ce97057bcfa 100755 --- a/testing/console-tenant+kes.sh +++ b/testing/console-tenant+kes.sh @@ -109,29 +109,23 @@ function test_kes_tenant() { return 1 fi - COOKIE=$(curl 'http://localhost:9090/api/v1/login/operator' -X POST \ - -H 'Content-Type: application/json' \ - --data-raw '{"jwt":"'$SA_TOKEN'"}' -i | grep "Set-Cookie: token=" | sed -e "s/Set-Cookie: token=//g" | awk -F ';' '{print $1}') - echo "COOKIE: ${COOKIE}" - - echo "Creating Tenant" - CREDENTIALS=$(curl 'http://localhost:9090/api/v1/tenants' \ - -X POST \ - -H 'Content-Type: application/json' \ - -H 'Cookie: token='$COOKIE'' \ - --data-raw '{"name":"kes-tenant","namespace":"default","access_key":"","secret_key":"","access_keys":[],"secret_keys":[],"enable_tls":true,"enable_console":true,"enable_prometheus":true,"service_name":"","image":"","expose_minio":true,"expose_console":true,"pools":[{"name":"pool-0","servers":4,"volumes_per_server":1,"volume_configuration":{"size":26843545600,"storage_class_name":"standard"},"securityContext":null,"affinity":{"podAntiAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":[{"labelSelector":{"matchExpressions":[{"key":"v1.min.io/tenant","operator":"In","values":["kes-tenant"]},{"key":"v1.min.io/pool","operator":"In","values":["pool-0"]}]},"topologyKey":"kubernetes.io/hostname"}]}}}],"erasureCodingParity":2,"logSearchConfiguration":{"image":"minio/operator:dev","postgres_image":"","postgres_init_image":""},"prometheusConfiguration":{"image":"","sidecar_image":"","init_image":""},"tls":{"minio":[],"ca_certificates":[],"console_ca_certificates":[]},"encryption":{"replicas":"1","securityContext":{"runAsUser":"1000","runAsGroup":"1000","fsGroup":"1000","runAsNonRoot":true},"image":"","vault":{"endpoint":"http://vault.default.svc.cluster.local:8200","engine":"","namespace":"","prefix":"my-minio","approle":{"engine":"","id":"'$ROLE_ID'","secret":"'$SECRET_ID'","retry":0},"tls":{},"status":{"ping":0}}},"idp":{"keys":[{"access_key":"console","secret_key":"console123"}]}}') - echo "CREDENTIALS: ${CREDENTIALS}" - - echo "Check Tenant Status in default name space for kes-tenant:" - check_tenant_status default kes-tenant + echo "Creating Tenant" + sed -i -e 's/ROLE_ID/'"$ROLE_ID"'/g' "${SCRIPT_DIR}/kes-config.yaml" + sed -i -e 's/SECRET_ID/'"$SECRET_ID"'/g' "${SCRIPT_DIR}/kes-config.yaml" + cp "${SCRIPT_DIR}/kes-config.yaml" "${SCRIPT_DIR}/../examples/kustomization/tenant-kes-encryption/kes-configuration-secret.yaml" + yq e -i '.spec.kes.image = "minio/kes:v0.22.3"' "${SCRIPT_DIR}/../examples/kustomization/tenant-kes-encryption/tenant.yaml" + kubectl apply -k "${SCRIPT_DIR}/../examples/kustomization/tenant-kes-encryption" - echo "Port Forwarding tenant" - try kubectl port-forward $(kubectl get pods -l v1.min.io/tenant=kes-tenant | grep -v NAME | awk '{print $1}' | head -1) 9000 & + echo "Check Tenant Status in tenant-kms-encrypted name space for storage-kms-encrypted:" + check_tenant_status tenant-kms-encrypted storage-kms-encrypted - TENANT_CONFIG_SECRET=$(kubectl -n default get tenants.minio.min.io kes-tenant -o jsonpath="{.spec.configuration.name}") - USER=$(kubectl -n default get secrets "$TENANT_CONFIG_SECRET" -o go-template='{{index .data "config.env"|base64decode }}' | grep 'export MINIO_ROOT_USER="' | sed -e 's/export MINIO_ROOT_USER="//g' | sed -e 's/"//g') - PASSWORD=$(kubectl -n default get secrets "$TENANT_CONFIG_SECRET" -o go-template='{{index .data "config.env"|base64decode }}' | grep 'export MINIO_ROOT_PASSWORD="' | sed -e 's/export MINIO_ROOT_PASSWORD="//g' | sed -e 's/"//g') + echo "Port Forwarding tenant" + try kubectl port-forward $(kubectl get pods -l v1.min.io/tenant=storage-kms-encrypted -n tenant-kms-encrypted | grep -v NAME | awk '{print $1}' | head -1) 9000 -n tenant-kms-encrypted & + TENANT_CONFIG_SECRET=$(kubectl -n tenant-kms-encrypted get tenants.minio.min.io storage-kms-encrypted -o jsonpath="{.spec.configuration.name}") + # kes-tenant-env-configuration + USER=$(kubectl -n tenant-kms-encrypted get secrets "$TENANT_CONFIG_SECRET" -o go-template='{{index .data "config.env"|base64decode }}' | grep 'export MINIO_ROOT_USER="' | sed -e 's/export MINIO_ROOT_USER="//g' | sed -e 's/"//g') + PASSWORD=$(kubectl -n tenant-kms-encrypted get secrets "$TENANT_CONFIG_SECRET" -o go-template='{{index .data "config.env"|base64decode }}' | grep 'export MINIO_ROOT_PASSWORD="' | sed -e 's/export MINIO_ROOT_PASSWORD="//g' | sed -e 's/"//g') totalwait=0 until (mc config host add kestest https://localhost:9000 $USER $PASSWORD --insecure); do diff --git a/testing/kes-config.yaml b/testing/kes-config.yaml new file mode 100644 index 00000000000..c39a611c36f --- /dev/null +++ b/testing/kes-config.yaml @@ -0,0 +1,59 @@ +apiVersion: v1 +kind: Secret +metadata: + name: kes-configuration +type: Opaque +stringData: + server-config.yaml: |- + version: v1 + address: 0.0.0.0:7373 # The pseudo address 0.0.0.0 refers to all network interfaces + admin: + identity: c84cc9b91ae2399b043da7eca616048d4b4200edf2ff418d8af3835911db945d + tls: + key: /tmp/kes/server.key + cert: /tmp/kes/server.crt + policy: + my-app: + allow: + - /v1/key/create/* + - /v1/key/import/* + - /v1/key/delete/* + - /v1/key/list/* + - /v1/key/generate/* + - /v1/key/decrypt/* + - /v1/policy/describe/* + - /v1/policy/assign/* + - /v1/policy/write/* + - /v1/policy/read/* + - /v1/policy/list/* + - /v1/policy/delete/* + - /v1/identity/describe/* + - /v1/identity/self/describe/* + - /v1/identity/delete/* + - /v1/identity/list/* + - /v1/log/audit/* + - /v1/log/error/* + - /version/* + - /v1/api/* + - /v1/metrics/* + - /v1/status/* + - /v1/status + - /v1/metrics + - /v1/api + - /version + identities: + - ${MINIO_KES_IDENTITY} + cache: + expiry: + any: 5m0s + unused: 20s + log: + error: "on" + audit: "off" + keystore: + vault: + endpoint: http://vault.default.svc.cluster.local:8200 + prefix: my-minio + approle: + id: ROLE_ID + secret: SECRET_ID From 34ec627624fc3419be466cb698889d53e7db060c Mon Sep 17 00:00:00 2001 From: Cesar Celis Hernandez Date: Tue, 28 Feb 2023 15:21:13 -0600 Subject: [PATCH 15/47] Trust openshift signer (#1461) --- pkg/controller/cluster/operator.go | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/pkg/controller/cluster/operator.go b/pkg/controller/cluster/operator.go index 5ea611a49cd..6619a002d62 100644 --- a/pkg/controller/cluster/operator.go +++ b/pkg/controller/cluster/operator.go @@ -185,6 +185,34 @@ func (c *Controller) getTransport() *http.Transport { } } + // These chunk of code is intended for OpenShift ONLY and it will help us trust the signer to solve issue: + // https://github.com/minio/operator/issues/1412 + openShiftCATLSCert, err := c.kubeClientSet.CoreV1().Secrets("openshift-kube-controller-manager-operator").Get( + context.Background(), "csr-signer", metav1.GetOptions{}) + klog.Info("Checking if this is OpenShift Environment to append the certificates...") + if err != nil { + if k8serrors.IsNotFound(err) { + // Do nothing special, because this is maybe k8s vanilla + klog.Info("csr-signer secret wasn't found, very likely this is not OpenShift but k8s Vanilla or other...") + } else { + // Lack of permissions to read the secret + klog.Errorf("csr-signer secret was found but we failed to get openShiftCATLSCert: %#v", err) + } + } else if err == nil && openShiftCATLSCert != nil { + // When secret was obtained with no errors + if val, ok := openShiftCATLSCert.Data["tls.crt"]; ok { + // OpenShift csr-signer secret has tls.crt certificates that we need to append in order + // to trust the signer. If we append the val, Operator will be able to provisioning the + // initial users and get Tenant Health, so tenant can be properly initialized and in + // green status, otherwise if we don't append it, it will get stuck and expose this + // issue in the log: + // Failed to get cluster health: Get "https://minio.tenant-lite.svc.cluster.local/minio/health/cluster": + // x509: certificate signed by unknown authority + klog.Info("Appending OpenShift csr-signer to trust the Signer") + rootCAs.AppendCertsFromPEM(val) + } + } + c.transport = &http.Transport{ Proxy: http.ProxyFromEnvironment, DialContext: (&net.Dialer{ From 73365ca7a3164d2ef79579839de0becbd9eaf70a Mon Sep 17 00:00:00 2001 From: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com> Date: Tue, 28 Feb 2023 13:39:26 -0800 Subject: [PATCH 16/47] Docs on TLS for Operator trusting other CAs (#1473) * Docs on TLS for Operator trusting other CAs Signed-off-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com> * Update docs/operator-tls.md Co-authored-by: Pedro Juarez --------- Signed-off-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com> Co-authored-by: Pedro Juarez --- docs/operator-tls.md | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 docs/operator-tls.md diff --git a/docs/operator-tls.md b/docs/operator-tls.md new file mode 100644 index 00000000000..c6c47b6b552 --- /dev/null +++ b/docs/operator-tls.md @@ -0,0 +1,30 @@ +# Passing custom Certs/CAs to Operator + +To configure MinIO Operator to trust custom certificates, create a secret with the certificate. + +```shell +kubectl create secret generic my-custom-tls -n minio-operator --from-file=path/to/public.crt +``` + +then add the following volume to the `minio-operator` deployment under .spec.template.spec + +```yaml + volumes: + - name: tls-certificates + projected: + defaultMode: 420 + sources: + - secret: + items: + - key: public.crt + path: CAs/custom-public.crt + name: my-custom-tls +``` + +and for the `.spec.temaplte.spec.container[0]` + +```yaml + volumeMounts: + - mountPath: /tmp/certs + name: tls-certificates +``` \ No newline at end of file From 32fbbcf9493c26d07d8995aa66f65888bea0d529 Mon Sep 17 00:00:00 2001 From: Pedro Juarez Date: Tue, 28 Feb 2023 14:17:50 -0800 Subject: [PATCH 17/47] applyconfiguration generated objects (#1470) * aplyconfiguration generated objects --- go.mod | 15 +- go.sum | 38 +- kubectl-minio/go.mod | 10 +- kubectl-minio/go.sum | 36 +- pkg/apis/minio.min.io/v2/types.go | 5 +- .../applyconfiguration/internal/internal.go | 62 +++ .../minio.min.io/v2/auditconfig.go | 39 ++ .../minio.min.io/v2/bucket.go | 57 +++ .../minio.min.io/v2/certificateconfig.go | 61 +++ .../minio.min.io/v2/certificatestatus.go | 48 +++ .../v2/customcertificateconfig.go | 77 ++++ .../minio.min.io/v2/customcertificates.go | 76 ++++ .../minio.min.io/v2/exposeservices.go | 48 +++ .../minio.min.io/v2/features.go | 48 +++ .../minio.min.io/v2/kesconfig.go | 211 ++++++++++ .../v2/localcertificatereference.go | 48 +++ .../minio.min.io/v2/logconfig.go | 175 +++++++++ .../minio.min.io/v2/logdbconfig.go | 175 +++++++++ .../minio.min.io/v2/logging.go | 57 +++ .../minio.min.io/v2/pool.go | 182 +++++++++ .../minio.min.io/v2/poolstatus.go | 61 +++ .../minio.min.io/v2/prometheusconfig.go | 193 +++++++++ .../minio.min.io/v2/s3features.go | 39 ++ .../minio.min.io/v2/servicemetadata.go | 90 +++++ .../minio.min.io/v2/sidecars.go | 67 ++++ .../minio.min.io/v2/tenant.go | 228 +++++++++++ .../minio.min.io/v2/tenantdomains.go | 50 +++ .../minio.min.io/v2/tenantscheduler.go | 39 ++ .../minio.min.io/v2/tenantspec.go | 365 ++++++++++++++++++ .../minio.min.io/v2/tenantstatus.go | 184 +++++++++ .../minio.min.io/v2/tenantusage.go | 80 ++++ .../minio.min.io/v2/tierusage.go | 57 +++ pkg/client/applyconfiguration/utils.go | 87 +++++ pkg/client/clientset/versioned/clientset.go | 3 +- .../typed/minio.min.io/v2/fake/fake_tenant.go | 53 ++- .../versioned/typed/minio.min.io/v2/tenant.go | 61 +++ .../informers/externalversions/factory.go | 79 +++- 37 files changed, 3144 insertions(+), 60 deletions(-) create mode 100644 pkg/client/applyconfiguration/internal/internal.go create mode 100644 pkg/client/applyconfiguration/minio.min.io/v2/auditconfig.go create mode 100644 pkg/client/applyconfiguration/minio.min.io/v2/bucket.go create mode 100644 pkg/client/applyconfiguration/minio.min.io/v2/certificateconfig.go create mode 100644 pkg/client/applyconfiguration/minio.min.io/v2/certificatestatus.go create mode 100644 pkg/client/applyconfiguration/minio.min.io/v2/customcertificateconfig.go create mode 100644 pkg/client/applyconfiguration/minio.min.io/v2/customcertificates.go create mode 100644 pkg/client/applyconfiguration/minio.min.io/v2/exposeservices.go create mode 100644 pkg/client/applyconfiguration/minio.min.io/v2/features.go create mode 100644 pkg/client/applyconfiguration/minio.min.io/v2/kesconfig.go create mode 100644 pkg/client/applyconfiguration/minio.min.io/v2/localcertificatereference.go create mode 100644 pkg/client/applyconfiguration/minio.min.io/v2/logconfig.go create mode 100644 pkg/client/applyconfiguration/minio.min.io/v2/logdbconfig.go create mode 100644 pkg/client/applyconfiguration/minio.min.io/v2/logging.go create mode 100644 pkg/client/applyconfiguration/minio.min.io/v2/pool.go create mode 100644 pkg/client/applyconfiguration/minio.min.io/v2/poolstatus.go create mode 100644 pkg/client/applyconfiguration/minio.min.io/v2/prometheusconfig.go create mode 100644 pkg/client/applyconfiguration/minio.min.io/v2/s3features.go create mode 100644 pkg/client/applyconfiguration/minio.min.io/v2/servicemetadata.go create mode 100644 pkg/client/applyconfiguration/minio.min.io/v2/sidecars.go create mode 100644 pkg/client/applyconfiguration/minio.min.io/v2/tenant.go create mode 100644 pkg/client/applyconfiguration/minio.min.io/v2/tenantdomains.go create mode 100644 pkg/client/applyconfiguration/minio.min.io/v2/tenantscheduler.go create mode 100644 pkg/client/applyconfiguration/minio.min.io/v2/tenantspec.go create mode 100644 pkg/client/applyconfiguration/minio.min.io/v2/tenantstatus.go create mode 100644 pkg/client/applyconfiguration/minio.min.io/v2/tenantusage.go create mode 100644 pkg/client/applyconfiguration/minio.min.io/v2/tierusage.go create mode 100644 pkg/client/applyconfiguration/utils.go diff --git a/go.mod b/go.mod index 883bcdba6c7..989b9333ce2 100644 --- a/go.mod +++ b/go.mod @@ -25,9 +25,10 @@ require ( k8s.io/api v0.25.4 k8s.io/apimachinery v0.25.4 k8s.io/client-go v0.25.4 - k8s.io/code-generator v0.25.4 + k8s.io/code-generator v0.27.0-alpha.2 k8s.io/klog/v2 v2.80.1 k8s.io/kubectl v0.25.4 + sigs.k8s.io/structured-merge-diff/v4 v4.2.3 ) require ( @@ -63,8 +64,8 @@ require ( github.com/gdamore/tcell/v2 v2.5.3 // indirect github.com/go-logr/logr v1.2.3 // indirect github.com/go-ole/go-ole v1.2.6 // indirect - github.com/go-openapi/jsonpointer v0.19.5 // indirect - github.com/go-openapi/jsonreference v0.20.0 // indirect + github.com/go-openapi/jsonpointer v0.19.6 // indirect + github.com/go-openapi/jsonreference v0.20.1 // indirect github.com/go-openapi/swag v0.22.3 // indirect github.com/goccy/go-json v0.9.11 // indirect github.com/gogo/protobuf v1.3.2 // indirect @@ -132,6 +133,7 @@ require ( github.com/rivo/tview v0.0.0-20220916081518-2e69b7385a37 // indirect github.com/rivo/uniseg v0.4.2 // indirect github.com/rjeczalik/notify v0.9.2 // indirect + github.com/rogpeppe/go-internal v1.9.0 // indirect github.com/rs/xid v1.4.0 // indirect github.com/secure-io/sio-go v0.3.1 // indirect github.com/shirou/gopsutil/v3 v3.22.9 // indirect @@ -150,14 +152,14 @@ require ( go.uber.org/atomic v1.10.0 // indirect go.uber.org/multierr v1.8.0 // indirect go.uber.org/zap v1.24.0 // indirect - golang.org/x/mod v0.6.0 // indirect + golang.org/x/mod v0.7.0 // indirect golang.org/x/net v0.7.0 // indirect golang.org/x/oauth2 v0.2.0 // indirect golang.org/x/sync v0.1.0 // indirect golang.org/x/sys v0.5.0 // indirect golang.org/x/term v0.5.0 // indirect golang.org/x/text v0.7.0 // indirect - golang.org/x/tools v0.2.0 // indirect + golang.org/x/tools v0.4.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto v0.0.0-20221018160656-63c7b68cfc55 // indirect google.golang.org/grpc v1.50.1 // indirect @@ -168,10 +170,9 @@ require ( gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/apiextensions-apiserver v0.25.4 // indirect k8s.io/gengo v0.0.0-20220902162205-c0856e24416d // indirect - k8s.io/kube-openapi v0.0.0-20221110221610-a28e98eb7c70 // indirect + k8s.io/kube-openapi v0.0.0-20230123231816-1cb3ae25d79a // indirect k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 // indirect sigs.k8s.io/controller-runtime v0.13.1 // indirect sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect sigs.k8s.io/yaml v1.3.0 // indirect ) diff --git a/go.sum b/go.sum index 019a4071f50..c09113abc0e 100644 --- a/go.sum +++ b/go.sum @@ -326,12 +326,10 @@ github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbV github.com/go-ole/go-ole v1.2.5/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY= github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= -github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= -github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY= -github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= -github.com/go-openapi/jsonreference v0.20.0 h1:MYlu0sBgChmCfJxxUKZ8g1cPWFOB37YSZqewK7OKeyA= -github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXymS4zJbYVCZmcgkasdo= -github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= +github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= +github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= +github.com/go-openapi/jsonreference v0.20.1 h1:FBLnyygC4/IZZr893oiomc9XaghoveYTrLC1F86HID8= +github.com/go-openapi/jsonreference v0.20.1/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= @@ -516,8 +514,9 @@ github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxv github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pretty v0.2.0 h1:s5hAObm+yFO5uHYt5dYjxi2rXrsnmRpJx4OYvIWUaQs= github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= @@ -543,8 +542,6 @@ github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2 github.com/lufia/plan9stats v0.0.0-20220913051719-115f729f3c8c h1:VtwQ41oftZwlMnOEbMWQtSEUgU64U4s+GHk7hZK+jtY= github.com/lufia/plan9stats v0.0.0-20220913051719-115f729f3c8c/go.mod h1:JKx41uQRwqlTZabZc+kILPrO/3jlKnQ2Z8b7YiVw5cE= github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= -github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= @@ -643,8 +640,8 @@ github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLA github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec= github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= -github.com/onsi/ginkgo/v2 v2.1.6 h1:Fx2POJZfKRQcM1pH49qSZiYeu319wji004qX+GDovrU= -github.com/onsi/gomega v1.20.1 h1:PA/3qinGoukvymdIDV8pii6tiZgC8kbmJO6Z5+b002Q= +github.com/onsi/ginkgo/v2 v2.7.0 h1:/XxtEV3I3Eif/HobnVx9YmJgk8ENdRsuUmM+fLCFNow= +github.com/onsi/gomega v1.26.0 h1:03cDLK28U6hWvCAns6NeydX3zIm4SF3ci69ulidS32Q= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0-rc2 h1:2zx/Stx4Wc5pIPDvIxHXvXtQFW/7XWJGmnM7r3wg034= @@ -714,6 +711,8 @@ github.com/rjeczalik/notify v0.9.2 h1:MiTWrPj55mNDHEiIX5YUSKefw/+lCQVoAFmD6oQm5w github.com/rjeczalik/notify v0.9.2/go.mod h1:aErll2f0sUX9PXZnVNyeiObbmTlk5jnMoCa4QEjJeqM= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= +github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/rs/xid v1.4.0 h1:qd7wPTDkN6KQx2VmMBLrpHkiyQwgFXRnkOLacUiaSNY= github.com/rs/xid v1.4.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= @@ -878,8 +877,8 @@ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.6.0 h1:b9gGHsz9/HhJ3HF5DHQytPpuwocVTChQJK3AvoLRD5I= -golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= +golang.org/x/mod v0.7.0 h1:LapD9S96VoQRhi/GrNTqeBJFrUjs5UHCAtTlgwA5oZA= +golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -1152,8 +1151,8 @@ golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.2.0 h1:G6AHpWxTMGY1KyEYoAQ5WTtIekUUvDNjan3ugu60JvE= -golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA= +golang.org/x/tools v0.4.0 h1:7mTAgkunk3fr4GAloyyCasadO6h9zSsQZbwvcaIciV4= +golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1378,6 +1377,7 @@ gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/h2non/filetype.v1 v1.0.5 h1:CC1jjJjoEhNVbMhXYalmGBhOBK2V70Q1N850wt/98/Y= gopkg.in/h2non/filetype.v1 v1.0.5/go.mod h1:M0yem4rwSX5lLVrkEuRRp2/NinFMD5vgJ4DlAhZcfNo= @@ -1418,15 +1418,15 @@ k8s.io/apimachinery v0.25.4 h1:CtXsuaitMESSu339tfhVXhQrPET+EiWnIY1rcurKnAc= k8s.io/apimachinery v0.25.4/go.mod h1:jaF9C/iPNM1FuLl7Zuy5b9v+n35HGSh6AQ4HYRkCqwo= k8s.io/client-go v0.25.4 h1:3RNRDffAkNU56M/a7gUfXaEzdhZlYhoW8dgViGy5fn8= k8s.io/client-go v0.25.4/go.mod h1:8trHCAC83XKY0wsBIpbirZU4NTUpbuhc2JnI7OruGZw= -k8s.io/code-generator v0.25.4 h1:tjQ7/+9eN7UOiU2DP+0v4ntTI4JZLi2c1N0WllpFhTc= -k8s.io/code-generator v0.25.4/go.mod h1:9F5fuVZOMWRme7MYj2YT3L9ropPWPokd9VRhVyD3+0w= +k8s.io/code-generator v0.27.0-alpha.2 h1:PqcXW1ysqxmtOd0Cbg3GehGKtOzIbK2RknKm1zD5pDw= +k8s.io/code-generator v0.27.0-alpha.2/go.mod h1:LvnFZav6jeXpNjGI5UdUhZWi//ylS1kj2X7o0DI6/BA= k8s.io/gengo v0.0.0-20220902162205-c0856e24416d h1:U9tB195lKdzwqicbJvyJeOXV7Klv+wNAWENRnXEGi08= k8s.io/gengo v0.0.0-20220902162205-c0856e24416d/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4= k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kube-openapi v0.0.0-20221110221610-a28e98eb7c70 h1:zfqQc1V6/ZgGpvrOVvr62OjiqQX4lZjfznK34NQwkqw= -k8s.io/kube-openapi v0.0.0-20221110221610-a28e98eb7c70/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4= +k8s.io/kube-openapi v0.0.0-20230123231816-1cb3ae25d79a h1:s6zvHjyDQX1NtVT88pvw2tddqhqY0Bz0Gbnn+yctsFU= +k8s.io/kube-openapi v0.0.0-20230123231816-1cb3ae25d79a/go.mod h1:/BYxry62FuDzmI+i9B+X2pqfySRmSOW2ARmj5Zbqhj0= k8s.io/kubectl v0.25.4 h1:O3OA1z4V1ZyvxCvScjq0pxAP7ABgznr8UvnVObgI6Dc= k8s.io/kubectl v0.25.4/go.mod h1:CKMrQ67Bn2YCP26tZStPQGq62zr9pvzEf65A0navm8k= k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 h1:KTgPnR10d5zhztWptI952TNtt/4u5h3IzDXkdIMuo2Y= diff --git a/kubectl-minio/go.mod b/kubectl-minio/go.mod index c355ac52c27..dc8bc3205e1 100644 --- a/kubectl-minio/go.mod +++ b/kubectl-minio/go.mod @@ -31,8 +31,8 @@ require ( github.com/go-errors/errors v1.4.2 // indirect github.com/go-logr/logr v1.2.3 // indirect github.com/go-ole/go-ole v1.2.6 // indirect - github.com/go-openapi/jsonpointer v0.19.5 // indirect - github.com/go-openapi/jsonreference v0.20.0 // indirect + github.com/go-openapi/jsonpointer v0.19.6 // indirect + github.com/go-openapi/jsonreference v0.20.1 // indirect github.com/go-openapi/swag v0.22.3 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt v3.2.2+incompatible // indirect @@ -84,7 +84,7 @@ require ( github.com/yusufpapurcu/wmi v1.2.2 // indirect go.starlark.net v0.0.0-20220817180228-f738f5508c12 // indirect golang.org/x/crypto v0.5.0 // indirect - golang.org/x/mod v0.6.0 // indirect + golang.org/x/mod v0.7.0 // indirect golang.org/x/net v0.7.0 // indirect golang.org/x/oauth2 v0.2.0 // indirect golang.org/x/sync v0.1.0 // indirect @@ -92,14 +92,14 @@ require ( golang.org/x/term v0.5.0 // indirect golang.org/x/text v0.7.0 // indirect golang.org/x/time v0.3.0 // indirect - golang.org/x/tools v0.2.0 // indirect + golang.org/x/tools v0.4.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/protobuf v1.28.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/kube-openapi v0.0.0-20221110221610-a28e98eb7c70 // indirect + k8s.io/kube-openapi v0.0.0-20230123231816-1cb3ae25d79a // indirect k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 // indirect sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect diff --git a/kubectl-minio/go.sum b/kubectl-minio/go.sum index 94184029fc2..f4bb9c6c392 100644 --- a/kubectl-minio/go.sum +++ b/kubectl-minio/go.sum @@ -20,6 +20,7 @@ github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGX github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -47,12 +48,10 @@ github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY= github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= -github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= -github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY= -github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= -github.com/go-openapi/jsonreference v0.20.0 h1:MYlu0sBgChmCfJxxUKZ8g1cPWFOB37YSZqewK7OKeyA= -github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXymS4zJbYVCZmcgkasdo= -github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= +github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= +github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= +github.com/go-openapi/jsonreference v0.20.1 h1:FBLnyygC4/IZZr893oiomc9XaghoveYTrLC1F86HID8= +github.com/go-openapi/jsonreference v0.20.1/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= @@ -117,19 +116,18 @@ github.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa02 github.com/klauspost/cpuid/v2 v2.0.4/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/klauspost/cpuid/v2 v2.2.1 h1:U33DW0aiEj633gHYw3LoDNfkDiYnE5Q8M/TKJn2f2jI= github.com/klauspost/cpuid/v2 v2.2.1/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= -github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pretty v0.2.0 h1:s5hAObm+yFO5uHYt5dYjxi2rXrsnmRpJx4OYvIWUaQs= github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI= +github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I= github.com/lufia/plan9stats v0.0.0-20220913051719-115f729f3c8c h1:VtwQ41oftZwlMnOEbMWQtSEUgU64U4s+GHk7hZK+jtY= github.com/lufia/plan9stats v0.0.0-20220913051719-115f729f3c8c/go.mod h1:JKx41uQRwqlTZabZc+kILPrO/3jlKnQ2Z8b7YiVw5cE= -github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/manifoldco/promptui v0.9.0 h1:3V4HzJk1TtXW1MTZMP7mdlwbBpIinw3HztaIlYthEiA= @@ -204,14 +202,16 @@ github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.4.0 h1:M2gUjqZET1qApGOWNSnZ49BAIMX4F/1plDv3+l31EJ4= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/tinylib/msgp v1.1.7-0.20211026165309-e818a1881b0e h1:P5tyWbssToKowBPTA1/EzqPXwrZNc8ZeNPdjgpcDEoI= github.com/tinylib/msgp v1.1.7-0.20211026165309-e818a1881b0e/go.mod h1:g7jEyb18KPe65d9RRhGw+ThaJr5duyBH8eaFgBUor7Y= github.com/tklauser/go-sysconf v0.3.10/go.mod h1:C8XykCvCb+Gn0oNCWPIlcb0RuglQTYaQ2hGm7jmxEFk= @@ -246,8 +246,8 @@ golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHl golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.6.0 h1:b9gGHsz9/HhJ3HF5DHQytPpuwocVTChQJK3AvoLRD5I= -golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= +golang.org/x/mod v0.7.0 h1:LapD9S96VoQRhi/GrNTqeBJFrUjs5UHCAtTlgwA5oZA= +golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -324,8 +324,8 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20201022035929-9cf592e881e9/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.2.0 h1:G6AHpWxTMGY1KyEYoAQ5WTtIekUUvDNjan3ugu60JvE= -golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA= +golang.org/x/tools v0.4.0 h1:7mTAgkunk3fr4GAloyyCasadO6h9zSsQZbwvcaIciV4= +golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -361,9 +361,9 @@ google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA= @@ -392,8 +392,8 @@ k8s.io/client-go v0.26.0 h1:lT1D3OfO+wIi9UFolCrifbjUUgu7CpLca0AD8ghRLI8= k8s.io/client-go v0.26.0/go.mod h1:I2Sh57A79EQsDmn7F7ASpmru1cceh3ocVT9KlX2jEZg= k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4= k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kube-openapi v0.0.0-20221110221610-a28e98eb7c70 h1:zfqQc1V6/ZgGpvrOVvr62OjiqQX4lZjfznK34NQwkqw= -k8s.io/kube-openapi v0.0.0-20221110221610-a28e98eb7c70/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4= +k8s.io/kube-openapi v0.0.0-20230123231816-1cb3ae25d79a h1:s6zvHjyDQX1NtVT88pvw2tddqhqY0Bz0Gbnn+yctsFU= +k8s.io/kube-openapi v0.0.0-20230123231816-1cb3ae25d79a/go.mod h1:/BYxry62FuDzmI+i9B+X2pqfySRmSOW2ARmj5Zbqhj0= k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 h1:KTgPnR10d5zhztWptI952TNtt/4u5h3IzDXkdIMuo2Y= k8s.io/utils v0.0.0-20221128185143-99ec85e7a448/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k= diff --git a/pkg/apis/minio.min.io/v2/types.go b/pkg/apis/minio.min.io/v2/types.go index 7f7b3ab7764..e2d08091c1e 100644 --- a/pkg/apis/minio.min.io/v2/types.go +++ b/pkg/apis/minio.min.io/v2/types.go @@ -20,16 +20,17 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) +// Tenant is a https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/[Kubernetes object] describing a MinIO Tenant. + // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:defaulter-gen=true +// +kubebuilder:object:root=true +// +kubebuilder:object:generate=true // +kubebuilder:subresource:status // +kubebuilder:resource:scope=Namespaced,shortName=tenant,singular=tenant // +kubebuilder:printcolumn:name="State",type="string",JSONPath=".status.currentState" // +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" // +kubebuilder:storageversion - -// Tenant is a https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/[Kubernetes object] describing a MinIO Tenant. + type Tenant struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` diff --git a/pkg/client/applyconfiguration/internal/internal.go b/pkg/client/applyconfiguration/internal/internal.go new file mode 100644 index 00000000000..f8947621d09 --- /dev/null +++ b/pkg/client/applyconfiguration/internal/internal.go @@ -0,0 +1,62 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package internal + +import ( + "fmt" + "sync" + + typed "sigs.k8s.io/structured-merge-diff/v4/typed" +) + +func Parser() *typed.Parser { + parserOnce.Do(func() { + var err error + parser, err = typed.NewParser(schemaYAML) + if err != nil { + panic(fmt.Sprintf("Failed to parse schema: %v", err)) + } + }) + return parser +} + +var parserOnce sync.Once +var parser *typed.Parser +var schemaYAML = typed.YAMLObject(`types: +- name: __untyped_atomic_ + scalar: untyped + list: + elementType: + namedType: __untyped_atomic_ + elementRelationship: atomic + map: + elementType: + namedType: __untyped_atomic_ + elementRelationship: atomic +- name: __untyped_deduced_ + scalar: untyped + list: + elementType: + namedType: __untyped_atomic_ + elementRelationship: atomic + map: + elementType: + namedType: __untyped_deduced_ + elementRelationship: separable +`) diff --git a/pkg/client/applyconfiguration/minio.min.io/v2/auditconfig.go b/pkg/client/applyconfiguration/minio.min.io/v2/auditconfig.go new file mode 100644 index 00000000000..afe9ac04d50 --- /dev/null +++ b/pkg/client/applyconfiguration/minio.min.io/v2/auditconfig.go @@ -0,0 +1,39 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v2 + +// AuditConfigApplyConfiguration represents an declarative configuration of the AuditConfig type for use +// with apply. +type AuditConfigApplyConfiguration struct { + DiskCapacityGB *int `json:"diskCapacityGB,omitempty"` +} + +// AuditConfigApplyConfiguration constructs an declarative configuration of the AuditConfig type for use with +// apply. +func AuditConfig() *AuditConfigApplyConfiguration { + return &AuditConfigApplyConfiguration{} +} + +// WithDiskCapacityGB sets the DiskCapacityGB field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DiskCapacityGB field is set to the value of the last call. +func (b *AuditConfigApplyConfiguration) WithDiskCapacityGB(value int) *AuditConfigApplyConfiguration { + b.DiskCapacityGB = &value + return b +} diff --git a/pkg/client/applyconfiguration/minio.min.io/v2/bucket.go b/pkg/client/applyconfiguration/minio.min.io/v2/bucket.go new file mode 100644 index 00000000000..cec561d23bb --- /dev/null +++ b/pkg/client/applyconfiguration/minio.min.io/v2/bucket.go @@ -0,0 +1,57 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v2 + +// BucketApplyConfiguration represents an declarative configuration of the Bucket type for use +// with apply. +type BucketApplyConfiguration struct { + Name *string `json:"name,omitempty"` + Region *string `json:"region,omitempty"` + ObjectLocking *bool `json:"objectLock,omitempty"` +} + +// BucketApplyConfiguration constructs an declarative configuration of the Bucket type for use with +// apply. +func Bucket() *BucketApplyConfiguration { + return &BucketApplyConfiguration{} +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *BucketApplyConfiguration) WithName(value string) *BucketApplyConfiguration { + b.Name = &value + return b +} + +// WithRegion sets the Region field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Region field is set to the value of the last call. +func (b *BucketApplyConfiguration) WithRegion(value string) *BucketApplyConfiguration { + b.Region = &value + return b +} + +// WithObjectLocking sets the ObjectLocking field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ObjectLocking field is set to the value of the last call. +func (b *BucketApplyConfiguration) WithObjectLocking(value bool) *BucketApplyConfiguration { + b.ObjectLocking = &value + return b +} diff --git a/pkg/client/applyconfiguration/minio.min.io/v2/certificateconfig.go b/pkg/client/applyconfiguration/minio.min.io/v2/certificateconfig.go new file mode 100644 index 00000000000..dfe17b043bb --- /dev/null +++ b/pkg/client/applyconfiguration/minio.min.io/v2/certificateconfig.go @@ -0,0 +1,61 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v2 + +// CertificateConfigApplyConfiguration represents an declarative configuration of the CertificateConfig type for use +// with apply. +type CertificateConfigApplyConfiguration struct { + CommonName *string `json:"commonName,omitempty"` + OrganizationName []string `json:"organizationName,omitempty"` + DNSNames []string `json:"dnsNames,omitempty"` +} + +// CertificateConfigApplyConfiguration constructs an declarative configuration of the CertificateConfig type for use with +// apply. +func CertificateConfig() *CertificateConfigApplyConfiguration { + return &CertificateConfigApplyConfiguration{} +} + +// WithCommonName sets the CommonName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CommonName field is set to the value of the last call. +func (b *CertificateConfigApplyConfiguration) WithCommonName(value string) *CertificateConfigApplyConfiguration { + b.CommonName = &value + return b +} + +// WithOrganizationName adds the given value to the OrganizationName field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the OrganizationName field. +func (b *CertificateConfigApplyConfiguration) WithOrganizationName(values ...string) *CertificateConfigApplyConfiguration { + for i := range values { + b.OrganizationName = append(b.OrganizationName, values[i]) + } + return b +} + +// WithDNSNames adds the given value to the DNSNames field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the DNSNames field. +func (b *CertificateConfigApplyConfiguration) WithDNSNames(values ...string) *CertificateConfigApplyConfiguration { + for i := range values { + b.DNSNames = append(b.DNSNames, values[i]) + } + return b +} diff --git a/pkg/client/applyconfiguration/minio.min.io/v2/certificatestatus.go b/pkg/client/applyconfiguration/minio.min.io/v2/certificatestatus.go new file mode 100644 index 00000000000..e79c887ec57 --- /dev/null +++ b/pkg/client/applyconfiguration/minio.min.io/v2/certificatestatus.go @@ -0,0 +1,48 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v2 + +// CertificateStatusApplyConfiguration represents an declarative configuration of the CertificateStatus type for use +// with apply. +type CertificateStatusApplyConfiguration struct { + AutoCertEnabled *bool `json:"autoCertEnabled,omitempty"` + CustomCertificates *CustomCertificatesApplyConfiguration `json:"customCertificates,omitempty"` +} + +// CertificateStatusApplyConfiguration constructs an declarative configuration of the CertificateStatus type for use with +// apply. +func CertificateStatus() *CertificateStatusApplyConfiguration { + return &CertificateStatusApplyConfiguration{} +} + +// WithAutoCertEnabled sets the AutoCertEnabled field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the AutoCertEnabled field is set to the value of the last call. +func (b *CertificateStatusApplyConfiguration) WithAutoCertEnabled(value bool) *CertificateStatusApplyConfiguration { + b.AutoCertEnabled = &value + return b +} + +// WithCustomCertificates sets the CustomCertificates field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CustomCertificates field is set to the value of the last call. +func (b *CertificateStatusApplyConfiguration) WithCustomCertificates(value *CustomCertificatesApplyConfiguration) *CertificateStatusApplyConfiguration { + b.CustomCertificates = value + return b +} diff --git a/pkg/client/applyconfiguration/minio.min.io/v2/customcertificateconfig.go b/pkg/client/applyconfiguration/minio.min.io/v2/customcertificateconfig.go new file mode 100644 index 00000000000..0e94e32b5aa --- /dev/null +++ b/pkg/client/applyconfiguration/minio.min.io/v2/customcertificateconfig.go @@ -0,0 +1,77 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v2 + +// CustomCertificateConfigApplyConfiguration represents an declarative configuration of the CustomCertificateConfig type for use +// with apply. +type CustomCertificateConfigApplyConfiguration struct { + CertName *string `json:"certName,omitempty"` + Domains []string `json:"domains,omitempty"` + Expiry *string `json:"expiry,omitempty"` + ExpiresIn *string `json:"expiresIn,omitempty"` + SerialNo *string `json:"serialNo,omitempty"` +} + +// CustomCertificateConfigApplyConfiguration constructs an declarative configuration of the CustomCertificateConfig type for use with +// apply. +func CustomCertificateConfig() *CustomCertificateConfigApplyConfiguration { + return &CustomCertificateConfigApplyConfiguration{} +} + +// WithCertName sets the CertName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CertName field is set to the value of the last call. +func (b *CustomCertificateConfigApplyConfiguration) WithCertName(value string) *CustomCertificateConfigApplyConfiguration { + b.CertName = &value + return b +} + +// WithDomains adds the given value to the Domains field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Domains field. +func (b *CustomCertificateConfigApplyConfiguration) WithDomains(values ...string) *CustomCertificateConfigApplyConfiguration { + for i := range values { + b.Domains = append(b.Domains, values[i]) + } + return b +} + +// WithExpiry sets the Expiry field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Expiry field is set to the value of the last call. +func (b *CustomCertificateConfigApplyConfiguration) WithExpiry(value string) *CustomCertificateConfigApplyConfiguration { + b.Expiry = &value + return b +} + +// WithExpiresIn sets the ExpiresIn field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ExpiresIn field is set to the value of the last call. +func (b *CustomCertificateConfigApplyConfiguration) WithExpiresIn(value string) *CustomCertificateConfigApplyConfiguration { + b.ExpiresIn = &value + return b +} + +// WithSerialNo sets the SerialNo field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SerialNo field is set to the value of the last call. +func (b *CustomCertificateConfigApplyConfiguration) WithSerialNo(value string) *CustomCertificateConfigApplyConfiguration { + b.SerialNo = &value + return b +} diff --git a/pkg/client/applyconfiguration/minio.min.io/v2/customcertificates.go b/pkg/client/applyconfiguration/minio.min.io/v2/customcertificates.go new file mode 100644 index 00000000000..90158e022c7 --- /dev/null +++ b/pkg/client/applyconfiguration/minio.min.io/v2/customcertificates.go @@ -0,0 +1,76 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v2 + +import ( + v2 "github.com/minio/operator/pkg/apis/minio.min.io/v2" +) + +// CustomCertificatesApplyConfiguration represents an declarative configuration of the CustomCertificates type for use +// with apply. +type CustomCertificatesApplyConfiguration struct { + Client []*v2.CustomCertificateConfig `json:"client,omitempty"` + Minio []*v2.CustomCertificateConfig `json:"minio,omitempty"` + MinioCAs []*v2.CustomCertificateConfig `json:"minioCAs,omitempty"` +} + +// CustomCertificatesApplyConfiguration constructs an declarative configuration of the CustomCertificates type for use with +// apply. +func CustomCertificates() *CustomCertificatesApplyConfiguration { + return &CustomCertificatesApplyConfiguration{} +} + +// WithClient adds the given value to the Client field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Client field. +func (b *CustomCertificatesApplyConfiguration) WithClient(values ...**v2.CustomCertificateConfig) *CustomCertificatesApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithClient") + } + b.Client = append(b.Client, *values[i]) + } + return b +} + +// WithMinio adds the given value to the Minio field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Minio field. +func (b *CustomCertificatesApplyConfiguration) WithMinio(values ...**v2.CustomCertificateConfig) *CustomCertificatesApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithMinio") + } + b.Minio = append(b.Minio, *values[i]) + } + return b +} + +// WithMinioCAs adds the given value to the MinioCAs field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the MinioCAs field. +func (b *CustomCertificatesApplyConfiguration) WithMinioCAs(values ...**v2.CustomCertificateConfig) *CustomCertificatesApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithMinioCAs") + } + b.MinioCAs = append(b.MinioCAs, *values[i]) + } + return b +} diff --git a/pkg/client/applyconfiguration/minio.min.io/v2/exposeservices.go b/pkg/client/applyconfiguration/minio.min.io/v2/exposeservices.go new file mode 100644 index 00000000000..4e4005e13f4 --- /dev/null +++ b/pkg/client/applyconfiguration/minio.min.io/v2/exposeservices.go @@ -0,0 +1,48 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v2 + +// ExposeServicesApplyConfiguration represents an declarative configuration of the ExposeServices type for use +// with apply. +type ExposeServicesApplyConfiguration struct { + MinIO *bool `json:"minio,omitempty"` + Console *bool `json:"console,omitempty"` +} + +// ExposeServicesApplyConfiguration constructs an declarative configuration of the ExposeServices type for use with +// apply. +func ExposeServices() *ExposeServicesApplyConfiguration { + return &ExposeServicesApplyConfiguration{} +} + +// WithMinIO sets the MinIO field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the MinIO field is set to the value of the last call. +func (b *ExposeServicesApplyConfiguration) WithMinIO(value bool) *ExposeServicesApplyConfiguration { + b.MinIO = &value + return b +} + +// WithConsole sets the Console field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Console field is set to the value of the last call. +func (b *ExposeServicesApplyConfiguration) WithConsole(value bool) *ExposeServicesApplyConfiguration { + b.Console = &value + return b +} diff --git a/pkg/client/applyconfiguration/minio.min.io/v2/features.go b/pkg/client/applyconfiguration/minio.min.io/v2/features.go new file mode 100644 index 00000000000..23caee16c14 --- /dev/null +++ b/pkg/client/applyconfiguration/minio.min.io/v2/features.go @@ -0,0 +1,48 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v2 + +// FeaturesApplyConfiguration represents an declarative configuration of the Features type for use +// with apply. +type FeaturesApplyConfiguration struct { + BucketDNS *bool `json:"bucketDNS,omitempty"` + Domains *TenantDomainsApplyConfiguration `json:"domains,omitempty"` +} + +// FeaturesApplyConfiguration constructs an declarative configuration of the Features type for use with +// apply. +func Features() *FeaturesApplyConfiguration { + return &FeaturesApplyConfiguration{} +} + +// WithBucketDNS sets the BucketDNS field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the BucketDNS field is set to the value of the last call. +func (b *FeaturesApplyConfiguration) WithBucketDNS(value bool) *FeaturesApplyConfiguration { + b.BucketDNS = &value + return b +} + +// WithDomains sets the Domains field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Domains field is set to the value of the last call. +func (b *FeaturesApplyConfiguration) WithDomains(value *TenantDomainsApplyConfiguration) *FeaturesApplyConfiguration { + b.Domains = value + return b +} diff --git a/pkg/client/applyconfiguration/minio.min.io/v2/kesconfig.go b/pkg/client/applyconfiguration/minio.min.io/v2/kesconfig.go new file mode 100644 index 00000000000..7e23a82771d --- /dev/null +++ b/pkg/client/applyconfiguration/minio.min.io/v2/kesconfig.go @@ -0,0 +1,211 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v2 + +import ( + v1 "k8s.io/api/core/v1" +) + +// KESConfigApplyConfiguration represents an declarative configuration of the KESConfig type for use +// with apply. +type KESConfigApplyConfiguration struct { + Replicas *int32 `json:"replicas,omitempty"` + Image *string `json:"image,omitempty"` + ImagePullPolicy *v1.PullPolicy `json:"imagePullPolicy,omitempty"` + ServiceAccountName *string `json:"serviceAccountName,omitempty"` + Configuration *v1.LocalObjectReference `json:"kesSecret,omitempty"` + ExternalCertSecret *LocalCertificateReferenceApplyConfiguration `json:"externalCertSecret,omitempty"` + ClientCertSecret *LocalCertificateReferenceApplyConfiguration `json:"clientCertSecret,omitempty"` + Annotations map[string]string `json:"annotations,omitempty"` + Labels map[string]string `json:"labels,omitempty"` + Resources *v1.ResourceRequirements `json:"resources,omitempty"` + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + Tolerations []v1.Toleration `json:"tolerations,omitempty"` + Affinity *v1.Affinity `json:"affinity,omitempty"` + TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` + KeyName *string `json:"keyName,omitempty"` + SecurityContext *v1.PodSecurityContext `json:"securityContext,omitempty"` + Env []v1.EnvVar `json:"env,omitempty"` +} + +// KESConfigApplyConfiguration constructs an declarative configuration of the KESConfig type for use with +// apply. +func KESConfig() *KESConfigApplyConfiguration { + return &KESConfigApplyConfiguration{} +} + +// WithReplicas sets the Replicas field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Replicas field is set to the value of the last call. +func (b *KESConfigApplyConfiguration) WithReplicas(value int32) *KESConfigApplyConfiguration { + b.Replicas = &value + return b +} + +// WithImage sets the Image field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Image field is set to the value of the last call. +func (b *KESConfigApplyConfiguration) WithImage(value string) *KESConfigApplyConfiguration { + b.Image = &value + return b +} + +// WithImagePullPolicy sets the ImagePullPolicy field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ImagePullPolicy field is set to the value of the last call. +func (b *KESConfigApplyConfiguration) WithImagePullPolicy(value v1.PullPolicy) *KESConfigApplyConfiguration { + b.ImagePullPolicy = &value + return b +} + +// WithServiceAccountName sets the ServiceAccountName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ServiceAccountName field is set to the value of the last call. +func (b *KESConfigApplyConfiguration) WithServiceAccountName(value string) *KESConfigApplyConfiguration { + b.ServiceAccountName = &value + return b +} + +// WithConfiguration sets the Configuration field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Configuration field is set to the value of the last call. +func (b *KESConfigApplyConfiguration) WithConfiguration(value v1.LocalObjectReference) *KESConfigApplyConfiguration { + b.Configuration = &value + return b +} + +// WithExternalCertSecret sets the ExternalCertSecret field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ExternalCertSecret field is set to the value of the last call. +func (b *KESConfigApplyConfiguration) WithExternalCertSecret(value *LocalCertificateReferenceApplyConfiguration) *KESConfigApplyConfiguration { + b.ExternalCertSecret = value + return b +} + +// WithClientCertSecret sets the ClientCertSecret field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ClientCertSecret field is set to the value of the last call. +func (b *KESConfigApplyConfiguration) WithClientCertSecret(value *LocalCertificateReferenceApplyConfiguration) *KESConfigApplyConfiguration { + b.ClientCertSecret = value + return b +} + +// WithAnnotations puts the entries into the Annotations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Annotations field, +// overwriting an existing map entries in Annotations field with the same key. +func (b *KESConfigApplyConfiguration) WithAnnotations(entries map[string]string) *KESConfigApplyConfiguration { + if b.Annotations == nil && len(entries) > 0 { + b.Annotations = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.Annotations[k] = v + } + return b +} + +// WithLabels puts the entries into the Labels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Labels field, +// overwriting an existing map entries in Labels field with the same key. +func (b *KESConfigApplyConfiguration) WithLabels(entries map[string]string) *KESConfigApplyConfiguration { + if b.Labels == nil && len(entries) > 0 { + b.Labels = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.Labels[k] = v + } + return b +} + +// WithResources sets the Resources field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Resources field is set to the value of the last call. +func (b *KESConfigApplyConfiguration) WithResources(value v1.ResourceRequirements) *KESConfigApplyConfiguration { + b.Resources = &value + return b +} + +// WithNodeSelector puts the entries into the NodeSelector field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the NodeSelector field, +// overwriting an existing map entries in NodeSelector field with the same key. +func (b *KESConfigApplyConfiguration) WithNodeSelector(entries map[string]string) *KESConfigApplyConfiguration { + if b.NodeSelector == nil && len(entries) > 0 { + b.NodeSelector = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.NodeSelector[k] = v + } + return b +} + +// WithTolerations adds the given value to the Tolerations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Tolerations field. +func (b *KESConfigApplyConfiguration) WithTolerations(values ...v1.Toleration) *KESConfigApplyConfiguration { + for i := range values { + b.Tolerations = append(b.Tolerations, values[i]) + } + return b +} + +// WithAffinity sets the Affinity field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Affinity field is set to the value of the last call. +func (b *KESConfigApplyConfiguration) WithAffinity(value v1.Affinity) *KESConfigApplyConfiguration { + b.Affinity = &value + return b +} + +// WithTopologySpreadConstraints adds the given value to the TopologySpreadConstraints field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the TopologySpreadConstraints field. +func (b *KESConfigApplyConfiguration) WithTopologySpreadConstraints(values ...v1.TopologySpreadConstraint) *KESConfigApplyConfiguration { + for i := range values { + b.TopologySpreadConstraints = append(b.TopologySpreadConstraints, values[i]) + } + return b +} + +// WithKeyName sets the KeyName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the KeyName field is set to the value of the last call. +func (b *KESConfigApplyConfiguration) WithKeyName(value string) *KESConfigApplyConfiguration { + b.KeyName = &value + return b +} + +// WithSecurityContext sets the SecurityContext field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SecurityContext field is set to the value of the last call. +func (b *KESConfigApplyConfiguration) WithSecurityContext(value v1.PodSecurityContext) *KESConfigApplyConfiguration { + b.SecurityContext = &value + return b +} + +// WithEnv adds the given value to the Env field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Env field. +func (b *KESConfigApplyConfiguration) WithEnv(values ...v1.EnvVar) *KESConfigApplyConfiguration { + for i := range values { + b.Env = append(b.Env, values[i]) + } + return b +} diff --git a/pkg/client/applyconfiguration/minio.min.io/v2/localcertificatereference.go b/pkg/client/applyconfiguration/minio.min.io/v2/localcertificatereference.go new file mode 100644 index 00000000000..f2a9378f67e --- /dev/null +++ b/pkg/client/applyconfiguration/minio.min.io/v2/localcertificatereference.go @@ -0,0 +1,48 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v2 + +// LocalCertificateReferenceApplyConfiguration represents an declarative configuration of the LocalCertificateReference type for use +// with apply. +type LocalCertificateReferenceApplyConfiguration struct { + Name *string `json:"name,omitempty"` + Type *string `json:"type,omitempty"` +} + +// LocalCertificateReferenceApplyConfiguration constructs an declarative configuration of the LocalCertificateReference type for use with +// apply. +func LocalCertificateReference() *LocalCertificateReferenceApplyConfiguration { + return &LocalCertificateReferenceApplyConfiguration{} +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *LocalCertificateReferenceApplyConfiguration) WithName(value string) *LocalCertificateReferenceApplyConfiguration { + b.Name = &value + return b +} + +// WithType sets the Type field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Type field is set to the value of the last call. +func (b *LocalCertificateReferenceApplyConfiguration) WithType(value string) *LocalCertificateReferenceApplyConfiguration { + b.Type = &value + return b +} diff --git a/pkg/client/applyconfiguration/minio.min.io/v2/logconfig.go b/pkg/client/applyconfiguration/minio.min.io/v2/logconfig.go new file mode 100644 index 00000000000..2023c2cf100 --- /dev/null +++ b/pkg/client/applyconfiguration/minio.min.io/v2/logconfig.go @@ -0,0 +1,175 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v2 + +import ( + v1 "k8s.io/api/core/v1" +) + +// LogConfigApplyConfiguration represents an declarative configuration of the LogConfig type for use +// with apply. +type LogConfigApplyConfiguration struct { + Image *string `json:"image,omitempty"` + Resources *v1.ResourceRequirements `json:"resources,omitempty"` + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + Affinity *v1.Affinity `json:"affinity,omitempty"` + Tolerations []v1.Toleration `json:"tolerations,omitempty"` + TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` + Annotations map[string]string `json:"annotations,omitempty"` + Labels map[string]string `json:"labels,omitempty"` + Db *LogDbConfigApplyConfiguration `json:"db,omitempty"` + Audit *AuditConfigApplyConfiguration `json:"audit,omitempty"` + SecurityContext *v1.PodSecurityContext `json:"securityContext,omitempty"` + ServiceAccountName *string `json:"serviceAccountName,omitempty"` + Env []v1.EnvVar `json:"env,omitempty"` +} + +// LogConfigApplyConfiguration constructs an declarative configuration of the LogConfig type for use with +// apply. +func LogConfig() *LogConfigApplyConfiguration { + return &LogConfigApplyConfiguration{} +} + +// WithImage sets the Image field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Image field is set to the value of the last call. +func (b *LogConfigApplyConfiguration) WithImage(value string) *LogConfigApplyConfiguration { + b.Image = &value + return b +} + +// WithResources sets the Resources field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Resources field is set to the value of the last call. +func (b *LogConfigApplyConfiguration) WithResources(value v1.ResourceRequirements) *LogConfigApplyConfiguration { + b.Resources = &value + return b +} + +// WithNodeSelector puts the entries into the NodeSelector field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the NodeSelector field, +// overwriting an existing map entries in NodeSelector field with the same key. +func (b *LogConfigApplyConfiguration) WithNodeSelector(entries map[string]string) *LogConfigApplyConfiguration { + if b.NodeSelector == nil && len(entries) > 0 { + b.NodeSelector = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.NodeSelector[k] = v + } + return b +} + +// WithAffinity sets the Affinity field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Affinity field is set to the value of the last call. +func (b *LogConfigApplyConfiguration) WithAffinity(value v1.Affinity) *LogConfigApplyConfiguration { + b.Affinity = &value + return b +} + +// WithTolerations adds the given value to the Tolerations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Tolerations field. +func (b *LogConfigApplyConfiguration) WithTolerations(values ...v1.Toleration) *LogConfigApplyConfiguration { + for i := range values { + b.Tolerations = append(b.Tolerations, values[i]) + } + return b +} + +// WithTopologySpreadConstraints adds the given value to the TopologySpreadConstraints field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the TopologySpreadConstraints field. +func (b *LogConfigApplyConfiguration) WithTopologySpreadConstraints(values ...v1.TopologySpreadConstraint) *LogConfigApplyConfiguration { + for i := range values { + b.TopologySpreadConstraints = append(b.TopologySpreadConstraints, values[i]) + } + return b +} + +// WithAnnotations puts the entries into the Annotations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Annotations field, +// overwriting an existing map entries in Annotations field with the same key. +func (b *LogConfigApplyConfiguration) WithAnnotations(entries map[string]string) *LogConfigApplyConfiguration { + if b.Annotations == nil && len(entries) > 0 { + b.Annotations = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.Annotations[k] = v + } + return b +} + +// WithLabels puts the entries into the Labels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Labels field, +// overwriting an existing map entries in Labels field with the same key. +func (b *LogConfigApplyConfiguration) WithLabels(entries map[string]string) *LogConfigApplyConfiguration { + if b.Labels == nil && len(entries) > 0 { + b.Labels = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.Labels[k] = v + } + return b +} + +// WithDb sets the Db field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Db field is set to the value of the last call. +func (b *LogConfigApplyConfiguration) WithDb(value *LogDbConfigApplyConfiguration) *LogConfigApplyConfiguration { + b.Db = value + return b +} + +// WithAudit sets the Audit field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Audit field is set to the value of the last call. +func (b *LogConfigApplyConfiguration) WithAudit(value *AuditConfigApplyConfiguration) *LogConfigApplyConfiguration { + b.Audit = value + return b +} + +// WithSecurityContext sets the SecurityContext field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SecurityContext field is set to the value of the last call. +func (b *LogConfigApplyConfiguration) WithSecurityContext(value v1.PodSecurityContext) *LogConfigApplyConfiguration { + b.SecurityContext = &value + return b +} + +// WithServiceAccountName sets the ServiceAccountName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ServiceAccountName field is set to the value of the last call. +func (b *LogConfigApplyConfiguration) WithServiceAccountName(value string) *LogConfigApplyConfiguration { + b.ServiceAccountName = &value + return b +} + +// WithEnv adds the given value to the Env field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Env field. +func (b *LogConfigApplyConfiguration) WithEnv(values ...v1.EnvVar) *LogConfigApplyConfiguration { + for i := range values { + b.Env = append(b.Env, values[i]) + } + return b +} diff --git a/pkg/client/applyconfiguration/minio.min.io/v2/logdbconfig.go b/pkg/client/applyconfiguration/minio.min.io/v2/logdbconfig.go new file mode 100644 index 00000000000..d9dcab9629b --- /dev/null +++ b/pkg/client/applyconfiguration/minio.min.io/v2/logdbconfig.go @@ -0,0 +1,175 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v2 + +import ( + v1 "k8s.io/api/core/v1" +) + +// LogDbConfigApplyConfiguration represents an declarative configuration of the LogDbConfig type for use +// with apply. +type LogDbConfigApplyConfiguration struct { + Image *string `json:"image,omitempty"` + InitImage *string `json:"initimage,omitempty"` + VolumeClaimTemplate *v1.PersistentVolumeClaim `json:"volumeClaimTemplate,omitempty"` + Resources *v1.ResourceRequirements `json:"resources,omitempty"` + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + Affinity *v1.Affinity `json:"affinity,omitempty"` + Tolerations []v1.Toleration `json:"tolerations,omitempty"` + TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` + Annotations map[string]string `json:"annotations,omitempty"` + Labels map[string]string `json:"labels,omitempty"` + SecurityContext *v1.PodSecurityContext `json:"securityContext,omitempty"` + ServiceAccountName *string `json:"serviceAccountName,omitempty"` + Env []v1.EnvVar `json:"env,omitempty"` +} + +// LogDbConfigApplyConfiguration constructs an declarative configuration of the LogDbConfig type for use with +// apply. +func LogDbConfig() *LogDbConfigApplyConfiguration { + return &LogDbConfigApplyConfiguration{} +} + +// WithImage sets the Image field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Image field is set to the value of the last call. +func (b *LogDbConfigApplyConfiguration) WithImage(value string) *LogDbConfigApplyConfiguration { + b.Image = &value + return b +} + +// WithInitImage sets the InitImage field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the InitImage field is set to the value of the last call. +func (b *LogDbConfigApplyConfiguration) WithInitImage(value string) *LogDbConfigApplyConfiguration { + b.InitImage = &value + return b +} + +// WithVolumeClaimTemplate sets the VolumeClaimTemplate field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the VolumeClaimTemplate field is set to the value of the last call. +func (b *LogDbConfigApplyConfiguration) WithVolumeClaimTemplate(value v1.PersistentVolumeClaim) *LogDbConfigApplyConfiguration { + b.VolumeClaimTemplate = &value + return b +} + +// WithResources sets the Resources field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Resources field is set to the value of the last call. +func (b *LogDbConfigApplyConfiguration) WithResources(value v1.ResourceRequirements) *LogDbConfigApplyConfiguration { + b.Resources = &value + return b +} + +// WithNodeSelector puts the entries into the NodeSelector field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the NodeSelector field, +// overwriting an existing map entries in NodeSelector field with the same key. +func (b *LogDbConfigApplyConfiguration) WithNodeSelector(entries map[string]string) *LogDbConfigApplyConfiguration { + if b.NodeSelector == nil && len(entries) > 0 { + b.NodeSelector = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.NodeSelector[k] = v + } + return b +} + +// WithAffinity sets the Affinity field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Affinity field is set to the value of the last call. +func (b *LogDbConfigApplyConfiguration) WithAffinity(value v1.Affinity) *LogDbConfigApplyConfiguration { + b.Affinity = &value + return b +} + +// WithTolerations adds the given value to the Tolerations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Tolerations field. +func (b *LogDbConfigApplyConfiguration) WithTolerations(values ...v1.Toleration) *LogDbConfigApplyConfiguration { + for i := range values { + b.Tolerations = append(b.Tolerations, values[i]) + } + return b +} + +// WithTopologySpreadConstraints adds the given value to the TopologySpreadConstraints field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the TopologySpreadConstraints field. +func (b *LogDbConfigApplyConfiguration) WithTopologySpreadConstraints(values ...v1.TopologySpreadConstraint) *LogDbConfigApplyConfiguration { + for i := range values { + b.TopologySpreadConstraints = append(b.TopologySpreadConstraints, values[i]) + } + return b +} + +// WithAnnotations puts the entries into the Annotations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Annotations field, +// overwriting an existing map entries in Annotations field with the same key. +func (b *LogDbConfigApplyConfiguration) WithAnnotations(entries map[string]string) *LogDbConfigApplyConfiguration { + if b.Annotations == nil && len(entries) > 0 { + b.Annotations = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.Annotations[k] = v + } + return b +} + +// WithLabels puts the entries into the Labels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Labels field, +// overwriting an existing map entries in Labels field with the same key. +func (b *LogDbConfigApplyConfiguration) WithLabels(entries map[string]string) *LogDbConfigApplyConfiguration { + if b.Labels == nil && len(entries) > 0 { + b.Labels = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.Labels[k] = v + } + return b +} + +// WithSecurityContext sets the SecurityContext field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SecurityContext field is set to the value of the last call. +func (b *LogDbConfigApplyConfiguration) WithSecurityContext(value v1.PodSecurityContext) *LogDbConfigApplyConfiguration { + b.SecurityContext = &value + return b +} + +// WithServiceAccountName sets the ServiceAccountName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ServiceAccountName field is set to the value of the last call. +func (b *LogDbConfigApplyConfiguration) WithServiceAccountName(value string) *LogDbConfigApplyConfiguration { + b.ServiceAccountName = &value + return b +} + +// WithEnv adds the given value to the Env field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Env field. +func (b *LogDbConfigApplyConfiguration) WithEnv(values ...v1.EnvVar) *LogDbConfigApplyConfiguration { + for i := range values { + b.Env = append(b.Env, values[i]) + } + return b +} diff --git a/pkg/client/applyconfiguration/minio.min.io/v2/logging.go b/pkg/client/applyconfiguration/minio.min.io/v2/logging.go new file mode 100644 index 00000000000..a2a8dd7d215 --- /dev/null +++ b/pkg/client/applyconfiguration/minio.min.io/v2/logging.go @@ -0,0 +1,57 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v2 + +// LoggingApplyConfiguration represents an declarative configuration of the Logging type for use +// with apply. +type LoggingApplyConfiguration struct { + JSON *bool `json:"json,omitempty"` + Anonymous *bool `json:"anonymous,omitempty"` + Quiet *bool `json:"quiet,omitempty"` +} + +// LoggingApplyConfiguration constructs an declarative configuration of the Logging type for use with +// apply. +func Logging() *LoggingApplyConfiguration { + return &LoggingApplyConfiguration{} +} + +// WithJSON sets the JSON field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the JSON field is set to the value of the last call. +func (b *LoggingApplyConfiguration) WithJSON(value bool) *LoggingApplyConfiguration { + b.JSON = &value + return b +} + +// WithAnonymous sets the Anonymous field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Anonymous field is set to the value of the last call. +func (b *LoggingApplyConfiguration) WithAnonymous(value bool) *LoggingApplyConfiguration { + b.Anonymous = &value + return b +} + +// WithQuiet sets the Quiet field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Quiet field is set to the value of the last call. +func (b *LoggingApplyConfiguration) WithQuiet(value bool) *LoggingApplyConfiguration { + b.Quiet = &value + return b +} diff --git a/pkg/client/applyconfiguration/minio.min.io/v2/pool.go b/pkg/client/applyconfiguration/minio.min.io/v2/pool.go new file mode 100644 index 00000000000..b8cf99b462f --- /dev/null +++ b/pkg/client/applyconfiguration/minio.min.io/v2/pool.go @@ -0,0 +1,182 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v2 + +import ( + v1 "k8s.io/api/core/v1" +) + +// PoolApplyConfiguration represents an declarative configuration of the Pool type for use +// with apply. +type PoolApplyConfiguration struct { + Name *string `json:"name,omitempty"` + Servers *int32 `json:"servers,omitempty"` + VolumesPerServer *int32 `json:"volumesPerServer,omitempty"` + VolumeClaimTemplate *v1.PersistentVolumeClaim `json:"volumeClaimTemplate,omitempty"` + Resources *v1.ResourceRequirements `json:"resources,omitempty"` + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + Affinity *v1.Affinity `json:"affinity,omitempty"` + Tolerations []v1.Toleration `json:"tolerations,omitempty"` + TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` + SecurityContext *v1.PodSecurityContext `json:"securityContext,omitempty"` + ContainerSecurityContext *v1.SecurityContext `json:"containerSecurityContext,omitempty"` + Annotations map[string]string `json:"annotations,omitempty"` + Labels map[string]string `json:"labels,omitempty"` + RuntimeClassName *string `json:"runtimeClassName,omitempty"` +} + +// PoolApplyConfiguration constructs an declarative configuration of the Pool type for use with +// apply. +func Pool() *PoolApplyConfiguration { + return &PoolApplyConfiguration{} +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *PoolApplyConfiguration) WithName(value string) *PoolApplyConfiguration { + b.Name = &value + return b +} + +// WithServers sets the Servers field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Servers field is set to the value of the last call. +func (b *PoolApplyConfiguration) WithServers(value int32) *PoolApplyConfiguration { + b.Servers = &value + return b +} + +// WithVolumesPerServer sets the VolumesPerServer field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the VolumesPerServer field is set to the value of the last call. +func (b *PoolApplyConfiguration) WithVolumesPerServer(value int32) *PoolApplyConfiguration { + b.VolumesPerServer = &value + return b +} + +// WithVolumeClaimTemplate sets the VolumeClaimTemplate field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the VolumeClaimTemplate field is set to the value of the last call. +func (b *PoolApplyConfiguration) WithVolumeClaimTemplate(value v1.PersistentVolumeClaim) *PoolApplyConfiguration { + b.VolumeClaimTemplate = &value + return b +} + +// WithResources sets the Resources field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Resources field is set to the value of the last call. +func (b *PoolApplyConfiguration) WithResources(value v1.ResourceRequirements) *PoolApplyConfiguration { + b.Resources = &value + return b +} + +// WithNodeSelector puts the entries into the NodeSelector field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the NodeSelector field, +// overwriting an existing map entries in NodeSelector field with the same key. +func (b *PoolApplyConfiguration) WithNodeSelector(entries map[string]string) *PoolApplyConfiguration { + if b.NodeSelector == nil && len(entries) > 0 { + b.NodeSelector = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.NodeSelector[k] = v + } + return b +} + +// WithAffinity sets the Affinity field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Affinity field is set to the value of the last call. +func (b *PoolApplyConfiguration) WithAffinity(value v1.Affinity) *PoolApplyConfiguration { + b.Affinity = &value + return b +} + +// WithTolerations adds the given value to the Tolerations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Tolerations field. +func (b *PoolApplyConfiguration) WithTolerations(values ...v1.Toleration) *PoolApplyConfiguration { + for i := range values { + b.Tolerations = append(b.Tolerations, values[i]) + } + return b +} + +// WithTopologySpreadConstraints adds the given value to the TopologySpreadConstraints field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the TopologySpreadConstraints field. +func (b *PoolApplyConfiguration) WithTopologySpreadConstraints(values ...v1.TopologySpreadConstraint) *PoolApplyConfiguration { + for i := range values { + b.TopologySpreadConstraints = append(b.TopologySpreadConstraints, values[i]) + } + return b +} + +// WithSecurityContext sets the SecurityContext field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SecurityContext field is set to the value of the last call. +func (b *PoolApplyConfiguration) WithSecurityContext(value v1.PodSecurityContext) *PoolApplyConfiguration { + b.SecurityContext = &value + return b +} + +// WithContainerSecurityContext sets the ContainerSecurityContext field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ContainerSecurityContext field is set to the value of the last call. +func (b *PoolApplyConfiguration) WithContainerSecurityContext(value v1.SecurityContext) *PoolApplyConfiguration { + b.ContainerSecurityContext = &value + return b +} + +// WithAnnotations puts the entries into the Annotations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Annotations field, +// overwriting an existing map entries in Annotations field with the same key. +func (b *PoolApplyConfiguration) WithAnnotations(entries map[string]string) *PoolApplyConfiguration { + if b.Annotations == nil && len(entries) > 0 { + b.Annotations = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.Annotations[k] = v + } + return b +} + +// WithLabels puts the entries into the Labels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Labels field, +// overwriting an existing map entries in Labels field with the same key. +func (b *PoolApplyConfiguration) WithLabels(entries map[string]string) *PoolApplyConfiguration { + if b.Labels == nil && len(entries) > 0 { + b.Labels = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.Labels[k] = v + } + return b +} + +// WithRuntimeClassName sets the RuntimeClassName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the RuntimeClassName field is set to the value of the last call. +func (b *PoolApplyConfiguration) WithRuntimeClassName(value string) *PoolApplyConfiguration { + b.RuntimeClassName = &value + return b +} diff --git a/pkg/client/applyconfiguration/minio.min.io/v2/poolstatus.go b/pkg/client/applyconfiguration/minio.min.io/v2/poolstatus.go new file mode 100644 index 00000000000..266737bd9c4 --- /dev/null +++ b/pkg/client/applyconfiguration/minio.min.io/v2/poolstatus.go @@ -0,0 +1,61 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v2 + +import ( + v2 "github.com/minio/operator/pkg/apis/minio.min.io/v2" +) + +// PoolStatusApplyConfiguration represents an declarative configuration of the PoolStatus type for use +// with apply. +type PoolStatusApplyConfiguration struct { + SSName *string `json:"ssName,omitempty"` + State *v2.PoolState `json:"state,omitempty"` + LegacySecurityContext *bool `json:"legacySecurityContext,omitempty"` +} + +// PoolStatusApplyConfiguration constructs an declarative configuration of the PoolStatus type for use with +// apply. +func PoolStatus() *PoolStatusApplyConfiguration { + return &PoolStatusApplyConfiguration{} +} + +// WithSSName sets the SSName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SSName field is set to the value of the last call. +func (b *PoolStatusApplyConfiguration) WithSSName(value string) *PoolStatusApplyConfiguration { + b.SSName = &value + return b +} + +// WithState sets the State field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the State field is set to the value of the last call. +func (b *PoolStatusApplyConfiguration) WithState(value v2.PoolState) *PoolStatusApplyConfiguration { + b.State = &value + return b +} + +// WithLegacySecurityContext sets the LegacySecurityContext field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the LegacySecurityContext field is set to the value of the last call. +func (b *PoolStatusApplyConfiguration) WithLegacySecurityContext(value bool) *PoolStatusApplyConfiguration { + b.LegacySecurityContext = &value + return b +} diff --git a/pkg/client/applyconfiguration/minio.min.io/v2/prometheusconfig.go b/pkg/client/applyconfiguration/minio.min.io/v2/prometheusconfig.go new file mode 100644 index 00000000000..dc116d079b5 --- /dev/null +++ b/pkg/client/applyconfiguration/minio.min.io/v2/prometheusconfig.go @@ -0,0 +1,193 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v2 + +import ( + v1 "k8s.io/api/core/v1" +) + +// PrometheusConfigApplyConfiguration represents an declarative configuration of the PrometheusConfig type for use +// with apply. +type PrometheusConfigApplyConfiguration struct { + Image *string `json:"image,omitempty"` + SideCarImage *string `json:"sidecarimage,omitempty"` + InitImage *string `json:"initimage,omitempty"` + DiskCapacityDB *int `json:"diskCapacityGB,omitempty"` + StorageClassName *string `json:"storageClassName,omitempty"` + Annotations map[string]string `json:"annotations,omitempty"` + Labels map[string]string `json:"labels,omitempty"` + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + Affinity *v1.Affinity `json:"affinity,omitempty"` + Tolerations []v1.Toleration `json:"tolerations,omitempty"` + TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` + Resources *v1.ResourceRequirements `json:"resources,omitempty"` + SecurityContext *v1.PodSecurityContext `json:"securityContext,omitempty"` + ServiceAccountName *string `json:"serviceAccountName,omitempty"` + Env []v1.EnvVar `json:"env,omitempty"` +} + +// PrometheusConfigApplyConfiguration constructs an declarative configuration of the PrometheusConfig type for use with +// apply. +func PrometheusConfig() *PrometheusConfigApplyConfiguration { + return &PrometheusConfigApplyConfiguration{} +} + +// WithImage sets the Image field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Image field is set to the value of the last call. +func (b *PrometheusConfigApplyConfiguration) WithImage(value string) *PrometheusConfigApplyConfiguration { + b.Image = &value + return b +} + +// WithSideCarImage sets the SideCarImage field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SideCarImage field is set to the value of the last call. +func (b *PrometheusConfigApplyConfiguration) WithSideCarImage(value string) *PrometheusConfigApplyConfiguration { + b.SideCarImage = &value + return b +} + +// WithInitImage sets the InitImage field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the InitImage field is set to the value of the last call. +func (b *PrometheusConfigApplyConfiguration) WithInitImage(value string) *PrometheusConfigApplyConfiguration { + b.InitImage = &value + return b +} + +// WithDiskCapacityDB sets the DiskCapacityDB field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DiskCapacityDB field is set to the value of the last call. +func (b *PrometheusConfigApplyConfiguration) WithDiskCapacityDB(value int) *PrometheusConfigApplyConfiguration { + b.DiskCapacityDB = &value + return b +} + +// WithStorageClassName sets the StorageClassName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the StorageClassName field is set to the value of the last call. +func (b *PrometheusConfigApplyConfiguration) WithStorageClassName(value string) *PrometheusConfigApplyConfiguration { + b.StorageClassName = &value + return b +} + +// WithAnnotations puts the entries into the Annotations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Annotations field, +// overwriting an existing map entries in Annotations field with the same key. +func (b *PrometheusConfigApplyConfiguration) WithAnnotations(entries map[string]string) *PrometheusConfigApplyConfiguration { + if b.Annotations == nil && len(entries) > 0 { + b.Annotations = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.Annotations[k] = v + } + return b +} + +// WithLabels puts the entries into the Labels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Labels field, +// overwriting an existing map entries in Labels field with the same key. +func (b *PrometheusConfigApplyConfiguration) WithLabels(entries map[string]string) *PrometheusConfigApplyConfiguration { + if b.Labels == nil && len(entries) > 0 { + b.Labels = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.Labels[k] = v + } + return b +} + +// WithNodeSelector puts the entries into the NodeSelector field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the NodeSelector field, +// overwriting an existing map entries in NodeSelector field with the same key. +func (b *PrometheusConfigApplyConfiguration) WithNodeSelector(entries map[string]string) *PrometheusConfigApplyConfiguration { + if b.NodeSelector == nil && len(entries) > 0 { + b.NodeSelector = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.NodeSelector[k] = v + } + return b +} + +// WithAffinity sets the Affinity field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Affinity field is set to the value of the last call. +func (b *PrometheusConfigApplyConfiguration) WithAffinity(value v1.Affinity) *PrometheusConfigApplyConfiguration { + b.Affinity = &value + return b +} + +// WithTolerations adds the given value to the Tolerations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Tolerations field. +func (b *PrometheusConfigApplyConfiguration) WithTolerations(values ...v1.Toleration) *PrometheusConfigApplyConfiguration { + for i := range values { + b.Tolerations = append(b.Tolerations, values[i]) + } + return b +} + +// WithTopologySpreadConstraints adds the given value to the TopologySpreadConstraints field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the TopologySpreadConstraints field. +func (b *PrometheusConfigApplyConfiguration) WithTopologySpreadConstraints(values ...v1.TopologySpreadConstraint) *PrometheusConfigApplyConfiguration { + for i := range values { + b.TopologySpreadConstraints = append(b.TopologySpreadConstraints, values[i]) + } + return b +} + +// WithResources sets the Resources field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Resources field is set to the value of the last call. +func (b *PrometheusConfigApplyConfiguration) WithResources(value v1.ResourceRequirements) *PrometheusConfigApplyConfiguration { + b.Resources = &value + return b +} + +// WithSecurityContext sets the SecurityContext field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SecurityContext field is set to the value of the last call. +func (b *PrometheusConfigApplyConfiguration) WithSecurityContext(value v1.PodSecurityContext) *PrometheusConfigApplyConfiguration { + b.SecurityContext = &value + return b +} + +// WithServiceAccountName sets the ServiceAccountName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ServiceAccountName field is set to the value of the last call. +func (b *PrometheusConfigApplyConfiguration) WithServiceAccountName(value string) *PrometheusConfigApplyConfiguration { + b.ServiceAccountName = &value + return b +} + +// WithEnv adds the given value to the Env field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Env field. +func (b *PrometheusConfigApplyConfiguration) WithEnv(values ...v1.EnvVar) *PrometheusConfigApplyConfiguration { + for i := range values { + b.Env = append(b.Env, values[i]) + } + return b +} diff --git a/pkg/client/applyconfiguration/minio.min.io/v2/s3features.go b/pkg/client/applyconfiguration/minio.min.io/v2/s3features.go new file mode 100644 index 00000000000..5490c642ae2 --- /dev/null +++ b/pkg/client/applyconfiguration/minio.min.io/v2/s3features.go @@ -0,0 +1,39 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v2 + +// S3FeaturesApplyConfiguration represents an declarative configuration of the S3Features type for use +// with apply. +type S3FeaturesApplyConfiguration struct { + BucketDNS *bool `json:"bucketDNS,omitempty"` +} + +// S3FeaturesApplyConfiguration constructs an declarative configuration of the S3Features type for use with +// apply. +func S3Features() *S3FeaturesApplyConfiguration { + return &S3FeaturesApplyConfiguration{} +} + +// WithBucketDNS sets the BucketDNS field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the BucketDNS field is set to the value of the last call. +func (b *S3FeaturesApplyConfiguration) WithBucketDNS(value bool) *S3FeaturesApplyConfiguration { + b.BucketDNS = &value + return b +} diff --git a/pkg/client/applyconfiguration/minio.min.io/v2/servicemetadata.go b/pkg/client/applyconfiguration/minio.min.io/v2/servicemetadata.go new file mode 100644 index 00000000000..490e825b615 --- /dev/null +++ b/pkg/client/applyconfiguration/minio.min.io/v2/servicemetadata.go @@ -0,0 +1,90 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v2 + +// ServiceMetadataApplyConfiguration represents an declarative configuration of the ServiceMetadata type for use +// with apply. +type ServiceMetadataApplyConfiguration struct { + MinIOServiceLabels map[string]string `json:"minioServiceLabels,omitempty"` + MinIOServiceAnnotations map[string]string `json:"minioServiceAnnotations,omitempty"` + ConsoleServiceLabels map[string]string `json:"consoleServiceLabels,omitempty"` + ConsoleServiceAnnotations map[string]string `json:"consoleServiceAnnotations,omitempty"` +} + +// ServiceMetadataApplyConfiguration constructs an declarative configuration of the ServiceMetadata type for use with +// apply. +func ServiceMetadata() *ServiceMetadataApplyConfiguration { + return &ServiceMetadataApplyConfiguration{} +} + +// WithMinIOServiceLabels puts the entries into the MinIOServiceLabels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the MinIOServiceLabels field, +// overwriting an existing map entries in MinIOServiceLabels field with the same key. +func (b *ServiceMetadataApplyConfiguration) WithMinIOServiceLabels(entries map[string]string) *ServiceMetadataApplyConfiguration { + if b.MinIOServiceLabels == nil && len(entries) > 0 { + b.MinIOServiceLabels = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.MinIOServiceLabels[k] = v + } + return b +} + +// WithMinIOServiceAnnotations puts the entries into the MinIOServiceAnnotations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the MinIOServiceAnnotations field, +// overwriting an existing map entries in MinIOServiceAnnotations field with the same key. +func (b *ServiceMetadataApplyConfiguration) WithMinIOServiceAnnotations(entries map[string]string) *ServiceMetadataApplyConfiguration { + if b.MinIOServiceAnnotations == nil && len(entries) > 0 { + b.MinIOServiceAnnotations = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.MinIOServiceAnnotations[k] = v + } + return b +} + +// WithConsoleServiceLabels puts the entries into the ConsoleServiceLabels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the ConsoleServiceLabels field, +// overwriting an existing map entries in ConsoleServiceLabels field with the same key. +func (b *ServiceMetadataApplyConfiguration) WithConsoleServiceLabels(entries map[string]string) *ServiceMetadataApplyConfiguration { + if b.ConsoleServiceLabels == nil && len(entries) > 0 { + b.ConsoleServiceLabels = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.ConsoleServiceLabels[k] = v + } + return b +} + +// WithConsoleServiceAnnotations puts the entries into the ConsoleServiceAnnotations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the ConsoleServiceAnnotations field, +// overwriting an existing map entries in ConsoleServiceAnnotations field with the same key. +func (b *ServiceMetadataApplyConfiguration) WithConsoleServiceAnnotations(entries map[string]string) *ServiceMetadataApplyConfiguration { + if b.ConsoleServiceAnnotations == nil && len(entries) > 0 { + b.ConsoleServiceAnnotations = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.ConsoleServiceAnnotations[k] = v + } + return b +} diff --git a/pkg/client/applyconfiguration/minio.min.io/v2/sidecars.go b/pkg/client/applyconfiguration/minio.min.io/v2/sidecars.go new file mode 100644 index 00000000000..2dedd201dd1 --- /dev/null +++ b/pkg/client/applyconfiguration/minio.min.io/v2/sidecars.go @@ -0,0 +1,67 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v2 + +import ( + v1 "k8s.io/api/core/v1" +) + +// SideCarsApplyConfiguration represents an declarative configuration of the SideCars type for use +// with apply. +type SideCarsApplyConfiguration struct { + Containers []v1.Container `json:"containers,omitempty"` + VolumeClaimTemplates []v1.PersistentVolumeClaim `json:"volumeClaimTemplates,omitempty"` + Volumes []v1.Volume `json:"volumes,omitempty"` +} + +// SideCarsApplyConfiguration constructs an declarative configuration of the SideCars type for use with +// apply. +func SideCars() *SideCarsApplyConfiguration { + return &SideCarsApplyConfiguration{} +} + +// WithContainers adds the given value to the Containers field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Containers field. +func (b *SideCarsApplyConfiguration) WithContainers(values ...v1.Container) *SideCarsApplyConfiguration { + for i := range values { + b.Containers = append(b.Containers, values[i]) + } + return b +} + +// WithVolumeClaimTemplates adds the given value to the VolumeClaimTemplates field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the VolumeClaimTemplates field. +func (b *SideCarsApplyConfiguration) WithVolumeClaimTemplates(values ...v1.PersistentVolumeClaim) *SideCarsApplyConfiguration { + for i := range values { + b.VolumeClaimTemplates = append(b.VolumeClaimTemplates, values[i]) + } + return b +} + +// WithVolumes adds the given value to the Volumes field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Volumes field. +func (b *SideCarsApplyConfiguration) WithVolumes(values ...v1.Volume) *SideCarsApplyConfiguration { + for i := range values { + b.Volumes = append(b.Volumes, values[i]) + } + return b +} diff --git a/pkg/client/applyconfiguration/minio.min.io/v2/tenant.go b/pkg/client/applyconfiguration/minio.min.io/v2/tenant.go new file mode 100644 index 00000000000..c226e57d909 --- /dev/null +++ b/pkg/client/applyconfiguration/minio.min.io/v2/tenant.go @@ -0,0 +1,228 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v2 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + v1 "k8s.io/client-go/applyconfigurations/meta/v1" +) + +// TenantApplyConfiguration represents an declarative configuration of the Tenant type for use +// with apply. +type TenantApplyConfiguration struct { + v1.TypeMetaApplyConfiguration `json:",inline"` + *v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"` + Scheduler *TenantSchedulerApplyConfiguration `json:"scheduler,omitempty"` + Spec *TenantSpecApplyConfiguration `json:"spec,omitempty"` + Status *TenantStatusApplyConfiguration `json:"status,omitempty"` +} + +// Tenant constructs an declarative configuration of the Tenant type for use with +// apply. +func Tenant(name, namespace string) *TenantApplyConfiguration { + b := &TenantApplyConfiguration{} + b.WithName(name) + b.WithNamespace(namespace) + b.WithKind("Tenant") + b.WithAPIVersion("minio.min.io/v2") + return b +} + +// WithKind sets the Kind field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Kind field is set to the value of the last call. +func (b *TenantApplyConfiguration) WithKind(value string) *TenantApplyConfiguration { + b.Kind = &value + return b +} + +// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the APIVersion field is set to the value of the last call. +func (b *TenantApplyConfiguration) WithAPIVersion(value string) *TenantApplyConfiguration { + b.APIVersion = &value + return b +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *TenantApplyConfiguration) WithName(value string) *TenantApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.Name = &value + return b +} + +// WithGenerateName sets the GenerateName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the GenerateName field is set to the value of the last call. +func (b *TenantApplyConfiguration) WithGenerateName(value string) *TenantApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.GenerateName = &value + return b +} + +// WithNamespace sets the Namespace field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Namespace field is set to the value of the last call. +func (b *TenantApplyConfiguration) WithNamespace(value string) *TenantApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.Namespace = &value + return b +} + +// WithUID sets the UID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the UID field is set to the value of the last call. +func (b *TenantApplyConfiguration) WithUID(value types.UID) *TenantApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.UID = &value + return b +} + +// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ResourceVersion field is set to the value of the last call. +func (b *TenantApplyConfiguration) WithResourceVersion(value string) *TenantApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ResourceVersion = &value + return b +} + +// WithGeneration sets the Generation field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Generation field is set to the value of the last call. +func (b *TenantApplyConfiguration) WithGeneration(value int64) *TenantApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.Generation = &value + return b +} + +// WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CreationTimestamp field is set to the value of the last call. +func (b *TenantApplyConfiguration) WithCreationTimestamp(value metav1.Time) *TenantApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.CreationTimestamp = &value + return b +} + +// WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DeletionTimestamp field is set to the value of the last call. +func (b *TenantApplyConfiguration) WithDeletionTimestamp(value metav1.Time) *TenantApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.DeletionTimestamp = &value + return b +} + +// WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call. +func (b *TenantApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *TenantApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.DeletionGracePeriodSeconds = &value + return b +} + +// WithLabels puts the entries into the Labels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Labels field, +// overwriting an existing map entries in Labels field with the same key. +func (b *TenantApplyConfiguration) WithLabels(entries map[string]string) *TenantApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + if b.Labels == nil && len(entries) > 0 { + b.Labels = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.Labels[k] = v + } + return b +} + +// WithAnnotations puts the entries into the Annotations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Annotations field, +// overwriting an existing map entries in Annotations field with the same key. +func (b *TenantApplyConfiguration) WithAnnotations(entries map[string]string) *TenantApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + if b.Annotations == nil && len(entries) > 0 { + b.Annotations = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.Annotations[k] = v + } + return b +} + +// WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the OwnerReferences field. +func (b *TenantApplyConfiguration) WithOwnerReferences(values ...*v1.OwnerReferenceApplyConfiguration) *TenantApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + for i := range values { + if values[i] == nil { + panic("nil value passed to WithOwnerReferences") + } + b.OwnerReferences = append(b.OwnerReferences, *values[i]) + } + return b +} + +// WithFinalizers adds the given value to the Finalizers field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Finalizers field. +func (b *TenantApplyConfiguration) WithFinalizers(values ...string) *TenantApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + for i := range values { + b.Finalizers = append(b.Finalizers, values[i]) + } + return b +} + +func (b *TenantApplyConfiguration) ensureObjectMetaApplyConfigurationExists() { + if b.ObjectMetaApplyConfiguration == nil { + b.ObjectMetaApplyConfiguration = &v1.ObjectMetaApplyConfiguration{} + } +} + +// WithScheduler sets the Scheduler field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Scheduler field is set to the value of the last call. +func (b *TenantApplyConfiguration) WithScheduler(value *TenantSchedulerApplyConfiguration) *TenantApplyConfiguration { + b.Scheduler = value + return b +} + +// WithSpec sets the Spec field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Spec field is set to the value of the last call. +func (b *TenantApplyConfiguration) WithSpec(value *TenantSpecApplyConfiguration) *TenantApplyConfiguration { + b.Spec = value + return b +} + +// WithStatus sets the Status field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Status field is set to the value of the last call. +func (b *TenantApplyConfiguration) WithStatus(value *TenantStatusApplyConfiguration) *TenantApplyConfiguration { + b.Status = value + return b +} diff --git a/pkg/client/applyconfiguration/minio.min.io/v2/tenantdomains.go b/pkg/client/applyconfiguration/minio.min.io/v2/tenantdomains.go new file mode 100644 index 00000000000..11aec624d19 --- /dev/null +++ b/pkg/client/applyconfiguration/minio.min.io/v2/tenantdomains.go @@ -0,0 +1,50 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v2 + +// TenantDomainsApplyConfiguration represents an declarative configuration of the TenantDomains type for use +// with apply. +type TenantDomainsApplyConfiguration struct { + Minio []string `json:"minio,omitempty"` + Console *string `json:"console,omitempty"` +} + +// TenantDomainsApplyConfiguration constructs an declarative configuration of the TenantDomains type for use with +// apply. +func TenantDomains() *TenantDomainsApplyConfiguration { + return &TenantDomainsApplyConfiguration{} +} + +// WithMinio adds the given value to the Minio field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Minio field. +func (b *TenantDomainsApplyConfiguration) WithMinio(values ...string) *TenantDomainsApplyConfiguration { + for i := range values { + b.Minio = append(b.Minio, values[i]) + } + return b +} + +// WithConsole sets the Console field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Console field is set to the value of the last call. +func (b *TenantDomainsApplyConfiguration) WithConsole(value string) *TenantDomainsApplyConfiguration { + b.Console = &value + return b +} diff --git a/pkg/client/applyconfiguration/minio.min.io/v2/tenantscheduler.go b/pkg/client/applyconfiguration/minio.min.io/v2/tenantscheduler.go new file mode 100644 index 00000000000..56bcd1689b1 --- /dev/null +++ b/pkg/client/applyconfiguration/minio.min.io/v2/tenantscheduler.go @@ -0,0 +1,39 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v2 + +// TenantSchedulerApplyConfiguration represents an declarative configuration of the TenantScheduler type for use +// with apply. +type TenantSchedulerApplyConfiguration struct { + Name *string `json:"name,omitempty"` +} + +// TenantSchedulerApplyConfiguration constructs an declarative configuration of the TenantScheduler type for use with +// apply. +func TenantScheduler() *TenantSchedulerApplyConfiguration { + return &TenantSchedulerApplyConfiguration{} +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *TenantSchedulerApplyConfiguration) WithName(value string) *TenantSchedulerApplyConfiguration { + b.Name = &value + return b +} diff --git a/pkg/client/applyconfiguration/minio.min.io/v2/tenantspec.go b/pkg/client/applyconfiguration/minio.min.io/v2/tenantspec.go new file mode 100644 index 00000000000..3a12b63fe72 --- /dev/null +++ b/pkg/client/applyconfiguration/minio.min.io/v2/tenantspec.go @@ -0,0 +1,365 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v2 + +import ( + miniominiov2 "github.com/minio/operator/pkg/apis/minio.min.io/v2" + appsv1 "k8s.io/api/apps/v1" + v1 "k8s.io/api/core/v1" +) + +// TenantSpecApplyConfiguration represents an declarative configuration of the TenantSpec type for use +// with apply. +type TenantSpecApplyConfiguration struct { + Pools []PoolApplyConfiguration `json:"pools,omitempty"` + Image *string `json:"image,omitempty"` + ImagePullSecret *v1.LocalObjectReference `json:"imagePullSecret,omitempty"` + PodManagementPolicy *appsv1.PodManagementPolicyType `json:"podManagementPolicy,omitempty"` + CredsSecret *v1.LocalObjectReference `json:"credsSecret,omitempty"` + Env []v1.EnvVar `json:"env,omitempty"` + ExternalCertSecret []*miniominiov2.LocalCertificateReference `json:"externalCertSecret,omitempty"` + ExternalCaCertSecret []*miniominiov2.LocalCertificateReference `json:"externalCaCertSecret,omitempty"` + ExternalClientCertSecret *LocalCertificateReferenceApplyConfiguration `json:"externalClientCertSecret,omitempty"` + ExternalClientCertSecrets []*miniominiov2.LocalCertificateReference `json:"externalClientCertSecrets,omitempty"` + Mountpath *string `json:"mountPath,omitempty"` + Subpath *string `json:"subPath,omitempty"` + RequestAutoCert *bool `json:"requestAutoCert,omitempty"` + Liveness *v1.Probe `json:"liveness,omitempty"` + Readiness *v1.Probe `json:"readiness,omitempty"` + Startup *v1.Probe `json:"startup,omitempty"` + S3 *S3FeaturesApplyConfiguration `json:"s3,omitempty"` + Features *FeaturesApplyConfiguration `json:"features,omitempty"` + CertConfig *CertificateConfigApplyConfiguration `json:"certConfig,omitempty"` + KES *KESConfigApplyConfiguration `json:"kes,omitempty"` + Log *LogConfigApplyConfiguration `json:"log,omitempty"` + Prometheus *PrometheusConfigApplyConfiguration `json:"prometheus,omitempty"` + PrometheusOperator *bool `json:"prometheusOperator,omitempty"` + ServiceAccountName *string `json:"serviceAccountName,omitempty"` + PriorityClassName *string `json:"priorityClassName,omitempty"` + ImagePullPolicy *v1.PullPolicy `json:"imagePullPolicy,omitempty"` + SideCars *SideCarsApplyConfiguration `json:"sideCars,omitempty"` + ExposeServices *ExposeServicesApplyConfiguration `json:"exposeServices,omitempty"` + ServiceMetadata *ServiceMetadataApplyConfiguration `json:"serviceMetadata,omitempty"` + Users []*v1.LocalObjectReference `json:"users,omitempty"` + Buckets []BucketApplyConfiguration `json:"buckets,omitempty"` + Logging *LoggingApplyConfiguration `json:"logging,omitempty"` + Configuration *v1.LocalObjectReference `json:"configuration,omitempty"` +} + +// TenantSpecApplyConfiguration constructs an declarative configuration of the TenantSpec type for use with +// apply. +func TenantSpec() *TenantSpecApplyConfiguration { + return &TenantSpecApplyConfiguration{} +} + +// WithPools adds the given value to the Pools field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Pools field. +func (b *TenantSpecApplyConfiguration) WithPools(values ...*PoolApplyConfiguration) *TenantSpecApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithPools") + } + b.Pools = append(b.Pools, *values[i]) + } + return b +} + +// WithImage sets the Image field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Image field is set to the value of the last call. +func (b *TenantSpecApplyConfiguration) WithImage(value string) *TenantSpecApplyConfiguration { + b.Image = &value + return b +} + +// WithImagePullSecret sets the ImagePullSecret field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ImagePullSecret field is set to the value of the last call. +func (b *TenantSpecApplyConfiguration) WithImagePullSecret(value v1.LocalObjectReference) *TenantSpecApplyConfiguration { + b.ImagePullSecret = &value + return b +} + +// WithPodManagementPolicy sets the PodManagementPolicy field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the PodManagementPolicy field is set to the value of the last call. +func (b *TenantSpecApplyConfiguration) WithPodManagementPolicy(value appsv1.PodManagementPolicyType) *TenantSpecApplyConfiguration { + b.PodManagementPolicy = &value + return b +} + +// WithCredsSecret sets the CredsSecret field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CredsSecret field is set to the value of the last call. +func (b *TenantSpecApplyConfiguration) WithCredsSecret(value v1.LocalObjectReference) *TenantSpecApplyConfiguration { + b.CredsSecret = &value + return b +} + +// WithEnv adds the given value to the Env field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Env field. +func (b *TenantSpecApplyConfiguration) WithEnv(values ...v1.EnvVar) *TenantSpecApplyConfiguration { + for i := range values { + b.Env = append(b.Env, values[i]) + } + return b +} + +// WithExternalCertSecret adds the given value to the ExternalCertSecret field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the ExternalCertSecret field. +func (b *TenantSpecApplyConfiguration) WithExternalCertSecret(values ...**miniominiov2.LocalCertificateReference) *TenantSpecApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithExternalCertSecret") + } + b.ExternalCertSecret = append(b.ExternalCertSecret, *values[i]) + } + return b +} + +// WithExternalCaCertSecret adds the given value to the ExternalCaCertSecret field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the ExternalCaCertSecret field. +func (b *TenantSpecApplyConfiguration) WithExternalCaCertSecret(values ...**miniominiov2.LocalCertificateReference) *TenantSpecApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithExternalCaCertSecret") + } + b.ExternalCaCertSecret = append(b.ExternalCaCertSecret, *values[i]) + } + return b +} + +// WithExternalClientCertSecret sets the ExternalClientCertSecret field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ExternalClientCertSecret field is set to the value of the last call. +func (b *TenantSpecApplyConfiguration) WithExternalClientCertSecret(value *LocalCertificateReferenceApplyConfiguration) *TenantSpecApplyConfiguration { + b.ExternalClientCertSecret = value + return b +} + +// WithExternalClientCertSecrets adds the given value to the ExternalClientCertSecrets field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the ExternalClientCertSecrets field. +func (b *TenantSpecApplyConfiguration) WithExternalClientCertSecrets(values ...**miniominiov2.LocalCertificateReference) *TenantSpecApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithExternalClientCertSecrets") + } + b.ExternalClientCertSecrets = append(b.ExternalClientCertSecrets, *values[i]) + } + return b +} + +// WithMountpath sets the Mountpath field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Mountpath field is set to the value of the last call. +func (b *TenantSpecApplyConfiguration) WithMountpath(value string) *TenantSpecApplyConfiguration { + b.Mountpath = &value + return b +} + +// WithSubpath sets the Subpath field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Subpath field is set to the value of the last call. +func (b *TenantSpecApplyConfiguration) WithSubpath(value string) *TenantSpecApplyConfiguration { + b.Subpath = &value + return b +} + +// WithRequestAutoCert sets the RequestAutoCert field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the RequestAutoCert field is set to the value of the last call. +func (b *TenantSpecApplyConfiguration) WithRequestAutoCert(value bool) *TenantSpecApplyConfiguration { + b.RequestAutoCert = &value + return b +} + +// WithLiveness sets the Liveness field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Liveness field is set to the value of the last call. +func (b *TenantSpecApplyConfiguration) WithLiveness(value v1.Probe) *TenantSpecApplyConfiguration { + b.Liveness = &value + return b +} + +// WithReadiness sets the Readiness field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Readiness field is set to the value of the last call. +func (b *TenantSpecApplyConfiguration) WithReadiness(value v1.Probe) *TenantSpecApplyConfiguration { + b.Readiness = &value + return b +} + +// WithStartup sets the Startup field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Startup field is set to the value of the last call. +func (b *TenantSpecApplyConfiguration) WithStartup(value v1.Probe) *TenantSpecApplyConfiguration { + b.Startup = &value + return b +} + +// WithS3 sets the S3 field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the S3 field is set to the value of the last call. +func (b *TenantSpecApplyConfiguration) WithS3(value *S3FeaturesApplyConfiguration) *TenantSpecApplyConfiguration { + b.S3 = value + return b +} + +// WithFeatures sets the Features field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Features field is set to the value of the last call. +func (b *TenantSpecApplyConfiguration) WithFeatures(value *FeaturesApplyConfiguration) *TenantSpecApplyConfiguration { + b.Features = value + return b +} + +// WithCertConfig sets the CertConfig field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CertConfig field is set to the value of the last call. +func (b *TenantSpecApplyConfiguration) WithCertConfig(value *CertificateConfigApplyConfiguration) *TenantSpecApplyConfiguration { + b.CertConfig = value + return b +} + +// WithKES sets the KES field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the KES field is set to the value of the last call. +func (b *TenantSpecApplyConfiguration) WithKES(value *KESConfigApplyConfiguration) *TenantSpecApplyConfiguration { + b.KES = value + return b +} + +// WithLog sets the Log field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Log field is set to the value of the last call. +func (b *TenantSpecApplyConfiguration) WithLog(value *LogConfigApplyConfiguration) *TenantSpecApplyConfiguration { + b.Log = value + return b +} + +// WithPrometheus sets the Prometheus field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Prometheus field is set to the value of the last call. +func (b *TenantSpecApplyConfiguration) WithPrometheus(value *PrometheusConfigApplyConfiguration) *TenantSpecApplyConfiguration { + b.Prometheus = value + return b +} + +// WithPrometheusOperator sets the PrometheusOperator field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the PrometheusOperator field is set to the value of the last call. +func (b *TenantSpecApplyConfiguration) WithPrometheusOperator(value bool) *TenantSpecApplyConfiguration { + b.PrometheusOperator = &value + return b +} + +// WithServiceAccountName sets the ServiceAccountName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ServiceAccountName field is set to the value of the last call. +func (b *TenantSpecApplyConfiguration) WithServiceAccountName(value string) *TenantSpecApplyConfiguration { + b.ServiceAccountName = &value + return b +} + +// WithPriorityClassName sets the PriorityClassName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the PriorityClassName field is set to the value of the last call. +func (b *TenantSpecApplyConfiguration) WithPriorityClassName(value string) *TenantSpecApplyConfiguration { + b.PriorityClassName = &value + return b +} + +// WithImagePullPolicy sets the ImagePullPolicy field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ImagePullPolicy field is set to the value of the last call. +func (b *TenantSpecApplyConfiguration) WithImagePullPolicy(value v1.PullPolicy) *TenantSpecApplyConfiguration { + b.ImagePullPolicy = &value + return b +} + +// WithSideCars sets the SideCars field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SideCars field is set to the value of the last call. +func (b *TenantSpecApplyConfiguration) WithSideCars(value *SideCarsApplyConfiguration) *TenantSpecApplyConfiguration { + b.SideCars = value + return b +} + +// WithExposeServices sets the ExposeServices field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ExposeServices field is set to the value of the last call. +func (b *TenantSpecApplyConfiguration) WithExposeServices(value *ExposeServicesApplyConfiguration) *TenantSpecApplyConfiguration { + b.ExposeServices = value + return b +} + +// WithServiceMetadata sets the ServiceMetadata field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ServiceMetadata field is set to the value of the last call. +func (b *TenantSpecApplyConfiguration) WithServiceMetadata(value *ServiceMetadataApplyConfiguration) *TenantSpecApplyConfiguration { + b.ServiceMetadata = value + return b +} + +// WithUsers adds the given value to the Users field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Users field. +func (b *TenantSpecApplyConfiguration) WithUsers(values ...*v1.LocalObjectReference) *TenantSpecApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithUsers") + } + b.Users = append(b.Users, values[i]) + } + return b +} + +// WithBuckets adds the given value to the Buckets field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Buckets field. +func (b *TenantSpecApplyConfiguration) WithBuckets(values ...*BucketApplyConfiguration) *TenantSpecApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithBuckets") + } + b.Buckets = append(b.Buckets, *values[i]) + } + return b +} + +// WithLogging sets the Logging field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Logging field is set to the value of the last call. +func (b *TenantSpecApplyConfiguration) WithLogging(value *LoggingApplyConfiguration) *TenantSpecApplyConfiguration { + b.Logging = value + return b +} + +// WithConfiguration sets the Configuration field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Configuration field is set to the value of the last call. +func (b *TenantSpecApplyConfiguration) WithConfiguration(value v1.LocalObjectReference) *TenantSpecApplyConfiguration { + b.Configuration = &value + return b +} diff --git a/pkg/client/applyconfiguration/minio.min.io/v2/tenantstatus.go b/pkg/client/applyconfiguration/minio.min.io/v2/tenantstatus.go new file mode 100644 index 00000000000..d0dad817d87 --- /dev/null +++ b/pkg/client/applyconfiguration/minio.min.io/v2/tenantstatus.go @@ -0,0 +1,184 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v2 + +import ( + miniominiov2 "github.com/minio/operator/pkg/apis/minio.min.io/v2" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// TenantStatusApplyConfiguration represents an declarative configuration of the TenantStatus type for use +// with apply. +type TenantStatusApplyConfiguration struct { + CurrentState *string `json:"currentState,omitempty"` + AvailableReplicas *int32 `json:"availableReplicas,omitempty"` + Revision *int32 `json:"revision,omitempty"` + SyncVersion *string `json:"syncVersion,omitempty"` + Certificates *CertificateStatusApplyConfiguration `json:"certificates,omitempty"` + Pools []PoolStatusApplyConfiguration `json:"pools,omitempty"` + WriteQuorum *int32 `json:"writeQuorum,omitempty"` + DrivesOnline *int32 `json:"drivesOnline,omitempty"` + DrivesOffline *int32 `json:"drivesOffline,omitempty"` + DrivesHealing *int32 `json:"drivesHealing,omitempty"` + HealthStatus *miniominiov2.HealthStatus `json:"healthStatus,omitempty"` + HealthMessage *string `json:"healthMessage,omitempty"` + WaitingOnReady *v1.Time `json:"waitingOnReady,omitempty"` + Usage *TenantUsageApplyConfiguration `json:"usage,omitempty"` + ProvisionedUsers *bool `json:"provisionedUsers,omitempty"` + ProvisionedBuckets *bool `json:"provisionedBuckets,omitempty"` +} + +// TenantStatusApplyConfiguration constructs an declarative configuration of the TenantStatus type for use with +// apply. +func TenantStatus() *TenantStatusApplyConfiguration { + return &TenantStatusApplyConfiguration{} +} + +// WithCurrentState sets the CurrentState field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CurrentState field is set to the value of the last call. +func (b *TenantStatusApplyConfiguration) WithCurrentState(value string) *TenantStatusApplyConfiguration { + b.CurrentState = &value + return b +} + +// WithAvailableReplicas sets the AvailableReplicas field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the AvailableReplicas field is set to the value of the last call. +func (b *TenantStatusApplyConfiguration) WithAvailableReplicas(value int32) *TenantStatusApplyConfiguration { + b.AvailableReplicas = &value + return b +} + +// WithRevision sets the Revision field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Revision field is set to the value of the last call. +func (b *TenantStatusApplyConfiguration) WithRevision(value int32) *TenantStatusApplyConfiguration { + b.Revision = &value + return b +} + +// WithSyncVersion sets the SyncVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SyncVersion field is set to the value of the last call. +func (b *TenantStatusApplyConfiguration) WithSyncVersion(value string) *TenantStatusApplyConfiguration { + b.SyncVersion = &value + return b +} + +// WithCertificates sets the Certificates field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Certificates field is set to the value of the last call. +func (b *TenantStatusApplyConfiguration) WithCertificates(value *CertificateStatusApplyConfiguration) *TenantStatusApplyConfiguration { + b.Certificates = value + return b +} + +// WithPools adds the given value to the Pools field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Pools field. +func (b *TenantStatusApplyConfiguration) WithPools(values ...*PoolStatusApplyConfiguration) *TenantStatusApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithPools") + } + b.Pools = append(b.Pools, *values[i]) + } + return b +} + +// WithWriteQuorum sets the WriteQuorum field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the WriteQuorum field is set to the value of the last call. +func (b *TenantStatusApplyConfiguration) WithWriteQuorum(value int32) *TenantStatusApplyConfiguration { + b.WriteQuorum = &value + return b +} + +// WithDrivesOnline sets the DrivesOnline field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DrivesOnline field is set to the value of the last call. +func (b *TenantStatusApplyConfiguration) WithDrivesOnline(value int32) *TenantStatusApplyConfiguration { + b.DrivesOnline = &value + return b +} + +// WithDrivesOffline sets the DrivesOffline field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DrivesOffline field is set to the value of the last call. +func (b *TenantStatusApplyConfiguration) WithDrivesOffline(value int32) *TenantStatusApplyConfiguration { + b.DrivesOffline = &value + return b +} + +// WithDrivesHealing sets the DrivesHealing field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DrivesHealing field is set to the value of the last call. +func (b *TenantStatusApplyConfiguration) WithDrivesHealing(value int32) *TenantStatusApplyConfiguration { + b.DrivesHealing = &value + return b +} + +// WithHealthStatus sets the HealthStatus field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the HealthStatus field is set to the value of the last call. +func (b *TenantStatusApplyConfiguration) WithHealthStatus(value miniominiov2.HealthStatus) *TenantStatusApplyConfiguration { + b.HealthStatus = &value + return b +} + +// WithHealthMessage sets the HealthMessage field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the HealthMessage field is set to the value of the last call. +func (b *TenantStatusApplyConfiguration) WithHealthMessage(value string) *TenantStatusApplyConfiguration { + b.HealthMessage = &value + return b +} + +// WithWaitingOnReady sets the WaitingOnReady field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the WaitingOnReady field is set to the value of the last call. +func (b *TenantStatusApplyConfiguration) WithWaitingOnReady(value v1.Time) *TenantStatusApplyConfiguration { + b.WaitingOnReady = &value + return b +} + +// WithUsage sets the Usage field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Usage field is set to the value of the last call. +func (b *TenantStatusApplyConfiguration) WithUsage(value *TenantUsageApplyConfiguration) *TenantStatusApplyConfiguration { + b.Usage = value + return b +} + +// WithProvisionedUsers sets the ProvisionedUsers field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ProvisionedUsers field is set to the value of the last call. +func (b *TenantStatusApplyConfiguration) WithProvisionedUsers(value bool) *TenantStatusApplyConfiguration { + b.ProvisionedUsers = &value + return b +} + +// WithProvisionedBuckets sets the ProvisionedBuckets field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ProvisionedBuckets field is set to the value of the last call. +func (b *TenantStatusApplyConfiguration) WithProvisionedBuckets(value bool) *TenantStatusApplyConfiguration { + b.ProvisionedBuckets = &value + return b +} diff --git a/pkg/client/applyconfiguration/minio.min.io/v2/tenantusage.go b/pkg/client/applyconfiguration/minio.min.io/v2/tenantusage.go new file mode 100644 index 00000000000..a7ee20e2f24 --- /dev/null +++ b/pkg/client/applyconfiguration/minio.min.io/v2/tenantusage.go @@ -0,0 +1,80 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v2 + +// TenantUsageApplyConfiguration represents an declarative configuration of the TenantUsage type for use +// with apply. +type TenantUsageApplyConfiguration struct { + Capacity *int64 `json:"capacity,omitempty"` + RawCapacity *int64 `json:"rawCapacity,omitempty"` + Usage *int64 `json:"usage,omitempty"` + RawUsage *int64 `json:"rawUsage,omitempty"` + Tiers []TierUsageApplyConfiguration `json:"tiers,omitempty"` +} + +// TenantUsageApplyConfiguration constructs an declarative configuration of the TenantUsage type for use with +// apply. +func TenantUsage() *TenantUsageApplyConfiguration { + return &TenantUsageApplyConfiguration{} +} + +// WithCapacity sets the Capacity field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Capacity field is set to the value of the last call. +func (b *TenantUsageApplyConfiguration) WithCapacity(value int64) *TenantUsageApplyConfiguration { + b.Capacity = &value + return b +} + +// WithRawCapacity sets the RawCapacity field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the RawCapacity field is set to the value of the last call. +func (b *TenantUsageApplyConfiguration) WithRawCapacity(value int64) *TenantUsageApplyConfiguration { + b.RawCapacity = &value + return b +} + +// WithUsage sets the Usage field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Usage field is set to the value of the last call. +func (b *TenantUsageApplyConfiguration) WithUsage(value int64) *TenantUsageApplyConfiguration { + b.Usage = &value + return b +} + +// WithRawUsage sets the RawUsage field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the RawUsage field is set to the value of the last call. +func (b *TenantUsageApplyConfiguration) WithRawUsage(value int64) *TenantUsageApplyConfiguration { + b.RawUsage = &value + return b +} + +// WithTiers adds the given value to the Tiers field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Tiers field. +func (b *TenantUsageApplyConfiguration) WithTiers(values ...*TierUsageApplyConfiguration) *TenantUsageApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithTiers") + } + b.Tiers = append(b.Tiers, *values[i]) + } + return b +} diff --git a/pkg/client/applyconfiguration/minio.min.io/v2/tierusage.go b/pkg/client/applyconfiguration/minio.min.io/v2/tierusage.go new file mode 100644 index 00000000000..a6cac167924 --- /dev/null +++ b/pkg/client/applyconfiguration/minio.min.io/v2/tierusage.go @@ -0,0 +1,57 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v2 + +// TierUsageApplyConfiguration represents an declarative configuration of the TierUsage type for use +// with apply. +type TierUsageApplyConfiguration struct { + Name *string `json:"Name,omitempty"` + Type *string `json:"Type,omitempty"` + TotalSize *int64 `json:"totalSize,omitempty"` +} + +// TierUsageApplyConfiguration constructs an declarative configuration of the TierUsage type for use with +// apply. +func TierUsage() *TierUsageApplyConfiguration { + return &TierUsageApplyConfiguration{} +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *TierUsageApplyConfiguration) WithName(value string) *TierUsageApplyConfiguration { + b.Name = &value + return b +} + +// WithType sets the Type field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Type field is set to the value of the last call. +func (b *TierUsageApplyConfiguration) WithType(value string) *TierUsageApplyConfiguration { + b.Type = &value + return b +} + +// WithTotalSize sets the TotalSize field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TotalSize field is set to the value of the last call. +func (b *TierUsageApplyConfiguration) WithTotalSize(value int64) *TierUsageApplyConfiguration { + b.TotalSize = &value + return b +} diff --git a/pkg/client/applyconfiguration/utils.go b/pkg/client/applyconfiguration/utils.go new file mode 100644 index 00000000000..753bb05fd8d --- /dev/null +++ b/pkg/client/applyconfiguration/utils.go @@ -0,0 +1,87 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package applyconfiguration + +import ( + v2 "github.com/minio/operator/pkg/apis/minio.min.io/v2" + miniominiov2 "github.com/minio/operator/pkg/client/applyconfiguration/minio.min.io/v2" + schema "k8s.io/apimachinery/pkg/runtime/schema" +) + +// ForKind returns an apply configuration type for the given GroupVersionKind, or nil if no +// apply configuration type exists for the given GroupVersionKind. +func ForKind(kind schema.GroupVersionKind) interface{} { + switch kind { + // Group=minio.min.io, Version=v2 + case v2.SchemeGroupVersion.WithKind("AuditConfig"): + return &miniominiov2.AuditConfigApplyConfiguration{} + case v2.SchemeGroupVersion.WithKind("Bucket"): + return &miniominiov2.BucketApplyConfiguration{} + case v2.SchemeGroupVersion.WithKind("CertificateConfig"): + return &miniominiov2.CertificateConfigApplyConfiguration{} + case v2.SchemeGroupVersion.WithKind("CertificateStatus"): + return &miniominiov2.CertificateStatusApplyConfiguration{} + case v2.SchemeGroupVersion.WithKind("CustomCertificateConfig"): + return &miniominiov2.CustomCertificateConfigApplyConfiguration{} + case v2.SchemeGroupVersion.WithKind("CustomCertificates"): + return &miniominiov2.CustomCertificatesApplyConfiguration{} + case v2.SchemeGroupVersion.WithKind("ExposeServices"): + return &miniominiov2.ExposeServicesApplyConfiguration{} + case v2.SchemeGroupVersion.WithKind("Features"): + return &miniominiov2.FeaturesApplyConfiguration{} + case v2.SchemeGroupVersion.WithKind("KESConfig"): + return &miniominiov2.KESConfigApplyConfiguration{} + case v2.SchemeGroupVersion.WithKind("LocalCertificateReference"): + return &miniominiov2.LocalCertificateReferenceApplyConfiguration{} + case v2.SchemeGroupVersion.WithKind("LogConfig"): + return &miniominiov2.LogConfigApplyConfiguration{} + case v2.SchemeGroupVersion.WithKind("LogDbConfig"): + return &miniominiov2.LogDbConfigApplyConfiguration{} + case v2.SchemeGroupVersion.WithKind("Logging"): + return &miniominiov2.LoggingApplyConfiguration{} + case v2.SchemeGroupVersion.WithKind("Pool"): + return &miniominiov2.PoolApplyConfiguration{} + case v2.SchemeGroupVersion.WithKind("PoolStatus"): + return &miniominiov2.PoolStatusApplyConfiguration{} + case v2.SchemeGroupVersion.WithKind("PrometheusConfig"): + return &miniominiov2.PrometheusConfigApplyConfiguration{} + case v2.SchemeGroupVersion.WithKind("S3Features"): + return &miniominiov2.S3FeaturesApplyConfiguration{} + case v2.SchemeGroupVersion.WithKind("ServiceMetadata"): + return &miniominiov2.ServiceMetadataApplyConfiguration{} + case v2.SchemeGroupVersion.WithKind("SideCars"): + return &miniominiov2.SideCarsApplyConfiguration{} + case v2.SchemeGroupVersion.WithKind("Tenant"): + return &miniominiov2.TenantApplyConfiguration{} + case v2.SchemeGroupVersion.WithKind("TenantDomains"): + return &miniominiov2.TenantDomainsApplyConfiguration{} + case v2.SchemeGroupVersion.WithKind("TenantScheduler"): + return &miniominiov2.TenantSchedulerApplyConfiguration{} + case v2.SchemeGroupVersion.WithKind("TenantSpec"): + return &miniominiov2.TenantSpecApplyConfiguration{} + case v2.SchemeGroupVersion.WithKind("TenantStatus"): + return &miniominiov2.TenantStatusApplyConfiguration{} + case v2.SchemeGroupVersion.WithKind("TenantUsage"): + return &miniominiov2.TenantUsageApplyConfiguration{} + case v2.SchemeGroupVersion.WithKind("TierUsage"): + return &miniominiov2.TierUsageApplyConfiguration{} + + } + return nil +} diff --git a/pkg/client/clientset/versioned/clientset.go b/pkg/client/clientset/versioned/clientset.go index 3a3c4b5864c..db0cdd6f66a 100644 --- a/pkg/client/clientset/versioned/clientset.go +++ b/pkg/client/clientset/versioned/clientset.go @@ -35,8 +35,7 @@ type Interface interface { StsV1beta1() stsv1beta1.StsV1beta1Interface } -// Clientset contains the clients for groups. Each group has exactly one -// version included in a Clientset. +// Clientset contains the clients for groups. type Clientset struct { *discovery.DiscoveryClient minioV2 *miniov2.MinioV2Client diff --git a/pkg/client/clientset/versioned/typed/minio.min.io/v2/fake/fake_tenant.go b/pkg/client/clientset/versioned/typed/minio.min.io/v2/fake/fake_tenant.go index dae675fcdf0..bf97ed26612 100644 --- a/pkg/client/clientset/versioned/typed/minio.min.io/v2/fake/fake_tenant.go +++ b/pkg/client/clientset/versioned/typed/minio.min.io/v2/fake/fake_tenant.go @@ -20,11 +20,13 @@ package fake import ( "context" + json "encoding/json" + "fmt" v2 "github.com/minio/operator/pkg/apis/minio.min.io/v2" + miniominiov2 "github.com/minio/operator/pkg/client/applyconfiguration/minio.min.io/v2" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" @@ -36,9 +38,9 @@ type FakeTenants struct { ns string } -var tenantsResource = schema.GroupVersionResource{Group: "minio.min.io", Version: "v2", Resource: "tenants"} +var tenantsResource = v2.SchemeGroupVersion.WithResource("tenants") -var tenantsKind = schema.GroupVersionKind{Group: "minio.min.io", Version: "v2", Kind: "Tenant"} +var tenantsKind = v2.SchemeGroupVersion.WithKind("Tenant") // Get takes name of the tenant, and returns the corresponding tenant object, and an error if there is any. func (c *FakeTenants) Get(ctx context.Context, name string, options v1.GetOptions) (result *v2.Tenant, err error) { @@ -140,3 +142,48 @@ func (c *FakeTenants) Patch(ctx context.Context, name string, pt types.PatchType } return obj.(*v2.Tenant), err } + +// Apply takes the given apply declarative configuration, applies it and returns the applied tenant. +func (c *FakeTenants) Apply(ctx context.Context, tenant *miniominiov2.TenantApplyConfiguration, opts v1.ApplyOptions) (result *v2.Tenant, err error) { + if tenant == nil { + return nil, fmt.Errorf("tenant provided to Apply must not be nil") + } + data, err := json.Marshal(tenant) + if err != nil { + return nil, err + } + name := tenant.Name + if name == nil { + return nil, fmt.Errorf("tenant.Name must be provided to Apply") + } + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(tenantsResource, c.ns, *name, types.ApplyPatchType, data), &v2.Tenant{}) + + if obj == nil { + return nil, err + } + return obj.(*v2.Tenant), err +} + +// ApplyStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating ApplyStatus(). +func (c *FakeTenants) ApplyStatus(ctx context.Context, tenant *miniominiov2.TenantApplyConfiguration, opts v1.ApplyOptions) (result *v2.Tenant, err error) { + if tenant == nil { + return nil, fmt.Errorf("tenant provided to Apply must not be nil") + } + data, err := json.Marshal(tenant) + if err != nil { + return nil, err + } + name := tenant.Name + if name == nil { + return nil, fmt.Errorf("tenant.Name must be provided to Apply") + } + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(tenantsResource, c.ns, *name, types.ApplyPatchType, data, "status"), &v2.Tenant{}) + + if obj == nil { + return nil, err + } + return obj.(*v2.Tenant), err +} diff --git a/pkg/client/clientset/versioned/typed/minio.min.io/v2/tenant.go b/pkg/client/clientset/versioned/typed/minio.min.io/v2/tenant.go index 6fcfaf5d1b2..b26dd5906f4 100644 --- a/pkg/client/clientset/versioned/typed/minio.min.io/v2/tenant.go +++ b/pkg/client/clientset/versioned/typed/minio.min.io/v2/tenant.go @@ -20,9 +20,12 @@ package v2 import ( "context" + json "encoding/json" + "fmt" "time" v2 "github.com/minio/operator/pkg/apis/minio.min.io/v2" + miniominiov2 "github.com/minio/operator/pkg/client/applyconfiguration/minio.min.io/v2" scheme "github.com/minio/operator/pkg/client/clientset/versioned/scheme" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" types "k8s.io/apimachinery/pkg/types" @@ -47,6 +50,8 @@ type TenantInterface interface { List(ctx context.Context, opts v1.ListOptions) (*v2.TenantList, error) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v2.Tenant, err error) + Apply(ctx context.Context, tenant *miniominiov2.TenantApplyConfiguration, opts v1.ApplyOptions) (result *v2.Tenant, err error) + ApplyStatus(ctx context.Context, tenant *miniominiov2.TenantApplyConfiguration, opts v1.ApplyOptions) (result *v2.Tenant, err error) TenantExpansion } @@ -193,3 +198,59 @@ func (c *tenants) Patch(ctx context.Context, name string, pt types.PatchType, da Into(result) return } + +// Apply takes the given apply declarative configuration, applies it and returns the applied tenant. +func (c *tenants) Apply(ctx context.Context, tenant *miniominiov2.TenantApplyConfiguration, opts v1.ApplyOptions) (result *v2.Tenant, err error) { + if tenant == nil { + return nil, fmt.Errorf("tenant provided to Apply must not be nil") + } + patchOpts := opts.ToPatchOptions() + data, err := json.Marshal(tenant) + if err != nil { + return nil, err + } + name := tenant.Name + if name == nil { + return nil, fmt.Errorf("tenant.Name must be provided to Apply") + } + result = &v2.Tenant{} + err = c.client.Patch(types.ApplyPatchType). + Namespace(c.ns). + Resource("tenants"). + Name(*name). + VersionedParams(&patchOpts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} + +// ApplyStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating ApplyStatus(). +func (c *tenants) ApplyStatus(ctx context.Context, tenant *miniominiov2.TenantApplyConfiguration, opts v1.ApplyOptions) (result *v2.Tenant, err error) { + if tenant == nil { + return nil, fmt.Errorf("tenant provided to Apply must not be nil") + } + patchOpts := opts.ToPatchOptions() + data, err := json.Marshal(tenant) + if err != nil { + return nil, err + } + + name := tenant.Name + if name == nil { + return nil, fmt.Errorf("tenant.Name must be provided to Apply") + } + + result = &v2.Tenant{} + err = c.client.Patch(types.ApplyPatchType). + Namespace(c.ns). + Resource("tenants"). + Name(*name). + SubResource("status"). + VersionedParams(&patchOpts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/pkg/client/informers/externalversions/factory.go b/pkg/client/informers/externalversions/factory.go index 05b54fc5ac2..2263a2b8c6b 100644 --- a/pkg/client/informers/externalversions/factory.go +++ b/pkg/client/informers/externalversions/factory.go @@ -48,6 +48,11 @@ type sharedInformerFactory struct { // startedInformers is used for tracking which informers have been started. // This allows Start() to be called multiple times safely. startedInformers map[reflect.Type]bool + // wg tracks how many goroutines were started. + wg sync.WaitGroup + // shuttingDown is true when Shutdown has been called. It may still be running + // because it needs to wait for goroutines. + shuttingDown bool } // WithCustomResyncConfig sets a custom resync period for the specified informer types. @@ -108,20 +113,39 @@ func NewSharedInformerFactoryWithOptions(client versioned.Interface, defaultResy return factory } -// Start initializes all requested informers. func (f *sharedInformerFactory) Start(stopCh <-chan struct{}) { f.lock.Lock() defer f.lock.Unlock() + if f.shuttingDown { + return + } + for informerType, informer := range f.informers { if !f.startedInformers[informerType] { - go informer.Run(stopCh) + f.wg.Add(1) + // We need a new variable in each loop iteration, + // otherwise the goroutine would use the loop variable + // and that keeps changing. + informer := informer + go func() { + defer f.wg.Done() + informer.Run(stopCh) + }() f.startedInformers[informerType] = true } } } -// WaitForCacheSync waits for all started informers' cache were synced. +func (f *sharedInformerFactory) Shutdown() { + f.lock.Lock() + f.shuttingDown = true + f.lock.Unlock() + + // Will return immediately if there is nothing to wait for. + f.wg.Wait() +} + func (f *sharedInformerFactory) WaitForCacheSync(stopCh <-chan struct{}) map[reflect.Type]bool { informers := func() map[reflect.Type]cache.SharedIndexInformer { f.lock.Lock() @@ -168,11 +192,58 @@ func (f *sharedInformerFactory) InformerFor(obj runtime.Object, newFunc internal // SharedInformerFactory provides shared informers for resources in all known // API group versions. +// +// It is typically used like this: +// +// ctx, cancel := context.Background() +// defer cancel() +// factory := NewSharedInformerFactory(client, resyncPeriod) +// defer factory.WaitForStop() // Returns immediately if nothing was started. +// genericInformer := factory.ForResource(resource) +// typedInformer := factory.SomeAPIGroup().V1().SomeType() +// factory.Start(ctx.Done()) // Start processing these informers. +// synced := factory.WaitForCacheSync(ctx.Done()) +// for v, ok := range synced { +// if !ok { +// fmt.Fprintf(os.Stderr, "caches failed to sync: %v", v) +// return +// } +// } +// +// // Creating informers can also be created after Start, but then +// // Start must be called again: +// anotherGenericInformer := factory.ForResource(resource) +// factory.Start(ctx.Done()) type SharedInformerFactory interface { internalinterfaces.SharedInformerFactory - ForResource(resource schema.GroupVersionResource) (GenericInformer, error) + + // Start initializes all requested informers. They are handled in goroutines + // which run until the stop channel gets closed. + Start(stopCh <-chan struct{}) + + // Shutdown marks a factory as shutting down. At that point no new + // informers can be started anymore and Start will return without + // doing anything. + // + // In addition, Shutdown blocks until all goroutines have terminated. For that + // to happen, the close channel(s) that they were started with must be closed, + // either before Shutdown gets called or while it is waiting. + // + // Shutdown may be called multiple times, even concurrently. All such calls will + // block until all goroutines have terminated. + Shutdown() + + // WaitForCacheSync blocks until all started informers' caches were synced + // or the stop channel gets closed. WaitForCacheSync(stopCh <-chan struct{}) map[reflect.Type]bool + // ForResource gives generic access to a shared informer of the matching type. + ForResource(resource schema.GroupVersionResource) (GenericInformer, error) + + // InternalInformerFor returns the SharedIndexInformer for obj using an internal + // client. + InformerFor(obj runtime.Object, newFunc internalinterfaces.NewInformerFunc) cache.SharedIndexInformer + Minio() miniominio.Interface Sts() stsminio.Interface } From c3ea2ee670cc238a2cd27e0332b0de0469042948 Mon Sep 17 00:00:00 2001 From: Allan Roger Reid Date: Tue, 28 Feb 2023 14:19:03 -0800 Subject: [PATCH 18/47] Wording changes to PR#1473 (#1474) --- docs/operator-tls.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/operator-tls.md b/docs/operator-tls.md index c6c47b6b552..469ff1305fc 100644 --- a/docs/operator-tls.md +++ b/docs/operator-tls.md @@ -6,7 +6,7 @@ To configure MinIO Operator to trust custom certificates, create a secret with t kubectl create secret generic my-custom-tls -n minio-operator --from-file=path/to/public.crt ``` -then add the following volume to the `minio-operator` deployment under .spec.template.spec +Then, add the following volume to the `minio-operator` deployment under `.spec.template.spec`, ```yaml volumes: @@ -21,10 +21,10 @@ then add the following volume to the `minio-operator` deployment under .spec.tem name: my-custom-tls ``` -and for the `.spec.temaplte.spec.container[0]` +and the following under `.spec.template.spec.container[0]` ```yaml volumeMounts: - mountPath: /tmp/certs name: tls-certificates -``` \ No newline at end of file +``` From d866d5f330fcb7279cee7ac663456b7424c3e439 Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Tue, 28 Feb 2023 17:03:39 -0800 Subject: [PATCH 19/47] Fix tests workflow --- .../tenant-PolicyBinding/Makefile | 6 +++--- .../{ => setup-bucket}/iam-setup-bucket.yaml | 5 +++-- .../setup-bucket/kustomization.yaml | 4 ++++ .../tenant-PolicyBinding/sts-client.yaml | 2 +- testing/common.sh | 21 ++++++++++++------- .../setup-bucket/kustomization.yaml | 5 +++-- .../sts-client/kustomization.yaml | 2 +- .../tenant-certmanager/kustomization.yaml | 2 +- .../tenant-certmanager/tenantNamePatch.yaml | 2 +- .../tenant/kustomization.yaml | 2 +- .../tenant/tenantNamePatch.yaml | 2 +- testing/test-policy-binding+certmanager.sh | 18 ++++++++-------- testing/test-policy-binding.sh | 16 +++++++------- 13 files changed, 49 insertions(+), 38 deletions(-) rename examples/kustomization/tenant-PolicyBinding/{ => setup-bucket}/iam-setup-bucket.yaml (93%) create mode 100644 examples/kustomization/tenant-PolicyBinding/setup-bucket/kustomization.yaml diff --git a/examples/kustomization/tenant-PolicyBinding/Makefile b/examples/kustomization/tenant-PolicyBinding/Makefile index f2cab96cebc..9449ac64263 100644 --- a/examples/kustomization/tenant-PolicyBinding/Makefile +++ b/examples/kustomization/tenant-PolicyBinding/Makefile @@ -7,14 +7,14 @@ miniosdkgo: @cd miniosdk/go/ && \ go install && GOOS=linux GOARCH=amd64 go build -o client @cd miniosdk/go/ && \ - docker buildx build --platform=linux/amd64 -t minio/operator-sts-example:minio-go . + docker buildx build --platform=linux/amd64 -t minio/operator-sts-example:miniosdk-go . miniosdkjava: @cd miniosdk/java/ && \ mvn package @cd miniosdk/java/ && \ - docker buildx build --platform=linux/amd64 -t minio/operator-sts-example:minio-java . + docker buildx build --platform=linux/amd64 -t minio/operator-sts-example:miniosdk-java . awssdkpython: @cd awssdk/python/ && \ - docker buildx build --platform=linux/amd64 -t minio/operator-sts-example:aws-python . + docker buildx build --platform=linux/amd64 -t minio/operator-sts-example:awssdk-python . diff --git a/examples/kustomization/tenant-PolicyBinding/iam-setup-bucket.yaml b/examples/kustomization/tenant-PolicyBinding/setup-bucket/iam-setup-bucket.yaml similarity index 93% rename from examples/kustomization/tenant-PolicyBinding/iam-setup-bucket.yaml rename to examples/kustomization/tenant-PolicyBinding/setup-bucket/iam-setup-bucket.yaml index 5257ddac812..0260d534434 100644 --- a/examples/kustomization/tenant-PolicyBinding/iam-setup-bucket.yaml +++ b/examples/kustomization/tenant-PolicyBinding/setup-bucket/iam-setup-bucket.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: start-config-script + namespace: minio-tenant-1 data: setup.sh: | #!/bin/bash @@ -50,12 +51,12 @@ spec: - name: ACCESS_KEY valueFrom: secretKeyRef: - name: minio-tenant-1-user-0 + name: storage-user key: CONSOLE_ACCESS_KEY - name: SECRET_KEY valueFrom: secretKeyRef: - name: minio-tenant-1-user-0 + name: storage-user key: CONSOLE_SECRET_KEY - name: MC_HOST_local value: https://$(ACCESS_KEY):$(SECRET_KEY)@minio.minio-tenant-1.svc.cluster.local diff --git a/examples/kustomization/tenant-PolicyBinding/setup-bucket/kustomization.yaml b/examples/kustomization/tenant-PolicyBinding/setup-bucket/kustomization.yaml new file mode 100644 index 00000000000..c0c07c4cdaf --- /dev/null +++ b/examples/kustomization/tenant-PolicyBinding/setup-bucket/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - iam-setup-bucket.yaml \ No newline at end of file diff --git a/examples/kustomization/tenant-PolicyBinding/sts-client.yaml b/examples/kustomization/tenant-PolicyBinding/sts-client.yaml index 7ad29f0f6c2..d3a1d565e44 100644 --- a/examples/kustomization/tenant-PolicyBinding/sts-client.yaml +++ b/examples/kustomization/tenant-PolicyBinding/sts-client.yaml @@ -54,7 +54,7 @@ spec: serviceAccount: stsclient-sa containers: - name: sts-client - image: minio/operator-sts-example:minio-go + image: minio/operator-sts-example:miniosdk-go env: - name: MINIO_ENPOINT value: https://minio.minio-tenant-1.svc.cluster.local:9443 diff --git a/testing/common.sh b/testing/common.sh index 8b97ae487c2..3971798070e 100644 --- a/testing/common.sh +++ b/testing/common.sh @@ -278,17 +278,17 @@ function install_tenant() { echo "Installing lite tenant from current branch" try kubectl apply -k "${SCRIPT_DIR}/../testing/tenant-prometheus" - elif [ "$1" = "policyBinding" ]; then + elif [ "$1" = "policy-binding" ]; then namespace="minio-tenant-1" key=v1.min.io/tenant - value=storage-policyBinding + value=storage-policy-binding echo "Installing policyBinding tenant from current branch" try kubectl apply -k "${SCRIPT_DIR}/../testing/tenant-policyBinding/tenant" - elif [ "$1" = "policyBinding-cm" ]; then + elif [ "$1" = "policy-binding-cm" ]; then namespace="minio-tenant-1" key=v1.min.io/tenant - value=storage-policyBinding + value=storage-policy-binding echo "Installing policyBinding tenant with cert manager from current branch" try kubectl apply -k "${SCRIPT_DIR}/../testing/tenant-policyBinding/tenant-certmanager" @@ -325,17 +325,22 @@ function install_tenant() { } function setup_sts_bucket() { - try kubectl apply -k "${SCRIPT_DIR}/../examples/kustomization/tenant-policyBinding/iam-setup-bucket.yaml" + try kubectl apply -k "${SCRIPT_DIR}/tenant-policyBinding/setup-bucket" # TODO wait for job to end } function install_sts_client() { - client="$1" + # Definition of the sdk and client to test + client=$1 + IFS="-";declare -a CLIENTARR=($client) + sdk="${CLIENTARR[0]}" + lang="${CLIENTARR[1]}" + key=batch/v1 value=sts-example-job # Build and load client images - (cd "${SCRIPT_DIR}/../examples/kustomization/tenant-PolicyBinding" && make) + (cd "${SCRIPT_DIR}/../examples/kustomization/tenant-PolicyBinding" && make "${sdk}${lang}") try kind load docker-image "minio/operator-sts-example:${client}" client_namespace="sts-client" @@ -350,7 +355,7 @@ function install_sts_client() { fi fi - try kubectl apply -k "${SCRIPT_DIR}/../testing/tenant-policyBinding/sts-client" + try kubectl apply -k "${SCRIPT_DIR}/tenant-policyBinding/sts-client" # TODO wait for job to end } diff --git a/testing/tenant-policyBinding/setup-bucket/kustomization.yaml b/testing/tenant-policyBinding/setup-bucket/kustomization.yaml index 509c76282ea..0d965574527 100644 --- a/testing/tenant-policyBinding/setup-bucket/kustomization.yaml +++ b/testing/tenant-policyBinding/setup-bucket/kustomization.yaml @@ -1,5 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: minio-tenant-1 + resources: - - ../../../examples/kustomization/tenant-PolicyBinding/ \ No newline at end of file + - ../../../examples/kustomization/tenant-PolicyBinding/setup-bucket/ +namespace: minio-tenant-1 \ No newline at end of file diff --git a/testing/tenant-policyBinding/sts-client/kustomization.yaml b/testing/tenant-policyBinding/sts-client/kustomization.yaml index bc5d108b872..7ba4370a333 100644 --- a/testing/tenant-policyBinding/sts-client/kustomization.yaml +++ b/testing/tenant-policyBinding/sts-client/kustomization.yaml @@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ../../../examples/kustomization/tenant-PolicyBinding/ + - ../../../examples/kustomization/tenant-PolicyBinding/ \ No newline at end of file diff --git a/testing/tenant-policyBinding/tenant-certmanager/kustomization.yaml b/testing/tenant-policyBinding/tenant-certmanager/kustomization.yaml index 6f53adf1c55..22b040bab62 100644 --- a/testing/tenant-policyBinding/tenant-certmanager/kustomization.yaml +++ b/testing/tenant-policyBinding/tenant-certmanager/kustomization.yaml @@ -3,7 +3,7 @@ kind: Kustomization resources: - ../../../examples/kustomization/tenant-certmanager -namespace: tenant-policyBinding +namespace: minio-tenant-1 patchesJson6902: - target: group: minio.min.io diff --git a/testing/tenant-policyBinding/tenant-certmanager/tenantNamePatch.yaml b/testing/tenant-policyBinding/tenant-certmanager/tenantNamePatch.yaml index 419a10a4564..6bd6f932e67 100644 --- a/testing/tenant-policyBinding/tenant-certmanager/tenantNamePatch.yaml +++ b/testing/tenant-policyBinding/tenant-certmanager/tenantNamePatch.yaml @@ -1,3 +1,3 @@ - op: replace path: /metadata/name - value: storage-policyBinding \ No newline at end of file + value: storage-policy-binding \ No newline at end of file diff --git a/testing/tenant-policyBinding/tenant/kustomization.yaml b/testing/tenant-policyBinding/tenant/kustomization.yaml index 5b647412631..c50a1348188 100644 --- a/testing/tenant-policyBinding/tenant/kustomization.yaml +++ b/testing/tenant-policyBinding/tenant/kustomization.yaml @@ -3,7 +3,7 @@ kind: Kustomization resources: - ../../../examples/kustomization/tenant-lite -namespace: tenant-policyBinding +namespace: minio-tenant-1 patchesJson6902: - target: group: minio.min.io diff --git a/testing/tenant-policyBinding/tenant/tenantNamePatch.yaml b/testing/tenant-policyBinding/tenant/tenantNamePatch.yaml index 419a10a4564..6bd6f932e67 100644 --- a/testing/tenant-policyBinding/tenant/tenantNamePatch.yaml +++ b/testing/tenant-policyBinding/tenant/tenantNamePatch.yaml @@ -1,3 +1,3 @@ - op: replace path: /metadata/name - value: storage-policyBinding \ No newline at end of file + value: storage-policy-binding \ No newline at end of file diff --git a/testing/test-policy-binding+certmanager.sh b/testing/test-policy-binding+certmanager.sh index e6d982bda9a..451e9dc5074 100755 --- a/testing/test-policy-binding+certmanager.sh +++ b/testing/test-policy-binding+certmanager.sh @@ -27,23 +27,23 @@ function main() { install_operator - install_tenant "policyBinding-cm" + install_tenant "policy-binding-cm" - check_tenant_status minio-tenant-1 storage-policyBinding + check_tenant_status minio-tenant-1 storage-policy-binding setup_sts_bucket - # install_sts_client "minio-dotnet" "cm" + # install_sts_client "miniosdk-dotnet" - install_sts_client "minio-go" "cm" - - install_sts_client "minio-java" "cm" + install_sts_client "miniosdk-go" - # install_sts_client "minio-javascript" + # install_sts_client "miniosdk-java" - install_sts_client "minio-python" + # install_sts_client "miniosdk-javascript" - install_sts_client "aws-python" + # install_sts_client "miniosdk-python" + + # install_sts_client "awssdk-python" destroy_kind } diff --git a/testing/test-policy-binding.sh b/testing/test-policy-binding.sh index 62240793070..94d800dacca 100755 --- a/testing/test-policy-binding.sh +++ b/testing/test-policy-binding.sh @@ -27,23 +27,23 @@ function main() { install_operator - install_tenant "policyBinding" + install_tenant "policy-binding" - check_tenant_status tenant-policyBinding storage-policyBinding + check_tenant_status minio-tenant-1 storage-policy-binding setup_sts_bucket - # install_sts_client "minio-dotnet" + # install_sts_client "miniosdk-dotnet" - install_sts_client "minio-go" + install_sts_client "miniosdk-go" - install_sts_client "minio-java" + #install_sts_client "miniosdk-java" - # install_sts_client "minio-javascript" + # install_sts_client "miniosdk-javascript" - install_sts_client "minio-python" + #install_sts_client "miniosdk-python" - install_sts_client "aws-python" + #install_sts_client "awssdk-python" destroy_kind } From 497b0c88efe2b3610d5accf0d120554755e78712 Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Tue, 28 Feb 2023 17:37:12 -0800 Subject: [PATCH 20/47] Fix shellcheck --- .github/workflows/kubernetes-tests.yml | 12 ++++++------ testing/common.sh | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/kubernetes-tests.yml b/.github/workflows/kubernetes-tests.yml index c654e6fc537..25195b25618 100644 --- a/.github/workflows/kubernetes-tests.yml +++ b/.github/workflows/kubernetes-tests.yml @@ -252,11 +252,11 @@ jobs: - govet strategy: matrix: - go-version: [ 1.19.x ] + go-version: [ 1.20.x ] os: [ ubuntu-latest ] steps: - - uses: actions/checkout@v2 - - uses: actions/setup-go@v2 + - uses: actions/checkout@v3 + - uses: actions/setup-go@v3 with: go-version: ${{ matrix.go-version }} - name: Test PolicyBinding CRD and sts call on kind @@ -274,11 +274,11 @@ jobs: - govet strategy: matrix: - go-version: [ 1.19.x ] + go-version: [ 1.20.x ] os: [ ubuntu-latest ] steps: - - uses: actions/checkout@v2 - - uses: actions/setup-go@v2 + - uses: actions/checkout@v3 + - uses: actions/setup-go@v3 with: go-version: ${{ matrix.go-version }} - name: Test PolicyBinding CRD and sts call on kind with certmanager diff --git a/testing/common.sh b/testing/common.sh index 3971798070e..2ee957f78bc 100644 --- a/testing/common.sh +++ b/testing/common.sh @@ -332,7 +332,7 @@ function setup_sts_bucket() { function install_sts_client() { # Definition of the sdk and client to test client=$1 - IFS="-";declare -a CLIENTARR=($client) + IFS="-";declare -a CLIENTARR=("$client") sdk="${CLIENTARR[0]}" lang="${CLIENTARR[1]}" From ce46cd6d4d762636a664d1b7d52bff2d82d8196d Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Tue, 28 Feb 2023 18:03:04 -0800 Subject: [PATCH 21/47] fix workflow file --- .github/workflows/kubernetes-tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/kubernetes-tests.yml b/.github/workflows/kubernetes-tests.yml index 25195b25618..2e4efea6b01 100644 --- a/.github/workflows/kubernetes-tests.yml +++ b/.github/workflows/kubernetes-tests.yml @@ -263,7 +263,7 @@ jobs: run: | "${GITHUB_WORKSPACE}/testing/test-policy-binding.sh" - test-policy-binding: + test-policy-binding-cm: runs-on: ${{ matrix.os }} needs: - logsearch From c0e5021c5cdb609b4abf76436ebdb99d5665bbf3 Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Wed, 1 Mar 2023 01:48:04 -0800 Subject: [PATCH 22/47] Almost done with STS tests --- .github/workflows/kubernetes-tests.yml | 2 +- .../tenant-PolicyBinding/Makefile | 10 ++- .../awssdk/python/Dockerfile | 2 +- .../awssdk/python/main.py | 23 ++++--- .../tenant-PolicyBinding/sts-client.yaml | 9 ++- testing/common.sh | 63 ++++++++++++++++--- .../operator/deployment.yaml | 37 +++++++++++ .../operator/kustomization.yaml | 8 +++ .../tenant-policyBinding/sts-client/job.yaml | 11 ++++ .../sts-client/kustomization.yaml | 5 +- testing/test-policy-binding+certmanager.sh | 10 +-- testing/test-policy-binding.sh | 10 +-- 12 files changed, 152 insertions(+), 38 deletions(-) create mode 100644 testing/tenant-policyBinding/operator/deployment.yaml create mode 100644 testing/tenant-policyBinding/operator/kustomization.yaml create mode 100644 testing/tenant-policyBinding/sts-client/job.yaml diff --git a/.github/workflows/kubernetes-tests.yml b/.github/workflows/kubernetes-tests.yml index 2e4efea6b01..23713d8f568 100644 --- a/.github/workflows/kubernetes-tests.yml +++ b/.github/workflows/kubernetes-tests.yml @@ -263,7 +263,7 @@ jobs: run: | "${GITHUB_WORKSPACE}/testing/test-policy-binding.sh" - test-policy-binding-cm: + test-policy-binding-certmanager: runs-on: ${{ matrix.os }} needs: - logsearch diff --git a/examples/kustomization/tenant-PolicyBinding/Makefile b/examples/kustomization/tenant-PolicyBinding/Makefile index 9449ac64263..fce51e306a8 100644 --- a/examples/kustomization/tenant-PolicyBinding/Makefile +++ b/examples/kustomization/tenant-PolicyBinding/Makefile @@ -7,14 +7,18 @@ miniosdkgo: @cd miniosdk/go/ && \ go install && GOOS=linux GOARCH=amd64 go build -o client @cd miniosdk/go/ && \ - docker buildx build --platform=linux/amd64 -t minio/operator-sts-example:miniosdk-go . + docker buildx build -q --platform=linux/amd64 -t minio/operator-sts-example:miniosdk-go . miniosdkjava: @cd miniosdk/java/ && \ mvn package @cd miniosdk/java/ && \ - docker buildx build --platform=linux/amd64 -t minio/operator-sts-example:miniosdk-java . + docker buildx build -q --platform=linux/amd64 -t minio/operator-sts-example:miniosdk-java . awssdkpython: @cd awssdk/python/ && \ - docker buildx build --platform=linux/amd64 -t minio/operator-sts-example:awssdk-python . + docker buildx build -q --platform=linux/amd64 -t minio/operator-sts-example:awssdk-python . + +miniosdkpython: + @cd miniosdk/python/ && \ + docker buildx build -q --platform=linux/amd64 -t minio/operator-sts-example:miniosdk-python . \ No newline at end of file diff --git a/examples/kustomization/tenant-PolicyBinding/awssdk/python/Dockerfile b/examples/kustomization/tenant-PolicyBinding/awssdk/python/Dockerfile index e4eb92d406c..0d00f80fea3 100644 --- a/examples/kustomization/tenant-PolicyBinding/awssdk/python/Dockerfile +++ b/examples/kustomization/tenant-PolicyBinding/awssdk/python/Dockerfile @@ -6,7 +6,7 @@ RUN \ RUN mkdir app WORKDIR /app -COPY main.py /app/main.py COPY requirements.txt /app/requirements.txt RUN pip3 install -r requirements.txt +COPY main.py /app/main.py CMD ["python3", "/app/main.py"] diff --git a/examples/kustomization/tenant-PolicyBinding/awssdk/python/main.py b/examples/kustomization/tenant-PolicyBinding/awssdk/python/main.py index a9bc1727665..87e5d94e73b 100644 --- a/examples/kustomization/tenant-PolicyBinding/awssdk/python/main.py +++ b/examples/kustomization/tenant-PolicyBinding/awssdk/python/main.py @@ -1,8 +1,13 @@ import boto3 import os import sys +import logging from urllib.parse import urlparse +logging.basicConfig(format='%(message)s', level=logging.DEBUG) +logger = logging.getLogger() +logger.setLevel(logging.DEBUG) + sts_endpoint = os.getenv("STS_ENDPOINT") tenant_endpoint = os.getenv("MINIO_ENDPOINT") tenant_namespace = os.getenv("TENANT_NAMESPACE") @@ -10,27 +15,29 @@ bucket = os.getenv("BUCKET") policy_path = os.getenv("STS_POLICY") +role_arn = "arn:aws:iam::111111111:dummyroot" +role_session_name = "optional-session-name" +os.environ.setdefault('AWS_ROLE_ARN', role_arn) #In AWS SDK RoleArn parameter is mandatory + policy = None if policy_path is not None: with open(policy_path, "r") as f: policy = f.read() -stsUrl = urlparse(tenant_endpoint) -stsUrl.path = stsUrl.path + f"/{tenant_namespace}" - -sts = boto3.client('sts', endpoint_url=stsUrl.geturl(), verify=False) - with open(token_path, "r") as f: sa_jwt = f.read() -if sa_jwt is "" or sa_jwt is None: +if sa_jwt == "" or sa_jwt == None: print("Token is empty") sys.exit(1) +stsUrl = urlparse(f"{sts_endpoint}/{tenant_namespace}") + +sts = boto3.client('sts', endpoint_url=stsUrl.geturl(), verify=False) assumed_role_object = sts.assume_role_with_web_identity( - RoleArn='arn:aws:iam::111111111:root', #In AWS SDK RoleArn parameter is mandatory - RoleSessionName='optional-session-name', + RoleArn=role_arn, + RoleSessionName=role_session_name, Policy=policy, DurationSeconds=25536, WebIdentityToken=sa_jwt diff --git a/examples/kustomization/tenant-PolicyBinding/sts-client.yaml b/examples/kustomization/tenant-PolicyBinding/sts-client.yaml index d3a1d565e44..3acd35cf53c 100644 --- a/examples/kustomization/tenant-PolicyBinding/sts-client.yaml +++ b/examples/kustomization/tenant-PolicyBinding/sts-client.yaml @@ -31,11 +31,10 @@ data: { "Effect": "Allow", "Action": [ + "s3:GetBucketLocation", "s3:ListAllMyBuckets" ], - "Resource": [ - "*" - ] + "Resource": "arn:aws:s3:::*" } ] } @@ -56,10 +55,10 @@ spec: - name: sts-client image: minio/operator-sts-example:miniosdk-go env: - - name: MINIO_ENPOINT + - name: MINIO_ENDPOINT value: https://minio.minio-tenant-1.svc.cluster.local:9443 - name: STS_ENDPOINT - value: https://sts.minio-operator.svc.cluster.local:4223 + value: https://sts.minio-operator.svc.cluster.local:4223/sts - name: TENANT_NAMESPACE value: minio-tenant-1 - name: BUCKET diff --git a/testing/common.sh b/testing/common.sh index 2ee957f78bc..a7c92e1187d 100644 --- a/testing/common.sh +++ b/testing/common.sh @@ -78,6 +78,12 @@ function install_operator() { echo "key, value for pod selector in helm test" key=app.kubernetes.io/name value=operator + elif [ "$1" = "sts" ]; then + echo "Installing Current Operator with sts enabled" + try kubectl apply -k "${SCRIPT_DIR}/../testing/tenant-PolicyBinding/operator" + echo "key, value for pod selector in kustomize test" + key=name + value=minio-operator else echo "Installing Current Operator" # Created an overlay to use that image version from dev folder @@ -194,6 +200,36 @@ function wait_for_resource() { done } +function wait_for_resource_field_selector() { + # example 1 job: + # namespace="minio-tenant-1" + # codition="condition=Complete" + # selector="metadata.name=setup-bucket" + # wait_for_resource_field_selector $namespace job $condition $selector + # + # example 2 tenant: + # wait_for_resource_field_selector $namespace job $condition $selector + # condition=jsonpath='{.status.currentState}'=Initialized + # selector="metadata.name=storage-policy-binding" + # wait_for_resource_field_selector $namespace tenant $condition $selector 900s + + namespace=$1 + resourcetype=$2 + condition=$3 + fieldselector=$4 + if [ $# -ge 5 ]; then + timeout="$5" + else + timeout="600s" + fi + + echo "Waiting for $resourcetype \"$fieldselector\" for \"$condition\" ($timeout timeout)" + kubectl wait -n "$namespace" "$resourcetype" \ + --for=$condition \ + --field-selector $fieldselector \ + --timeout="$timeout" +} + function check_tenant_status() { # Check MinIO is accessible key=v1.min.io/tenant @@ -326,22 +362,25 @@ function install_tenant() { function setup_sts_bucket() { try kubectl apply -k "${SCRIPT_DIR}/tenant-policyBinding/setup-bucket" - # TODO wait for job to end + namespace="minio-tenant-1" + condition="condition=Complete" + selector="metadata.name=setup-bucket" + try wait_for_resource_field_selector $namespace job $condition $selector } function install_sts_client() { # Definition of the sdk and client to test - client=$1 - IFS="-";declare -a CLIENTARR=("$client") + + OLDIFS=$IFS + # shellcheck disable=SC2206 + IFS="-"; declare -a CLIENTARR=($1) sdk="${CLIENTARR[0]}" lang="${CLIENTARR[1]}" - - key=batch/v1 - value=sts-example-job + IFS=$OLDIFS # Build and load client images (cd "${SCRIPT_DIR}/../examples/kustomization/tenant-PolicyBinding" && make "${sdk}${lang}") - try kind load docker-image "minio/operator-sts-example:${client}" + try kind load docker-image "minio/operator-sts-example:$1" client_namespace="sts-client" tenant_namespace="minio-tenant-1" @@ -355,8 +394,14 @@ function install_sts_client() { fi fi - try kubectl apply -k "${SCRIPT_DIR}/tenant-policyBinding/sts-client" - # TODO wait for job to end + echo "install sts client job for $1" + yq -i ".spec.template.spec.containers[0].image |= (\"minio/operator-sts-example:$1\")" "${SCRIPT_DIR}/tenant-policyBinding/sts-client/job.yaml" + kubectl apply -k "${SCRIPT_DIR}/tenant-policyBinding/sts-client" + condition="condition=Complete" + selector="metadata.name=sts-example-job" + wait_for_resource_field_selector $client_namespace job $condition $selector 30s + echo "removing client $1" + kubectl delete -k "${SCRIPT_DIR}/tenant-policyBinding/sts-client" } # Port forward diff --git a/testing/tenant-policyBinding/operator/deployment.yaml b/testing/tenant-policyBinding/operator/deployment.yaml new file mode 100644 index 00000000000..4d9efba3ec4 --- /dev/null +++ b/testing/tenant-policyBinding/operator/deployment.yaml @@ -0,0 +1,37 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: minio-operator + namespace: minio-operator +spec: + replicas: 2 + selector: + matchLabels: + name: minio-operator + template: + metadata: + labels: + name: minio-operator + spec: + serviceAccountName: minio-operator + containers: + - name: minio-operator + image: minio/operator:noop + imagePullPolicy: IfNotPresent + env: + - name: MINIO_CONSOLE_TLS_ENABLE + value: "off" + - name: OPERATOR_STS_ENABLED + value: "on" + securityContext: + runAsNonRoot: true + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - minio-operator + topologyKey: kubernetes.io/hostname diff --git a/testing/tenant-policyBinding/operator/kustomization.yaml b/testing/tenant-policyBinding/operator/kustomization.yaml new file mode 100644 index 00000000000..3d6120bbe14 --- /dev/null +++ b/testing/tenant-policyBinding/operator/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +bases: + - ../../../resources + +patchesStrategicMerge: + - deployment.yaml diff --git a/testing/tenant-policyBinding/sts-client/job.yaml b/testing/tenant-policyBinding/sts-client/job.yaml new file mode 100644 index 00000000000..e3ad07b1364 --- /dev/null +++ b/testing/tenant-policyBinding/sts-client/job.yaml @@ -0,0 +1,11 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: sts-example-job + namespace: sts-client +spec: + template: + spec: + containers: + - name: sts-client + image: minio/operator-sts-example:awssdk-python diff --git a/testing/tenant-policyBinding/sts-client/kustomization.yaml b/testing/tenant-policyBinding/sts-client/kustomization.yaml index 7ba4370a333..9cfa7a7b2aa 100644 --- a/testing/tenant-policyBinding/sts-client/kustomization.yaml +++ b/testing/tenant-policyBinding/sts-client/kustomization.yaml @@ -2,4 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ../../../examples/kustomization/tenant-PolicyBinding/ \ No newline at end of file + - ../../../examples/kustomization/tenant-PolicyBinding/ + +patchesStrategicMerge: + - job.yaml diff --git a/testing/test-policy-binding+certmanager.sh b/testing/test-policy-binding+certmanager.sh index 451e9dc5074..d69409c5a8e 100755 --- a/testing/test-policy-binding+certmanager.sh +++ b/testing/test-policy-binding+certmanager.sh @@ -25,7 +25,7 @@ function main() { setup_kind - install_operator + install_operator "sts" install_tenant "policy-binding-cm" @@ -33,17 +33,17 @@ function main() { setup_sts_bucket - # install_sts_client "miniosdk-dotnet" + #install_sts_client "miniosdk-dotnet" install_sts_client "miniosdk-go" - # install_sts_client "miniosdk-java" + #install_sts_client "miniosdk-java" # install_sts_client "miniosdk-javascript" - # install_sts_client "miniosdk-python" + #install_sts_client "miniosdk-python" - # install_sts_client "awssdk-python" + install_sts_client "awssdk-python" destroy_kind } diff --git a/testing/test-policy-binding.sh b/testing/test-policy-binding.sh index 94d800dacca..4c50ab7ce8b 100755 --- a/testing/test-policy-binding.sh +++ b/testing/test-policy-binding.sh @@ -25,7 +25,7 @@ function main() { setup_kind - install_operator + install_operator "sts" install_tenant "policy-binding" @@ -33,7 +33,7 @@ function main() { setup_sts_bucket - # install_sts_client "miniosdk-dotnet" + #install_sts_client "miniosdk-dotnet" install_sts_client "miniosdk-go" @@ -41,11 +41,11 @@ function main() { # install_sts_client "miniosdk-javascript" - #install_sts_client "miniosdk-python" + install_sts_client "miniosdk-python" - #install_sts_client "awssdk-python" + install_sts_client "awssdk-python" - destroy_kind + #destroy_kind } main "$@" From 829168c1fba4fafcb04c742a6b4da5b4f886e2b1 Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Wed, 1 Mar 2023 02:00:41 -0800 Subject: [PATCH 23/47] =?UTF-8?q?unit=20tests=20=F0=9F=8E=89?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Bugfix: ValueError when duration is empty * Added miniosdk python STS client example to unit tests --- .github/workflows/shellcheck.yaml | 2 +- .../tenant-PolicyBinding/Makefile | 8 + .../awssdk/python/main.py | 22 +- .../miniosdk/dotnet/Dockerfile | 18 + .../miniosdk/dotnet/Program.cs | 96 + .../miniosdk/dotnet/dotnet.csproj | 14 + ...CoreApp,Version=v7.0.AssemblyAttributes.cs | 4 + .../obj/Debug/net7.0/dotnet.AssemblyInfo.cs | 22 + .../net7.0/dotnet.AssemblyInfoInputs.cache | 1 + ....GeneratedMSBuildEditorConfig.editorconfig | 11 + .../obj/Debug/net7.0/dotnet.GlobalUsings.g.cs | 8 + .../obj/Debug/net7.0/dotnet.assets.cache | Bin 0 -> 20251 bytes .../dotnet.csproj.AssemblyReference.cache | Bin 0 -> 75579 bytes .../obj/dotnet.csproj.nuget.dgspec.json | 67 + .../dotnet/obj/dotnet.csproj.nuget.g.props | 15 + .../dotnet/obj/dotnet.csproj.nuget.g.targets | 2 + .../miniosdk/dotnet/obj/project.assets.json | 3454 +++++++++++++++++ .../miniosdk/dotnet/obj/project.nuget.cache | 67 + .../tenant-PolicyBinding/miniosdk/go/main.go | 125 +- .../java/operator/sts/OperatorSTSExample.java | 16 + .../miniosdk/python/main.py | 71 +- .../tenant-PolicyBinding/sts-client.yaml | 4 +- pkg/controller/cluster/http_handlers.go | 24 +- testing/common.sh | 18 +- .../tenant-policyBinding/sts-client/job.yaml | 2 +- testing/test-policy-binding+certmanager.sh | 2 +- testing/test-policy-binding.sh | 2 +- 27 files changed, 3990 insertions(+), 85 deletions(-) create mode 100644 examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/Dockerfile create mode 100644 examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/Program.cs create mode 100644 examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/dotnet.csproj create mode 100644 examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/Debug/net7.0/.NETCoreApp,Version=v7.0.AssemblyAttributes.cs create mode 100644 examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/Debug/net7.0/dotnet.AssemblyInfo.cs create mode 100644 examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/Debug/net7.0/dotnet.AssemblyInfoInputs.cache create mode 100644 examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/Debug/net7.0/dotnet.GeneratedMSBuildEditorConfig.editorconfig create mode 100644 examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/Debug/net7.0/dotnet.GlobalUsings.g.cs create mode 100644 examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/Debug/net7.0/dotnet.assets.cache create mode 100644 examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/Debug/net7.0/dotnet.csproj.AssemblyReference.cache create mode 100644 examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/dotnet.csproj.nuget.dgspec.json create mode 100644 examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/dotnet.csproj.nuget.g.props create mode 100644 examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/dotnet.csproj.nuget.g.targets create mode 100644 examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/project.assets.json create mode 100644 examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/project.nuget.cache diff --git a/.github/workflows/shellcheck.yaml b/.github/workflows/shellcheck.yaml index a0262ff2fe5..9d69be42d68 100644 --- a/.github/workflows/shellcheck.yaml +++ b/.github/workflows/shellcheck.yaml @@ -17,7 +17,7 @@ jobs: - name: Run ShellCheck uses: ludeeus/action-shellcheck@master env: - SHELLCHECK_OPTS: -e SC2046 -e SC1091 -e SC2086 -e SC2090 -e SC2089 -e SC2006 + SHELLCHECK_OPTS: -e SC2046 -e SC1091 -e SC2086 -e SC2090 -e SC2089 -e SC2006 -e SC2206 - name: Run nancy vulnerability report run: | nancy_version=$(curl --retry 10 -Ls -o /dev/null -w "%{url_effective}" https://github.com/sonatype-nexus-community/nancy/releases/latest | sed "s/https:\/\/github.com\/sonatype-nexus-community\/nancy\/releases\/tag\///") diff --git a/examples/kustomization/tenant-PolicyBinding/Makefile b/examples/kustomization/tenant-PolicyBinding/Makefile index fce51e306a8..34a7898cedf 100644 --- a/examples/kustomization/tenant-PolicyBinding/Makefile +++ b/examples/kustomization/tenant-PolicyBinding/Makefile @@ -3,6 +3,10 @@ all: build build: miniosdkgo miniosdkjava awssdkpython +miniosdkdotnet: + @cd miniosdk/dotnet/ && \ + docker buildx build -q --platform=linux/amd64 -t minio/operator-sts-example:miniosdk-dotnet . + miniosdkgo: @cd miniosdk/go/ && \ go install && GOOS=linux GOARCH=amd64 go build -o client @@ -15,6 +19,10 @@ miniosdkjava: @cd miniosdk/java/ && \ docker buildx build -q --platform=linux/amd64 -t minio/operator-sts-example:miniosdk-java . +miniosdkjavascript: + @cd miniosdk/javascript/ && \ + docker buildx build -q --platform=linux/amd64 -t minio/operator-sts-example:miniosdk-javascript . + awssdkpython: @cd awssdk/python/ && \ docker buildx build -q --platform=linux/amd64 -t minio/operator-sts-example:awssdk-python . diff --git a/examples/kustomization/tenant-PolicyBinding/awssdk/python/main.py b/examples/kustomization/tenant-PolicyBinding/awssdk/python/main.py index 87e5d94e73b..1f0da3cd999 100644 --- a/examples/kustomization/tenant-PolicyBinding/awssdk/python/main.py +++ b/examples/kustomization/tenant-PolicyBinding/awssdk/python/main.py @@ -1,13 +1,25 @@ +# -*- coding: utf-8 -*- +# This file is part of MinIO Operator +# Copyright (c) 2023 MinIO, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . + import boto3 import os import sys -import logging from urllib.parse import urlparse -logging.basicConfig(format='%(message)s', level=logging.DEBUG) -logger = logging.getLogger() -logger.setLevel(logging.DEBUG) - sts_endpoint = os.getenv("STS_ENDPOINT") tenant_endpoint = os.getenv("MINIO_ENDPOINT") tenant_namespace = os.getenv("TENANT_NAMESPACE") diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/Dockerfile b/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/Dockerfile new file mode 100644 index 00000000000..8ecf234a3ac --- /dev/null +++ b/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/Dockerfile @@ -0,0 +1,18 @@ +FROM ubuntu:22.10 + +RUN apt-get update && \ + apt-get install -y apt-transport-https \ + dotnet-sdk-7.0 curl ca-certificates + +RUN curl https://packages.microsoft.com/config/ubuntu/22.10/packages-microsoft-prod.deb --output packages-microsoft-prod.deb && \ + dpkg -i packages-microsoft-prod.deb && \ + rm packages-microsoft-prod.deb + + +RUN mkdir app +WORKDIR /app +COPY obj/ /app +COPY dotnet.csproj /app +COPY Program.cs /app +RUN dotnet publish +CMD ["/app/bin/Debug/net7.0/dotnet"] diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/Program.cs b/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/Program.cs new file mode 100644 index 00000000000..0d688c44c47 --- /dev/null +++ b/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/Program.cs @@ -0,0 +1,96 @@ +// This file is part of MinIO Operator +// Copyright (c) 2023 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +using System; +using Minio; +using Minio.Exceptions; +using Minio.DataModel; +using System.Threading.Tasks; +using System.IO; + +namespace sts +{ + class Example + { + static void Main(string[] args) + { + var tenantEndpoint = Environment.GetEnvironmentVariable("MINIO_ENDPOINT"); + var stsEndpoint = Environment.GetEnvironmentVariable("STS_ENDPOINT"); + var tenantNamespace = Environment.GetEnvironmentVariable("TENANT_NAMESPACE"); + var bucketName = Environment.GetEnvironmentVariable("BUCKET"); + var kubeRootCAPath = Environment.GetEnvironmentVariable("KUBERNETES_CA_PATH"); + var stsCAPath = Environment.GetEnvironmentVariable("STS_CA_PATH"); + + string caFile; + + if (FileExists(stsCAPath)) + { + caFile = stsCAPath; + } + else + { + caFile = kubeRootCAPath; + } + + try { + HttpClient client = new HttpClient(); + client. + + Minio.Credentials.ClientProvider credentialsProvider = new Minio.Credentials.WebIdentityProvider(); + var credentials = credentialsProvider.GetCredentials(); + System.Console.WriteLine($"AccessKey: ${credentials.AccessKey}"); + System.Console.WriteLine($"AccessKey: ${credentials.SecretKey}"); + System.Console.WriteLine($"AccessKey: ${credentials.SessionToken}"); + + var minio = new MinioClient().WithCredentialsProvider(credentialsProvider) + .WithEndpoint(tenantEndpoint) + .WithHttpClient() + .WithSSL() + .Build(); + FileUpload.Run(minio).Wait(); + } + catch (Exception ex) + { + Console.WriteLine(ex.Message); + } + Console.ReadLine(); + + + } + + + private byte[] GetFile(string? path) + { + if (!FileExists(path)) + { + throw new Exception($"File {path} not found"); + } + + + + + } + + private static bool FileExists(string? path) + { + if (String.IsNullOrEmpty(path)) + { + return false; + } + return false; + } + } +} diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/dotnet.csproj b/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/dotnet.csproj new file mode 100644 index 00000000000..54f0ad7a922 --- /dev/null +++ b/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/dotnet.csproj @@ -0,0 +1,14 @@ + + + + Exe + net7.0 + enable + enable + + + + + + + diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/Debug/net7.0/.NETCoreApp,Version=v7.0.AssemblyAttributes.cs b/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/Debug/net7.0/.NETCoreApp,Version=v7.0.AssemblyAttributes.cs new file mode 100644 index 00000000000..d69481d3537 --- /dev/null +++ b/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/Debug/net7.0/.NETCoreApp,Version=v7.0.AssemblyAttributes.cs @@ -0,0 +1,4 @@ +// +using System; +using System.Reflection; +[assembly: global::System.Runtime.Versioning.TargetFrameworkAttribute(".NETCoreApp,Version=v7.0", FrameworkDisplayName = ".NET 7.0")] diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/Debug/net7.0/dotnet.AssemblyInfo.cs b/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/Debug/net7.0/dotnet.AssemblyInfo.cs new file mode 100644 index 00000000000..4f350fedd42 --- /dev/null +++ b/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/Debug/net7.0/dotnet.AssemblyInfo.cs @@ -0,0 +1,22 @@ +//------------------------------------------------------------------------------ +// +// This code was generated by a tool. +// +// Changes to this file may cause incorrect behavior and will be lost if +// the code is regenerated. +// +//------------------------------------------------------------------------------ + +using System; +using System.Reflection; + +[assembly: System.Reflection.AssemblyCompanyAttribute("dotnet")] +[assembly: System.Reflection.AssemblyConfigurationAttribute("Debug")] +[assembly: System.Reflection.AssemblyFileVersionAttribute("1.0.0.0")] +[assembly: System.Reflection.AssemblyInformationalVersionAttribute("1.0.0")] +[assembly: System.Reflection.AssemblyProductAttribute("dotnet")] +[assembly: System.Reflection.AssemblyTitleAttribute("dotnet")] +[assembly: System.Reflection.AssemblyVersionAttribute("1.0.0.0")] + +// Generated by the MSBuild WriteCodeFragment class. + diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/Debug/net7.0/dotnet.AssemblyInfoInputs.cache b/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/Debug/net7.0/dotnet.AssemblyInfoInputs.cache new file mode 100644 index 00000000000..69a0a5511a6 --- /dev/null +++ b/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/Debug/net7.0/dotnet.AssemblyInfoInputs.cache @@ -0,0 +1 @@ +4faa9a363e31d0c2bd9f439633cabaadb37bfe7a diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/Debug/net7.0/dotnet.GeneratedMSBuildEditorConfig.editorconfig b/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/Debug/net7.0/dotnet.GeneratedMSBuildEditorConfig.editorconfig new file mode 100644 index 00000000000..9f7cbca7213 --- /dev/null +++ b/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/Debug/net7.0/dotnet.GeneratedMSBuildEditorConfig.editorconfig @@ -0,0 +1,11 @@ +is_global = true +build_property.TargetFramework = net7.0 +build_property.TargetPlatformMinVersion = +build_property.UsingMicrosoftNETSdkWeb = +build_property.ProjectTypeGuids = +build_property.InvariantGlobalization = +build_property.PlatformNeutralAssembly = +build_property.EnforceExtendedAnalyzerRules = +build_property._SupportedPlatformList = Linux,macOS,Windows +build_property.RootNamespace = dotnet +build_property.ProjectDir = /Users/pedro/github.com/minio/operator/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/ diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/Debug/net7.0/dotnet.GlobalUsings.g.cs b/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/Debug/net7.0/dotnet.GlobalUsings.g.cs new file mode 100644 index 00000000000..8578f3d03de --- /dev/null +++ b/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/Debug/net7.0/dotnet.GlobalUsings.g.cs @@ -0,0 +1,8 @@ +// +global using global::System; +global using global::System.Collections.Generic; +global using global::System.IO; +global using global::System.Linq; +global using global::System.Net.Http; +global using global::System.Threading; +global using global::System.Threading.Tasks; diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/Debug/net7.0/dotnet.assets.cache b/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/Debug/net7.0/dotnet.assets.cache new file mode 100644 index 0000000000000000000000000000000000000000..a787e093f46abe6a1599deca197d519fbb9911ee GIT binary patch literal 20251 zcmd5^S##XR5tbuTGA-+*Wm%R)Q?f2c7FJ7Al&{E9mXt(Eq$rY>uUIj-3zD#wzy`od zTsw#FBe(3>&h?U{@|H>-@{pt|6;~codCWgZ@=H?b1~7xhUYnlJaNJ7EXgGF7v)apsS83_>oBFchR_acDbVReDsH%-w!7 zr&|r(X<$*!uQD^apf#G!jUnf|;NLF*;d38QKhR{Vq*c>0?aG*TN;@NyGL5gPgiXK^ zC2R&l33mg%kSf74ZhN-n+Do4Hifdby>L>`S%7o2CH7`L;Ds}+GpxAqWQ0x|9iV9Zf%EGci4 z$(w?qw)ePCQygJoj7f3`627yq6`+%WR z0P?8(z3}{OF8OWCGgl3jp}AAd1@)-R2Sb_6!u#NPxeJ-v3iSSF*vJxx<_^YWUkvI~ z9rlMhFz-G9&mY{CM+w)cw;j{#XmzL4^6X_tZ>@ARy}4{d>B?&0dJ?V1nH$VA1~tmy z9A`k)91_%g2%g_5p{8Ng?S^SB`^_d%lABJhE|F+*>1z^2F_8beuD^aGaKRyQ?k3ns=MXY>IuiWHf9? z*G5Kr%5AI+x7|#)7$($uNcu)&3jnNAl~<7)y7YSuvX0nXc6$tgbLt?M3J% zZLJC`@KR2gU^w1;h6P%JK;9Mh^_tym8n9x7JpsD%fn>2(vn^O`IELk6jR(RS6Q;gw z*{)~SU2VcxY%k->hh;B$#d*8!)cqdwprqb{qt{`yMmG0_uP-$1MZIah3Zs*4;fo>J z3$3O%4cv+O2p*DFnOyUri!qb~VV$X~R2u9&&YMjmc!w_-tJn)In%S|=mXH-LY4Le` z_)JHY-J~r3HLJ~5#>jzzXJs(52dsC7Z03xmu*tCc{zR#u;V`e@`u2CVIV1RMTDM?- z>mZkHtWq#bVA0-qkrp@M{leRDb&DUeMw$y}oGHsQ9J@7dIJeBY;WyGA;p>_9s^Neq z;pfM~cZxxmuTZfr!zQm=3%n_#lIzdOM^dG-g$c?$oLZA~v2-ADM>v_vR9v5-8q7^% z3nzTBBV@(bGg!!)ix+DCA_rd`6zd1Cg!X36cU^C`jfHkN^I?Qzi@zR$wLAnZFv9Ug zAdE|#0K&M$qd+HtG@uI5DWED4etRHwuLBkQjemM*p{wZ3+G-Own)sv9nI1%C2xl6V zS+8ge5l5pj>85hKiNX*GGz#;7h=UNxG!D|^_y>_f;~%;9Hn6ksqbx<@9z-sUd#p>m zgUF)sj$HdEwk9eX=OD6aoa6HlI3TJG!$^Q50)}8dk2`UqD&2|a^3pOpa3YuPz;k&{ z*_}6$O?TeVLcN|2AXtxsHU8*yfH6><%0_@jfyRJN1C0Y==AZ}D1(8gr3zUpOe3|6O zpnSci6QT~CPEZ{T?#tA99Ln3N^LIGi)T1qiR_A+(F!(3rQmPt{$B>-~*@9qLhBX<6 zTUg&kO`lX~`V^GEkt@p9;CmH_|3rWL>*h>_V>=@Laj@y3YJW*k`>aCkr=h%)$H0&i zT7r#BXzmtIC}e7^+SpKSzbt5bPND5rpgh+M?WYPbGs3eIELBj|czBv+2v}3s1T7{M zT1@8Eg3aLZq=h0+!nC041avselgPTpc__~{LNhIjtRqNApz8?K3-c#3y)Hnxna88p z+;4^ZvP@56dp)+1qaJh-q|$CWrO@sYl)sg$o4PD{5zBtq7)5iNDqXp6$v2DP#*Hd| zSy23nLh)%R?`g6@Jt)d`kM@#O{X>HKGYa)F2=Zbcui*2#%EWx^j<%V^OJ@art||1H zgL2Hq{W0Aan2$D60@~q_nC&kkm5`lVq5LXA5IH@2G7|*PnFF~tPT=^P2SUeR0K#th z3=nq9>p*l#f#uHvJqPqW&sX z_|jl)8TdZKa`3+fFev<&;aLVB%Mrc~gzy)E{+6%x{ShxMZ&1Vp38v-DPzN~F3=Mde znE}hu3>Y6qGb{mhYX()aqm&sK({g6OxHdJz3OviqfaPcg69~=l3ecZ&dP7=PCDjBv zX0pOTosWaDBuzKq{d|ws=)f$-M#7tb0@1UB4wyxhp~rGWzY2utG3fu7^+xYIe7J5P z^FU$zY$AwRzy>6={W0h)vjCQh7WhLx3#jv8sg19IA93rZ?HTrH62ztrH z8~`>wCYwIX2RtilR|LMuvz!sy0EQaj7Cg&ZAIs4Qw}H?IYd~EZL6vDNV+6*toDn(z zh8p2jc$OIf%h3q00ihAT0o1h-9IFWvpW^u5w#+s0+$RaY#B#4B8H76wHmtt^N+B3FtiK6=BN#DehUEz6 zEg%H*Hqg601#{c9dW_{A&{2j3%Mr`FK#1i%pj=T=@kDBn9d#@6cHp~JmPn>{-wra- z?mK|`fZhj^>5Ap3>jyy0?n`-gdMaJh&74Qo?i*wVV8e36_B|kMhVKJ?x-QrW3e~v#hDGTx_cMOZcG#PLVds zK=Y9T4VL$`aopgt0G#zrZyX-wl6R+?>)$0{gT#+PP1-mgE8t)`!l83ysm4jdkv2{_ zG@mHYU^$|pv*br5TunSjT&jiGX&%~#hCx}{OrOHDtPf$i*i0X;1F#}(l?T^P6u7Wl zY_K~eaM4|5W{=7k#M!2jtUSfg{7)6IupD9070|Csz)~H!Pxr?ReB$vg>X(N>dFq!x zQvk(s5$Lbh5vbHZdx-Pr3Y=JuIO&uOkN)o$@ZW7S?F)uC8(iI+YDA~;2kDFJaM=$I zgZBIP`L@pL-pZ5}elsj2UlO>&hHEOUhQ^{%2!H6QA(`pH)O@@*}D~i|V84EaJ&0rUg5_+V9^(8wxQi@~iAD zBm2ld@_IsIr}^LjTdW?cFC1SzlF(Ro6O5gSoC`Xy79L?enfRDnOsI*H(+_z@`-Za# zt{I&r`V__FJD&PfLI_t~zE+_#MmmzHm6J#^ghZbrlI~8rP9zW&xXQ%bD|S@&M1nJi z5vzwfGf#=qn*Qn86i*RqB9p!uebv|;jy!`??$m0lY1U1z*_kkwOv`BWpVynNaW|gM zZr(B)eG5+8=)n2X+A5+VY1`lW{ zK6vr#iBQ@1F52RhQ2h_fZIlJsnu}q zrN=S&1+v&Fg(9~Y*##}P5@S^?w$CmWDwu7JiAZ3Oo?S@wtkBhy7)qR4NMeXF;~4zX z>TusVtYpj%amsn|$Cb=4U1wANHq&fV|evj^-GJtNSY{q>b2bkn^PgKN)4NXjO zmouu!t%zM+`yj`l;U)xE*Pxb+H;$dBV;FC=*6$?QCHMCA0$Y~$e-?%v^v zr^N}L;00Sas}jl+QIi+XNE5$NFzLfgOO4Bt#;^G5Po*nvk%qH)Yy{q8yi!JjhX!G? zK#W(||7pOjr0Y+)MvFTbLQ7^oBkT%Z8=;&zaAs;-zQ&FRJ|gXS0QkQ-F=sWtm zv9E|EdhJ?>zI9lHUZ9^@uJ!u&LDBzNgr6@wK;9xtd4qc%c2U zi`QPLF*pSq*pQ_mHSAE{IgK5_JStJ;mY zx%XX7qk}PW<)KhRwr%z2dW)j|;}F8(Ft^ z$UXNwb^Of-bGDzl^!im>_B>N@c;&#kyZ5PocV(kG9qe-VzO~O+u60!yIu6aLM@=az za*4;Cr~ez8Qx=xAuqu?uLReEdX=qMWxIq&6YlN0MrCE?me0*L*aUt(7E^hD_2*t(d zgCk$A@`PLhqAV)81?X=KCo!3zzislkbKk9@&)(5_bd0>?LhTs&>Kyyo1{Nz<&s%iW z;eUKrc%1Lk6fPQed9}NJ<%^{Yjz00)=-*xS;yvY^55KVe-X*T0@_E7Ps|Nfzc=yR= zPn4RE@83^ud*bC+Pxf*>b}-Q8SEWlEHqKgd!G`-ge?R246&w0| zdH>|ybrN5>`efs|dxU94>t6r2_g_m!3PbmQGURCCstAjRzxd*Ty>sT|xW+~FGdVajiaDTo(pUdZcMO+b=pBHPGEZ4Mz9Asg>rpO`1ues-h6gk)9MMyj(B$cM*)kxBW zb8!3f3y;37!|CpjadpMDXgj8p+yi#}cc_`VUxZhZW$!GHbYkKUbIw`V`@aow{c z`<%OXEFb(_WA#d{^3nT4<p)C3l3z@#k4o5%SI{6bMfJ_05PKHOHW>V(8X zEg?+^xK)AUHF2JhTd3P928Mpgt&IxQ!~{%GtFL%()siSEhm5Nu{^M;2wQRRo}$XWid%QPB^fXJ;(F=lVCk@4WK6 z4`%Y0@A~qFA#Z;ER^Pps-RwW_MD}NE`oGk9Y2R&!)n}G>{5W)Hw{2DD-61`A#8VUe z(f8hhGv58p(BZ?r?z`ln?CFKIPv7P)e&UHe-A`_KE&^)RbHh9Aeech_tHz##8e11N^$cvlG#s3seZb_8q+F@BALXK*>E0DBFPV9OpMy?M@(A7Rx zr(oaci#800nT2l}NnMknK3Emy_PV}k96OBs_W4sr{lQDa>t`t;Z=p(|={@?zsM4PD$`{?tVX8oc2uGJ-%oPTGpGNE5i;Dwb16Q;es zGGcp=kG^(c&o|E;>8f?AYJ$_7E-7jad0u~^f4JY{@fGHAUe0Kw#xzi?7eirAx{?ct zygNeLa0pF)=bB16#a(CN+F^qD=TG+#GmGRby3!_74|1m42(=;2PzgNGCaUH-lU0;c ziTYY7Mi?gZTs*C&Ia!p^Jg!O=1ETKrgh)fH#WbDb><+RsO`cArO{i@jZiO^hX0*OF zLZcYc)D{xaeop1EFuOdb(^Q6}ISY(t%s)deQJErZ!UBziv1gnVyZq|nbcF;r9U9z~ zVZR@Rd`Q%~#WabDKq9;5)?KeGsQYcf)<2#*s$bRzqkh=()QRFOt;5+x4TICM5F5;(~4XIl4fT4s63o4pq66PZ$vo%Yw%a&xerrwZno6~8wwLyUwIZ3=u@R8^aAoO5M z5q9x%i4}+Bdu=-T5-he?ylU)noD{DtBs&?NT_C8)$VHl<_yoyaD$9z-McpR?%7KP< zv{LMn^|h)yBxp6wpvQ0;*9z>5$qGA48cWTFPoH{Fcgy$7KW?|M@wNf;M=m>b$B38v z?{BwN_)|{**;B7ry=#Rq;P(4=jP7&x@hzht>*?9t0L zIrrkXZ``Wv?tW_O(*5rgeppd_S9w|IBZo)ba!H?(&AU&oUaYKn`J1s-AFY|;`=H;t z@4{^)Ipj`m z7Gf7Q-l!IxeT-Op5P`qQFplX6j@~kf+YildVE^B`h+C$=oTc{&foZy?CO_XF8 z=@g>AkPta|o0a`yV_1zi*d!yx*(=DBO+iQxE3-n8lMRFxbxndvJ5xgZ`usAHb&$cWhJDEd}I|BZEWB*Vi&^;ZNviXjv08Nji|Osw(X+_ zTv}1=(PXXh7@;BDNP0T;*I3xC;q=+EEM=c4o~jh1Qi%fi-oe372k9 zsCSjB@Ir|A06v#4&Mw=TbfqDg!n^Lq5FK*YYH0UN9dfLQ1GVA06HBm5)|g5V^@fBy zKb?bf9ZK|_tcoZUA0b?U61eq@CX%mp8KEyzinEJ7kbEOR_JOo|*L8{_5r=G&cO4OC zmoLe?j;IVt6FhIt>TX5snC@8PyfsP@cFE$rHHzYpeADV;>3l_*I2$IpSTS*SxsqJ0 zn9`6;{oqewm7A|~G!qy|58ZR{^CnK3U7|CnIzs{lUvV1~LqrJD;uW`;NV0L-_4+!_ zpu`8zWY%03ueik&HF+f;QKxMa=fMrIMdku1b-yMoYhr*nx%ma|iFQ$TO>Zh$VUuIq z1I4qUIbNlx0S*QIOGC1UG=%n!>136IB$!#D!+L_YDd3}q3c*)+F_t=xIP1hKycRKb z;o%iti?WdHz~>!fC8a^%A`?v$D&r(UKZ}hxm&Ef9N)bq=ne|A-^A3vQDe$F+b|vVc z)n4bsYxoz$1|C`&b_qAMqB$gD@Jv5DE`slhGyQCW?83yEel~R>34*6UjGw3{NCj22 z?t=1b+*hiKCW$0R2&X_03nWXl_1rR?azOkusk9_5*$jL?f}_Uz3S`W*33h?^BTx$^ zJIiamMREQ=^-r0tn*2PA)~euZNsd}i6N7rgk~%0}OCpzm>!EnxdQx%ES4RJO?f?~-w=g%*K zgGams%BRAb7S#ctlGy7#Mny-A(XvkPl!Q`*UB-AyLQx!&FZh(iUgyNYb37%Xm0_1K zo|4csheVtXht@J&Pv$hfiJXyOacJWUunX7XV8^QsNfvyvY445%=LJtTZG!BQ#FI^% zx{w6HS1nOZ$D@5^oF@2cHAO`?GmtzeylNRQ%`Qv4Y8kIHB+w@45Fe`U1RAu{^I|h$l03UmXC=@Y5^Fjp-Bn@`p=@=wW0`alO0bL85(FUV4GDKf8f-RN zWx^A*yV+wSGVB7x7eb&BDWWMPvUE&aCdmO#Mh{G1biA$A(8V7C($mv2Z6TIn7pZ01 zLev}*aeW%Bl3NI*VlK#`kR$`|035~7>aH>QeHmR)%GViu>ykSM_? zl99?*ap)Q|37rKOv9(U&x5mv^p%PEwrPN@j`}Ol3j*)Va2X5 zBt-B-2_jV`SRX#LM1P-MVEB*(T}wzz)1V)GQHPT>Om>Yu?xGTqs4^=nvdX4s3b3g8 zkl>HDNZlCOdnmExr#F=o~viWimQbxr{&bvOlIeTY<7(B>;@ zvz~mT@6Vw?#j6kG66}J-s}E$oA>pQFfUTnJK(-FBx(vGjtplvCDI_xRV2j?%5~oVx zV2fRnU3@s$V%HZEVp{C3I!wN6%4&DI47=d0cBg9!i41&es@}V5gt=iML_U-fZ%wtz zv5O9GO|@#9@%U;5bTgx<5ihm1;=^+P8ThcakoeLvsjn5(c_J@VDI)o9P3xrIDhr7* zb0_syjZ;8Loz#PG64!@}T7_>G$m3|QSa{bW1_>~;=7e~YxJB6%*ik2gX$fdg78=SV zk#fJSHK1(>Lh{Qj1GEOT4Ruo>NVPujJvDkyLp2>Ia6UmbZy_cHY4DyJN)bq^nPruD zPYp%!6!=mtG%ao_;)@P%UC^qZgXJJeW|nX4vkHe$)Auw zLkS-y#g!%4oDn9C$s}udtsl{0ge7C2Y&KEyy`6T51o&)vV#6HN&7=2d6Iuz+rY&OZ z_HjI$wkT_|YkT(w-$+s;_$35SUrrq(hJyO$XsX|iHbkVjFG#+u80Y1@Q2 z7f!9G6k!)RPOYaX4#_udE*avhigHL#F(jaMx@4v_B-PAHvv;~=rp_qfys&G2hWhC*KmSq=uVjDMG01`d?vSaL7WVhBS0pjs~#VtT!ZF@Z}q$%4HHK28dG;ynN#jWfv!2zHulF$r0TDH0!Fi1U02m z<$_Hu?oz2yK_`PXk-=jBv$eA9lE(gLYb^kY9^C&VSH4VcB+WUn|4A*xE^O?7QdR#s zQVs=Epd1SR$5IXjAt|fSzA?FPmdm{2qa0^^amFJ;pwzFt4~wP&Lsn z^627n;yi3v!fx;U1a`YY@F%qcWM=>mDv}@CguoaMDiRB@iy8+xiE2ZV1z-3xYK(>@ znHPhciXRX(Q^RNVXCBw5zc~h%0eRC^8NCU+bwLoZNU7I%MRT!;^qGP+iey8 zl+%Cq)GJo+S|JR${k|Qe`<#7z%jm~?dNy}?!~5bVvj;W~Ths5DXXEB=UDtQcz4+}L zw<^24pPIUK|2u^rRutb=Ue@`@;Ze6-(x+te?vtw*D{Ef8JKyw@6$TGzzRB?^u z=_=j}Kq;=Z;CG$aD@|~P z@LeZ1L3Ux{yH0HCLJ|a@a@uMd(yu)sxkY%&87~dVGBY>q#Os^_Q0j)Anb0xeNOfsR z;XSOwtS-bZzFMcMkkr!S3)KjXVTn`A7X(%0)uJP>iJq;^7m6hlHA0raCKu)+u16+9~{;#lTd@g_=X|G3Y#8zog73p*7|#lrrq%HRdc7 z%^?wkucp;GDxG*@idWO>`bKj7_Z}v8HpR717;+Bm*Ukw7Mv}FbN~At}rA= z`0$|N{Suy)MtBelvCGZ~4`NjzslkVjR1TeD9JvNB1J~!pSnZ4!4v#OjCxKA3w7b3 zL_EhE--uyK8BNt5r=Z}U3(<=Xi?Xs@=x3H|z5abr^nX^Nmz~;0f3K-6^<;I>rCeE= z)!*@r7^bdva9(%b(44Zcq=i+XL>9stn)43LsR}npB7cq0Ql~TvatXDcgS!p-dg3@u z3r^BRNz__MqZW1>9HQ(FS=eoGC~R^}I+ugW5&Tkb%DV8Gv4I4=ZJ3;HQu#MoOBDk{={#`HkRbp(NN7fX_mSiLlEGpM?@r6p|Ns3bB5wQ-vtcB@K!= zg&4~uORV*0KTg@jpPWh)(VqL@aUs2u(W{hNzn{e^3;6)atN{tfg`66jD3gAIP(!r> z^n$5gS(Kb=IkXbHy^H?0(-jN8eJ9)Ha`lTnPvV5(`u}v=pDwdOf!Vo<%ff5hN_U%z~`iqS_Y&?Jxzb9b(h?E4h#v__Y{!7t8y}w#a%tHq}bVH?wwVR$8=70TXps z<|Hsofe^2#l4x!nu`tTUZzc<<^$^B2_#;zjjRxA34X)G5f)>)y4R)MrW&~Rrq>JT! jm%iSB1EqS$#II8bnr7BIMWsbc6H~t1 + + + True + NuGet + $(MSBuildThisFileDirectory)project.assets.json + /Users/pedro/.nuget/packages/ + /Users/pedro/.nuget/packages/ + PackageReference + 6.5.0 + + + + + \ No newline at end of file diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/dotnet.csproj.nuget.g.targets b/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/dotnet.csproj.nuget.g.targets new file mode 100644 index 00000000000..3dc06ef3cc4 --- /dev/null +++ b/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/dotnet.csproj.nuget.g.targets @@ -0,0 +1,2 @@ + + \ No newline at end of file diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/project.assets.json b/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/project.assets.json new file mode 100644 index 00000000000..331eea652ff --- /dev/null +++ b/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/project.assets.json @@ -0,0 +1,3454 @@ +{ + "version": 3, + "targets": { + "net7.0": { + "Crc32.NET/1.2.0": { + "type": "package", + "dependencies": { + "NETStandard.Library": "2.0.0" + }, + "compile": { + "lib/netstandard2.0/Crc32.NET.dll": { + "related": ".xml" + } + }, + "runtime": { + "lib/netstandard2.0/Crc32.NET.dll": { + "related": ".xml" + } + } + }, + "Microsoft.CSharp/4.7.0": { + "type": "package", + "compile": { + "ref/netcoreapp2.0/_._": {} + }, + "runtime": { + "lib/netcoreapp2.0/_._": {} + } + }, + "Microsoft.NETCore.Platforms/1.1.1": { + "type": "package", + "compile": { + "lib/netstandard1.0/_._": {} + }, + "runtime": { + "lib/netstandard1.0/_._": {} + } + }, + "Microsoft.NETCore.Targets/1.1.3": { + "type": "package", + "compile": { + "lib/netstandard1.0/_._": {} + }, + "runtime": { + "lib/netstandard1.0/_._": {} + } + }, + "Minio/4.0.7": { + "type": "package", + "dependencies": { + "Crc32.NET": "1.2.0", + "Microsoft.CSharp": "4.7.0", + "Newtonsoft.Json": "13.0.1", + "System.Net.Http": "4.3.4", + "System.Net.Primitives": "4.3.1", + "System.Reactive.Linq": "5.0.0", + "System.ValueTuple": "4.4.0" + }, + "compile": { + "lib/netstandard2.0/Minio.dll": { + "related": ".xml" + } + }, + "runtime": { + "lib/netstandard2.0/Minio.dll": { + "related": ".xml" + } + } + }, + "NETStandard.Library/2.0.0": { + "type": "package", + "dependencies": { + "Microsoft.NETCore.Platforms": "1.1.0" + }, + "compile": { + "lib/netstandard1.0/_._": {} + }, + "runtime": { + "lib/netstandard1.0/_._": {} + }, + "build": { + "build/netstandard2.0/_._": {} + } + }, + "Newtonsoft.Json/13.0.1": { + "type": "package", + "compile": { + "lib/netstandard2.0/Newtonsoft.Json.dll": { + "related": ".xml" + } + }, + "runtime": { + "lib/netstandard2.0/Newtonsoft.Json.dll": { + "related": ".xml" + } + } + }, + "runtime.debian.8-x64.runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { + "type": "package", + "runtimeTargets": { + "runtimes/debian.8-x64/native/System.Security.Cryptography.Native.OpenSsl.so": { + "assetType": "native", + "rid": "debian.8-x64" + } + } + }, + "runtime.fedora.23-x64.runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { + "type": "package", + "runtimeTargets": { + "runtimes/fedora.23-x64/native/System.Security.Cryptography.Native.OpenSsl.so": { + "assetType": "native", + "rid": "fedora.23-x64" + } + } + }, + "runtime.fedora.24-x64.runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { + "type": "package", + "runtimeTargets": { + "runtimes/fedora.24-x64/native/System.Security.Cryptography.Native.OpenSsl.so": { + "assetType": "native", + "rid": "fedora.24-x64" + } + } + }, + "runtime.native.System/4.3.0": { + "type": "package", + "dependencies": { + "Microsoft.NETCore.Platforms": "1.1.0", + "Microsoft.NETCore.Targets": "1.1.0" + }, + "compile": { + "lib/netstandard1.0/_._": {} + }, + "runtime": { + "lib/netstandard1.0/_._": {} + } + }, + "runtime.native.System.Net.Http/4.3.0": { + "type": "package", + "dependencies": { + "Microsoft.NETCore.Platforms": "1.1.0", + "Microsoft.NETCore.Targets": "1.1.0" + }, + "compile": { + "lib/netstandard1.0/_._": {} + }, + "runtime": { + "lib/netstandard1.0/_._": {} + } + }, + "runtime.native.System.Security.Cryptography.Apple/4.3.0": { + "type": "package", + "dependencies": { + "runtime.osx.10.10-x64.runtime.native.System.Security.Cryptography.Apple": "4.3.0" + }, + "compile": { + "lib/netstandard1.0/_._": {} + }, + "runtime": { + "lib/netstandard1.0/_._": {} + } + }, + "runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { + "type": "package", + "dependencies": { + "runtime.debian.8-x64.runtime.native.System.Security.Cryptography.OpenSsl": "4.3.2", + "runtime.fedora.23-x64.runtime.native.System.Security.Cryptography.OpenSsl": "4.3.2", + "runtime.fedora.24-x64.runtime.native.System.Security.Cryptography.OpenSsl": "4.3.2", + "runtime.opensuse.13.2-x64.runtime.native.System.Security.Cryptography.OpenSsl": "4.3.2", + "runtime.opensuse.42.1-x64.runtime.native.System.Security.Cryptography.OpenSsl": "4.3.2", + "runtime.osx.10.10-x64.runtime.native.System.Security.Cryptography.OpenSsl": "4.3.2", + "runtime.rhel.7-x64.runtime.native.System.Security.Cryptography.OpenSsl": "4.3.2", + "runtime.ubuntu.14.04-x64.runtime.native.System.Security.Cryptography.OpenSsl": "4.3.2", + "runtime.ubuntu.16.04-x64.runtime.native.System.Security.Cryptography.OpenSsl": "4.3.2", + "runtime.ubuntu.16.10-x64.runtime.native.System.Security.Cryptography.OpenSsl": "4.3.2" + }, + "compile": { + "lib/netstandard1.0/_._": {} + }, + "runtime": { + "lib/netstandard1.0/_._": {} + } + }, + "runtime.opensuse.13.2-x64.runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { + "type": "package", + "runtimeTargets": { + "runtimes/opensuse.13.2-x64/native/System.Security.Cryptography.Native.OpenSsl.so": { + "assetType": "native", + "rid": "opensuse.13.2-x64" + } + } + }, + "runtime.opensuse.42.1-x64.runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { + "type": "package", + "runtimeTargets": { + "runtimes/opensuse.42.1-x64/native/System.Security.Cryptography.Native.OpenSsl.so": { + "assetType": "native", + "rid": "opensuse.42.1-x64" + } + } + }, + "runtime.osx.10.10-x64.runtime.native.System.Security.Cryptography.Apple/4.3.0": { + "type": "package", + "runtimeTargets": { + "runtimes/osx.10.10-x64/native/System.Security.Cryptography.Native.Apple.dylib": { + "assetType": "native", + "rid": "osx.10.10-x64" + } + } + }, + "runtime.osx.10.10-x64.runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { + "type": "package", + "runtimeTargets": { + "runtimes/osx.10.10-x64/native/System.Security.Cryptography.Native.OpenSsl.dylib": { + "assetType": "native", + "rid": "osx.10.10-x64" + } + } + }, + "runtime.rhel.7-x64.runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { + "type": "package", + "runtimeTargets": { + "runtimes/rhel.7-x64/native/System.Security.Cryptography.Native.OpenSsl.so": { + "assetType": "native", + "rid": "rhel.7-x64" + } + } + }, + "runtime.ubuntu.14.04-x64.runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { + "type": "package", + "runtimeTargets": { + "runtimes/ubuntu.14.04-x64/native/System.Security.Cryptography.Native.OpenSsl.so": { + "assetType": "native", + "rid": "ubuntu.14.04-x64" + } + } + }, + "runtime.ubuntu.16.04-x64.runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { + "type": "package", + "runtimeTargets": { + "runtimes/ubuntu.16.04-x64/native/System.Security.Cryptography.Native.OpenSsl.so": { + "assetType": "native", + "rid": "ubuntu.16.04-x64" + } + } + }, + "runtime.ubuntu.16.10-x64.runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { + "type": "package", + "runtimeTargets": { + "runtimes/ubuntu.16.10-x64/native/System.Security.Cryptography.Native.OpenSsl.so": { + "assetType": "native", + "rid": "ubuntu.16.10-x64" + } + } + }, + "System.Collections/4.3.0": { + "type": "package", + "dependencies": { + "Microsoft.NETCore.Platforms": "1.1.0", + "Microsoft.NETCore.Targets": "1.1.0", + "System.Runtime": "4.3.0" + }, + "compile": { + "ref/netstandard1.3/_._": { + "related": ".xml" + } + } + }, + "System.Collections.Concurrent/4.3.0": { + "type": "package", + "dependencies": { + "System.Collections": "4.3.0", + "System.Diagnostics.Debug": "4.3.0", + "System.Diagnostics.Tracing": "4.3.0", + "System.Globalization": "4.3.0", + "System.Reflection": "4.3.0", + "System.Resources.ResourceManager": "4.3.0", + "System.Runtime": "4.3.0", + "System.Runtime.Extensions": "4.3.0", + "System.Threading": "4.3.0", + "System.Threading.Tasks": "4.3.0" + }, + "compile": { + "ref/netstandard1.3/_._": { + "related": ".xml" + } + }, + "runtime": { + "lib/netstandard1.3/System.Collections.Concurrent.dll": {} + } + }, + "System.Diagnostics.Debug/4.3.0": { + "type": "package", + "dependencies": { + "Microsoft.NETCore.Platforms": "1.1.0", + "Microsoft.NETCore.Targets": "1.1.0", + "System.Runtime": "4.3.0" + }, + "compile": { + "ref/netstandard1.3/_._": { + "related": ".xml" + } + } + }, + "System.Diagnostics.DiagnosticSource/4.3.0": { + "type": "package", + "dependencies": { + "System.Collections": "4.3.0", + "System.Diagnostics.Tracing": "4.3.0", + "System.Reflection": "4.3.0", + "System.Runtime": "4.3.0", + "System.Threading": "4.3.0" + }, + "compile": { + "lib/netstandard1.3/_._": { + "related": ".xml" + } + }, + "runtime": { + "lib/netstandard1.3/System.Diagnostics.DiagnosticSource.dll": { + "related": ".xml" + } + } + }, + "System.Diagnostics.Tracing/4.3.0": { + "type": "package", + "dependencies": { + "Microsoft.NETCore.Platforms": "1.1.0", + "Microsoft.NETCore.Targets": "1.1.0", + "System.Runtime": "4.3.0" + }, + "compile": { + "ref/netstandard1.5/_._": { + "related": ".xml" + } + } + }, + "System.Globalization/4.3.0": { + "type": "package", + "dependencies": { + "Microsoft.NETCore.Platforms": "1.1.0", + "Microsoft.NETCore.Targets": "1.1.0", + "System.Runtime": "4.3.0" + }, + "compile": { + "ref/netstandard1.3/_._": { + "related": ".xml" + } + } + }, + "System.Globalization.Calendars/4.3.0": { + "type": "package", + "dependencies": { + "Microsoft.NETCore.Platforms": "1.1.0", + "Microsoft.NETCore.Targets": "1.1.0", + "System.Globalization": "4.3.0", + "System.Runtime": "4.3.0" + }, + "compile": { + "ref/netstandard1.3/_._": { + "related": ".xml" + } + } + }, + "System.Globalization.Extensions/4.3.0": { + "type": "package", + "dependencies": { + "Microsoft.NETCore.Platforms": "1.1.0", + "System.Globalization": "4.3.0", + "System.Resources.ResourceManager": "4.3.0", + "System.Runtime": "4.3.0", + "System.Runtime.Extensions": "4.3.0", + "System.Runtime.InteropServices": "4.3.0" + }, + "compile": { + "ref/netstandard1.3/_._": { + "related": ".xml" + } + }, + "runtimeTargets": { + "runtimes/unix/lib/netstandard1.3/System.Globalization.Extensions.dll": { + "assetType": "runtime", + "rid": "unix" + }, + "runtimes/win/lib/netstandard1.3/System.Globalization.Extensions.dll": { + "assetType": "runtime", + "rid": "win" + } + } + }, + "System.IO/4.3.0": { + "type": "package", + "dependencies": { + "Microsoft.NETCore.Platforms": "1.1.0", + "Microsoft.NETCore.Targets": "1.1.0", + "System.Runtime": "4.3.0", + "System.Text.Encoding": "4.3.0", + "System.Threading.Tasks": "4.3.0" + }, + "compile": { + "ref/netstandard1.5/System.IO.dll": { + "related": ".xml" + } + } + }, + "System.IO.FileSystem/4.3.0": { + "type": "package", + "dependencies": { + "Microsoft.NETCore.Platforms": "1.1.0", + "Microsoft.NETCore.Targets": "1.1.0", + "System.IO": "4.3.0", + "System.IO.FileSystem.Primitives": "4.3.0", + "System.Runtime": "4.3.0", + "System.Runtime.Handles": "4.3.0", + "System.Text.Encoding": "4.3.0", + "System.Threading.Tasks": "4.3.0" + }, + "compile": { + "ref/netstandard1.3/_._": { + "related": ".xml" + } + } + }, + "System.IO.FileSystem.Primitives/4.3.0": { + "type": "package", + "dependencies": { + "System.Runtime": "4.3.0" + }, + "compile": { + "ref/netstandard1.3/_._": { + "related": ".xml" + } + }, + "runtime": { + "lib/netstandard1.3/System.IO.FileSystem.Primitives.dll": {} + } + }, + "System.Linq/4.3.0": { + "type": "package", + "dependencies": { + "System.Collections": "4.3.0", + "System.Diagnostics.Debug": "4.3.0", + "System.Resources.ResourceManager": "4.3.0", + "System.Runtime": "4.3.0", + "System.Runtime.Extensions": "4.3.0" + }, + "compile": { + "ref/netstandard1.6/_._": { + "related": ".xml" + } + }, + "runtime": { + "lib/netstandard1.6/System.Linq.dll": {} + } + }, + "System.Net.Http/4.3.4": { + "type": "package", + "dependencies": { + "Microsoft.NETCore.Platforms": "1.1.1", + "System.Collections": "4.3.0", + "System.Diagnostics.Debug": "4.3.0", + "System.Diagnostics.DiagnosticSource": "4.3.0", + "System.Diagnostics.Tracing": "4.3.0", + "System.Globalization": "4.3.0", + "System.Globalization.Extensions": "4.3.0", + "System.IO": "4.3.0", + "System.IO.FileSystem": "4.3.0", + "System.Net.Primitives": "4.3.0", + "System.Resources.ResourceManager": "4.3.0", + "System.Runtime": "4.3.0", + "System.Runtime.Extensions": "4.3.0", + "System.Runtime.Handles": "4.3.0", + "System.Runtime.InteropServices": "4.3.0", + "System.Security.Cryptography.Algorithms": "4.3.0", + "System.Security.Cryptography.Encoding": "4.3.0", + "System.Security.Cryptography.OpenSsl": "4.3.0", + "System.Security.Cryptography.Primitives": "4.3.0", + "System.Security.Cryptography.X509Certificates": "4.3.0", + "System.Text.Encoding": "4.3.0", + "System.Threading": "4.3.0", + "System.Threading.Tasks": "4.3.0", + "runtime.native.System": "4.3.0", + "runtime.native.System.Net.Http": "4.3.0", + "runtime.native.System.Security.Cryptography.OpenSsl": "4.3.2" + }, + "compile": { + "ref/netstandard1.3/System.Net.Http.dll": {} + }, + "runtimeTargets": { + "runtimes/unix/lib/netstandard1.6/System.Net.Http.dll": { + "assetType": "runtime", + "rid": "unix" + }, + "runtimes/win/lib/netstandard1.3/System.Net.Http.dll": { + "assetType": "runtime", + "rid": "win" + } + } + }, + "System.Net.Primitives/4.3.1": { + "type": "package", + "dependencies": { + "Microsoft.NETCore.Platforms": "1.1.1", + "Microsoft.NETCore.Targets": "1.1.3", + "System.Runtime": "4.3.1", + "System.Runtime.Handles": "4.3.0" + }, + "compile": { + "ref/netstandard1.3/System.Net.Primitives.dll": { + "related": ".xml" + } + } + }, + "System.Reactive/5.0.0": { + "type": "package", + "compile": { + "lib/net5.0/System.Reactive.dll": { + "related": ".xml" + } + }, + "runtime": { + "lib/net5.0/System.Reactive.dll": { + "related": ".xml" + } + }, + "build": { + "buildTransitive/net5.0/_._": {} + } + }, + "System.Reactive.Linq/5.0.0": { + "type": "package", + "dependencies": { + "System.Reactive": "5.0.0", + "System.Threading.Tasks.Extensions": "4.5.4" + }, + "compile": { + "lib/netstandard2.0/System.Reactive.Linq.dll": { + "related": ".xml" + } + }, + "runtime": { + "lib/netstandard2.0/System.Reactive.Linq.dll": { + "related": ".xml" + } + } + }, + "System.Reflection/4.3.0": { + "type": "package", + "dependencies": { + "Microsoft.NETCore.Platforms": "1.1.0", + "Microsoft.NETCore.Targets": "1.1.0", + "System.IO": "4.3.0", + "System.Reflection.Primitives": "4.3.0", + "System.Runtime": "4.3.0" + }, + "compile": { + "ref/netstandard1.5/_._": { + "related": ".xml" + } + } + }, + "System.Reflection.Primitives/4.3.0": { + "type": "package", + "dependencies": { + "Microsoft.NETCore.Platforms": "1.1.0", + "Microsoft.NETCore.Targets": "1.1.0", + "System.Runtime": "4.3.0" + }, + "compile": { + "ref/netstandard1.0/_._": { + "related": ".xml" + } + } + }, + "System.Resources.ResourceManager/4.3.0": { + "type": "package", + "dependencies": { + "Microsoft.NETCore.Platforms": "1.1.0", + "Microsoft.NETCore.Targets": "1.1.0", + "System.Globalization": "4.3.0", + "System.Reflection": "4.3.0", + "System.Runtime": "4.3.0" + }, + "compile": { + "ref/netstandard1.0/_._": { + "related": ".xml" + } + } + }, + "System.Runtime/4.3.1": { + "type": "package", + "dependencies": { + "Microsoft.NETCore.Platforms": "1.1.1", + "Microsoft.NETCore.Targets": "1.1.3" + }, + "compile": { + "ref/netstandard1.5/System.Runtime.dll": { + "related": ".xml" + } + } + }, + "System.Runtime.Extensions/4.3.0": { + "type": "package", + "dependencies": { + "Microsoft.NETCore.Platforms": "1.1.0", + "Microsoft.NETCore.Targets": "1.1.0", + "System.Runtime": "4.3.0" + }, + "compile": { + "ref/netstandard1.5/_._": { + "related": ".xml" + } + } + }, + "System.Runtime.Handles/4.3.0": { + "type": "package", + "dependencies": { + "Microsoft.NETCore.Platforms": "1.1.0", + "Microsoft.NETCore.Targets": "1.1.0", + "System.Runtime": "4.3.0" + }, + "compile": { + "ref/netstandard1.3/System.Runtime.Handles.dll": { + "related": ".xml" + } + } + }, + "System.Runtime.InteropServices/4.3.0": { + "type": "package", + "dependencies": { + "Microsoft.NETCore.Platforms": "1.1.0", + "Microsoft.NETCore.Targets": "1.1.0", + "System.Reflection": "4.3.0", + "System.Reflection.Primitives": "4.3.0", + "System.Runtime": "4.3.0", + "System.Runtime.Handles": "4.3.0" + }, + "compile": { + "ref/netcoreapp1.1/_._": {} + } + }, + "System.Runtime.Numerics/4.3.0": { + "type": "package", + "dependencies": { + "System.Globalization": "4.3.0", + "System.Resources.ResourceManager": "4.3.0", + "System.Runtime": "4.3.0", + "System.Runtime.Extensions": "4.3.0" + }, + "compile": { + "ref/netstandard1.1/_._": { + "related": ".xml" + } + }, + "runtime": { + "lib/netstandard1.3/System.Runtime.Numerics.dll": {} + } + }, + "System.Security.Cryptography.Algorithms/4.3.0": { + "type": "package", + "dependencies": { + "Microsoft.NETCore.Platforms": "1.1.0", + "System.Collections": "4.3.0", + "System.IO": "4.3.0", + "System.Resources.ResourceManager": "4.3.0", + "System.Runtime": "4.3.0", + "System.Runtime.Extensions": "4.3.0", + "System.Runtime.Handles": "4.3.0", + "System.Runtime.InteropServices": "4.3.0", + "System.Runtime.Numerics": "4.3.0", + "System.Security.Cryptography.Encoding": "4.3.0", + "System.Security.Cryptography.Primitives": "4.3.0", + "System.Text.Encoding": "4.3.0", + "runtime.native.System.Security.Cryptography.Apple": "4.3.0", + "runtime.native.System.Security.Cryptography.OpenSsl": "4.3.0" + }, + "compile": { + "ref/netstandard1.6/System.Security.Cryptography.Algorithms.dll": {} + }, + "runtimeTargets": { + "runtimes/osx/lib/netstandard1.6/System.Security.Cryptography.Algorithms.dll": { + "assetType": "runtime", + "rid": "osx" + }, + "runtimes/unix/lib/netstandard1.6/System.Security.Cryptography.Algorithms.dll": { + "assetType": "runtime", + "rid": "unix" + }, + "runtimes/win/lib/netstandard1.6/System.Security.Cryptography.Algorithms.dll": { + "assetType": "runtime", + "rid": "win" + } + } + }, + "System.Security.Cryptography.Cng/4.3.0": { + "type": "package", + "dependencies": { + "Microsoft.NETCore.Platforms": "1.1.0", + "System.IO": "4.3.0", + "System.Resources.ResourceManager": "4.3.0", + "System.Runtime": "4.3.0", + "System.Runtime.Extensions": "4.3.0", + "System.Runtime.Handles": "4.3.0", + "System.Runtime.InteropServices": "4.3.0", + "System.Security.Cryptography.Algorithms": "4.3.0", + "System.Security.Cryptography.Encoding": "4.3.0", + "System.Security.Cryptography.Primitives": "4.3.0", + "System.Text.Encoding": "4.3.0" + }, + "compile": { + "ref/netstandard1.6/_._": {} + }, + "runtimeTargets": { + "runtimes/unix/lib/netstandard1.6/System.Security.Cryptography.Cng.dll": { + "assetType": "runtime", + "rid": "unix" + }, + "runtimes/win/lib/netstandard1.6/System.Security.Cryptography.Cng.dll": { + "assetType": "runtime", + "rid": "win" + } + } + }, + "System.Security.Cryptography.Csp/4.3.0": { + "type": "package", + "dependencies": { + "Microsoft.NETCore.Platforms": "1.1.0", + "System.IO": "4.3.0", + "System.Reflection": "4.3.0", + "System.Resources.ResourceManager": "4.3.0", + "System.Runtime": "4.3.0", + "System.Runtime.Extensions": "4.3.0", + "System.Runtime.Handles": "4.3.0", + "System.Runtime.InteropServices": "4.3.0", + "System.Security.Cryptography.Algorithms": "4.3.0", + "System.Security.Cryptography.Encoding": "4.3.0", + "System.Security.Cryptography.Primitives": "4.3.0", + "System.Text.Encoding": "4.3.0", + "System.Threading": "4.3.0" + }, + "compile": { + "ref/netstandard1.3/_._": {} + }, + "runtimeTargets": { + "runtimes/unix/lib/netstandard1.3/System.Security.Cryptography.Csp.dll": { + "assetType": "runtime", + "rid": "unix" + }, + "runtimes/win/lib/netstandard1.3/System.Security.Cryptography.Csp.dll": { + "assetType": "runtime", + "rid": "win" + } + } + }, + "System.Security.Cryptography.Encoding/4.3.0": { + "type": "package", + "dependencies": { + "Microsoft.NETCore.Platforms": "1.1.0", + "System.Collections": "4.3.0", + "System.Collections.Concurrent": "4.3.0", + "System.Linq": "4.3.0", + "System.Resources.ResourceManager": "4.3.0", + "System.Runtime": "4.3.0", + "System.Runtime.Extensions": "4.3.0", + "System.Runtime.Handles": "4.3.0", + "System.Runtime.InteropServices": "4.3.0", + "System.Security.Cryptography.Primitives": "4.3.0", + "System.Text.Encoding": "4.3.0", + "runtime.native.System.Security.Cryptography.OpenSsl": "4.3.0" + }, + "compile": { + "ref/netstandard1.3/System.Security.Cryptography.Encoding.dll": { + "related": ".xml" + } + }, + "runtimeTargets": { + "runtimes/unix/lib/netstandard1.3/System.Security.Cryptography.Encoding.dll": { + "assetType": "runtime", + "rid": "unix" + }, + "runtimes/win/lib/netstandard1.3/System.Security.Cryptography.Encoding.dll": { + "assetType": "runtime", + "rid": "win" + } + } + }, + "System.Security.Cryptography.OpenSsl/4.3.0": { + "type": "package", + "dependencies": { + "System.Collections": "4.3.0", + "System.IO": "4.3.0", + "System.Resources.ResourceManager": "4.3.0", + "System.Runtime": "4.3.0", + "System.Runtime.Extensions": "4.3.0", + "System.Runtime.Handles": "4.3.0", + "System.Runtime.InteropServices": "4.3.0", + "System.Runtime.Numerics": "4.3.0", + "System.Security.Cryptography.Algorithms": "4.3.0", + "System.Security.Cryptography.Encoding": "4.3.0", + "System.Security.Cryptography.Primitives": "4.3.0", + "System.Text.Encoding": "4.3.0", + "runtime.native.System.Security.Cryptography.OpenSsl": "4.3.0" + }, + "compile": { + "ref/netstandard1.6/_._": {} + }, + "runtime": { + "lib/netstandard1.6/System.Security.Cryptography.OpenSsl.dll": {} + }, + "runtimeTargets": { + "runtimes/unix/lib/netstandard1.6/System.Security.Cryptography.OpenSsl.dll": { + "assetType": "runtime", + "rid": "unix" + } + } + }, + "System.Security.Cryptography.Primitives/4.3.0": { + "type": "package", + "dependencies": { + "System.Diagnostics.Debug": "4.3.0", + "System.Globalization": "4.3.0", + "System.IO": "4.3.0", + "System.Resources.ResourceManager": "4.3.0", + "System.Runtime": "4.3.0", + "System.Threading": "4.3.0", + "System.Threading.Tasks": "4.3.0" + }, + "compile": { + "ref/netstandard1.3/System.Security.Cryptography.Primitives.dll": {} + }, + "runtime": { + "lib/netstandard1.3/System.Security.Cryptography.Primitives.dll": {} + } + }, + "System.Security.Cryptography.X509Certificates/4.3.0": { + "type": "package", + "dependencies": { + "Microsoft.NETCore.Platforms": "1.1.0", + "System.Collections": "4.3.0", + "System.Diagnostics.Debug": "4.3.0", + "System.Globalization": "4.3.0", + "System.Globalization.Calendars": "4.3.0", + "System.IO": "4.3.0", + "System.IO.FileSystem": "4.3.0", + "System.IO.FileSystem.Primitives": "4.3.0", + "System.Resources.ResourceManager": "4.3.0", + "System.Runtime": "4.3.0", + "System.Runtime.Extensions": "4.3.0", + "System.Runtime.Handles": "4.3.0", + "System.Runtime.InteropServices": "4.3.0", + "System.Runtime.Numerics": "4.3.0", + "System.Security.Cryptography.Algorithms": "4.3.0", + "System.Security.Cryptography.Cng": "4.3.0", + "System.Security.Cryptography.Csp": "4.3.0", + "System.Security.Cryptography.Encoding": "4.3.0", + "System.Security.Cryptography.OpenSsl": "4.3.0", + "System.Security.Cryptography.Primitives": "4.3.0", + "System.Text.Encoding": "4.3.0", + "System.Threading": "4.3.0", + "runtime.native.System": "4.3.0", + "runtime.native.System.Net.Http": "4.3.0", + "runtime.native.System.Security.Cryptography.OpenSsl": "4.3.0" + }, + "compile": { + "ref/netstandard1.4/System.Security.Cryptography.X509Certificates.dll": { + "related": ".xml" + } + }, + "runtimeTargets": { + "runtimes/unix/lib/netstandard1.6/System.Security.Cryptography.X509Certificates.dll": { + "assetType": "runtime", + "rid": "unix" + }, + "runtimes/win/lib/netstandard1.6/System.Security.Cryptography.X509Certificates.dll": { + "assetType": "runtime", + "rid": "win" + } + } + }, + "System.Text.Encoding/4.3.0": { + "type": "package", + "dependencies": { + "Microsoft.NETCore.Platforms": "1.1.0", + "Microsoft.NETCore.Targets": "1.1.0", + "System.Runtime": "4.3.0" + }, + "compile": { + "ref/netstandard1.3/System.Text.Encoding.dll": { + "related": ".xml" + } + } + }, + "System.Threading/4.3.0": { + "type": "package", + "dependencies": { + "System.Runtime": "4.3.0", + "System.Threading.Tasks": "4.3.0" + }, + "compile": { + "ref/netstandard1.3/_._": { + "related": ".xml" + } + }, + "runtime": { + "lib/netstandard1.3/System.Threading.dll": {} + } + }, + "System.Threading.Tasks/4.3.0": { + "type": "package", + "dependencies": { + "Microsoft.NETCore.Platforms": "1.1.0", + "Microsoft.NETCore.Targets": "1.1.0", + "System.Runtime": "4.3.0" + }, + "compile": { + "ref/netstandard1.3/System.Threading.Tasks.dll": { + "related": ".xml" + } + } + }, + "System.Threading.Tasks.Extensions/4.5.4": { + "type": "package", + "compile": { + "ref/netcoreapp2.1/_._": {} + }, + "runtime": { + "lib/netcoreapp2.1/_._": {} + } + }, + "System.ValueTuple/4.4.0": { + "type": "package", + "compile": { + "ref/netcoreapp2.0/_._": {} + }, + "runtime": { + "lib/netcoreapp2.0/_._": {} + } + } + } + }, + "libraries": { + "Crc32.NET/1.2.0": { + "sha512": "wNW/huzolu8MNKUnwCVKxjfAlCFpeI8AZVfF46iAWJ1+P6bTU1AZct7VAkDDEjgeeTJCVTkGZaD6jSd/fOiUkA==", + "type": "package", + "path": "crc32.net/1.2.0", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "crc32.net.1.2.0.nupkg.sha512", + "crc32.net.nuspec", + "lib/net20/Crc32.NET.dll", + "lib/net20/Crc32.NET.xml", + "lib/netstandard1.3/Crc32.NET.dll", + "lib/netstandard1.3/Crc32.NET.xml", + "lib/netstandard2.0/Crc32.NET.dll", + "lib/netstandard2.0/Crc32.NET.xml" + ] + }, + "Microsoft.CSharp/4.7.0": { + "sha512": "pTj+D3uJWyN3My70i2Hqo+OXixq3Os2D1nJ2x92FFo6sk8fYS1m1WLNTs0Dc1uPaViH0YvEEwvzddQ7y4rhXmA==", + "type": "package", + "path": "microsoft.csharp/4.7.0", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "LICENSE.TXT", + "THIRD-PARTY-NOTICES.TXT", + "lib/MonoAndroid10/_._", + "lib/MonoTouch10/_._", + "lib/net45/_._", + "lib/netcore50/Microsoft.CSharp.dll", + "lib/netcoreapp2.0/_._", + "lib/netstandard1.3/Microsoft.CSharp.dll", + "lib/netstandard2.0/Microsoft.CSharp.dll", + "lib/netstandard2.0/Microsoft.CSharp.xml", + "lib/portable-net45+win8+wp8+wpa81/_._", + "lib/uap10.0.16299/_._", + "lib/win8/_._", + "lib/wp80/_._", + "lib/wpa81/_._", + "lib/xamarinios10/_._", + "lib/xamarinmac20/_._", + "lib/xamarintvos10/_._", + "lib/xamarinwatchos10/_._", + "microsoft.csharp.4.7.0.nupkg.sha512", + "microsoft.csharp.nuspec", + "ref/MonoAndroid10/_._", + "ref/MonoTouch10/_._", + "ref/net45/_._", + "ref/netcore50/Microsoft.CSharp.dll", + "ref/netcore50/Microsoft.CSharp.xml", + "ref/netcore50/de/Microsoft.CSharp.xml", + "ref/netcore50/es/Microsoft.CSharp.xml", + "ref/netcore50/fr/Microsoft.CSharp.xml", + "ref/netcore50/it/Microsoft.CSharp.xml", + "ref/netcore50/ja/Microsoft.CSharp.xml", + "ref/netcore50/ko/Microsoft.CSharp.xml", + "ref/netcore50/ru/Microsoft.CSharp.xml", + "ref/netcore50/zh-hans/Microsoft.CSharp.xml", + "ref/netcore50/zh-hant/Microsoft.CSharp.xml", + "ref/netcoreapp2.0/_._", + "ref/netstandard1.0/Microsoft.CSharp.dll", + "ref/netstandard1.0/Microsoft.CSharp.xml", + "ref/netstandard1.0/de/Microsoft.CSharp.xml", + "ref/netstandard1.0/es/Microsoft.CSharp.xml", + "ref/netstandard1.0/fr/Microsoft.CSharp.xml", + "ref/netstandard1.0/it/Microsoft.CSharp.xml", + "ref/netstandard1.0/ja/Microsoft.CSharp.xml", + "ref/netstandard1.0/ko/Microsoft.CSharp.xml", + "ref/netstandard1.0/ru/Microsoft.CSharp.xml", + "ref/netstandard1.0/zh-hans/Microsoft.CSharp.xml", + "ref/netstandard1.0/zh-hant/Microsoft.CSharp.xml", + "ref/netstandard2.0/Microsoft.CSharp.dll", + "ref/netstandard2.0/Microsoft.CSharp.xml", + "ref/portable-net45+win8+wp8+wpa81/_._", + "ref/uap10.0.16299/_._", + "ref/win8/_._", + "ref/wp80/_._", + "ref/wpa81/_._", + "ref/xamarinios10/_._", + "ref/xamarinmac20/_._", + "ref/xamarintvos10/_._", + "ref/xamarinwatchos10/_._", + "useSharedDesignerContext.txt", + "version.txt" + ] + }, + "Microsoft.NETCore.Platforms/1.1.1": { + "sha512": "TMBuzAHpTenGbGgk0SMTwyEkyijY/Eae4ZGsFNYJvAr/LDn1ku3Etp3FPxChmDp5HHF3kzJuoaa08N0xjqAJfQ==", + "type": "package", + "path": "microsoft.netcore.platforms/1.1.1", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "lib/netstandard1.0/_._", + "microsoft.netcore.platforms.1.1.1.nupkg.sha512", + "microsoft.netcore.platforms.nuspec", + "runtime.json" + ] + }, + "Microsoft.NETCore.Targets/1.1.3": { + "sha512": "3Wrmi0kJDzClwAC+iBdUBpEKmEle8FQNsCs77fkiOIw/9oYA07bL1EZNX0kQ2OMN3xpwvl0vAtOCYY3ndDNlhQ==", + "type": "package", + "path": "microsoft.netcore.targets/1.1.3", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "lib/netstandard1.0/_._", + "microsoft.netcore.targets.1.1.3.nupkg.sha512", + "microsoft.netcore.targets.nuspec", + "runtime.json" + ] + }, + "Minio/4.0.7": { + "sha512": "gmd+B4YHaE+cz8TCPIzkhov3t30VovGfyf6vMxqXd/iF/cziKmXKJJXv2E9kcHvbGwVHhMWtvk7fXWOzHcU4uw==", + "type": "package", + "path": "minio/4.0.7", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "lib/netstandard2.0/Minio.dll", + "lib/netstandard2.0/Minio.xml", + "minio.4.0.7.nupkg.sha512", + "minio.nuspec" + ] + }, + "NETStandard.Library/2.0.0": { + "sha512": "7jnbRU+L08FXKMxqUflxEXtVymWvNOrS8yHgu9s6EM8Anr6T/wIX4nZ08j/u3Asz+tCufp3YVwFSEvFTPYmBPA==", + "type": "package", + "path": "netstandard.library/2.0.0", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "LICENSE.TXT", + "THIRD-PARTY-NOTICES.TXT", + "build/NETStandard.Library.targets", + "build/netstandard2.0/NETStandard.Library.targets", + "build/netstandard2.0/ref/Microsoft.Win32.Primitives.dll", + "build/netstandard2.0/ref/System.AppContext.dll", + "build/netstandard2.0/ref/System.Collections.Concurrent.dll", + "build/netstandard2.0/ref/System.Collections.NonGeneric.dll", + "build/netstandard2.0/ref/System.Collections.Specialized.dll", + "build/netstandard2.0/ref/System.Collections.dll", + "build/netstandard2.0/ref/System.ComponentModel.Composition.dll", + "build/netstandard2.0/ref/System.ComponentModel.EventBasedAsync.dll", + "build/netstandard2.0/ref/System.ComponentModel.Primitives.dll", + "build/netstandard2.0/ref/System.ComponentModel.TypeConverter.dll", + "build/netstandard2.0/ref/System.ComponentModel.dll", + "build/netstandard2.0/ref/System.Console.dll", + "build/netstandard2.0/ref/System.Core.dll", + "build/netstandard2.0/ref/System.Data.Common.dll", + "build/netstandard2.0/ref/System.Data.dll", + "build/netstandard2.0/ref/System.Diagnostics.Contracts.dll", + "build/netstandard2.0/ref/System.Diagnostics.Debug.dll", + "build/netstandard2.0/ref/System.Diagnostics.FileVersionInfo.dll", + "build/netstandard2.0/ref/System.Diagnostics.Process.dll", + "build/netstandard2.0/ref/System.Diagnostics.StackTrace.dll", + "build/netstandard2.0/ref/System.Diagnostics.TextWriterTraceListener.dll", + "build/netstandard2.0/ref/System.Diagnostics.Tools.dll", + "build/netstandard2.0/ref/System.Diagnostics.TraceSource.dll", + "build/netstandard2.0/ref/System.Diagnostics.Tracing.dll", + "build/netstandard2.0/ref/System.Drawing.Primitives.dll", + "build/netstandard2.0/ref/System.Drawing.dll", + "build/netstandard2.0/ref/System.Dynamic.Runtime.dll", + "build/netstandard2.0/ref/System.Globalization.Calendars.dll", + "build/netstandard2.0/ref/System.Globalization.Extensions.dll", + "build/netstandard2.0/ref/System.Globalization.dll", + "build/netstandard2.0/ref/System.IO.Compression.FileSystem.dll", + "build/netstandard2.0/ref/System.IO.Compression.ZipFile.dll", + "build/netstandard2.0/ref/System.IO.Compression.dll", + "build/netstandard2.0/ref/System.IO.FileSystem.DriveInfo.dll", + "build/netstandard2.0/ref/System.IO.FileSystem.Primitives.dll", + "build/netstandard2.0/ref/System.IO.FileSystem.Watcher.dll", + "build/netstandard2.0/ref/System.IO.FileSystem.dll", + "build/netstandard2.0/ref/System.IO.IsolatedStorage.dll", + "build/netstandard2.0/ref/System.IO.MemoryMappedFiles.dll", + "build/netstandard2.0/ref/System.IO.Pipes.dll", + "build/netstandard2.0/ref/System.IO.UnmanagedMemoryStream.dll", + "build/netstandard2.0/ref/System.IO.dll", + "build/netstandard2.0/ref/System.Linq.Expressions.dll", + "build/netstandard2.0/ref/System.Linq.Parallel.dll", + "build/netstandard2.0/ref/System.Linq.Queryable.dll", + "build/netstandard2.0/ref/System.Linq.dll", + "build/netstandard2.0/ref/System.Net.Http.dll", + "build/netstandard2.0/ref/System.Net.NameResolution.dll", + "build/netstandard2.0/ref/System.Net.NetworkInformation.dll", + "build/netstandard2.0/ref/System.Net.Ping.dll", + "build/netstandard2.0/ref/System.Net.Primitives.dll", + "build/netstandard2.0/ref/System.Net.Requests.dll", + "build/netstandard2.0/ref/System.Net.Security.dll", + "build/netstandard2.0/ref/System.Net.Sockets.dll", + "build/netstandard2.0/ref/System.Net.WebHeaderCollection.dll", + "build/netstandard2.0/ref/System.Net.WebSockets.Client.dll", + "build/netstandard2.0/ref/System.Net.WebSockets.dll", + "build/netstandard2.0/ref/System.Net.dll", + "build/netstandard2.0/ref/System.Numerics.dll", + "build/netstandard2.0/ref/System.ObjectModel.dll", + "build/netstandard2.0/ref/System.Reflection.Extensions.dll", + "build/netstandard2.0/ref/System.Reflection.Primitives.dll", + "build/netstandard2.0/ref/System.Reflection.dll", + "build/netstandard2.0/ref/System.Resources.Reader.dll", + "build/netstandard2.0/ref/System.Resources.ResourceManager.dll", + "build/netstandard2.0/ref/System.Resources.Writer.dll", + "build/netstandard2.0/ref/System.Runtime.CompilerServices.VisualC.dll", + "build/netstandard2.0/ref/System.Runtime.Extensions.dll", + "build/netstandard2.0/ref/System.Runtime.Handles.dll", + "build/netstandard2.0/ref/System.Runtime.InteropServices.RuntimeInformation.dll", + "build/netstandard2.0/ref/System.Runtime.InteropServices.dll", + "build/netstandard2.0/ref/System.Runtime.Numerics.dll", + "build/netstandard2.0/ref/System.Runtime.Serialization.Formatters.dll", + "build/netstandard2.0/ref/System.Runtime.Serialization.Json.dll", + "build/netstandard2.0/ref/System.Runtime.Serialization.Primitives.dll", + "build/netstandard2.0/ref/System.Runtime.Serialization.Xml.dll", + "build/netstandard2.0/ref/System.Runtime.Serialization.dll", + "build/netstandard2.0/ref/System.Runtime.dll", + "build/netstandard2.0/ref/System.Security.Claims.dll", + "build/netstandard2.0/ref/System.Security.Cryptography.Algorithms.dll", + "build/netstandard2.0/ref/System.Security.Cryptography.Csp.dll", + "build/netstandard2.0/ref/System.Security.Cryptography.Encoding.dll", + "build/netstandard2.0/ref/System.Security.Cryptography.Primitives.dll", + "build/netstandard2.0/ref/System.Security.Cryptography.X509Certificates.dll", + "build/netstandard2.0/ref/System.Security.Principal.dll", + "build/netstandard2.0/ref/System.Security.SecureString.dll", + "build/netstandard2.0/ref/System.ServiceModel.Web.dll", + "build/netstandard2.0/ref/System.Text.Encoding.Extensions.dll", + "build/netstandard2.0/ref/System.Text.Encoding.dll", + "build/netstandard2.0/ref/System.Text.RegularExpressions.dll", + "build/netstandard2.0/ref/System.Threading.Overlapped.dll", + "build/netstandard2.0/ref/System.Threading.Tasks.Parallel.dll", + "build/netstandard2.0/ref/System.Threading.Tasks.dll", + "build/netstandard2.0/ref/System.Threading.Thread.dll", + "build/netstandard2.0/ref/System.Threading.ThreadPool.dll", + "build/netstandard2.0/ref/System.Threading.Timer.dll", + "build/netstandard2.0/ref/System.Threading.dll", + "build/netstandard2.0/ref/System.Transactions.dll", + "build/netstandard2.0/ref/System.ValueTuple.dll", + "build/netstandard2.0/ref/System.Web.dll", + "build/netstandard2.0/ref/System.Windows.dll", + "build/netstandard2.0/ref/System.Xml.Linq.dll", + "build/netstandard2.0/ref/System.Xml.ReaderWriter.dll", + "build/netstandard2.0/ref/System.Xml.Serialization.dll", + "build/netstandard2.0/ref/System.Xml.XDocument.dll", + "build/netstandard2.0/ref/System.Xml.XPath.XDocument.dll", + "build/netstandard2.0/ref/System.Xml.XPath.dll", + "build/netstandard2.0/ref/System.Xml.XmlDocument.dll", + "build/netstandard2.0/ref/System.Xml.XmlSerializer.dll", + "build/netstandard2.0/ref/System.Xml.dll", + "build/netstandard2.0/ref/System.dll", + "build/netstandard2.0/ref/mscorlib.dll", + "build/netstandard2.0/ref/netstandard.dll", + "build/netstandard2.0/ref/netstandard.xml", + "lib/netstandard1.0/_._", + "netstandard.library.2.0.0.nupkg.sha512", + "netstandard.library.nuspec" + ] + }, + "Newtonsoft.Json/13.0.1": { + "sha512": "ppPFpBcvxdsfUonNcvITKqLl3bqxWbDCZIzDWHzjpdAHRFfZe0Dw9HmA0+za13IdyrgJwpkDTDA9fHaxOrt20A==", + "type": "package", + "path": "newtonsoft.json/13.0.1", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "LICENSE.md", + "lib/net20/Newtonsoft.Json.dll", + "lib/net20/Newtonsoft.Json.xml", + "lib/net35/Newtonsoft.Json.dll", + "lib/net35/Newtonsoft.Json.xml", + "lib/net40/Newtonsoft.Json.dll", + "lib/net40/Newtonsoft.Json.xml", + "lib/net45/Newtonsoft.Json.dll", + "lib/net45/Newtonsoft.Json.xml", + "lib/netstandard1.0/Newtonsoft.Json.dll", + "lib/netstandard1.0/Newtonsoft.Json.xml", + "lib/netstandard1.3/Newtonsoft.Json.dll", + "lib/netstandard1.3/Newtonsoft.Json.xml", + "lib/netstandard2.0/Newtonsoft.Json.dll", + "lib/netstandard2.0/Newtonsoft.Json.xml", + "newtonsoft.json.13.0.1.nupkg.sha512", + "newtonsoft.json.nuspec", + "packageIcon.png" + ] + }, + "runtime.debian.8-x64.runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { + "sha512": "7VSGO0URRKoMEAq0Sc9cRz8mb6zbyx/BZDEWhgPdzzpmFhkam3fJ1DAGWFXBI4nGlma+uPKpfuMQP5LXRnOH5g==", + "type": "package", + "path": "runtime.debian.8-x64.runtime.native.system.security.cryptography.openssl/4.3.2", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "runtime.debian.8-x64.runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", + "runtime.debian.8-x64.runtime.native.system.security.cryptography.openssl.nuspec", + "runtimes/debian.8-x64/native/System.Security.Cryptography.Native.OpenSsl.so" + ] + }, + "runtime.fedora.23-x64.runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { + "sha512": "0oAaTAm6e2oVH+/Zttt0cuhGaePQYKII1dY8iaqP7CvOpVKgLybKRFvQjXR2LtxXOXTVPNv14j0ot8uV+HrUmw==", + "type": "package", + "path": "runtime.fedora.23-x64.runtime.native.system.security.cryptography.openssl/4.3.2", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "runtime.fedora.23-x64.runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", + "runtime.fedora.23-x64.runtime.native.system.security.cryptography.openssl.nuspec", + "runtimes/fedora.23-x64/native/System.Security.Cryptography.Native.OpenSsl.so" + ] + }, + "runtime.fedora.24-x64.runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { + "sha512": "G24ibsCNi5Kbz0oXWynBoRgtGvsw5ZSVEWjv13/KiCAM8C6wz9zzcCniMeQFIkJ2tasjo2kXlvlBZhplL51kGg==", + "type": "package", + "path": "runtime.fedora.24-x64.runtime.native.system.security.cryptography.openssl/4.3.2", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "runtime.fedora.24-x64.runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", + "runtime.fedora.24-x64.runtime.native.system.security.cryptography.openssl.nuspec", + "runtimes/fedora.24-x64/native/System.Security.Cryptography.Native.OpenSsl.so" + ] + }, + "runtime.native.System/4.3.0": { + "sha512": "c/qWt2LieNZIj1jGnVNsE2Kl23Ya2aSTBuXMD6V7k9KWr6l16Tqdwq+hJScEpWER9753NWC8h96PaVNY5Ld7Jw==", + "type": "package", + "path": "runtime.native.system/4.3.0", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "lib/netstandard1.0/_._", + "runtime.native.system.4.3.0.nupkg.sha512", + "runtime.native.system.nuspec" + ] + }, + "runtime.native.System.Net.Http/4.3.0": { + "sha512": "ZVuZJqnnegJhd2k/PtAbbIcZ3aZeITq3sj06oKfMBSfphW3HDmk/t4ObvbOk/JA/swGR0LNqMksAh/f7gpTROg==", + "type": "package", + "path": "runtime.native.system.net.http/4.3.0", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "lib/netstandard1.0/_._", + "runtime.native.system.net.http.4.3.0.nupkg.sha512", + "runtime.native.system.net.http.nuspec" + ] + }, + "runtime.native.System.Security.Cryptography.Apple/4.3.0": { + "sha512": "DloMk88juo0OuOWr56QG7MNchmafTLYWvABy36izkrLI5VledI0rq28KGs1i9wbpeT9NPQrx/wTf8U2vazqQ3Q==", + "type": "package", + "path": "runtime.native.system.security.cryptography.apple/4.3.0", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "lib/netstandard1.0/_._", + "runtime.native.system.security.cryptography.apple.4.3.0.nupkg.sha512", + "runtime.native.system.security.cryptography.apple.nuspec" + ] + }, + "runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { + "sha512": "QR1OwtwehHxSeQvZKXe+iSd+d3XZNkEcuWMFYa2i0aG1l+lR739HPicKMlTbJst3spmeekDVBUS7SeS26s4U/g==", + "type": "package", + "path": "runtime.native.system.security.cryptography.openssl/4.3.2", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "lib/netstandard1.0/_._", + "runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", + "runtime.native.system.security.cryptography.openssl.nuspec" + ] + }, + "runtime.opensuse.13.2-x64.runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { + "sha512": "I+GNKGg2xCHueRd1m9PzeEW7WLbNNLznmTuEi8/vZX71HudUbx1UTwlGkiwMri7JLl8hGaIAWnA/GONhu+LOyQ==", + "type": "package", + "path": "runtime.opensuse.13.2-x64.runtime.native.system.security.cryptography.openssl/4.3.2", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "runtime.opensuse.13.2-x64.runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", + "runtime.opensuse.13.2-x64.runtime.native.system.security.cryptography.openssl.nuspec", + "runtimes/opensuse.13.2-x64/native/System.Security.Cryptography.Native.OpenSsl.so" + ] + }, + "runtime.opensuse.42.1-x64.runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { + "sha512": "1Z3TAq1ytS1IBRtPXJvEUZdVsfWfeNEhBkbiOCGEl9wwAfsjP2lz3ZFDx5tq8p60/EqbS0HItG5piHuB71RjoA==", + "type": "package", + "path": "runtime.opensuse.42.1-x64.runtime.native.system.security.cryptography.openssl/4.3.2", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "runtime.opensuse.42.1-x64.runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", + "runtime.opensuse.42.1-x64.runtime.native.system.security.cryptography.openssl.nuspec", + "runtimes/opensuse.42.1-x64/native/System.Security.Cryptography.Native.OpenSsl.so" + ] + }, + "runtime.osx.10.10-x64.runtime.native.System.Security.Cryptography.Apple/4.3.0": { + "sha512": "kVXCuMTrTlxq4XOOMAysuNwsXWpYeboGddNGpIgNSZmv1b6r/s/DPk0fYMB7Q5Qo4bY68o48jt4T4y5BVecbCQ==", + "type": "package", + "path": "runtime.osx.10.10-x64.runtime.native.system.security.cryptography.apple/4.3.0", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "runtime.osx.10.10-x64.runtime.native.system.security.cryptography.apple.4.3.0.nupkg.sha512", + "runtime.osx.10.10-x64.runtime.native.system.security.cryptography.apple.nuspec", + "runtimes/osx.10.10-x64/native/System.Security.Cryptography.Native.Apple.dylib" + ] + }, + "runtime.osx.10.10-x64.runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { + "sha512": "6mU/cVmmHtQiDXhnzUImxIcDL48GbTk+TsptXyJA+MIOG9LRjPoAQC/qBFB7X+UNyK86bmvGwC8t+M66wsYC8w==", + "type": "package", + "path": "runtime.osx.10.10-x64.runtime.native.system.security.cryptography.openssl/4.3.2", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "runtime.osx.10.10-x64.runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", + "runtime.osx.10.10-x64.runtime.native.system.security.cryptography.openssl.nuspec", + "runtimes/osx.10.10-x64/native/System.Security.Cryptography.Native.OpenSsl.dylib" + ] + }, + "runtime.rhel.7-x64.runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { + "sha512": "vjwG0GGcTW/PPg6KVud8F9GLWYuAV1rrw1BKAqY0oh4jcUqg15oYF1+qkGR2x2ZHM4DQnWKQ7cJgYbfncz/lYg==", + "type": "package", + "path": "runtime.rhel.7-x64.runtime.native.system.security.cryptography.openssl/4.3.2", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "runtime.rhel.7-x64.runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", + "runtime.rhel.7-x64.runtime.native.system.security.cryptography.openssl.nuspec", + "runtimes/rhel.7-x64/native/System.Security.Cryptography.Native.OpenSsl.so" + ] + }, + "runtime.ubuntu.14.04-x64.runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { + "sha512": "7KMFpTkHC/zoExs+PwP8jDCWcrK9H6L7soowT80CUx3e+nxP/AFnq0AQAW5W76z2WYbLAYCRyPfwYFG6zkvQRw==", + "type": "package", + "path": "runtime.ubuntu.14.04-x64.runtime.native.system.security.cryptography.openssl/4.3.2", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "runtime.ubuntu.14.04-x64.runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", + "runtime.ubuntu.14.04-x64.runtime.native.system.security.cryptography.openssl.nuspec", + "runtimes/ubuntu.14.04-x64/native/System.Security.Cryptography.Native.OpenSsl.so" + ] + }, + "runtime.ubuntu.16.04-x64.runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { + "sha512": "xrlmRCnKZJLHxyyLIqkZjNXqgxnKdZxfItrPkjI+6pkRo5lHX8YvSZlWrSI5AVwLMi4HbNWP7064hcAWeZKp5w==", + "type": "package", + "path": "runtime.ubuntu.16.04-x64.runtime.native.system.security.cryptography.openssl/4.3.2", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "runtime.ubuntu.16.04-x64.runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", + "runtime.ubuntu.16.04-x64.runtime.native.system.security.cryptography.openssl.nuspec", + "runtimes/ubuntu.16.04-x64/native/System.Security.Cryptography.Native.OpenSsl.so" + ] + }, + "runtime.ubuntu.16.10-x64.runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { + "sha512": "leXiwfiIkW7Gmn7cgnNcdtNAU70SjmKW3jxGj1iKHOvdn0zRWsgv/l2OJUO5zdGdiv2VRFnAsxxhDgMzofPdWg==", + "type": "package", + "path": "runtime.ubuntu.16.10-x64.runtime.native.system.security.cryptography.openssl/4.3.2", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "runtime.ubuntu.16.10-x64.runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", + "runtime.ubuntu.16.10-x64.runtime.native.system.security.cryptography.openssl.nuspec", + "runtimes/ubuntu.16.10-x64/native/System.Security.Cryptography.Native.OpenSsl.so" + ] + }, + "System.Collections/4.3.0": { + "sha512": "3Dcj85/TBdVpL5Zr+gEEBUuFe2icOnLalmEh9hfck1PTYbbyWuZgh4fmm2ysCLTrqLQw6t3TgTyJ+VLp+Qb+Lw==", + "type": "package", + "path": "system.collections/4.3.0", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "lib/MonoAndroid10/_._", + "lib/MonoTouch10/_._", + "lib/net45/_._", + "lib/portable-net45+win8+wp8+wpa81/_._", + "lib/win8/_._", + "lib/wp80/_._", + "lib/wpa81/_._", + "lib/xamarinios10/_._", + "lib/xamarinmac20/_._", + "lib/xamarintvos10/_._", + "lib/xamarinwatchos10/_._", + "ref/MonoAndroid10/_._", + "ref/MonoTouch10/_._", + "ref/net45/_._", + "ref/netcore50/System.Collections.dll", + "ref/netcore50/System.Collections.xml", + "ref/netcore50/de/System.Collections.xml", + "ref/netcore50/es/System.Collections.xml", + "ref/netcore50/fr/System.Collections.xml", + "ref/netcore50/it/System.Collections.xml", + "ref/netcore50/ja/System.Collections.xml", + "ref/netcore50/ko/System.Collections.xml", + "ref/netcore50/ru/System.Collections.xml", + "ref/netcore50/zh-hans/System.Collections.xml", + "ref/netcore50/zh-hant/System.Collections.xml", + "ref/netstandard1.0/System.Collections.dll", + "ref/netstandard1.0/System.Collections.xml", + "ref/netstandard1.0/de/System.Collections.xml", + "ref/netstandard1.0/es/System.Collections.xml", + "ref/netstandard1.0/fr/System.Collections.xml", + "ref/netstandard1.0/it/System.Collections.xml", + "ref/netstandard1.0/ja/System.Collections.xml", + "ref/netstandard1.0/ko/System.Collections.xml", + "ref/netstandard1.0/ru/System.Collections.xml", + "ref/netstandard1.0/zh-hans/System.Collections.xml", + "ref/netstandard1.0/zh-hant/System.Collections.xml", + "ref/netstandard1.3/System.Collections.dll", + "ref/netstandard1.3/System.Collections.xml", + "ref/netstandard1.3/de/System.Collections.xml", + "ref/netstandard1.3/es/System.Collections.xml", + "ref/netstandard1.3/fr/System.Collections.xml", + "ref/netstandard1.3/it/System.Collections.xml", + "ref/netstandard1.3/ja/System.Collections.xml", + "ref/netstandard1.3/ko/System.Collections.xml", + "ref/netstandard1.3/ru/System.Collections.xml", + "ref/netstandard1.3/zh-hans/System.Collections.xml", + "ref/netstandard1.3/zh-hant/System.Collections.xml", + "ref/portable-net45+win8+wp8+wpa81/_._", + "ref/win8/_._", + "ref/wp80/_._", + "ref/wpa81/_._", + "ref/xamarinios10/_._", + "ref/xamarinmac20/_._", + "ref/xamarintvos10/_._", + "ref/xamarinwatchos10/_._", + "system.collections.4.3.0.nupkg.sha512", + "system.collections.nuspec" + ] + }, + "System.Collections.Concurrent/4.3.0": { + "sha512": "ztl69Xp0Y/UXCL+3v3tEU+lIy+bvjKNUmopn1wep/a291pVPK7dxBd6T7WnlQqRog+d1a/hSsgRsmFnIBKTPLQ==", + "type": "package", + "path": "system.collections.concurrent/4.3.0", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "lib/MonoAndroid10/_._", + "lib/MonoTouch10/_._", + "lib/net45/_._", + "lib/netcore50/System.Collections.Concurrent.dll", + "lib/netstandard1.3/System.Collections.Concurrent.dll", + "lib/portable-net45+win8+wpa81/_._", + "lib/win8/_._", + "lib/wpa81/_._", + "lib/xamarinios10/_._", + "lib/xamarinmac20/_._", + "lib/xamarintvos10/_._", + "lib/xamarinwatchos10/_._", + "ref/MonoAndroid10/_._", + "ref/MonoTouch10/_._", + "ref/net45/_._", + "ref/netcore50/System.Collections.Concurrent.dll", + "ref/netcore50/System.Collections.Concurrent.xml", + "ref/netcore50/de/System.Collections.Concurrent.xml", + "ref/netcore50/es/System.Collections.Concurrent.xml", + "ref/netcore50/fr/System.Collections.Concurrent.xml", + "ref/netcore50/it/System.Collections.Concurrent.xml", + "ref/netcore50/ja/System.Collections.Concurrent.xml", + "ref/netcore50/ko/System.Collections.Concurrent.xml", + "ref/netcore50/ru/System.Collections.Concurrent.xml", + "ref/netcore50/zh-hans/System.Collections.Concurrent.xml", + "ref/netcore50/zh-hant/System.Collections.Concurrent.xml", + "ref/netstandard1.1/System.Collections.Concurrent.dll", + "ref/netstandard1.1/System.Collections.Concurrent.xml", + "ref/netstandard1.1/de/System.Collections.Concurrent.xml", + "ref/netstandard1.1/es/System.Collections.Concurrent.xml", + "ref/netstandard1.1/fr/System.Collections.Concurrent.xml", + "ref/netstandard1.1/it/System.Collections.Concurrent.xml", + "ref/netstandard1.1/ja/System.Collections.Concurrent.xml", + "ref/netstandard1.1/ko/System.Collections.Concurrent.xml", + "ref/netstandard1.1/ru/System.Collections.Concurrent.xml", + "ref/netstandard1.1/zh-hans/System.Collections.Concurrent.xml", + "ref/netstandard1.1/zh-hant/System.Collections.Concurrent.xml", + "ref/netstandard1.3/System.Collections.Concurrent.dll", + "ref/netstandard1.3/System.Collections.Concurrent.xml", + "ref/netstandard1.3/de/System.Collections.Concurrent.xml", + "ref/netstandard1.3/es/System.Collections.Concurrent.xml", + "ref/netstandard1.3/fr/System.Collections.Concurrent.xml", + "ref/netstandard1.3/it/System.Collections.Concurrent.xml", + "ref/netstandard1.3/ja/System.Collections.Concurrent.xml", + "ref/netstandard1.3/ko/System.Collections.Concurrent.xml", + "ref/netstandard1.3/ru/System.Collections.Concurrent.xml", + "ref/netstandard1.3/zh-hans/System.Collections.Concurrent.xml", + "ref/netstandard1.3/zh-hant/System.Collections.Concurrent.xml", + "ref/portable-net45+win8+wpa81/_._", + "ref/win8/_._", + "ref/wpa81/_._", + "ref/xamarinios10/_._", + "ref/xamarinmac20/_._", + "ref/xamarintvos10/_._", + "ref/xamarinwatchos10/_._", + "system.collections.concurrent.4.3.0.nupkg.sha512", + "system.collections.concurrent.nuspec" + ] + }, + "System.Diagnostics.Debug/4.3.0": { + "sha512": "ZUhUOdqmaG5Jk3Xdb8xi5kIyQYAA4PnTNlHx1mu9ZY3qv4ELIdKbnL/akbGaKi2RnNUWaZsAs31rvzFdewTj2g==", + "type": "package", + "path": "system.diagnostics.debug/4.3.0", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "lib/MonoAndroid10/_._", + "lib/MonoTouch10/_._", + "lib/net45/_._", + "lib/portable-net45+win8+wp8+wpa81/_._", + "lib/win8/_._", + "lib/wp80/_._", + "lib/wpa81/_._", + "lib/xamarinios10/_._", + "lib/xamarinmac20/_._", + "lib/xamarintvos10/_._", + "lib/xamarinwatchos10/_._", + "ref/MonoAndroid10/_._", + "ref/MonoTouch10/_._", + "ref/net45/_._", + "ref/netcore50/System.Diagnostics.Debug.dll", + "ref/netcore50/System.Diagnostics.Debug.xml", + "ref/netcore50/de/System.Diagnostics.Debug.xml", + "ref/netcore50/es/System.Diagnostics.Debug.xml", + "ref/netcore50/fr/System.Diagnostics.Debug.xml", + "ref/netcore50/it/System.Diagnostics.Debug.xml", + "ref/netcore50/ja/System.Diagnostics.Debug.xml", + "ref/netcore50/ko/System.Diagnostics.Debug.xml", + "ref/netcore50/ru/System.Diagnostics.Debug.xml", + "ref/netcore50/zh-hans/System.Diagnostics.Debug.xml", + "ref/netcore50/zh-hant/System.Diagnostics.Debug.xml", + "ref/netstandard1.0/System.Diagnostics.Debug.dll", + "ref/netstandard1.0/System.Diagnostics.Debug.xml", + "ref/netstandard1.0/de/System.Diagnostics.Debug.xml", + "ref/netstandard1.0/es/System.Diagnostics.Debug.xml", + "ref/netstandard1.0/fr/System.Diagnostics.Debug.xml", + "ref/netstandard1.0/it/System.Diagnostics.Debug.xml", + "ref/netstandard1.0/ja/System.Diagnostics.Debug.xml", + "ref/netstandard1.0/ko/System.Diagnostics.Debug.xml", + "ref/netstandard1.0/ru/System.Diagnostics.Debug.xml", + "ref/netstandard1.0/zh-hans/System.Diagnostics.Debug.xml", + "ref/netstandard1.0/zh-hant/System.Diagnostics.Debug.xml", + "ref/netstandard1.3/System.Diagnostics.Debug.dll", + "ref/netstandard1.3/System.Diagnostics.Debug.xml", + "ref/netstandard1.3/de/System.Diagnostics.Debug.xml", + "ref/netstandard1.3/es/System.Diagnostics.Debug.xml", + "ref/netstandard1.3/fr/System.Diagnostics.Debug.xml", + "ref/netstandard1.3/it/System.Diagnostics.Debug.xml", + "ref/netstandard1.3/ja/System.Diagnostics.Debug.xml", + "ref/netstandard1.3/ko/System.Diagnostics.Debug.xml", + "ref/netstandard1.3/ru/System.Diagnostics.Debug.xml", + "ref/netstandard1.3/zh-hans/System.Diagnostics.Debug.xml", + "ref/netstandard1.3/zh-hant/System.Diagnostics.Debug.xml", + "ref/portable-net45+win8+wp8+wpa81/_._", + "ref/win8/_._", + "ref/wp80/_._", + "ref/wpa81/_._", + "ref/xamarinios10/_._", + "ref/xamarinmac20/_._", + "ref/xamarintvos10/_._", + "ref/xamarinwatchos10/_._", + "system.diagnostics.debug.4.3.0.nupkg.sha512", + "system.diagnostics.debug.nuspec" + ] + }, + "System.Diagnostics.DiagnosticSource/4.3.0": { + "sha512": "tD6kosZnTAGdrEa0tZSuFyunMbt/5KYDnHdndJYGqZoNy00XVXyACd5d6KnE1YgYv3ne2CjtAfNXo/fwEhnKUA==", + "type": "package", + "path": "system.diagnostics.diagnosticsource/4.3.0", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "lib/net46/System.Diagnostics.DiagnosticSource.dll", + "lib/net46/System.Diagnostics.DiagnosticSource.xml", + "lib/netstandard1.1/System.Diagnostics.DiagnosticSource.dll", + "lib/netstandard1.1/System.Diagnostics.DiagnosticSource.xml", + "lib/netstandard1.3/System.Diagnostics.DiagnosticSource.dll", + "lib/netstandard1.3/System.Diagnostics.DiagnosticSource.xml", + "lib/portable-net45+win8+wpa81/System.Diagnostics.DiagnosticSource.dll", + "lib/portable-net45+win8+wpa81/System.Diagnostics.DiagnosticSource.xml", + "system.diagnostics.diagnosticsource.4.3.0.nupkg.sha512", + "system.diagnostics.diagnosticsource.nuspec" + ] + }, + "System.Diagnostics.Tracing/4.3.0": { + "sha512": "rswfv0f/Cqkh78rA5S8eN8Neocz234+emGCtTF3lxPY96F+mmmUen6tbn0glN6PMvlKQb9bPAY5e9u7fgPTkKw==", + "type": "package", + "path": "system.diagnostics.tracing/4.3.0", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "lib/MonoAndroid10/_._", + "lib/MonoTouch10/_._", + "lib/net45/_._", + "lib/net462/System.Diagnostics.Tracing.dll", + "lib/portable-net45+win8+wpa81/_._", + "lib/win8/_._", + "lib/wpa81/_._", + "lib/xamarinios10/_._", + "lib/xamarinmac20/_._", + "lib/xamarintvos10/_._", + "lib/xamarinwatchos10/_._", + "ref/MonoAndroid10/_._", + "ref/MonoTouch10/_._", + "ref/net45/_._", + "ref/net462/System.Diagnostics.Tracing.dll", + "ref/netcore50/System.Diagnostics.Tracing.dll", + "ref/netcore50/System.Diagnostics.Tracing.xml", + "ref/netcore50/de/System.Diagnostics.Tracing.xml", + "ref/netcore50/es/System.Diagnostics.Tracing.xml", + "ref/netcore50/fr/System.Diagnostics.Tracing.xml", + "ref/netcore50/it/System.Diagnostics.Tracing.xml", + "ref/netcore50/ja/System.Diagnostics.Tracing.xml", + "ref/netcore50/ko/System.Diagnostics.Tracing.xml", + "ref/netcore50/ru/System.Diagnostics.Tracing.xml", + "ref/netcore50/zh-hans/System.Diagnostics.Tracing.xml", + "ref/netcore50/zh-hant/System.Diagnostics.Tracing.xml", + "ref/netstandard1.1/System.Diagnostics.Tracing.dll", + "ref/netstandard1.1/System.Diagnostics.Tracing.xml", + "ref/netstandard1.1/de/System.Diagnostics.Tracing.xml", + "ref/netstandard1.1/es/System.Diagnostics.Tracing.xml", + "ref/netstandard1.1/fr/System.Diagnostics.Tracing.xml", + "ref/netstandard1.1/it/System.Diagnostics.Tracing.xml", + "ref/netstandard1.1/ja/System.Diagnostics.Tracing.xml", + "ref/netstandard1.1/ko/System.Diagnostics.Tracing.xml", + "ref/netstandard1.1/ru/System.Diagnostics.Tracing.xml", + "ref/netstandard1.1/zh-hans/System.Diagnostics.Tracing.xml", + "ref/netstandard1.1/zh-hant/System.Diagnostics.Tracing.xml", + "ref/netstandard1.2/System.Diagnostics.Tracing.dll", + "ref/netstandard1.2/System.Diagnostics.Tracing.xml", + "ref/netstandard1.2/de/System.Diagnostics.Tracing.xml", + "ref/netstandard1.2/es/System.Diagnostics.Tracing.xml", + "ref/netstandard1.2/fr/System.Diagnostics.Tracing.xml", + "ref/netstandard1.2/it/System.Diagnostics.Tracing.xml", + "ref/netstandard1.2/ja/System.Diagnostics.Tracing.xml", + "ref/netstandard1.2/ko/System.Diagnostics.Tracing.xml", + "ref/netstandard1.2/ru/System.Diagnostics.Tracing.xml", + "ref/netstandard1.2/zh-hans/System.Diagnostics.Tracing.xml", + "ref/netstandard1.2/zh-hant/System.Diagnostics.Tracing.xml", + "ref/netstandard1.3/System.Diagnostics.Tracing.dll", + "ref/netstandard1.3/System.Diagnostics.Tracing.xml", + "ref/netstandard1.3/de/System.Diagnostics.Tracing.xml", + "ref/netstandard1.3/es/System.Diagnostics.Tracing.xml", + "ref/netstandard1.3/fr/System.Diagnostics.Tracing.xml", + "ref/netstandard1.3/it/System.Diagnostics.Tracing.xml", + "ref/netstandard1.3/ja/System.Diagnostics.Tracing.xml", + "ref/netstandard1.3/ko/System.Diagnostics.Tracing.xml", + "ref/netstandard1.3/ru/System.Diagnostics.Tracing.xml", + "ref/netstandard1.3/zh-hans/System.Diagnostics.Tracing.xml", + "ref/netstandard1.3/zh-hant/System.Diagnostics.Tracing.xml", + "ref/netstandard1.5/System.Diagnostics.Tracing.dll", + "ref/netstandard1.5/System.Diagnostics.Tracing.xml", + "ref/netstandard1.5/de/System.Diagnostics.Tracing.xml", + "ref/netstandard1.5/es/System.Diagnostics.Tracing.xml", + "ref/netstandard1.5/fr/System.Diagnostics.Tracing.xml", + "ref/netstandard1.5/it/System.Diagnostics.Tracing.xml", + "ref/netstandard1.5/ja/System.Diagnostics.Tracing.xml", + "ref/netstandard1.5/ko/System.Diagnostics.Tracing.xml", + "ref/netstandard1.5/ru/System.Diagnostics.Tracing.xml", + "ref/netstandard1.5/zh-hans/System.Diagnostics.Tracing.xml", + "ref/netstandard1.5/zh-hant/System.Diagnostics.Tracing.xml", + "ref/portable-net45+win8+wpa81/_._", + "ref/win8/_._", + "ref/wpa81/_._", + "ref/xamarinios10/_._", + "ref/xamarinmac20/_._", + "ref/xamarintvos10/_._", + "ref/xamarinwatchos10/_._", + "system.diagnostics.tracing.4.3.0.nupkg.sha512", + "system.diagnostics.tracing.nuspec" + ] + }, + "System.Globalization/4.3.0": { + "sha512": "kYdVd2f2PAdFGblzFswE4hkNANJBKRmsfa2X5LG2AcWE1c7/4t0pYae1L8vfZ5xvE2nK/R9JprtToA61OSHWIg==", + "type": "package", + "path": "system.globalization/4.3.0", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "lib/MonoAndroid10/_._", + "lib/MonoTouch10/_._", + "lib/net45/_._", + "lib/portable-net45+win8+wp8+wpa81/_._", + "lib/win8/_._", + "lib/wp80/_._", + "lib/wpa81/_._", + "lib/xamarinios10/_._", + "lib/xamarinmac20/_._", + "lib/xamarintvos10/_._", + "lib/xamarinwatchos10/_._", + "ref/MonoAndroid10/_._", + "ref/MonoTouch10/_._", + "ref/net45/_._", + "ref/netcore50/System.Globalization.dll", + "ref/netcore50/System.Globalization.xml", + "ref/netcore50/de/System.Globalization.xml", + "ref/netcore50/es/System.Globalization.xml", + "ref/netcore50/fr/System.Globalization.xml", + "ref/netcore50/it/System.Globalization.xml", + "ref/netcore50/ja/System.Globalization.xml", + "ref/netcore50/ko/System.Globalization.xml", + "ref/netcore50/ru/System.Globalization.xml", + "ref/netcore50/zh-hans/System.Globalization.xml", + "ref/netcore50/zh-hant/System.Globalization.xml", + "ref/netstandard1.0/System.Globalization.dll", + "ref/netstandard1.0/System.Globalization.xml", + "ref/netstandard1.0/de/System.Globalization.xml", + "ref/netstandard1.0/es/System.Globalization.xml", + "ref/netstandard1.0/fr/System.Globalization.xml", + "ref/netstandard1.0/it/System.Globalization.xml", + "ref/netstandard1.0/ja/System.Globalization.xml", + "ref/netstandard1.0/ko/System.Globalization.xml", + "ref/netstandard1.0/ru/System.Globalization.xml", + "ref/netstandard1.0/zh-hans/System.Globalization.xml", + "ref/netstandard1.0/zh-hant/System.Globalization.xml", + "ref/netstandard1.3/System.Globalization.dll", + "ref/netstandard1.3/System.Globalization.xml", + "ref/netstandard1.3/de/System.Globalization.xml", + "ref/netstandard1.3/es/System.Globalization.xml", + "ref/netstandard1.3/fr/System.Globalization.xml", + "ref/netstandard1.3/it/System.Globalization.xml", + "ref/netstandard1.3/ja/System.Globalization.xml", + "ref/netstandard1.3/ko/System.Globalization.xml", + "ref/netstandard1.3/ru/System.Globalization.xml", + "ref/netstandard1.3/zh-hans/System.Globalization.xml", + "ref/netstandard1.3/zh-hant/System.Globalization.xml", + "ref/portable-net45+win8+wp8+wpa81/_._", + "ref/win8/_._", + "ref/wp80/_._", + "ref/wpa81/_._", + "ref/xamarinios10/_._", + "ref/xamarinmac20/_._", + "ref/xamarintvos10/_._", + "ref/xamarinwatchos10/_._", + "system.globalization.4.3.0.nupkg.sha512", + "system.globalization.nuspec" + ] + }, + "System.Globalization.Calendars/4.3.0": { + "sha512": "GUlBtdOWT4LTV3I+9/PJW+56AnnChTaOqqTLFtdmype/L500M2LIyXgmtd9X2P2VOkmJd5c67H5SaC2QcL1bFA==", + "type": "package", + "path": "system.globalization.calendars/4.3.0", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "lib/MonoAndroid10/_._", + "lib/MonoTouch10/_._", + "lib/net46/System.Globalization.Calendars.dll", + "lib/xamarinios10/_._", + "lib/xamarinmac20/_._", + "lib/xamarintvos10/_._", + "lib/xamarinwatchos10/_._", + "ref/MonoAndroid10/_._", + "ref/MonoTouch10/_._", + "ref/net46/System.Globalization.Calendars.dll", + "ref/netstandard1.3/System.Globalization.Calendars.dll", + "ref/netstandard1.3/System.Globalization.Calendars.xml", + "ref/netstandard1.3/de/System.Globalization.Calendars.xml", + "ref/netstandard1.3/es/System.Globalization.Calendars.xml", + "ref/netstandard1.3/fr/System.Globalization.Calendars.xml", + "ref/netstandard1.3/it/System.Globalization.Calendars.xml", + "ref/netstandard1.3/ja/System.Globalization.Calendars.xml", + "ref/netstandard1.3/ko/System.Globalization.Calendars.xml", + "ref/netstandard1.3/ru/System.Globalization.Calendars.xml", + "ref/netstandard1.3/zh-hans/System.Globalization.Calendars.xml", + "ref/netstandard1.3/zh-hant/System.Globalization.Calendars.xml", + "ref/xamarinios10/_._", + "ref/xamarinmac20/_._", + "ref/xamarintvos10/_._", + "ref/xamarinwatchos10/_._", + "system.globalization.calendars.4.3.0.nupkg.sha512", + "system.globalization.calendars.nuspec" + ] + }, + "System.Globalization.Extensions/4.3.0": { + "sha512": "FhKmdR6MPG+pxow6wGtNAWdZh7noIOpdD5TwQ3CprzgIE1bBBoim0vbR1+AWsWjQmU7zXHgQo4TWSP6lCeiWcQ==", + "type": "package", + "path": "system.globalization.extensions/4.3.0", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "lib/MonoAndroid10/_._", + "lib/MonoTouch10/_._", + "lib/net46/System.Globalization.Extensions.dll", + "lib/xamarinios10/_._", + "lib/xamarinmac20/_._", + "lib/xamarintvos10/_._", + "lib/xamarinwatchos10/_._", + "ref/MonoAndroid10/_._", + "ref/MonoTouch10/_._", + "ref/net46/System.Globalization.Extensions.dll", + "ref/netstandard1.3/System.Globalization.Extensions.dll", + "ref/netstandard1.3/System.Globalization.Extensions.xml", + "ref/netstandard1.3/de/System.Globalization.Extensions.xml", + "ref/netstandard1.3/es/System.Globalization.Extensions.xml", + "ref/netstandard1.3/fr/System.Globalization.Extensions.xml", + "ref/netstandard1.3/it/System.Globalization.Extensions.xml", + "ref/netstandard1.3/ja/System.Globalization.Extensions.xml", + "ref/netstandard1.3/ko/System.Globalization.Extensions.xml", + "ref/netstandard1.3/ru/System.Globalization.Extensions.xml", + "ref/netstandard1.3/zh-hans/System.Globalization.Extensions.xml", + "ref/netstandard1.3/zh-hant/System.Globalization.Extensions.xml", + "ref/xamarinios10/_._", + "ref/xamarinmac20/_._", + "ref/xamarintvos10/_._", + "ref/xamarinwatchos10/_._", + "runtimes/unix/lib/netstandard1.3/System.Globalization.Extensions.dll", + "runtimes/win/lib/net46/System.Globalization.Extensions.dll", + "runtimes/win/lib/netstandard1.3/System.Globalization.Extensions.dll", + "system.globalization.extensions.4.3.0.nupkg.sha512", + "system.globalization.extensions.nuspec" + ] + }, + "System.IO/4.3.0": { + "sha512": "3qjaHvxQPDpSOYICjUoTsmoq5u6QJAFRUITgeT/4gqkF1bajbSmb1kwSxEA8AHlofqgcKJcM8udgieRNhaJ5Cg==", + "type": "package", + "path": "system.io/4.3.0", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "lib/MonoAndroid10/_._", + "lib/MonoTouch10/_._", + "lib/net45/_._", + "lib/net462/System.IO.dll", + "lib/portable-net45+win8+wp8+wpa81/_._", + "lib/win8/_._", + "lib/wp80/_._", + "lib/wpa81/_._", + "lib/xamarinios10/_._", + "lib/xamarinmac20/_._", + "lib/xamarintvos10/_._", + "lib/xamarinwatchos10/_._", + "ref/MonoAndroid10/_._", + "ref/MonoTouch10/_._", + "ref/net45/_._", + "ref/net462/System.IO.dll", + "ref/netcore50/System.IO.dll", + "ref/netcore50/System.IO.xml", + "ref/netcore50/de/System.IO.xml", + "ref/netcore50/es/System.IO.xml", + "ref/netcore50/fr/System.IO.xml", + "ref/netcore50/it/System.IO.xml", + "ref/netcore50/ja/System.IO.xml", + "ref/netcore50/ko/System.IO.xml", + "ref/netcore50/ru/System.IO.xml", + "ref/netcore50/zh-hans/System.IO.xml", + "ref/netcore50/zh-hant/System.IO.xml", + "ref/netstandard1.0/System.IO.dll", + "ref/netstandard1.0/System.IO.xml", + "ref/netstandard1.0/de/System.IO.xml", + "ref/netstandard1.0/es/System.IO.xml", + "ref/netstandard1.0/fr/System.IO.xml", + "ref/netstandard1.0/it/System.IO.xml", + "ref/netstandard1.0/ja/System.IO.xml", + "ref/netstandard1.0/ko/System.IO.xml", + "ref/netstandard1.0/ru/System.IO.xml", + "ref/netstandard1.0/zh-hans/System.IO.xml", + "ref/netstandard1.0/zh-hant/System.IO.xml", + "ref/netstandard1.3/System.IO.dll", + "ref/netstandard1.3/System.IO.xml", + "ref/netstandard1.3/de/System.IO.xml", + "ref/netstandard1.3/es/System.IO.xml", + "ref/netstandard1.3/fr/System.IO.xml", + "ref/netstandard1.3/it/System.IO.xml", + "ref/netstandard1.3/ja/System.IO.xml", + "ref/netstandard1.3/ko/System.IO.xml", + "ref/netstandard1.3/ru/System.IO.xml", + "ref/netstandard1.3/zh-hans/System.IO.xml", + "ref/netstandard1.3/zh-hant/System.IO.xml", + "ref/netstandard1.5/System.IO.dll", + "ref/netstandard1.5/System.IO.xml", + "ref/netstandard1.5/de/System.IO.xml", + "ref/netstandard1.5/es/System.IO.xml", + "ref/netstandard1.5/fr/System.IO.xml", + "ref/netstandard1.5/it/System.IO.xml", + "ref/netstandard1.5/ja/System.IO.xml", + "ref/netstandard1.5/ko/System.IO.xml", + "ref/netstandard1.5/ru/System.IO.xml", + "ref/netstandard1.5/zh-hans/System.IO.xml", + "ref/netstandard1.5/zh-hant/System.IO.xml", + "ref/portable-net45+win8+wp8+wpa81/_._", + "ref/win8/_._", + "ref/wp80/_._", + "ref/wpa81/_._", + "ref/xamarinios10/_._", + "ref/xamarinmac20/_._", + "ref/xamarintvos10/_._", + "ref/xamarinwatchos10/_._", + "system.io.4.3.0.nupkg.sha512", + "system.io.nuspec" + ] + }, + "System.IO.FileSystem/4.3.0": { + "sha512": "3wEMARTnuio+ulnvi+hkRNROYwa1kylvYahhcLk4HSoVdl+xxTFVeVlYOfLwrDPImGls0mDqbMhrza8qnWPTdA==", + "type": "package", + "path": "system.io.filesystem/4.3.0", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "lib/MonoAndroid10/_._", + "lib/MonoTouch10/_._", + "lib/net46/System.IO.FileSystem.dll", + "lib/xamarinios10/_._", + "lib/xamarinmac20/_._", + "lib/xamarintvos10/_._", + "lib/xamarinwatchos10/_._", + "ref/MonoAndroid10/_._", + "ref/MonoTouch10/_._", + "ref/net46/System.IO.FileSystem.dll", + "ref/netstandard1.3/System.IO.FileSystem.dll", + "ref/netstandard1.3/System.IO.FileSystem.xml", + "ref/netstandard1.3/de/System.IO.FileSystem.xml", + "ref/netstandard1.3/es/System.IO.FileSystem.xml", + "ref/netstandard1.3/fr/System.IO.FileSystem.xml", + "ref/netstandard1.3/it/System.IO.FileSystem.xml", + "ref/netstandard1.3/ja/System.IO.FileSystem.xml", + "ref/netstandard1.3/ko/System.IO.FileSystem.xml", + "ref/netstandard1.3/ru/System.IO.FileSystem.xml", + "ref/netstandard1.3/zh-hans/System.IO.FileSystem.xml", + "ref/netstandard1.3/zh-hant/System.IO.FileSystem.xml", + "ref/xamarinios10/_._", + "ref/xamarinmac20/_._", + "ref/xamarintvos10/_._", + "ref/xamarinwatchos10/_._", + "system.io.filesystem.4.3.0.nupkg.sha512", + "system.io.filesystem.nuspec" + ] + }, + "System.IO.FileSystem.Primitives/4.3.0": { + "sha512": "6QOb2XFLch7bEc4lIcJH49nJN2HV+OC3fHDgsLVsBVBk3Y4hFAnOBGzJ2lUu7CyDDFo9IBWkSsnbkT6IBwwiMw==", + "type": "package", + "path": "system.io.filesystem.primitives/4.3.0", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "lib/MonoAndroid10/_._", + "lib/MonoTouch10/_._", + "lib/net46/System.IO.FileSystem.Primitives.dll", + "lib/netstandard1.3/System.IO.FileSystem.Primitives.dll", + "lib/xamarinios10/_._", + "lib/xamarinmac20/_._", + "lib/xamarintvos10/_._", + "lib/xamarinwatchos10/_._", + "ref/MonoAndroid10/_._", + "ref/MonoTouch10/_._", + "ref/net46/System.IO.FileSystem.Primitives.dll", + "ref/netstandard1.3/System.IO.FileSystem.Primitives.dll", + "ref/netstandard1.3/System.IO.FileSystem.Primitives.xml", + "ref/netstandard1.3/de/System.IO.FileSystem.Primitives.xml", + "ref/netstandard1.3/es/System.IO.FileSystem.Primitives.xml", + "ref/netstandard1.3/fr/System.IO.FileSystem.Primitives.xml", + "ref/netstandard1.3/it/System.IO.FileSystem.Primitives.xml", + "ref/netstandard1.3/ja/System.IO.FileSystem.Primitives.xml", + "ref/netstandard1.3/ko/System.IO.FileSystem.Primitives.xml", + "ref/netstandard1.3/ru/System.IO.FileSystem.Primitives.xml", + "ref/netstandard1.3/zh-hans/System.IO.FileSystem.Primitives.xml", + "ref/netstandard1.3/zh-hant/System.IO.FileSystem.Primitives.xml", + "ref/xamarinios10/_._", + "ref/xamarinmac20/_._", + "ref/xamarintvos10/_._", + "ref/xamarinwatchos10/_._", + "system.io.filesystem.primitives.4.3.0.nupkg.sha512", + "system.io.filesystem.primitives.nuspec" + ] + }, + "System.Linq/4.3.0": { + "sha512": "5DbqIUpsDp0dFftytzuMmc0oeMdQwjcP/EWxsksIz/w1TcFRkZ3yKKz0PqiYFMmEwPSWw+qNVqD7PJ889JzHbw==", + "type": "package", + "path": "system.linq/4.3.0", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "lib/MonoAndroid10/_._", + "lib/MonoTouch10/_._", + "lib/net45/_._", + "lib/net463/System.Linq.dll", + "lib/netcore50/System.Linq.dll", + "lib/netstandard1.6/System.Linq.dll", + "lib/portable-net45+win8+wp8+wpa81/_._", + "lib/win8/_._", + "lib/wp80/_._", + "lib/wpa81/_._", + "lib/xamarinios10/_._", + "lib/xamarinmac20/_._", + "lib/xamarintvos10/_._", + "lib/xamarinwatchos10/_._", + "ref/MonoAndroid10/_._", + "ref/MonoTouch10/_._", + "ref/net45/_._", + "ref/net463/System.Linq.dll", + "ref/netcore50/System.Linq.dll", + "ref/netcore50/System.Linq.xml", + "ref/netcore50/de/System.Linq.xml", + "ref/netcore50/es/System.Linq.xml", + "ref/netcore50/fr/System.Linq.xml", + "ref/netcore50/it/System.Linq.xml", + "ref/netcore50/ja/System.Linq.xml", + "ref/netcore50/ko/System.Linq.xml", + "ref/netcore50/ru/System.Linq.xml", + "ref/netcore50/zh-hans/System.Linq.xml", + "ref/netcore50/zh-hant/System.Linq.xml", + "ref/netstandard1.0/System.Linq.dll", + "ref/netstandard1.0/System.Linq.xml", + "ref/netstandard1.0/de/System.Linq.xml", + "ref/netstandard1.0/es/System.Linq.xml", + "ref/netstandard1.0/fr/System.Linq.xml", + "ref/netstandard1.0/it/System.Linq.xml", + "ref/netstandard1.0/ja/System.Linq.xml", + "ref/netstandard1.0/ko/System.Linq.xml", + "ref/netstandard1.0/ru/System.Linq.xml", + "ref/netstandard1.0/zh-hans/System.Linq.xml", + "ref/netstandard1.0/zh-hant/System.Linq.xml", + "ref/netstandard1.6/System.Linq.dll", + "ref/netstandard1.6/System.Linq.xml", + "ref/netstandard1.6/de/System.Linq.xml", + "ref/netstandard1.6/es/System.Linq.xml", + "ref/netstandard1.6/fr/System.Linq.xml", + "ref/netstandard1.6/it/System.Linq.xml", + "ref/netstandard1.6/ja/System.Linq.xml", + "ref/netstandard1.6/ko/System.Linq.xml", + "ref/netstandard1.6/ru/System.Linq.xml", + "ref/netstandard1.6/zh-hans/System.Linq.xml", + "ref/netstandard1.6/zh-hant/System.Linq.xml", + "ref/portable-net45+win8+wp8+wpa81/_._", + "ref/win8/_._", + "ref/wp80/_._", + "ref/wpa81/_._", + "ref/xamarinios10/_._", + "ref/xamarinmac20/_._", + "ref/xamarintvos10/_._", + "ref/xamarinwatchos10/_._", + "system.linq.4.3.0.nupkg.sha512", + "system.linq.nuspec" + ] + }, + "System.Net.Http/4.3.4": { + "sha512": "aOa2d51SEbmM+H+Csw7yJOuNZoHkrP2XnAurye5HWYgGVVU54YZDvsLUYRv6h18X3sPnjNCANmN7ZhIPiqMcjA==", + "type": "package", + "path": "system.net.http/4.3.4", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "lib/Xamarinmac20/_._", + "lib/monoandroid10/_._", + "lib/monotouch10/_._", + "lib/net45/_._", + "lib/net46/System.Net.Http.dll", + "lib/portable-net45+win8+wpa81/_._", + "lib/win8/_._", + "lib/wpa81/_._", + "lib/xamarinios10/_._", + "lib/xamarintvos10/_._", + "lib/xamarinwatchos10/_._", + "ref/Xamarinmac20/_._", + "ref/monoandroid10/_._", + "ref/monotouch10/_._", + "ref/net45/_._", + "ref/net46/System.Net.Http.dll", + "ref/netcore50/System.Net.Http.dll", + "ref/netstandard1.1/System.Net.Http.dll", + "ref/netstandard1.3/System.Net.Http.dll", + "ref/portable-net45+win8+wpa81/_._", + "ref/win8/_._", + "ref/wpa81/_._", + "ref/xamarinios10/_._", + "ref/xamarintvos10/_._", + "ref/xamarinwatchos10/_._", + "runtimes/unix/lib/netstandard1.6/System.Net.Http.dll", + "runtimes/win/lib/net46/System.Net.Http.dll", + "runtimes/win/lib/netcore50/System.Net.Http.dll", + "runtimes/win/lib/netstandard1.3/System.Net.Http.dll", + "system.net.http.4.3.4.nupkg.sha512", + "system.net.http.nuspec" + ] + }, + "System.Net.Primitives/4.3.1": { + "sha512": "OHzPhSme78BbmLe9UBxHM69ZYjClS5URuhce6Ta4ikiLgaUGiG/X84fZpI6zy7CsUH5R9cYzI2tv9dWPqdTkUg==", + "type": "package", + "path": "system.net.primitives/4.3.1", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "lib/MonoAndroid10/_._", + "lib/MonoTouch10/_._", + "lib/net45/_._", + "lib/portable-net45+win8+wp8+wpa81/_._", + "lib/win8/_._", + "lib/wp80/_._", + "lib/wpa81/_._", + "lib/xamarinios10/_._", + "lib/xamarinmac20/_._", + "lib/xamarintvos10/_._", + "lib/xamarinwatchos10/_._", + "ref/MonoAndroid10/_._", + "ref/MonoTouch10/_._", + "ref/net45/_._", + "ref/netcore50/System.Net.Primitives.dll", + "ref/netcore50/System.Net.Primitives.xml", + "ref/netcore50/de/System.Net.Primitives.xml", + "ref/netcore50/es/System.Net.Primitives.xml", + "ref/netcore50/fr/System.Net.Primitives.xml", + "ref/netcore50/it/System.Net.Primitives.xml", + "ref/netcore50/ja/System.Net.Primitives.xml", + "ref/netcore50/ko/System.Net.Primitives.xml", + "ref/netcore50/ru/System.Net.Primitives.xml", + "ref/netcore50/zh-hans/System.Net.Primitives.xml", + "ref/netcore50/zh-hant/System.Net.Primitives.xml", + "ref/netstandard1.0/System.Net.Primitives.dll", + "ref/netstandard1.0/System.Net.Primitives.xml", + "ref/netstandard1.0/de/System.Net.Primitives.xml", + "ref/netstandard1.0/es/System.Net.Primitives.xml", + "ref/netstandard1.0/fr/System.Net.Primitives.xml", + "ref/netstandard1.0/it/System.Net.Primitives.xml", + "ref/netstandard1.0/ja/System.Net.Primitives.xml", + "ref/netstandard1.0/ko/System.Net.Primitives.xml", + "ref/netstandard1.0/ru/System.Net.Primitives.xml", + "ref/netstandard1.0/zh-hans/System.Net.Primitives.xml", + "ref/netstandard1.0/zh-hant/System.Net.Primitives.xml", + "ref/netstandard1.1/System.Net.Primitives.dll", + "ref/netstandard1.1/System.Net.Primitives.xml", + "ref/netstandard1.1/de/System.Net.Primitives.xml", + "ref/netstandard1.1/es/System.Net.Primitives.xml", + "ref/netstandard1.1/fr/System.Net.Primitives.xml", + "ref/netstandard1.1/it/System.Net.Primitives.xml", + "ref/netstandard1.1/ja/System.Net.Primitives.xml", + "ref/netstandard1.1/ko/System.Net.Primitives.xml", + "ref/netstandard1.1/ru/System.Net.Primitives.xml", + "ref/netstandard1.1/zh-hans/System.Net.Primitives.xml", + "ref/netstandard1.1/zh-hant/System.Net.Primitives.xml", + "ref/netstandard1.3/System.Net.Primitives.dll", + "ref/netstandard1.3/System.Net.Primitives.xml", + "ref/netstandard1.3/de/System.Net.Primitives.xml", + "ref/netstandard1.3/es/System.Net.Primitives.xml", + "ref/netstandard1.3/fr/System.Net.Primitives.xml", + "ref/netstandard1.3/it/System.Net.Primitives.xml", + "ref/netstandard1.3/ja/System.Net.Primitives.xml", + "ref/netstandard1.3/ko/System.Net.Primitives.xml", + "ref/netstandard1.3/ru/System.Net.Primitives.xml", + "ref/netstandard1.3/zh-hans/System.Net.Primitives.xml", + "ref/netstandard1.3/zh-hant/System.Net.Primitives.xml", + "ref/portable-net45+win8+wp8+wpa81/_._", + "ref/win8/_._", + "ref/wp80/_._", + "ref/wpa81/_._", + "ref/xamarinios10/_._", + "ref/xamarinmac20/_._", + "ref/xamarintvos10/_._", + "ref/xamarinwatchos10/_._", + "system.net.primitives.4.3.1.nupkg.sha512", + "system.net.primitives.nuspec" + ] + }, + "System.Reactive/5.0.0": { + "sha512": "erBZjkQHWL9jpasCE/0qKAryzVBJFxGHVBAvgRN1bzM0q2s1S4oYREEEL0Vb+1kA/6BKb5FjUZMp5VXmy+gzkQ==", + "type": "package", + "path": "system.reactive/5.0.0", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "build/net5.0/_._", + "build/netcoreapp3.1/System.Reactive.dll", + "build/netcoreapp3.1/System.Reactive.targets", + "build/netcoreapp3.1/System.Reactive.xml", + "buildTransitive/net5.0/_._", + "buildTransitive/netcoreapp3.1/System.Reactive.targets", + "lib/net472/System.Reactive.dll", + "lib/net472/System.Reactive.xml", + "lib/net5.0-windows10.0.19041/System.Reactive.dll", + "lib/net5.0-windows10.0.19041/System.Reactive.xml", + "lib/net5.0/System.Reactive.dll", + "lib/net5.0/System.Reactive.xml", + "lib/netcoreapp3.1/_._", + "lib/netstandard2.0/System.Reactive.dll", + "lib/netstandard2.0/System.Reactive.xml", + "lib/uap10.0.16299/System.Reactive.dll", + "lib/uap10.0.16299/System.Reactive.pri", + "lib/uap10.0.16299/System.Reactive.xml", + "system.reactive.5.0.0.nupkg.sha512", + "system.reactive.nuspec" + ] + }, + "System.Reactive.Linq/5.0.0": { + "sha512": "IB4/qlV4T1WhZvM11RVoFUSZXPow9VWVeQ1uDkSKgz6bAO+gCf65H/vjrYlwyXmojSSxvfHndF9qdH43P/IuAw==", + "type": "package", + "path": "system.reactive.linq/5.0.0", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "lib/net472/System.Reactive.Linq.dll", + "lib/net472/System.Reactive.Linq.xml", + "lib/netstandard2.0/System.Reactive.Linq.dll", + "lib/netstandard2.0/System.Reactive.Linq.xml", + "lib/uap10.0.16299/System.Reactive.Linq.dll", + "lib/uap10.0.16299/System.Reactive.Linq.pri", + "lib/uap10.0.16299/System.Reactive.Linq.xml", + "system.reactive.linq.5.0.0.nupkg.sha512", + "system.reactive.linq.nuspec" + ] + }, + "System.Reflection/4.3.0": { + "sha512": "KMiAFoW7MfJGa9nDFNcfu+FpEdiHpWgTcS2HdMpDvt9saK3y/G4GwprPyzqjFH9NTaGPQeWNHU+iDlDILj96aQ==", + "type": "package", + "path": "system.reflection/4.3.0", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "lib/MonoAndroid10/_._", + "lib/MonoTouch10/_._", + "lib/net45/_._", + "lib/net462/System.Reflection.dll", + "lib/portable-net45+win8+wp8+wpa81/_._", + "lib/win8/_._", + "lib/wp80/_._", + "lib/wpa81/_._", + "lib/xamarinios10/_._", + "lib/xamarinmac20/_._", + "lib/xamarintvos10/_._", + "lib/xamarinwatchos10/_._", + "ref/MonoAndroid10/_._", + "ref/MonoTouch10/_._", + "ref/net45/_._", + "ref/net462/System.Reflection.dll", + "ref/netcore50/System.Reflection.dll", + "ref/netcore50/System.Reflection.xml", + "ref/netcore50/de/System.Reflection.xml", + "ref/netcore50/es/System.Reflection.xml", + "ref/netcore50/fr/System.Reflection.xml", + "ref/netcore50/it/System.Reflection.xml", + "ref/netcore50/ja/System.Reflection.xml", + "ref/netcore50/ko/System.Reflection.xml", + "ref/netcore50/ru/System.Reflection.xml", + "ref/netcore50/zh-hans/System.Reflection.xml", + "ref/netcore50/zh-hant/System.Reflection.xml", + "ref/netstandard1.0/System.Reflection.dll", + "ref/netstandard1.0/System.Reflection.xml", + "ref/netstandard1.0/de/System.Reflection.xml", + "ref/netstandard1.0/es/System.Reflection.xml", + "ref/netstandard1.0/fr/System.Reflection.xml", + "ref/netstandard1.0/it/System.Reflection.xml", + "ref/netstandard1.0/ja/System.Reflection.xml", + "ref/netstandard1.0/ko/System.Reflection.xml", + "ref/netstandard1.0/ru/System.Reflection.xml", + "ref/netstandard1.0/zh-hans/System.Reflection.xml", + "ref/netstandard1.0/zh-hant/System.Reflection.xml", + "ref/netstandard1.3/System.Reflection.dll", + "ref/netstandard1.3/System.Reflection.xml", + "ref/netstandard1.3/de/System.Reflection.xml", + "ref/netstandard1.3/es/System.Reflection.xml", + "ref/netstandard1.3/fr/System.Reflection.xml", + "ref/netstandard1.3/it/System.Reflection.xml", + "ref/netstandard1.3/ja/System.Reflection.xml", + "ref/netstandard1.3/ko/System.Reflection.xml", + "ref/netstandard1.3/ru/System.Reflection.xml", + "ref/netstandard1.3/zh-hans/System.Reflection.xml", + "ref/netstandard1.3/zh-hant/System.Reflection.xml", + "ref/netstandard1.5/System.Reflection.dll", + "ref/netstandard1.5/System.Reflection.xml", + "ref/netstandard1.5/de/System.Reflection.xml", + "ref/netstandard1.5/es/System.Reflection.xml", + "ref/netstandard1.5/fr/System.Reflection.xml", + "ref/netstandard1.5/it/System.Reflection.xml", + "ref/netstandard1.5/ja/System.Reflection.xml", + "ref/netstandard1.5/ko/System.Reflection.xml", + "ref/netstandard1.5/ru/System.Reflection.xml", + "ref/netstandard1.5/zh-hans/System.Reflection.xml", + "ref/netstandard1.5/zh-hant/System.Reflection.xml", + "ref/portable-net45+win8+wp8+wpa81/_._", + "ref/win8/_._", + "ref/wp80/_._", + "ref/wpa81/_._", + "ref/xamarinios10/_._", + "ref/xamarinmac20/_._", + "ref/xamarintvos10/_._", + "ref/xamarinwatchos10/_._", + "system.reflection.4.3.0.nupkg.sha512", + "system.reflection.nuspec" + ] + }, + "System.Reflection.Primitives/4.3.0": { + "sha512": "5RXItQz5As4xN2/YUDxdpsEkMhvw3e6aNveFXUn4Hl/udNTCNhnKp8lT9fnc3MhvGKh1baak5CovpuQUXHAlIA==", + "type": "package", + "path": "system.reflection.primitives/4.3.0", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "lib/MonoAndroid10/_._", + "lib/MonoTouch10/_._", + "lib/net45/_._", + "lib/portable-net45+win8+wp8+wpa81/_._", + "lib/win8/_._", + "lib/wp80/_._", + "lib/wpa81/_._", + "lib/xamarinios10/_._", + "lib/xamarinmac20/_._", + "lib/xamarintvos10/_._", + "lib/xamarinwatchos10/_._", + "ref/MonoAndroid10/_._", + "ref/MonoTouch10/_._", + "ref/net45/_._", + "ref/netcore50/System.Reflection.Primitives.dll", + "ref/netcore50/System.Reflection.Primitives.xml", + "ref/netcore50/de/System.Reflection.Primitives.xml", + "ref/netcore50/es/System.Reflection.Primitives.xml", + "ref/netcore50/fr/System.Reflection.Primitives.xml", + "ref/netcore50/it/System.Reflection.Primitives.xml", + "ref/netcore50/ja/System.Reflection.Primitives.xml", + "ref/netcore50/ko/System.Reflection.Primitives.xml", + "ref/netcore50/ru/System.Reflection.Primitives.xml", + "ref/netcore50/zh-hans/System.Reflection.Primitives.xml", + "ref/netcore50/zh-hant/System.Reflection.Primitives.xml", + "ref/netstandard1.0/System.Reflection.Primitives.dll", + "ref/netstandard1.0/System.Reflection.Primitives.xml", + "ref/netstandard1.0/de/System.Reflection.Primitives.xml", + "ref/netstandard1.0/es/System.Reflection.Primitives.xml", + "ref/netstandard1.0/fr/System.Reflection.Primitives.xml", + "ref/netstandard1.0/it/System.Reflection.Primitives.xml", + "ref/netstandard1.0/ja/System.Reflection.Primitives.xml", + "ref/netstandard1.0/ko/System.Reflection.Primitives.xml", + "ref/netstandard1.0/ru/System.Reflection.Primitives.xml", + "ref/netstandard1.0/zh-hans/System.Reflection.Primitives.xml", + "ref/netstandard1.0/zh-hant/System.Reflection.Primitives.xml", + "ref/portable-net45+win8+wp8+wpa81/_._", + "ref/win8/_._", + "ref/wp80/_._", + "ref/wpa81/_._", + "ref/xamarinios10/_._", + "ref/xamarinmac20/_._", + "ref/xamarintvos10/_._", + "ref/xamarinwatchos10/_._", + "system.reflection.primitives.4.3.0.nupkg.sha512", + "system.reflection.primitives.nuspec" + ] + }, + "System.Resources.ResourceManager/4.3.0": { + "sha512": "/zrcPkkWdZmI4F92gL/TPumP98AVDu/Wxr3CSJGQQ+XN6wbRZcyfSKVoPo17ilb3iOr0cCRqJInGwNMolqhS8A==", + "type": "package", + "path": "system.resources.resourcemanager/4.3.0", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "lib/MonoAndroid10/_._", + "lib/MonoTouch10/_._", + "lib/net45/_._", + "lib/portable-net45+win8+wp8+wpa81/_._", + "lib/win8/_._", + "lib/wp80/_._", + "lib/wpa81/_._", + "lib/xamarinios10/_._", + "lib/xamarinmac20/_._", + "lib/xamarintvos10/_._", + "lib/xamarinwatchos10/_._", + "ref/MonoAndroid10/_._", + "ref/MonoTouch10/_._", + "ref/net45/_._", + "ref/netcore50/System.Resources.ResourceManager.dll", + "ref/netcore50/System.Resources.ResourceManager.xml", + "ref/netcore50/de/System.Resources.ResourceManager.xml", + "ref/netcore50/es/System.Resources.ResourceManager.xml", + "ref/netcore50/fr/System.Resources.ResourceManager.xml", + "ref/netcore50/it/System.Resources.ResourceManager.xml", + "ref/netcore50/ja/System.Resources.ResourceManager.xml", + "ref/netcore50/ko/System.Resources.ResourceManager.xml", + "ref/netcore50/ru/System.Resources.ResourceManager.xml", + "ref/netcore50/zh-hans/System.Resources.ResourceManager.xml", + "ref/netcore50/zh-hant/System.Resources.ResourceManager.xml", + "ref/netstandard1.0/System.Resources.ResourceManager.dll", + "ref/netstandard1.0/System.Resources.ResourceManager.xml", + "ref/netstandard1.0/de/System.Resources.ResourceManager.xml", + "ref/netstandard1.0/es/System.Resources.ResourceManager.xml", + "ref/netstandard1.0/fr/System.Resources.ResourceManager.xml", + "ref/netstandard1.0/it/System.Resources.ResourceManager.xml", + "ref/netstandard1.0/ja/System.Resources.ResourceManager.xml", + "ref/netstandard1.0/ko/System.Resources.ResourceManager.xml", + "ref/netstandard1.0/ru/System.Resources.ResourceManager.xml", + "ref/netstandard1.0/zh-hans/System.Resources.ResourceManager.xml", + "ref/netstandard1.0/zh-hant/System.Resources.ResourceManager.xml", + "ref/portable-net45+win8+wp8+wpa81/_._", + "ref/win8/_._", + "ref/wp80/_._", + "ref/wpa81/_._", + "ref/xamarinios10/_._", + "ref/xamarinmac20/_._", + "ref/xamarintvos10/_._", + "ref/xamarinwatchos10/_._", + "system.resources.resourcemanager.4.3.0.nupkg.sha512", + "system.resources.resourcemanager.nuspec" + ] + }, + "System.Runtime/4.3.1": { + "sha512": "abhfv1dTK6NXOmu4bgHIONxHyEqFjW8HwXPmpY9gmll+ix9UNo4XDcmzJn6oLooftxNssVHdJC1pGT9jkSynQg==", + "type": "package", + "path": "system.runtime/4.3.1", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "lib/MonoAndroid10/_._", + "lib/MonoTouch10/_._", + "lib/net45/_._", + "lib/net462/System.Runtime.dll", + "lib/portable-net45+win8+wp80+wpa81/_._", + "lib/win8/_._", + "lib/wp80/_._", + "lib/wpa81/_._", + "lib/xamarinios10/_._", + "lib/xamarinmac20/_._", + "lib/xamarintvos10/_._", + "lib/xamarinwatchos10/_._", + "ref/MonoAndroid10/_._", + "ref/MonoTouch10/_._", + "ref/net45/_._", + "ref/net462/System.Runtime.dll", + "ref/netcore50/System.Runtime.dll", + "ref/netcore50/System.Runtime.xml", + "ref/netcore50/de/System.Runtime.xml", + "ref/netcore50/es/System.Runtime.xml", + "ref/netcore50/fr/System.Runtime.xml", + "ref/netcore50/it/System.Runtime.xml", + "ref/netcore50/ja/System.Runtime.xml", + "ref/netcore50/ko/System.Runtime.xml", + "ref/netcore50/ru/System.Runtime.xml", + "ref/netcore50/zh-hans/System.Runtime.xml", + "ref/netcore50/zh-hant/System.Runtime.xml", + "ref/netstandard1.0/System.Runtime.dll", + "ref/netstandard1.0/System.Runtime.xml", + "ref/netstandard1.0/de/System.Runtime.xml", + "ref/netstandard1.0/es/System.Runtime.xml", + "ref/netstandard1.0/fr/System.Runtime.xml", + "ref/netstandard1.0/it/System.Runtime.xml", + "ref/netstandard1.0/ja/System.Runtime.xml", + "ref/netstandard1.0/ko/System.Runtime.xml", + "ref/netstandard1.0/ru/System.Runtime.xml", + "ref/netstandard1.0/zh-hans/System.Runtime.xml", + "ref/netstandard1.0/zh-hant/System.Runtime.xml", + "ref/netstandard1.2/System.Runtime.dll", + "ref/netstandard1.2/System.Runtime.xml", + "ref/netstandard1.2/de/System.Runtime.xml", + "ref/netstandard1.2/es/System.Runtime.xml", + "ref/netstandard1.2/fr/System.Runtime.xml", + "ref/netstandard1.2/it/System.Runtime.xml", + "ref/netstandard1.2/ja/System.Runtime.xml", + "ref/netstandard1.2/ko/System.Runtime.xml", + "ref/netstandard1.2/ru/System.Runtime.xml", + "ref/netstandard1.2/zh-hans/System.Runtime.xml", + "ref/netstandard1.2/zh-hant/System.Runtime.xml", + "ref/netstandard1.3/System.Runtime.dll", + "ref/netstandard1.3/System.Runtime.xml", + "ref/netstandard1.3/de/System.Runtime.xml", + "ref/netstandard1.3/es/System.Runtime.xml", + "ref/netstandard1.3/fr/System.Runtime.xml", + "ref/netstandard1.3/it/System.Runtime.xml", + "ref/netstandard1.3/ja/System.Runtime.xml", + "ref/netstandard1.3/ko/System.Runtime.xml", + "ref/netstandard1.3/ru/System.Runtime.xml", + "ref/netstandard1.3/zh-hans/System.Runtime.xml", + "ref/netstandard1.3/zh-hant/System.Runtime.xml", + "ref/netstandard1.5/System.Runtime.dll", + "ref/netstandard1.5/System.Runtime.xml", + "ref/netstandard1.5/de/System.Runtime.xml", + "ref/netstandard1.5/es/System.Runtime.xml", + "ref/netstandard1.5/fr/System.Runtime.xml", + "ref/netstandard1.5/it/System.Runtime.xml", + "ref/netstandard1.5/ja/System.Runtime.xml", + "ref/netstandard1.5/ko/System.Runtime.xml", + "ref/netstandard1.5/ru/System.Runtime.xml", + "ref/netstandard1.5/zh-hans/System.Runtime.xml", + "ref/netstandard1.5/zh-hant/System.Runtime.xml", + "ref/portable-net45+win8+wp80+wpa81/_._", + "ref/win8/_._", + "ref/wp80/_._", + "ref/wpa81/_._", + "ref/xamarinios10/_._", + "ref/xamarinmac20/_._", + "ref/xamarintvos10/_._", + "ref/xamarinwatchos10/_._", + "system.runtime.4.3.1.nupkg.sha512", + "system.runtime.nuspec" + ] + }, + "System.Runtime.Extensions/4.3.0": { + "sha512": "guW0uK0fn5fcJJ1tJVXYd7/1h5F+pea1r7FLSOz/f8vPEqbR2ZAknuRDvTQ8PzAilDveOxNjSfr0CHfIQfFk8g==", + "type": "package", + "path": "system.runtime.extensions/4.3.0", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "lib/MonoAndroid10/_._", + "lib/MonoTouch10/_._", + "lib/net45/_._", + "lib/net462/System.Runtime.Extensions.dll", + "lib/portable-net45+win8+wp8+wpa81/_._", + "lib/win8/_._", + "lib/wp80/_._", + "lib/wpa81/_._", + "lib/xamarinios10/_._", + "lib/xamarinmac20/_._", + "lib/xamarintvos10/_._", + "lib/xamarinwatchos10/_._", + "ref/MonoAndroid10/_._", + "ref/MonoTouch10/_._", + "ref/net45/_._", + "ref/net462/System.Runtime.Extensions.dll", + "ref/netcore50/System.Runtime.Extensions.dll", + "ref/netcore50/System.Runtime.Extensions.xml", + "ref/netcore50/de/System.Runtime.Extensions.xml", + "ref/netcore50/es/System.Runtime.Extensions.xml", + "ref/netcore50/fr/System.Runtime.Extensions.xml", + "ref/netcore50/it/System.Runtime.Extensions.xml", + "ref/netcore50/ja/System.Runtime.Extensions.xml", + "ref/netcore50/ko/System.Runtime.Extensions.xml", + "ref/netcore50/ru/System.Runtime.Extensions.xml", + "ref/netcore50/zh-hans/System.Runtime.Extensions.xml", + "ref/netcore50/zh-hant/System.Runtime.Extensions.xml", + "ref/netstandard1.0/System.Runtime.Extensions.dll", + "ref/netstandard1.0/System.Runtime.Extensions.xml", + "ref/netstandard1.0/de/System.Runtime.Extensions.xml", + "ref/netstandard1.0/es/System.Runtime.Extensions.xml", + "ref/netstandard1.0/fr/System.Runtime.Extensions.xml", + "ref/netstandard1.0/it/System.Runtime.Extensions.xml", + "ref/netstandard1.0/ja/System.Runtime.Extensions.xml", + "ref/netstandard1.0/ko/System.Runtime.Extensions.xml", + "ref/netstandard1.0/ru/System.Runtime.Extensions.xml", + "ref/netstandard1.0/zh-hans/System.Runtime.Extensions.xml", + "ref/netstandard1.0/zh-hant/System.Runtime.Extensions.xml", + "ref/netstandard1.3/System.Runtime.Extensions.dll", + "ref/netstandard1.3/System.Runtime.Extensions.xml", + "ref/netstandard1.3/de/System.Runtime.Extensions.xml", + "ref/netstandard1.3/es/System.Runtime.Extensions.xml", + "ref/netstandard1.3/fr/System.Runtime.Extensions.xml", + "ref/netstandard1.3/it/System.Runtime.Extensions.xml", + "ref/netstandard1.3/ja/System.Runtime.Extensions.xml", + "ref/netstandard1.3/ko/System.Runtime.Extensions.xml", + "ref/netstandard1.3/ru/System.Runtime.Extensions.xml", + "ref/netstandard1.3/zh-hans/System.Runtime.Extensions.xml", + "ref/netstandard1.3/zh-hant/System.Runtime.Extensions.xml", + "ref/netstandard1.5/System.Runtime.Extensions.dll", + "ref/netstandard1.5/System.Runtime.Extensions.xml", + "ref/netstandard1.5/de/System.Runtime.Extensions.xml", + "ref/netstandard1.5/es/System.Runtime.Extensions.xml", + "ref/netstandard1.5/fr/System.Runtime.Extensions.xml", + "ref/netstandard1.5/it/System.Runtime.Extensions.xml", + "ref/netstandard1.5/ja/System.Runtime.Extensions.xml", + "ref/netstandard1.5/ko/System.Runtime.Extensions.xml", + "ref/netstandard1.5/ru/System.Runtime.Extensions.xml", + "ref/netstandard1.5/zh-hans/System.Runtime.Extensions.xml", + "ref/netstandard1.5/zh-hant/System.Runtime.Extensions.xml", + "ref/portable-net45+win8+wp8+wpa81/_._", + "ref/win8/_._", + "ref/wp80/_._", + "ref/wpa81/_._", + "ref/xamarinios10/_._", + "ref/xamarinmac20/_._", + "ref/xamarintvos10/_._", + "ref/xamarinwatchos10/_._", + "system.runtime.extensions.4.3.0.nupkg.sha512", + "system.runtime.extensions.nuspec" + ] + }, + "System.Runtime.Handles/4.3.0": { + "sha512": "OKiSUN7DmTWeYb3l51A7EYaeNMnvxwE249YtZz7yooT4gOZhmTjIn48KgSsw2k2lYdLgTKNJw/ZIfSElwDRVgg==", + "type": "package", + "path": "system.runtime.handles/4.3.0", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "lib/MonoAndroid10/_._", + "lib/MonoTouch10/_._", + "lib/net46/_._", + "lib/xamarinios10/_._", + "lib/xamarinmac20/_._", + "lib/xamarintvos10/_._", + "lib/xamarinwatchos10/_._", + "ref/MonoAndroid10/_._", + "ref/MonoTouch10/_._", + "ref/net46/_._", + "ref/netstandard1.3/System.Runtime.Handles.dll", + "ref/netstandard1.3/System.Runtime.Handles.xml", + "ref/netstandard1.3/de/System.Runtime.Handles.xml", + "ref/netstandard1.3/es/System.Runtime.Handles.xml", + "ref/netstandard1.3/fr/System.Runtime.Handles.xml", + "ref/netstandard1.3/it/System.Runtime.Handles.xml", + "ref/netstandard1.3/ja/System.Runtime.Handles.xml", + "ref/netstandard1.3/ko/System.Runtime.Handles.xml", + "ref/netstandard1.3/ru/System.Runtime.Handles.xml", + "ref/netstandard1.3/zh-hans/System.Runtime.Handles.xml", + "ref/netstandard1.3/zh-hant/System.Runtime.Handles.xml", + "ref/xamarinios10/_._", + "ref/xamarinmac20/_._", + "ref/xamarintvos10/_._", + "ref/xamarinwatchos10/_._", + "system.runtime.handles.4.3.0.nupkg.sha512", + "system.runtime.handles.nuspec" + ] + }, + "System.Runtime.InteropServices/4.3.0": { + "sha512": "uv1ynXqiMK8mp1GM3jDqPCFN66eJ5w5XNomaK2XD+TuCroNTLFGeZ+WCmBMcBDyTFKou3P6cR6J/QsaqDp7fGQ==", + "type": "package", + "path": "system.runtime.interopservices/4.3.0", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "lib/MonoAndroid10/_._", + "lib/MonoTouch10/_._", + "lib/net45/_._", + "lib/net462/System.Runtime.InteropServices.dll", + "lib/net463/System.Runtime.InteropServices.dll", + "lib/portable-net45+win8+wpa81/_._", + "lib/win8/_._", + "lib/wpa81/_._", + "lib/xamarinios10/_._", + "lib/xamarinmac20/_._", + "lib/xamarintvos10/_._", + "lib/xamarinwatchos10/_._", + "ref/MonoAndroid10/_._", + "ref/MonoTouch10/_._", + "ref/net45/_._", + "ref/net462/System.Runtime.InteropServices.dll", + "ref/net463/System.Runtime.InteropServices.dll", + "ref/netcore50/System.Runtime.InteropServices.dll", + "ref/netcore50/System.Runtime.InteropServices.xml", + "ref/netcore50/de/System.Runtime.InteropServices.xml", + "ref/netcore50/es/System.Runtime.InteropServices.xml", + "ref/netcore50/fr/System.Runtime.InteropServices.xml", + "ref/netcore50/it/System.Runtime.InteropServices.xml", + "ref/netcore50/ja/System.Runtime.InteropServices.xml", + "ref/netcore50/ko/System.Runtime.InteropServices.xml", + "ref/netcore50/ru/System.Runtime.InteropServices.xml", + "ref/netcore50/zh-hans/System.Runtime.InteropServices.xml", + "ref/netcore50/zh-hant/System.Runtime.InteropServices.xml", + "ref/netcoreapp1.1/System.Runtime.InteropServices.dll", + "ref/netstandard1.1/System.Runtime.InteropServices.dll", + "ref/netstandard1.1/System.Runtime.InteropServices.xml", + "ref/netstandard1.1/de/System.Runtime.InteropServices.xml", + "ref/netstandard1.1/es/System.Runtime.InteropServices.xml", + "ref/netstandard1.1/fr/System.Runtime.InteropServices.xml", + "ref/netstandard1.1/it/System.Runtime.InteropServices.xml", + "ref/netstandard1.1/ja/System.Runtime.InteropServices.xml", + "ref/netstandard1.1/ko/System.Runtime.InteropServices.xml", + "ref/netstandard1.1/ru/System.Runtime.InteropServices.xml", + "ref/netstandard1.1/zh-hans/System.Runtime.InteropServices.xml", + "ref/netstandard1.1/zh-hant/System.Runtime.InteropServices.xml", + "ref/netstandard1.2/System.Runtime.InteropServices.dll", + "ref/netstandard1.2/System.Runtime.InteropServices.xml", + "ref/netstandard1.2/de/System.Runtime.InteropServices.xml", + "ref/netstandard1.2/es/System.Runtime.InteropServices.xml", + "ref/netstandard1.2/fr/System.Runtime.InteropServices.xml", + "ref/netstandard1.2/it/System.Runtime.InteropServices.xml", + "ref/netstandard1.2/ja/System.Runtime.InteropServices.xml", + "ref/netstandard1.2/ko/System.Runtime.InteropServices.xml", + "ref/netstandard1.2/ru/System.Runtime.InteropServices.xml", + "ref/netstandard1.2/zh-hans/System.Runtime.InteropServices.xml", + "ref/netstandard1.2/zh-hant/System.Runtime.InteropServices.xml", + "ref/netstandard1.3/System.Runtime.InteropServices.dll", + "ref/netstandard1.3/System.Runtime.InteropServices.xml", + "ref/netstandard1.3/de/System.Runtime.InteropServices.xml", + "ref/netstandard1.3/es/System.Runtime.InteropServices.xml", + "ref/netstandard1.3/fr/System.Runtime.InteropServices.xml", + "ref/netstandard1.3/it/System.Runtime.InteropServices.xml", + "ref/netstandard1.3/ja/System.Runtime.InteropServices.xml", + "ref/netstandard1.3/ko/System.Runtime.InteropServices.xml", + "ref/netstandard1.3/ru/System.Runtime.InteropServices.xml", + "ref/netstandard1.3/zh-hans/System.Runtime.InteropServices.xml", + "ref/netstandard1.3/zh-hant/System.Runtime.InteropServices.xml", + "ref/netstandard1.5/System.Runtime.InteropServices.dll", + "ref/netstandard1.5/System.Runtime.InteropServices.xml", + "ref/netstandard1.5/de/System.Runtime.InteropServices.xml", + "ref/netstandard1.5/es/System.Runtime.InteropServices.xml", + "ref/netstandard1.5/fr/System.Runtime.InteropServices.xml", + "ref/netstandard1.5/it/System.Runtime.InteropServices.xml", + "ref/netstandard1.5/ja/System.Runtime.InteropServices.xml", + "ref/netstandard1.5/ko/System.Runtime.InteropServices.xml", + "ref/netstandard1.5/ru/System.Runtime.InteropServices.xml", + "ref/netstandard1.5/zh-hans/System.Runtime.InteropServices.xml", + "ref/netstandard1.5/zh-hant/System.Runtime.InteropServices.xml", + "ref/portable-net45+win8+wpa81/_._", + "ref/win8/_._", + "ref/wpa81/_._", + "ref/xamarinios10/_._", + "ref/xamarinmac20/_._", + "ref/xamarintvos10/_._", + "ref/xamarinwatchos10/_._", + "system.runtime.interopservices.4.3.0.nupkg.sha512", + "system.runtime.interopservices.nuspec" + ] + }, + "System.Runtime.Numerics/4.3.0": { + "sha512": "yMH+MfdzHjy17l2KESnPiF2dwq7T+xLnSJar7slyimAkUh/gTrS9/UQOtv7xarskJ2/XDSNvfLGOBQPjL7PaHQ==", + "type": "package", + "path": "system.runtime.numerics/4.3.0", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "lib/MonoAndroid10/_._", + "lib/MonoTouch10/_._", + "lib/net45/_._", + "lib/netcore50/System.Runtime.Numerics.dll", + "lib/netstandard1.3/System.Runtime.Numerics.dll", + "lib/portable-net45+win8+wpa81/_._", + "lib/win8/_._", + "lib/wpa81/_._", + "lib/xamarinios10/_._", + "lib/xamarinmac20/_._", + "lib/xamarintvos10/_._", + "lib/xamarinwatchos10/_._", + "ref/MonoAndroid10/_._", + "ref/MonoTouch10/_._", + "ref/net45/_._", + "ref/netcore50/System.Runtime.Numerics.dll", + "ref/netcore50/System.Runtime.Numerics.xml", + "ref/netcore50/de/System.Runtime.Numerics.xml", + "ref/netcore50/es/System.Runtime.Numerics.xml", + "ref/netcore50/fr/System.Runtime.Numerics.xml", + "ref/netcore50/it/System.Runtime.Numerics.xml", + "ref/netcore50/ja/System.Runtime.Numerics.xml", + "ref/netcore50/ko/System.Runtime.Numerics.xml", + "ref/netcore50/ru/System.Runtime.Numerics.xml", + "ref/netcore50/zh-hans/System.Runtime.Numerics.xml", + "ref/netcore50/zh-hant/System.Runtime.Numerics.xml", + "ref/netstandard1.1/System.Runtime.Numerics.dll", + "ref/netstandard1.1/System.Runtime.Numerics.xml", + "ref/netstandard1.1/de/System.Runtime.Numerics.xml", + "ref/netstandard1.1/es/System.Runtime.Numerics.xml", + "ref/netstandard1.1/fr/System.Runtime.Numerics.xml", + "ref/netstandard1.1/it/System.Runtime.Numerics.xml", + "ref/netstandard1.1/ja/System.Runtime.Numerics.xml", + "ref/netstandard1.1/ko/System.Runtime.Numerics.xml", + "ref/netstandard1.1/ru/System.Runtime.Numerics.xml", + "ref/netstandard1.1/zh-hans/System.Runtime.Numerics.xml", + "ref/netstandard1.1/zh-hant/System.Runtime.Numerics.xml", + "ref/portable-net45+win8+wpa81/_._", + "ref/win8/_._", + "ref/wpa81/_._", + "ref/xamarinios10/_._", + "ref/xamarinmac20/_._", + "ref/xamarintvos10/_._", + "ref/xamarinwatchos10/_._", + "system.runtime.numerics.4.3.0.nupkg.sha512", + "system.runtime.numerics.nuspec" + ] + }, + "System.Security.Cryptography.Algorithms/4.3.0": { + "sha512": "W1kd2Y8mYSCgc3ULTAZ0hOP2dSdG5YauTb1089T0/kRcN2MpSAW1izOFROrJgxSlMn3ArsgHXagigyi+ibhevg==", + "type": "package", + "path": "system.security.cryptography.algorithms/4.3.0", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "lib/MonoAndroid10/_._", + "lib/MonoTouch10/_._", + "lib/net46/System.Security.Cryptography.Algorithms.dll", + "lib/net461/System.Security.Cryptography.Algorithms.dll", + "lib/net463/System.Security.Cryptography.Algorithms.dll", + "lib/xamarinios10/_._", + "lib/xamarinmac20/_._", + "lib/xamarintvos10/_._", + "lib/xamarinwatchos10/_._", + "ref/MonoAndroid10/_._", + "ref/MonoTouch10/_._", + "ref/net46/System.Security.Cryptography.Algorithms.dll", + "ref/net461/System.Security.Cryptography.Algorithms.dll", + "ref/net463/System.Security.Cryptography.Algorithms.dll", + "ref/netstandard1.3/System.Security.Cryptography.Algorithms.dll", + "ref/netstandard1.4/System.Security.Cryptography.Algorithms.dll", + "ref/netstandard1.6/System.Security.Cryptography.Algorithms.dll", + "ref/xamarinios10/_._", + "ref/xamarinmac20/_._", + "ref/xamarintvos10/_._", + "ref/xamarinwatchos10/_._", + "runtimes/osx/lib/netstandard1.6/System.Security.Cryptography.Algorithms.dll", + "runtimes/unix/lib/netstandard1.6/System.Security.Cryptography.Algorithms.dll", + "runtimes/win/lib/net46/System.Security.Cryptography.Algorithms.dll", + "runtimes/win/lib/net461/System.Security.Cryptography.Algorithms.dll", + "runtimes/win/lib/net463/System.Security.Cryptography.Algorithms.dll", + "runtimes/win/lib/netcore50/System.Security.Cryptography.Algorithms.dll", + "runtimes/win/lib/netstandard1.6/System.Security.Cryptography.Algorithms.dll", + "system.security.cryptography.algorithms.4.3.0.nupkg.sha512", + "system.security.cryptography.algorithms.nuspec" + ] + }, + "System.Security.Cryptography.Cng/4.3.0": { + "sha512": "03idZOqFlsKRL4W+LuCpJ6dBYDUWReug6lZjBa3uJWnk5sPCUXckocevTaUA8iT/MFSrY/2HXkOt753xQ/cf8g==", + "type": "package", + "path": "system.security.cryptography.cng/4.3.0", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "lib/net46/System.Security.Cryptography.Cng.dll", + "lib/net461/System.Security.Cryptography.Cng.dll", + "lib/net463/System.Security.Cryptography.Cng.dll", + "ref/net46/System.Security.Cryptography.Cng.dll", + "ref/net461/System.Security.Cryptography.Cng.dll", + "ref/net463/System.Security.Cryptography.Cng.dll", + "ref/netstandard1.3/System.Security.Cryptography.Cng.dll", + "ref/netstandard1.4/System.Security.Cryptography.Cng.dll", + "ref/netstandard1.6/System.Security.Cryptography.Cng.dll", + "runtimes/unix/lib/netstandard1.6/System.Security.Cryptography.Cng.dll", + "runtimes/win/lib/net46/System.Security.Cryptography.Cng.dll", + "runtimes/win/lib/net461/System.Security.Cryptography.Cng.dll", + "runtimes/win/lib/net463/System.Security.Cryptography.Cng.dll", + "runtimes/win/lib/netstandard1.4/System.Security.Cryptography.Cng.dll", + "runtimes/win/lib/netstandard1.6/System.Security.Cryptography.Cng.dll", + "system.security.cryptography.cng.4.3.0.nupkg.sha512", + "system.security.cryptography.cng.nuspec" + ] + }, + "System.Security.Cryptography.Csp/4.3.0": { + "sha512": "X4s/FCkEUnRGnwR3aSfVIkldBmtURMhmexALNTwpjklzxWU7yjMk7GHLKOZTNkgnWnE0q7+BCf9N2LVRWxewaA==", + "type": "package", + "path": "system.security.cryptography.csp/4.3.0", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "lib/MonoAndroid10/_._", + "lib/MonoTouch10/_._", + "lib/net46/System.Security.Cryptography.Csp.dll", + "lib/xamarinios10/_._", + "lib/xamarinmac20/_._", + "lib/xamarintvos10/_._", + "lib/xamarinwatchos10/_._", + "ref/MonoAndroid10/_._", + "ref/MonoTouch10/_._", + "ref/net46/System.Security.Cryptography.Csp.dll", + "ref/netstandard1.3/System.Security.Cryptography.Csp.dll", + "ref/xamarinios10/_._", + "ref/xamarinmac20/_._", + "ref/xamarintvos10/_._", + "ref/xamarinwatchos10/_._", + "runtimes/unix/lib/netstandard1.3/System.Security.Cryptography.Csp.dll", + "runtimes/win/lib/net46/System.Security.Cryptography.Csp.dll", + "runtimes/win/lib/netcore50/_._", + "runtimes/win/lib/netstandard1.3/System.Security.Cryptography.Csp.dll", + "system.security.cryptography.csp.4.3.0.nupkg.sha512", + "system.security.cryptography.csp.nuspec" + ] + }, + "System.Security.Cryptography.Encoding/4.3.0": { + "sha512": "1DEWjZZly9ae9C79vFwqaO5kaOlI5q+3/55ohmq/7dpDyDfc8lYe7YVxJUZ5MF/NtbkRjwFRo14yM4OEo9EmDw==", + "type": "package", + "path": "system.security.cryptography.encoding/4.3.0", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "lib/MonoAndroid10/_._", + "lib/MonoTouch10/_._", + "lib/net46/System.Security.Cryptography.Encoding.dll", + "lib/xamarinios10/_._", + "lib/xamarinmac20/_._", + "lib/xamarintvos10/_._", + "lib/xamarinwatchos10/_._", + "ref/MonoAndroid10/_._", + "ref/MonoTouch10/_._", + "ref/net46/System.Security.Cryptography.Encoding.dll", + "ref/netstandard1.3/System.Security.Cryptography.Encoding.dll", + "ref/netstandard1.3/System.Security.Cryptography.Encoding.xml", + "ref/netstandard1.3/de/System.Security.Cryptography.Encoding.xml", + "ref/netstandard1.3/es/System.Security.Cryptography.Encoding.xml", + "ref/netstandard1.3/fr/System.Security.Cryptography.Encoding.xml", + "ref/netstandard1.3/it/System.Security.Cryptography.Encoding.xml", + "ref/netstandard1.3/ja/System.Security.Cryptography.Encoding.xml", + "ref/netstandard1.3/ko/System.Security.Cryptography.Encoding.xml", + "ref/netstandard1.3/ru/System.Security.Cryptography.Encoding.xml", + "ref/netstandard1.3/zh-hans/System.Security.Cryptography.Encoding.xml", + "ref/netstandard1.3/zh-hant/System.Security.Cryptography.Encoding.xml", + "ref/xamarinios10/_._", + "ref/xamarinmac20/_._", + "ref/xamarintvos10/_._", + "ref/xamarinwatchos10/_._", + "runtimes/unix/lib/netstandard1.3/System.Security.Cryptography.Encoding.dll", + "runtimes/win/lib/net46/System.Security.Cryptography.Encoding.dll", + "runtimes/win/lib/netstandard1.3/System.Security.Cryptography.Encoding.dll", + "system.security.cryptography.encoding.4.3.0.nupkg.sha512", + "system.security.cryptography.encoding.nuspec" + ] + }, + "System.Security.Cryptography.OpenSsl/4.3.0": { + "sha512": "h4CEgOgv5PKVF/HwaHzJRiVboL2THYCou97zpmhjghx5frc7fIvlkY1jL+lnIQyChrJDMNEXS6r7byGif8Cy4w==", + "type": "package", + "path": "system.security.cryptography.openssl/4.3.0", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "lib/netstandard1.6/System.Security.Cryptography.OpenSsl.dll", + "ref/netstandard1.6/System.Security.Cryptography.OpenSsl.dll", + "runtimes/unix/lib/netstandard1.6/System.Security.Cryptography.OpenSsl.dll", + "system.security.cryptography.openssl.4.3.0.nupkg.sha512", + "system.security.cryptography.openssl.nuspec" + ] + }, + "System.Security.Cryptography.Primitives/4.3.0": { + "sha512": "7bDIyVFNL/xKeFHjhobUAQqSpJq9YTOpbEs6mR233Et01STBMXNAc/V+BM6dwYGc95gVh/Zf+iVXWzj3mE8DWg==", + "type": "package", + "path": "system.security.cryptography.primitives/4.3.0", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "lib/MonoAndroid10/_._", + "lib/MonoTouch10/_._", + "lib/net46/System.Security.Cryptography.Primitives.dll", + "lib/netstandard1.3/System.Security.Cryptography.Primitives.dll", + "lib/xamarinios10/_._", + "lib/xamarinmac20/_._", + "lib/xamarintvos10/_._", + "lib/xamarinwatchos10/_._", + "ref/MonoAndroid10/_._", + "ref/MonoTouch10/_._", + "ref/net46/System.Security.Cryptography.Primitives.dll", + "ref/netstandard1.3/System.Security.Cryptography.Primitives.dll", + "ref/xamarinios10/_._", + "ref/xamarinmac20/_._", + "ref/xamarintvos10/_._", + "ref/xamarinwatchos10/_._", + "system.security.cryptography.primitives.4.3.0.nupkg.sha512", + "system.security.cryptography.primitives.nuspec" + ] + }, + "System.Security.Cryptography.X509Certificates/4.3.0": { + "sha512": "t2Tmu6Y2NtJ2um0RtcuhP7ZdNNxXEgUm2JeoA/0NvlMjAhKCnM1NX07TDl3244mVp3QU6LPEhT3HTtH1uF7IYw==", + "type": "package", + "path": "system.security.cryptography.x509certificates/4.3.0", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "lib/MonoAndroid10/_._", + "lib/MonoTouch10/_._", + "lib/net46/System.Security.Cryptography.X509Certificates.dll", + "lib/net461/System.Security.Cryptography.X509Certificates.dll", + "lib/xamarinios10/_._", + "lib/xamarinmac20/_._", + "lib/xamarintvos10/_._", + "lib/xamarinwatchos10/_._", + "ref/MonoAndroid10/_._", + "ref/MonoTouch10/_._", + "ref/net46/System.Security.Cryptography.X509Certificates.dll", + "ref/net461/System.Security.Cryptography.X509Certificates.dll", + "ref/netstandard1.3/System.Security.Cryptography.X509Certificates.dll", + "ref/netstandard1.3/System.Security.Cryptography.X509Certificates.xml", + "ref/netstandard1.3/de/System.Security.Cryptography.X509Certificates.xml", + "ref/netstandard1.3/es/System.Security.Cryptography.X509Certificates.xml", + "ref/netstandard1.3/fr/System.Security.Cryptography.X509Certificates.xml", + "ref/netstandard1.3/it/System.Security.Cryptography.X509Certificates.xml", + "ref/netstandard1.3/ja/System.Security.Cryptography.X509Certificates.xml", + "ref/netstandard1.3/ko/System.Security.Cryptography.X509Certificates.xml", + "ref/netstandard1.3/ru/System.Security.Cryptography.X509Certificates.xml", + "ref/netstandard1.3/zh-hans/System.Security.Cryptography.X509Certificates.xml", + "ref/netstandard1.3/zh-hant/System.Security.Cryptography.X509Certificates.xml", + "ref/netstandard1.4/System.Security.Cryptography.X509Certificates.dll", + "ref/netstandard1.4/System.Security.Cryptography.X509Certificates.xml", + "ref/netstandard1.4/de/System.Security.Cryptography.X509Certificates.xml", + "ref/netstandard1.4/es/System.Security.Cryptography.X509Certificates.xml", + "ref/netstandard1.4/fr/System.Security.Cryptography.X509Certificates.xml", + "ref/netstandard1.4/it/System.Security.Cryptography.X509Certificates.xml", + "ref/netstandard1.4/ja/System.Security.Cryptography.X509Certificates.xml", + "ref/netstandard1.4/ko/System.Security.Cryptography.X509Certificates.xml", + "ref/netstandard1.4/ru/System.Security.Cryptography.X509Certificates.xml", + "ref/netstandard1.4/zh-hans/System.Security.Cryptography.X509Certificates.xml", + "ref/netstandard1.4/zh-hant/System.Security.Cryptography.X509Certificates.xml", + "ref/xamarinios10/_._", + "ref/xamarinmac20/_._", + "ref/xamarintvos10/_._", + "ref/xamarinwatchos10/_._", + "runtimes/unix/lib/netstandard1.6/System.Security.Cryptography.X509Certificates.dll", + "runtimes/win/lib/net46/System.Security.Cryptography.X509Certificates.dll", + "runtimes/win/lib/net461/System.Security.Cryptography.X509Certificates.dll", + "runtimes/win/lib/netcore50/System.Security.Cryptography.X509Certificates.dll", + "runtimes/win/lib/netstandard1.6/System.Security.Cryptography.X509Certificates.dll", + "system.security.cryptography.x509certificates.4.3.0.nupkg.sha512", + "system.security.cryptography.x509certificates.nuspec" + ] + }, + "System.Text.Encoding/4.3.0": { + "sha512": "BiIg+KWaSDOITze6jGQynxg64naAPtqGHBwDrLaCtixsa5bKiR8dpPOHA7ge3C0JJQizJE+sfkz1wV+BAKAYZw==", + "type": "package", + "path": "system.text.encoding/4.3.0", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "lib/MonoAndroid10/_._", + "lib/MonoTouch10/_._", + "lib/net45/_._", + "lib/portable-net45+win8+wp8+wpa81/_._", + "lib/win8/_._", + "lib/wp80/_._", + "lib/wpa81/_._", + "lib/xamarinios10/_._", + "lib/xamarinmac20/_._", + "lib/xamarintvos10/_._", + "lib/xamarinwatchos10/_._", + "ref/MonoAndroid10/_._", + "ref/MonoTouch10/_._", + "ref/net45/_._", + "ref/netcore50/System.Text.Encoding.dll", + "ref/netcore50/System.Text.Encoding.xml", + "ref/netcore50/de/System.Text.Encoding.xml", + "ref/netcore50/es/System.Text.Encoding.xml", + "ref/netcore50/fr/System.Text.Encoding.xml", + "ref/netcore50/it/System.Text.Encoding.xml", + "ref/netcore50/ja/System.Text.Encoding.xml", + "ref/netcore50/ko/System.Text.Encoding.xml", + "ref/netcore50/ru/System.Text.Encoding.xml", + "ref/netcore50/zh-hans/System.Text.Encoding.xml", + "ref/netcore50/zh-hant/System.Text.Encoding.xml", + "ref/netstandard1.0/System.Text.Encoding.dll", + "ref/netstandard1.0/System.Text.Encoding.xml", + "ref/netstandard1.0/de/System.Text.Encoding.xml", + "ref/netstandard1.0/es/System.Text.Encoding.xml", + "ref/netstandard1.0/fr/System.Text.Encoding.xml", + "ref/netstandard1.0/it/System.Text.Encoding.xml", + "ref/netstandard1.0/ja/System.Text.Encoding.xml", + "ref/netstandard1.0/ko/System.Text.Encoding.xml", + "ref/netstandard1.0/ru/System.Text.Encoding.xml", + "ref/netstandard1.0/zh-hans/System.Text.Encoding.xml", + "ref/netstandard1.0/zh-hant/System.Text.Encoding.xml", + "ref/netstandard1.3/System.Text.Encoding.dll", + "ref/netstandard1.3/System.Text.Encoding.xml", + "ref/netstandard1.3/de/System.Text.Encoding.xml", + "ref/netstandard1.3/es/System.Text.Encoding.xml", + "ref/netstandard1.3/fr/System.Text.Encoding.xml", + "ref/netstandard1.3/it/System.Text.Encoding.xml", + "ref/netstandard1.3/ja/System.Text.Encoding.xml", + "ref/netstandard1.3/ko/System.Text.Encoding.xml", + "ref/netstandard1.3/ru/System.Text.Encoding.xml", + "ref/netstandard1.3/zh-hans/System.Text.Encoding.xml", + "ref/netstandard1.3/zh-hant/System.Text.Encoding.xml", + "ref/portable-net45+win8+wp8+wpa81/_._", + "ref/win8/_._", + "ref/wp80/_._", + "ref/wpa81/_._", + "ref/xamarinios10/_._", + "ref/xamarinmac20/_._", + "ref/xamarintvos10/_._", + "ref/xamarinwatchos10/_._", + "system.text.encoding.4.3.0.nupkg.sha512", + "system.text.encoding.nuspec" + ] + }, + "System.Threading/4.3.0": { + "sha512": "VkUS0kOBcUf3Wwm0TSbrevDDZ6BlM+b/HRiapRFWjM5O0NS0LviG0glKmFK+hhPDd1XFeSdU1GmlLhb2CoVpIw==", + "type": "package", + "path": "system.threading/4.3.0", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "lib/MonoAndroid10/_._", + "lib/MonoTouch10/_._", + "lib/net45/_._", + "lib/netcore50/System.Threading.dll", + "lib/netstandard1.3/System.Threading.dll", + "lib/portable-net45+win8+wp8+wpa81/_._", + "lib/win8/_._", + "lib/wp80/_._", + "lib/wpa81/_._", + "lib/xamarinios10/_._", + "lib/xamarinmac20/_._", + "lib/xamarintvos10/_._", + "lib/xamarinwatchos10/_._", + "ref/MonoAndroid10/_._", + "ref/MonoTouch10/_._", + "ref/net45/_._", + "ref/netcore50/System.Threading.dll", + "ref/netcore50/System.Threading.xml", + "ref/netcore50/de/System.Threading.xml", + "ref/netcore50/es/System.Threading.xml", + "ref/netcore50/fr/System.Threading.xml", + "ref/netcore50/it/System.Threading.xml", + "ref/netcore50/ja/System.Threading.xml", + "ref/netcore50/ko/System.Threading.xml", + "ref/netcore50/ru/System.Threading.xml", + "ref/netcore50/zh-hans/System.Threading.xml", + "ref/netcore50/zh-hant/System.Threading.xml", + "ref/netstandard1.0/System.Threading.dll", + "ref/netstandard1.0/System.Threading.xml", + "ref/netstandard1.0/de/System.Threading.xml", + "ref/netstandard1.0/es/System.Threading.xml", + "ref/netstandard1.0/fr/System.Threading.xml", + "ref/netstandard1.0/it/System.Threading.xml", + "ref/netstandard1.0/ja/System.Threading.xml", + "ref/netstandard1.0/ko/System.Threading.xml", + "ref/netstandard1.0/ru/System.Threading.xml", + "ref/netstandard1.0/zh-hans/System.Threading.xml", + "ref/netstandard1.0/zh-hant/System.Threading.xml", + "ref/netstandard1.3/System.Threading.dll", + "ref/netstandard1.3/System.Threading.xml", + "ref/netstandard1.3/de/System.Threading.xml", + "ref/netstandard1.3/es/System.Threading.xml", + "ref/netstandard1.3/fr/System.Threading.xml", + "ref/netstandard1.3/it/System.Threading.xml", + "ref/netstandard1.3/ja/System.Threading.xml", + "ref/netstandard1.3/ko/System.Threading.xml", + "ref/netstandard1.3/ru/System.Threading.xml", + "ref/netstandard1.3/zh-hans/System.Threading.xml", + "ref/netstandard1.3/zh-hant/System.Threading.xml", + "ref/portable-net45+win8+wp8+wpa81/_._", + "ref/win8/_._", + "ref/wp80/_._", + "ref/wpa81/_._", + "ref/xamarinios10/_._", + "ref/xamarinmac20/_._", + "ref/xamarintvos10/_._", + "ref/xamarinwatchos10/_._", + "runtimes/aot/lib/netcore50/System.Threading.dll", + "system.threading.4.3.0.nupkg.sha512", + "system.threading.nuspec" + ] + }, + "System.Threading.Tasks/4.3.0": { + "sha512": "LbSxKEdOUhVe8BezB/9uOGGppt+nZf6e1VFyw6v3DN6lqitm0OSn2uXMOdtP0M3W4iMcqcivm2J6UgqiwwnXiA==", + "type": "package", + "path": "system.threading.tasks/4.3.0", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "ThirdPartyNotices.txt", + "dotnet_library_license.txt", + "lib/MonoAndroid10/_._", + "lib/MonoTouch10/_._", + "lib/net45/_._", + "lib/portable-net45+win8+wp8+wpa81/_._", + "lib/win8/_._", + "lib/wp80/_._", + "lib/wpa81/_._", + "lib/xamarinios10/_._", + "lib/xamarinmac20/_._", + "lib/xamarintvos10/_._", + "lib/xamarinwatchos10/_._", + "ref/MonoAndroid10/_._", + "ref/MonoTouch10/_._", + "ref/net45/_._", + "ref/netcore50/System.Threading.Tasks.dll", + "ref/netcore50/System.Threading.Tasks.xml", + "ref/netcore50/de/System.Threading.Tasks.xml", + "ref/netcore50/es/System.Threading.Tasks.xml", + "ref/netcore50/fr/System.Threading.Tasks.xml", + "ref/netcore50/it/System.Threading.Tasks.xml", + "ref/netcore50/ja/System.Threading.Tasks.xml", + "ref/netcore50/ko/System.Threading.Tasks.xml", + "ref/netcore50/ru/System.Threading.Tasks.xml", + "ref/netcore50/zh-hans/System.Threading.Tasks.xml", + "ref/netcore50/zh-hant/System.Threading.Tasks.xml", + "ref/netstandard1.0/System.Threading.Tasks.dll", + "ref/netstandard1.0/System.Threading.Tasks.xml", + "ref/netstandard1.0/de/System.Threading.Tasks.xml", + "ref/netstandard1.0/es/System.Threading.Tasks.xml", + "ref/netstandard1.0/fr/System.Threading.Tasks.xml", + "ref/netstandard1.0/it/System.Threading.Tasks.xml", + "ref/netstandard1.0/ja/System.Threading.Tasks.xml", + "ref/netstandard1.0/ko/System.Threading.Tasks.xml", + "ref/netstandard1.0/ru/System.Threading.Tasks.xml", + "ref/netstandard1.0/zh-hans/System.Threading.Tasks.xml", + "ref/netstandard1.0/zh-hant/System.Threading.Tasks.xml", + "ref/netstandard1.3/System.Threading.Tasks.dll", + "ref/netstandard1.3/System.Threading.Tasks.xml", + "ref/netstandard1.3/de/System.Threading.Tasks.xml", + "ref/netstandard1.3/es/System.Threading.Tasks.xml", + "ref/netstandard1.3/fr/System.Threading.Tasks.xml", + "ref/netstandard1.3/it/System.Threading.Tasks.xml", + "ref/netstandard1.3/ja/System.Threading.Tasks.xml", + "ref/netstandard1.3/ko/System.Threading.Tasks.xml", + "ref/netstandard1.3/ru/System.Threading.Tasks.xml", + "ref/netstandard1.3/zh-hans/System.Threading.Tasks.xml", + "ref/netstandard1.3/zh-hant/System.Threading.Tasks.xml", + "ref/portable-net45+win8+wp8+wpa81/_._", + "ref/win8/_._", + "ref/wp80/_._", + "ref/wpa81/_._", + "ref/xamarinios10/_._", + "ref/xamarinmac20/_._", + "ref/xamarintvos10/_._", + "ref/xamarinwatchos10/_._", + "system.threading.tasks.4.3.0.nupkg.sha512", + "system.threading.tasks.nuspec" + ] + }, + "System.Threading.Tasks.Extensions/4.5.4": { + "sha512": "zteT+G8xuGu6mS+mzDzYXbzS7rd3K6Fjb9RiZlYlJPam2/hU7JCBZBVEcywNuR+oZ1ncTvc/cq0faRr3P01OVg==", + "type": "package", + "path": "system.threading.tasks.extensions/4.5.4", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "LICENSE.TXT", + "THIRD-PARTY-NOTICES.TXT", + "lib/MonoAndroid10/_._", + "lib/MonoTouch10/_._", + "lib/net461/System.Threading.Tasks.Extensions.dll", + "lib/net461/System.Threading.Tasks.Extensions.xml", + "lib/netcoreapp2.1/_._", + "lib/netstandard1.0/System.Threading.Tasks.Extensions.dll", + "lib/netstandard1.0/System.Threading.Tasks.Extensions.xml", + "lib/netstandard2.0/System.Threading.Tasks.Extensions.dll", + "lib/netstandard2.0/System.Threading.Tasks.Extensions.xml", + "lib/portable-net45+win8+wp8+wpa81/System.Threading.Tasks.Extensions.dll", + "lib/portable-net45+win8+wp8+wpa81/System.Threading.Tasks.Extensions.xml", + "lib/xamarinios10/_._", + "lib/xamarinmac20/_._", + "lib/xamarintvos10/_._", + "lib/xamarinwatchos10/_._", + "ref/MonoAndroid10/_._", + "ref/MonoTouch10/_._", + "ref/netcoreapp2.1/_._", + "ref/xamarinios10/_._", + "ref/xamarinmac20/_._", + "ref/xamarintvos10/_._", + "ref/xamarinwatchos10/_._", + "system.threading.tasks.extensions.4.5.4.nupkg.sha512", + "system.threading.tasks.extensions.nuspec", + "useSharedDesignerContext.txt", + "version.txt" + ] + }, + "System.ValueTuple/4.4.0": { + "sha512": "BahUww/+mdP4ARCAh2RQhQTg13wYLVrBb9SYVgW8ZlrwjraGCXHGjo0oIiUfZ34LUZkMMR+RAzR7dEY4S1HeQQ==", + "type": "package", + "path": "system.valuetuple/4.4.0", + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "LICENSE.TXT", + "THIRD-PARTY-NOTICES.TXT", + "lib/MonoAndroid10/_._", + "lib/MonoTouch10/_._", + "lib/net461/System.ValueTuple.dll", + "lib/net461/System.ValueTuple.xml", + "lib/net47/System.ValueTuple.dll", + "lib/net47/System.ValueTuple.xml", + "lib/netcoreapp2.0/_._", + "lib/netstandard1.0/System.ValueTuple.dll", + "lib/netstandard1.0/System.ValueTuple.xml", + "lib/netstandard2.0/_._", + "lib/portable-net40+sl4+win8+wp8/System.ValueTuple.dll", + "lib/portable-net40+sl4+win8+wp8/System.ValueTuple.xml", + "lib/xamarinios10/_._", + "lib/xamarinmac20/_._", + "lib/xamarintvos10/_._", + "lib/xamarinwatchos10/_._", + "ref/MonoAndroid10/_._", + "ref/MonoTouch10/_._", + "ref/net461/System.ValueTuple.dll", + "ref/net461/System.ValueTuple.xml", + "ref/net47/System.ValueTuple.dll", + "ref/net47/System.ValueTuple.xml", + "ref/netcoreapp2.0/_._", + "ref/netstandard2.0/_._", + "ref/portable-net40+sl4+win8+wp8/System.ValueTuple.dll", + "ref/portable-net40+sl4+win8+wp8/System.ValueTuple.xml", + "ref/xamarinios10/_._", + "ref/xamarinmac20/_._", + "ref/xamarintvos10/_._", + "ref/xamarinwatchos10/_._", + "system.valuetuple.4.4.0.nupkg.sha512", + "system.valuetuple.nuspec", + "useSharedDesignerContext.txt", + "version.txt" + ] + } + }, + "projectFileDependencyGroups": { + "net7.0": [ + "Minio >= 4.0.7" + ] + }, + "packageFolders": { + "/Users/pedro/.nuget/packages/": {} + }, + "project": { + "version": "1.0.0", + "restore": { + "projectUniqueName": "/Users/pedro/github.com/minio/operator/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/dotnet.csproj", + "projectName": "dotnet", + "projectPath": "/Users/pedro/github.com/minio/operator/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/dotnet.csproj", + "packagesPath": "/Users/pedro/.nuget/packages/", + "outputPath": "/Users/pedro/github.com/minio/operator/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/", + "projectStyle": "PackageReference", + "configFilePaths": [ + "/Users/pedro/.nuget/NuGet/NuGet.Config" + ], + "originalTargetFrameworks": [ + "net7.0" + ], + "sources": { + "https://api.nuget.org/v3/index.json": {} + }, + "frameworks": { + "net7.0": { + "targetAlias": "net7.0", + "projectReferences": {} + } + }, + "warningProperties": { + "warnAsError": [ + "NU1605" + ] + } + }, + "frameworks": { + "net7.0": { + "targetAlias": "net7.0", + "dependencies": { + "Minio": { + "target": "Package", + "version": "[4.0.7, )" + } + }, + "imports": [ + "net461", + "net462", + "net47", + "net471", + "net472", + "net48", + "net481" + ], + "assetTargetFallback": true, + "warn": true, + "frameworkReferences": { + "Microsoft.NETCore.App": { + "privateAssets": "all" + } + }, + "runtimeIdentifierGraphPath": "/usr/local/share/dotnet/sdk/7.0.201/RuntimeIdentifierGraph.json" + } + } + } +} \ No newline at end of file diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/project.nuget.cache b/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/project.nuget.cache new file mode 100644 index 00000000000..d9005ddb130 --- /dev/null +++ b/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/project.nuget.cache @@ -0,0 +1,67 @@ +{ + "version": 2, + "dgSpecHash": "oAhTS10AoCO+rXVyDA0qzu+gqzhf8T1ceeJ5MpxgUkuaH6kOcw6AEJT10Kx16ZIt0TPNxTfQ1TuQJ291XAZzNQ==", + "success": true, + "projectFilePath": "/Users/pedro/github.com/minio/operator/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/dotnet.csproj", + "expectedPackageFiles": [ + "/Users/pedro/.nuget/packages/crc32.net/1.2.0/crc32.net.1.2.0.nupkg.sha512", + "/Users/pedro/.nuget/packages/microsoft.csharp/4.7.0/microsoft.csharp.4.7.0.nupkg.sha512", + "/Users/pedro/.nuget/packages/microsoft.netcore.platforms/1.1.1/microsoft.netcore.platforms.1.1.1.nupkg.sha512", + "/Users/pedro/.nuget/packages/microsoft.netcore.targets/1.1.3/microsoft.netcore.targets.1.1.3.nupkg.sha512", + "/Users/pedro/.nuget/packages/minio/4.0.7/minio.4.0.7.nupkg.sha512", + "/Users/pedro/.nuget/packages/netstandard.library/2.0.0/netstandard.library.2.0.0.nupkg.sha512", + "/Users/pedro/.nuget/packages/newtonsoft.json/13.0.1/newtonsoft.json.13.0.1.nupkg.sha512", + "/Users/pedro/.nuget/packages/runtime.debian.8-x64.runtime.native.system.security.cryptography.openssl/4.3.2/runtime.debian.8-x64.runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", + "/Users/pedro/.nuget/packages/runtime.fedora.23-x64.runtime.native.system.security.cryptography.openssl/4.3.2/runtime.fedora.23-x64.runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", + "/Users/pedro/.nuget/packages/runtime.fedora.24-x64.runtime.native.system.security.cryptography.openssl/4.3.2/runtime.fedora.24-x64.runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", + "/Users/pedro/.nuget/packages/runtime.native.system/4.3.0/runtime.native.system.4.3.0.nupkg.sha512", + "/Users/pedro/.nuget/packages/runtime.native.system.net.http/4.3.0/runtime.native.system.net.http.4.3.0.nupkg.sha512", + "/Users/pedro/.nuget/packages/runtime.native.system.security.cryptography.apple/4.3.0/runtime.native.system.security.cryptography.apple.4.3.0.nupkg.sha512", + "/Users/pedro/.nuget/packages/runtime.native.system.security.cryptography.openssl/4.3.2/runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", + "/Users/pedro/.nuget/packages/runtime.opensuse.13.2-x64.runtime.native.system.security.cryptography.openssl/4.3.2/runtime.opensuse.13.2-x64.runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", + "/Users/pedro/.nuget/packages/runtime.opensuse.42.1-x64.runtime.native.system.security.cryptography.openssl/4.3.2/runtime.opensuse.42.1-x64.runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", + "/Users/pedro/.nuget/packages/runtime.osx.10.10-x64.runtime.native.system.security.cryptography.apple/4.3.0/runtime.osx.10.10-x64.runtime.native.system.security.cryptography.apple.4.3.0.nupkg.sha512", + "/Users/pedro/.nuget/packages/runtime.osx.10.10-x64.runtime.native.system.security.cryptography.openssl/4.3.2/runtime.osx.10.10-x64.runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", + "/Users/pedro/.nuget/packages/runtime.rhel.7-x64.runtime.native.system.security.cryptography.openssl/4.3.2/runtime.rhel.7-x64.runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", + "/Users/pedro/.nuget/packages/runtime.ubuntu.14.04-x64.runtime.native.system.security.cryptography.openssl/4.3.2/runtime.ubuntu.14.04-x64.runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", + "/Users/pedro/.nuget/packages/runtime.ubuntu.16.04-x64.runtime.native.system.security.cryptography.openssl/4.3.2/runtime.ubuntu.16.04-x64.runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", + "/Users/pedro/.nuget/packages/runtime.ubuntu.16.10-x64.runtime.native.system.security.cryptography.openssl/4.3.2/runtime.ubuntu.16.10-x64.runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", + "/Users/pedro/.nuget/packages/system.collections/4.3.0/system.collections.4.3.0.nupkg.sha512", + "/Users/pedro/.nuget/packages/system.collections.concurrent/4.3.0/system.collections.concurrent.4.3.0.nupkg.sha512", + "/Users/pedro/.nuget/packages/system.diagnostics.debug/4.3.0/system.diagnostics.debug.4.3.0.nupkg.sha512", + "/Users/pedro/.nuget/packages/system.diagnostics.diagnosticsource/4.3.0/system.diagnostics.diagnosticsource.4.3.0.nupkg.sha512", + "/Users/pedro/.nuget/packages/system.diagnostics.tracing/4.3.0/system.diagnostics.tracing.4.3.0.nupkg.sha512", + "/Users/pedro/.nuget/packages/system.globalization/4.3.0/system.globalization.4.3.0.nupkg.sha512", + "/Users/pedro/.nuget/packages/system.globalization.calendars/4.3.0/system.globalization.calendars.4.3.0.nupkg.sha512", + "/Users/pedro/.nuget/packages/system.globalization.extensions/4.3.0/system.globalization.extensions.4.3.0.nupkg.sha512", + "/Users/pedro/.nuget/packages/system.io/4.3.0/system.io.4.3.0.nupkg.sha512", + "/Users/pedro/.nuget/packages/system.io.filesystem/4.3.0/system.io.filesystem.4.3.0.nupkg.sha512", + "/Users/pedro/.nuget/packages/system.io.filesystem.primitives/4.3.0/system.io.filesystem.primitives.4.3.0.nupkg.sha512", + "/Users/pedro/.nuget/packages/system.linq/4.3.0/system.linq.4.3.0.nupkg.sha512", + "/Users/pedro/.nuget/packages/system.net.http/4.3.4/system.net.http.4.3.4.nupkg.sha512", + "/Users/pedro/.nuget/packages/system.net.primitives/4.3.1/system.net.primitives.4.3.1.nupkg.sha512", + "/Users/pedro/.nuget/packages/system.reactive/5.0.0/system.reactive.5.0.0.nupkg.sha512", + "/Users/pedro/.nuget/packages/system.reactive.linq/5.0.0/system.reactive.linq.5.0.0.nupkg.sha512", + "/Users/pedro/.nuget/packages/system.reflection/4.3.0/system.reflection.4.3.0.nupkg.sha512", + "/Users/pedro/.nuget/packages/system.reflection.primitives/4.3.0/system.reflection.primitives.4.3.0.nupkg.sha512", + "/Users/pedro/.nuget/packages/system.resources.resourcemanager/4.3.0/system.resources.resourcemanager.4.3.0.nupkg.sha512", + "/Users/pedro/.nuget/packages/system.runtime/4.3.1/system.runtime.4.3.1.nupkg.sha512", + "/Users/pedro/.nuget/packages/system.runtime.extensions/4.3.0/system.runtime.extensions.4.3.0.nupkg.sha512", + "/Users/pedro/.nuget/packages/system.runtime.handles/4.3.0/system.runtime.handles.4.3.0.nupkg.sha512", + "/Users/pedro/.nuget/packages/system.runtime.interopservices/4.3.0/system.runtime.interopservices.4.3.0.nupkg.sha512", + "/Users/pedro/.nuget/packages/system.runtime.numerics/4.3.0/system.runtime.numerics.4.3.0.nupkg.sha512", + "/Users/pedro/.nuget/packages/system.security.cryptography.algorithms/4.3.0/system.security.cryptography.algorithms.4.3.0.nupkg.sha512", + "/Users/pedro/.nuget/packages/system.security.cryptography.cng/4.3.0/system.security.cryptography.cng.4.3.0.nupkg.sha512", + "/Users/pedro/.nuget/packages/system.security.cryptography.csp/4.3.0/system.security.cryptography.csp.4.3.0.nupkg.sha512", + "/Users/pedro/.nuget/packages/system.security.cryptography.encoding/4.3.0/system.security.cryptography.encoding.4.3.0.nupkg.sha512", + "/Users/pedro/.nuget/packages/system.security.cryptography.openssl/4.3.0/system.security.cryptography.openssl.4.3.0.nupkg.sha512", + "/Users/pedro/.nuget/packages/system.security.cryptography.primitives/4.3.0/system.security.cryptography.primitives.4.3.0.nupkg.sha512", + "/Users/pedro/.nuget/packages/system.security.cryptography.x509certificates/4.3.0/system.security.cryptography.x509certificates.4.3.0.nupkg.sha512", + "/Users/pedro/.nuget/packages/system.text.encoding/4.3.0/system.text.encoding.4.3.0.nupkg.sha512", + "/Users/pedro/.nuget/packages/system.threading/4.3.0/system.threading.4.3.0.nupkg.sha512", + "/Users/pedro/.nuget/packages/system.threading.tasks/4.3.0/system.threading.tasks.4.3.0.nupkg.sha512", + "/Users/pedro/.nuget/packages/system.threading.tasks.extensions/4.5.4/system.threading.tasks.extensions.4.5.4.nupkg.sha512", + "/Users/pedro/.nuget/packages/system.valuetuple/4.4.0/system.valuetuple.4.4.0.nupkg.sha512" + ], + "logs": [] +} \ No newline at end of file diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/go/main.go b/examples/kustomization/tenant-PolicyBinding/miniosdk/go/main.go index 595dadecf57..06f0123dc1c 100644 --- a/examples/kustomization/tenant-PolicyBinding/miniosdk/go/main.go +++ b/examples/kustomization/tenant-PolicyBinding/miniosdk/go/main.go @@ -1,27 +1,28 @@ -/* - * MinIO Go Library for Amazon S3 Compatible Cloud Storage - * Copyright 2015-2023 MinIO, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . package main import ( "context" + "crypto/x509" "fmt" "io/ioutil" "log" + "net/http" "net/url" "os" "path" @@ -36,7 +37,6 @@ func main() { tenantNamespace := os.Getenv("TENANT_NAMESPACE") bucketName := os.Getenv("BUCKET") kubeRootCApath := os.Getenv("KUBERNETES_CA_PATH") - // certManagerCAPath := os.Getenv("STS_CA_PATH") token, err := getToken() if err != nil { @@ -48,66 +48,66 @@ func main() { panic(1) } - stsEndpointURL, err := url.Parse(stsEndpoint) - stsEndpointURL.Path = path.Join(stsEndpointURL.Path, tenantNamespace) - if err != nil { - log.Fatalf("Error parsing sts endpoint: %v", err) - } - sts := credentials.NewIAM(stsEndpointURL.String()) - + httpsTransport, err := getHttpsTransportWithCACert(kubeRootCApath) if err != nil { - log.Fatalf("Error initializing STS Identity: %v", err) + log.Fatalf("Error Creating https transport: %s", err) panic(1) } - // This might fail for https with self-signed certificates, - // need to find a way to set trust CA certificate to credentials.Credentials.Get() - // retrievedCredentials, err := sts.Get() - // if err != nil { - // log.Fatalf("Error retrieving STS credentials: %v", err) - // panic(1) - // } - // fmt.Println("AccessKeyID:", retrievedCredentials.AccessKeyID) - // fmt.Println("SecretAccessKey:", retrievedCredentials.SecretAccessKey) - // fmt.Println("SessionToken:", retrievedCredentials.SessionToken) - tenantEndpointURL, err := url.Parse(tenantEndpoint) + stsEndpointURL, err := url.Parse(stsEndpoint) + stsEndpointURL.Path = path.Join(stsEndpointURL.Path, tenantNamespace) if err != nil { - log.Fatalf("Error parsing tenant endpoint: %s", err) + log.Fatalf("Error parsing sts endpoint: %v", err) panic(1) } - caCertificate, err := getFile(kubeRootCApath) - if err != nil { - log.Fatalf("Error loading CA Certifiate : %s", err) - panic(1) - } + sts := credentials.New(&credentials.IAM{ + Client: &http.Client{ + Transport: httpsTransport, + }, + Endpoint: stsEndpointURL.String(), + }) - transport, err := minio.DefaultTransport(true) + retrievedCredentials, err := sts.Get() if err != nil { - log.Fatalf("Error creating default transport : %s", err) + log.Fatalf("Error retrieving STS credentials: %v", err) panic(1) } + fmt.Println("AccessKeyID:", retrievedCredentials.AccessKeyID) + fmt.Println("SecretAccessKey:", retrievedCredentials.SecretAccessKey) + fmt.Println("SessionToken:", retrievedCredentials.SessionToken) - if ok := transport.TLSClientConfig.RootCAs.AppendCertsFromPEM(caCertificate); !ok { - log.Fatalf("Error parsing CA Certifiate : %s", err) + tenantEndpointURL, err := url.Parse(tenantEndpoint) + if err != nil { + log.Fatalf("Error parsing tenant endpoint: %s", err) panic(1) } minioClient, err := minio.New(tenantEndpointURL.Host, &minio.Options{ Creds: sts, - Secure: true, - Transport: transport, + Secure: tenantEndpointURL.Scheme == "https", + Transport: httpsTransport, }) if err != nil { log.Fatalf("Error initializing client: %v", err) + panic(1) + } + + fmt.Print("List Buckets:") + buckets, err := minioClient.ListBuckets(context.Background()) + if err != nil { + log.Fatalln(err) + } + for _, bucket := range buckets { + log.Println(bucket) } + fmt.Printf("List Objects in bucket %s", bucketName) opts := minio.ListObjectsOptions{ Prefix: "/", Recursive: true, } - for object := range minioClient.ListObjects(context.Background(), bucketName, opts) { if object.Err != nil { fmt.Println(object.Err) @@ -130,3 +130,30 @@ func getToken() (string, error) { func getFile(path string) ([]byte, error) { return ioutil.ReadFile(path) } + +func getHttpsTransportWithCACert(cacertpath string) (*http.Transport, error) { + caCertificate, err := getFile(cacertpath) + if err != nil { + return nil, fmt.Errorf("Error loading CA Certifiate : %s", err) + } + + transport, err := minio.DefaultTransport(true) + if err != nil { + return nil, fmt.Errorf("Error creating default transport : %s", err) + } + + if transport.TLSClientConfig.RootCAs == nil { + pool, err := x509.SystemCertPool() + if err != nil { + log.Fatalf("Error initializing TLS Pool: %s", err) + transport.TLSClientConfig.RootCAs = x509.NewCertPool() + } else { + transport.TLSClientConfig.RootCAs = pool + } + } + + if ok := transport.TLSClientConfig.RootCAs.AppendCertsFromPEM(caCertificate); !ok { + return nil, fmt.Errorf("Error parsing CA Certifiate : %s", err) + } + return transport, nil +} diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/java/src/main/java/operator/sts/OperatorSTSExample.java b/examples/kustomization/tenant-PolicyBinding/miniosdk/java/src/main/java/operator/sts/OperatorSTSExample.java index 63e96a38cd1..675903eca4b 100644 --- a/examples/kustomization/tenant-PolicyBinding/miniosdk/java/src/main/java/operator/sts/OperatorSTSExample.java +++ b/examples/kustomization/tenant-PolicyBinding/miniosdk/java/src/main/java/operator/sts/OperatorSTSExample.java @@ -1,3 +1,19 @@ +// This file is part of MinIO Operator +// Copyright (c) 2023 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + package sts; import io.minio.ListObjectsArgs; import io.minio.MinioClient; diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/python/main.py b/examples/kustomization/tenant-PolicyBinding/miniosdk/python/main.py index afac4bbbcc6..d2bf20ec2ab 100644 --- a/examples/kustomization/tenant-PolicyBinding/miniosdk/python/main.py +++ b/examples/kustomization/tenant-PolicyBinding/miniosdk/python/main.py @@ -1,30 +1,83 @@ +# -*- coding: utf-8 -*- +# This file is part of MinIO Operator +# Copyright (c) 2023 MinIO, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . + from minio import Minio from minio.credentials import IamAwsProvider from urllib.parse import urlparse +import urllib3 import os import sys +# import logging sts_endpoint = os.getenv("STS_ENDPOINT") tenant_endpoint = os.getenv("MINIO_ENDPOINT") tenant_namespace = os.getenv("TENANT_NAMESPACE") token_path = os.getenv("AWS_WEB_IDENTITY_TOKEN_FILE") -bucket = os.getenv("BUCKET") +bucketName = os.getenv("BUCKET") +kubernetes_ca_file = os.getenv("KUBERNETES_CA_PATH") + +# logging.basicConfig(format='%(message)s', level=logging.DEBUG) +# logger = logging.getLogger() +# logger.setLevel(logging.DEBUG) with open(token_path, "r") as f: sa_jwt = f.read() -if sa_jwt is "" or sa_jwt is None: +if sa_jwt == "" or sa_jwt == None: print("Token is empty") sys.exit(1) -stsUrl = urlparse(tenant_endpoint) -stsUrl.path = stsUrl.path + f"/{tenant_namespace}" +https_transport = urllib3.PoolManager( + cert_reqs='REQUIRED', + ca_certs=kubernetes_ca_file, + retries=urllib3.Retry( + total=5, + backoff_factor=0.2, + status_forcelist=[500, 502, 503, 504], + ) + ) + +stsUrl = urlparse(f"{sts_endpoint}/{tenant_namespace}") +provider = IamAwsProvider(stsUrl.geturl(), http_client=https_transport) -provider = IamAwsProvider(stsUrl.geturl()) +credentials = provider.retrieve() + +print(f"Access key: {credentials.access_key}") +print(f"Secret key: {credentials.secret_key}") +print(f"Session Token key: {credentials.session_token}") tenantUrl = urlparse(tenant_endpoint) -client = Minio(f"{tenantUrl.hostname}:{tenantUrl.port}/{tenantUrl.path}", credentials=provider, secure=tenantUrl.scheme == "https") +isHttps = (tenantUrl.scheme == "https") + +client = Minio( + f"{tenantUrl.hostname}:{tenantUrl.port}/{tenantUrl.path}", + credentials=provider, + secure=isHttps, + http_client=https_transport + ) + +# list buckets +print("Listing Buckets:") +buckets = client.list_buckets() +for bucket in buckets: + print(bucket.name, bucket.creation_date) -# Get information of an object. -stat = client.list_objects(bucket) -print(stat) +# list objects in a bucket +print(f"Listing Objects in bucket {bucketName}:") +objects = client.list_objects(bucketName, recursive=True) +for obj in objects: + print(obj) diff --git a/examples/kustomization/tenant-PolicyBinding/sts-client.yaml b/examples/kustomization/tenant-PolicyBinding/sts-client.yaml index 3acd35cf53c..2accc9f9669 100644 --- a/examples/kustomization/tenant-PolicyBinding/sts-client.yaml +++ b/examples/kustomization/tenant-PolicyBinding/sts-client.yaml @@ -45,7 +45,7 @@ metadata: name: sts-example-job namespace: sts-client spec: - backoffLimit: 5 + backoffLimit: 10 template: spec: restartPolicy: OnFailure @@ -56,7 +56,7 @@ spec: image: minio/operator-sts-example:miniosdk-go env: - name: MINIO_ENDPOINT - value: https://minio.minio-tenant-1.svc.cluster.local:9443 + value: https://minio.minio-tenant-1.svc.cluster.local:443 - name: STS_ENDPOINT value: https://sts.minio-operator.svc.cluster.local:4223/sts - name: TENANT_NAMESPACE diff --git a/pkg/controller/cluster/http_handlers.go b/pkg/controller/cluster/http_handlers.go index be8f5e1bcd6..8e5483266fb 100644 --- a/pkg/controller/cluster/http_handlers.go +++ b/pkg/controller/cluster/http_handlers.go @@ -157,7 +157,7 @@ func (c *Controller) AssumeRoleWithWebIdentityHandler(w http.ResponseWriter, r * // Parse the incoming form data. if err := xhttp.ParseForm(r); err != nil { - writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue, err) + writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue, fmt.Errorf("Error parsing request: %s", err)) return } @@ -301,18 +301,22 @@ func (c *Controller) AssumeRoleWithWebIdentityHandler(w http.ResponseWriter, r * } durationStr := r.Form.Get(stsDurationSeconds) - duration, err := strconv.Atoi(durationStr) - if err != nil { - writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue, fmt.Errorf("invalid token expiry")) - return - } + var durationInSeconds int + if durationStr != "" { + duration, err := strconv.Atoi(durationStr) + if err != nil { + writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue, fmt.Errorf("invalid token expiry")) + return + } - if duration < 900 || duration > 31536000 { - writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue, fmt.Errorf("invalid token expiry: min 900s, max 31536000s")) - return + if duration < 900 || duration > 31536000 { + writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue, fmt.Errorf("invalid token expiry: min 900s, max 31536000s")) + return + } + durationInSeconds = duration } - stsCredentials, err := AssumeRole(ctx, c, &tenant, bfCompact, duration) + stsCredentials, err := AssumeRole(ctx, c, &tenant, bfCompact, durationInSeconds) if err != nil { writeSTSErrorResponse(ctx, w, true, ErrSTSInternalError, err) return diff --git a/testing/common.sh b/testing/common.sh index a7c92e1187d..76f4ff0b783 100644 --- a/testing/common.sh +++ b/testing/common.sh @@ -80,7 +80,7 @@ function install_operator() { value=operator elif [ "$1" = "sts" ]; then echo "Installing Current Operator with sts enabled" - try kubectl apply -k "${SCRIPT_DIR}/../testing/tenant-PolicyBinding/operator" + try kubectl apply -k "${SCRIPT_DIR}/../testing/tenant-policyBinding/operator" echo "key, value for pod selector in kustomize test" key=name value=minio-operator @@ -361,25 +361,28 @@ function install_tenant() { } function setup_sts_bucket() { + echo "Installing setub bucket job" try kubectl apply -k "${SCRIPT_DIR}/tenant-policyBinding/setup-bucket" namespace="minio-tenant-1" condition="condition=Complete" selector="metadata.name=setup-bucket" try wait_for_resource_field_selector $namespace job $condition $selector + echo "Installing setub bucket job: DONE" } function install_sts_client() { + echo "Installing sts client job for $1" # Definition of the sdk and client to test OLDIFS=$IFS - # shellcheck disable=SC2206 IFS="-"; declare -a CLIENTARR=($1) sdk="${CLIENTARR[0]}" lang="${CLIENTARR[1]}" IFS=$OLDIFS # Build and load client images - (cd "${SCRIPT_DIR}/../examples/kustomization/tenant-PolicyBinding" && make "${sdk}${lang}") + echo "Building docker image for minio/operator-sts-example:$1" + (cd "${SCRIPT_DIR}/../examples/kustomization/tenant-PolicyBinding" && try make "${sdk}${lang}") try kind load docker-image "minio/operator-sts-example:$1" client_namespace="sts-client" @@ -394,14 +397,17 @@ function install_sts_client() { fi fi - echo "install sts client job for $1" + echo "creating client $1" yq -i ".spec.template.spec.containers[0].image |= (\"minio/operator-sts-example:$1\")" "${SCRIPT_DIR}/tenant-policyBinding/sts-client/job.yaml" - kubectl apply -k "${SCRIPT_DIR}/tenant-policyBinding/sts-client" + try kubectl apply -k "${SCRIPT_DIR}/tenant-policyBinding/sts-client" condition="condition=Complete" selector="metadata.name=sts-example-job" - wait_for_resource_field_selector $client_namespace job $condition $selector 30s + try wait_for_resource_field_selector $client_namespace job $condition $selector 600s echo "removing client $1" kubectl delete -k "${SCRIPT_DIR}/tenant-policyBinding/sts-client" + # TODO look for a proper way to wait for the namespace to be deleted + sleep 10 + echo "Installing sts client job for $1: DONE" } # Port forward diff --git a/testing/tenant-policyBinding/sts-client/job.yaml b/testing/tenant-policyBinding/sts-client/job.yaml index e3ad07b1364..63b5e1da709 100644 --- a/testing/tenant-policyBinding/sts-client/job.yaml +++ b/testing/tenant-policyBinding/sts-client/job.yaml @@ -8,4 +8,4 @@ spec: spec: containers: - name: sts-client - image: minio/operator-sts-example:awssdk-python + image: minio/operator-sts-example:tag diff --git a/testing/test-policy-binding+certmanager.sh b/testing/test-policy-binding+certmanager.sh index d69409c5a8e..a82e5f98f4c 100755 --- a/testing/test-policy-binding+certmanager.sh +++ b/testing/test-policy-binding+certmanager.sh @@ -35,7 +35,7 @@ function main() { #install_sts_client "miniosdk-dotnet" - install_sts_client "miniosdk-go" + #install_sts_client "miniosdk-go" #install_sts_client "miniosdk-java" diff --git a/testing/test-policy-binding.sh b/testing/test-policy-binding.sh index 4c50ab7ce8b..707e8646b3c 100755 --- a/testing/test-policy-binding.sh +++ b/testing/test-policy-binding.sh @@ -45,7 +45,7 @@ function main() { install_sts_client "awssdk-python" - #destroy_kind + destroy_kind } main "$@" From 93c71ebafa3f8646aee880b9453859bfcf599817 Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Thu, 2 Mar 2023 16:11:44 -0800 Subject: [PATCH 24/47] Fix make sure console image is using the local operator build --- .../operator/console-deployment.yaml | 11 +++++++++++ .../tenant-policyBinding/operator/kustomization.yaml | 1 + 2 files changed, 12 insertions(+) create mode 100644 testing/tenant-policyBinding/operator/console-deployment.yaml diff --git a/testing/tenant-policyBinding/operator/console-deployment.yaml b/testing/tenant-policyBinding/operator/console-deployment.yaml new file mode 100644 index 00000000000..a031cff2d90 --- /dev/null +++ b/testing/tenant-policyBinding/operator/console-deployment.yaml @@ -0,0 +1,11 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: console + namespace: minio-operator +spec: + template: + spec: + containers: + - name: console + image: minio/operator:noop diff --git a/testing/tenant-policyBinding/operator/kustomization.yaml b/testing/tenant-policyBinding/operator/kustomization.yaml index 3d6120bbe14..d41c4edaa38 100644 --- a/testing/tenant-policyBinding/operator/kustomization.yaml +++ b/testing/tenant-policyBinding/operator/kustomization.yaml @@ -6,3 +6,4 @@ bases: patchesStrategicMerge: - deployment.yaml + - console-deployment.yaml From daaf249f882b230c957d67ea132777464567ce58 Mon Sep 17 00:00:00 2001 From: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com> Date: Fri, 3 Mar 2023 15:39:12 -0800 Subject: [PATCH 25/47] Tweaks to STS examples (#1) * Tweaks to STS examples Signed-off-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com> * Re-use Example tenatns Signed-off-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com> * job name Signed-off-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com> * re-org example Signed-off-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com> * update readme Signed-off-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com> * rename sdk folders Signed-off-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com> * Python Example Signed-off-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com> * kustomizaitons for all languages Signed-off-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com> * image names Signed-off-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com> --------- Signed-off-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com> --- docs/STS.md | 20 ++++ docs/images/sts-diagram.jpg | Bin 0 -> 34100 bytes examples/kustomization/sts-example/Makefile | 28 +++++ examples/kustomization/sts-example/README.md | 109 ++++++++++++++++++ .../sts-example/kustomization.yaml | 5 + .../sample-clients/aws-sdk}/python/Dockerfile | 0 .../aws-sdk/python/kustomization.yaml | 20 ++++ .../sample-clients/aws-sdk}/python/main.py | 0 .../aws-sdk}/python/requirements.txt | 0 .../minio-sdk}/dotnet/Dockerfile | 2 +- .../minio-sdk}/dotnet/Program.cs | 0 .../minio-sdk}/dotnet/dotnet.csproj | 0 .../minio-sdk/dotnet/kustomization.yaml | 20 ++++ ...CoreApp,Version=v7.0.AssemblyAttributes.cs | 0 .../obj/Debug/net7.0/dotnet.AssemblyInfo.cs | 0 .../net7.0/dotnet.AssemblyInfoInputs.cache | 0 ....GeneratedMSBuildEditorConfig.editorconfig | 0 .../obj/Debug/net7.0/dotnet.GlobalUsings.g.cs | 0 .../obj/Debug/net7.0/dotnet.assets.cache | Bin .../dotnet.csproj.AssemblyReference.cache | Bin .../obj/dotnet.csproj.nuget.dgspec.json | 0 .../dotnet/obj/dotnet.csproj.nuget.g.props | 0 .../dotnet/obj/dotnet.csproj.nuget.g.targets | 0 .../minio-sdk}/dotnet/obj/project.assets.json | 0 .../minio-sdk}/dotnet/obj/project.nuget.cache | 0 .../sample-clients/minio-sdk/go/Dockerfile | 25 ++++ .../sample-clients/minio-sdk/go/README.md | 7 ++ .../sample-clients/minio-sdk}/go/go.mod | 2 +- .../sample-clients/minio-sdk}/go/go.sum | 0 .../minio-sdk/go/kustomization.yaml | 20 ++++ .../sample-clients/minio-sdk}/go/main.go | 3 +- .../sample-clients/minio-sdk}/java/Dockerfile | 3 + .../minio-sdk/java/kustomization.yaml | 20 ++++ .../sample-clients/minio-sdk}/java/pom.xml | 0 .../java/operator/sts/OperatorSTSExample.java | 0 .../minio-sdk}/javascript/Dockerfile | 0 .../minio-sdk/javascript/kustomization.yaml | 20 ++++ .../minio-sdk}/python/Dockerfile | 10 +- .../minio-sdk/python/kustomization.yaml | 20 ++++ .../sample-clients/minio-sdk}/python/main.py | 0 .../minio-sdk}/python/requirements.txt | 0 .../sample-data}/iam-setup-bucket.yaml | 31 ++--- .../sample-data}/kustomization.yaml | 0 .../sts-app}/kustomization.yaml | 3 +- .../sts-app}/policy-binding.yaml | 0 .../sts-app}/sts-client.yaml | 27 ++--- .../tenant-certmanager/kustomization.yaml | 6 +- .../tenant-certmanager/tenantNamePatch.yaml | 0 .../sts-example}/tenant/kustomization.yaml | 6 +- .../sts-example}/tenant/tenantNamePatch.yaml | 0 .../tenant-PolicyBinding/Makefile | 32 ----- .../miniosdk/go/Dockerfile | 12 -- .../operator/console-deployment.yaml | 0 .../operator/deployment.yaml | 0 .../operator/kustomization.yaml | 0 .../sts-client/job.yaml | 0 testing/sts/sts-client/kustomization.yaml | 10 ++ .../setup-bucket/kustomization.yaml | 6 - .../sts-client/kustomization.yaml | 8 -- 59 files changed, 378 insertions(+), 97 deletions(-) create mode 100644 docs/STS.md create mode 100644 docs/images/sts-diagram.jpg create mode 100644 examples/kustomization/sts-example/Makefile create mode 100644 examples/kustomization/sts-example/README.md create mode 100644 examples/kustomization/sts-example/kustomization.yaml rename examples/kustomization/{tenant-PolicyBinding/awssdk => sts-example/sample-clients/aws-sdk}/python/Dockerfile (100%) create mode 100644 examples/kustomization/sts-example/sample-clients/aws-sdk/python/kustomization.yaml rename examples/kustomization/{tenant-PolicyBinding/awssdk => sts-example/sample-clients/aws-sdk}/python/main.py (100%) rename examples/kustomization/{tenant-PolicyBinding/awssdk => sts-example/sample-clients/aws-sdk}/python/requirements.txt (100%) rename examples/kustomization/{tenant-PolicyBinding/miniosdk => sts-example/sample-clients/minio-sdk}/dotnet/Dockerfile (96%) rename examples/kustomization/{tenant-PolicyBinding/miniosdk => sts-example/sample-clients/minio-sdk}/dotnet/Program.cs (100%) rename examples/kustomization/{tenant-PolicyBinding/miniosdk => sts-example/sample-clients/minio-sdk}/dotnet/dotnet.csproj (100%) create mode 100644 examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/kustomization.yaml rename examples/kustomization/{tenant-PolicyBinding/miniosdk => sts-example/sample-clients/minio-sdk}/dotnet/obj/Debug/net7.0/.NETCoreApp,Version=v7.0.AssemblyAttributes.cs (100%) rename examples/kustomization/{tenant-PolicyBinding/miniosdk => sts-example/sample-clients/minio-sdk}/dotnet/obj/Debug/net7.0/dotnet.AssemblyInfo.cs (100%) rename examples/kustomization/{tenant-PolicyBinding/miniosdk => sts-example/sample-clients/minio-sdk}/dotnet/obj/Debug/net7.0/dotnet.AssemblyInfoInputs.cache (100%) rename examples/kustomization/{tenant-PolicyBinding/miniosdk => sts-example/sample-clients/minio-sdk}/dotnet/obj/Debug/net7.0/dotnet.GeneratedMSBuildEditorConfig.editorconfig (100%) rename examples/kustomization/{tenant-PolicyBinding/miniosdk => sts-example/sample-clients/minio-sdk}/dotnet/obj/Debug/net7.0/dotnet.GlobalUsings.g.cs (100%) rename examples/kustomization/{tenant-PolicyBinding/miniosdk => sts-example/sample-clients/minio-sdk}/dotnet/obj/Debug/net7.0/dotnet.assets.cache (100%) rename examples/kustomization/{tenant-PolicyBinding/miniosdk => sts-example/sample-clients/minio-sdk}/dotnet/obj/Debug/net7.0/dotnet.csproj.AssemblyReference.cache (100%) rename examples/kustomization/{tenant-PolicyBinding/miniosdk => sts-example/sample-clients/minio-sdk}/dotnet/obj/dotnet.csproj.nuget.dgspec.json (100%) rename examples/kustomization/{tenant-PolicyBinding/miniosdk => sts-example/sample-clients/minio-sdk}/dotnet/obj/dotnet.csproj.nuget.g.props (100%) rename examples/kustomization/{tenant-PolicyBinding/miniosdk => sts-example/sample-clients/minio-sdk}/dotnet/obj/dotnet.csproj.nuget.g.targets (100%) rename examples/kustomization/{tenant-PolicyBinding/miniosdk => sts-example/sample-clients/minio-sdk}/dotnet/obj/project.assets.json (100%) rename examples/kustomization/{tenant-PolicyBinding/miniosdk => sts-example/sample-clients/minio-sdk}/dotnet/obj/project.nuget.cache (100%) create mode 100644 examples/kustomization/sts-example/sample-clients/minio-sdk/go/Dockerfile create mode 100644 examples/kustomization/sts-example/sample-clients/minio-sdk/go/README.md rename examples/kustomization/{tenant-PolicyBinding/miniosdk => sts-example/sample-clients/minio-sdk}/go/go.mod (94%) rename examples/kustomization/{tenant-PolicyBinding/miniosdk => sts-example/sample-clients/minio-sdk}/go/go.sum (100%) create mode 100644 examples/kustomization/sts-example/sample-clients/minio-sdk/go/kustomization.yaml rename examples/kustomization/{tenant-PolicyBinding/miniosdk => sts-example/sample-clients/minio-sdk}/go/main.go (97%) rename examples/kustomization/{tenant-PolicyBinding/miniosdk => sts-example/sample-clients/minio-sdk}/java/Dockerfile (88%) create mode 100644 examples/kustomization/sts-example/sample-clients/minio-sdk/java/kustomization.yaml rename examples/kustomization/{tenant-PolicyBinding/miniosdk => sts-example/sample-clients/minio-sdk}/java/pom.xml (100%) rename examples/kustomization/{tenant-PolicyBinding/miniosdk => sts-example/sample-clients/minio-sdk}/java/src/main/java/operator/sts/OperatorSTSExample.java (100%) rename examples/kustomization/{tenant-PolicyBinding/miniosdk => sts-example/sample-clients/minio-sdk}/javascript/Dockerfile (100%) create mode 100644 examples/kustomization/sts-example/sample-clients/minio-sdk/javascript/kustomization.yaml rename examples/kustomization/{tenant-PolicyBinding/miniosdk => sts-example/sample-clients/minio-sdk}/python/Dockerfile (70%) create mode 100644 examples/kustomization/sts-example/sample-clients/minio-sdk/python/kustomization.yaml rename examples/kustomization/{tenant-PolicyBinding/miniosdk => sts-example/sample-clients/minio-sdk}/python/main.py (100%) rename examples/kustomization/{tenant-PolicyBinding/miniosdk => sts-example/sample-clients/minio-sdk}/python/requirements.txt (100%) rename examples/kustomization/{tenant-PolicyBinding/setup-bucket => sts-example/sample-data}/iam-setup-bucket.yaml (74%) rename examples/kustomization/{tenant-PolicyBinding/setup-bucket => sts-example/sample-data}/kustomization.yaml (100%) rename examples/kustomization/{tenant-PolicyBinding => sts-example/sts-app}/kustomization.yaml (82%) rename examples/kustomization/{tenant-PolicyBinding => sts-example/sts-app}/policy-binding.yaml (100%) rename examples/kustomization/{tenant-PolicyBinding => sts-example/sts-app}/sts-client.yaml (85%) rename {testing/tenant-policyBinding => examples/kustomization/sts-example}/tenant-certmanager/kustomization.yaml (82%) rename {testing/tenant-policyBinding => examples/kustomization/sts-example}/tenant-certmanager/tenantNamePatch.yaml (100%) rename {testing/tenant-policyBinding => examples/kustomization/sts-example}/tenant/kustomization.yaml (83%) rename {testing/tenant-policyBinding => examples/kustomization/sts-example}/tenant/tenantNamePatch.yaml (100%) delete mode 100644 examples/kustomization/tenant-PolicyBinding/Makefile delete mode 100644 examples/kustomization/tenant-PolicyBinding/miniosdk/go/Dockerfile rename testing/{tenant-policyBinding => sts}/operator/console-deployment.yaml (100%) rename testing/{tenant-policyBinding => sts}/operator/deployment.yaml (100%) rename testing/{tenant-policyBinding => sts}/operator/kustomization.yaml (100%) rename testing/{tenant-policyBinding => sts}/sts-client/job.yaml (100%) create mode 100644 testing/sts/sts-client/kustomization.yaml delete mode 100644 testing/tenant-policyBinding/setup-bucket/kustomization.yaml delete mode 100644 testing/tenant-policyBinding/sts-client/kustomization.yaml diff --git a/docs/STS.md b/docs/STS.md new file mode 100644 index 00000000000..ba080aeb3a3 --- /dev/null +++ b/docs/STS.md @@ -0,0 +1,20 @@ +# MinIO Operator STS + +**Native IAM Authentication for Kubernetes.** + +> ⚠️ This feature is an alpha release and is subject to breaking changes in future releases. + +MinIO Operator offer support for the STS paradigm for workload identify. + +![STS Diagram](images/sts-diagram.jpg) + +# Requirements + +## TLS + +The STS functionality works only with TLS configured. We can request certificates automatically, but additional you can +user `cert-manager` or bring your own certificates. + +## SDK support + +Your application must use an SDK that supports `AssumeRole` like behavior. \ No newline at end of file diff --git a/docs/images/sts-diagram.jpg b/docs/images/sts-diagram.jpg new file mode 100644 index 0000000000000000000000000000000000000000..41de9e0a41fae065373f3f78e88ff0ce1a38d796 GIT binary patch literal 34100 zcmeFZbyOWqvp2eNCwOpocPF^JY~0;lLI`fb5_WLA9wazJvG(U)z!bQ?yl(`c$#}!1E9!ANJ{{~zyJWS=O5r{5g-bHfr5gDf`oyF zhK7ZKfki+=K!ArwzE78U^x0TTfMlb!&Ffd2pS_0$PKg#~{FAqW9R3IIn1gFpp)>IUGwm* zV(;%46a*wRILu2X&NKhz`aS3Q4h9YZ3H7u9K!gATfTKX5JacY^{*wRSkq}8)Jqmm> zZEr5U6=0AKPj0*wmKHmPEOEZ_uQI-=xRI>h{}i$GCh2A~XE))EVyidB#qQ3`+t$f# z7)6S;Lc!uSpk8 zK-+^F3YVQJBF15FhSAHvv<<9J_Lh2$4{)PE+r|z8(C4*lzj)#D`|eMmFeEe`7MQi|_vB z9XGz97!gE}8%It-EAqX)9a($nJW9ueso+F}r z7!4V7|5?GGTq^1??b#sRS}}p}Kpo`kWWgNtQw=nZCb0a5KZX8(>R%85i-0*cf#7Z* zWoC;+{Qir0yAW@8+n3t2dww}NGk_eA9#zbB0>CXH1S?&rrfAqP^% zl6x$!W1R3uh)@=Sw+51@IxalOVGteT#D|z^+v^5XM3R~l_VzEL_BEj;le^|YFP0~$ zD_5r?JG{>2dc{it9kRDa_Oloktm_JgBYC1}HYYM&A;@LnK`N?n0+#!hWW=JGr%ix) zyULXmra0%zm8-l8Dx25Yw<&ZXD~nCmB{%H~E`<;Beh>E#RhfI60N9K}*lVT_TDGvB zHXm#PBqKxww_?6+)sdK0kbK{Lt{ytimd6ipzr|Z(!DTVJmjs{y#@lXprS|M04Zrub zto~ST>7056kb$7&PZ@QIxpX>+Ga=AP9Co#LbyYAZcxeHeTn5YL&OThO4YR$6ch7@N z;S&Iai)zP?*5)f{Tfpo2BJ}&k!Dcl4LW2XfBu4GzT3@M~W96BnCI^`t;Ur0zqoyiy z&YTq@l&9{0PvKxG)KHT;vvl#MDuSFQ;gFJ7L01c!CgD_6;#rzVb|;BSj1OYS%0SIiUa_YQu4 z5q&115uX5|-+V$@lR4uTB#>Y2s>--n$#ZhJ*LvPQ&uT&dK;S0iy*)s*IK@A>gY-Kxtnor%k19+G zf4$&p@+K%JQl;cU>>$qgNn^Xh<_9l%<(g@{mjwN6N`CiSb4plZrG~1rP)>FG2(s^CIh`QjASN^jl;oLG_AUe8>Iwjmboc3l;P6ZvHwJn&j4b; zFFQwQYW)7Sj#L>tQahTOpaoSKp_e>o82wie|bUm~AjP&2E@#>VIVe z052eb^G6tj$o##*NDSkD_`xs2l@}*l-iXNNt&NWzT+?T<$V*82I>=iLfnTojhb)(5 zW{L^`-AX_7v;q71*y_^8%4`OoY8;HexYB~%Ktkb+>QoB{DQO) znvs65#lH*uRuJ^zpP=3168f`(mk#oSeC{cL^yck~;eMff?w^^@6a}X4?D`~+d|-|X zpLicmojPd9hd?!Efmf2E!nL5z@1>_F{$lVy9-q607|yZGB~<>I_^Uq1@b8IpyOK!t zv&g)l@xhIQKC=8N74G!W0;eYL)1BLA+2_X6{H4gR#}^j{B#gQ$N4yaKay`TF;vCNT zYEg(sy1k9FBkBByOCMDWof}3Q`#t$yGtr;m`;gVT;2=l!9TJE}54$nybj5O+y{lFTY5(ZaRZC=>oXHig1qk1WJy-cb zUI_2f>Tvi!C10rL4*53m` zaDRJ2d2Es|^qW%1eYW~fCV4`s-!9*{c#eF{kk@gho5O%99T6DSL3~*x{`rDHPPBc0 z6Tt3KGtl&Pp5eZnF_&eNjFMn_nAi0;$=_8@#7vN~XEck|feF1^nq1nd81?&SUC-?g zkQdbc(%fjrAu*};d(y*m$u-86`J1dv(To{wEd_0uOtwlve9;S$Bl)(s?Kw(jMFD_= zK|p{*KPOPXf@KIuZ~zz-ItC^hJ2VO^F|(2o3mXR(nJ5VR$_no)InRxc6NalfKt1na}N4%5v zy;j#~k~kAMc(}UdPYl; zB`ideVhi&;Nutt$dPbusy%Makmr=J4LlX;?!`SbduKP>p_bqz9H$=^cWGpNZEY8)T zgU2Y{ye>H#*sSXBWm{7xPcJsz1hL$2e%3J8SDe{impv8)-9b8bEMAA?gA#|YwMxaB zxm~aa^g=~LAsg6LE$4K$wL(L=x)rKyYjnFk-nOAYz1Wo7;jj^0^7CzLqmmKq;bexH z)x`+P!F9m74cF(MioxWPw<`mc>%EFRZ{t}r7^yg!xe;MJkmGV3h#Tp&XYQ01+mu1F7=hD!?M3vy9QA=; z0hweNH>Iyq5XHjjFn#%>RI*FnDZiLn74}jd7yeS!8$$6QVPy@bFe5~l{Gsb$EJ84i zSz#X!0z^vY{W#3`2?v~&I=zZG?(g4(5X_m7eHs|TnqjHFb|KCXzt?vl;;OusbHbFf zG_8#7VeH2`gQw@m4`C?@QGNm-L6{#463?Jh1)HTMjTyh8_Rul=csf^Bq*>=QKL$$Z zEW4WX2A3hc9~Ow3dKkR{ zt9R}xRVxh02i>oTNFi|?C@~f(MX0a85T)plO5BTOm$=Zb;v(Lbq&!l~%JBf@KM{pZ zB)cSg`u}7LFDb&Qt%9=Yreo}63MGDZ-zu#6b));E9I}Q0-7B8Yrt}uI;7mAfLXWIH zHtplEeL=kdlhcz>NxXFuD}yeI;Gu}2MLExil}8ekri*cct5!T4N22?dG3^tsPg?t& zETW}|l>E+|Bv^Ozq3pb`DKpZ#e>|uy`K>jIfsGZW@ zXK=%6iqI1;`zs@qu~O}e0@|i>nKrP6;g)oyj^-`cd$1O2C@1_LcTu z8L+vH4~wU_Cp|i6>i57lOo#uPP}4&kIAyyNe+MA`$>Wy@|31u=E5!NKe#6{o1gQ_Gec4Fd%u?9I*8ZV2-gs2$ zrpll%;u-KnoVs2VEF<{ONNdg_%cvFK5k!Wex4|sPL}dh+FN15=^BsFn>p`J8uk^4l z`^gecVEfG;ua6#sYD_SV$y*a@01=5_!2VBUnJa`c!(MbxA%J_lwxm+vpYlwnH<45Tn~E?&e7Wl z*(kVC$WqIFw)7dl@)i4bc;{fFKZ!vp@WHmC2TXD?_L1M9dRzA0NA91{dHt2BB32uN z{zvAhwXr_~>+j9^KAE4^2Y=C4U12KhryKVOL_0~``}ykYEv2u;_OJSH{1+!|!+0HYd=)ximY}<~GQ@8^(s;%QTw=+YqmNAY?-GTz z_T{zk-MDQck4rIvFr*f{0|%XVi!&>AKS8osNcE*Hc6;2q{YM85stS;P0|*FeZbiJ) z1lAvGCAD)(m1hbL{>sR7|M72iDGPJUZdoh)|LD=)D0NbAu+asU(avJpgx7ZcgHim# zfL!N%%qRDXa$NFbH?!&*BDgo0!5-7awwT-8dt8aMWJF{;bas6L*w0!;JqqsMn#_cH zU@u@zIz<~kHJ{d5zJ7K!*(Al zg2*j2LU^-_RAECtgR(v*Xks5Ms7q!ee9vb{lID3ufSX=(}x2etUNzQN`$xT69R8AAY^L;CP&F;BreKKq& zc)Y2aH+_Wt^m)6OO;Gm!I+^PK1;P9CtJ;(u=Z@eNOzZ9Ri&5t<_IXN7hT?*piZuQg z6DT95&2M>!8u*BWcL%^@n#a`v{f#e2k47!55w6>06I>9tAMusOls}e538?wuhdg( z^Ntu9n%X`*0UWk>@|s~$KL}jS6fdbhw8ggc4dy_zV~1g3?|5pcxq*qP zEzhggcON%Da4!fRSQ-??l81+`w=LdOdx=+)mUjN$?*1@Zt+W1F{3xftPiC0es!EwC z{d9Fp^qFT6(b!XzX_y$Gdq}^Bc`0If*PaD8ZhfN2=Qq*7VHwu9Bu+bP{<{(X=Tsn{ zTM&HcTYuraEC&l0C3Ll_UGAj#^9kVpZ)5n+GQTM0s4Sx7$JM!CU?^-nes%n#tmZTC zMW^+$ytGva*l(adR{kcv)P(cZgW`8zz3sd6HF;=D^@!J+CP;kc{iEm#TTW9H(c&?bMgo(^mBSDkczF!c%p`K(HI0V*tAAjjpJ??q#^x77pOW>zU#uQI zJi}q9&1IA4q4dk=-Va_8W&8%SIcKUDg#Is>zpr^od;`M>Z;jp%yd5po)sUW1r;(u5 zq7&BH5Ikryd9S;<3xptR;#Hs5_We;=W8b=s*7uHuJxf1n*{tuAVY=pS&sah2I=_A7 zMkwABK%*h}ESE@~^Gr>uM#=z>x2CcxDlEL=_RJ^oBj;AsS!@_p1g0r~q-*3i2z>5h zXe|F>Arc~5KVYaFPs^t)*uhKKOSI62#x8B=34kv3Q*CQpBl{5iFykPtDj>G`a=RzH zP0cu0oVl1cV@6r*GwQ9{q+xNjSa@(5s7^h6hQBwr8;>5Rlw-OuN;-&BlcFK6VVfck zR*0)vq=eQ)+rzPobj9IUf3ne2K5s@a2OBZ{c*cmerEjNg@s8*Pz$buixzh#Rl8@Iz zTQ%oRObR(m{KZJCsd*Tp*_&GZ?_2y-%*J@0!=JX7f~F2Qu*lhYNA%3gsx`C^>*toMs6pims%R9_O(pEh{GfOjTk34> z!*$bY=+mZA#}So1ZCR_$pdJDIgWzU^U06xH?s8Ch7HbKn2hh}DYqQpT=M3OQ7h!+M zeDE2Y{XsH<*#Uh-x?K5A%U?foEC7Mez8G7BJRK?D1b#Ctlm~dSXC#?x5cTL_F2a?9 z=VD_=E`%+yB%xChT0>O6@a~87dVfC=5kbog4Lp<#ZPg@mS+bdT46nO+^kLeO)H}VV z%l*&ap8%z+) zChw41q_3X<+dsK+nB%a|F^j4AG_a?#-4Hkhp6wo<{Xtb3Z4br%!ICv`LsTtg#iI=r zOc>)M_zMn;gK4HulSKwG&LUJZm^SdW!P=drM(P#Cn!pm;zcLDK77WZi_d@zGOB*ol zp>+J!*MR>*sLWPU{1ANECqM;&L4ZL+LPEm)cB1xtgoX+MiN>OwHI9PLEQCR<5<|i& z98Jo`uH@uj+3{uL z>9SKNhQTsqFnr>ppnZ=D-34ax9jm78i64A(jNXE(EdiK&i1Fmrxl?$KV&Ccd>y2113WVI4GwFv@w_ou=xB45rn zfutu@Kl3q2CV^Hh?+0vxo1O-6`Z-ZDcAeM}ron=Jv)#Kw4Mo!HX%h0i))6z9M1K9oyl zH64h13DeVLXE#m78 zcB!kLmVoBh={9Fz+wv;ji*C~3jstC!({e*YjHdZC&;;Eo1XdK{Fz!t8j$VeD6?J~n z$|_YN5v&T_3-7Hbn4{EGw#c^#Hg2QU!9b8kI#`yLDjp@714_E%`YzOR>TA%V z2j{M}Dmci9=2HV_vG?G-#3h4K0(<;s*-7-4_Qe?b2@4%L+tlN$N9Pa6Jprm_uT@=m znHxMDldQFCY!I)6RgV*Jjc18JZZ(x`<>fDX53fO zCQBx+;M9z1H{Ev0Gc|#M$xzrQ;7N{uMPeO3h@+<;TP$ISO5Cbh4O-@c^^PAd48i$| zg@0^w@;XiqNF;7#Fj~q`mnp9%@AZvVFOpA|Z#qDO#xG6%NdAoJ0Goa$N#byJ9{YJ~ z$rN{q?gZty*TkgpdtPm*yG_T!#K@0arWsWF{ZHqUmY8cS%cSE{dQ-FmU$G4~MtRtD zyU`Ui!E zF=~lQ1O=-u!^`$gEU?$Mk{Zk~CwBC{3;Su`=dz9KMB7uG2sBU}#U}f9E9qwD?3uCH zIu`N-ID;6B_L{VDn<9Y|Mp^)J!>qh!lt032fu?dSD;*+NnJAX4TxO@W8aF{KpPu1Cdmr&c~`X{KVcJ?K8@o6f>AyVG!+;wP?Q<2dd22KpTm@dTz5lB2t%T(sC zzXxi2op;w?Ae;_j`JSydqM_Z9bf&_=_l`EN82wab&BHc7)HHB0CuE}Pp&Hjrv9V}c zwB+0D9{zg#npt8)-mrl{MbuM?mG%tQ?Ny;nQl^yP(bfRmvELWR25JyxB^m2txRrwX zbfA>ed}AbSI%vfqnt~F~zLZN=BKzPwV%`%VQ8w6cO44&4nG zY;6Gpaum~BCGsG#*Xr}M`Pm50r4+q-1!emt5SF$PZxvpNanAG@>yNr5qS>Iu!HVbU zNI?N1e4Qz_wJhHxp4WM^FmP@bp#)80!eeJ+@-g4O(ox(ba zVv-Wdb-BYQD8Cih;iMHCqPvLnMa_`WCL@*1jvh2ytW(L+X%Fb&gpV=LaYleOdX-mC zo$_F`S6Bq2cP6pPcP|7M+pCyMlZS3+8c{4|uRLxxMXc(t%-{8)qjW5lyYp5!PA<;w zq%3>lB+S!sn$QYJQ?MRpnruj5yOJtOPR^dvJYVDx>Mmn>G1%K$FIvh%J2hm(U99w4 zc-~srO(#qWV>3kTtNWmI>6%!Bj%$J~0BGrDBq0yqWe;9bNj+fF#cnB{6^l}rS}ZFg z8Zy@Onk(=WQi(QaB-EYPj#pJIe1eWY7)H7uGg?@OVMbX)eQe+fFz0K`8j5l@N=c>4 zoXV{%WTU+mHb6zuE;E*$p#8ciK39PLyQ`b9tGvW+B=`iLH!@}}dLo{UaV3)l&k!6( zm~;^7Bm+4VZKgwa?vUMd-r)jJe6};+Y#zC;39*qeEIFZGLKhN3*+izD`H!HlbPkf_9;>KDIef^HcrXvU^Hl=RFxH zFg;@xZ6LNBvQGQCNn}wL9hN*X^SH7UNADA$m7!@}RvMG*31Dg@lQ^8}0gwGTj#^JQ zQ=S#6-(1g1OLd+G9ho1r);>b$4^^Wr8gNVJj=-tDAD3?7jLDlSBVtd3)5&ZH8l0o! zGK~4lKIM9B z;|mSk5^XUt-}TF;j~`7MAA^>gfQ zl1F3Qo^YvJD2tD$(dL?tofK)2h?ULb+4ww$>` z&(-ZG%Cq;fz!YJXu^a4Ux~meFJqoy6xsP@IYD*cZnjC0>3-gWw26Hnj&e50 zMJiI!+&nt+|9xE1~%iV&~q+YOpk6iv1UW%n0Qp6Tt5IwapjZr^-K`hQ1M zRK>zeH>i5q3%#NZid0vZ9Au*u>@!&S-$~I{gW>f$CuJ0eeLnn{oFOXPsosIT^l8GX zh0G;aOF|GX0={K2%STt)KdeDlDTlRII1LU-FdH<^z?Ll>hLu-+*kAf7j@AJ^7@uQ9 z@y0RxXGozG$4GZ=3#?o2oKAdCQ_Wi05$RxjzPg4f3{)^evG=&8EFPSYlW9?+Fx3%s z7zHsk<^2Xm%mp(_qf;;kd%YVB61P!6@SH869!-3c?kJJK1wvhi7OT`ixdYC@1d+8^ zIH)NjN!7nv2*vqktQO>#28>55=VU2(Ete3K#i(wyy{Kaz=!IA0X>4tm9LyOq`2iq* zUAv6We63pKx|Z6awyJ;S-S!+k%t|8_zRla54D{j9@Kn8u0=x+frQl zlewW898aRk2t~HgpcBqrfXRIANZ*tdEaZIHD0C$*B*9SpHgDh2jPSYuwhUA1CuAI^ zrg?uyoX~p{DPOEkS$i$g4I0RKH!^UbS)W}n?nk)_=6Gc@^9H_vX51*!#fBtI64Si> z+$H;t%7bbw7JI!^)_NFWJ$I{RD>x7?X zMN8#gi$mc8r!GY>tG1PuQ&b{avGp3YK#g|#sIMRwu)+wLS69N}a3X6*pI;9bu>6;1 z+nv-$Fe1O+j0-RAMRZ6PO?o?Dk7>yT4v0*}ejT$>T<*Yny>t`6x_+Wh72^ArY%%iw{y1jau zcG(7qaBZ11G8(Fp^?>wHIx~%!V6J=Ab@D9@HzwCF4^+tA$;;S|=Fk*|c{V~=Tsirh0`%PvQHSG$-g(ILy zQ$L$V!mFSw(FzS=>4+$C`Q^=jvlvC)U7$u9hl*W6q3uj~TkEdYUNz*WqbvnQAziRs z+Kb90lu$r{P`wc~=b0&6;F{%LCJ(Dr-b5%1N9)wiq*A0N3ho5xbJ^4CYRE$%pd*Khv%X93%%)4KG z3Qkz8oh@nFnJOYU3ss=$Z6@(Q9Cn4z$Gr`!O-1uAVmzx_-RWse8dO6cCCEv{TbSnrTdQO@y5=cV|b)RMgEgx8o~^@aoK zN#JOza4Tia*!ix^B1B=7P{i*F{caB-EDQXc^%V1_-(-v34kV&BKP{t&$ zBUAmn+bz}X=z~-#J~b7=Qxk-BXawyn-Ee2DUZfaEh0x_)o+g)DfKMU9jou(|x@bKZ z?`LF41Gxa!3JIb8&ICJ$!6odhvo(4Y6)`b-7jsa>GD~i<9r-te1A(dK9Rrf&WiQx~NWkBn$Vtal zbIFnU=xU`r8b!-9{-3fCXyLng1jq(7*>@UUjldNHxyLZlLfhzisJ1qzo2tb!)w%{! zM8=YXfgCuPa%o=_&fm^7eQ&N;w~U8R@??|JMrSU{%ONd{i`!dK#GTa@UCFu;^;!KA z$DoSmLnYwbtV|k!g0}n>xD29!(ji=nE_vvRg{+R6S8Gy9t1VrTZ>6Gp0%*FS|0?ZK z9ya&{m?03mitDYNMY$^QQCh9vxn!zt zP%J%oZZIxqYL>7HVs3=NQ9d!VZ?x^im&1Gys!^;ODK;yP9)|E4EWN~d5}LvscCvt& z2;zC5l_`5lZ|HV1P zHSk^g;DgtcAhjK>8ywdXunX7yrjz~XBFJiS2X?Z46gA%=jZ9&cTOz&HF^cc~I@-@P zD6nB0>~3SacX0EsFws>UW!jdZmdFxls2?PjycA?;&Dq|0Injc$+f=Tf&OF;UMG5408GQJ`eX{Zp3%t3 zE^{YZPGeJ4Mu_BVX>jq1g3%(Ey@<#aV;vt8*n(EZA0r=qT~JlTUg8kKV3dy8nndB9 ziOAL&1~*RUGLP#~UhoD^C$H63i|v)tOe^f_X>S5eaRljj7O48aY2$yBjc$q?P~P@V z4~8_LuL&|a$!sZ%n;dOj>PGC_(TyjsOVn>pMQ}69{+qW6%T(b-TDFqmGJWWc*kH-N z{{O}U3}hsB#$S$IU&p;W!w7wknW%2ynbqAL>?1U=Hri||* z&2pcr#q29*z(k3Ou(SWIL^;zW;js1j1IuCW|25fNo1MUI50bA)<e0)V4x`DdGeM7T5>wpmFQ|-z)MKH57n@=3V- zUei(f26+NW(_6PD^ZyHEP~m{PZ32k9EY^Yj;;nn+!bnxqxu|WCQzRIK3x3pLCEJ~k zzCzk}No9e}vr@M{pBD#y0*EY1CmDZ`k}9UE#qDkr@lr04y@aX7_4M)knWOo6SJ9dy z?BB^(*0|<%6_#*iPk_t9=b0rchqFvRVK(;pTvgEl6;68qq{1ceA1i#UY0&N7P(QcP zL7E@f^~>R6Zz>>%3_1T|%8j3%Y*;I+DKs{8=(l<%X{~B&dG2C@*JPjXd{1N!>(KO( zKC;fy;(2b@L}x1&HIL9%S%zuCv}r2Fa-N0p=z{9GlHS*X!LCrgmmjif{sg0Z z+Ai3m%K?n2@bs(*zmlH9+|FGq@*ekf%@D3p0ugX9oPt00ErjC^D#6)?lsZ}H+tsM~FyyhWL5ljXXp4h``9(U#E zr!xY10|jtD{J!Z-$IywxBl-%f*2ajl`;=JKmh!+ z+FxMeV1h(Weu}=L38halG4OzErSx?e8kl?;_stm`Wety^|8+F-_Ye!o2*JGu2B%V{?p=3!PdMN^ra;R=9$&fvMc%>gTw8?(r!_&ll0nsb}Z!oqi!}jQG}l zscX*7Mb%`0>nip*T%;C1@0-*ASTH|P=0DF;od57}cszfLWk4hMXSL9?ARF zfAI|dl$Rzg{3;ZQ5ncc_=0)mlEB&7Gsq}mPb!eZ2RPr6E{40o z75VegbTY22Mrc~49k6$P)xM>}nyDX4ExhjvN{M|F{Tbl`3uthazBKd|$#7;*WI?Of zNoHB$36Otj@#0(2=+EILp4y9VP3WRpXL)!L%N8cb=F3FUM#fD@xmpAvAY3R-WM_)12*h?X)4>@5VvTjJJLSF_lyVv!<9 z)93fajJ=_vU@C5VOoAuCaqt=yj+QGuzUgtw$>~;@Yt4oIoRQ%i&_nr_?PVDE!@Vp3 zMK3|TWsiJ}_-c!*k#LGA0tX`-$IibXHSX8Ez}Or;gL>tTTR^RYRoJN7 z@~7wD{)!I%qTY%zE_#u07qQH?(0^mDIcon;zkiJA8E{{90guF0OF1sXa~zPJmWGia z83?2z&x_s@ma@Q2EKEcy#ESK|!LLcdHH#9iDDpS0i&{#em=a| z6Ca?lgiqh#BAHJQrVF;BE$9f>M#;J7AkOtStw~>=v!oQSHA1)Ej&o&S(2TWYpap^| zpZ6k9V^3Uk;H#}%O_fnHH{)A+ged64(`-mF9U6CqW$d)*^BS$500PWtW~RFa3|e!S z?1g7lLM4IL16IQEV`>xp_<@{GXH)%IRa~SU(Y6TUSVPj)N_1E-E@Oe_D{Ruu66}H2 znKjvoszS7q6Da6QKQS$7?{V!jOSD}Yk3g={)d30|9$5o*xi~;SCt0hdNVphF-1#yj zE`r_Kdk!)b1`adsPIQyTel1{$T21b77%{d98m}Q!!p)ul0q}yMna@U6kS44I`{vhMv3GY+ z<~0)QL<=<)VUurs#P%drPy=7+uUcUhQgHL;6Z>=8O?+6T?wvcZ^-~L)nUHt!7PS21 zmF3I0izzcGwVwTXh&^cA05UINT+>MVP{**6(uo* zkZosnW*Fg;z}{w39Ghqb`x%dh1fxn6q2Su^Gba0afWMxm`j7Sqeir6Au|cIrC5lP5NIZ*w8=r&9d7&OV;TO;7-F^XIv7~eZhm`TVWYkl`gx_!AMQ4O!5PU5ytJMC<9 z=gTBsH_>djlgq17(7>1!?Q7h7c4e=M@zHoUDb}I2;Wjm{%?lR{+C|oy7Flt?9)0 z3nSRv)j%N;1u&g2br9mJ@vXDx`@Q8yHzKEbwwa|eub?qCrA~9_o;EkP)0!H@{w$ z9-Cjn{&Vn`dBXaS0{mZIRtsPKmss=$?ALNA#1M+3B@^q6qLOI^=XQ!#`&|n!(8bbE z2br}hfqat~Bs76`uts6iTg3&v^N)r7fPtZ`E51klEL3R=PX=hUfSBi}y8PhWDI+8e z`X2CdmeVeim>Q4i>=EVh{of99ARIJl;Nkz%c@OkTg$f4dUyg+^trMg{D{?PUv|z53 z7K97A74SHUwq+co(ZpVKB{CI^@*He-UQZM+;{v^MWXfIt%tvDmnmYAWI4Qj(Dtk@{ z<=pJ#G?8h?vFI9LCO9g`d+T_)XZj>@=XSsA5a8RGNLS^**3l!VEVJ_U z*2CK&bD^*g2_-ELmsUT??;~~%>pL1`Z9Qh!+M|G=1So{VLJF$YI**y#SF|9$+0JF4 zlu+q-ppK21x}C`+IWb7My;ci~@@qm6&`Kte7EP+eNVN3njAL z@!5yj(>8|~p$Jio6J}?uJ3#$wojDHL&J;bGbRiog-XI2sngpPXw7m3Eo9zn#K$ZGo z{skzt+%eH4Vo-xsMwK<4wgI-%C?aN{>EsA$>ouHi?N{MuV+jgCST3=SteagC!G-E2 zVZUQ7V_rav2u4!^?nfdy1Zp^a0-M@)JA?B8becd?&DwYqyewK+FfS4t+BJ@Qu_{q3 zs5&WHY3Lb+bJbSgf@gG)iqb`;ooFzD8j87^NfnE!0~Df(G5)eiKWIQ)V$|#QLWN(Q z!K7*XU>m7Cep#!=J`^p^8CC(NJ%y688LCzS2Zt#WV99!-PFVFF9SfIH+gA4#(&+?Y zMpTkI`6VmT+f@gj#7gWXU)pRzysO-=_b>eOOzd zCa=jGU_{qGJ{3t9Pb-avyO6#+O8?OsI2fkz<4%XOgod1kc7=Hx=Tt2dP?ZAq9urEl zSjKj_4c2KVFo}OGejZPzy-YX%HuTv=9$x(9JUgM)SD9v2aH|)MIP%2R!YhYw8E0j8^h&~`iLGTk{SPL*WdKE4LdP zvS)HT;+Ugc)l;q&J2rISsiBAteeO#GZE(JnZDC5)vV`zkP#Im^RPi+)xn@V0;}A|AWSEMSvo~MTpq6!o-F&G!t(pm%f1mMkLU) z0z#q^yKi6f7+cxIpK|WEc8l(@qu7tXqAAZ17W3?OAO?%la6j-$rb$U&fDWJ472 z{j<8ngrMvl_(U!uut-002jZaYI9HeJ2?BCbN<}GC6FQm?Fjh3;fnO2b`m}KTTQ4c6 zveh6zz}QLnRDkX^0zU{LSEz6@IU1oVE=Zz1Z@_qt@|p|o*h6g+)8geC@bM(>L#fMpdCBZVl3 zootYE9FmT5%zE_0;6NBq)1!uJZy?HvlBu+lLoxPm=3{rzXF1KpqzemTJO(5ha+dfI zm$}RukDC<@Pw`0dJ&^enkU{hUP8Q6q&H`nCUzF23x-p}R}`Or3i56)c#L za$#-6I<~5Hg-~4uNEKX0Io}mBZ$(WwmX9}+NxipM{&R+qg(OAZdke2cOmk1)(|E9c%P!pkoKsZ1b}6(@fH z1}!BOB;>ZvG*hp+>mUkec}!Zz1A8l8>4hsg;F;Kmk_g^6183Yl!t@SyE5+NFl_=lqdvnk`mw;WmaUI`#;VR_ zfx!+pPQyS8SB4cYsHQjY^AGZi`wkV(jDmq=!A4y)3h}-jv4C02yA=cEqf^c|##fYg3tI6yI zbgMyd^Spzz^v8zBI}msO=||=qRO$e0#sJ*vCyaj0LrUIam>s9kFY|+W?6A@INEjSY zfn%5-4iGR3=mK`Rv9rW@nH%}!sG8&A*AZ84&IEmOiw@2J@;(8Wv32Zmj7o$I8N5)= zS>R)RwYa%?5IK)edR2iV7wYW6J*qTh=0*g)vfawWuT*HVHch#D=vO4m5yEnjgn zXx?x0oc6gWde{Np{XILy)Ro`t2cvC(ElU_2~J8x z;j&wf=lp()G>3wJ8!uys4ReReYY(^AR=y)B5Fw;~2E&EI6(YvPjWdS(GYUvRT#6GM zRMa~l1|()mgGDU?93a}m=Sj;%maq>ChSZUej{46rFXRxpw~9bDD0t-gfq|?d&5($p zYB(&1If?tVgCjrr*&s64en7#8WlcJhK>8dLoTT4OU*IR5kAfE8#C=S$j$iDeMXsqY zh)RavKU3-e(2Tdi$@Y^jQS>L_#Lo}%w4{C&1aUA~|LAE)XJYZzdwV36({|ZHQIu;Q zKQo(IFVV1&vILGY0bDf=kKKM%UGH^_BKF;f=iP!a&%v{t3UOi2*YA2-z5ALNR@h}s z@Wf#eOjFE8pMw_v9<~C)=o_J9I7p}{Fb7~KxlwS(IRKDJ%!>?wB-CmAfEn%g&5r{u z97U)*0J0Z^{+Q{gxdk*T9Vt+5N9uN;9Fcd>MbbtRb#f%*%ruo6)T)3S@>?TZx{2K* zaZlWU7M;D8f3|kM+PvG0bC(Cw_e3Jur6D)+EAHA&& z>||_hr+yWkU=#1yl8KbHd}bBoTx!dA^8RRezX_%1#UAj1BmmZlao#ca3!Ii8VW6Dx z*uL&e1{N9d7jAt+N*)R*Sxs%6IUxk4N<=(M8XpN3^a|sG{#oWUdnX)*LvMxYryKS?P2K;g?yck6T(*DVBtQtk zf);Or21;p=;*{X7rNy;Sthkm6!Cgy%Vhv7lEl}K{xKk)jvEovvebaXDefBx;zV~dv~P$GR2C$&udg)+!7?Sc{V9t_f5u7pV>|E+fr=Nm&5MAc&Q_9umc*39m*oIPvTW z8>a(MM`F_K5JfZ?)fMRBxVK(Lfw51aGnQ0%E((Z%8IHl&Tthf-fCZID3qP+>LR8S| zK++>p7t2W8ibB!kI~Sz4RVSFP+^o$gIR|pp_I46sQ~mM3^lo-j>Fo zG>TRUK6=IA?5@HUQIMcgEb$7GBo~M+9!;tN?c6v>5A<_+zsIo>4^fUgr@6XP^rct+ zeKDyX<+&C1kq(COGMFQ=ga}KFz5#oHWG`|Z@&6;+ms+pz-~*Jggq$RPu19|ih@vZu=M94;^b(~eaS9XlqA?hNfGJnJ zBdUBlw@x0D?bDP}v4F33c#WRAnqHsAgPeyS)a*hO^9F90Rq1TNjBF$jrE?$PzwSZT zL3ktn(#AJo3Q)!V&jR^V6VXv#jEdoP@rrrk1szBl$HSPgWkV z!Pe0w8gsS!Km+EcVTr-Etn}%D;UzY9tl>Uu^zXxE-aM@$2WooT-ukLp@*z`yA1BPq zymq(Ee){ob@kQa^f*D>M8DMUai^4UFY6QPs-0|<|k40NlD+KoK{yA{t@pGRx5aR~% zo0!mQ{GMlb1%@oFJ>}68P7<2l8T(@M9<^KcBa@kh|GIV345Br~4WMKe+Na z&|Z$C^n?6f#2c#GLTk=@d8;Y zSCoQCqu3N`Ev%C8-xCXJo|qjm5ZTkyi1pl1F%o(jsjPG??W*fS8A!TU;rmSlzK2oF zuvFj3Wgvgre*L;=?%8SZltd0Yo=Aaj=enE&ksUm5OfjuRP9=#c2rzTXx$KInM$&k#O+!3t>u1CF^ii2N)#!iK6Mrx4z6K?|t}$Fo3Bo#3tDgM-jCv z5CZ-Iibs3(aP)0KSsiZlldnAhIJq(rTaY+XKAlm<^%$aeMbc3}pU?J6B!P}=POf&x zq$_;@0FYRkLjjF^84e`TLq8kE^VLkH73L&fFOp!#FoZVSkRu&fNZ5L>*vA@Dgx})I z`K|~^d3+UdPnMI0@`+DUk{Ag|$GQ~&9zxv!YvA1>GRS|t6l(<&BDFx~`m%kw!dpG~ zC$(#LQkzVWc7mr+IwpPogP#}boqGi735mu&bIEOFk|%oJQ2D>@<(xJNDfib9 zEOG+#ocZSJ;N$faNO%6!th=Rz7uI+5`yDhKG6$%Zm-zl#PI-^&A*m_VQ|#NiZ}qs^ zD2-1=@E8z|e>-09i(`@W{pCm)?{xzWZA{aGNV_qsp!R^JVs*OxXc@ybC%Op|U2RJt zE(QZq;Ayxj(!+G7g8_86&VraR4L!R>ku=elH+CjQO`qvnw46<^-}AB`&IbX>T8n=# z{Vn{DJbpTH`1}ZBPr2z2{FHW~xuV)zn@_I>jsF0IoYp%JN4wi$VE*b4OcSs?t+8T! zkAvbIYqrOaCIqlrU-?dl!tL0Nh>~V>thQ%AU6b(MgO;Q*QVN=%FciJB4!4%)eUHIf z81QG$P+V$nuMWCy>7b+G%jy|QN{+P2r!_Y;!djg6h4ti^PZ4MncBix0ZEncS!S4wf zfJMV>+Z{1N$|(NuGTqp@fkgZt0Lvxc+(aT^wjBZKimx>Hmh*}C9i<4We;<4P7ef+j z_ZEief%KR{I-HFi5Km@#7tpP2K$A#c#elYkh9mN0gx=**y{6;FgB!z&G&w_jS2x2k zDm4w5w|p?lygqi)@UU7)o^^r~!Dm-7B{T~oP`BY(b~u&XbzWt0CuIv)CdcGA1ThY~ z@VX$Z0s^?IUn**YX3tOi-;R`j(>6y$7`YzsjjvrDU%*JYVT@hQf)=oavr6c=ztH+W z47k6?LFjG(K=|^U_aP?qtu3JFhyv7itc}}=-*R4TDv!_s<-Hj*yhW>m+pEG=?P5H4 zLZE64C#4Jf8Kw!tdzUk2th-<@lPqvrywNkav}up>T#xi zhWXC7{e^lPWo?Z-;^25$v~n89@MFd~Jpn$l&K^-DC$Y|0F&)nsd#VV^m^%`{%QlCO zt|bbhBiG`mDDUd)dJ_aD6S_noB;zFipqoFK-{2NGR`P+UjGcT)BHh3X8$xOV+zLcJ zz8XCRBZ1osJT2t1fvet(x`_{5yFrhv#m5weUcpbbh&{6M!rH4KM-HV2aE(?~o6vi% zBUC6qvF~!lYKy%nI_Tq?QiB z{SMX`NU=$6VU;o_3Ev&<0j}`gHfqG#+*2!TxPN<6@7$lJ=r>2lUO^1(So>WK^CYe} z-VB-`fOxyrB^r#si_t?RMa}C2u{9S2Na-Rzht|4>f&e8^RU>(D1;lcC43)Y$q z7%~d_3Jv?qNQiYFAVPNdz`F070Z5sW9!@ViHqU?`mWNe%!fIKlQ{D!a%(3$XrlICQ zb*z*^@J`CACwG)cld!khffP-zK`kMA>=?D$o9`}1E)_A7)z8D6l7;L@2Tiz1q}R0p zgxWLI;-w{7c=d&J4)IY7VY1AzWX3d`y0B%y4lzxoVFUl02T^66L;SdzBYiNWRPJ>g z0aK~kr%qN<2tPIyUrp`U&n+q*!Wns!#jorb=m+VJT+r|d{M1Jv@TO=7nuJhk02;_T-{8_N&$!zct`3~@{t3RN8H(4#HsWvCswPOG#6eigJ~n(#q;i zt1C22Fl1e4KLS`fzKpVDEdux?q6wx>Jviyf!2L4=<2*y)S8D5T+nz2|%Xe+aKFn?F z%Vag$Q)gG_ldl{70Z{eEbzj_I!sNbcK`=}%SX=TfNUz1nWA(zD` z&5on=O^hOo`7BG+sb{wVh#mI+GX7rMvp4>N)!%JxzKslg&U|tz!L{kFHRLk~!dzH@ z>45&6V>fY#Nw_ro$!4{b%~-ksS&k9-g0cHGHY7^}somx$nH)}KXN>;l<~*^#+!Ev^ z`ZWW-iUT6CgUx_vCy%uHA-qTN1G&UeD0(8CQc`3{GkaP#6(QJbqo?gUEK}waXaO0f zdtHQGO$)B83{?ICc!yy^HA;3}xNW!2w_4+IuBUHTb0tCUx4Vn25LGs3J+uUnY4ZX& zH$+xRD4@~Qw3DYEl^1L?jvvxYk}XFN zodN`mRGM~QXBTlKP81A4!C8v6E-8yx_AsL6YLQvo=Xq0Cgrlb4ZSGx=M`_Cb08~m{ zTA)N6Ae?N0BZf3+Q9JcRTHp{9`e+vq-SLc5xr8a#>Kzyym@IvrKW1Q)4j2kBzdOH0 zA^x0@MlKv*6?Q+SL4o)Hz)LJRs&c>8$fBP}9PeD1Y=h`R67Fxi@D*?TQPoqpFjc7Z zI$M5dwcS8yxH z25KWwGXhwM5hazdp}7T_0kDhs$&mCMOVl@J)RBF^{>f$9j1Zi?UcXnKTAi)K$aH3j z#BJ}=eZ%>hzug+j4?WhbN`x?Def0>EcK`9J|=a6xBt}?h(f%7=w~~jk*~tI@yO>8~M8sCbvG`Q!SF?L0X1Aog(0;574nZN9d${%jxzE8A1M4k2>i!f{+|x)B0+VLu)F-6Phh(= zMZ3sQljMB3AXKOS55NzAP#2kK*QoGM?+*avC$0l^DgPiGHRV3aRMRJUGAjA?ebd)n z$-tPX6+ojtZS>{gbp`v2OkBa(~7i{lWit=3m+lN_q^E-~|4m z2Kk?!ze4`WbMoJ@9c%snr2Q)A-%s&Jjz3H3-`PkcCpCore87K2{fD&bE|R0cU)AyN z$^TQ@@7N)s(>S5YXvs-U$;r5%GXF!`Z)HwKan(RlGs-K_NAkN*<66#Ndj79GT_kj! z>eBxit0j5*@@JU-9}>7vhpHDwrT&v`RPqGVa`tr6|1Y-oQlEcfJ4VTz<*EIdocpwI z`0GEh?ZI%JV&+e_tG_%_xUF5DU$7^5gt(pEUo9H<0i;0a@XJ`jQ0Rb!qhq)1s&ROH zhxT8{Gq4L$_yN^Y8EAC0;_BwD66{~Lyc6!psd6xPJC#x6xTSo4kn&pH@ay5T zVnSp|qQNZ*UcFu^9aY=sW&EGHOENqn;6~l64H~6jSNkKk+M^^-m6f#Nk}P~lh%f92 zK9O)^$kUW28f2NQF4*s+a-XPWSLzwdbBD_m^Iwb+jmetN(p;Y9adc~cXP703)stFy zHrlHsX7DH^qS|arustk*9K`Zl7Ggza-Y&Q#hSF%^%sE;f0)wLifMPd$M4&1@9B)(H zO$TsJS5tdiXI4BC0SlMEr%LU7bhX$b`G)ZQ2NW`Uh7X2_9bA>O1e~ek8;O5YgvwHc z$b9IS$|ug!I>@^$UpmkET$PJ-!9$dB7RIveB0Qe_uHh$3-&tevHF!X z+HX{{%Yk;rNB^GI)}QoE{4ekuPWJ528l6unN~A_T-hPxCda^Kd{9MvSE*lao3%AnF zt$(&QaWD9qkbTdXFZ)OOtgD>pIFvJWm7chL2cXNcPX5hm;9NGLy_p)W_Y)J3-wU6zEg`GT&9)!Bz%Q0#+kX~ z-9%v;kBN&9zvwHP;g$xj*iM~w33!p1spUL~C|viLpX7=Dn&-T7vmRKA~nVTD+Q5PQANq>$HE@%eb91`-P5 zGFZm0eWzp4Tf9K6oD(oios%zXa|UY`SK9Na4{a+BD^x`H=Up8xt!HTL`?z> zC)mY)T~(Jwy(|VN3Ve&+s7=YC`2LoX0f$>XrSCv#p34?w z7Vsss$+9w1gHvH4s)r4j7;FobBIJeU6PcZn2ai54scrz+i;kFPvI?;$VE_;*l5@SQ zDtNj%5Hkmrxk}It?h210gKL0;&UkWJYLD=m$-^8`_O zUG;d2$kkFe!&b&Gu;s#>TVyh3TIKfj0}0Kmm2t8QqtEsSq&%UbP%p3}=LMnKYc|67 zk3{>{3pMA7;bHjAZW%QkV-jn|7lJ(>){Z~id)=mcVRnXarnfSbzo70(S z^71QgY)nEBQ6KpNG8WX3ttID6(;*y`b+rB2eeS#&K+0n*Y-yVfc!#H*##3%?wpRnE z+=ZFFdT(-a(O8Os?*VV5(Q3DPa2P%7{Zh$(0~}tII&Ao6{^j%g5!-?MN;o__g%|9G z*$TqFQ;6B-u5JGk0ynH>L9c<^T!-{z6^0qWJt?IH{opYCK=gf--8_#o_zP6hf{Z1Y ze%4TRt3qPH1cU#S1ut!K>WuSJOA}3AY$kKGvFRmfG5{Ora+8^i6n@i*LQI?_mE}HT zZzplbbQc7bYSbMJI;dxiC$rezM?MZ6GAB17V$onu_I&koX|^gm=ZLoRbNNkuW?Y1O-& z^<#Qp}>(9 z+Mt@Z=Z7D^ZAr&Zf%XYm8V!o%0_^g<6L(x&q*)W`uL^&($x6Qs^0ZI)BJ$&hKRua~ z0-Y|GGrN8SOfrlRl26+sCeT6|uiRLB7(fIR`cFgQ1VruK+{k&MQx$-rwmths`N*h# z7*8dfSwA-QnhT-VO$AGjrkFLh6Qqnhc(A^JO)+IuOf4wg`6@axkuL~3_Qi!FZ>;ml zu`rY8@JEV-C4lh8Sr-YXJr+7{(0tB6FkD2|&yE)>7(!pC*4+OJv-(f5vz9RI!-GwUH z*sqb;9ui9msI^}|dVvx|DO@5GkKld~vHx^b*!exdn+wVD`QF(JV$G=K8SM zKE<|ASnk z7Wb4l`xG)*={E}YCE&Ti9@<; zRDeZ=A}6{p_T3q~R;XKVJ$L;!*RPrIV{Qi96@KfDWN%fxB)j8h#w64^iI=V(?!YjjRm@H0h8 zFYQU85-u>dH#D=)NaU}Nk}B-{0MrD%PLJjz-Z9^zz*)+s_KT`UOq>p2k`@7H@|?L1 zneKYTx&lSmmLr|+it)1EvJauJ#0IhB6*{QIChPnyo4f!ib!M6xo$Jfr%_0L`6)w&) z{2LwbdvoeOp>vG68+|0o9tPInvD>p?Ou!mqAkEwGZxuCZh~ zZfBf9v<&FW;QJsT_5^^O7p}h^!o# zV6YOWgi`X$H8{r5jbTZYoJUN38cfQCK9WpQ5|7pdtFE=05-# zYpY6V0C~|U{pbIZ`bnLsisPv zgO%fsu;>5~{;w~}znn+Mb;qN)*-Zhs!iv%DLwk z>!=Ho|DFJZO4d*sy~IyLN7yu4rLnQF#=m7|@Vt|JCX3d8>cEoCl)72d&qiTP+kqz2 za||W2pm?Q0dn#NmL1KB6{6+j;?o1paf5u~Qzw{H$;PCKE(m#~|YxSu{OMK60gKhauWz(1L0Soi|DVC~&d zPs}76C`0J`h$N(4Ky-q+U|2m36;e-KK8DC~AK?Z)=wiF9_KoMYy(qxLPOD}4GTpD; z#k8D3vV(h?k-D=6Vtu_G=1m4}gw#*B6aj(#Dab++M!^hlb;k%}{_QJ+v9}MYrmU2} zvp(txdYr*xJ+5fQlSOH|=>T=1++OcI6T>LGl49C|35)_4c2dG37nU)BE(dnSfSGM1q zrXS7cjbknZ8#Kba7XzK;teXl7CC8Q`Ub)Jq2wj)}>LOkW&G+3^VeOP5i+3B10)T6`)LL$isY4XpXK70(f=WgXoK(?KU*=>f*uv$`hYeOecYf-YqH8T@yeN_YR1- zu#ovK9v8fq*o=s&P^=QhD2DOlUsn72vhdl&f+V*tU(*unL?C}Vv`IgOSO{-Q?MV>z zd$PF?LcMYDmCBaQQw@Y|WqF_N_FXUten8FA)7lsPeSgZ}NJ=RKZ4@01JpyXdnV2S# zSmMb?Y;yOSqnzN;Y#J^F@cD$B+}_mJd!uo9X1r`w08Ik%6-&T-BEIl+&iR9PZ>W)h zl27i;?T6jCgI&li_*mZX$Ve7aVl8wHjN&$3_OD%fb(o=!#21hDvq(v<;8U`GH!X}o z`{A#%#MBJe(Kg3pEt8kOyyDIAz5*|J>v}`% zo3w2^dGVYFXcerAg;6%4_nprpwXi8PGX}BAZ{@dg(Z&zd4|T*KaGr&gxB_ukTKTRJ zs_KVk5;dRe!X4ZY_qgD|DX}|}U~8H)cJb2tsWYwJ52J$Jciqy&GUl`)C!{T{<_;c3 zfHSfL@l+x?4oD|rTwGJo0XkLO(e(PG8_$HS!h5ndrtg<)R+w|5c*1R(yr1FkrRk!% zNwleKtLL=k90+aQ>i26`;7tJFeQ_(dr%Ztib^VNwZ0JQbdnmC6NSC$a#pgq%@8@-T ztYt97;+Be4;}H;T*(L)Q8uo-8>dwG%Ze}YG9$4tMoqhdc?AnBA2Y3c>>s3{EASZsd z8MYw)&S})mLR>#+TW^wAJ}4TyEGA#Aze-|aiw&n$Z}Gp z*pb{3j7$nfd~+i zQZ{1E=M}sEx#z{?r^lnq_Rz!*o&4J+U(oEv!g^!abcZyW*XUS8&W2N=rEKGH<@}g_ zO=7x_y454@fOatxq0}ttVQszaGVkt}#hR_t0@Sn2kyM}<`C^_BQ-j^={BGAWtfLHp zdEr6(UvCKzVY*G&uQ5>PGcU~d*3VUl5Y^ndN|%=~N{uPihh2xhr_{8}vzXoWEe86|BKLxQiRYl! z<4q*5LgLrjYR%sF zKLGsabv8+ex7!=(&!ic!6Y}fht&fcisL{j}xgUIzJ5#w8E?1McmsTP%v}{UyhgU;T zx{=b>m#57m4=!HJD}Bba6ZK1a&KxiDbApH2Cm#;mtn+^r<$;JxzC&gAVvG2rfN~iR zg=O0{#tt=nSQ6}e_QUXJrtJ2hKnE0ibHP6?wEYEA-b4)i@!ZCYVAK4f(MMCc1FuwF+mdMPq7ouf44eA(kNXZU} z2PeT9064VWPi;9)6C=r&_5 QVlo|6f{$#64R%)4vQtnrf+gdBK45;v8*Uj(yI-S%!a4P+HAkZEuu;h*fm9}2|ueL zW=cQ{D2F*UyHc@~au!WWEhtx82uD~4ho5Zru3LoXQRqUrBO`L!#-rQ^8w0`0{SSu5 zcBD|>uLB{_Mu||F#!HC__OG<-u#`=`fO;*?A-#J|qp*+vN7VI@y66(c?&F}yglLP) z$Gx$%q@8BZ^+Mo$_m?WtC2sGVO$ig}P^Pbb_PX^y{h5EMBNCHZo+$i4P_X<`B{ z4s>_Y!6LhTZFro{FPcPRBp$LoJ^N@aKZr|@z{}3o+MWA8+>BaTEE~q|ru^(l@K;n% zfmeR$qJ|57gZluH!U)?eHS&XV=m}7~QNFoJjls2P`|e^sh$Eh4Zo5$jS|#So{i1Pf zSos!B4uHlK|GR7heM3~Xsn-mkQ~W{lgbHo^46Z#qYtpCXDvgJRU@psj{M&bZyzt~X z0QDOYz9tWj`nj=4XdqeZoH2++2D2q5jWl2zZKXBMOjobNl=2 zR+J6Usx_3j^qo7ADs~bG-pbs?9f9^P|J#g(DI}NP zPJlxE5Ld?+f^`nlX#^%jRRrrC6~qt6g1NHG?&C(69{}}zqdME{?NwFsQ}`Q^*Sd>3 z@O$OBLi=LtFkM3BJgXUW&_%->hzwpIfQwx+#C3|D%#zz>#3YSyW`6^BTYhx8=UcZv zu|FazEYDEo@Mg159xR2Od0jweoVK5XD)krx2@$|^!{lJAzK+v>l6Ju@>Vc0 zMP#&V;;kZBsiC8m&r69Wv?1u0Z9SQQAfRBvI8B#|9bHB__3Tmw;8<0gNC7`cgSuWs z;^__Roo*6)Vb@r&;KrhyR#86JJ><+MWlt;nvKZcZRn;V{$`xQ-C4G(stNgMRfNzA` zPq8c+c}8jsplDlL$)F9K-zO_)&)jOg zZ`AS$CaW#s_|W2!jstw;>AfgpOhk3MP_lcy&Sag_|!7v16Rw#$oq@aXj^T?ho zI;r073wsFO=NHotyuSLXYfpXvM&um2&)Ba(ty`{<^EQGm`zb*zjp`Xhkg_rsm_`kc zG~zO$KxDseg`%PN!bBZ2@JS+gkO56H0v1M`OD#f14mpczyRFkNEchZTmvGiwi{W~v z`Ao+Vv&X78AQ6Y?zH(3$-2=cmVp4a}+Q9ZYlJb<9Upy3gpciSBX8Kek44$X-F%j9r z-8kkqbh9+gtJEUPkF>yfWD|dzGeOUY`W03pk~6)>Q#QzGfk{1^2V?*#1ui6W-md>h z;QN}DB_@c_fLhdoJ8!42TwEEG93r#K`Py)kNpvLJA&ucx{cb8peaP1EQYQMEr$t09)yw)>Ns79A#7YS5T$X23YfZuG*#rfh zB3EEi!4S;01zLP9Sre+Gr_DpWQcqLX%8%H+b+-S+Tv0 zI4qHkwq3_qA574)+*~tO?tq>ZP829azsMJjAzkf|cS82iaE8Z$nG9VIWXUuD5K0R= zC3Rw8Emo{bjrNf-)R;(N)^;s`UJKZWWZ+Q&=E(+!QwLy8hwV@zuamT|^VlmVDQ)IH@XE#f#+g_GmoMb*nL70W&(Gq>XuXC*=@JyB;=Q+DrJ$acAfxZ%6c$Y;@I zPeB<%WrKomd`rV2dve5t`-^@XIF6;fJ^5yVepAJ8W{HW_8l8mZyRY8_w??xRoSRb% zcbL2?c-p9cE^}qoxWIJvF&}Q=Y^L$PYYo!#3OMG3CbS;z^+eH1em=>Uq5|k@r-Vta zlH-%heZ2CGYt}ZX{uFT5Izo1I`K&klaVs2S=Z5STw}(= z_1BQl0<{RIpcT@Y$pT9M4bqu|mo3Ab1%srED*t>F5@niUUjN=9e zion7><9_9{g8o~V5}Kb87qABhXgZe)`NnB5D0^O06yw%tjhr>zqMpgUV?5>VMU5D| zTimk3NnmW`!*tUK4fAO5z}gpOGMG;mTS_nayW+}x7{qTww+LWZ=1zp>XcHpFAT??p z*^$9-n(YdVMS4xN8^@_TkXISI?v4fZ>*ZS6?>xSC^4P8s_mt%4ZTAo>0oxDpfO(0} z!7J3l10}8}R|KGfAb{U$I5?0lC+Uc}wc*t?p1e+Md%Ea_i3+-KQPW@b2LS)e-jVlr zI~p$0Y+V|H=lAj>*H;Ks1CWtt?JGA!OexA@`WSo`v58vpBJxAPcTa@L;^LF82Ecsh z9^wjWJnpE?w3TcbGNUSc&cGBgWx^n{LFQJ6E*aAl{`P2af=7(gs~nZy+<~y2BMmTp zNFu5Gh(sX!QD@ux8_Qg{W;V?7BHG{ZqUY=PExk_v=I<+yegG2F9spDZ>LrPn|4SmA pwXtj8+I(2NLz_(gVPgxzjJKcV((%8isJHqmZG;Q&%zwQ3{{ZUFSUCUy literal 0 HcmV?d00001 diff --git a/examples/kustomization/sts-example/Makefile b/examples/kustomization/sts-example/Makefile new file mode 100644 index 00000000000..8cdebd60d25 --- /dev/null +++ b/examples/kustomization/sts-example/Makefile @@ -0,0 +1,28 @@ + +all: build + +build: miniosdkgo miniosdkjava awssdkpython + +miniosdkdotnet: + @cd miniosdk/dotnet/ && \ + docker buildx build -q --platform=linux/amd64 -t miniodev/operator-sts-example:minio-sdk-dotnet . + +miniosdkgo: + @cd miniosdk/go/ && \ + docker buildx build -q --platform=linux/amd64 -t miniodev/operator-sts-example:minio-sdk-go . + +miniosdkjava: + @cd miniosdk/java/ && \ + docker buildx build -q --platform=linux/amd64 -t miniodev/operator-sts-example:minio-sdk-java . + +miniosdkjavascript: + @cd miniosdk/javascript/ && \ + docker buildx build -q --platform=linux/amd64 -t miniodev/operator-sts-example:minio-sdk-javascript . + +awssdkpython: + @cd awssdk/python/ && \ + docker buildx build -q --platform=linux/amd64 -t miniodev/operator-sts-example:aws-sdk-python . + +miniosdkpython: + @cd miniosdk/python/ && \ + docker buildx build -q --platform=linux/amd64 -t miniodev/operator-sts-example:minio-sdk-python . \ No newline at end of file diff --git a/examples/kustomization/sts-example/README.md b/examples/kustomization/sts-example/README.md new file mode 100644 index 00000000000..d7b34189f0c --- /dev/null +++ b/examples/kustomization/sts-example/README.md @@ -0,0 +1,109 @@ +# MinIO Operator STS: Native IAM Authentication for Kubernetes + +Each example in this folder contains an example using a different SDK on how to adopt Operator's STS. + +> ⚠️ This feature is an alpha release and is subject to breaking changes in future releases. + +# Requirements + +## Enabling STS functionality + +At the moment, the STS feature ships off by default, to turn it on switch `OPERATOR_STS_ENABLED` to `on` on +the `minio-operator` deployment. + +## TLS + +The STS functionality works only with TLS configured. We can request certificates automatically, but additional you can +user `cert-manager` or bring your own certificates. + +# Installation + +To install the example, you need an existing tenant, optionally, you can install the `tenant-lite` example, or +the `tenant-certmanager` example + +# 0. Install Tenant (Optional) + +```shell +kubectl apply -k examples/kustomization/sts-example/tenant +``` + +For an example with Cert Manager + +```shell +kubectl apply -k examples/kustomization/sts-example/tenant-certmanager +``` + +# 1. Create a bucket and a policy (Optional) + +We will set up some sample buckets to access from our sample application + +```shell +kubectl apply -k examples/kustomization/sts-example/sample-data +``` + +# 2. Install sample application + +The sample application will install to `sts-client` namespace and grant access to the job called `sts-example-job` to +access `tenant` with the MinIO Policy called `test-bucket-rw` that we created on the previous step on +namespace `minio-tenant-1` by installing a `PolicyBinding` on the `minio-tenant-1` namespace. + +Example policy binding + +```yaml +apiVersion: sts.min.io/v1beta1 +kind: PolicyBinding +metadata: + name: binding-1 + namespace: minio-tenant-1 +spec: + application: + namespace: sts-client + serviceaccount: stsclient-sa + policies: + - test-bucket-rw + +``` + +To install the sample application, which uses the Go SDK, run: + +```shell +kubectl apply -k examples/kustomization/sts-example/ +``` + +To use a specfic SDK, use any of the following: + +### Go + +```shell +kubectl apply -k examples/kustomization/sts-example/sample-clients/minio-sdk/go +``` + +### Java + +```shell +kubectl apply -k examples/kustomization/sts-example/sample-clients/minio-sdk/java +``` + +### Python + +```shell +kubectl apply -k examples/kustomization/sts-example/sample-clients/minio-sdk/python +``` + +### Python: AWS Boto3 SDK + +```shell +kubectl apply -k examples/kustomization/sts-example/sample-clients/aws-sdk/python +``` + +### Javascript + +```shell +kubectl apply -k examples/kustomization/sts-example/sample-clients/minio-sdk/javascript +``` + +### .NET + +```shell +kubectl apply -k examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet +``` \ No newline at end of file diff --git a/examples/kustomization/sts-example/kustomization.yaml b/examples/kustomization/sts-example/kustomization.yaml new file mode 100644 index 00000000000..084fea48ea0 --- /dev/null +++ b/examples/kustomization/sts-example/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - sts-app \ No newline at end of file diff --git a/examples/kustomization/tenant-PolicyBinding/awssdk/python/Dockerfile b/examples/kustomization/sts-example/sample-clients/aws-sdk/python/Dockerfile similarity index 100% rename from examples/kustomization/tenant-PolicyBinding/awssdk/python/Dockerfile rename to examples/kustomization/sts-example/sample-clients/aws-sdk/python/Dockerfile diff --git a/examples/kustomization/sts-example/sample-clients/aws-sdk/python/kustomization.yaml b/examples/kustomization/sts-example/sample-clients/aws-sdk/python/kustomization.yaml new file mode 100644 index 00000000000..3893274c246 --- /dev/null +++ b/examples/kustomization/sts-example/sample-clients/aws-sdk/python/kustomization.yaml @@ -0,0 +1,20 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../../sts-app + +images: + - name: miniodev/operator-sts-example + newTag: aws-sdk-python + +patchesJson6902: + - target: + group: batch + version: v1 + kind: Job + name: sts-example-job + patch: | + - op: replace + path: /metadata/name + value: sts-client-example-aws-python-job \ No newline at end of file diff --git a/examples/kustomization/tenant-PolicyBinding/awssdk/python/main.py b/examples/kustomization/sts-example/sample-clients/aws-sdk/python/main.py similarity index 100% rename from examples/kustomization/tenant-PolicyBinding/awssdk/python/main.py rename to examples/kustomization/sts-example/sample-clients/aws-sdk/python/main.py diff --git a/examples/kustomization/tenant-PolicyBinding/awssdk/python/requirements.txt b/examples/kustomization/sts-example/sample-clients/aws-sdk/python/requirements.txt similarity index 100% rename from examples/kustomization/tenant-PolicyBinding/awssdk/python/requirements.txt rename to examples/kustomization/sts-example/sample-clients/aws-sdk/python/requirements.txt diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/Dockerfile b/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/Dockerfile similarity index 96% rename from examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/Dockerfile rename to examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/Dockerfile index 8ecf234a3ac..7caa33375fb 100644 --- a/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/Dockerfile +++ b/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/Dockerfile @@ -11,7 +11,7 @@ RUN curl https://packages.microsoft.com/config/ubuntu/22.10/packages-microsoft-p RUN mkdir app WORKDIR /app -COPY obj/ /app +COPY obj /app COPY dotnet.csproj /app COPY Program.cs /app RUN dotnet publish diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/Program.cs b/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/Program.cs similarity index 100% rename from examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/Program.cs rename to examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/Program.cs diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/dotnet.csproj b/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/dotnet.csproj similarity index 100% rename from examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/dotnet.csproj rename to examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/dotnet.csproj diff --git a/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/kustomization.yaml b/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/kustomization.yaml new file mode 100644 index 00000000000..0b29e6c6b9d --- /dev/null +++ b/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/kustomization.yaml @@ -0,0 +1,20 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../../sts-app + +images: + - name: miniodev/operator-sts-example + newTag: minio-sdk-dotnet + +patchesJson6902: + - target: + group: batch + version: v1 + kind: Job + name: sts-example-job + patch: | + - op: replace + path: /metadata/name + value: sts-client-example-minio-dotnet-job \ No newline at end of file diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/Debug/net7.0/.NETCoreApp,Version=v7.0.AssemblyAttributes.cs b/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/Debug/net7.0/.NETCoreApp,Version=v7.0.AssemblyAttributes.cs similarity index 100% rename from examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/Debug/net7.0/.NETCoreApp,Version=v7.0.AssemblyAttributes.cs rename to examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/Debug/net7.0/.NETCoreApp,Version=v7.0.AssemblyAttributes.cs diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/Debug/net7.0/dotnet.AssemblyInfo.cs b/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/Debug/net7.0/dotnet.AssemblyInfo.cs similarity index 100% rename from examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/Debug/net7.0/dotnet.AssemblyInfo.cs rename to examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/Debug/net7.0/dotnet.AssemblyInfo.cs diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/Debug/net7.0/dotnet.AssemblyInfoInputs.cache b/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/Debug/net7.0/dotnet.AssemblyInfoInputs.cache similarity index 100% rename from examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/Debug/net7.0/dotnet.AssemblyInfoInputs.cache rename to examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/Debug/net7.0/dotnet.AssemblyInfoInputs.cache diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/Debug/net7.0/dotnet.GeneratedMSBuildEditorConfig.editorconfig b/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/Debug/net7.0/dotnet.GeneratedMSBuildEditorConfig.editorconfig similarity index 100% rename from examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/Debug/net7.0/dotnet.GeneratedMSBuildEditorConfig.editorconfig rename to examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/Debug/net7.0/dotnet.GeneratedMSBuildEditorConfig.editorconfig diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/Debug/net7.0/dotnet.GlobalUsings.g.cs b/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/Debug/net7.0/dotnet.GlobalUsings.g.cs similarity index 100% rename from examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/Debug/net7.0/dotnet.GlobalUsings.g.cs rename to examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/Debug/net7.0/dotnet.GlobalUsings.g.cs diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/Debug/net7.0/dotnet.assets.cache b/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/Debug/net7.0/dotnet.assets.cache similarity index 100% rename from examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/Debug/net7.0/dotnet.assets.cache rename to examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/Debug/net7.0/dotnet.assets.cache diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/Debug/net7.0/dotnet.csproj.AssemblyReference.cache b/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/Debug/net7.0/dotnet.csproj.AssemblyReference.cache similarity index 100% rename from examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/Debug/net7.0/dotnet.csproj.AssemblyReference.cache rename to examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/Debug/net7.0/dotnet.csproj.AssemblyReference.cache diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/dotnet.csproj.nuget.dgspec.json b/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/dotnet.csproj.nuget.dgspec.json similarity index 100% rename from examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/dotnet.csproj.nuget.dgspec.json rename to examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/dotnet.csproj.nuget.dgspec.json diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/dotnet.csproj.nuget.g.props b/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/dotnet.csproj.nuget.g.props similarity index 100% rename from examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/dotnet.csproj.nuget.g.props rename to examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/dotnet.csproj.nuget.g.props diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/dotnet.csproj.nuget.g.targets b/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/dotnet.csproj.nuget.g.targets similarity index 100% rename from examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/dotnet.csproj.nuget.g.targets rename to examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/dotnet.csproj.nuget.g.targets diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/project.assets.json b/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/project.assets.json similarity index 100% rename from examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/project.assets.json rename to examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/project.assets.json diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/project.nuget.cache b/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/project.nuget.cache similarity index 100% rename from examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/project.nuget.cache rename to examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/project.nuget.cache diff --git a/examples/kustomization/sts-example/sample-clients/minio-sdk/go/Dockerfile b/examples/kustomization/sts-example/sample-clients/minio-sdk/go/Dockerfile new file mode 100644 index 00000000000..1e6ec52cf03 --- /dev/null +++ b/examples/kustomization/sts-example/sample-clients/minio-sdk/go/Dockerfile @@ -0,0 +1,25 @@ +FROM golang as golayer + +RUN \ + apt-get update && \ + apt-get install -y curl ca-certificates golang-go + +ADD go.mod /go/src/github.com/minio/operator/sts/example/go/go.mod +ADD go.sum /go/src/github.com/minio/operator/sts/example/go/go.sum +WORKDIR /go/src/github.com/minio/operator/sts/example/go/ + +# Get dependencies - will also be cached if we won't change mod/sum +RUN go mod download + +ADD . /go/src/github.com/minio/operator/sts/example/go/ + +ENV CGO_ENABLED=0 + +RUN go build -o go-example . + +FROM scratch + +COPY --from=golayer /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ +COPY --from=golayer /go/src/github.com/minio/operator/sts/example/go/go-example /usr/local/bin/ + +ENTRYPOINT ["go-example"] diff --git a/examples/kustomization/sts-example/sample-clients/minio-sdk/go/README.md b/examples/kustomization/sts-example/sample-clients/minio-sdk/go/README.md new file mode 100644 index 00000000000..d36ca9c7d5e --- /dev/null +++ b/examples/kustomization/sts-example/sample-clients/minio-sdk/go/README.md @@ -0,0 +1,7 @@ +# Go SDK STS Example + +To build this example run + +```shell +docker build -t minio-sts-go-example . +``` \ No newline at end of file diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/go/go.mod b/examples/kustomization/sts-example/sample-clients/minio-sdk/go/go.mod similarity index 94% rename from examples/kustomization/tenant-PolicyBinding/miniosdk/go/go.mod rename to examples/kustomization/sts-example/sample-clients/minio-sdk/go/go.mod index 4650f639828..f7b6c7d4dcc 100644 --- a/examples/kustomization/tenant-PolicyBinding/miniosdk/go/go.mod +++ b/examples/kustomization/sts-example/sample-clients/minio-sdk/go/go.mod @@ -1,4 +1,4 @@ -module min.io/operator-sts-example +module github.com/minio/operator/sts/example/go go 1.20 diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/go/go.sum b/examples/kustomization/sts-example/sample-clients/minio-sdk/go/go.sum similarity index 100% rename from examples/kustomization/tenant-PolicyBinding/miniosdk/go/go.sum rename to examples/kustomization/sts-example/sample-clients/minio-sdk/go/go.sum diff --git a/examples/kustomization/sts-example/sample-clients/minio-sdk/go/kustomization.yaml b/examples/kustomization/sts-example/sample-clients/minio-sdk/go/kustomization.yaml new file mode 100644 index 00000000000..4947e87bc0f --- /dev/null +++ b/examples/kustomization/sts-example/sample-clients/minio-sdk/go/kustomization.yaml @@ -0,0 +1,20 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../../sts-app + +images: + - name: miniodev/operator-sts-example + newTag: minio-sdk-go + +patchesJson6902: + - target: + group: batch + version: v1 + kind: Job + name: sts-example-job + patch: | + - op: replace + path: /metadata/name + value: sts-client-example-minio-go-job \ No newline at end of file diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/go/main.go b/examples/kustomization/sts-example/sample-clients/minio-sdk/go/main.go similarity index 97% rename from examples/kustomization/tenant-PolicyBinding/miniosdk/go/main.go rename to examples/kustomization/sts-example/sample-clients/minio-sdk/go/main.go index 06f0123dc1c..09bf15f2937 100644 --- a/examples/kustomization/tenant-PolicyBinding/miniosdk/go/main.go +++ b/examples/kustomization/sts-example/sample-clients/minio-sdk/go/main.go @@ -47,7 +47,8 @@ func main() { log.Fatal("Service account JWT is empty") panic(1) } - + // Declare a custom transport to trust custom CA's, in this case we will trust + // Kubernete's Internal CA or Cert Manager's CA httpsTransport, err := getHttpsTransportWithCACert(kubeRootCApath) if err != nil { log.Fatalf("Error Creating https transport: %s", err) diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/java/Dockerfile b/examples/kustomization/sts-example/sample-clients/minio-sdk/java/Dockerfile similarity index 88% rename from examples/kustomization/tenant-PolicyBinding/miniosdk/java/Dockerfile rename to examples/kustomization/sts-example/sample-clients/minio-sdk/java/Dockerfile index 4f020237a0b..942d2087385 100644 --- a/examples/kustomization/tenant-PolicyBinding/miniosdk/java/Dockerfile +++ b/examples/kustomization/sts-example/sample-clients/minio-sdk/java/Dockerfile @@ -3,6 +3,9 @@ FROM openjdk:11 RUN mkdir /app WORKDIR /app + +RUN mvn pacakge + COPY target/operator-sts-0.1.0.jar /app/app.jar CMD ["java", "-jar", "./app/app.jar"] diff --git a/examples/kustomization/sts-example/sample-clients/minio-sdk/java/kustomization.yaml b/examples/kustomization/sts-example/sample-clients/minio-sdk/java/kustomization.yaml new file mode 100644 index 00000000000..23fcf496c6e --- /dev/null +++ b/examples/kustomization/sts-example/sample-clients/minio-sdk/java/kustomization.yaml @@ -0,0 +1,20 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../../sts-app + +images: + - name: miniodev/operator-sts-example + newTag: minio-sdk-java + +patchesJson6902: + - target: + group: batch + version: v1 + kind: Job + name: sts-example-job + patch: | + - op: replace + path: /metadata/name + value: sts-client-example-minio-java-job \ No newline at end of file diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/java/pom.xml b/examples/kustomization/sts-example/sample-clients/minio-sdk/java/pom.xml similarity index 100% rename from examples/kustomization/tenant-PolicyBinding/miniosdk/java/pom.xml rename to examples/kustomization/sts-example/sample-clients/minio-sdk/java/pom.xml diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/java/src/main/java/operator/sts/OperatorSTSExample.java b/examples/kustomization/sts-example/sample-clients/minio-sdk/java/src/main/java/operator/sts/OperatorSTSExample.java similarity index 100% rename from examples/kustomization/tenant-PolicyBinding/miniosdk/java/src/main/java/operator/sts/OperatorSTSExample.java rename to examples/kustomization/sts-example/sample-clients/minio-sdk/java/src/main/java/operator/sts/OperatorSTSExample.java diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/javascript/Dockerfile b/examples/kustomization/sts-example/sample-clients/minio-sdk/javascript/Dockerfile similarity index 100% rename from examples/kustomization/tenant-PolicyBinding/miniosdk/javascript/Dockerfile rename to examples/kustomization/sts-example/sample-clients/minio-sdk/javascript/Dockerfile diff --git a/examples/kustomization/sts-example/sample-clients/minio-sdk/javascript/kustomization.yaml b/examples/kustomization/sts-example/sample-clients/minio-sdk/javascript/kustomization.yaml new file mode 100644 index 00000000000..6f8f6b60042 --- /dev/null +++ b/examples/kustomization/sts-example/sample-clients/minio-sdk/javascript/kustomization.yaml @@ -0,0 +1,20 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../../sts-app + +images: + - name: miniodev/operator-sts-example + newTag: minio-sdk-javascript + +patchesJson6902: + - target: + group: batch + version: v1 + kind: Job + name: sts-example-job + patch: | + - op: replace + path: /metadata/name + value: sts-client-example-minio-javascript-job \ No newline at end of file diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/python/Dockerfile b/examples/kustomization/sts-example/sample-clients/minio-sdk/python/Dockerfile similarity index 70% rename from examples/kustomization/tenant-PolicyBinding/miniosdk/python/Dockerfile rename to examples/kustomization/sts-example/sample-clients/minio-sdk/python/Dockerfile index 1ec3b61208c..24a415461fb 100644 --- a/examples/kustomization/tenant-PolicyBinding/miniosdk/python/Dockerfile +++ b/examples/kustomization/sts-example/sample-clients/minio-sdk/python/Dockerfile @@ -1,11 +1,15 @@ -FROM ubuntu:latest +FROM python:3.10-slim RUN \ apt-get update && \ - apt-get install -y curl ca-certificates python3 python3-pip + apt-get install -y curl ca-certificates RUN mkdir app + WORKDIR /app -COPY main.py /app/main.py + COPY requirements.txt /app/requirements.txt RUN pip3 install -r requirements.txt + +COPY main.py /app/main.py + CMD ["python3", "/app/main.py"] diff --git a/examples/kustomization/sts-example/sample-clients/minio-sdk/python/kustomization.yaml b/examples/kustomization/sts-example/sample-clients/minio-sdk/python/kustomization.yaml new file mode 100644 index 00000000000..e1a6515bbfc --- /dev/null +++ b/examples/kustomization/sts-example/sample-clients/minio-sdk/python/kustomization.yaml @@ -0,0 +1,20 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../../sts-app + +images: + - name: miniodev/operator-sts-example + newTag: minio-sdk-python + +patchesJson6902: + - target: + group: batch + version: v1 + kind: Job + name: sts-example-job + patch: | + - op: replace + path: /metadata/name + value: sts-client-example-minio-python-job \ No newline at end of file diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/python/main.py b/examples/kustomization/sts-example/sample-clients/minio-sdk/python/main.py similarity index 100% rename from examples/kustomization/tenant-PolicyBinding/miniosdk/python/main.py rename to examples/kustomization/sts-example/sample-clients/minio-sdk/python/main.py diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/python/requirements.txt b/examples/kustomization/sts-example/sample-clients/minio-sdk/python/requirements.txt similarity index 100% rename from examples/kustomization/tenant-PolicyBinding/miniosdk/python/requirements.txt rename to examples/kustomization/sts-example/sample-clients/minio-sdk/python/requirements.txt diff --git a/examples/kustomization/tenant-PolicyBinding/setup-bucket/iam-setup-bucket.yaml b/examples/kustomization/sts-example/sample-data/iam-setup-bucket.yaml similarity index 74% rename from examples/kustomization/tenant-PolicyBinding/setup-bucket/iam-setup-bucket.yaml rename to examples/kustomization/sts-example/sample-data/iam-setup-bucket.yaml index 0260d534434..83b3278bba1 100644 --- a/examples/kustomization/tenant-PolicyBinding/setup-bucket/iam-setup-bucket.yaml +++ b/examples/kustomization/sts-example/sample-data/iam-setup-bucket.yaml @@ -1,6 +1,6 @@ apiVersion: v1 kind: ConfigMap -metadata: +metadata: name: start-config-script namespace: minio-tenant-1 data: @@ -11,25 +11,26 @@ data: mc admin policy add local test-bucket-rw /start-config/bucket-policy.json bucket-policy.json: | { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "s3:*" - ], - "Resource": [ - "arn:aws:s3:::test-bucket", - "arn:aws:s3:::test-bucket/*" - ] - } - ] + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "s3:*" + ], + "Resource": [ + "arn:aws:s3:::test-bucket", + "arn:aws:s3:::test-bucket/*" + ] + } + ] } --- apiVersion: batch/v1 kind: Job metadata: name: setup-bucket + namespace: minio-tenant-1 spec: backoffLimit: 5 template: @@ -43,7 +44,7 @@ spec: containers: - name: mc image: minio/mc - command: ["/start-config/setup.sh"] + command: [ "/start-config/setup.sh" ] volumeMounts: - name: start-config mountPath: /start-config/ diff --git a/examples/kustomization/tenant-PolicyBinding/setup-bucket/kustomization.yaml b/examples/kustomization/sts-example/sample-data/kustomization.yaml similarity index 100% rename from examples/kustomization/tenant-PolicyBinding/setup-bucket/kustomization.yaml rename to examples/kustomization/sts-example/sample-data/kustomization.yaml diff --git a/examples/kustomization/tenant-PolicyBinding/kustomization.yaml b/examples/kustomization/sts-example/sts-app/kustomization.yaml similarity index 82% rename from examples/kustomization/tenant-PolicyBinding/kustomization.yaml rename to examples/kustomization/sts-example/sts-app/kustomization.yaml index 698771d3828..fb30da800bf 100644 --- a/examples/kustomization/tenant-PolicyBinding/kustomization.yaml +++ b/examples/kustomization/sts-example/sts-app/kustomization.yaml @@ -1,5 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization + resources: - policy-binding.yaml - - sts-client.yaml \ No newline at end of file + - sts-client.yaml diff --git a/examples/kustomization/tenant-PolicyBinding/policy-binding.yaml b/examples/kustomization/sts-example/sts-app/policy-binding.yaml similarity index 100% rename from examples/kustomization/tenant-PolicyBinding/policy-binding.yaml rename to examples/kustomization/sts-example/sts-app/policy-binding.yaml diff --git a/examples/kustomization/tenant-PolicyBinding/sts-client.yaml b/examples/kustomization/sts-example/sts-app/sts-client.yaml similarity index 85% rename from examples/kustomization/tenant-PolicyBinding/sts-client.yaml rename to examples/kustomization/sts-example/sts-app/sts-client.yaml index 2accc9f9669..e812dcd519f 100644 --- a/examples/kustomization/tenant-PolicyBinding/sts-client.yaml +++ b/examples/kustomization/sts-example/sts-app/sts-client.yaml @@ -20,23 +20,23 @@ type: kubernetes.io/service-account-token --- apiVersion: v1 kind: ConfigMap -metadata: +metadata: name: sts-policy namespace: sts-client data: policy.json: | { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "s3:GetBucketLocation", - "s3:ListAllMyBuckets" - ], - "Resource": "arn:aws:s3:::*" - } - ] + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "s3:GetBucketLocation", + "s3:ListAllMyBuckets" + ], + "Resource": "arn:aws:s3:::*" + } + ] } --- apiVersion: batch/v1 @@ -53,7 +53,8 @@ spec: serviceAccount: stsclient-sa containers: - name: sts-client - image: minio/operator-sts-example:miniosdk-go + image: miniodev/operator-sts-example:minio-go + imagePullPolicy: IfNotPresent env: - name: MINIO_ENDPOINT value: https://minio.minio-tenant-1.svc.cluster.local:443 diff --git a/testing/tenant-policyBinding/tenant-certmanager/kustomization.yaml b/examples/kustomization/sts-example/tenant-certmanager/kustomization.yaml similarity index 82% rename from testing/tenant-policyBinding/tenant-certmanager/kustomization.yaml rename to examples/kustomization/sts-example/tenant-certmanager/kustomization.yaml index 22b040bab62..2fe0d765445 100644 --- a/testing/tenant-policyBinding/tenant-certmanager/kustomization.yaml +++ b/examples/kustomization/sts-example/tenant-certmanager/kustomization.yaml @@ -1,9 +1,11 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -resources: - - ../../../examples/kustomization/tenant-certmanager namespace: minio-tenant-1 + +resources: + - ../../tenant-certmanager + patchesJson6902: - target: group: minio.min.io diff --git a/testing/tenant-policyBinding/tenant-certmanager/tenantNamePatch.yaml b/examples/kustomization/sts-example/tenant-certmanager/tenantNamePatch.yaml similarity index 100% rename from testing/tenant-policyBinding/tenant-certmanager/tenantNamePatch.yaml rename to examples/kustomization/sts-example/tenant-certmanager/tenantNamePatch.yaml diff --git a/testing/tenant-policyBinding/tenant/kustomization.yaml b/examples/kustomization/sts-example/tenant/kustomization.yaml similarity index 83% rename from testing/tenant-policyBinding/tenant/kustomization.yaml rename to examples/kustomization/sts-example/tenant/kustomization.yaml index c50a1348188..608cbe7fbd0 100644 --- a/testing/tenant-policyBinding/tenant/kustomization.yaml +++ b/examples/kustomization/sts-example/tenant/kustomization.yaml @@ -1,9 +1,11 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -resources: - - ../../../examples/kustomization/tenant-lite namespace: minio-tenant-1 + +resources: + - ../../tenant-lite + patchesJson6902: - target: group: minio.min.io diff --git a/testing/tenant-policyBinding/tenant/tenantNamePatch.yaml b/examples/kustomization/sts-example/tenant/tenantNamePatch.yaml similarity index 100% rename from testing/tenant-policyBinding/tenant/tenantNamePatch.yaml rename to examples/kustomization/sts-example/tenant/tenantNamePatch.yaml diff --git a/examples/kustomization/tenant-PolicyBinding/Makefile b/examples/kustomization/tenant-PolicyBinding/Makefile deleted file mode 100644 index 34a7898cedf..00000000000 --- a/examples/kustomization/tenant-PolicyBinding/Makefile +++ /dev/null @@ -1,32 +0,0 @@ - -all: build - -build: miniosdkgo miniosdkjava awssdkpython - -miniosdkdotnet: - @cd miniosdk/dotnet/ && \ - docker buildx build -q --platform=linux/amd64 -t minio/operator-sts-example:miniosdk-dotnet . - -miniosdkgo: - @cd miniosdk/go/ && \ - go install && GOOS=linux GOARCH=amd64 go build -o client - @cd miniosdk/go/ && \ - docker buildx build -q --platform=linux/amd64 -t minio/operator-sts-example:miniosdk-go . - -miniosdkjava: - @cd miniosdk/java/ && \ - mvn package - @cd miniosdk/java/ && \ - docker buildx build -q --platform=linux/amd64 -t minio/operator-sts-example:miniosdk-java . - -miniosdkjavascript: - @cd miniosdk/javascript/ && \ - docker buildx build -q --platform=linux/amd64 -t minio/operator-sts-example:miniosdk-javascript . - -awssdkpython: - @cd awssdk/python/ && \ - docker buildx build -q --platform=linux/amd64 -t minio/operator-sts-example:awssdk-python . - -miniosdkpython: - @cd miniosdk/python/ && \ - docker buildx build -q --platform=linux/amd64 -t minio/operator-sts-example:miniosdk-python . \ No newline at end of file diff --git a/examples/kustomization/tenant-PolicyBinding/miniosdk/go/Dockerfile b/examples/kustomization/tenant-PolicyBinding/miniosdk/go/Dockerfile deleted file mode 100644 index c4823c53c7a..00000000000 --- a/examples/kustomization/tenant-PolicyBinding/miniosdk/go/Dockerfile +++ /dev/null @@ -1,12 +0,0 @@ - -FROM ubuntu:latest - -RUN \ - apt-get update && \ - apt-get install -y curl ca-certificates golang-go - -RUN mkdir /app -WORKDIR /app -COPY client /app/client - -CMD ["/app/client"] diff --git a/testing/tenant-policyBinding/operator/console-deployment.yaml b/testing/sts/operator/console-deployment.yaml similarity index 100% rename from testing/tenant-policyBinding/operator/console-deployment.yaml rename to testing/sts/operator/console-deployment.yaml diff --git a/testing/tenant-policyBinding/operator/deployment.yaml b/testing/sts/operator/deployment.yaml similarity index 100% rename from testing/tenant-policyBinding/operator/deployment.yaml rename to testing/sts/operator/deployment.yaml diff --git a/testing/tenant-policyBinding/operator/kustomization.yaml b/testing/sts/operator/kustomization.yaml similarity index 100% rename from testing/tenant-policyBinding/operator/kustomization.yaml rename to testing/sts/operator/kustomization.yaml diff --git a/testing/tenant-policyBinding/sts-client/job.yaml b/testing/sts/sts-client/job.yaml similarity index 100% rename from testing/tenant-policyBinding/sts-client/job.yaml rename to testing/sts/sts-client/job.yaml diff --git a/testing/sts/sts-client/kustomization.yaml b/testing/sts/sts-client/kustomization.yaml new file mode 100644 index 00000000000..2e702e510f1 --- /dev/null +++ b/testing/sts/sts-client/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../../examples/kustomization/sts-example/sts-app + +images: + - name: minio/operator-sts-example + newTag: newTag + newName: pjuarez/operators \ No newline at end of file diff --git a/testing/tenant-policyBinding/setup-bucket/kustomization.yaml b/testing/tenant-policyBinding/setup-bucket/kustomization.yaml deleted file mode 100644 index 0d965574527..00000000000 --- a/testing/tenant-policyBinding/setup-bucket/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: - - ../../../examples/kustomization/tenant-PolicyBinding/setup-bucket/ -namespace: minio-tenant-1 \ No newline at end of file diff --git a/testing/tenant-policyBinding/sts-client/kustomization.yaml b/testing/tenant-policyBinding/sts-client/kustomization.yaml deleted file mode 100644 index 9cfa7a7b2aa..00000000000 --- a/testing/tenant-policyBinding/sts-client/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: - - ../../../examples/kustomization/tenant-PolicyBinding/ - -patchesStrategicMerge: - - job.yaml From dfbf9771873a9f4ad58b8123f1c688af16ce4d2d Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Fri, 3 Mar 2023 16:38:55 -0800 Subject: [PATCH 26/47] fix tests --- .../sts-example/{ => sample-clients}/Makefile | 14 +++++------ testing/common.sh | 23 ++++++++----------- testing/test-policy-binding+certmanager.sh | 12 +++++----- testing/test-policy-binding.sh | 12 +++++----- 4 files changed, 29 insertions(+), 32 deletions(-) rename examples/kustomization/sts-example/{ => sample-clients}/Makefile (78%) diff --git a/examples/kustomization/sts-example/Makefile b/examples/kustomization/sts-example/sample-clients/Makefile similarity index 78% rename from examples/kustomization/sts-example/Makefile rename to examples/kustomization/sts-example/sample-clients/Makefile index 8cdebd60d25..be4b3b5d64e 100644 --- a/examples/kustomization/sts-example/Makefile +++ b/examples/kustomization/sts-example/sample-clients/Makefile @@ -4,25 +4,25 @@ all: build build: miniosdkgo miniosdkjava awssdkpython miniosdkdotnet: - @cd miniosdk/dotnet/ && \ + @cd minio-sdk/dotnet/ && \ docker buildx build -q --platform=linux/amd64 -t miniodev/operator-sts-example:minio-sdk-dotnet . miniosdkgo: - @cd miniosdk/go/ && \ + @cd minio-sdk/go/ && \ docker buildx build -q --platform=linux/amd64 -t miniodev/operator-sts-example:minio-sdk-go . miniosdkjava: - @cd miniosdk/java/ && \ + @cd minio-sdk/java/ && \ docker buildx build -q --platform=linux/amd64 -t miniodev/operator-sts-example:minio-sdk-java . miniosdkjavascript: - @cd miniosdk/javascript/ && \ + @cd minio-sdk/javascript/ && \ docker buildx build -q --platform=linux/amd64 -t miniodev/operator-sts-example:minio-sdk-javascript . awssdkpython: - @cd awssdk/python/ && \ + @cd aws-sdk/python/ && \ docker buildx build -q --platform=linux/amd64 -t miniodev/operator-sts-example:aws-sdk-python . miniosdkpython: - @cd miniosdk/python/ && \ - docker buildx build -q --platform=linux/amd64 -t miniodev/operator-sts-example:minio-sdk-python . \ No newline at end of file + @cd minio-sdk/python/ && \ + docker buildx build -q --platform=linux/amd64 -t miniodev/operator-sts-example:minio-sdk-python . diff --git a/testing/common.sh b/testing/common.sh index 76f4ff0b783..31b2a97d4d3 100644 --- a/testing/common.sh +++ b/testing/common.sh @@ -80,7 +80,7 @@ function install_operator() { value=operator elif [ "$1" = "sts" ]; then echo "Installing Current Operator with sts enabled" - try kubectl apply -k "${SCRIPT_DIR}/../testing/tenant-policyBinding/operator" + try kubectl apply -k "${SCRIPT_DIR}/../testing/sts/operator" echo "key, value for pod selector in kustomize test" key=name value=minio-operator @@ -320,14 +320,14 @@ function install_tenant() { value=storage-policy-binding echo "Installing policyBinding tenant from current branch" - try kubectl apply -k "${SCRIPT_DIR}/../testing/tenant-policyBinding/tenant" + try kubectl apply -k "${SCRIPT_DIR}/../examples/kustomization/sts-example/tenant" elif [ "$1" = "policy-binding-cm" ]; then namespace="minio-tenant-1" key=v1.min.io/tenant value=storage-policy-binding echo "Installing policyBinding tenant with cert manager from current branch" - try kubectl apply -k "${SCRIPT_DIR}/../testing/tenant-policyBinding/tenant-certmanager" + try kubectl apply -k "${SCRIPT_DIR}/../examples/kustomization/sts-example/tenant-certmanager" elif [ -e $1 ]; then namespace="tenant-lite" key=v1.min.io/tenant @@ -362,7 +362,7 @@ function install_tenant() { function setup_sts_bucket() { echo "Installing setub bucket job" - try kubectl apply -k "${SCRIPT_DIR}/tenant-policyBinding/setup-bucket" + try kubectl apply -k "${SCRIPT_DIR}/../examples/kustomization/sts-example/sample-data" namespace="minio-tenant-1" condition="condition=Complete" selector="metadata.name=setup-bucket" @@ -376,13 +376,14 @@ function install_sts_client() { OLDIFS=$IFS IFS="-"; declare -a CLIENTARR=($1) - sdk="${CLIENTARR[0]}" - lang="${CLIENTARR[1]}" + sdk="${CLIENTARR[0]}-${CLIENTARR[1]}" + makefiletarget="${CLIENTARR[0]}${CLIENTARR[1]}" + lang="${CLIENTARR[2]}" IFS=$OLDIFS # Build and load client images echo "Building docker image for minio/operator-sts-example:$1" - (cd "${SCRIPT_DIR}/../examples/kustomization/tenant-PolicyBinding" && try make "${sdk}${lang}") + (cd "${SCRIPT_DIR}/../examples/kustomization/sts-example/sample-clients" && try make "${makefiletarget}") try kind load docker-image "minio/operator-sts-example:$1" client_namespace="sts-client" @@ -398,15 +399,11 @@ function install_sts_client() { fi echo "creating client $1" - yq -i ".spec.template.spec.containers[0].image |= (\"minio/operator-sts-example:$1\")" "${SCRIPT_DIR}/tenant-policyBinding/sts-client/job.yaml" - try kubectl apply -k "${SCRIPT_DIR}/tenant-policyBinding/sts-client" + try kubectl apply -k "${SCRIPT_DIR}/../examples/kustomization/sts-example/sample-clients/$sdk-$lang" condition="condition=Complete" - selector="metadata.name=sts-example-job" + selector="metadata.name=sts-client-example-$sdk-$lang-job" try wait_for_resource_field_selector $client_namespace job $condition $selector 600s echo "removing client $1" - kubectl delete -k "${SCRIPT_DIR}/tenant-policyBinding/sts-client" - # TODO look for a proper way to wait for the namespace to be deleted - sleep 10 echo "Installing sts client job for $1: DONE" } diff --git a/testing/test-policy-binding+certmanager.sh b/testing/test-policy-binding+certmanager.sh index a82e5f98f4c..7df395a2667 100755 --- a/testing/test-policy-binding+certmanager.sh +++ b/testing/test-policy-binding+certmanager.sh @@ -33,17 +33,17 @@ function main() { setup_sts_bucket - #install_sts_client "miniosdk-dotnet" + #install_sts_client "minio-sdk-dotnet" - #install_sts_client "miniosdk-go" + install_sts_client "minio-sdk-go" - #install_sts_client "miniosdk-java" + #install_sts_client "minio-sdk-java" - # install_sts_client "miniosdk-javascript" + # install_sts_client "minio-sdk-javascript" - #install_sts_client "miniosdk-python" + install_sts_client "minio-sdk-python" - install_sts_client "awssdk-python" + install_sts_client "aws-sdk-python" destroy_kind } diff --git a/testing/test-policy-binding.sh b/testing/test-policy-binding.sh index 707e8646b3c..89a4e834659 100755 --- a/testing/test-policy-binding.sh +++ b/testing/test-policy-binding.sh @@ -33,17 +33,17 @@ function main() { setup_sts_bucket - #install_sts_client "miniosdk-dotnet" + #install_sts_client "minio-sdk-dotnet" - install_sts_client "miniosdk-go" + install_sts_client "minio-sdk-go" - #install_sts_client "miniosdk-java" + #install_sts_client "minio-sdk-java" - # install_sts_client "miniosdk-javascript" + # install_sts_client "minio-sdk-javascript" - install_sts_client "miniosdk-python" + install_sts_client "minio-sdk-python" - install_sts_client "awssdk-python" + install_sts_client "aws-sdk-python" destroy_kind } From 7b5c9bf6ae7ed4e85320553c7fca5a3a7595d151 Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Fri, 3 Mar 2023 16:45:15 -0800 Subject: [PATCH 27/47] fix --- .../sts-example/sample-data/iam-setup-bucket.yaml | 4 ++-- testing/common.sh | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/examples/kustomization/sts-example/sample-data/iam-setup-bucket.yaml b/examples/kustomization/sts-example/sample-data/iam-setup-bucket.yaml index 83b3278bba1..9bcb39e4a1d 100644 --- a/examples/kustomization/sts-example/sample-data/iam-setup-bucket.yaml +++ b/examples/kustomization/sts-example/sample-data/iam-setup-bucket.yaml @@ -6,8 +6,8 @@ metadata: data: setup.sh: | #!/bin/bash - mc mb local/test-bucket - mc mb local/other-bucket + mc mb local/test-bucket && \ + mc mb local/other-bucket && \ mc admin policy add local test-bucket-rw /start-config/bucket-policy.json bucket-policy.json: | { diff --git a/testing/common.sh b/testing/common.sh index 31b2a97d4d3..f9aa9c0a4fe 100644 --- a/testing/common.sh +++ b/testing/common.sh @@ -377,8 +377,8 @@ function install_sts_client() { OLDIFS=$IFS IFS="-"; declare -a CLIENTARR=($1) sdk="${CLIENTARR[0]}-${CLIENTARR[1]}" - makefiletarget="${CLIENTARR[0]}${CLIENTARR[1]}" lang="${CLIENTARR[2]}" + makefiletarget="${CLIENTARR[0]}${CLIENTARR[1]}-lang" IFS=$OLDIFS # Build and load client images From cc59a63000bb1bca0751871b8f413032d9c25841 Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Fri, 3 Mar 2023 16:51:44 -0800 Subject: [PATCH 28/47] lang --- testing/common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testing/common.sh b/testing/common.sh index f9aa9c0a4fe..de853046404 100644 --- a/testing/common.sh +++ b/testing/common.sh @@ -378,7 +378,7 @@ function install_sts_client() { IFS="-"; declare -a CLIENTARR=($1) sdk="${CLIENTARR[0]}-${CLIENTARR[1]}" lang="${CLIENTARR[2]}" - makefiletarget="${CLIENTARR[0]}${CLIENTARR[1]}-lang" + makefiletarget="${CLIENTARR[0]}${CLIENTARR[1]}-$lang" IFS=$OLDIFS # Build and load client images From f48b66c712d12fcc1f9240cc643e90157b24303a Mon Sep 17 00:00:00 2001 From: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com> Date: Fri, 3 Mar 2023 16:52:38 -0800 Subject: [PATCH 29/47] Improve STS documentation Signed-off-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com> --- docs/STS.md | 34 ++++++++++++++++++++++++++++++---- docs/images/sts-diagram.jpg | Bin 34100 -> 0 bytes docs/images/sts-diagram.png | Bin 0 -> 40101 bytes 3 files changed, 30 insertions(+), 4 deletions(-) delete mode 100644 docs/images/sts-diagram.jpg create mode 100644 docs/images/sts-diagram.png diff --git a/docs/STS.md b/docs/STS.md index ba080aeb3a3..06945ac3be2 100644 --- a/docs/STS.md +++ b/docs/STS.md @@ -4,9 +4,30 @@ > ⚠️ This feature is an alpha release and is subject to breaking changes in future releases. -MinIO Operator offer support for the STS paradigm for workload identify. - -![STS Diagram](images/sts-diagram.jpg) +MinIO Operator offers support +for [Secure Tokens](https://min.io/docs/minio/linux/developers/security-token-service.html?ref=op-gh) (a.k.a. STS) which +are a +form of temporary access credentials for you +MinIO Tenant, in essence this allows you to control access to your MinIO tenant from your applications without having to +explicitly create credentials for each application, in fact no credentials need to be created at all. + +# Authorization Flow + +For an application to gain access into a MinIO Tenant, a `PolicyBinding` granting explicit access to the application's +[Service Account](https://kubernetes.io/docs/concepts/security/service-accounts/), authorization is then validated +using the following steps: + +1. AssumeRoleWithWebIdentity call +2. Verify ServiceAccount JWT +3. JWT Validation Result +4. Validate SA has PolicyBinding in the Tenant namespace +5. Get PolicyBinding +6. AssumeRole for application +7. Obtain Temporary Credentials +8. Return Temporary Credentials To App +9. Consume Object Storage + +![STS Diagram](images/sts-diagram.png) # Requirements @@ -17,4 +38,9 @@ user `cert-manager` or bring your own certificates. ## SDK support -Your application must use an SDK that supports `AssumeRole` like behavior. \ No newline at end of file +Your application must use an SDK that supports `AssumeRole` like behavior. + +# Examples + +We have provided example usage at the [examples/kustomization/sts-example](../examples/kustomization/sts-example) +folder. \ No newline at end of file diff --git a/docs/images/sts-diagram.jpg b/docs/images/sts-diagram.jpg deleted file mode 100644 index 41de9e0a41fae065373f3f78e88ff0ce1a38d796..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 34100 zcmeFZbyOWqvp2eNCwOpocPF^JY~0;lLI`fb5_WLA9wazJvG(U)z!bQ?yl(`c$#}!1E9!ANJ{{~zyJWS=O5r{5g-bHfr5gDf`oyF zhK7ZKfki+=K!ArwzE78U^x0TTfMlb!&Ffd2pS_0$PKg#~{FAqW9R3IIn1gFpp)>IUGwm* zV(;%46a*wRILu2X&NKhz`aS3Q4h9YZ3H7u9K!gATfTKX5JacY^{*wRSkq}8)Jqmm> zZEr5U6=0AKPj0*wmKHmPEOEZ_uQI-=xRI>h{}i$GCh2A~XE))EVyidB#qQ3`+t$f# z7)6S;Lc!uSpk8 zK-+^F3YVQJBF15FhSAHvv<<9J_Lh2$4{)PE+r|z8(C4*lzj)#D`|eMmFeEe`7MQi|_vB z9XGz97!gE}8%It-EAqX)9a($nJW9ueso+F}r z7!4V7|5?GGTq^1??b#sRS}}p}Kpo`kWWgNtQw=nZCb0a5KZX8(>R%85i-0*cf#7Z* zWoC;+{Qir0yAW@8+n3t2dww}NGk_eA9#zbB0>CXH1S?&rrfAqP^% zl6x$!W1R3uh)@=Sw+51@IxalOVGteT#D|z^+v^5XM3R~l_VzEL_BEj;le^|YFP0~$ zD_5r?JG{>2dc{it9kRDa_Oloktm_JgBYC1}HYYM&A;@LnK`N?n0+#!hWW=JGr%ix) zyULXmra0%zm8-l8Dx25Yw<&ZXD~nCmB{%H~E`<;Beh>E#RhfI60N9K}*lVT_TDGvB zHXm#PBqKxww_?6+)sdK0kbK{Lt{ytimd6ipzr|Z(!DTVJmjs{y#@lXprS|M04Zrub zto~ST>7056kb$7&PZ@QIxpX>+Ga=AP9Co#LbyYAZcxeHeTn5YL&OThO4YR$6ch7@N z;S&Iai)zP?*5)f{Tfpo2BJ}&k!Dcl4LW2XfBu4GzT3@M~W96BnCI^`t;Ur0zqoyiy z&YTq@l&9{0PvKxG)KHT;vvl#MDuSFQ;gFJ7L01c!CgD_6;#rzVb|;BSj1OYS%0SIiUa_YQu4 z5q&115uX5|-+V$@lR4uTB#>Y2s>--n$#ZhJ*LvPQ&uT&dK;S0iy*)s*IK@A>gY-Kxtnor%k19+G zf4$&p@+K%JQl;cU>>$qgNn^Xh<_9l%<(g@{mjwN6N`CiSb4plZrG~1rP)>FG2(s^CIh`QjASN^jl;oLG_AUe8>Iwjmboc3l;P6ZvHwJn&j4b; zFFQwQYW)7Sj#L>tQahTOpaoSKp_e>o82wie|bUm~AjP&2E@#>VIVe z052eb^G6tj$o##*NDSkD_`xs2l@}*l-iXNNt&NWzT+?T<$V*82I>=iLfnTojhb)(5 zW{L^`-AX_7v;q71*y_^8%4`OoY8;HexYB~%Ktkb+>QoB{DQO) znvs65#lH*uRuJ^zpP=3168f`(mk#oSeC{cL^yck~;eMff?w^^@6a}X4?D`~+d|-|X zpLicmojPd9hd?!Efmf2E!nL5z@1>_F{$lVy9-q607|yZGB~<>I_^Uq1@b8IpyOK!t zv&g)l@xhIQKC=8N74G!W0;eYL)1BLA+2_X6{H4gR#}^j{B#gQ$N4yaKay`TF;vCNT zYEg(sy1k9FBkBByOCMDWof}3Q`#t$yGtr;m`;gVT;2=l!9TJE}54$nybj5O+y{lFTY5(ZaRZC=>oXHig1qk1WJy-cb zUI_2f>Tvi!C10rL4*53m` zaDRJ2d2Es|^qW%1eYW~fCV4`s-!9*{c#eF{kk@gho5O%99T6DSL3~*x{`rDHPPBc0 z6Tt3KGtl&Pp5eZnF_&eNjFMn_nAi0;$=_8@#7vN~XEck|feF1^nq1nd81?&SUC-?g zkQdbc(%fjrAu*};d(y*m$u-86`J1dv(To{wEd_0uOtwlve9;S$Bl)(s?Kw(jMFD_= zK|p{*KPOPXf@KIuZ~zz-ItC^hJ2VO^F|(2o3mXR(nJ5VR$_no)InRxc6NalfKt1na}N4%5v zy;j#~k~kAMc(}UdPYl; zB`ideVhi&;Nutt$dPbusy%Makmr=J4LlX;?!`SbduKP>p_bqz9H$=^cWGpNZEY8)T zgU2Y{ye>H#*sSXBWm{7xPcJsz1hL$2e%3J8SDe{impv8)-9b8bEMAA?gA#|YwMxaB zxm~aa^g=~LAsg6LE$4K$wL(L=x)rKyYjnFk-nOAYz1Wo7;jj^0^7CzLqmmKq;bexH z)x`+P!F9m74cF(MioxWPw<`mc>%EFRZ{t}r7^yg!xe;MJkmGV3h#Tp&XYQ01+mu1F7=hD!?M3vy9QA=; z0hweNH>Iyq5XHjjFn#%>RI*FnDZiLn74}jd7yeS!8$$6QVPy@bFe5~l{Gsb$EJ84i zSz#X!0z^vY{W#3`2?v~&I=zZG?(g4(5X_m7eHs|TnqjHFb|KCXzt?vl;;OusbHbFf zG_8#7VeH2`gQw@m4`C?@QGNm-L6{#463?Jh1)HTMjTyh8_Rul=csf^Bq*>=QKL$$Z zEW4WX2A3hc9~Ow3dKkR{ zt9R}xRVxh02i>oTNFi|?C@~f(MX0a85T)plO5BTOm$=Zb;v(Lbq&!l~%JBf@KM{pZ zB)cSg`u}7LFDb&Qt%9=Yreo}63MGDZ-zu#6b));E9I}Q0-7B8Yrt}uI;7mAfLXWIH zHtplEeL=kdlhcz>NxXFuD}yeI;Gu}2MLExil}8ekri*cct5!T4N22?dG3^tsPg?t& zETW}|l>E+|Bv^Ozq3pb`DKpZ#e>|uy`K>jIfsGZW@ zXK=%6iqI1;`zs@qu~O}e0@|i>nKrP6;g)oyj^-`cd$1O2C@1_LcTu z8L+vH4~wU_Cp|i6>i57lOo#uPP}4&kIAyyNe+MA`$>Wy@|31u=E5!NKe#6{o1gQ_Gec4Fd%u?9I*8ZV2-gs2$ zrpll%;u-KnoVs2VEF<{ONNdg_%cvFK5k!Wex4|sPL}dh+FN15=^BsFn>p`J8uk^4l z`^gecVEfG;ua6#sYD_SV$y*a@01=5_!2VBUnJa`c!(MbxA%J_lwxm+vpYlwnH<45Tn~E?&e7Wl z*(kVC$WqIFw)7dl@)i4bc;{fFKZ!vp@WHmC2TXD?_L1M9dRzA0NA91{dHt2BB32uN z{zvAhwXr_~>+j9^KAE4^2Y=C4U12KhryKVOL_0~``}ykYEv2u;_OJSH{1+!|!+0HYd=)ximY}<~GQ@8^(s;%QTw=+YqmNAY?-GTz z_T{zk-MDQck4rIvFr*f{0|%XVi!&>AKS8osNcE*Hc6;2q{YM85stS;P0|*FeZbiJ) z1lAvGCAD)(m1hbL{>sR7|M72iDGPJUZdoh)|LD=)D0NbAu+asU(avJpgx7ZcgHim# zfL!N%%qRDXa$NFbH?!&*BDgo0!5-7awwT-8dt8aMWJF{;bas6L*w0!;JqqsMn#_cH zU@u@zIz<~kHJ{d5zJ7K!*(Al zg2*j2LU^-_RAECtgR(v*Xks5Ms7q!ee9vb{lID3ufSX=(}x2etUNzQN`$xT69R8AAY^L;CP&F;BreKKq& zc)Y2aH+_Wt^m)6OO;Gm!I+^PK1;P9CtJ;(u=Z@eNOzZ9Ri&5t<_IXN7hT?*piZuQg z6DT95&2M>!8u*BWcL%^@n#a`v{f#e2k47!55w6>06I>9tAMusOls}e538?wuhdg( z^Ntu9n%X`*0UWk>@|s~$KL}jS6fdbhw8ggc4dy_zV~1g3?|5pcxq*qP zEzhggcON%Da4!fRSQ-??l81+`w=LdOdx=+)mUjN$?*1@Zt+W1F{3xftPiC0es!EwC z{d9Fp^qFT6(b!XzX_y$Gdq}^Bc`0If*PaD8ZhfN2=Qq*7VHwu9Bu+bP{<{(X=Tsn{ zTM&HcTYuraEC&l0C3Ll_UGAj#^9kVpZ)5n+GQTM0s4Sx7$JM!CU?^-nes%n#tmZTC zMW^+$ytGva*l(adR{kcv)P(cZgW`8zz3sd6HF;=D^@!J+CP;kc{iEm#TTW9H(c&?bMgo(^mBSDkczF!c%p`K(HI0V*tAAjjpJ??q#^x77pOW>zU#uQI zJi}q9&1IA4q4dk=-Va_8W&8%SIcKUDg#Is>zpr^od;`M>Z;jp%yd5po)sUW1r;(u5 zq7&BH5Ikryd9S;<3xptR;#Hs5_We;=W8b=s*7uHuJxf1n*{tuAVY=pS&sah2I=_A7 zMkwABK%*h}ESE@~^Gr>uM#=z>x2CcxDlEL=_RJ^oBj;AsS!@_p1g0r~q-*3i2z>5h zXe|F>Arc~5KVYaFPs^t)*uhKKOSI62#x8B=34kv3Q*CQpBl{5iFykPtDj>G`a=RzH zP0cu0oVl1cV@6r*GwQ9{q+xNjSa@(5s7^h6hQBwr8;>5Rlw-OuN;-&BlcFK6VVfck zR*0)vq=eQ)+rzPobj9IUf3ne2K5s@a2OBZ{c*cmerEjNg@s8*Pz$buixzh#Rl8@Iz zTQ%oRObR(m{KZJCsd*Tp*_&GZ?_2y-%*J@0!=JX7f~F2Qu*lhYNA%3gsx`C^>*toMs6pims%R9_O(pEh{GfOjTk34> z!*$bY=+mZA#}So1ZCR_$pdJDIgWzU^U06xH?s8Ch7HbKn2hh}DYqQpT=M3OQ7h!+M zeDE2Y{XsH<*#Uh-x?K5A%U?foEC7Mez8G7BJRK?D1b#Ctlm~dSXC#?x5cTL_F2a?9 z=VD_=E`%+yB%xChT0>O6@a~87dVfC=5kbog4Lp<#ZPg@mS+bdT46nO+^kLeO)H}VV z%l*&ap8%z+) zChw41q_3X<+dsK+nB%a|F^j4AG_a?#-4Hkhp6wo<{Xtb3Z4br%!ICv`LsTtg#iI=r zOc>)M_zMn;gK4HulSKwG&LUJZm^SdW!P=drM(P#Cn!pm;zcLDK77WZi_d@zGOB*ol zp>+J!*MR>*sLWPU{1ANECqM;&L4ZL+LPEm)cB1xtgoX+MiN>OwHI9PLEQCR<5<|i& z98Jo`uH@uj+3{uL z>9SKNhQTsqFnr>ppnZ=D-34ax9jm78i64A(jNXE(EdiK&i1Fmrxl?$KV&Ccd>y2113WVI4GwFv@w_ou=xB45rn zfutu@Kl3q2CV^Hh?+0vxo1O-6`Z-ZDcAeM}ron=Jv)#Kw4Mo!HX%h0i))6z9M1K9oyl zH64h13DeVLXE#m78 zcB!kLmVoBh={9Fz+wv;ji*C~3jstC!({e*YjHdZC&;;Eo1XdK{Fz!t8j$VeD6?J~n z$|_YN5v&T_3-7Hbn4{EGw#c^#Hg2QU!9b8kI#`yLDjp@714_E%`YzOR>TA%V z2j{M}Dmci9=2HV_vG?G-#3h4K0(<;s*-7-4_Qe?b2@4%L+tlN$N9Pa6Jprm_uT@=m znHxMDldQFCY!I)6RgV*Jjc18JZZ(x`<>fDX53fO zCQBx+;M9z1H{Ev0Gc|#M$xzrQ;7N{uMPeO3h@+<;TP$ISO5Cbh4O-@c^^PAd48i$| zg@0^w@;XiqNF;7#Fj~q`mnp9%@AZvVFOpA|Z#qDO#xG6%NdAoJ0Goa$N#byJ9{YJ~ z$rN{q?gZty*TkgpdtPm*yG_T!#K@0arWsWF{ZHqUmY8cS%cSE{dQ-FmU$G4~MtRtD zyU`Ui!E zF=~lQ1O=-u!^`$gEU?$Mk{Zk~CwBC{3;Su`=dz9KMB7uG2sBU}#U}f9E9qwD?3uCH zIu`N-ID;6B_L{VDn<9Y|Mp^)J!>qh!lt032fu?dSD;*+NnJAX4TxO@W8aF{KpPu1Cdmr&c~`X{KVcJ?K8@o6f>AyVG!+;wP?Q<2dd22KpTm@dTz5lB2t%T(sC zzXxi2op;w?Ae;_j`JSydqM_Z9bf&_=_l`EN82wab&BHc7)HHB0CuE}Pp&Hjrv9V}c zwB+0D9{zg#npt8)-mrl{MbuM?mG%tQ?Ny;nQl^yP(bfRmvELWR25JyxB^m2txRrwX zbfA>ed}AbSI%vfqnt~F~zLZN=BKzPwV%`%VQ8w6cO44&4nG zY;6Gpaum~BCGsG#*Xr}M`Pm50r4+q-1!emt5SF$PZxvpNanAG@>yNr5qS>Iu!HVbU zNI?N1e4Qz_wJhHxp4WM^FmP@bp#)80!eeJ+@-g4O(ox(ba zVv-Wdb-BYQD8Cih;iMHCqPvLnMa_`WCL@*1jvh2ytW(L+X%Fb&gpV=LaYleOdX-mC zo$_F`S6Bq2cP6pPcP|7M+pCyMlZS3+8c{4|uRLxxMXc(t%-{8)qjW5lyYp5!PA<;w zq%3>lB+S!sn$QYJQ?MRpnruj5yOJtOPR^dvJYVDx>Mmn>G1%K$FIvh%J2hm(U99w4 zc-~srO(#qWV>3kTtNWmI>6%!Bj%$J~0BGrDBq0yqWe;9bNj+fF#cnB{6^l}rS}ZFg z8Zy@Onk(=WQi(QaB-EYPj#pJIe1eWY7)H7uGg?@OVMbX)eQe+fFz0K`8j5l@N=c>4 zoXV{%WTU+mHb6zuE;E*$p#8ciK39PLyQ`b9tGvW+B=`iLH!@}}dLo{UaV3)l&k!6( zm~;^7Bm+4VZKgwa?vUMd-r)jJe6};+Y#zC;39*qeEIFZGLKhN3*+izD`H!HlbPkf_9;>KDIef^HcrXvU^Hl=RFxH zFg;@xZ6LNBvQGQCNn}wL9hN*X^SH7UNADA$m7!@}RvMG*31Dg@lQ^8}0gwGTj#^JQ zQ=S#6-(1g1OLd+G9ho1r);>b$4^^Wr8gNVJj=-tDAD3?7jLDlSBVtd3)5&ZH8l0o! zGK~4lKIM9B z;|mSk5^XUt-}TF;j~`7MAA^>gfQ zl1F3Qo^YvJD2tD$(dL?tofK)2h?ULb+4ww$>` z&(-ZG%Cq;fz!YJXu^a4Ux~meFJqoy6xsP@IYD*cZnjC0>3-gWw26Hnj&e50 zMJiI!+&nt+|9xE1~%iV&~q+YOpk6iv1UW%n0Qp6Tt5IwapjZr^-K`hQ1M zRK>zeH>i5q3%#NZid0vZ9Au*u>@!&S-$~I{gW>f$CuJ0eeLnn{oFOXPsosIT^l8GX zh0G;aOF|GX0={K2%STt)KdeDlDTlRII1LU-FdH<^z?Ll>hLu-+*kAf7j@AJ^7@uQ9 z@y0RxXGozG$4GZ=3#?o2oKAdCQ_Wi05$RxjzPg4f3{)^evG=&8EFPSYlW9?+Fx3%s z7zHsk<^2Xm%mp(_qf;;kd%YVB61P!6@SH869!-3c?kJJK1wvhi7OT`ixdYC@1d+8^ zIH)NjN!7nv2*vqktQO>#28>55=VU2(Ete3K#i(wyy{Kaz=!IA0X>4tm9LyOq`2iq* zUAv6We63pKx|Z6awyJ;S-S!+k%t|8_zRla54D{j9@Kn8u0=x+frQl zlewW898aRk2t~HgpcBqrfXRIANZ*tdEaZIHD0C$*B*9SpHgDh2jPSYuwhUA1CuAI^ zrg?uyoX~p{DPOEkS$i$g4I0RKH!^UbS)W}n?nk)_=6Gc@^9H_vX51*!#fBtI64Si> z+$H;t%7bbw7JI!^)_NFWJ$I{RD>x7?X zMN8#gi$mc8r!GY>tG1PuQ&b{avGp3YK#g|#sIMRwu)+wLS69N}a3X6*pI;9bu>6;1 z+nv-$Fe1O+j0-RAMRZ6PO?o?Dk7>yT4v0*}ejT$>T<*Yny>t`6x_+Wh72^ArY%%iw{y1jau zcG(7qaBZ11G8(Fp^?>wHIx~%!V6J=Ab@D9@HzwCF4^+tA$;;S|=Fk*|c{V~=Tsirh0`%PvQHSG$-g(ILy zQ$L$V!mFSw(FzS=>4+$C`Q^=jvlvC)U7$u9hl*W6q3uj~TkEdYUNz*WqbvnQAziRs z+Kb90lu$r{P`wc~=b0&6;F{%LCJ(Dr-b5%1N9)wiq*A0N3ho5xbJ^4CYRE$%pd*Khv%X93%%)4KG z3Qkz8oh@nFnJOYU3ss=$Z6@(Q9Cn4z$Gr`!O-1uAVmzx_-RWse8dO6cCCEv{TbSnrTdQO@y5=cV|b)RMgEgx8o~^@aoK zN#JOza4Tia*!ix^B1B=7P{i*F{caB-EDQXc^%V1_-(-v34kV&BKP{t&$ zBUAmn+bz}X=z~-#J~b7=Qxk-BXawyn-Ee2DUZfaEh0x_)o+g)DfKMU9jou(|x@bKZ z?`LF41Gxa!3JIb8&ICJ$!6odhvo(4Y6)`b-7jsa>GD~i<9r-te1A(dK9Rrf&WiQx~NWkBn$Vtal zbIFnU=xU`r8b!-9{-3fCXyLng1jq(7*>@UUjldNHxyLZlLfhzisJ1qzo2tb!)w%{! zM8=YXfgCuPa%o=_&fm^7eQ&N;w~U8R@??|JMrSU{%ONd{i`!dK#GTa@UCFu;^;!KA z$DoSmLnYwbtV|k!g0}n>xD29!(ji=nE_vvRg{+R6S8Gy9t1VrTZ>6Gp0%*FS|0?ZK z9ya&{m?03mitDYNMY$^QQCh9vxn!zt zP%J%oZZIxqYL>7HVs3=NQ9d!VZ?x^im&1Gys!^;ODK;yP9)|E4EWN~d5}LvscCvt& z2;zC5l_`5lZ|HV1P zHSk^g;DgtcAhjK>8ywdXunX7yrjz~XBFJiS2X?Z46gA%=jZ9&cTOz&HF^cc~I@-@P zD6nB0>~3SacX0EsFws>UW!jdZmdFxls2?PjycA?;&Dq|0Injc$+f=Tf&OF;UMG5408GQJ`eX{Zp3%t3 zE^{YZPGeJ4Mu_BVX>jq1g3%(Ey@<#aV;vt8*n(EZA0r=qT~JlTUg8kKV3dy8nndB9 ziOAL&1~*RUGLP#~UhoD^C$H63i|v)tOe^f_X>S5eaRljj7O48aY2$yBjc$q?P~P@V z4~8_LuL&|a$!sZ%n;dOj>PGC_(TyjsOVn>pMQ}69{+qW6%T(b-TDFqmGJWWc*kH-N z{{O}U3}hsB#$S$IU&p;W!w7wknW%2ynbqAL>?1U=Hri||* z&2pcr#q29*z(k3Ou(SWIL^;zW;js1j1IuCW|25fNo1MUI50bA)<e0)V4x`DdGeM7T5>wpmFQ|-z)MKH57n@=3V- zUei(f26+NW(_6PD^ZyHEP~m{PZ32k9EY^Yj;;nn+!bnxqxu|WCQzRIK3x3pLCEJ~k zzCzk}No9e}vr@M{pBD#y0*EY1CmDZ`k}9UE#qDkr@lr04y@aX7_4M)knWOo6SJ9dy z?BB^(*0|<%6_#*iPk_t9=b0rchqFvRVK(;pTvgEl6;68qq{1ceA1i#UY0&N7P(QcP zL7E@f^~>R6Zz>>%3_1T|%8j3%Y*;I+DKs{8=(l<%X{~B&dG2C@*JPjXd{1N!>(KO( zKC;fy;(2b@L}x1&HIL9%S%zuCv}r2Fa-N0p=z{9GlHS*X!LCrgmmjif{sg0Z z+Ai3m%K?n2@bs(*zmlH9+|FGq@*ekf%@D3p0ugX9oPt00ErjC^D#6)?lsZ}H+tsM~FyyhWL5ljXXp4h``9(U#E zr!xY10|jtD{J!Z-$IywxBl-%f*2ajl`;=JKmh!+ z+FxMeV1h(Weu}=L38halG4OzErSx?e8kl?;_stm`Wety^|8+F-_Ye!o2*JGu2B%V{?p=3!PdMN^ra;R=9$&fvMc%>gTw8?(r!_&ll0nsb}Z!oqi!}jQG}l zscX*7Mb%`0>nip*T%;C1@0-*ASTH|P=0DF;od57}cszfLWk4hMXSL9?ARF zfAI|dl$Rzg{3;ZQ5ncc_=0)mlEB&7Gsq}mPb!eZ2RPr6E{40o z75VegbTY22Mrc~49k6$P)xM>}nyDX4ExhjvN{M|F{Tbl`3uthazBKd|$#7;*WI?Of zNoHB$36Otj@#0(2=+EILp4y9VP3WRpXL)!L%N8cb=F3FUM#fD@xmpAvAY3R-WM_)12*h?X)4>@5VvTjJJLSF_lyVv!<9 z)93fajJ=_vU@C5VOoAuCaqt=yj+QGuzUgtw$>~;@Yt4oIoRQ%i&_nr_?PVDE!@Vp3 zMK3|TWsiJ}_-c!*k#LGA0tX`-$IibXHSX8Ez}Or;gL>tTTR^RYRoJN7 z@~7wD{)!I%qTY%zE_#u07qQH?(0^mDIcon;zkiJA8E{{90guF0OF1sXa~zPJmWGia z83?2z&x_s@ma@Q2EKEcy#ESK|!LLcdHH#9iDDpS0i&{#em=a| z6Ca?lgiqh#BAHJQrVF;BE$9f>M#;J7AkOtStw~>=v!oQSHA1)Ej&o&S(2TWYpap^| zpZ6k9V^3Uk;H#}%O_fnHH{)A+ged64(`-mF9U6CqW$d)*^BS$500PWtW~RFa3|e!S z?1g7lLM4IL16IQEV`>xp_<@{GXH)%IRa~SU(Y6TUSVPj)N_1E-E@Oe_D{Ruu66}H2 znKjvoszS7q6Da6QKQS$7?{V!jOSD}Yk3g={)d30|9$5o*xi~;SCt0hdNVphF-1#yj zE`r_Kdk!)b1`adsPIQyTel1{$T21b77%{d98m}Q!!p)ul0q}yMna@U6kS44I`{vhMv3GY+ z<~0)QL<=<)VUurs#P%drPy=7+uUcUhQgHL;6Z>=8O?+6T?wvcZ^-~L)nUHt!7PS21 zmF3I0izzcGwVwTXh&^cA05UINT+>MVP{**6(uo* zkZosnW*Fg;z}{w39Ghqb`x%dh1fxn6q2Su^Gba0afWMxm`j7Sqeir6Au|cIrC5lP5NIZ*w8=r&9d7&OV;TO;7-F^XIv7~eZhm`TVWYkl`gx_!AMQ4O!5PU5ytJMC<9 z=gTBsH_>djlgq17(7>1!?Q7h7c4e=M@zHoUDb}I2;Wjm{%?lR{+C|oy7Flt?9)0 z3nSRv)j%N;1u&g2br9mJ@vXDx`@Q8yHzKEbwwa|eub?qCrA~9_o;EkP)0!H@{w$ z9-Cjn{&Vn`dBXaS0{mZIRtsPKmss=$?ALNA#1M+3B@^q6qLOI^=XQ!#`&|n!(8bbE z2br}hfqat~Bs76`uts6iTg3&v^N)r7fPtZ`E51klEL3R=PX=hUfSBi}y8PhWDI+8e z`X2CdmeVeim>Q4i>=EVh{of99ARIJl;Nkz%c@OkTg$f4dUyg+^trMg{D{?PUv|z53 z7K97A74SHUwq+co(ZpVKB{CI^@*He-UQZM+;{v^MWXfIt%tvDmnmYAWI4Qj(Dtk@{ z<=pJ#G?8h?vFI9LCO9g`d+T_)XZj>@=XSsA5a8RGNLS^**3l!VEVJ_U z*2CK&bD^*g2_-ELmsUT??;~~%>pL1`Z9Qh!+M|G=1So{VLJF$YI**y#SF|9$+0JF4 zlu+q-ppK21x}C`+IWb7My;ci~@@qm6&`Kte7EP+eNVN3njAL z@!5yj(>8|~p$Jio6J}?uJ3#$wojDHL&J;bGbRiog-XI2sngpPXw7m3Eo9zn#K$ZGo z{skzt+%eH4Vo-xsMwK<4wgI-%C?aN{>EsA$>ouHi?N{MuV+jgCST3=SteagC!G-E2 zVZUQ7V_rav2u4!^?nfdy1Zp^a0-M@)JA?B8becd?&DwYqyewK+FfS4t+BJ@Qu_{q3 zs5&WHY3Lb+bJbSgf@gG)iqb`;ooFzD8j87^NfnE!0~Df(G5)eiKWIQ)V$|#QLWN(Q z!K7*XU>m7Cep#!=J`^p^8CC(NJ%y688LCzS2Zt#WV99!-PFVFF9SfIH+gA4#(&+?Y zMpTkI`6VmT+f@gj#7gWXU)pRzysO-=_b>eOOzd zCa=jGU_{qGJ{3t9Pb-avyO6#+O8?OsI2fkz<4%XOgod1kc7=Hx=Tt2dP?ZAq9urEl zSjKj_4c2KVFo}OGejZPzy-YX%HuTv=9$x(9JUgM)SD9v2aH|)MIP%2R!YhYw8E0j8^h&~`iLGTk{SPL*WdKE4LdP zvS)HT;+Ugc)l;q&J2rISsiBAteeO#GZE(JnZDC5)vV`zkP#Im^RPi+)xn@V0;}A|AWSEMSvo~MTpq6!o-F&G!t(pm%f1mMkLU) z0z#q^yKi6f7+cxIpK|WEc8l(@qu7tXqAAZ17W3?OAO?%la6j-$rb$U&fDWJ472 z{j<8ngrMvl_(U!uut-002jZaYI9HeJ2?BCbN<}GC6FQm?Fjh3;fnO2b`m}KTTQ4c6 zveh6zz}QLnRDkX^0zU{LSEz6@IU1oVE=Zz1Z@_qt@|p|o*h6g+)8geC@bM(>L#fMpdCBZVl3 zootYE9FmT5%zE_0;6NBq)1!uJZy?HvlBu+lLoxPm=3{rzXF1KpqzemTJO(5ha+dfI zm$}RukDC<@Pw`0dJ&^enkU{hUP8Q6q&H`nCUzF23x-p}R}`Or3i56)c#L za$#-6I<~5Hg-~4uNEKX0Io}mBZ$(WwmX9}+NxipM{&R+qg(OAZdke2cOmk1)(|E9c%P!pkoKsZ1b}6(@fH z1}!BOB;>ZvG*hp+>mUkec}!Zz1A8l8>4hsg;F;Kmk_g^6183Yl!t@SyE5+NFl_=lqdvnk`mw;WmaUI`#;VR_ zfx!+pPQyS8SB4cYsHQjY^AGZi`wkV(jDmq=!A4y)3h}-jv4C02yA=cEqf^c|##fYg3tI6yI zbgMyd^Spzz^v8zBI}msO=||=qRO$e0#sJ*vCyaj0LrUIam>s9kFY|+W?6A@INEjSY zfn%5-4iGR3=mK`Rv9rW@nH%}!sG8&A*AZ84&IEmOiw@2J@;(8Wv32Zmj7o$I8N5)= zS>R)RwYa%?5IK)edR2iV7wYW6J*qTh=0*g)vfawWuT*HVHch#D=vO4m5yEnjgn zXx?x0oc6gWde{Np{XILy)Ro`t2cvC(ElU_2~J8x z;j&wf=lp()G>3wJ8!uys4ReReYY(^AR=y)B5Fw;~2E&EI6(YvPjWdS(GYUvRT#6GM zRMa~l1|()mgGDU?93a}m=Sj;%maq>ChSZUej{46rFXRxpw~9bDD0t-gfq|?d&5($p zYB(&1If?tVgCjrr*&s64en7#8WlcJhK>8dLoTT4OU*IR5kAfE8#C=S$j$iDeMXsqY zh)RavKU3-e(2Tdi$@Y^jQS>L_#Lo}%w4{C&1aUA~|LAE)XJYZzdwV36({|ZHQIu;Q zKQo(IFVV1&vILGY0bDf=kKKM%UGH^_BKF;f=iP!a&%v{t3UOi2*YA2-z5ALNR@h}s z@Wf#eOjFE8pMw_v9<~C)=o_J9I7p}{Fb7~KxlwS(IRKDJ%!>?wB-CmAfEn%g&5r{u z97U)*0J0Z^{+Q{gxdk*T9Vt+5N9uN;9Fcd>MbbtRb#f%*%ruo6)T)3S@>?TZx{2K* zaZlWU7M;D8f3|kM+PvG0bC(Cw_e3Jur6D)+EAHA&& z>||_hr+yWkU=#1yl8KbHd}bBoTx!dA^8RRezX_%1#UAj1BmmZlao#ca3!Ii8VW6Dx z*uL&e1{N9d7jAt+N*)R*Sxs%6IUxk4N<=(M8XpN3^a|sG{#oWUdnX)*LvMxYryKS?P2K;g?yck6T(*DVBtQtk zf);Or21;p=;*{X7rNy;Sthkm6!Cgy%Vhv7lEl}K{xKk)jvEovvebaXDefBx;zV~dv~P$GR2C$&udg)+!7?Sc{V9t_f5u7pV>|E+fr=Nm&5MAc&Q_9umc*39m*oIPvTW z8>a(MM`F_K5JfZ?)fMRBxVK(Lfw51aGnQ0%E((Z%8IHl&Tthf-fCZID3qP+>LR8S| zK++>p7t2W8ibB!kI~Sz4RVSFP+^o$gIR|pp_I46sQ~mM3^lo-j>Fo zG>TRUK6=IA?5@HUQIMcgEb$7GBo~M+9!;tN?c6v>5A<_+zsIo>4^fUgr@6XP^rct+ zeKDyX<+&C1kq(COGMFQ=ga}KFz5#oHWG`|Z@&6;+ms+pz-~*Jggq$RPu19|ih@vZu=M94;^b(~eaS9XlqA?hNfGJnJ zBdUBlw@x0D?bDP}v4F33c#WRAnqHsAgPeyS)a*hO^9F90Rq1TNjBF$jrE?$PzwSZT zL3ktn(#AJo3Q)!V&jR^V6VXv#jEdoP@rrrk1szBl$HSPgWkV z!Pe0w8gsS!Km+EcVTr-Etn}%D;UzY9tl>Uu^zXxE-aM@$2WooT-ukLp@*z`yA1BPq zymq(Ee){ob@kQa^f*D>M8DMUai^4UFY6QPs-0|<|k40NlD+KoK{yA{t@pGRx5aR~% zo0!mQ{GMlb1%@oFJ>}68P7<2l8T(@M9<^KcBa@kh|GIV345Br~4WMKe+Na z&|Z$C^n?6f#2c#GLTk=@d8;Y zSCoQCqu3N`Ev%C8-xCXJo|qjm5ZTkyi1pl1F%o(jsjPG??W*fS8A!TU;rmSlzK2oF zuvFj3Wgvgre*L;=?%8SZltd0Yo=Aaj=enE&ksUm5OfjuRP9=#c2rzTXx$KInM$&k#O+!3t>u1CF^ii2N)#!iK6Mrx4z6K?|t}$Fo3Bo#3tDgM-jCv z5CZ-Iibs3(aP)0KSsiZlldnAhIJq(rTaY+XKAlm<^%$aeMbc3}pU?J6B!P}=POf&x zq$_;@0FYRkLjjF^84e`TLq8kE^VLkH73L&fFOp!#FoZVSkRu&fNZ5L>*vA@Dgx})I z`K|~^d3+UdPnMI0@`+DUk{Ag|$GQ~&9zxv!YvA1>GRS|t6l(<&BDFx~`m%kw!dpG~ zC$(#LQkzVWc7mr+IwpPogP#}boqGi735mu&bIEOFk|%oJQ2D>@<(xJNDfib9 zEOG+#ocZSJ;N$faNO%6!th=Rz7uI+5`yDhKG6$%Zm-zl#PI-^&A*m_VQ|#NiZ}qs^ zD2-1=@E8z|e>-09i(`@W{pCm)?{xzWZA{aGNV_qsp!R^JVs*OxXc@ybC%Op|U2RJt zE(QZq;Ayxj(!+G7g8_86&VraR4L!R>ku=elH+CjQO`qvnw46<^-}AB`&IbX>T8n=# z{Vn{DJbpTH`1}ZBPr2z2{FHW~xuV)zn@_I>jsF0IoYp%JN4wi$VE*b4OcSs?t+8T! zkAvbIYqrOaCIqlrU-?dl!tL0Nh>~V>thQ%AU6b(MgO;Q*QVN=%FciJB4!4%)eUHIf z81QG$P+V$nuMWCy>7b+G%jy|QN{+P2r!_Y;!djg6h4ti^PZ4MncBix0ZEncS!S4wf zfJMV>+Z{1N$|(NuGTqp@fkgZt0Lvxc+(aT^wjBZKimx>Hmh*}C9i<4We;<4P7ef+j z_ZEief%KR{I-HFi5Km@#7tpP2K$A#c#elYkh9mN0gx=**y{6;FgB!z&G&w_jS2x2k zDm4w5w|p?lygqi)@UU7)o^^r~!Dm-7B{T~oP`BY(b~u&XbzWt0CuIv)CdcGA1ThY~ z@VX$Z0s^?IUn**YX3tOi-;R`j(>6y$7`YzsjjvrDU%*JYVT@hQf)=oavr6c=ztH+W z47k6?LFjG(K=|^U_aP?qtu3JFhyv7itc}}=-*R4TDv!_s<-Hj*yhW>m+pEG=?P5H4 zLZE64C#4Jf8Kw!tdzUk2th-<@lPqvrywNkav}up>T#xi zhWXC7{e^lPWo?Z-;^25$v~n89@MFd~Jpn$l&K^-DC$Y|0F&)nsd#VV^m^%`{%QlCO zt|bbhBiG`mDDUd)dJ_aD6S_noB;zFipqoFK-{2NGR`P+UjGcT)BHh3X8$xOV+zLcJ zz8XCRBZ1osJT2t1fvet(x`_{5yFrhv#m5weUcpbbh&{6M!rH4KM-HV2aE(?~o6vi% zBUC6qvF~!lYKy%nI_Tq?QiB z{SMX`NU=$6VU;o_3Ev&<0j}`gHfqG#+*2!TxPN<6@7$lJ=r>2lUO^1(So>WK^CYe} z-VB-`fOxyrB^r#si_t?RMa}C2u{9S2Na-Rzht|4>f&e8^RU>(D1;lcC43)Y$q z7%~d_3Jv?qNQiYFAVPNdz`F070Z5sW9!@ViHqU?`mWNe%!fIKlQ{D!a%(3$XrlICQ zb*z*^@J`CACwG)cld!khffP-zK`kMA>=?D$o9`}1E)_A7)z8D6l7;L@2Tiz1q}R0p zgxWLI;-w{7c=d&J4)IY7VY1AzWX3d`y0B%y4lzxoVFUl02T^66L;SdzBYiNWRPJ>g z0aK~kr%qN<2tPIyUrp`U&n+q*!Wns!#jorb=m+VJT+r|d{M1Jv@TO=7nuJhk02;_T-{8_N&$!zct`3~@{t3RN8H(4#HsWvCswPOG#6eigJ~n(#q;i zt1C22Fl1e4KLS`fzKpVDEdux?q6wx>Jviyf!2L4=<2*y)S8D5T+nz2|%Xe+aKFn?F z%Vag$Q)gG_ldl{70Z{eEbzj_I!sNbcK`=}%SX=TfNUz1nWA(zD` z&5on=O^hOo`7BG+sb{wVh#mI+GX7rMvp4>N)!%JxzKslg&U|tz!L{kFHRLk~!dzH@ z>45&6V>fY#Nw_ro$!4{b%~-ksS&k9-g0cHGHY7^}somx$nH)}KXN>;l<~*^#+!Ev^ z`ZWW-iUT6CgUx_vCy%uHA-qTN1G&UeD0(8CQc`3{GkaP#6(QJbqo?gUEK}waXaO0f zdtHQGO$)B83{?ICc!yy^HA;3}xNW!2w_4+IuBUHTb0tCUx4Vn25LGs3J+uUnY4ZX& zH$+xRD4@~Qw3DYEl^1L?jvvxYk}XFN zodN`mRGM~QXBTlKP81A4!C8v6E-8yx_AsL6YLQvo=Xq0Cgrlb4ZSGx=M`_Cb08~m{ zTA)N6Ae?N0BZf3+Q9JcRTHp{9`e+vq-SLc5xr8a#>Kzyym@IvrKW1Q)4j2kBzdOH0 zA^x0@MlKv*6?Q+SL4o)Hz)LJRs&c>8$fBP}9PeD1Y=h`R67Fxi@D*?TQPoqpFjc7Z zI$M5dwcS8yxH z25KWwGXhwM5hazdp}7T_0kDhs$&mCMOVl@J)RBF^{>f$9j1Zi?UcXnKTAi)K$aH3j z#BJ}=eZ%>hzug+j4?WhbN`x?Def0>EcK`9J|=a6xBt}?h(f%7=w~~jk*~tI@yO>8~M8sCbvG`Q!SF?L0X1Aog(0;574nZN9d${%jxzE8A1M4k2>i!f{+|x)B0+VLu)F-6Phh(= zMZ3sQljMB3AXKOS55NzAP#2kK*QoGM?+*avC$0l^DgPiGHRV3aRMRJUGAjA?ebd)n z$-tPX6+ojtZS>{gbp`v2OkBa(~7i{lWit=3m+lN_q^E-~|4m z2Kk?!ze4`WbMoJ@9c%snr2Q)A-%s&Jjz3H3-`PkcCpCore87K2{fD&bE|R0cU)AyN z$^TQ@@7N)s(>S5YXvs-U$;r5%GXF!`Z)HwKan(RlGs-K_NAkN*<66#Ndj79GT_kj! z>eBxit0j5*@@JU-9}>7vhpHDwrT&v`RPqGVa`tr6|1Y-oQlEcfJ4VTz<*EIdocpwI z`0GEh?ZI%JV&+e_tG_%_xUF5DU$7^5gt(pEUo9H<0i;0a@XJ`jQ0Rb!qhq)1s&ROH zhxT8{Gq4L$_yN^Y8EAC0;_BwD66{~Lyc6!psd6xPJC#x6xTSo4kn&pH@ay5T zVnSp|qQNZ*UcFu^9aY=sW&EGHOENqn;6~l64H~6jSNkKk+M^^-m6f#Nk}P~lh%f92 zK9O)^$kUW28f2NQF4*s+a-XPWSLzwdbBD_m^Iwb+jmetN(p;Y9adc~cXP703)stFy zHrlHsX7DH^qS|arustk*9K`Zl7Ggza-Y&Q#hSF%^%sE;f0)wLifMPd$M4&1@9B)(H zO$TsJS5tdiXI4BC0SlMEr%LU7bhX$b`G)ZQ2NW`Uh7X2_9bA>O1e~ek8;O5YgvwHc z$b9IS$|ug!I>@^$UpmkET$PJ-!9$dB7RIveB0Qe_uHh$3-&tevHF!X z+HX{{%Yk;rNB^GI)}QoE{4ekuPWJ528l6unN~A_T-hPxCda^Kd{9MvSE*lao3%AnF zt$(&QaWD9qkbTdXFZ)OOtgD>pIFvJWm7chL2cXNcPX5hm;9NGLy_p)W_Y)J3-wU6zEg`GT&9)!Bz%Q0#+kX~ z-9%v;kBN&9zvwHP;g$xj*iM~w33!p1spUL~C|viLpX7=Dn&-T7vmRKA~nVTD+Q5PQANq>$HE@%eb91`-P5 zGFZm0eWzp4Tf9K6oD(oios%zXa|UY`SK9Na4{a+BD^x`H=Up8xt!HTL`?z> zC)mY)T~(Jwy(|VN3Ve&+s7=YC`2LoX0f$>XrSCv#p34?w z7Vsss$+9w1gHvH4s)r4j7;FobBIJeU6PcZn2ai54scrz+i;kFPvI?;$VE_;*l5@SQ zDtNj%5Hkmrxk}It?h210gKL0;&UkWJYLD=m$-^8`_O zUG;d2$kkFe!&b&Gu;s#>TVyh3TIKfj0}0Kmm2t8QqtEsSq&%UbP%p3}=LMnKYc|67 zk3{>{3pMA7;bHjAZW%QkV-jn|7lJ(>){Z~id)=mcVRnXarnfSbzo70(S z^71QgY)nEBQ6KpNG8WX3ttID6(;*y`b+rB2eeS#&K+0n*Y-yVfc!#H*##3%?wpRnE z+=ZFFdT(-a(O8Os?*VV5(Q3DPa2P%7{Zh$(0~}tII&Ao6{^j%g5!-?MN;o__g%|9G z*$TqFQ;6B-u5JGk0ynH>L9c<^T!-{z6^0qWJt?IH{opYCK=gf--8_#o_zP6hf{Z1Y ze%4TRt3qPH1cU#S1ut!K>WuSJOA}3AY$kKGvFRmfG5{Ora+8^i6n@i*LQI?_mE}HT zZzplbbQc7bYSbMJI;dxiC$rezM?MZ6GAB17V$onu_I&koX|^gm=ZLoRbNNkuW?Y1O-& z^<#Qp}>(9 z+Mt@Z=Z7D^ZAr&Zf%XYm8V!o%0_^g<6L(x&q*)W`uL^&($x6Qs^0ZI)BJ$&hKRua~ z0-Y|GGrN8SOfrlRl26+sCeT6|uiRLB7(fIR`cFgQ1VruK+{k&MQx$-rwmths`N*h# z7*8dfSwA-QnhT-VO$AGjrkFLh6Qqnhc(A^JO)+IuOf4wg`6@axkuL~3_Qi!FZ>;ml zu`rY8@JEV-C4lh8Sr-YXJr+7{(0tB6FkD2|&yE)>7(!pC*4+OJv-(f5vz9RI!-GwUH z*sqb;9ui9msI^}|dVvx|DO@5GkKld~vHx^b*!exdn+wVD`QF(JV$G=K8SM zKE<|ASnk z7Wb4l`xG)*={E}YCE&Ti9@<; zRDeZ=A}6{p_T3q~R;XKVJ$L;!*RPrIV{Qi96@KfDWN%fxB)j8h#w64^iI=V(?!YjjRm@H0h8 zFYQU85-u>dH#D=)NaU}Nk}B-{0MrD%PLJjz-Z9^zz*)+s_KT`UOq>p2k`@7H@|?L1 zneKYTx&lSmmLr|+it)1EvJauJ#0IhB6*{QIChPnyo4f!ib!M6xo$Jfr%_0L`6)w&) z{2LwbdvoeOp>vG68+|0o9tPInvD>p?Ou!mqAkEwGZxuCZh~ zZfBf9v<&FW;QJsT_5^^O7p}h^!o# zV6YOWgi`X$H8{r5jbTZYoJUN38cfQCK9WpQ5|7pdtFE=05-# zYpY6V0C~|U{pbIZ`bnLsisPv zgO%fsu;>5~{;w~}znn+Mb;qN)*-Zhs!iv%DLwk z>!=Ho|DFJZO4d*sy~IyLN7yu4rLnQF#=m7|@Vt|JCX3d8>cEoCl)72d&qiTP+kqz2 za||W2pm?Q0dn#NmL1KB6{6+j;?o1paf5u~Qzw{H$;PCKE(m#~|YxSu{OMK60gKhauWz(1L0Soi|DVC~&d zPs}76C`0J`h$N(4Ky-q+U|2m36;e-KK8DC~AK?Z)=wiF9_KoMYy(qxLPOD}4GTpD; z#k8D3vV(h?k-D=6Vtu_G=1m4}gw#*B6aj(#Dab++M!^hlb;k%}{_QJ+v9}MYrmU2} zvp(txdYr*xJ+5fQlSOH|=>T=1++OcI6T>LGl49C|35)_4c2dG37nU)BE(dnSfSGM1q zrXS7cjbknZ8#Kba7XzK;teXl7CC8Q`Ub)Jq2wj)}>LOkW&G+3^VeOP5i+3B10)T6`)LL$isY4XpXK70(f=WgXoK(?KU*=>f*uv$`hYeOecYf-YqH8T@yeN_YR1- zu#ovK9v8fq*o=s&P^=QhD2DOlUsn72vhdl&f+V*tU(*unL?C}Vv`IgOSO{-Q?MV>z zd$PF?LcMYDmCBaQQw@Y|WqF_N_FXUten8FA)7lsPeSgZ}NJ=RKZ4@01JpyXdnV2S# zSmMb?Y;yOSqnzN;Y#J^F@cD$B+}_mJd!uo9X1r`w08Ik%6-&T-BEIl+&iR9PZ>W)h zl27i;?T6jCgI&li_*mZX$Ve7aVl8wHjN&$3_OD%fb(o=!#21hDvq(v<;8U`GH!X}o z`{A#%#MBJe(Kg3pEt8kOyyDIAz5*|J>v}`% zo3w2^dGVYFXcerAg;6%4_nprpwXi8PGX}BAZ{@dg(Z&zd4|T*KaGr&gxB_ukTKTRJ zs_KVk5;dRe!X4ZY_qgD|DX}|}U~8H)cJb2tsWYwJ52J$Jciqy&GUl`)C!{T{<_;c3 zfHSfL@l+x?4oD|rTwGJo0XkLO(e(PG8_$HS!h5ndrtg<)R+w|5c*1R(yr1FkrRk!% zNwleKtLL=k90+aQ>i26`;7tJFeQ_(dr%Ztib^VNwZ0JQbdnmC6NSC$a#pgq%@8@-T ztYt97;+Be4;}H;T*(L)Q8uo-8>dwG%Ze}YG9$4tMoqhdc?AnBA2Y3c>>s3{EASZsd z8MYw)&S})mLR>#+TW^wAJ}4TyEGA#Aze-|aiw&n$Z}Gp z*pb{3j7$nfd~+i zQZ{1E=M}sEx#z{?r^lnq_Rz!*o&4J+U(oEv!g^!abcZyW*XUS8&W2N=rEKGH<@}g_ zO=7x_y454@fOatxq0}ttVQszaGVkt}#hR_t0@Sn2kyM}<`C^_BQ-j^={BGAWtfLHp zdEr6(UvCKzVY*G&uQ5>PGcU~d*3VUl5Y^ndN|%=~N{uPihh2xhr_{8}vzXoWEe86|BKLxQiRYl! z<4q*5LgLrjYR%sF zKLGsabv8+ex7!=(&!ic!6Y}fht&fcisL{j}xgUIzJ5#w8E?1McmsTP%v}{UyhgU;T zx{=b>m#57m4=!HJD}Bba6ZK1a&KxiDbApH2Cm#;mtn+^r<$;JxzC&gAVvG2rfN~iR zg=O0{#tt=nSQ6}e_QUXJrtJ2hKnE0ibHP6?wEYEA-b4)i@!ZCYVAK4f(MMCc1FuwF+mdMPq7ouf44eA(kNXZU} z2PeT9064VWPi;9)6C=r&_5 QVlo|6f{$#64R%)4vQtnrf+gdBK45;v8*Uj(yI-S%!a4P+HAkZEuu;h*fm9}2|ueL zW=cQ{D2F*UyHc@~au!WWEhtx82uD~4ho5Zru3LoXQRqUrBO`L!#-rQ^8w0`0{SSu5 zcBD|>uLB{_Mu||F#!HC__OG<-u#`=`fO;*?A-#J|qp*+vN7VI@y66(c?&F}yglLP) z$Gx$%q@8BZ^+Mo$_m?WtC2sGVO$ig}P^Pbb_PX^y{h5EMBNCHZo+$i4P_X<`B{ z4s>_Y!6LhTZFro{FPcPRBp$LoJ^N@aKZr|@z{}3o+MWA8+>BaTEE~q|ru^(l@K;n% zfmeR$qJ|57gZluH!U)?eHS&XV=m}7~QNFoJjls2P`|e^sh$Eh4Zo5$jS|#So{i1Pf zSos!B4uHlK|GR7heM3~Xsn-mkQ~W{lgbHo^46Z#qYtpCXDvgJRU@psj{M&bZyzt~X z0QDOYz9tWj`nj=4XdqeZoH2++2D2q5jWl2zZKXBMOjobNl=2 zR+J6Usx_3j^qo7ADs~bG-pbs?9f9^P|J#g(DI}NP zPJlxE5Ld?+f^`nlX#^%jRRrrC6~qt6g1NHG?&C(69{}}zqdME{?NwFsQ}`Q^*Sd>3 z@O$OBLi=LtFkM3BJgXUW&_%->hzwpIfQwx+#C3|D%#zz>#3YSyW`6^BTYhx8=UcZv zu|FazEYDEo@Mg159xR2Od0jweoVK5XD)krx2@$|^!{lJAzK+v>l6Ju@>Vc0 zMP#&V;;kZBsiC8m&r69Wv?1u0Z9SQQAfRBvI8B#|9bHB__3Tmw;8<0gNC7`cgSuWs z;^__Roo*6)Vb@r&;KrhyR#86JJ><+MWlt;nvKZcZRn;V{$`xQ-C4G(stNgMRfNzA` zPq8c+c}8jsplDlL$)F9K-zO_)&)jOg zZ`AS$CaW#s_|W2!jstw;>AfgpOhk3MP_lcy&Sag_|!7v16Rw#$oq@aXj^T?ho zI;r073wsFO=NHotyuSLXYfpXvM&um2&)Ba(ty`{<^EQGm`zb*zjp`Xhkg_rsm_`kc zG~zO$KxDseg`%PN!bBZ2@JS+gkO56H0v1M`OD#f14mpczyRFkNEchZTmvGiwi{W~v z`Ao+Vv&X78AQ6Y?zH(3$-2=cmVp4a}+Q9ZYlJb<9Upy3gpciSBX8Kek44$X-F%j9r z-8kkqbh9+gtJEUPkF>yfWD|dzGeOUY`W03pk~6)>Q#QzGfk{1^2V?*#1ui6W-md>h z;QN}DB_@c_fLhdoJ8!42TwEEG93r#K`Py)kNpvLJA&ucx{cb8peaP1EQYQMEr$t09)yw)>Ns79A#7YS5T$X23YfZuG*#rfh zB3EEi!4S;01zLP9Sre+Gr_DpWQcqLX%8%H+b+-S+Tv0 zI4qHkwq3_qA574)+*~tO?tq>ZP829azsMJjAzkf|cS82iaE8Z$nG9VIWXUuD5K0R= zC3Rw8Emo{bjrNf-)R;(N)^;s`UJKZWWZ+Q&=E(+!QwLy8hwV@zuamT|^VlmVDQ)IH@XE#f#+g_GmoMb*nL70W&(Gq>XuXC*=@JyB;=Q+DrJ$acAfxZ%6c$Y;@I zPeB<%WrKomd`rV2dve5t`-^@XIF6;fJ^5yVepAJ8W{HW_8l8mZyRY8_w??xRoSRb% zcbL2?c-p9cE^}qoxWIJvF&}Q=Y^L$PYYo!#3OMG3CbS;z^+eH1em=>Uq5|k@r-Vta zlH-%heZ2CGYt}ZX{uFT5Izo1I`K&klaVs2S=Z5STw}(= z_1BQl0<{RIpcT@Y$pT9M4bqu|mo3Ab1%srED*t>F5@niUUjN=9e zion7><9_9{g8o~V5}Kb87qABhXgZe)`NnB5D0^O06yw%tjhr>zqMpgUV?5>VMU5D| zTimk3NnmW`!*tUK4fAO5z}gpOGMG;mTS_nayW+}x7{qTww+LWZ=1zp>XcHpFAT??p z*^$9-n(YdVMS4xN8^@_TkXISI?v4fZ>*ZS6?>xSC^4P8s_mt%4ZTAo>0oxDpfO(0} z!7J3l10}8}R|KGfAb{U$I5?0lC+Uc}wc*t?p1e+Md%Ea_i3+-KQPW@b2LS)e-jVlr zI~p$0Y+V|H=lAj>*H;Ks1CWtt?JGA!OexA@`WSo`v58vpBJxAPcTa@L;^LF82Ecsh z9^wjWJnpE?w3TcbGNUSc&cGBgWx^n{LFQJ6E*aAl{`P2af=7(gs~nZy+<~y2BMmTp zNFu5Gh(sX!QD@ux8_Qg{W;V?7BHG{ZqUY=PExk_v=I<+yegG2F9spDZ>LrPn|4SmA pwXtj8+I(2NLz_(gVPgxzjJKcV((%8isJHqmZG;Q&%zwQ3{{ZUFSUCUy diff --git a/docs/images/sts-diagram.png b/docs/images/sts-diagram.png new file mode 100644 index 0000000000000000000000000000000000000000..06736b3cf658454eabd5153bf473dfcc55908289 GIT binary patch literal 40101 zcmbq)dpuL||35QwDTbm#-l<}lXkY|+jw{Lvazvkv$QaE zU}J+Vu(7d^adUxRNMw_6@QOB9TKAI7vN0}^QJLW>7;P*6Sz(b_6zV2Ao*>KL8+rORMf!>?WnFU zr(ulJ0dMNss@l3}w~g`MWDgl?2*nE{`Q)faBXiNU)Ru$G2zS*(#9Baa4?w)Hh_}TFazY=q#Kxq?oHbqVh2c} zg50<HZ=+{agwfyUaQk^X@M(;$p#u#KO; zUreZvV~n+H3@S!5AjlkrGPj^oBYZ5hwUE9h0dA2|R`yzW4L55WjHN?_mR%%1M8gK} zX6zV=4Pk(@ldK88{wRB^7$ zY47Z>uBq#Ul|x}dPz()cZ*{D5STN0)VFrGoFXB$(j$C*{r$XYIA6^OoGXT^?S?iZIfeN< z$5{JW>bN=MQ6Z*Lgg|__TR+A}L6!7J=!a8BOzJhSPx*VnZ>$Ar_WI9}PmZD=rKyO~n&U?4zP|{9QCGYyxR0 zbBYN8O*Qe;AyQnNw298X;l}E84WxsMAJfi>sKF#!MiY@{v;d?J(_1SjBuY0#9fhZB z8*2smlhmCUWGi)F4ZNnW0}+q0BvSFHU`wk=H*mKx-rC;8#Xc;?ImjMkj&;+)S~*7B z*ct0MQQYjzb(qnXBs?aDh_Q8~(vbu*(m&G5%wCslXQk~(4z%*I_Vv-y@}p3|5zL7g zT{H!4hof8inT1995zPr09F0uUBw4yd*%5I;#tt;JE+vc>Z5g3$%ZMT|9JKLhZ*W!$ z$->q*EXcyn-#3aBZllhO4hysOcOeEwA?->2gm4=ZExakikr?iVCYqa@Y6dwl&~%C) z**D4|+{P4RuNz@&65$j|3D7jN^D(FRYD8JMhN5*yG)vPkyic$$CNxyrm}KwdtQCO8 z(p=SpytOcqGzZ@pTbhj~(E{aU4>8fE zTSP~D)1t|K4pt79gvdx#Xf)kYM*|rR&aED;P6YCb_4ToHvtxRPMnp1b6cdIn1BfFw z5FMsT3pWQg218bNrjY_d85p!Zo#s#Tv$Dm7gatAg;gN0u7)=*QctfojOtK@%N7I7j z77~iI3j<~WW9MEzZx)%GT0fn`EI4 zZooNe`_sHbEUc|V&5iB+O^6!62x0t#UBaD%{Gn9>>~uqYz~*!Uu}G@Ax?N0gbO0{Q zI>gV+8S6lb47GRF4It5sp~E@jy}>P5vbql41lUfjD?x(*DHC*w$*>4_#e_wgghfSY znh}k$nh_=pGn6h^!o|(ePD9tvHo(Wu%pxi(B+%T~O;^(q?+6isiqvv(GIh15_>ltL z2v{t`)Yv}4#xDdH?Hu535@JR(i6l_T#*m)cMKipSD0`>Ka1B#@mCOR0{dW0jxoj?hx^fu)iu#NM1q42%@%7<&<(RD69`CG{}^K;6G?T{pxEMpl?cK) zQB5@6T-_X9p>>g_!Qoh!2y18m2#pO=0>WZ2y2hriVGc1?x^|k@F&fUHHo;o9ek5lL zTT9o#=s-J7BEi<&&z@oG?Bs23heFb+CL||ytcx+&Zcv!5j*dTtP9%m<95o`CAy)P# zJ`p5sawy7J$B$qV1I9#KT9A-FX7_^0dbWmi7m6^J!zr8co-pAhC&)V1(AB4qQU`W_7I~P|+ zf{9%a#T4fqMn`M=x|-RTYlZqbL}*%sm}=kxBTWObranF-zc8|S1R>ZT_@q0 z(y0M4VWuGr6K`uXJ5x>T02^DPwi(jL!7v>xM$(b^Rbs3-oslv=7Du-eSV6 z$c`rJRyrm`8!(ZsNf-lZ8RJIqqk(TkU3#=V2qds>E;I`ZsvpDH*ggy&O>oktqt#6? z8dM^l60VN7MEYr)QRv}LAt8RcG0td*7@SsML?li(0B0Ixuc@g{u|?V7kW>_vhK>QQ z980vcjnYIj>|NtrH(I?X=|%Z3Zc^ih;$QI6y7mHTO-2SEi_y+97~}4 zhM5Oi<80iZ6Jdjc{U|0RLa4tz)|}xFXot~^q?@4w!>RT<+SmveWK5uX3x7(ECQxHF9{n|Z5;`y)F$f(?4@K+OL5VQ?9Sl!9@ySe!7sPbzE=0uZxs znDmhz)zA+uV?4ecJB``kM&M|7a7bw`;`8&1r$p5pD3l7v_Z=9w0}-FMJ5_rYVlWs#F?)M^MedIF zb_-Hr_kzul#tS9y?nZTo#V&o_TQyi=FC)|ir@e1>EyDM6|J??5^huWdj>4BZySdmA zAv@Vu=0%floj3t@h_*CxY5T$(6ur0Mjv~qUztSFc&^$%i%-$|c#bm=i~hcZc#JOK{gMn2vo5d)N=3@5s;bu%*&<_`;#akL z3Umo>Z#Dd%T1ekHUTaZxsOj|T^(je%nCH>dnDiY{bC>OS1q5m8B$3m+;F=^d3a)5z26fdp}DHcLrr0hmn;OC{E1-MLndtf)I$$<-D9!t0l9sH zL;Nr{x&j}{DD)t^)l>HVp2!f_mHs_??!(QALzZ9l)G+Q!$pcrb#NXbF%}o_ivC<5B znQe7olCd?Y;pG+o08wp`=e54()2|<*YS!aweL56?m|4{=!vTR&?51_0sKaOh7{4@I zF>_0jsfJVu3HGUUc(&A;*f)IS+3I!2IUYiOXn`c0a5q2fe(WS*3kW$>}U}EVS8AP(s3{ zj@+B0iu&r?ON?GRj>nHt4#W}Ktn}S~WJ1irjdrGqtvPOsITBP`rj4k%z*coeOU8r~ z(I?5y=%+?!Q+H_pAdn~CqH9Zw@@`fsEMK0W4NvB?r?ZX%qsR95b>;xO!a`-;{auLJ zov;V6V(B~^x1(xKSGQjvymV!sT%H$q5CVqI=nZ5g-YjgHHb@56ruRb7>FscFEbAPT zand8i<$^gdSbYZp3;X|w`@oBgf!yf(79p(=7Fnz&idF!z&2qywfp;ea3ss#Oz(Pok zdcwqeu#JypPx_C0p6t^D*6J>gERciSJEtUpb%lYwiLiY@a|0^}UeVI*b5$v+MLP7; zyWsU$wu1|9`N+q7Fk7iJZfG(2a1tZyl!%ISf}&H-ephPMDPF13lW-kV>NVnxinx{e zBAqyJpME;ne@1@T)}3$%p&HFRn=X-pT*l&*{TSzMQg=>-r#xjBJlyo~+*k)>;_jLs zqi99Sm~u#s3IRjvab#B^*vX|_Bj9OHj&QrzQ~DRRl47Jr?cr8A`=`&$N#~`RsFw;N zLJqJmKh={!9$;htA#8*e`_U^X3*`K-fo1?@$}c;jkC;`5rTC9~3#WfL!rB2S+{tU9 z0D~z>v5`DEv)BYTmEVX45uc_3V;Z&T1Co4dk`jgMr?P~4I?K4y?jQL}92Se8+vvip z`?5aVQis*pHO=d4qo@@EFsU;K!5Ucy=@p!?s(rwvylC&2+$1Q4#a22@Ieb=1nwuLO zZY~(egi(tB(L~rLv-BO^&@YRQEZ`>A3u-S1u`mU~m?wIFunXI_MHHy#IhYLT@g5SOpyIUj@oz5bV#(Ike6GZ9D}2!!thT6scc&Ql zr3^6YQifPy66+f98Bv;{i(58Nz8fOo?(?!K+^{3y2JZYmk@4Qx z2oh)PjzPA)n?l^?4+MgSJ;5tgVhGW?RktI>sLd06^i?x{zJ>i2unIG~pG|RYPKq`I zCqip_AYL8?r}#Pg+cPdXK$(^O6$so7%dnBF zhEIG0M_2?%83;9{_J}?-#QeoY<7feCz~Q6sCh?L!bGA-68s@x$NZz@4!xWl;z_ zPH4^!v=R5FZUTFs&HO9IQxM0ef^Ct~h?-pRaR~C$ZJO}7LxbC5*x7#|8WVoUG~XJ4 zZ`l&->Mk+?apb>Y-xM^DL9c3Oj#5%dNr_{xqCEX=!d7(7$};*vnrA}_2#2vAuWnY{%%vV@RDRkOU|%MWLevV4%>!=wth*v}zY z`Ds@BU_OnxZC{7$PM*tslp#sz&QYnv<*I()@wnrjazAx#ZSBxojXMMm_DDs&(6M9N z<)oxoLlf9FeBboomCEqx0jyx++MM|v5QrJ9uPrRjelU66%+vsZpxw9EwD022#*h!N!UGYh3BRW0E8ot%xs5M65ItM6W;=Hu#DG&%{bh@z_c=cI zT|DZrqgV+NZKWdd6fW34_^7`xjN@*R`Qg{~0S=inBdx9Vrk>5wnSn2^nvFloxYF3D z)5~#0Fjh8co0!()P*D{(N4H^Iw!+?w;f$i-=q&kX;~h6SxVDzSIC&ornx~6jEYyqI zr`VMf(}J9Oc_Y96^}-WC!mN-H3kUu!pCQZoxj@u{6ZQlIPsIf(2^rlf7c~by%zovS z(Di-*S8}~68^6$_{c+rP`2cW>m^(ag??z>W{&3>axZ4>JuoXl~JxgbKiiv!aLdHx4zOZEkK>xS!bE zyu+sHrp2AkK+Co_w}b0eO}P>i6LDr9kwud%;nl-3x*4p>Q$0XFC|%i#?OhFLm*c`n z?;X9#K?mJO%gV|W_4N-`?lZLMKBwaTGCIBc__1R6b7A{ zJ>7f3=X_u-`fgUE-x-70$oZwE%MX(UaE2qNcWDf?pA?=3g5%g2;@wrCtI@q&q{kUS z8i6F*rr#^Uc`3lg%PaBsEzJ(QeTDGtqGDAo5noqP**@Z@9fm7a9(QB5 zZ#Au(tC-f}&k?<$M2wCs{E+V=2hu(>Y@>ISM$7#hu30lbww{b1UwI@6F=?s1oxGd^=6y6$Ezf8>Tw_$mYJ-ob>58=){<&i>42}GW|4pH?)X(?n3xdwyh2d!x@P8&<$bL9Pb>Q_cv*Cu%%~%E@B2At{tj|X?-n?w zjf_Bs?YTDzpCL2*OmD{G+QrgFMl+S@l7|k!bes~EPrsK2hsEq`Q$-i>?oi4$&79Qt z+_`7xPKAf{H&=T~jF0NLUsiIu+V^|)XL&@C2Cv9|1<|y+7w^!T^tUc2YCq11$RGSZ zcqJo1@awhnkn4^PliJOF9`HRF(p)pv!|%1EA`jXS$}sY)OJ&J*m)Zw)Mk)QN$6N2V zA74!!iikyvWgMO9WUmvmb_=+Fgwr2iH~&oSjKkXKFb(TkLv_0dxQ&im4jDUs3*>b& znkqF~=Y&@ws|<3dlgfGZ`n-?%VbfA=IoO0jId?f=l$FXZU-xP~czh)IK;Fwk=cLV2 z-wG37v^%BciLt{Yx3H%pd-HY8JTsF;pWQqsnc9po)hh;KTQ8$7%gHVPg)zyt`X_7# z)LMW-&!77tu9e}zyP2nM1+?W_=aDMe2CU>QB>v2RC49($EmJdPB*9%9g}P~np~lPi zW9!`H+rHq2oIROet~Jfoa29z4>CC+rmfdh|lfXC39BQFRz|l}5fkxWUMbAF8cC%Vb z;EHrN8Tg-h#=(UmWbaP7fAOa&7*Bn0{DIV{7Odv!-E9U3BIVhS6 z)}X-e#?$Q|!*{ZOkeQjN=?ou0nAZtbX#roJwbHI`)FucQDjhx@V(L!e0GS9AnA>sv z29O$Th%OojZA>o$@%ABzL4MZoJPI*x6K9vpOKW00=Gb)O2sN%GeF8G95DKTqzVgvgXWF+&H^H- zgOo8Bcg0yi1Sea*V=(qtPHhK2`CmhAumvRl$8a=E?I4*u80tI zFeyJ*>Zi@%&PV`KDuKEbWHgks6{&acl;L)PBCG$AzExy{_0HLD1>lx5w4U<-)(esp zK=L%^k!%p=?pf#9jH&>{1s1d6m3<8IMIa8(jUQloBQ@VMLiscoBV5QhS*GK*3P zM4vhoP0fBZ4o8FtL4*}@LG!`*p(y>nQNQ>m&8DCzeac$|$%TiaYGMCfzHs*cMjRXB zcMe)_;AE1E)TkA-p4ICqK6pJuwt67ZLLjIdPyC0<7)e24nPn1umsE)rpqZ1dimhN5 zu73ASc20lACx~{Rt{^xzNIz=_Mi_*TA*l#;C}h5jt^xU3+h3j8@?V`1+C1DLD49Bx zDpr_ebO&%6uYJG~&i)$#DEIrR92WLBTpe|VV%(Q;zV%XvA)z_nal{%iOM$lCKbUbp z2nyA=*@&3_i!7a?@XR?AYbbSC5-@6M&V+{OgO1SOf%ZXc5Py#a6vx^gII$JDdccG* zX&r!of&113SS&3l83pNdieem6sogjP>!i^R+a(D9lr8|oZ zNwMofTK^H2E7+Q^2p`J0tqdZLIo^<~dM_Z0CfXJ8FP}IBh5m=kcK>Fv;=%FWJQBEN z{NJQ=Ba4id0^8rCGrbeVEh`Ub`Q+s2PC&Pflq z$E|Y?NRiHt>WiV?D&@M26p{T>cOrW@B}(}=82*3jjd{VJ1-$eJ9~t2pnIu*hM7l0{ z?y)2z$Pz3&{}p|*aASNvW$A0X=ix#K#C!qi{|nn~aE>Hdz+w6ONgRk-YnT;UtXKRV zAC~q^C|I?Zv$SM$(Rd&~)zvHQ6eB4Q_;c}|eI6VR1i7Vi+E*GM9;m+TdSt&pWSVv< zJchCFfVB64Ws(Kp>H+DtQ=U7#Rz5yNUHK@lcGMRUA`FSEaCA5yObZMQmQmlnh1~$! zjeJjFAdy+F=Q6oN2m&O*zAfaz38vx6fl?*%kVah^w(eG{4(IvOjDZy^$pFbv%15Md zz$$@9FXr9pcN73IEDv~g<9yEUq=@%Idkdoe-^)GyTpwUMH}_IgpLsK4!j5-S>Cb|r z7H{R|H*OP#D0!4zcw;_sy|CWiu(jPcalJkMz58wc;Nvz{aC0TdzABxEr?A0@P)xxo zyZvtkAfH?I=ehMoLh1K+!uioFq*CvPLK#efmIX`Z=;Ob*!Z!jNyHT4GP`eusj$x!q zf}yxn^-FBF>TZeFZ|8O_9N|3aa&n}#xPovcyYO~!u#R@Pf_1-kX3AgU|eTU17 z&)@AZU6&dihV0L?wb+vv$C8H`pWa-~+-F*+OC`u{*TNs};4Mw!IGLlOQQaxPkP68!rx+~w6t-FJjPK@gM>|Xn&ucI03+7H){ zis{ryOYS|37Lx_mH z90&PMd9>HZ^`telj()6v4!#KF9R9LbJGYj7f7>Jxy5RrJk$Eth?V0MI#Ms4@6UUCf zYuY9H^ODQe1!>!<-|Jq-$`I&HoKEDYF6 zqz&Sqlh|;;4nUTR&+>$Ay5kM+WF!oD6XcU8CHpU8_zM(Xk_Bd3P8g~j{rAP%2bs5a zw6VpeUElCn764$1v)cFgUu9|Iq79U}{KexyocW*E84ymaWLuy4n{)l==RC+13lGBg zZkpnatx3rN%~HG|wUJZ*bEY8L>uTP2nFq6p?`&)k5W?;g0cHFT^xD`o1p=^atg}px zEehRe*SjQ#-f)N;+bQ7%_c$T9Az+(owLusvWNiO}YX8|E_;6LKtxD9Q$as{7eEQkv z%lNK`9SX*6@$f3IR{AZRdq{|SLb8Xx(|Jiz4)Z85-d1jO{Q1j%9f*9<3IH>aIwjK@ zI)0)9r7$WEJ1;pIVs;G-tC9zx$SV!=jQ_co)F=Y%OyY=O+J9*ej>-DM)7I1Z<7vMP z_?#@5l96#`WnpqKb%(NozJ3A7F-<^GaZa80_0I33_m5WkJvsaQZd5Rhd+Vl$(?7wc z#`-<%i#?TegeAr^3&RbfLq?4}5n?lwlk(c{s{zc>tip$Urz8F@qA)HYyXn{JOzVXH zZ%{--@hz0yt$f6SNCZGWATlw(q?&WM&nuk*PUuu`wjv>Jq$Pg5th97YMn+~_OpCg6 zW@2JT;@2VMwX*k=fVIHf7vTvmLF=EdRgVEcT(Eer30LJ)$phisUCpoM1?Pb{?}W~m z0@H(NF&Yg6_=Nn$T?37w;|iecaq}qfdS`0}2mrPhAKB|xe-iSUDy}z=0nNk?*OBE9 zR@q%VVnZuYhiKlI1y~<7U_JsSyCdIbrKg-ixMEv=*(QJBCaIh9;lXi-Ch~;flY4L! zsEC33UMA*wg}ur9!z;_915@u^jb}DE@`)SlNqoo0B$hDu`8%Nn2O^X_T|Snto|v*q z&ngT@Se=_NYgfZ;$fcFkK<;bQwEPi_s8D*(Vqj&=SvZnx;Pel*Oq3yZGP;&fVw4n3^30BVn(=2{R2>7Ehd!aCgP5TJH=&(3kFbb5 z3SH8z#~zQ2j5IF4c=JZjv)L8>=flHfP#e%`>ROW}ydG~|9^;eaTNv+LF@6OY(;&#| zZKgHb?S?e>`o6vfn){u&6_f-h@Tyk%Nix%s8JARH#>U3;9&De_@(w_H#EJl7>;8zR z9Fk!WBIrERUmG7h&VLU24rY;Jan=xxFoOTfw%N%58x&Zug_ zp*yK^A>*Cf+^>~1^YI)`IK(aH0hwktZk=OLlmwUA&7QO{0%-`bhG0dWC%%ZSmXf{5FEYy0gb!u7iJ8 z$kmlV)j04)qK1a8uE18T3H+#@0JyLvh8f=A8a`>uhR zJYhgu&dZOgY+vCT`@X8|Jr^XEI?78g%2EyM(Es8iz7uZWd3qPeF;11@^Mjn}qkD^9 zE~knet8Tt`@8V-Un8Ir|_B3HcD`#36&2Bn5REtxItDjj&bODBMLM^tO2{7IVBaE)X!+*pQ=3@g+6+=Ee;1t3uKbPkJ$i|*43?RpuL%C6@{JY*)8nB9N-qT1}f9UI)y+GszqyrM$k?zt87j6F2r?~%C!8qWbbXV(-q zv7bnLU9ZS9p7eK-kB?-@?DVR1rGmR|$TB@Kzx{GAVp}iw>}t=|inmplijk#E4z!;up%RDvx>0;~yP? z(adx)&zpWcJCup1pB3oJ+*mI+6|czyt+?|EO=^SLZU(9k_louw8>+3UcsA?2sPf3S zF4j8Va5Ns#C(Pc$lYaWNxMJt?&Z5wBiiA%|jmXg{ozC`=IgTy-c18Nkk3W^2s}4B? z7=}+FcqWRivK5S>4wvp+weArf)!dgq7eRSoUfZU3=YwA)M%$Q|v^kaP!D<_z#r7SflBnoAZqHJGh8_huPZzVO{O zq>^$j)#{wmlXw+_F6~{?k;X<&@MXOOV5SpV;kBhti{l0*#Ko=Ua5>o{j6W(VDJfEO z3A~E2fg^;2Pq^6WS&16Jx$h4a+N~LADxJ!I!>hGuSzDIrQ=S*Rw(>KnbsQ9}a$0v$ z)kh<33lGR8l3gx*l208|Jf2N@an)%}b!&j>XfxPz_vH>f^wjd)xC6hI)uknOr+SKg zW&0_eKidI991MH<XU(KyOEG|_-hACo(W{>9yyAQcO z`NS6j+7>R|I;j$RJ-e>7%B4R~J6QExLc_7(;hSbJdx{MWYc)?BuK4uk=m=Klq;6M~ z?p-i*b%B**+KBP0zOU81DqK&F%3@}poKl?0zxGI!tlFDu1h`dxL@F+&Nk@o#s)#Ld zrhTdJeNtG8+nm8xLB2o&y5prk(Q){7PpTf6yIV*3L0p0Uh1DWn(LKIM;^U^`eKvWI z_5Z{l{-U+cUo+N2WBADBb>9gYG@SQ6z14DOSmg7X3U5D-sl;gVjbljI3RT}yXe!gW`5kN-oAv`)$Jk(MX zb!JR&O1b6Ag|oLGjwnVJe`sG##qCjk5+~#RERX&@Ht@Bo`_5Cfu zgO}6lOXSsp?i4+GF7)hMiuO>~h*$zl{ixS~-`VV#xU3S{Jp{K_r$gz*;vumCPwwM) zWf~a;!`pvy031xKa%YAr&oXyn-?hrL(>ua#X>S@d4<7tv{_Sh;vnuU4q;_uP_qU4Y zmO)n?t~{~7)XXxqR{9LlNBQ@c>Q>cL=a;;z_PBEmJFh3MuNFIg9>(Xqi`kCzbo)ID za80Av@Z}S47WK|Y20V0Sj1UH6uCwZndstF4ClADxfkrat@olj6KeGg_hI-|b-FZqc zQpb8HhojrRBdOwtJ3tTR(#_qg@9J>2Aj3W9f4Vp);aa1VnC$*1-c*F1REZ31Oz$K` z>p&iUt63}Df%2m3_<6MwYUViKXHW;0SF2gunSW#P)1Djo(mu)}UNys46PCWZRxan) zjb3<({FZxei{OGAy=&X?0N25I&$Wioacn@^xcRqc7nPMPw!!%!fWHWi&YTOevApA^ zFTqhSpO<#yUF}_oyEAi9xvkgMRv)M`ucH@!daQh3m|@GESfJ`378Q@2^EHf=t6kSq zUIfiwt*%t=(X?WvFxlOo9tMREarV8nv4j{>B>F2%Ea#)$$NTdC5jCS!iq`e5b)2VU z%xXx5D(~|x#!IDM9z zah`jkt#ak-!WD;%chqGc!>I3vcG({-`%*KbFT@SNZ!)&dJK^$(^Mqcmi1XmQRlFR2 z#ZOz*Gpo+~A=mJB<(Zy5O^rAElbihvmqE{?mFrMUZ>x-zPte+R*Se2U#ohD4+vNXv zj4uBy7?N+jI9ohy}{u2d}0Y?sso&teQUl{E*(|-+6k$su>gGS2(Y4mlX&I z0A=@2Hu+j~#(Q}L1H>)qVQ&&Gkx*lYN zU3z(WIBw}fF{&fvsYOMH)r$>mt?daC7EV(PKGxv{^TeXGS&F#6M|8T>VD(q3UG zvv#ZwNtNzBw2Z0Pf21x)*bp^oWBC$$9{J6=GH5z$LSs@OsB+Ja3@_o$n;PVEFEsl z)A_{#(xzFF%)`8wtCa#P3)$Q!R~M&c%GN^Ad(*$(=i8_3SiyD;U9Ob3?wT_um6{dLkL0tD)e)L9y;NFV{@DuzJN)Oi+X(8}TK^d$<^73;X zc60N(ejWZ40hpF>^n#6$chgGRfNJCni`Uo!b8w_I!HxDWcc*w{S~ zhrj5{yG(2o&u#_vtTSz(TPvUKE%mv9A%AB2jRlpCFWVRsU7TLbWP}r526R1MKOSO% z7MpAEPxl8Rwa1)wV}X;m&H4TKzC9dV?1hL~UOv9N(%)Mo8n~BUCE7mbG(GU4EZ_U> z-S{l}Azkx{tEp{W7FVT5Z-h@g-TNSL=)9?m73gGf5!}9Ab}V=(w>|Cto_>tV zs#|E>H-m>L&s z-GtQ+N2NmYsas)h6axvZ6=V~OpvB%I`xmb~<=2m->^Lv7uYdth;!mfvf1?$6*1g_~ zf_gnKpa5R<3G2Gn{pzu+X)~M+>Z_Mdx;sf8%zE6H=ku*)oG^!BijOF`!PyIi9%pIn z&Bh++oSdR)=`zL&?WfOkIRbn#gqwYaGBWD_QEce(-WwMM5q)||Llr^ctHu;@Q1gqw zj6CQ8HU4?v)ws66=urKQ-jVUlxGfMs`@Wh=+yAB7y-<@`k;bc?l?@QL8zuz?Vs(J6 zotsT$+X}KF$Xbl^M1!37=TbCya2U2*4k01YQ+-G>pn4g!pfG_pJQ{k#{~5xulUXVL z1P8;i`xZu^*|8an!?sqaqc*eZS#bz>*C)5_ROF^)193qg2t|m&&$G(PhFMCR4vWQV zfQlP`+sBNAz-F`HTlm2)#4SLzOPpKS2H;oFMuk6=25ipTrv&+i&rgl%co_gf;`2jK zJ3B)aTIa!&_aVRp!c2Og!j->Y1<)br#GfzlS-@a1P*o!)-~P0DH8j3j<5cJd;sHGz z0LJr2SMb7AWx=GP53tTsqkk)nlv0YoCL#ek-9VXC)9Z`~{46LL=F94YK!~3a*!H;5 zc?vJQz@kmwy@BdnICL-%>Z|8S`tqv!k^383NJvfYEs{Mype_SC@8nZW>{S}<;A;`d zfuk(4@F+zqL(=e>cRI$-?o88HS*AAq?U_eD7vD6rwYA~Kq{wGsIvb!hc(>DJFP@#9 zeLwcy{RIZ21IV%fw=Ny7M|wTD^A<(w(nn}>Azz-uLaK|GIzvQ@>Hl6hw$66iUKt)Y zHa5l^Xy)>m=O4H|x*KBCo${CYD)@DWAdVGacR*87e%kM?{h*07jiuR7jhuOJ!zZeW zRxYb)4o!&kCS8kM|MUAyf$j&AugLa)jpyL;k2p{VyuvpebItK!3g`kl!v!k$G7V}2 z3K)n;TyBs;ZR`qFnIkATNJFlsH!rTaVocIN5irQrxC zh2$WRckzjQv0W03^OCjd4z@xdR6}O0Z5$v$y#iWo20`u@FmTDzvD|7$fWG?RtZ}CH zA*yKm%Xd$ieqijSqbzOEF=lQ6X}TRddlp5DXvtVx4hF}U~RrTgOdyED7LgaCtT z@lK_m3V>wH`}gl<*OmfiNAG8=c^%Bt2`#nP`U)h!G1<`LN&ZF$-XlhYgY_b9ZZ~gZp?J zcVO4QE@fjcC9+Z?Bo~reIl(LN%B-fL-^h&w=V`uJ}14Qe}(JjN= z!Pc4`p4W%Q+O=@hnUo$i?|j9B$*JG?YM}?F071<-r6g#jyucD{gS+e{cfY(>)2$e& zDC#wFtjRa?l~qCF^=!*;3l9YhWkW+RgWkZiH4pMdV!O8NLix=)yq+|x18tb+L>QUH zpXA+NsGO?}Pk59radVrQLd)D}drMpI!Uh~@4>$Wisk z!z!6&7x+~lIkT@twT{3I)x^A)(Fogi#GQh24e~~b~k=(xR$D1d- zH=POz`qj*p(W3%e&BtayR#gG;srk;hHWqtlTrHvd6c_ybaYohk z#HYtOl~;$LM<;5azLX(0J~LyZQ}Chr-i-UeD&m8i=T3Y+0f0nU<>NXbwYZ7CDk&UcF@N1a;)gwGvu;a+52;}FdGQ)~Ju|KAwz;YvrLJ}UyCj?BMK6>M z!@0OTg;rE=KNXPZ`hL?CDzSh@z^?c;pn`o|N#OY!0^s*bR7%UAUqLbJzkez+K0U4E zS*JbViM+c@twF4Ehv`8eT|eM)zz#I7HnebA0V-CUU|FK`wLTs5Atkp+UwO3$Ww*snRksr11S8ip;n0i=X*G8a$I7 zKXW_f8>!apl0E+w;1H=$i>emPBox#j*gY3PPObYQ_3b4~;TK(8_l?>HdALc1lIJ3D zX%8D{Z>E;My?K7wMht*`PG^1Y-@pI-PDIdPv&q=u;sCBCAhY5oY;>*k4=F^WHWj## zwBt@p>(Jh$l)3jtrgwOrTo|12)QYr7y9#XRciA>otpcd=RGZ*hl=x@mW0!t%xhY_4 z2#h^AF>!s`mLh5cj^4;(dlV_MceJJEwzA-s_s;Ecy?()Z&@&n(k}&CG-!9Z+AF9TE z?IP3PG&31)PN9%9OoGRm>fE`;PZh8MdJF8=6w4?(dY4^6wD5@78n15V>>Q^5F@)8GebW9~U1^75BJT82<>Y z|MSZ0^rXtSr*2Ey_w-^;?{8SIUU6(O4Q)y!EE5Hmm-O6ZABg1b8=($UKCaI6>s5!J zRg>2+NRHo#X1d|cx_N06J_;YKV7*RC7Uf4#T{rBvJv?qVo!Bw3(#bgVsoF5%+?8Lg zZwjxT+ghT1x20nHt5{RI>Iyby2O<-PiQZ@XI zj2Gg`-Foe{`QAw(^^^Wtmt<;}pLV}aQw~Fmh009LQ?x9PbtVmR>uZD_Z`@CxuS!0? zYxT8^&oB9iEcK$ZdZkxwP9}0kU5{KN9%W5z>)($cB%;Fj`ga>(OQ zSxv#3?LAnVn}IetnIpe3?>Peor&v@|ZP+8meuQ`dkgWb#fAUCuXY+wD7On6c+zN&mxxrCTxu zpWj|rA0z+_2GPfz^v*oPKKb$q3ruW#OB33z`S5kzHDb25vnt~Xt!ovl@cH7H$CiSt zsiH@1{>1Ivu}#%T`8K`$XRA1_A2Yn}|7+{#mv?sT;OD(rN!uQ|2hv$8^Vg)l;;mtn zS5unyz22>_=DJ_e9j?(O9omm3&lgIy#_64Q)4mb>gUz>t@9syDYiYMSuW5g~6tyKo zMzVP8_E=`di*eKY*`WI}>+H$TVf+$9HY%PU`%98**7EN07cCBz4g)Vfos7 z_4G%!N}i2~Tfqb8J%irlpm?K=BOr@38UtQzhX`ZqT?^_Lgw%6`& zRdus2TfG-t#q+W9G@IcH;eth;$fT#K?5(d$>>jN1A*`3l5Q57tZwCv3t#j-5HYWyxN^CW`mX+j$kUZHt!nM|UuipXs&3!8mHDPq zvpeA9Xu|VLk&2&x1mdRigymJAR+e)n?uLm^JUy46;8kCwJtfr7BzV@GQ9X2bUw5;%|NgY%AF-)gI!A-|(2t32&wj5KrLHt@ z^?|O|VzCmoUm4AGDCA08v2XajAc>=lRWmBFr}m)9b4tIW9wh|68#f6Y31XuS zH8>}TRIW(>_!GVTLRaUu@)wUzuXG1=uCot|I2#{rg+~tCNX; zu7s_3l`q_UTlmJ?|DE51hjfRbo-a44lY4?Qi@gRK$JHV}8;`{6o~9>{l-7}LpM?Fb zcW#4`PVFdDSzQ{uxc*0mC^hu%1mT<2Im$|F{zQvr;#xeTZ_&PNs;eh|aRr~HF!sU3 zt(76Vjj1sqbbXvGq*eoNx9N}L3Jz9sZR7?GPPmJr+p2UFdG|h4fn-v1D0WfI);&rx zyDpij(hUw`SBitjq^$9`0FOFX!C4@iClARc~`9D;>1yq#Z8!apdKM4V8 z=>}%jJTZ_dWTXC-&Z_ za8);pbeeoS#rS_(0QFUlAU`M~&}fI9z^0R2Fl4~Cpc^meUGx5Qf}~jCuEm`cdVG<4 zE3G8=BO_t+CI-iJG?}TYyF#p#XFs}kccbCX84fb^dxookyd8cz zkPhWqDV1H@+2Gu!kLbx=s-zQ!O$s^1eoXi zyL$<_vjA=OGOn69uYadzMKAZ2hjCJhcp;q50M=g|NiyKABks{+BK>ami%8o-F&%e> zzC00DhsCGFxK_%LdJVOL@O3&Pvtd&-MUty0qtA;bKu&uz!+#6;7tauUBYJtN+#rVN z_Bvwp``w``LBy>?fktddWE$Izdxg2#T>UPuaT29c>!s`Y_XJ17tFF&NkbA8+p3)^c z*|o9kqGS^la=MAIS3aK3(Y-cCkXno^I@zTPVMuncqAsrA)J>Mr=zPX}aPMLtS^wLW zlT_eVt`$NZ3KW82AvknHnbHM2Xn90KJ#Wy#Vtivf$8Ok?^DRI4cG+Wq?bXm5j*L@U zTPx=un1s)Xjs{}R+f27|XnLx56HPeuTg}}`wF)fd2HKjAe>!1-aKQn~V%(s)d z?VUa75qaD1=4ZE0J?~AHsVVU^I6-g)&LP^yciu{6gHDDtK_4Qfc7L$)_Br)a)sG$M zzDO$wCsUYYNmQ+dZd@)?joxi*hSBJ)e_kJ#Up@0Vyke@x_tc4Z&DkgbsN(Ap`n>^e!{lv1W}Sno?)sc+#;A+LJU zIp^c~(>#PJxw6qLHVARGTX;g;PD#`+#5x9Lc~d33O)D8jHgJQ%>Z4Qa9@-ry(6W{+ zugPf`Kl?+T@zywvH4H%maKSA~_%b+R*rwB5|1}JY^|YRzhf6CB`DBg8FZ-~Db$GWU zX}q`cOa@Qc_vTxmGkp8?tR8eMzs!~hswdW|#zjW_X$e=~nTTk8_f?FUW`Z?uSCQsj z%xS}WW?6e17v!`cCWT%;GO71Y?q*POx z8c0@cg-AVF#97T*t19<-l2J1dS$!{=@Pgv|w5W&i)qm|bq;33fYrVh!L6K<;mm$P!Z9#}QPQ=uk|wFBu^?VZ@-|nzkmxw_sqCk-4t=0EJ6&X~RCa zpO@W!-YI!luaS*763(^CxjkK4L#`S8FqCri86*6N_q$yh1@FyZ4XWT%Lpu-nZ^^Eq z=Qpt%!wHSp`{Ne|h5gXDMX?*`&&<3b|8!s3NJSjAmg0swoctlSlozUzyR)D4Kg_J$ z4O?@v7KUe`2A-&bfi5x_lH>B570~H$!PygeufVaE)nLOuS@}BX`h3@v?SNSjq@s^g z-o#(U^O$x;V#Fz7u(rwRL+gh2u>dUw+#w>GN`a4xcWvE>3n4j9)ZGHHD!^&%y1Yg~S z_^wH8?@YC)91BVcMP8)NwV zYbw8EY$$icrbx{YbSGm+Y9Mm4R@NdYg##TFW0&7-cZz*S1qbk7cDYWzIvy zdDly4!ZQyJ>z$>S$8RC~a=U4Zbv~Hd*HMzCMH5aGPh@I)F%9nwT7GOAW|i@$VVCc9 zK}MF^yLw(lzU_K*J|eQseq-#G`f5^F^{9DoGj|yxJ9~^tbrbso17EcGEo#R=OIMLW zn!)LD+WkPuy_03`+DPz$ zerJ8IreVUHDVlUEZxZ77YJhkoVZ#HLgDEoj#bJ#@w-Ia1Z)N}7Ss`E8%wd>i2p>T7 zKYe-_Ye{=VQbw_tUDAxEXOP9^IT=2h`-yj)z~^bPG>M_OedF~a)c!-rkp*Iyc+&CsDd z?Ix+!#@l#3^TPBIVYy}$43kkx#lgTHFxzUCmrheB2~(-JB7XXsCwG*FpO@M zfK{z?^PNd)xDJQk1&qAe$9!8ESTLxzbHFb7M!RtWDaR(d{@?mVQ7Eu7MOHiys|h$B zS=Oo8*lt*I6*Cz8?#GnMNGaRu`YoSn`cu!SPMMVuZBV+ECX|WRACw}#=p*m)Fw}>f zMs=)d26GDoaV$zVyLSuw)Xsd z&4P<>{I@fFq5jJ5?(X&u7khc@qin#cyg-+bmX6cP<54>`(&S3}Q?igV3V&fHIUmXN z)#VOpo7a^*gD9I)QT=M=ht;t~SCJAl@7bE-K%Q9dKHoKdgR`yElNBf*M;wBs}UasXzPb_!A9p^nR zKehaLc}Ii>3VT&57=?8TUmObEezu4yHbubplL*B5y_P>8wW>vmIwe`N8Oqez4cM7v z5b59aRYS?zjR(6Ttr4{!YreucOi|hfSNS?z-VFE4r?Jauf*OnqfELwEUjE?PlO*H&;XE;{|Wm0^mFzW zY*Lr#D?cWmCUW^h4Oma|xGJA7Y--^_u~`GoX6LB7nigDmrTV+fuJ`h&I3BVH91b6s zj9k8Ll2uynBt-e}0dp+*z?a9B`=%l5$?1f{Rl%fk$7N6Qh<$)0a=;p>j6}?|%VgT` z9DxM0&kr02M%|t4Rxh+&QQr@d8P8e?uM>z<$1jnx9;2qv{@+PjK!6Dl8s6o(bQ3&JkB)37(B`?%(Fq>_qeAKC(Qu>0HcI!ko&N8cr%=LouHM4r^ zwnmA>fwON=#R5j|=y(Ci%@sUKbTemjC(uscY;iDuz_Mp7-+5)1zn>9a$(q0+X?W_B z^iH$v$%v>sfu#O_Sg|*Oi|&C$_A_Fo^>(@9VMHpCHuW9vhn}Fhsv*j%#W|xtLOb9F z_FQO({+A4jAG z+{3;^_W9R^b&`E**0(S;*DC5CkB3Y8W-Ro@4Euh#3nZ8=?- z8QJ{#t<8DE^>IR}N>IsUnf$`yCaXQI@sG6W>-M8+wwrfR4VE|SXSHXLI*mL_2hVJm z2cB1xna;~FlIx>+-0FvSSGL=3&d_62&)gB|9w9_wi7%uxAdV>lt0pHy=X z4ibbJ&r3~gJ7eZf-tKWAVq7X*c%oT37AYRG2@ia5TA|XY9aA~mgjppR9$T^4EV<*l zpYsEsNu?{5d+RuYthzj0MC3S_8bs;u-ZWIO!Cz&$Z31~SwFJA5A>-S&^Hw+C#7|{M zrY*O66nmUnKBg)9XLV?-i{4q``3O2C9_htvVOCp>7*qXfS2d(!z(EpY{*M4vJkr0uLDmK%M*?d<4 z*||o2S5Sk!0aLkCs~>dCqj=^7ORO&SY;6d6!^xO8EuH`VmqD`kjk}zpW8R<;i0vgv zfVohQiYQv_t<^TLPq>K$tXhopE6og*D2(PX3$W>yB|nSG{mlj3X7|B22bI@;^n_Q; zCwH`O(xnwMr0iQy@v78@KDQd4?{Zz87_DW|J!rdw@)dVR5twPEXyS32L(`D!w|R@+ zDC$fQO8Wkmrc!I^iLmTmW3GL>CotD)Pc=k!hqVVg!6}(853w;G`go4=4`nafJ1B4hDnVr|Aw0jp`#%dj{pK z^B{;{_gez@yNKb_i#hh=%S!0ZR;ke~Tm8!3o+7BjMMHBarFGe&kcSzThDL4D=TUVU zk~+H{#Bdp6}?ELUb)>HqooK-}EPOT++!Bmo536ZpoyIxG}sgGHv`+vqDAb z8u#i>&`x7blmgCeJL8k8(=nkv1*y9=T#+mNEv@8=obCgWVAU!+X06??_RI4{q=o?~R&Oz%%(qtUl8&g@pJt2Q&E)E%>5XrjAF z5bcN{m3`40p16k^R%DrGG5jT8R3Yz};j?@gEFkVbL!CFUEa9+1+Hc?FUiT9}5(8OA z8Ee6;jc#5fPLVs&?GrgB&+>8_F?{LmWhS(OVv`#4+IQOo*Xwan%<584P6}+uo1zf1 zQNwd4&=t=_MuzpWCmCO1@;5z>nKt3uo zj&t~2pCM6!Ov1AxXXjp#Q{0P#zSK!;5$TJAh3pSOubwC`!kh(RMCJNT9}WC=?wbtI z{E%0Lz`NFt0w3U>s!|0iZ&Rr96p7KK-i`2l4sVnuX?-CR20NmAV5xOPjK)yQ4zignx6FhHRfP@w>gA?yc<@LXUODNx=Sj008xC$&ZBOSr!`L<=8UQyFf}hZu+}8r+S-(< z73YP`Qc4N)WU3Qb4L^CDY{)_H^O#WbENFgEmjY|YJUr-!QUL5q0f#v$^uv&klI~Zr zOuuql-R+sy;=?RaI-+rSe4f&AVC(l+BcXIg=`D^4{e-+Q-;Abi1H<5W-lXhsNAkC0 zm9ZhpAj`6YM$S(nS2#?+O?Y2QF`n>+=^>F_-H7Ek(VeZE7%F_o+q43259B9>hS*oH zntwOJif#IGChqp^x_MD#_7UgjKGgp8K@+kg*+APZoSH>lWQ(Gv`raGnyvr))-hwR5 zjo~k%7Nq;_9yHda^%)@B8q+HxK225c=BtlpE=W}EAK^HL5o%I&flb7N-fBZRDGA}u8Z>?+Z6 zgv_rVC}-rT=PdAGWhJSaF%D%&>z*GJ4wAe;M{P@~%2*TBi^9K|RVIU{XrT1m_Iw+A zD2uZE+7)V1t7SP-9DEq3IX2M&kA=hB=x8lRo6nxlYf6+b>vMgi?Cr!xJjasYg?a-1`^1*tUxv{-o2&dURbIqIa8$o*mPy1(H>j2mn-WY^aQU zxG@7ByR}h6#kl`Sj~b|qkct#>3V#a!qT@pPSl?*uUC2lVpQj4Z5uqx5d-`Em>ylFD zWquXu&3qwKl@~U`DYQmA%-ze9ept9+=ogrYcF~B_<0E<70hcNnklXd(INAA$yB7CV zMlog=(&kkxmdiLsC>8o{T(`U6Vkk4>zmC~7gDcZ}3%LExp^4=mjrUpgTr2uYK=O!9 z?<7`dJD%q%&i;|Fer@uMbjNt_{k(z5oTU?w#1~#uW!;WdWW!95Na8T_k+Gi_*Zru? z>lmuDwA`cF<2M(Y6hNN-@CuS(*eM^*`-1xdT}eY z`OSu6XN%ZQjy8P{2F7j4xalLG$H{j`Z+v?8nf6ZVCMn!3-W5-;HD0{x{h0?zPAs8s zq{)a8$Ak9Kad+PoH2D;6C-bJpgn^HcHu>I>$2rG?RCncim;FIk=Kl828wa0OXarnRjC*?`skiTTo^PBrg`vC; z)3)ek?s~1$j?`SO9V()tc71vi?+f3up8c=4z;BCCe3MTbvX)br)@=!01 zrX@&bQZ5-g^)99uA{7jdME7&`P0`plg>S&{iYdRFh2;Kx|Ffz3N0{t1N&ZV;RRa4y zd{LxJi(}<6pO6JlmP9t@EEqE{hMb4*x5+~{NVZINZ4D+CQ=-x61^ya-z&I_3@47-t z_xA#HS}5+4c8Z7Ri9$#Nxp^0f2I zj8;XA)~oL1Lcr!BToJTMdOpIAVdfikS(Gr-EN~7WIuepU+KhhbTA zwKnWQ2K;8#&Y`1IXw>EGC`y&uib!?aD&H7`nX2k1xY@nLTdCRj_-4$aUcR!p8XD3) z59Hv-Y%^u~0{~H@dH;Ws5OEmPb>=r=#4lb~-li|CK!=EBTKQ>@@IS1Dy{8!EnER?g z{cVy)mfE5HWrNbjEv`Il7|tVKRX0R&42#a~h~j2*wzwdsfAlpNfma(d;rd#j91pNJUo#L`q2Y(z z2qdbQI*R+U)dmr#rJOn1jxVC7I`fX}{oN;OB(%*q@WD+dgJ&!_2!JQ$^U=qQ|1hO_ zuR7CmXY(AfXF;Zdg%)7s0tv=||0e4&%(V&xin$zCB;JkYpaLp$1jvyZd!~ZO);%v0 z;30~Z?xCD2E+vAD#+z4MX|VDYbe z$$0Hd%`&7S$z{tXMluAG4BVGd@rd7*Zs$G%cDNnwa0o#$XYO!!dauI_WTLEfHm-i- zA2Ay85VRimvrZH$Q|YvO^ZV+uz3lQps1G&H@;!c%dLKy|SF6KUcoNWs0L7X;!QN>v zHO$;ZM@gb68-SJ6w#M?efNr+)N;f(wpsfSZzh3}4A0e4w$RfLSdo5f4_@%AklH9I&_Oo*!}E)aEW4)1 za^M+_pYQ1oT^ip2dBpL6`wxl$qei32(X3{{iHpog|K|IyY|Irv(M5l)7zH}Q%u((! zk67<)gvq$y5fHK^U#egOJtn$O-atP$AYVR7t?u1q-kCSxBObTh0aT+7xfYoI#$y13 z+X5WQoQ6fuFg}6Arx-s)W>mgsLynQzHf$cwo}7Ri60yM zPE~BBiDTc|`lBbD=-~>a!Ui~*|oQFZ=a;ZsBcmBgA8*UynGbzU~LlZ z5lIPF43d(Pqh$82FTXo-B-l7*85tP~N_bRs+c}ZMH`@f549tSz$unyQXiewCrI**x zB*Qg2fO8FV8nrg|ngXCMixp;l*Y?LJl3J|_axABEy51()^y5CmFNBqBMavznGFHz^ z)<&c;GyO8d5dF}4Nv+40NX41ie|t3YnIK=g*aGUc)EPj}b`TH5w66MY`WimoBZ-it z+kKI1!~O%#VAlvl&zz6fWSba6qGkm|O?n<$aaqoB_03yohK={9nGX5%x9T&k%GI+E zu>TpVSDhgpWh?vhi2_eB{~)28j)}hbQu(|}@ou$*_9u)@YaH>K$zRu6jemj+ZvTzz zWRCk1PXT?GsszC9+-UGvPnCbTCjD5I-btU?$fOFYkspqslP&^0NJm^Y-3`g(Rnamo z2#|z`nkoO$`%ca)_@P=HUoDIX8-MF$SgAsZ34Z5H2 zqpZ)8oxckQSxGmAwc=TAbZ~Eg8A(LH{KWY_XSED^`~*TF+2oz`qt)JcAa{t(Op*wL0p2z zHq!@piOgfsedrv;iAM@BMY*g33@spB8kZ=to6b6c3Kzwg(OW=iN zyJ36T{73wzdSYVt2w60Kx~Fokq`NzmTfO2UQzr!wDIeU;iQ>50)RPbHaN(sN#Xtz- zt552j!*s16Lm4)4?nXIxQU4Qp*(r&DW=MV+#X`#q5tETYyS-eEdQOVk z8*Tydu*T<1*9SCZ#pI_i?QGargY3x{kP$2kC-g(iT)v|ZlL+0{ms+0zYiM{J0R=s1 zyP(7(<&vrI?a+i#VqzDE0YEZtx+sE3#RwBb)OW}~b__v!SbV_-J9#HraO7gJw4Z~hAS4~LR%`V`n^={L)t zv|#mCuK0ftlmCkHr^rBh7(uIuYLx!mGoQTU@3YO{|1qEb4|KmZng}%G9tu5@L!99l z9)`hJ(YKxVFtD%^_PN2MBF&-@%@sh94g{t)|9te%>%|^pG-DXGXyfs@?f>pRr~(pI z2yiKIcK&G6V$&d)0J;JopRa3~4bt#`@Rs0ki*m2(a;CvHZYi-)qDDv4QUt}TPkUi& zgziRZ>l!d5H_(f9Fpv_2#u_Y!{N;MSYA(V~$#h(8= zq-Car5R7+ngk&K(3f_>vzaUy3;ZP5e2bf7B9fY;Gmx}~{ASNb^(%RM4wQQW5dF4+} z{T3eqf9IK$H%JDpklqG_5b}qSFFOO#weW{}0*~HqQhy;uUUYD9Kz&Vzg#tW=zqAMy zR799w5{>!_^eayZyj9I25NPasA|k45<`4d0;Ua#PH2zTG(&x}g5o#pZ2xUQVn+5^s z<{lRK2cho$#SihNJN_OtAT%t9;B%ZkBMATh#dZKf9t?$phNvYF_~{e@u+yq2s&|2a zZ1tWi4d^P!ofCOI?<0jEB)LLXBuqey7!gYwaS?{t z5AZ*!A943b!E7RaI`t8M(q9|pM4OQUaNYW&S5}Wy2oXNkq_f!Le;t3%kC^!bDT9O8hT zGeqeJjobud^@)KF$ zW3RdQZx%LN+_ttCg-;Ks*ezTFK$kR8>?lPffLl5v%%~|{6Iy6NVoar<-MIO_#Y`HA z&ZDCkQ$g}9Bo;*w6H3AVwqrNN@>{cbqz#^JfPV#gcduyf!$pH;%3R?<)?;H`Pvj!ap5Np*{Zb!~mB&RGaHr>SoW`C%D^dF4Y`k9&M8xzfpfpiJ(W^?}X5$ zghC%+WTJh4`1Hk~^9ZU_)!D?ap~0t`BdzuqH?DV!w_La9H&eRylMQo^-#7ijdVX41J z3Qo`~zu}RQtc5gzh%3OYlgCdSJ2(aicb#ub<%<=xJ*+1L+VV9}Dr$0pz1d^Hnp<{$T$kRAeRTnj=Ru zW-??n>S)UV!@KM09DK~P3@jv0%-zrCt58}s9+XE-RD|Qw^}JJ#P9uieIc?$%~mn_G|dtc__q5O z+-6l2AC|iTL%5nkClbh2%apna56@iLQODBngU^Nv^7Bf3kw$zAmy8%Ot_#GCtC4~> zE4p?~l5+C$d+qHbX}lx*(!*||(rUCz?V$0$dDpSg_-H_*m^t^tcD>8fV7!WEi2>2_Vs2o1DKH-m6_}6>QzPb^I=UKsNp`lNa76_FZF0m2Y4{55 zFEwB^*tut<|8$@F3=C+Tr>#;%oDBHA>_oB#DpC{zp=N^h%Hh$b82BYcC%8oh(VPGc zBG4L^1`(HwxO-hTunC=b!T=ud3ak6yrT?~9O#ys?d1^_6w+ZoJy**jmM~AUs1X?FZ z<52@5QNi?8VOjj?+anom(C$2&adn3*^rwS87FbdaxR%UIz}9l=t`CWT1=}j7-j8|D z-ya9D!~>;rKA}0&BmT}!u@JHf`lo}8g@vW2qa(mw_fF9k_plJW2{vmNPm0uwy1lbw z&n=4W%9r_!gx24`66KWBmoZjx#(5KR^!gh!8!|IXbYjj~!5kWWkiYt<4MA>Wqq`3v zzd^8rUd5%RrdETQfy;sTZs!c_i`js6zonZkIFL_Xgt{M)KV0QHnW#ZlKJc#G-rkO! z1A0%dJv}`k8g|4dfg+_qbd0QLDH}i-b|yYxA)&OgM<>R`)pQa#L^g!UZh>_#j1*yR zVlds{#xZ4L(i6_iJ563?HC}MEehX0uxwT*K{jfKf76~U9|E4@GG<3wvzbN>it8v_! z(qd(+_+YXC>}*3m;C!mEG{^&_=F>-Lrt2FU_OBm+rE}OWMs-rV_n*3gw7~tvN)84I zYG%})wBa)*S-{pWpHNb-6Y0|xHk`7FV?HA|VL3M2V&($lT?VFAt$wT6{W;p^%+%c6 z+@NU@rVC;rBBp-^%pQIV37}7sAQgfYSMUmuPyek`gmF^PqnG;oQN(XM1(DfEp&9jG z=+U~_mQ1LJHiY+I)8tunrECK>9|>X2){WP0O9k+lOuGd^sl|ou>bbuSArNR;AYaU2!Y-$ zrFZJPEikx2d@d+SD7|*8yvSF@V5lH6WZcN|Ygb6)Q5@!54ZkGz7o-J!dxr6JkWuPs zEFIYR5$5XZ>Tz57&s7s6Q3uHxJXS)P*5<4$6M)ryQwivaZr(H&E3|Lny0Jj0sy|Ly zgqehd#G#3a_a*3?C+nkMmOO1kA9rxYsGlK@1p0z|zquI$hz-3}5wX*;Z5px|(cZ5jeBO(WgXl_ih-U7grAX?=^jm!o7SKC;i6 z?#)nac8Y!o=c$APvqTgsrO&Bq-_Q^t#k(3n$nP5&Ny6l46hjDaQEv1FwGsd7cyA@x zdOm0U9Nc53U1c1k06hP}u8KtqC2TOO{sYLF23#d&o?&H+rv>B!`}9d9KPdyc(OcoO zXzdpPs9<0{W55`9HsSG3V2|8wmo^y>{I3uyGRmH zTG_5c=?8Q0SPmjyD=DqOqd1OFT;IC$a4uL``*06gmS$Ud0^vrgHUPI)B>go}llo+Uz;OM#Ak z3`y=e>BVn8fn3PIf$xQ&$98ey8lc=Ix-EK0`<~`f<&)k&le~vSh3PJkI<)@lzrNwe zD<%e?BgHn53Aq_!vtE>(NTe%bAW^8j01?0&mlQ6m*xRx$p_vuVFMcFV>#5eJAfez0 zJL(;1IcP7%?+-dUKC;K$2NJ8o#D}Nhr8&Pm`>?QgJoXy#kfJa*80LQ)p z@ib;>Ny*yRF6_8@yO#1vAHTCw!`TtY?Y^5X#YW%_^4Zy$@wHM`cRxWj_`z% z|D+(qd0f$P!DYJ15N#i^JNc-i3r1~%u};iGJmfD~XZ^a3ur=b?9vv2lHP&k!*FvhMACl&`A<*G%RSUuaaNE_sn=) zg)s!>m3gbTJ!6M}#=~mF-bI|DV8H+yG|`K}U>P0}xVh>n2kLijGxKBXgUmtvp#phx zynps~0y#6>T)j@19!v4;`By(zwN>?|38E*JTeoYPz)r0Sc1y_l)#B$%fCs~#EcJn9 z-$iB`txXt*6<|tOw1^w)>od+!pCdP9Q?+F{*?l^XE1>WT1k!!5uPb`Fi%$Cap zM=~0cvQ!N-kGPH26*sQogMAWCqzqVUl5q8O1E6|WqW4jwq6%CF)b*(-JgdwhpwI3H zb7>MFrld5CT$#|}alE5aNf-t$VoDaX*Yu4bkN{;;D6|eck%GTZ@ZU*5-{#MhJ8Oe( z`}Wv+%(V?d5$$~vGUbsU&xKe;=|L4$bK+X&^uhC}ez$RbU zRl$f9(?oVXwpKdm9oX>!zEc9v2Ez44c_d?pq%2ueY(2w~J!ku{Mt1)|uYbDYw@?aG ztYW_(*1f-Hb|)_4Q=@&Afhn+UnXcGSUR2kKX*r)R>=R+CeHkQhe;FEG%D)lNMSQj@ z&M*+HxV?tZ4{pp~;tWFszaCq!NddoC<}ecBQ~Ha&!*FLwRa6a9^38vdm1_87qNvVw zJtGyCN@_fT_jg^Q2;d)TaHS0yz46^EtK!@618YEM>DQX(B#1@tI`Aj{uHS$~Ggn!d^h_Ih$EV|GgXbg{UozsZ^c_RV7jJ2iZ`*T$zK=~~VTiX$j+FYL03--T2 zl@tFl_Gp_iHNPz!uq{#^mCAi204Hh3(ZIK-g z+G9Ql?ZZIAjhG@RVRosdtE`ZyS)LF2H*=Wo;F>q7YNKQ8cYe5WZRcQA%5eJ(6t@wF zIAR$%5FK{s9vb8KF$xCuRXW&t*%3=4?G0{hM7qKvK{g^i{^8&CcbI^PCFz^He-Q34 zxV>GW+wPvvE~%C~om7E5I?$Cqn4bA%Iq(Jgp5?n7ms8EEE1VsO@7}&wOd(hgcWC`2 zU@k(AJ>nu{^8DYdAsM2fv_2X#mxnTrDEbQDUcOk{LB-c?!zMk!x*Aq3{P{tUSjI=+ zM*++GD(KGYr1@}{YIdjgzNkx<_})&{1FA6Q$_l(J&%v@c(8!6^qEP99ACMM__RG^S zOQI3@*{mgh|3H6kuUE6vO+>>0QZ9D9z2AvMTG05_MXg?FJBNmK&wz#CovFy^*$VvM z9*@=v5Hq&tR8!NYzdv4+X9$6Za>$k5@N#p{GEH6saf-PrlMrus--cr^ryrf$P)F(O z>k1LBJ)2?WERB}7I!)Jdac$WYHb38{^xM7J>NeLF_TX{l)jHp6afV})-YwWdy%U`u z_spBNSp{DTsQWqT;#g}5`AG7=VHWEoMz-ST=f_l##pjujV(M7`uT8Mqyt1vg|A(dl zt)Sut+|a&_Ri09tR%wsj^+aKiKTz7#2E-SsTu>QW@WrycaJ36VT@I-wa za`(dk$Mw^i-KMjhsrg};rlBuGl<;Mv@cB?~yOlVF!FAWb?#7D_x8Tw;XhX+;|mI={5&=l;n(qZ!}I&`nuCV; zEaC}{-NokkFa@3Nu@UH`|Y^YryJb$0)yrXFK(UQQM~#;qxccXKlN4ShBTj; z&SACtZr$e0PEAdG#%@dTS>ZpP?ah*mve#;Od3v@k3W;an6sAehP8oHIp`gIXr7&BF zOmisn@!L3aGaXI=TgKU^5235S197u?YET388+ z>Te$Dh+kFWtC%!IeFdetTFX_oN$r21FLZQ>*HU>$?s{tEYUmd&(Vs1Da{Az#r~xcQ z_+p#2GIdfeZ5Q5iMrPYwJ!b1TI^t&&b-Q9QJyUpl9(c78b3+xnD+TdNyMrXc*;4^Y z>;M8uJvgzyk%;p0VY2BNI1oOC=rI?-8H(!bT}L>RS>5Q=|2Q`wj7=5$4$k@F-72^KqcBq;x@054>8RfqGPQJmJxzrJS&4Aj;b+Qo zF5|t}T6rg2!`L(=>c{E(3RQ@cY;ECSkg*)R!fd1s zE|k+Jg|;*XHREv$iw!VgVCo!49%qp?v1uEOJNrQ2Js zycjY#h!Qr&;ygekou9z`;I9D=#g&lG+_j@{ICBUUfdu@!$M86UsNoAaL@ z#ObW#gV96_*J;m2uj4!3N(2n)3hrLO5895;t?k3$W=mO|ylxeN_X8bwPfd2YWBdRp zf=RnYV7ZRbPqA_y0zVEPeJ5++cjn>&FWxXq^LSo4pH|ss206=` zhr6dy{73KD>|MRCE=VcrSsj-#eC%fpogZbjhc67BKj=CI5)_8^6|oUyJdz_`Eg(G}@Dclu*CHfz^?J)iOZwYSB)q8`|!}Aguuo{Q1p3T`&uRY&)zH__UqpQuitLJqu3^g^GD%lOKvf6i! zOomi4kVx)3^ENArdNlv`oUY8xGW6XyyV}C>Wz7B@&1P_FnUvu{!9+D%J@=51<+-Sa z^ElPR8^synkEVB_H!dwNAXe~oPV5+%Zb6#&&zJ4ngVr+r76wvz2OE{2}x*plf$z=F#-r8UUzx;N9-|7)K3$B$#Y2zMex9*ITt4h{ z4hDb_pwQYa>c~E&0P0Kqs{z{k1{gglUJ4?O<~ogFVlJG7>+djz+!kGnE1c(XelFv% zvq~h~-Y8MM`GsBKn2MaaGT8QtI$|Z}q%i->x1i&r(LYaBj7fo|t{yR+=+_N)_Zc?G zI@2&x=;Y3mRkqX2p-=DaJW%+0pnsdI>Of1e)**W4hEG_~C-v#-XqRdrYH+7A?2dHk zRo3uM!Kke>^bHoX$K|sS=@DsHXXG-eAEVP9i?F1@mi_5^y2=giYDN3{M0^$E+dD~D zwi{jZ%?PCx7h^KWid9FV?%nsJUmrqtpHea%M`==K>*!y(*tFX9`uww+)IU)01P0B+ zNX%;>pX{$wVIQ*espYAz!uAHYw@U*5!-;joAJ=aXgZS$?Ur8>M7*aoqcJk%ZC4#|4 z=4nLM{Y`9t%2RAqh%+k*Zq!8elxv9&>|Mqwixz1I?wGI=4&r3dBQ{gl{J5 zLrkvAOs=`p3#6JxpS-|H3+*KJgB0(96CfIWJtSJ{WHj_^Oy5@}C{?95SFGaV%(}+| zyWgMyW>*x;^mnVnab>i)(p1Wo@^Z!WH>i1O{knNqmoz3x|?xOWeiSXSbthIU^auh}p~ytPSxLsIXyn`RoJ zWzx@T>7?0l(!GMV!lga^ot|fVZ+CF83maB)hK{?&?-tBkvO=SCjhIFCZ@@a)d5Lwm zb;hotzM|uOC9_bsH&n`UoZ|NH;FDnw`1mJo6W1sAjV>E1QZA*^Z=89fY%-r^Z9K-b z%Jc0Z>oq*8!@g%llnppTCWbMd+bByXevZCtxfT%CL1WdRrk1YoW>pnX68RIEBa$?i z($ws#qc+aRJB_eF7#%bwc3bPJ)V@{cbnAB69OmV!R4*;J?)|JH(RHq1Ss}MUf%KvMz*cWYTnl76X*N^$_RZ9Pzk7QFA z6Uen02NpE0$KMl>NXs-5kkjbR~Wx%&7S0UmCi*{TVF z%x0*3)@BF`fP%)2^j#I+s*sYA+FoZcN_h`BH$zk))YrL7`*%&!zOL~69B?m_p%{o1 zHo~{zsKN@xqc+FK#}x<5P`&?+f(Y>^FRrw?>vzSAs#eB>IOqKO-eDbw`;xAf5sNOc zk4MMjtenrn@vgoG?p)$s?WnZKX+xHNwPrh); zDzBNQaQKZox`v1>&|N$-w;Fl>xRkwA-gX~AfCJ{oz_ZBBqD$WcOH6tRG_nv4;J$=G!;FEjX>bu~{{~cy%O7_gtw6vBfi$`5aWLwbO zWt!1r(0O-jP&!Y*ud=)}u^=O2y;6C91aq__C;9c;v|ddY1GZsAf*q0N!24eTfz4Ok z03_|g*Q@4aH@D;xKJyUCzBW6d%__`z!8#W+opvUFz~tw>8Ku@*JhP}P=$2tCFvwW# zW1H1R*Rt0hMZx=qk?OhjqQ@C_olTJ6R=9a>b1?FYWAxi>Ks`Vz&tLGjK-gY&GAdRZ6mTi|qAU0_NR^}j60 zU7X}`JVl#NnYP~9+1`r^si=@WI}zwEpbnwoDTWJw`4`c4iz9X^Ht9|jq0s8+y@e)e zK0OjeqKD=Z7cDiprG?w2P@+w;Xvo5y?w05mzk#m3{ppE`xmC{ya9`?<4p>%^BR8JY z=oB)5eD&Z_AM)S*ONE&S%H%JYC|!!If74{osbvoKeiHWF-7k8QHncWbpB7wJR#8H< zHv=VJZx9f+UFS-9YUM}PWInXbT@AbP15rwwp3BkX@!IE(db#<+6rz9P{Owu zlm~#{JI|6!H7H;xag0z&uuh5wnx*_<+{#LO<;9?e{B9W zJ~(bMx8qE^U0Knl-QSQfFI&~o25kUN4O3y3P}@K&69w03!6?;#W(;QKV+U($^IG;7~`X9ON8xu zepSb07<<=v{#+aW-4R{$BXs$Ovc59$DxCa<8pqZDSJauuL%IENJkyZWt+7O|%DC1c zVeAG?_9fY3u62aQ8pfW<;71CPrFmI~OC{Gt_6k{VmWG)cakHdEn>CVXqPpiX*7A&(0g{xbCAg=mpP-hTIo$G5EH+`n_JDN-m7_71k8g#yY zyB)m9W-Qi7f;BUp4!3(=S)3)LPAu1-|47Im|g+V;}z_eQAjv4p)s%5>W5PoRl}r!{3htS;_XyW{wRe`3hZi1Bo!U zrutN*;f&ttlZ6wCu43`91lCCMtCH5+ulJ#=OGoS@}meelV`?sh0s>_J~MiYiP zmo-xGAD@+~K)fITbuo8MH6+Y+>H9gOV`?wl%F1e{!RtoJmR{Z0v5=_%doQ@2Ad7i@3PfMX+3A$vea*4fqG|&H^QFh}*RR3;3K)X#Dpyxdh~= zrxMOpV*8=QrUz&X;e=ruZA&L7%2{XUiL5PQTm7NWy~R5^0Xzf(Z#VYHmS+fx%KwY6gqO=J8I;xfc3tOWZ&@t-NDuS8%fj2?%4QI|* z+6A;l!2~aUzXJ$DH@_G+xnX6VDRYsvxeLCp6hh^;#<_G?@Dx%R34C#Ha3`d zm_1wAzv9c zg@X~(2#uPIf!dDm&URx3KzwOkU6^$qWfrIzJJ+}eV7|JzxP-r_;2!8L_v`^%FWs~_ z#z`%H11fs72KD(}Z@Pt~!d$?QA5|uF!C9j+pl;4Ft_NyUqURq^*BvDrn^2?Ebbyez zeVlQhL!nw6B+E{!meqlVD1wAAjj_DTT+N8bh^tM zf_+rIf-^bFv7k*@nT77S)HaCr>e@vg9E^y9k=hn|!0xQj9E>g7+*Y3IH|ajM=r0>Bapa>Gey>T)Gik*_{Dr-@1S0x%C>{(ppm7N3 z6PzYM(zeTLZXL?Q=glt|ou3exRi&EPkT1B28cK76gZaJ95B$%@l3FyDCQ;pM)gz8~ z`cTr@Pw2Jj)kDF7K|$({e8uTI4nv7&6g<$dEh^p%>DvR(wJZxHT}~Uhk;9U#27pdQ zs7Ms|4k{WdI!3`K8+)q=0uvGD0S@id=lAhOCTcs`k@HX)5g=0Tm+NeuB>R?PA$29Y zi(cy*1qA$+eO>psIeNhQ0r2q}8>#lefYm3`Ez9G|eBak7KxPwi)dSaXqm;^Ns_ZZx9H={j3KD(tZA4Te38u%^R3VjVd zRLYb(MPt3%^uZJs8ni7#1Hm<)_Xx1e_6{>}Gs0A*c6-)npEoYUZJ$`aJ}0;dkRx+W z>fvgfA=M!kreBn4NRebfK2;6!sV^6*?$pz|tHT&}4OtYOWbWYmjDSj>A)l|WjMX^0 zVR0i71OS0Q!1|k&p*$NvzXyidB>~F<*;@*}@uK%!=8HQbHT<&!wU=9bJm{Dgr_%_+ zRfp#|y<>3#;!OC=-!9x!**q(kspk->0F!{x73^GFEZ4=gl*OyeN_JeoA1v!YV}O6P zcEWmSZj5%@j5=R>26lsY4dYpWsn`^2F39!QIx&;0$*GeeV%E{aBR*91aPiyZ1_u*3 z!XNL|HaC*+{3j}F$1KtNbdE9Q3hOH&sE=dVyI`I|VUY!y`HE&P2n${a&oWYS_Ekp_;W zj)WuxmL7rNw5;fIQO?B$bAb1NA^i9VNr}IuelW{ znuQ_+NFH)4(c>6gof`nq9x0D;dhD$-vWRr@Wi;H+*a4;k2*KzY5A3DwptB?+});aQe zh{eiYjJiYSm!TxG1z-P($K#7jOMm%0I9(gy_6_zSFAM|;N{oNhI~7o<@sQL>jp$7) zA&{|f=T%fxEN^Zedp*3R?dDBR3DuN*dM!w*S)ALmu~ucaJ)CUF! z{iwbES Date: Fri, 3 Mar 2023 16:58:56 -0800 Subject: [PATCH 30/47] no slash in make target --- testing/common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testing/common.sh b/testing/common.sh index de853046404..fb84b132476 100644 --- a/testing/common.sh +++ b/testing/common.sh @@ -378,7 +378,7 @@ function install_sts_client() { IFS="-"; declare -a CLIENTARR=($1) sdk="${CLIENTARR[0]}-${CLIENTARR[1]}" lang="${CLIENTARR[2]}" - makefiletarget="${CLIENTARR[0]}${CLIENTARR[1]}-$lang" + makefiletarget="${CLIENTARR[0]}${CLIENTARR[1]}$lang" IFS=$OLDIFS # Build and load client images From 7f22501f30ff5baf3bcc846e95f2dc3f6fa56789 Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Fri, 3 Mar 2023 17:05:03 -0800 Subject: [PATCH 31/47] miniodev registry --- testing/common.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/testing/common.sh b/testing/common.sh index fb84b132476..142cf204d88 100644 --- a/testing/common.sh +++ b/testing/common.sh @@ -382,9 +382,9 @@ function install_sts_client() { IFS=$OLDIFS # Build and load client images - echo "Building docker image for minio/operator-sts-example:$1" + echo "Building docker image for miniodev/operator-sts-example:$1" (cd "${SCRIPT_DIR}/../examples/kustomization/sts-example/sample-clients" && try make "${makefiletarget}") - try kind load docker-image "minio/operator-sts-example:$1" + try kind load docker-image "miniodev/operator-sts-example:$1" client_namespace="sts-client" tenant_namespace="minio-tenant-1" From 631ca1ea7066c68cf2c834dcdd26bfd5dfbbb164 Mon Sep 17 00:00:00 2001 From: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com> Date: Fri, 3 Mar 2023 17:06:17 -0800 Subject: [PATCH 32/47] Improve docs Signed-off-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com> --- docs/STS.md | 5 +++++ examples/kustomization/sts-example/README.md | 14 +++++++++++--- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/docs/STS.md b/docs/STS.md index 06945ac3be2..3927daf9e38 100644 --- a/docs/STS.md +++ b/docs/STS.md @@ -31,6 +31,11 @@ using the following steps: # Requirements +## Enabling STS functionality + +At the moment, the STS feature ships off by default, to turn it on switch `OPERATOR_STS_ENABLED` to `on` on +the `minio-operator` deployment. + ## TLS The STS functionality works only with TLS configured. We can request certificates automatically, but additional you can diff --git a/examples/kustomization/sts-example/README.md b/examples/kustomization/sts-example/README.md index d7b34189f0c..03ae0eb50d9 100644 --- a/examples/kustomization/sts-example/README.md +++ b/examples/kustomization/sts-example/README.md @@ -21,7 +21,15 @@ user `cert-manager` or bring your own certificates. To install the example, you need an existing tenant, optionally, you can install the `tenant-lite` example, or the `tenant-certmanager` example -# 0. Install Tenant (Optional) +# 0. Enable STS Functionality + +If you haven't done so, enable the STS feature on operator by turning setting the feature flag `OPERATOR_STS_ENABLED=on` + +```shell +kubectl -n minio-operator set env deployment/minio-operator OPERATOR_STS_ENABLED=on +``` + +# 1. Install Tenant (Optional) ```shell kubectl apply -k examples/kustomization/sts-example/tenant @@ -33,7 +41,7 @@ For an example with Cert Manager kubectl apply -k examples/kustomization/sts-example/tenant-certmanager ``` -# 1. Create a bucket and a policy (Optional) +# 2. Create a bucket and a policy (Optional) We will set up some sample buckets to access from our sample application @@ -41,7 +49,7 @@ We will set up some sample buckets to access from our sample application kubectl apply -k examples/kustomization/sts-example/sample-data ``` -# 2. Install sample application +# 3. Install sample application The sample application will install to `sts-client` namespace and grant access to the job called `sts-example-job` to access `tenant` with the MinIO Policy called `test-bucket-rw` that we created on the previous step on From cdfa74b9e509e807b97d7f57b6a1d990b4672788 Mon Sep 17 00:00:00 2001 From: Allan Roger Reid Date: Fri, 3 Mar 2023 17:17:38 -0800 Subject: [PATCH 33/47] Some spelling/grammar changes --- docs/STS.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/docs/STS.md b/docs/STS.md index 3927daf9e38..bb24f6da431 100644 --- a/docs/STS.md +++ b/docs/STS.md @@ -7,14 +7,14 @@ MinIO Operator offers support for [Secure Tokens](https://min.io/docs/minio/linux/developers/security-token-service.html?ref=op-gh) (a.k.a. STS) which are a -form of temporary access credentials for you -MinIO Tenant, in essence this allows you to control access to your MinIO tenant from your applications without having to -explicitly create credentials for each application, in fact no credentials need to be created at all. +form of temporary access credentials for your +MinIO Tenant. In essence, this allows you to control access to your MinIO tenant from your applications without having to +explicitly create credentials for each application; in fact no credentials need to be created at all. # Authorization Flow For an application to gain access into a MinIO Tenant, a `PolicyBinding` granting explicit access to the application's -[Service Account](https://kubernetes.io/docs/concepts/security/service-accounts/), authorization is then validated +[Service Account](https://kubernetes.io/docs/concepts/security/service-accounts/). Authorization is then validated using the following steps: 1. AssumeRoleWithWebIdentity call @@ -33,13 +33,13 @@ using the following steps: ## Enabling STS functionality -At the moment, the STS feature ships off by default, to turn it on switch `OPERATOR_STS_ENABLED` to `on` on +At the moment, the STS feature ships `off` by default. To turn it on, switch `OPERATOR_STS_ENABLED` to `on` in the `minio-operator` deployment. ## TLS -The STS functionality works only with TLS configured. We can request certificates automatically, but additional you can -user `cert-manager` or bring your own certificates. +The STS functionality works only with TLS configured. We can request certificates automatically, but additionally you can +use `cert-manager` or bring your own certificates. ## SDK support @@ -47,5 +47,5 @@ Your application must use an SDK that supports `AssumeRole` like behavior. # Examples -We have provided example usage at the [examples/kustomization/sts-example](../examples/kustomization/sts-example) -folder. \ No newline at end of file +We have provided example usage in the [examples/kustomization/sts-example](../examples/kustomization/sts-example) +folder. From cd35c7c40cfee3e7fccafc3f9edb97e60573362b Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Fri, 3 Mar 2023 17:42:13 -0800 Subject: [PATCH 34/47] Update crd.adoc references --- docs/crd.adoc | 1036 --------------------------------------- docs/tenat_crd.adoc | 53 ++ helm/tenant/values.yaml | 2 +- 3 files changed, 54 insertions(+), 1037 deletions(-) delete mode 100644 docs/crd.adoc diff --git a/docs/crd.adoc b/docs/crd.adoc deleted file mode 100644 index e4c4d368ded..00000000000 --- a/docs/crd.adoc +++ /dev/null @@ -1,1036 +0,0 @@ -// Generated documentation. Please do not edit. -:anchor_prefix: k8s-api - -[id="{p}-api-reference"] -== API Reference - -:minio-image: https://hub.docker.com/r/minio/minio/tags[minio/minio:RELEASE.2023-01-12T02-06-16Z] -:kes-image: https://hub.docker.com/r/minio/kes/tags[minio/kes:v0.18.0] -:prometheus-image: https://quay.io/prometheus/prometheus:latest[prometheus/prometheus:latest] -:logsearch-image: https://hub.docker.com/r/minio/operator/tags[minio/operator:v4.5.8] -:postgres-image: https://github.com/docker-library/postgres[library/postgres] - - -[id="{anchor_prefix}-minio-min-io-v2"] -=== minio.min.io/v2 - -Package v2 - This page provides a quick automatically generated reference for the MinIO Operator `minio.min.io/v2` CRD. -For more complete documentation on the MinIO Operator CRD, see https://docs.min.io/minio/k8s/reference/minio-operator-reference[MinIO Kubernetes Documentation]. + - -The `minio.min.io/v2` API was released with the v4.0.0 MinIO Operator. -The MinIO Operator automatically converts existing tenants using the `/v1` API to `/v2`. + - -[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-auditconfig"] -==== AuditConfig - -AuditConfig defines configuration parameters for Audit (type) logs - -.Appears In: -**** -- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-logconfig[$$LogConfig$$] -**** - -[cols="25a,75a",options="header"] -|=== -| Field | Description - -|*`diskCapacityGB`* __integer__ -|*Required* + -Specify the amount of storage to request in Gigabytes (GB) for storing audit logs. - -|=== - - -[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-bucket"] -==== Bucket - -Bucket describes the default created buckets - -.Appears In: -**** -- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantspec[$$TenantSpec$$] -**** - -[cols="25a,75a", options="header"] -|=== -| Field | Description - -|*`name`* __string__ -| - -|*`region`* __string__ -| - -|*`objectLock`* __boolean__ -| - -|=== - - -[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-certificateconfig"] -==== CertificateConfig - -CertificateConfig (`certConfig`) defines controlling attributes associated to any TLS certificate automatically generated by the Operator as part of tenant creation. -These fields have no effect if `spec.autoCert: false`. - -.Appears In: -**** -- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantspec[$$TenantSpec$$] -**** - -[cols="25a,75a",options="header"] -|=== -| Field | Description - -|*`commonName`* __string__ -|*Optional* + - The `CommonName` or `CN` attribute to associate to automatically generated TLS certificates. + - -|*`organizationName`* __string array__ -|*Optional* + - Specify one or more `OrganizationName` or `O` attributes to associate to automatically generated TLS certificates. + - -|*`dnsNames`* __string array__ -|*Optional* + - Specify one or more x.509 Subject Alternative Names (SAN) to associate to automatically generated TLS certificates. MinIO Server pods use SNI to determine which certificate to respond with based on the requested hostname. - -|=== - - -[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-certificatestatus"] -==== CertificateStatus - -CertificateStatus keeps track of all the certificates managed by the operator - -.Appears In: -**** -- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantstatus[$$TenantStatus$$] -**** - -[cols="25a,75a", options="header"] -|=== -| Field | Description - -|*`autoCertEnabled`* __boolean__ -|AutoCertEnabled registers whether we know if the tenant has autocert enabled - -|=== - - -[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-exposeservices"] -==== ExposeServices - -ExposeServices (`exposeServices`) defines the exposure of the MinIO object storage and Console services. + - -.Appears In: -**** -- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantspec[$$TenantSpec$$] -**** - -[cols="25a,75a", options="header"] -|=== -| Field | Description - -|*`minio`* __boolean__ -|*Optional* + - Directs the Operator to expose the MinIO service. Defaults to `true`. + - -|*`console`* __boolean__ -|*Optional* + - Directs the Operator to expose the MinIO Console service. Defaults to `true`. + - -|=== - - -[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-features"] -==== Features - -Features (`features`) - Object describing which MinIO features to enable/disable in the MinIO Tenant. + - -.Appears In: -**** -- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantspec[$$TenantSpec$$] -**** - -[cols="25a,75a", options="header"] -|=== -| Field | Description - -|*`bucketDNS`* __boolean__ -|*Optional* + - Specify `true` to allow clients to access buckets using the DNS path `.minio.default.svc.cluster.local`. Defaults to `false`. - -|*`domains`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantdomains[$$TenantDomains$$]__ -|*Optional* + - Specify a list of domains used to access MinIO and Console. - -|=== - - -[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-healthstatus"] -==== HealthStatus (string) - -HealthStatus represents whether the tenant is healthy, with decreased service or offline - -.Appears In: -**** -- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantstatus[$$TenantStatus$$] -**** - - - -[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-kesconfig"] -==== KESConfig - -KESConfig (`kes`) defines the configuration of the https://github.com/minio/kes[MinIO Key Encryption Service] (KES) StatefulSet deployed as part of the MinIO Tenant. KES supports Server-Side Encryption of objects using an external Key Management Service (KMS). + - -.Appears In: -**** -- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantspec[$$TenantSpec$$] -**** - -[cols="25a,75a", options="header"] -|=== -| Field | Description - -|*`replicas`* __integer__ -|*Optional* + - Specify the number of replica KES pods to deploy in the tenant. Defaults to `2`. - -|*`image`* __string__ -|*Optional* + - The Docker image to use for deploying MinIO KES. Defaults to {kes-image}. + - -|*`imagePullPolicy`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#pullpolicy-v1-core[$$PullPolicy$$]__ -|*Optional* + - The pull policy for the MinIO Docker image. Specify one of the following: + - * `Always` + - * `Never` + - * `IfNotPresent` (Default) + - Refer to the Kubernetes documentation for details https://kubernetes.io/docs/concepts/containers/images#updating-images - -|*`serviceAccountName`* __string__ -|*Optional* + - The https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/[Kubernetes Service Account] to use for running MinIO KES pods created as part of the Tenant. + - -|*`kesSecret`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#localobjectreference-v1-core[$$LocalObjectReference$$]__ -|*Required* + - Specify a https://kubernetes.io/docs/concepts/configuration/secret/[Kubernetes opaque secret] which contains environment variables to use for setting up the MinIO KES service. + - See the https://github.com/minio/operator/blob/master/examples/kes-secret.yaml[MinIO Operator `console-secret.yaml`] for an example. - -|*`externalCertSecret`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-localcertificatereference[$$LocalCertificateReference$$]__ -|*Optional* + - Enables TLS with SNI support on each MinIO KES pod in the tenant. If `externalCertSecret` is omitted *and* `spec.requestAutoCert` is set to `false`, MinIO KES pods deploy *without* TLS enabled. + - Specify a https://kubernetes.io/docs/concepts/configuration/secret/[Kubernetes TLS secret]. The MinIO Operator copies the specified certificate to every MinIO pod in the tenant. When the MinIO pod/service responds to a TLS connection request, it uses SNI to select the certificate with matching `subjectAlternativeName`. + - Specify an object containing the following fields: + - * - `name` - The name of the Kubernetes secret containing the TLS certificate. + - * - `type` - Specify `kubernetes.io/tls` + - See the https://docs.min.io/minio/k8s/reference/minio-operator-reference.html#transport-layer-encryption-tls[MinIO Operator CRD] reference for examples and more complete documentation on configuring TLS for MinIO Tenants. - -|*`clientCertSecret`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-localcertificatereference[$$LocalCertificateReference$$]__ -|*Optional* + - Specify a a https://kubernetes.io/docs/concepts/configuration/secret/[Kubernetes TLS secret] containing a custom root Certificate Authority and x.509 certificate to use for performing mTLS authentication with an external Key Management Service, such as Hashicorp Vault. + - Specify an object containing the following fields: + - * - `name` - The name of the Kubernetes secret containing the Certificate Authority and x.509 Certificate. + - * - `type` - Specify `kubernetes.io/tls` + - -|*`annotations`* __object (keys:string, values:string)__ -|*Optional* + - If provided, use these annotations for KES Object Meta annotations - -|*`labels`* __object (keys:string, values:string)__ -|*Optional* + - If provided, use these labels for KES Object Meta labels - -|*`resources`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#resourcerequirements-v1-core[$$ResourceRequirements$$]__ -|*Optional* + - Object specification for specifying CPU and memory https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/[resource allocations] or limits in the MinIO tenant. + - -|*`nodeSelector`* __object (keys:string, values:string)__ -|*Optional* + - The filter for the Operator to apply when selecting which nodes on which to deploy MinIO KES pods. The Operator only selects those nodes whose labels match the specified selector. + - See the Kubernetes documentation on https://kubernetes.io/docs/concepts/configuration/assign-pod-node/[Assigning Pods to Nodes] for more information. - -|*`tolerations`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#toleration-v1-core[$$Toleration$$] array__ -|*Optional* + - Specify one or more https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/[Kubernetes tolerations] to apply to MinIO KES pods. - -|*`affinity`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#affinity-v1-core[$$Affinity$$]__ -|*Optional* + - Specify node affinity, pod affinity, and pod anti-affinity for the KES pods. + - -|*`topologySpreadConstraints`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#topologyspreadconstraint-v1-core[$$TopologySpreadConstraint$$] array__ -|*Optional* + - Specify one or more https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/[Kubernetes Topology Spread Constraints] to apply to pods deployed in the MinIO pool. - -|*`keyName`* __string__ -|*Optional* + - If provided, use this as the name of the key that KES creates on the KMS backend - -|*`securityContext`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podsecuritycontext-v1-core[$$PodSecurityContext$$]__ -|Specify the https://kubernetes.io/docs/tasks/configure-pod-container/security-context/[Security Context] of MinIO KES pods. The Operator supports only the following pod security fields: + - * `fsGroup` + - * `fsGroupChangePolicy` + - * `runAsGroup` + - * `runAsNonRoot` + - * `runAsUser` + - * `seLinuxOptions` + - -|=== - - -[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-localcertificatereference"] -==== LocalCertificateReference - -LocalCertificateReference (`externalCertSecret`, `externalCaCertSecret`,`clientCertSecret`) contains a Kubernetes secret containing TLS certificates or Certificate Authority files for use with enabling TLS in the MinIO Tenant. + - -.Appears In: -**** -- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-kesconfig[$$KESConfig$$] -- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantspec[$$TenantSpec$$] -**** - -[cols="25a,75a", options="header"] -|=== -| Field | Description - -|*`name`* __string__ -|*Required* + - The name of the Kubernetes secret containing the TLS certificate or Certificate Authority file. + - -|*`type`* __string__ -|*Required* + - The type of Kubernetes secret. Specify `kubernetes.io/tls` + - -|=== - - -[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-logconfig"] -==== LogConfig - -LogConfig (`log`) defines the configuration of the MinIO Log Search API deployed as part of the MinIO Tenant. The Operator deploys a PostgreSQL instance as part of the tenant to support storing and querying MinIO logs. + - If the tenant specification includes the `console` object, the Operator automatically configures and enables MinIO Log Search via the Console UI. - -.Appears In: -**** -- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantspec[$$TenantSpec$$] -**** - -[cols="25a,75a", options="header"] -|=== -| Field | Description - -|*`image`* __string__ -|*Optional* + - The Docker image to use for deploying the MinIO Log Search API. Defaults to {logsearch-image}. + - -|*`resources`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#resourcerequirements-v1-core[$$ResourceRequirements$$]__ -|*Optional* + - Object specification for specifying CPU and memory https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/[resource allocations] or limits in the MinIO tenant. + - -|*`nodeSelector`* __object (keys:string, values:string)__ -|*Optional* + - The filter for the Operator to apply when selecting which nodes on which to deploy MinIO Log Search API pods. The Operator only selects those nodes whose labels match the specified selector. + - See the Kubernetes documentation on https://kubernetes.io/docs/concepts/configuration/assign-pod-node/[Assigning Pods to Nodes] for more information. - -|*`affinity`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#affinity-v1-core[$$Affinity$$]__ -|*Optional* + - Specify node affinity, pod affinity, and pod anti-affinity for LogSearch API pods. + - -|*`tolerations`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#toleration-v1-core[$$Toleration$$] array__ -|*Optional* + - Specify one or more https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/[Kubernetes tolerations] to apply to MinIO Log Search API pods. - -|*`topologySpreadConstraints`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#topologyspreadconstraint-v1-core[$$TopologySpreadConstraint$$] array__ -|*Optional* + - Specify one or more https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/[Kubernetes Topology Spread Constraints] to apply to pods deployed in the MinIO pool. - -|*`annotations`* __object (keys:string, values:string)__ -|*Optional* + - If provided, use these annotations for Log Search Object Meta annotations - -|*`labels`* __object (keys:string, values:string)__ -|*Optional* + - If provided, use these labels for Log Search Object Meta labels - -|*`db`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-logdbconfig[$$LogDbConfig$$]__ -|*Optional* + - Object specification for configuring the backing PostgreSQL database for the LogSearch API. + - -|*`audit`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-auditconfig[$$AuditConfig$$]__ -|*Required* + - Object specification for configuring LogSearch API. - -|*`securityContext`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podsecuritycontext-v1-core[$$PodSecurityContext$$]__ -|*Optional* + - Specify the https://kubernetes.io/docs/tasks/configure-pod-container/security-context/[Security Context] of pods deployed as part of the Log Search API. The Operator supports only the following pod security fields: + - * `fsGroup` + - * `fsGroupChangePolicy` + - * `runAsGroup` + - * `runAsNonRoot` + - * `runAsUser` + - * `seLinuxOptions` + - -|*`serviceAccountName`* __string__ -|*Optional* + - The https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/[Kubernetes Service Account] to use for running MinIO KES pods created as part of the Tenant. + - -|=== - - -[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-logdbconfig"] -==== LogDbConfig - -LogDbConfig (`db`) defines the configuration of the PostgreSQL StatefulSet deployed to support the MinIO LogSearch API. + - -.Appears In: -**** -- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-logconfig[$$LogConfig$$] -**** - -[cols="25a,75a", options="header"] -|=== -| Field | Description - -|*`image`* __string__ -|*Optional* + - The Docker image to use for deploying PostgreSQL. Defaults to {postgres-image}. + - -|*`initimage`* __string__ -|*Optional* + - Defines the Docker image to use as the init container for running the postgres server. Defaults to `busybox`. + - The specified Docker image *must* be the https://hub.docker.com/_/busybox[`busybox`] package. + - -|*`volumeClaimTemplate`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#persistentvolumeclaim-v1-core[$$PersistentVolumeClaim$$]__ -|*Optional* + - Specify the configuration options for the MinIO Operator to use when generating Persistent Volume Claims for the PostgreSQL pod. + - -|*`resources`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#resourcerequirements-v1-core[$$ResourceRequirements$$]__ -|*Optional* + - Object specification for specifying CPU and memory https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/[resource allocations] or limits for the PostgreSQL pod. - -|*`nodeSelector`* __object (keys:string, values:string)__ -|*Optional* + - The filter for the Operator to apply when selecting which nodes on which to deploy the PostgreSQL pod. The Operator only selects those nodes whose labels match the specified selector. + - See the Kubernetes documentation on https://kubernetes.io/docs/concepts/configuration/assign-pod-node/[Assigning Pods to Nodes] for more information. - -|*`affinity`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#affinity-v1-core[$$Affinity$$]__ -|*Optional* + - Specify node affinity, pod affinity, and pod anti-affinity for the PostgreSQL pods. + - -|*`tolerations`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#toleration-v1-core[$$Toleration$$] array__ -|*Optional* + - Specify one or more https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/[Kubernetes tolerations] to apply to the PostgreSQL pods. - -|*`topologySpreadConstraints`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#topologyspreadconstraint-v1-core[$$TopologySpreadConstraint$$] array__ -|*Optional* + - Specify one or more https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/[Kubernetes Topology Spread Constraints] to apply to pods deployed in the MinIO pool. - -|*`annotations`* __object (keys:string, values:string)__ -|*Optional* + - If provided, use these annotations for PostgreSQL Object Meta annotations - -|*`labels`* __object (keys:string, values:string)__ -|*Optional* + - If provided, use these labels for PostgreSQL Object Meta labels - -|*`securityContext`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podsecuritycontext-v1-core[$$PodSecurityContext$$]__ -|*Optional* + - Specify the https://kubernetes.io/docs/tasks/configure-pod-container/security-context/[Security Context] of the PostgreSQL pods. The Operator supports only the following pod security fields: + - * `fsGroup` + - * `fsGroupChangePolicy` + - * `runAsGroup` + - * `runAsNonRoot` + - * `runAsUser` + - * `seLinuxOptions` + - -|*`serviceAccountName`* __string__ -|*Optional* + - The https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/[Kubernetes Service Account] to use for running MinIO KES pods created as part of the Tenant. + - -|=== - - -[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-logging"] -==== Logging - -Logging describes Logging for MinIO tenants. - -.Appears In: -**** -- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantspec[$$TenantSpec$$] -**** - -[cols="25a,75a", options="header"] -|=== -| Field | Description - -|*`json`* __boolean__ -| - -|*`anonymous`* __boolean__ -| - -|*`quiet`* __boolean__ -| - -|=== - - -[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-pool"] -==== Pool - -Pool (`pools`) defines a MinIO server pool on a Tenant. Each pool consists of a set of MinIO server pods which "pool" their storage resources for supporting object storage and retrieval requests. Each server pool is independent of all others and supports horizontal scaling of available storage resources in the MinIO Tenant. + - See the https://docs.min.io/minio/k8s/reference/minio-operator-reference.html#server-pools[MinIO Operator CRD] reference for the `pools` object for examples and more complete documentation. + - -.Appears In: -**** -- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantspec[$$TenantSpec$$] -**** - -[cols="25a,75a", options="header"] -|=== -| Field | Description - -|*`name`* __string__ -|*Optional* + - Specify the name of the pool. The Operator automatically generates the pool name if this field is omitted. - -|*`servers`* __integer__ -|*Required* - The number of MinIO server pods to deploy in the pool. The minimum value is `2`. - The MinIO Operator requires a minimum of `4` volumes per pool. Specifically, the result of `pools.servers X pools.volumesPerServer` must be greater than `4`. + - -|*`volumesPerServer`* __integer__ -|*Required* + - The number of Persistent Volume Claims to generate for each MinIO server pod in the pool. + - The MinIO Operator requires a minimum of `4` volumes per pool. Specifically, the result of `pools.servers X pools.volumesPerServer` must be greater than `4`. + - -|*`volumeClaimTemplate`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#persistentvolumeclaim-v1-core[$$PersistentVolumeClaim$$]__ -|*Required* + - Specify the configuration options for the MinIO Operator to use when generating Persistent Volume Claims for the MinIO tenant. + - -|*`resources`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#resourcerequirements-v1-core[$$ResourceRequirements$$]__ -|*Optional* + - Object specification for specifying CPU and memory https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/[resource allocations] or limits in the MinIO tenant. + - -|*`nodeSelector`* __object (keys:string, values:string)__ -|*Optional* + - The filter for the Operator to apply when selecting which nodes on which to deploy pods in the pool. The Operator only selects those nodes whose labels match the specified selector. + - See the Kubernetes documentation on https://kubernetes.io/docs/concepts/configuration/assign-pod-node/[Assigning Pods to Nodes] for more information. - -|*`affinity`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#affinity-v1-core[$$Affinity$$]__ -|*Optional* + - Specify node affinity, pod affinity, and pod anti-affinity for pods in the MinIO pool. + - -|*`tolerations`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#toleration-v1-core[$$Toleration$$] array__ -|*Optional* + - Specify one or more https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/[Kubernetes tolerations] to apply to pods deployed in the MinIO pool. - -|*`topologySpreadConstraints`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#topologyspreadconstraint-v1-core[$$TopologySpreadConstraint$$] array__ -|*Optional* + - Specify one or more https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/[Kubernetes Topology Spread Constraints] to apply to pods deployed in the MinIO pool. - -|*`securityContext`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podsecuritycontext-v1-core[$$PodSecurityContext$$]__ -|*Optional* + - Specify the https://kubernetes.io/docs/tasks/configure-pod-container/security-context/[Security Context] of pods in the pool. The Operator supports only the following pod security fields: + - * `fsGroup` + - * `fsGroupChangePolicy` + - * `runAsGroup` + - * `runAsNonRoot` + - * `runAsUser` + - * `seLinuxOptions` + - -|*`annotations`* __object (keys:string, values:string)__ -|*Optional* + - Specify custom labels and annotations to append to the Pool. *Optional* + - If provided, use these annotations for the Pool Objects Meta annotations (Statefulset and Pod template) - -|*`labels`* __object (keys:string, values:string)__ -|*Optional* + - If provided, use these labels for the Pool Objects Meta annotations (Statefulset and Pod template) - -|=== - - -[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-poolstate"] -==== PoolState (string) - -PoolState represents the state of a pool - -.Appears In: -**** -- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-poolstatus[$$PoolStatus$$] -**** - - - -[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-poolstatus"] -==== PoolStatus - -PoolStatus keeps track of all the pools and their current state - -.Appears In: -**** -- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantstatus[$$TenantStatus$$] -**** - -[cols="25a,75a", options="header"] -|=== -| Field | Description - -|*`ssName`* __string__ -| - -|*`state`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-poolstate[$$PoolState$$]__ -| - -|*`legacySecurityContext`* __boolean__ -|LegacySecurityContext stands for Legacy SecurityContext. It represents that these pool was created before v4.2.3 when we introduced the default securityContext as non-root, thus we should keep running this Pool without a Security Context - -|=== - - -[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-prometheusconfig"] -==== PrometheusConfig - -PrometheusConfig (`prometheus`) defines the configuration of a Prometheus instance as part of the MinIO tenant. The Operator automatically configures the Prometheus instance to scrape and store metrics from the MinIO tenant. + - The Operator deploys each Prometheus pod using the {prometheus-image} Docker image. - -.Appears In: -**** -- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantspec[$$TenantSpec$$] -**** - -[cols="25a,75a", options="header"] -|=== -| Field | Description - -|*`image`* __string__ -|*Optional* + - Defines the Docker image to use for deploying Prometheus pods. Defaults to {prometheus-image}. + - -|*`sidecarimage`* __string__ -|*Optional* + - *Deprecated in Operator v4.0.1* + - Defines the Docker image to use as a sidecar for the Prometheus server. Defaults to `alpine`. + - The specified Docker image *must* be the https://hub.docker.com/_/alpine[`alpine`] package. + - -|*`initimage`* __string__ -|*Optional* + - *Deprecated in Operator v4.0.1* + - Defines the Docker image to use as the init container for running the Prometheus server. Defaults to `busybox`. + - The specified Docker image *must* be the https://hub.docker.com/_/busybox[`busybox`] package. + - -|*`diskCapacityGB`* __integer__ -|*Optional* + - Specify the amount of storage to request in Gigabytes (GB) for supporting the Prometheus pod. - -|*`storageClassName`* __string__ -|*Optional* + - Specify the storage class for the PVC to support the Prometheus pod. - -|*`annotations`* __object (keys:string, values:string)__ -|*Optional* + - If provided, use these annotations for Prometheus Object Meta annotations - -|*`labels`* __object (keys:string, values:string)__ -|*Optional* + - If provided, use these labels for Prometheus Object Meta labels - -|*`nodeSelector`* __object (keys:string, values:string)__ -|*Optional* + - The filter for the Operator to apply when selecting which nodes on which to deploy the Prometheus pod. The Operator only selects those nodes whose labels match the specified selector. + - See the Kubernetes documentation on https://kubernetes.io/docs/concepts/configuration/assign-pod-node/[Assigning Pods to Nodes] for more information. - -|*`affinity`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#affinity-v1-core[$$Affinity$$]__ -|*Optional* + - Specify node affinity, pod affinity, and pod anti-affinity for the Prometheus pods. + - -|*`topologySpreadConstraints`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#topologyspreadconstraint-v1-core[$$TopologySpreadConstraint$$] array__ -|*Optional* + - Specify one or more https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/[Kubernetes Topology Spread Constraints] to apply to pods deployed in the MinIO pool. - -|*`resources`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#resourcerequirements-v1-core[$$ResourceRequirements$$]__ -|*Optional* + - Object specification for specifying CPU and memory https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/[resource allocations] or limits of the Prometheus pod. + - -|*`securityContext`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podsecuritycontext-v1-core[$$PodSecurityContext$$]__ -|*Optional* + - Specify the https://kubernetes.io/docs/tasks/configure-pod-container/security-context/[Security Context] of the Prometheus pod. The Operator supports only the following pod security fields: + - * `fsGroup` + - * `fsGroupChangePolicy` + - * `runAsGroup` + - * `runAsNonRoot` + - * `runAsUser` + - * `seLinuxOptions` + - -|*`serviceAccountName`* __string__ -|*Optional* + - The https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/[Kubernetes Service Account] to use for running MinIO KES pods created as part of the Tenant. + - -|=== - - -[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-s3features"] -==== S3Features - -S3Features (`s3`) - Object describing which MinIO features to enable/disable in the MinIO Tenant. + *Deprecated in Operator v4.3.2* + - -.Appears In: -**** -- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantspec[$$TenantSpec$$] -**** - -[cols="25a,75a", options="header"] -|=== -| Field | Description - -|*`bucketDNS`* __boolean__ -|*Optional* + - Specify `true` to allow clients to access buckets using the DNS path `.minio.default.svc.cluster.local`. Defaults to `false`. - -|=== - - -[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-servicemetadata"] -==== ServiceMetadata - -ServiceMetadata (`serviceMetadata`) defines custom labels and annotations for the MinIO Object Storage service and/or MinIO Console service. + - -.Appears In: -**** -- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantspec[$$TenantSpec$$] -**** - -[cols="25a,75a", options="header"] -|=== -| Field | Description - -|*`minioServiceLabels`* __object (keys:string, values:string)__ -|*Optional* + - If provided, append these labels to the MinIO service - -|*`minioServiceAnnotations`* __object (keys:string, values:string)__ -|*Optional* + - If provided, append these annotations to the MinIO service - -|*`consoleServiceLabels`* __object (keys:string, values:string)__ -|*Optional* + - If provided, append these labels to the Console service - -|*`consoleServiceAnnotations`* __object (keys:string, values:string)__ -|*Optional* + - If provided, append these annotations to the Console service - -|=== - - -[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-sidecars"] -==== SideCars - -SideCars (`sidecars`) defines a list of containers that the Operator attaches to each MinIO server pods in the `pool`. - -.Appears In: -**** -- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantspec[$$TenantSpec$$] -**** - -[cols="25a,75a", options="header"] -|=== -| Field | Description - -|*`containers`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#container-v1-core[$$Container$$] array__ -|*Optional* + - List of containers to run inside the Pod - -|*`volumeClaimTemplates`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#persistentvolumeclaim-v1-core[$$PersistentVolumeClaim$$] array__ -|*Optional* + - volumeClaimTemplates is a list of claims that pods are allowed to reference. The StatefulSet controller is responsible for mapping network identities to claims in a way that maintains the identity of a pod. Every claim in this list must have at least one matching (by name) volumeMount in one container in the template. A claim in this list takes precedence over any volumes in the template, with the same name. - -|*`volumes`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#volume-v1-core[$$Volume$$] array__ -|*Optional* + - List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes - -|=== - - -[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenant"] -==== Tenant - -Tenant is a https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/[Kubernetes object] describing a MinIO Tenant. + - -.Appears In: -**** -- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantlist[$$TenantList$$] -**** - -[cols="25a,75a", options="header"] -|=== -| Field | Description - -|*`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#objectmeta-v1-meta[$$ObjectMeta$$]__ -|Refer to Kubernetes API documentation for fields of `metadata`. - - -|*`scheduler`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantscheduler[$$TenantScheduler$$]__ -| - -|*`spec`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantspec[$$TenantSpec$$]__ -|*Required* + - The root field for the MinIO Tenant object. - -|=== - - -[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantdomains"] -==== TenantDomains - -TenantDomains (`domains`) - List of domains used to access the tenant from outside the kubernetes clusters. this will only configure MinIO for the domains listed, but external DNS configuration is still needed. - -.Appears In: -**** -- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-features[$$Features$$] -**** - -[cols="25a,75a", options="header"] -|=== -| Field | Description - -|*`minio`* __string array__ -|List of Domains used by MinIO. This will enable DNS style access to the object store where the bucket name is inferred from a subdomain in the domain. - -|=== - - - - -[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantscheduler"] -==== TenantScheduler - -TenantScheduler (`scheduler`) - Object describing Kubernetes Scheduler to use for deploying the MinIO Tenant. - -.Appears In: -**** -- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenant[$$Tenant$$] -**** - -[cols="25a,75a", options="header"] -|=== -| Field | Description - -|*`name`* __string__ -|*Optional* + - Specify the name of the https://kubernetes.io/docs/concepts/scheduling-eviction/kube-scheduler/[Kubernetes scheduler] to be used to schedule Tenant pods - -|=== - - -[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantspec"] -==== TenantSpec - -TenantSpec (`spec`) defines the configuration of a MinIO Tenant object. + - The following parameters are specific to the `minio.min.io/v2` MinIO CRD API `spec` definition added as part of the MinIO Operator v4.0.0. + - For more complete documentation on this object, see the https://docs.min.io/minio/k8s/reference/minio-operator-reference.html#minio-operator-yaml-reference[MinIO Kubernetes Documentation]. + - -.Appears In: -**** -- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenant[$$Tenant$$] -**** - -[cols="25a,75a", options="header"] -|=== -| Field | Description - -|*`pools`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-pool[$$Pool$$] array__ -|*Required* + - An array of objects describing each MinIO server pool deployed in the MinIO Tenant. Each pool consists of a set of MinIO server pods which "pool" their storage resources for supporting object storage and retrieval requests. Each server pool is independent of all others and supports horizontal scaling of available storage resources in the MinIO Tenant. + - The MinIO Tenant `spec` *must have* at least *one* element in the `pools` array. + - See the https://docs.min.io/minio/k8s/reference/minio-operator-reference.html#server-pools[MinIO Operator CRD] reference for the `pools` object for examples and more complete documentation. - -|*`image`* __string__ -|*Optional* + - The Docker image to use when deploying `minio` server pods. Defaults to {minio-image}. + - -|*`imagePullSecret`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#localobjectreference-v1-core[$$LocalObjectReference$$]__ -|*Optional* + - Specify the secret key to use for pulling images from a private Docker repository. + - -|*`podManagementPolicy`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podmanagementpolicytype-v1-apps[$$PodManagementPolicyType$$]__ -|*Optional* + - Pod Management Policy for pod created by StatefulSet - -|*`credsSecret`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#localobjectreference-v1-core[$$LocalObjectReference$$]__ -|*Required* + - Specify a https://kubernetes.io/docs/concepts/configuration/secret/[Kubernetes opaque secret] to use for setting the MinIO root access key and secret key. Specify the secret as `name: `. The Kubernetes secret must contain the following fields: + - * `data.accesskey` - The access key for the root credentials + - * `data.secretkey` - The secret key for the root credentials + - -|*`env`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvar-v1-core[$$EnvVar$$] array__ -|*Optional* + - If provided, the MinIO Operator adds the specified environment variables when deploying the Tenant resource. - -|*`externalCertSecret`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-localcertificatereference[$$LocalCertificateReference$$] array__ -|*Optional* + - Enables TLS with SNI support on each MinIO pod in the tenant. If `externalCertSecret` is omitted *and* `requestAutoCert` is set to `false`, the MinIO Tenant deploys *without* TLS enabled. + - Specify an array of https://kubernetes.io/docs/concepts/configuration/secret/[Kubernetes TLS secrets]. The MinIO Operator copies the specified certificates to every MinIO server pod in the tenant. When the MinIO pod/service responds to a TLS connection request, it uses SNI to select the certificate with matching `subjectAlternativeName`. + - Each element in the `externalCertSecret` array is an object containing the following fields: + - * - `name` - The name of the Kubernetes secret containing the TLS certificate. + - * - `type` - Specify `kubernetes.io/tls` + - See the https://docs.min.io/minio/k8s/reference/minio-operator-reference.html#transport-layer-encryption-tls[MinIO Operator CRD] reference for examples and more complete documentation on configuring TLS for MinIO Tenants. - -|*`externalCaCertSecret`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-localcertificatereference[$$LocalCertificateReference$$] array__ -|*Optional* + - Allows MinIO server pods to verify client TLS certificates signed by a Certificate Authority not in the pod's trust store. + - Specify an array of https://kubernetes.io/docs/concepts/configuration/secret/[Kubernetes TLS secrets]. The MinIO Operator copies the specified certificates to every MinIO server pod in the tenant. + - Each element in the `externalCertSecret` array is an object containing the following fields: + - * - `name` - The name of the Kubernetes secret containing the Certificate Authority. + - * - `type` - Specify `kubernetes.io/tls`. + - See the https://docs.min.io/minio/k8s/reference/minio-operator-reference.html#transport-layer-encryption-tls[MinIO Operator CRD] reference for examples and more complete documentation on configuring TLS for MinIO Tenants. - -|*`externalClientCertSecret`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-localcertificatereference[$$LocalCertificateReference$$]__ -|*Optional* + - Enables mTLS authentication between the MinIO Tenant pods and https://github.com/minio/kes[MinIO KES]. *Required* for enabling connectivity between the MinIO Tenant and MinIO KES. + - Specify a https://kubernetes.io/docs/concepts/configuration/secret/[Kubernetes TLS secrets]. The MinIO Operator copies the specified certificate to every MinIO server pod in the tenant. The secret *must* contain the following fields: + - * `name` - The name of the Kubernetes secret containing the TLS certificate. + - * `type` - Specify `kubernetes.io/tls` + - The specified certificate *must* correspond to an identity on the KES server. See the https://github.com/minio/kes/wiki/Configuration#policy-configuration[KES Wiki] for more information on KES identities. + - If deploying KES with the MinIO Operator, include the hash of the certificate as part of the <> object specification. + - See the https://docs.min.io/minio/k8s/reference/minio-operator-reference.html#transport-layer-encryption-tls[MinIO Operator CRD] reference for examples and more complete documentation on configuring TLS for MinIO Tenants. - -|*`mountPath`* __string__ -|*Optional* + - Mount path for MinIO volume (PV). Defaults to `/export` - -|*`subPath`* __string__ -|*Optional* + - Subpath inside mount path. This is the directory where MinIO stores data. Default to `""`` (empty) - -|*`requestAutoCert`* __boolean__ -|*Optional* + - Enables using https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/[Kubernetes-based TLS certificate generation] and signing for pods and services in the MinIO Tenant. + - * Specify `true` to explicitly enable automatic certificate generate (Default). + - * Specify `false` to disable automatic certificate generation. + - If `requestAutoCert` is set to `false` *and* `externalCertSecret` is omitted, the MinIO Tenant deploys *without* TLS enabled. - See the https://docs.min.io/minio/k8s/reference/minio-operator-reference.html#transport-layer-encryption-tls[MinIO Operator CRD] reference for examples and more complete documentation on configuring TLS for MinIO Tenants. - -|*`liveness`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#probe-v1-core[$$Probe$$]__ -|Liveness Probe for container liveness. Container will be restarted if the probe fails. - -|*`readiness`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#probe-v1-core[$$Probe$$]__ -|Readiness Probe for container readiness. Container will be removed from service endpoints if the probe fails. - -|*`s3`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-s3features[$$S3Features$$]__ -|*Optional* + *Deprecated in Operator v4.3.2* + - S3 related features can be disabled or enabled such as `bucketDNS` etc. - -|*`features`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-features[$$Features$$]__ -|S3 related features can be disabled or enabled such as `bucketDNS` etc. - -|*`certConfig`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-certificateconfig[$$CertificateConfig$$]__ -|*Optional* + - Enables setting the `CommonName`, `Organization`, and `dnsName` attributes for all TLS certificates automatically generated by the Operator. Configuring this object has no effect if `requestAutoCert` is `false`. + - -|*`kes`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-kesconfig[$$KESConfig$$]__ -|*Optional* + - Directs the MinIO Operator to deploy the https://github.com/minio/kes[MinIO Key Encryption Service] (KES) using the specified configuration. The MinIO KES supports performing server-side encryption of objects on the MiNIO Tenant. + - -|*`log`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-logconfig[$$LogConfig$$]__ -|*Optional* + - Directs the MinIO Operator to deploy and configure the MinIO Log Search API. The Operator deploys a PostgreSQL instance as part of the tenant to support storing and querying MinIO logs. + - If the tenant spec includes the `log` configuration, the Operator automatically configures and enables MinIO log search via the Console UI. + - -|*`prometheus`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-prometheusconfig[$$PrometheusConfig$$]__ -|*Optional* + - Directs the MinIO Operator to deploy and configure Prometheus for collecting tenant metrics. + - For example, `minio..svc../minio/v2/metrics/cluster`. The specific DNS name for the service depends on your Kubernetes cluster configuration. See the Kubernetes documentation on https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/[DNS for Services and Pods] for more information. - -|*`prometheusOperator`* __boolean__ -|*Optional* + - Directs the MinIO Operator to use prometheus operator. + - Tenant scrape configuration will be added to prometheus managed by the prometheus-operator. - -|*`serviceAccountName`* __string__ -|*Optional* + - The https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/[Kubernetes Service Account] to use for running MinIO pods created as part of the Tenant. + - -|*`priorityClassName`* __string__ -|*Optional* + - Indicates the Pod priority and therefore importance of a Pod relative to other Pods in the cluster. This is applied to MinIO pods only. + - Refer Kubernetes https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass[Priority Class documentation] for more complete documentation. - -|*`imagePullPolicy`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#pullpolicy-v1-core[$$PullPolicy$$]__ -|*Optional* + - The pull policy for the MinIO Docker image. Specify one of the following: + - * `Always` + - * `Never` + - * `IfNotPresent` (Default) + - Refer Kubernetes documentation for details https://kubernetes.io/docs/concepts/containers/images#updating-images - -|*`sideCars`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-sidecars[$$SideCars$$]__ -|*Optional* + - A list of containers to run as sidecars along every MinIO Pod deployed in the tenant. - -|*`exposeServices`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-exposeservices[$$ExposeServices$$]__ -|*Optional* + - Directs the Operator to expose the MinIO and/or Console services. + - -|*`serviceMetadata`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-servicemetadata[$$ServiceMetadata$$]__ -|*Optional* + - Specify custom labels and annotations to append to the MinIO service and/or Console service. - -|*`users`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#localobjectreference-v1-core[$$LocalObjectReference$$] array__ -|*Optional* + - An array of https://kubernetes.io/docs/concepts/configuration/secret/[Kubernetes opaque secrets] to use for generating MinIO users during tenant provisioning. + - Each element in the array is an object consisting of a key-value pair `name: `, where the `` references an opaque Kubernetes secret. + - Each referenced Kubernetes secret must include the following fields: + - * `CONSOLE_ACCESS_KEY` - The "Username" for the MinIO user + - * `CONSOLE_SECRET_KEY` - The "Password" for the MinIO user + - The Operator creates each user with the `consoleAdmin` policy by default. You can change the assigned policy after the Tenant starts. + - -|*`buckets`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-bucket[$$Bucket$$] array__ -|*Optional* + - Create buckets when creating a new tenant. Skip if bucket with given name already exists - -|*`logging`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-logging[$$Logging$$]__ -|*Optional* + - Enable JSON, Anonymous logging for MinIO tenants. - -|*`configuration`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#localobjectreference-v1-core[$$LocalObjectReference$$]__ -|*Optional* + - Specify a secret that contains additional environment variable configurations to be used for the MinIO pools. The secret is expected to have a key named config.env containing all exported environment variables for MinIO+ - -|=== - - - - -[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantusage"] -==== TenantUsage - -TenantUsage are metrics regarding the usage and capacity of the tenant - -.Appears In: -**** -- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantstatus[$$TenantStatus$$] -**** - -[cols="25a,75a", options="header"] -|=== -| Field | Description - -|*`capacity`* __integer__ -|Capacity the usage capacity of this tenant in bytes. - -|*`rawCapacity`* __integer__ -|Capacity the raw capacity of this tenant in bytes. - -|*`usage`* __integer__ -|Usage is how much data is managed by MinIO in bytes. - -|*`rawUsage`* __integer__ -|Usage is the raw usage on disks in bytes. - -|=== - - diff --git a/docs/tenat_crd.adoc b/docs/tenat_crd.adoc index 56f68544faa..f4008515fc6 100644 --- a/docs/tenat_crd.adoc +++ b/docs/tenat_crd.adoc @@ -19,6 +19,9 @@ Package v2 - This page provides a quick automatically generated reference for th The `minio.min.io/v2` API was released with the v4.0.0 MinIO Operator. The MinIO Operator automatically converts existing tenants using the `/v1` API to `/v2`. + +.Resource Types +- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenant[$$Tenant$$] + [id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-auditconfig"] @@ -114,6 +117,50 @@ CertificateStatus keeps track of all the certificates managed by the operator |*`autoCertEnabled`* __boolean__ |AutoCertEnabled registers whether we know if the tenant has autocert enabled +|*`customCertificates`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-customcertificates[$$CustomCertificates$$]__ +|Provides the output of the `client`, `minio`, and`minioCAs` custom TLS certificates manually added to the Operator. + +|=== + + +[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-customcertificateconfig"] +==== CustomCertificateConfig + +CustomCertificateConfig (`customCertificateConfig`) provides attributes associated of the TLS certificates manually added to the Operator as part of tenant creation. These fields contain no data if there are no custom TLS certificates. + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-customcertificates[$$CustomCertificates$$] +**** + + + +[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-customcertificates"] +==== CustomCertificates + +CustomCertificates (`customCertificates`) provides groupings of the TLS certificates manually added to the Operator as part of tenant creation. These fields contain no data if there are no custom TLS certificates. + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-certificatestatus[$$CertificateStatus$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description + +|*`client`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-customcertificateconfig[$$CustomCertificateConfig$$] array__ +|*Optional* + + Client + +|*`minio`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-customcertificateconfig[$$CustomCertificateConfig$$] array__ +|*Optional* + + Minio + +|*`minioCAs`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-customcertificateconfig[$$CustomCertificateConfig$$] array__ +|*Optional* + + Certificate Authorities + |=== @@ -798,6 +845,12 @@ Tenant is a https://kubernetes.io/docs/concepts/overview/working-with-objects/ku |=== | Field | Description +|*`apiVersion`* __string__ +|`minio.min.io/v2` + +|*`kind`* __string__ +|`Tenant` + |*`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#objectmeta-v1-meta[$$ObjectMeta$$]__ |Refer to Kubernetes API documentation for fields of `metadata`. diff --git a/helm/tenant/values.yaml b/helm/tenant/values.yaml index ceec9fffe48..88bcd07fc5d 100644 --- a/helm/tenant/values.yaml +++ b/helm/tenant/values.yaml @@ -95,7 +95,7 @@ tenant: ## not provided. DNS name format is *.minio.default.svc.cluster.local certConfig: {} ## MinIO features to enable or disable in the MinIO Tenant - ## https://github.com/minio/operator/blob/master/docs/crd.adoc#features + ## https://github.com/minio/operator/blob/master/docs/tenant_crd.adoc#features features: bucketDNS: false domains: {} From 842042bfb7c34573db5cbbfcc7ebbee33f505f86 Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Fri, 3 Mar 2023 18:12:33 -0800 Subject: [PATCH 35/47] rename sts api to v1alpha1 --- Makefile | 2 +- docs/policybinding_crd.adoc | 35 +-- examples/kustomization/sts-example/README.md | 2 +- .../sts-example/sts-app/policy-binding.yaml | 2 +- .../templates/minio.min.io_tenants.yaml | 132 ++++++++++- .../templates/sts.min.io_policybindings.yaml | 2 +- k8s/update-codegen.sh | 2 +- .../sts.min.io/{v1beta1 => v1alpha1}/doc.go | 9 +- .../{v1beta1 => v1alpha1}/register.go | 4 +- .../sts.min.io/{v1beta1 => v1alpha1}/types.go | 9 +- .../zz_generated.deepcopy.go | 2 +- .../sts.min.io/v1alpha1/application.go | 48 ++++ .../sts.min.io/v1alpha1/policybinding.go | 219 ++++++++++++++++++ .../sts.min.io/v1alpha1/policybindingspec.go | 50 ++++ .../v1alpha1/policybindingstatus.go | 48 ++++ .../sts.min.io/v1alpha1/policybindingusage.go | 39 ++++ pkg/client/applyconfiguration/utils.go | 14 ++ pkg/client/clientset/versioned/clientset.go | 18 +- .../versioned/fake/clientset_generated.go | 10 +- .../clientset/versioned/fake/register.go | 4 +- .../clientset/versioned/scheme/register.go | 4 +- .../sts.min.io/{v1beta1 => v1alpha1}/doc.go | 2 +- .../{v1beta1 => v1alpha1}/fake/doc.go | 0 .../fake/fake_policybinding.go | 99 +++++--- .../fake/fake_sts.min.io_client.go | 8 +- .../generated_expansion.go | 2 +- .../{v1beta1 => v1alpha1}/policybinding.go | 103 ++++++-- .../sts.min.io_client.go | 36 +-- .../informers/externalversions/generic.go | 8 +- .../externalversions/sts.min.io/interface.go | 12 +- .../{v1beta1 => v1alpha1}/interface.go | 2 +- .../{v1beta1 => v1alpha1}/policybinding.go | 20 +- .../expansion_generated.go | 2 +- .../{v1beta1 => v1alpha1}/policybinding.go | 24 +- pkg/controller/cluster/http_handlers.go | 6 +- pkg/controller/cluster/main-controller.go | 8 +- pkg/controller/controller.go | 2 +- resources/base/crds/minio.min.io_tenants.yaml | 132 ++++++++++- .../base/crds/sts.min.io_policybindings.yaml | 2 +- resources/templates/olm-template.yaml | 2 +- 40 files changed, 949 insertions(+), 176 deletions(-) rename pkg/apis/sts.min.io/{v1beta1 => v1alpha1}/doc.go (55%) rename pkg/apis/sts.min.io/{v1beta1 => v1alpha1}/register.go (97%) rename pkg/apis/sts.min.io/{v1beta1 => v1alpha1}/types.go (82%) rename pkg/apis/sts.min.io/{v1beta1 => v1alpha1}/zz_generated.deepcopy.go (99%) create mode 100644 pkg/client/applyconfiguration/sts.min.io/v1alpha1/application.go create mode 100644 pkg/client/applyconfiguration/sts.min.io/v1alpha1/policybinding.go create mode 100644 pkg/client/applyconfiguration/sts.min.io/v1alpha1/policybindingspec.go create mode 100644 pkg/client/applyconfiguration/sts.min.io/v1alpha1/policybindingstatus.go create mode 100644 pkg/client/applyconfiguration/sts.min.io/v1alpha1/policybindingusage.go rename pkg/client/clientset/versioned/typed/sts.min.io/{v1beta1 => v1alpha1}/doc.go (98%) rename pkg/client/clientset/versioned/typed/sts.min.io/{v1beta1 => v1alpha1}/fake/doc.go (100%) rename pkg/client/clientset/versioned/typed/sts.min.io/{v1beta1 => v1alpha1}/fake/fake_policybinding.go (54%) rename pkg/client/clientset/versioned/typed/sts.min.io/{v1beta1 => v1alpha1}/fake/fake_sts.min.io_client.go (80%) rename pkg/client/clientset/versioned/typed/sts.min.io/{v1beta1 => v1alpha1}/generated_expansion.go (97%) rename pkg/client/clientset/versioned/typed/sts.min.io/{v1beta1 => v1alpha1}/policybinding.go (60%) rename pkg/client/clientset/versioned/typed/sts.min.io/{v1beta1 => v1alpha1}/sts.min.io_client.go (69%) rename pkg/client/informers/externalversions/sts.min.io/{v1beta1 => v1alpha1}/interface.go (99%) rename pkg/client/informers/externalversions/sts.min.io/{v1beta1 => v1alpha1}/policybinding.go (84%) rename pkg/client/listers/sts.min.io/{v1beta1 => v1alpha1}/expansion_generated.go (98%) rename pkg/client/listers/sts.min.io/{v1beta1 => v1alpha1}/policybinding.go (82%) diff --git a/Makefile b/Makefile index 7a8ab3689db..1822624ff54 100644 --- a/Makefile +++ b/Makefile @@ -74,7 +74,7 @@ regen-crd: regen-crd-docs: @which crd-ref-docs 1>/dev/null || (echo "Installing crd-ref-docs" && GO111MODULE=on go install -v github.com/elastic/crd-ref-docs@latest) @${GOPATH}/bin/crd-ref-docs --source-path=./pkg/apis/minio.min.io/v2 --config=docs/templates/config.yaml --renderer=asciidoctor --output-path=docs/tenat_crd.adoc --templates-dir=docs/templates/asciidoctor/ - @${GOPATH}/bin/crd-ref-docs --source-path=./pkg/apis/sts.min.io/v1beta1 --config=docs/templates/config.yaml --renderer=asciidoctor --output-path=docs/policybinding_crd.adoc --templates-dir=docs/templates/asciidoctor/ + @${GOPATH}/bin/crd-ref-docs --source-path=./pkg/apis/sts.min.io/v1alpha1 --config=docs/templates/config.yaml --renderer=asciidoctor --output-path=docs/policybinding_crd.adoc --templates-dir=docs/templates/asciidoctor/ plugin: regen-crd @echo "Building 'kubectl-minio' binary" diff --git a/docs/policybinding_crd.adoc b/docs/policybinding_crd.adoc index 1fff95d2fb0..164f31ed514 100644 --- a/docs/policybinding_crd.adoc +++ b/docs/policybinding_crd.adoc @@ -11,21 +11,24 @@ :postgres-image: https://github.com/docker-library/postgres[library/postgres] -[id="{anchor_prefix}-sts-min-io-v1beta1"] -=== sts.min.io/v1beta1 +[id="{anchor_prefix}-sts-min-io-v1alpha1"] +=== sts.min.io/v1alpha1 -Package v1beta1 is the v1beta1 version of the API. +Package v1alpha1 -The following parameters are specific to the `sts.min.io/v1alpha1` MinIO Policy Binding CRD API +PolicyBinding is a Auhtorization mechanism managed by the Minio Operator using Kubernetes ServiceAccount JSON Web Tokens, the binding allow to an ServiceAccount to assume temporary credentials to access a tenant objects. +For more complete documentation on this object, see the https://docs.min.io/minio/k8s/reference/minio-operator-reference.html#minio-operator-yaml-reference[MinIO Kubernetes Documentation]. +PolicyBinding is added as part of the MinIO Operator v5.0.0. + -[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-sts-min-io-v1beta1-application"] +[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-sts-min-io-v1alpha1-application"] ==== Application -Application defines the `Namespace` and `ServiceAccount` +Application defines the `Namespace` and `ServiceAccount` to authorize the usage of the policies listed .Appears In: **** -- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-sts-min-io-v1beta1-policybindingspec[$$PolicyBindingSpec$$] +- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-sts-min-io-v1alpha1-policybindingspec[$$PolicyBindingSpec$$] **** [cols="25a,75a", options="header"] @@ -41,14 +44,14 @@ Application defines the `Namespace` and `ServiceAccount` |=== -[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-sts-min-io-v1beta1-policybinding"] +[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-sts-min-io-v1alpha1-policybinding"] ==== PolicyBinding PolicyBinding is a https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/[Kubernetes object] describing a MinIO PolicyBinding. .Appears In: **** -- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-sts-min-io-v1beta1-policybindinglist[$$PolicyBindingList$$] +- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-sts-min-io-v1alpha1-policybindinglist[$$PolicyBindingList$$] **** [cols="25a,75a", options="header"] @@ -59,7 +62,7 @@ PolicyBinding is a https://kubernetes.io/docs/concepts/overview/working-with-obj |Refer to Kubernetes API documentation for fields of `metadata`. -|*`spec`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-sts-min-io-v1beta1-policybindingspec[$$PolicyBindingSpec$$]__ +|*`spec`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-sts-min-io-v1alpha1-policybindingspec[$$PolicyBindingSpec$$]__ |*Required* + The root field for the MinIO PolicyBinding object. @@ -68,23 +71,21 @@ PolicyBinding is a https://kubernetes.io/docs/concepts/overview/working-with-obj -[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-sts-min-io-v1beta1-policybindingspec"] +[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-sts-min-io-v1alpha1-policybindingspec"] ==== PolicyBindingSpec -PolicyBindingSpec (`spec`) defines the configuration of a MinIO PolicyBinding object. + - The following parameters are specific to the `sts.min.io/v1beta1` MinIO Policy Binding CRD API `spec` definition added as part of the MinIO Operator v5.0.0. + - PolicyBinding is a Auhtorization mechanism managed by the Minio Operator using Kubernetes ServiceAccount native object, the Binding allow to an ServiceAccount to assume policies inside a tenant. For more complete documentation on this object, see the https://docs.min.io/minio/k8s/reference/minio-operator-reference.html#minio-operator-yaml-reference[MinIO Kubernetes Documentation]. +PolicyBindingSpec (`spec`) defines the configuration of a MinIO PolicyBinding object. + .Appears In: **** -- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-sts-min-io-v1beta1-policybinding[$$PolicyBinding$$] +- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-sts-min-io-v1alpha1-policybinding[$$PolicyBinding$$] **** [cols="25a,75a", options="header"] |=== | Field | Description -|*`application`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-sts-min-io-v1beta1-application[$$Application$$]__ +|*`application`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-sts-min-io-v1alpha1-application[$$Application$$]__ |*Required* + The Application Property identifies the namespace and service account that will be authorized @@ -96,14 +97,14 @@ PolicyBindingSpec (`spec`) defines the configuration of a MinIO PolicyBinding ob -[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-sts-min-io-v1beta1-policybindingusage"] +[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-sts-min-io-v1alpha1-policybindingusage"] ==== PolicyBindingUsage PolicyBindingUsage are metrics regarding the usage of the policyBinding .Appears In: **** -- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-sts-min-io-v1beta1-policybindingstatus[$$PolicyBindingStatus$$] +- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-sts-min-io-v1alpha1-policybindingstatus[$$PolicyBindingStatus$$] **** [cols="25a,75a", options="header"] diff --git a/examples/kustomization/sts-example/README.md b/examples/kustomization/sts-example/README.md index 03ae0eb50d9..a8811ae3166 100644 --- a/examples/kustomization/sts-example/README.md +++ b/examples/kustomization/sts-example/README.md @@ -58,7 +58,7 @@ namespace `minio-tenant-1` by installing a `PolicyBinding` on the `minio-tenant- Example policy binding ```yaml -apiVersion: sts.min.io/v1beta1 +apiVersion: sts.min.io/v1alpha1 kind: PolicyBinding metadata: name: binding-1 diff --git a/examples/kustomization/sts-example/sts-app/policy-binding.yaml b/examples/kustomization/sts-example/sts-app/policy-binding.yaml index ac1ad721354..13136d858e1 100644 --- a/examples/kustomization/sts-example/sts-app/policy-binding.yaml +++ b/examples/kustomization/sts-example/sts-app/policy-binding.yaml @@ -1,4 +1,4 @@ -apiVersion: sts.min.io/v1beta1 +apiVersion: sts.min.io/v1alpha1 kind: PolicyBinding metadata: name: binding-1 diff --git a/helm/operator/templates/minio.min.io_tenants.yaml b/helm/operator/templates/minio.min.io_tenants.yaml index 247c58ac674..be905ffacda 100644 --- a/helm/operator/templates/minio.min.io_tenants.yaml +++ b/helm/operator/templates/minio.min.io_tenants.yaml @@ -694,6 +694,18 @@ spec: type: integer resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -1751,6 +1763,18 @@ spec: type: object resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -1954,13 +1978,26 @@ spec: type: string name: type: string + namespace: + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -2138,6 +2175,18 @@ spec: type: object resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -2748,6 +2797,18 @@ spec: type: object resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -2954,13 +3015,26 @@ spec: type: string name: type: string + namespace: + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -3521,6 +3595,18 @@ spec: type: object resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -4176,6 +4262,18 @@ spec: type: object resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -4433,13 +4531,26 @@ spec: type: string name: type: string + namespace: + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -4778,13 +4889,26 @@ spec: type: string name: type: string + namespace: + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: diff --git a/helm/operator/templates/sts.min.io_policybindings.yaml b/helm/operator/templates/sts.min.io_policybindings.yaml index 0f78899ae35..b01576f5bda 100644 --- a/helm/operator/templates/sts.min.io_policybindings.yaml +++ b/helm/operator/templates/sts.min.io_policybindings.yaml @@ -24,7 +24,7 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: diff --git a/k8s/update-codegen.sh b/k8s/update-codegen.sh index 37eaa0dc3eb..3845bbb97b9 100755 --- a/k8s/update-codegen.sh +++ b/k8s/update-codegen.sh @@ -42,7 +42,7 @@ chmod +x ${CODEGEN_PKG}/generate-groups.sh cd ${SCRIPT_ROOT} ${CODEGEN_PKG}/generate-groups.sh "all" \ $ROOT_PKG/pkg/client $ROOT_PKG/pkg/apis \ - "minio.min.io:v2 sts.min.io:v1beta1" \ + "minio.min.io:v2 sts.min.io:v1alpha1" \ --output-base "${TEMP_DIR}" \ --go-header-file "k8s/boilerplate.go.txt" diff --git a/pkg/apis/sts.min.io/v1beta1/doc.go b/pkg/apis/sts.min.io/v1alpha1/doc.go similarity index 55% rename from pkg/apis/sts.min.io/v1beta1/doc.go rename to pkg/apis/sts.min.io/v1alpha1/doc.go index d6efb49bf8d..0845b0e430a 100644 --- a/pkg/apis/sts.min.io/v1beta1/doc.go +++ b/pkg/apis/sts.min.io/v1alpha1/doc.go @@ -15,7 +15,10 @@ // +k8s:deepcopy-gen=package,register // go:generate controller-gen crd:trivialVersions=true paths=. output:dir=. -// Package v1beta1 is the v1beta1 version of the API. +// Package v1alpha1 -The following parameters are specific to the `sts.min.io/v1alpha1` MinIO Policy Binding CRD API +// PolicyBinding is a Auhtorization mechanism managed by the Minio Operator using Kubernetes ServiceAccount JSON Web Tokens, the binding allow to an ServiceAccount to assume temporary credentials to access a tenant objects. +// For more complete documentation on this object, see the https://docs.min.io/minio/k8s/reference/minio-operator-reference.html#minio-operator-yaml-reference[MinIO Kubernetes Documentation]. +// PolicyBinding is added as part of the MinIO Operator v5.0.0. + // +groupName=sts.min.io -// +versionName=v1beta1 -package v1beta1 +// +versionName=v1alpha1 +package v1alpha1 diff --git a/pkg/apis/sts.min.io/v1beta1/register.go b/pkg/apis/sts.min.io/v1alpha1/register.go similarity index 97% rename from pkg/apis/sts.min.io/v1beta1/register.go rename to pkg/apis/sts.min.io/v1alpha1/register.go index 498c0318ac0..f8daca904a9 100644 --- a/pkg/apis/sts.min.io/v1beta1/register.go +++ b/pkg/apis/sts.min.io/v1alpha1/register.go @@ -12,7 +12,7 @@ // You should have received a copy of the GNU Affero General Public License, version 3, // along with this program. If not, see -package v1beta1 +package v1alpha1 import ( operator "github.com/minio/operator/pkg/apis/sts.min.io" @@ -22,7 +22,7 @@ import ( ) // Version specifies the API Version -const Version = "v1beta1" +const Version = "v1alpha1" // SchemeGroupVersion is group version used to register these objects var SchemeGroupVersion = schema.GroupVersion{Group: operator.GroupName, Version: Version} diff --git a/pkg/apis/sts.min.io/v1beta1/types.go b/pkg/apis/sts.min.io/v1alpha1/types.go similarity index 82% rename from pkg/apis/sts.min.io/v1beta1/types.go rename to pkg/apis/sts.min.io/v1alpha1/types.go index 853706becfb..660480822cc 100644 --- a/pkg/apis/sts.min.io/v1beta1/types.go +++ b/pkg/apis/sts.min.io/v1alpha1/types.go @@ -12,7 +12,7 @@ // You should have received a copy of the GNU Affero General Public License, version 3, // along with this program. If not, see -package v1beta1 +package v1alpha1 import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -58,11 +58,6 @@ type PolicyBindingUsage struct { } // PolicyBindingSpec (`spec`) defines the configuration of a MinIO PolicyBinding object. + -// -// The following parameters are specific to the `sts.min.io/v1beta1` MinIO Policy Binding CRD API `spec` definition added as part of the MinIO Operator v5.0.0. + -// -// PolicyBinding is a Auhtorization mechanism managed by the Minio Operator using Kubernetes ServiceAccount native object, the Binding allow to an ServiceAccount to assume policies inside a tenant. -// For more complete documentation on this object, see the https://docs.min.io/minio/k8s/reference/minio-operator-reference.html#minio-operator-yaml-reference[MinIO Kubernetes Documentation]. type PolicyBindingSpec struct { // *Required* + // @@ -72,7 +67,7 @@ type PolicyBindingSpec struct { Policies []string `json:"policies"` } -// Application defines the `Namespace` and `ServiceAccount` +// Application defines the `Namespace` and `ServiceAccount` to authorize the usage of the policies listed type Application struct { // *Required* + Namespace string `json:"namespace"` diff --git a/pkg/apis/sts.min.io/v1beta1/zz_generated.deepcopy.go b/pkg/apis/sts.min.io/v1alpha1/zz_generated.deepcopy.go similarity index 99% rename from pkg/apis/sts.min.io/v1beta1/zz_generated.deepcopy.go rename to pkg/apis/sts.min.io/v1alpha1/zz_generated.deepcopy.go index 1208ad21fcc..387b9d10a43 100644 --- a/pkg/apis/sts.min.io/v1beta1/zz_generated.deepcopy.go +++ b/pkg/apis/sts.min.io/v1alpha1/zz_generated.deepcopy.go @@ -19,7 +19,7 @@ // Code generated by deepcopy-gen. DO NOT EDIT. -package v1beta1 +package v1alpha1 import ( runtime "k8s.io/apimachinery/pkg/runtime" diff --git a/pkg/client/applyconfiguration/sts.min.io/v1alpha1/application.go b/pkg/client/applyconfiguration/sts.min.io/v1alpha1/application.go new file mode 100644 index 00000000000..83c93335ae7 --- /dev/null +++ b/pkg/client/applyconfiguration/sts.min.io/v1alpha1/application.go @@ -0,0 +1,48 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// ApplicationApplyConfiguration represents an declarative configuration of the Application type for use +// with apply. +type ApplicationApplyConfiguration struct { + Namespace *string `json:"namespace,omitempty"` + ServiceAccount *string `json:"serviceaccount,omitempty"` +} + +// ApplicationApplyConfiguration constructs an declarative configuration of the Application type for use with +// apply. +func Application() *ApplicationApplyConfiguration { + return &ApplicationApplyConfiguration{} +} + +// WithNamespace sets the Namespace field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Namespace field is set to the value of the last call. +func (b *ApplicationApplyConfiguration) WithNamespace(value string) *ApplicationApplyConfiguration { + b.Namespace = &value + return b +} + +// WithServiceAccount sets the ServiceAccount field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ServiceAccount field is set to the value of the last call. +func (b *ApplicationApplyConfiguration) WithServiceAccount(value string) *ApplicationApplyConfiguration { + b.ServiceAccount = &value + return b +} diff --git a/pkg/client/applyconfiguration/sts.min.io/v1alpha1/policybinding.go b/pkg/client/applyconfiguration/sts.min.io/v1alpha1/policybinding.go new file mode 100644 index 00000000000..f8e98d4dada --- /dev/null +++ b/pkg/client/applyconfiguration/sts.min.io/v1alpha1/policybinding.go @@ -0,0 +1,219 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + v1 "k8s.io/client-go/applyconfigurations/meta/v1" +) + +// PolicyBindingApplyConfiguration represents an declarative configuration of the PolicyBinding type for use +// with apply. +type PolicyBindingApplyConfiguration struct { + v1.TypeMetaApplyConfiguration `json:",inline"` + *v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"` + Spec *PolicyBindingSpecApplyConfiguration `json:"spec,omitempty"` + Status *PolicyBindingStatusApplyConfiguration `json:"status,omitempty"` +} + +// PolicyBinding constructs an declarative configuration of the PolicyBinding type for use with +// apply. +func PolicyBinding(name, namespace string) *PolicyBindingApplyConfiguration { + b := &PolicyBindingApplyConfiguration{} + b.WithName(name) + b.WithNamespace(namespace) + b.WithKind("PolicyBinding") + b.WithAPIVersion("sts.min.io/v1alpha1") + return b +} + +// WithKind sets the Kind field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Kind field is set to the value of the last call. +func (b *PolicyBindingApplyConfiguration) WithKind(value string) *PolicyBindingApplyConfiguration { + b.Kind = &value + return b +} + +// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the APIVersion field is set to the value of the last call. +func (b *PolicyBindingApplyConfiguration) WithAPIVersion(value string) *PolicyBindingApplyConfiguration { + b.APIVersion = &value + return b +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *PolicyBindingApplyConfiguration) WithName(value string) *PolicyBindingApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.Name = &value + return b +} + +// WithGenerateName sets the GenerateName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the GenerateName field is set to the value of the last call. +func (b *PolicyBindingApplyConfiguration) WithGenerateName(value string) *PolicyBindingApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.GenerateName = &value + return b +} + +// WithNamespace sets the Namespace field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Namespace field is set to the value of the last call. +func (b *PolicyBindingApplyConfiguration) WithNamespace(value string) *PolicyBindingApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.Namespace = &value + return b +} + +// WithUID sets the UID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the UID field is set to the value of the last call. +func (b *PolicyBindingApplyConfiguration) WithUID(value types.UID) *PolicyBindingApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.UID = &value + return b +} + +// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ResourceVersion field is set to the value of the last call. +func (b *PolicyBindingApplyConfiguration) WithResourceVersion(value string) *PolicyBindingApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ResourceVersion = &value + return b +} + +// WithGeneration sets the Generation field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Generation field is set to the value of the last call. +func (b *PolicyBindingApplyConfiguration) WithGeneration(value int64) *PolicyBindingApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.Generation = &value + return b +} + +// WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CreationTimestamp field is set to the value of the last call. +func (b *PolicyBindingApplyConfiguration) WithCreationTimestamp(value metav1.Time) *PolicyBindingApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.CreationTimestamp = &value + return b +} + +// WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DeletionTimestamp field is set to the value of the last call. +func (b *PolicyBindingApplyConfiguration) WithDeletionTimestamp(value metav1.Time) *PolicyBindingApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.DeletionTimestamp = &value + return b +} + +// WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call. +func (b *PolicyBindingApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *PolicyBindingApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.DeletionGracePeriodSeconds = &value + return b +} + +// WithLabels puts the entries into the Labels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Labels field, +// overwriting an existing map entries in Labels field with the same key. +func (b *PolicyBindingApplyConfiguration) WithLabels(entries map[string]string) *PolicyBindingApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + if b.Labels == nil && len(entries) > 0 { + b.Labels = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.Labels[k] = v + } + return b +} + +// WithAnnotations puts the entries into the Annotations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Annotations field, +// overwriting an existing map entries in Annotations field with the same key. +func (b *PolicyBindingApplyConfiguration) WithAnnotations(entries map[string]string) *PolicyBindingApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + if b.Annotations == nil && len(entries) > 0 { + b.Annotations = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.Annotations[k] = v + } + return b +} + +// WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the OwnerReferences field. +func (b *PolicyBindingApplyConfiguration) WithOwnerReferences(values ...*v1.OwnerReferenceApplyConfiguration) *PolicyBindingApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + for i := range values { + if values[i] == nil { + panic("nil value passed to WithOwnerReferences") + } + b.OwnerReferences = append(b.OwnerReferences, *values[i]) + } + return b +} + +// WithFinalizers adds the given value to the Finalizers field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Finalizers field. +func (b *PolicyBindingApplyConfiguration) WithFinalizers(values ...string) *PolicyBindingApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + for i := range values { + b.Finalizers = append(b.Finalizers, values[i]) + } + return b +} + +func (b *PolicyBindingApplyConfiguration) ensureObjectMetaApplyConfigurationExists() { + if b.ObjectMetaApplyConfiguration == nil { + b.ObjectMetaApplyConfiguration = &v1.ObjectMetaApplyConfiguration{} + } +} + +// WithSpec sets the Spec field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Spec field is set to the value of the last call. +func (b *PolicyBindingApplyConfiguration) WithSpec(value *PolicyBindingSpecApplyConfiguration) *PolicyBindingApplyConfiguration { + b.Spec = value + return b +} + +// WithStatus sets the Status field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Status field is set to the value of the last call. +func (b *PolicyBindingApplyConfiguration) WithStatus(value *PolicyBindingStatusApplyConfiguration) *PolicyBindingApplyConfiguration { + b.Status = value + return b +} diff --git a/pkg/client/applyconfiguration/sts.min.io/v1alpha1/policybindingspec.go b/pkg/client/applyconfiguration/sts.min.io/v1alpha1/policybindingspec.go new file mode 100644 index 00000000000..7eee72667f7 --- /dev/null +++ b/pkg/client/applyconfiguration/sts.min.io/v1alpha1/policybindingspec.go @@ -0,0 +1,50 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// PolicyBindingSpecApplyConfiguration represents an declarative configuration of the PolicyBindingSpec type for use +// with apply. +type PolicyBindingSpecApplyConfiguration struct { + Application *ApplicationApplyConfiguration `json:"application,omitempty"` + Policies []string `json:"policies,omitempty"` +} + +// PolicyBindingSpecApplyConfiguration constructs an declarative configuration of the PolicyBindingSpec type for use with +// apply. +func PolicyBindingSpec() *PolicyBindingSpecApplyConfiguration { + return &PolicyBindingSpecApplyConfiguration{} +} + +// WithApplication sets the Application field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Application field is set to the value of the last call. +func (b *PolicyBindingSpecApplyConfiguration) WithApplication(value *ApplicationApplyConfiguration) *PolicyBindingSpecApplyConfiguration { + b.Application = value + return b +} + +// WithPolicies adds the given value to the Policies field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Policies field. +func (b *PolicyBindingSpecApplyConfiguration) WithPolicies(values ...string) *PolicyBindingSpecApplyConfiguration { + for i := range values { + b.Policies = append(b.Policies, values[i]) + } + return b +} diff --git a/pkg/client/applyconfiguration/sts.min.io/v1alpha1/policybindingstatus.go b/pkg/client/applyconfiguration/sts.min.io/v1alpha1/policybindingstatus.go new file mode 100644 index 00000000000..cf51856c5b1 --- /dev/null +++ b/pkg/client/applyconfiguration/sts.min.io/v1alpha1/policybindingstatus.go @@ -0,0 +1,48 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// PolicyBindingStatusApplyConfiguration represents an declarative configuration of the PolicyBindingStatus type for use +// with apply. +type PolicyBindingStatusApplyConfiguration struct { + CurrentState *string `json:"currentState,omitempty"` + Usage *PolicyBindingUsageApplyConfiguration `json:"usage,omitempty"` +} + +// PolicyBindingStatusApplyConfiguration constructs an declarative configuration of the PolicyBindingStatus type for use with +// apply. +func PolicyBindingStatus() *PolicyBindingStatusApplyConfiguration { + return &PolicyBindingStatusApplyConfiguration{} +} + +// WithCurrentState sets the CurrentState field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CurrentState field is set to the value of the last call. +func (b *PolicyBindingStatusApplyConfiguration) WithCurrentState(value string) *PolicyBindingStatusApplyConfiguration { + b.CurrentState = &value + return b +} + +// WithUsage sets the Usage field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Usage field is set to the value of the last call. +func (b *PolicyBindingStatusApplyConfiguration) WithUsage(value *PolicyBindingUsageApplyConfiguration) *PolicyBindingStatusApplyConfiguration { + b.Usage = value + return b +} diff --git a/pkg/client/applyconfiguration/sts.min.io/v1alpha1/policybindingusage.go b/pkg/client/applyconfiguration/sts.min.io/v1alpha1/policybindingusage.go new file mode 100644 index 00000000000..1407845b651 --- /dev/null +++ b/pkg/client/applyconfiguration/sts.min.io/v1alpha1/policybindingusage.go @@ -0,0 +1,39 @@ +// This file is part of MinIO Operator +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// PolicyBindingUsageApplyConfiguration represents an declarative configuration of the PolicyBindingUsage type for use +// with apply. +type PolicyBindingUsageApplyConfiguration struct { + Authorizations *int64 `json:"authotizations,omitempty"` +} + +// PolicyBindingUsageApplyConfiguration constructs an declarative configuration of the PolicyBindingUsage type for use with +// apply. +func PolicyBindingUsage() *PolicyBindingUsageApplyConfiguration { + return &PolicyBindingUsageApplyConfiguration{} +} + +// WithAuthorizations sets the Authorizations field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Authorizations field is set to the value of the last call. +func (b *PolicyBindingUsageApplyConfiguration) WithAuthorizations(value int64) *PolicyBindingUsageApplyConfiguration { + b.Authorizations = &value + return b +} diff --git a/pkg/client/applyconfiguration/utils.go b/pkg/client/applyconfiguration/utils.go index 753bb05fd8d..28a6cf0d202 100644 --- a/pkg/client/applyconfiguration/utils.go +++ b/pkg/client/applyconfiguration/utils.go @@ -20,7 +20,9 @@ package applyconfiguration import ( v2 "github.com/minio/operator/pkg/apis/minio.min.io/v2" + v1alpha1 "github.com/minio/operator/pkg/apis/sts.min.io/v1alpha1" miniominiov2 "github.com/minio/operator/pkg/client/applyconfiguration/minio.min.io/v2" + stsminiov1alpha1 "github.com/minio/operator/pkg/client/applyconfiguration/sts.min.io/v1alpha1" schema "k8s.io/apimachinery/pkg/runtime/schema" ) @@ -82,6 +84,18 @@ func ForKind(kind schema.GroupVersionKind) interface{} { case v2.SchemeGroupVersion.WithKind("TierUsage"): return &miniominiov2.TierUsageApplyConfiguration{} + // Group=sts.min.io, Version=v1alpha1 + case v1alpha1.SchemeGroupVersion.WithKind("Application"): + return &stsminiov1alpha1.ApplicationApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("PolicyBinding"): + return &stsminiov1alpha1.PolicyBindingApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("PolicyBindingSpec"): + return &stsminiov1alpha1.PolicyBindingSpecApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("PolicyBindingStatus"): + return &stsminiov1alpha1.PolicyBindingStatusApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("PolicyBindingUsage"): + return &stsminiov1alpha1.PolicyBindingUsageApplyConfiguration{} + } return nil } diff --git a/pkg/client/clientset/versioned/clientset.go b/pkg/client/clientset/versioned/clientset.go index db0cdd6f66a..babee4e91b4 100644 --- a/pkg/client/clientset/versioned/clientset.go +++ b/pkg/client/clientset/versioned/clientset.go @@ -23,7 +23,7 @@ import ( "net/http" miniov2 "github.com/minio/operator/pkg/client/clientset/versioned/typed/minio.min.io/v2" - stsv1beta1 "github.com/minio/operator/pkg/client/clientset/versioned/typed/sts.min.io/v1beta1" + stsv1alpha1 "github.com/minio/operator/pkg/client/clientset/versioned/typed/sts.min.io/v1alpha1" discovery "k8s.io/client-go/discovery" rest "k8s.io/client-go/rest" flowcontrol "k8s.io/client-go/util/flowcontrol" @@ -32,14 +32,14 @@ import ( type Interface interface { Discovery() discovery.DiscoveryInterface MinioV2() miniov2.MinioV2Interface - StsV1beta1() stsv1beta1.StsV1beta1Interface + StsV1alpha1() stsv1alpha1.StsV1alpha1Interface } // Clientset contains the clients for groups. type Clientset struct { *discovery.DiscoveryClient - minioV2 *miniov2.MinioV2Client - stsV1beta1 *stsv1beta1.StsV1beta1Client + minioV2 *miniov2.MinioV2Client + stsV1alpha1 *stsv1alpha1.StsV1alpha1Client } // MinioV2 retrieves the MinioV2Client @@ -47,9 +47,9 @@ func (c *Clientset) MinioV2() miniov2.MinioV2Interface { return c.minioV2 } -// StsV1beta1 retrieves the StsV1beta1Client -func (c *Clientset) StsV1beta1() stsv1beta1.StsV1beta1Interface { - return c.stsV1beta1 +// StsV1alpha1 retrieves the StsV1alpha1Client +func (c *Clientset) StsV1alpha1() stsv1alpha1.StsV1alpha1Interface { + return c.stsV1alpha1 } // Discovery retrieves the DiscoveryClient @@ -100,7 +100,7 @@ func NewForConfigAndClient(c *rest.Config, httpClient *http.Client) (*Clientset, if err != nil { return nil, err } - cs.stsV1beta1, err = stsv1beta1.NewForConfigAndClient(&configShallowCopy, httpClient) + cs.stsV1alpha1, err = stsv1alpha1.NewForConfigAndClient(&configShallowCopy, httpClient) if err != nil { return nil, err } @@ -126,7 +126,7 @@ func NewForConfigOrDie(c *rest.Config) *Clientset { func New(c rest.Interface) *Clientset { var cs Clientset cs.minioV2 = miniov2.New(c) - cs.stsV1beta1 = stsv1beta1.New(c) + cs.stsV1alpha1 = stsv1alpha1.New(c) cs.DiscoveryClient = discovery.NewDiscoveryClient(c) return &cs diff --git a/pkg/client/clientset/versioned/fake/clientset_generated.go b/pkg/client/clientset/versioned/fake/clientset_generated.go index 741e9a9ea07..c8d5beb4a90 100644 --- a/pkg/client/clientset/versioned/fake/clientset_generated.go +++ b/pkg/client/clientset/versioned/fake/clientset_generated.go @@ -22,8 +22,8 @@ import ( clientset "github.com/minio/operator/pkg/client/clientset/versioned" miniov2 "github.com/minio/operator/pkg/client/clientset/versioned/typed/minio.min.io/v2" fakeminiov2 "github.com/minio/operator/pkg/client/clientset/versioned/typed/minio.min.io/v2/fake" - stsv1beta1 "github.com/minio/operator/pkg/client/clientset/versioned/typed/sts.min.io/v1beta1" - fakestsv1beta1 "github.com/minio/operator/pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/fake" + stsv1alpha1 "github.com/minio/operator/pkg/client/clientset/versioned/typed/sts.min.io/v1alpha1" + fakestsv1alpha1 "github.com/minio/operator/pkg/client/clientset/versioned/typed/sts.min.io/v1alpha1/fake" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/watch" "k8s.io/client-go/discovery" @@ -86,7 +86,7 @@ func (c *Clientset) MinioV2() miniov2.MinioV2Interface { return &fakeminiov2.FakeMinioV2{Fake: &c.Fake} } -// StsV1beta1 retrieves the StsV1beta1Client -func (c *Clientset) StsV1beta1() stsv1beta1.StsV1beta1Interface { - return &fakestsv1beta1.FakeStsV1beta1{Fake: &c.Fake} +// StsV1alpha1 retrieves the StsV1alpha1Client +func (c *Clientset) StsV1alpha1() stsv1alpha1.StsV1alpha1Interface { + return &fakestsv1alpha1.FakeStsV1alpha1{Fake: &c.Fake} } diff --git a/pkg/client/clientset/versioned/fake/register.go b/pkg/client/clientset/versioned/fake/register.go index 22956619ca3..5e316060f23 100644 --- a/pkg/client/clientset/versioned/fake/register.go +++ b/pkg/client/clientset/versioned/fake/register.go @@ -20,7 +20,7 @@ package fake import ( miniov2 "github.com/minio/operator/pkg/apis/minio.min.io/v2" - stsv1beta1 "github.com/minio/operator/pkg/apis/sts.min.io/v1beta1" + stsv1alpha1 "github.com/minio/operator/pkg/apis/sts.min.io/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" schema "k8s.io/apimachinery/pkg/runtime/schema" @@ -33,7 +33,7 @@ var codecs = serializer.NewCodecFactory(scheme) var localSchemeBuilder = runtime.SchemeBuilder{ miniov2.AddToScheme, - stsv1beta1.AddToScheme, + stsv1alpha1.AddToScheme, } // AddToScheme adds all types of this clientset into the given scheme. This allows composition diff --git a/pkg/client/clientset/versioned/scheme/register.go b/pkg/client/clientset/versioned/scheme/register.go index e20e77209f6..bb942db90e0 100644 --- a/pkg/client/clientset/versioned/scheme/register.go +++ b/pkg/client/clientset/versioned/scheme/register.go @@ -20,7 +20,7 @@ package scheme import ( miniov2 "github.com/minio/operator/pkg/apis/minio.min.io/v2" - stsv1beta1 "github.com/minio/operator/pkg/apis/sts.min.io/v1beta1" + stsv1alpha1 "github.com/minio/operator/pkg/apis/sts.min.io/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" schema "k8s.io/apimachinery/pkg/runtime/schema" @@ -33,7 +33,7 @@ var Codecs = serializer.NewCodecFactory(Scheme) var ParameterCodec = runtime.NewParameterCodec(Scheme) var localSchemeBuilder = runtime.SchemeBuilder{ miniov2.AddToScheme, - stsv1beta1.AddToScheme, + stsv1alpha1.AddToScheme, } // AddToScheme adds all types of this clientset into the given scheme. This allows composition diff --git a/pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/doc.go b/pkg/client/clientset/versioned/typed/sts.min.io/v1alpha1/doc.go similarity index 98% rename from pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/doc.go rename to pkg/client/clientset/versioned/typed/sts.min.io/v1alpha1/doc.go index d2271211ef7..8d796276602 100644 --- a/pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/doc.go +++ b/pkg/client/clientset/versioned/typed/sts.min.io/v1alpha1/doc.go @@ -17,4 +17,4 @@ // Code generated by client-gen. DO NOT EDIT. // This package has the automatically generated typed clients. -package v1beta1 +package v1alpha1 diff --git a/pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/fake/doc.go b/pkg/client/clientset/versioned/typed/sts.min.io/v1alpha1/fake/doc.go similarity index 100% rename from pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/fake/doc.go rename to pkg/client/clientset/versioned/typed/sts.min.io/v1alpha1/fake/doc.go diff --git a/pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/fake/fake_policybinding.go b/pkg/client/clientset/versioned/typed/sts.min.io/v1alpha1/fake/fake_policybinding.go similarity index 54% rename from pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/fake/fake_policybinding.go rename to pkg/client/clientset/versioned/typed/sts.min.io/v1alpha1/fake/fake_policybinding.go index b7318b30065..8df61d2283f 100644 --- a/pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/fake/fake_policybinding.go +++ b/pkg/client/clientset/versioned/typed/sts.min.io/v1alpha1/fake/fake_policybinding.go @@ -20,11 +20,13 @@ package fake import ( "context" + json "encoding/json" + "fmt" - v1beta1 "github.com/minio/operator/pkg/apis/sts.min.io/v1beta1" + v1alpha1 "github.com/minio/operator/pkg/apis/sts.min.io/v1alpha1" + stsminiov1alpha1 "github.com/minio/operator/pkg/client/applyconfiguration/sts.min.io/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" @@ -32,29 +34,29 @@ import ( // FakePolicyBindings implements PolicyBindingInterface type FakePolicyBindings struct { - Fake *FakeStsV1beta1 + Fake *FakeStsV1alpha1 ns string } -var policybindingsResource = schema.GroupVersionResource{Group: "sts.min.io", Version: "v1beta1", Resource: "policybindings"} +var policybindingsResource = v1alpha1.SchemeGroupVersion.WithResource("policybindings") -var policybindingsKind = schema.GroupVersionKind{Group: "sts.min.io", Version: "v1beta1", Kind: "PolicyBinding"} +var policybindingsKind = v1alpha1.SchemeGroupVersion.WithKind("PolicyBinding") // Get takes name of the policyBinding, and returns the corresponding policyBinding object, and an error if there is any. -func (c *FakePolicyBindings) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.PolicyBinding, err error) { +func (c *FakePolicyBindings) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.PolicyBinding, err error) { obj, err := c.Fake. - Invokes(testing.NewGetAction(policybindingsResource, c.ns, name), &v1beta1.PolicyBinding{}) + Invokes(testing.NewGetAction(policybindingsResource, c.ns, name), &v1alpha1.PolicyBinding{}) if obj == nil { return nil, err } - return obj.(*v1beta1.PolicyBinding), err + return obj.(*v1alpha1.PolicyBinding), err } // List takes label and field selectors, and returns the list of PolicyBindings that match those selectors. -func (c *FakePolicyBindings) List(ctx context.Context, opts v1.ListOptions) (result *v1beta1.PolicyBindingList, err error) { +func (c *FakePolicyBindings) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.PolicyBindingList, err error) { obj, err := c.Fake. - Invokes(testing.NewListAction(policybindingsResource, policybindingsKind, c.ns, opts), &v1beta1.PolicyBindingList{}) + Invokes(testing.NewListAction(policybindingsResource, policybindingsKind, c.ns, opts), &v1alpha1.PolicyBindingList{}) if obj == nil { return nil, err @@ -64,8 +66,8 @@ func (c *FakePolicyBindings) List(ctx context.Context, opts v1.ListOptions) (res if label == nil { label = labels.Everything() } - list := &v1beta1.PolicyBindingList{ListMeta: obj.(*v1beta1.PolicyBindingList).ListMeta} - for _, item := range obj.(*v1beta1.PolicyBindingList).Items { + list := &v1alpha1.PolicyBindingList{ListMeta: obj.(*v1alpha1.PolicyBindingList).ListMeta} + for _, item := range obj.(*v1alpha1.PolicyBindingList).Items { if label.Matches(labels.Set(item.Labels)) { list.Items = append(list.Items, item) } @@ -81,43 +83,43 @@ func (c *FakePolicyBindings) Watch(ctx context.Context, opts v1.ListOptions) (wa } // Create takes the representation of a policyBinding and creates it. Returns the server's representation of the policyBinding, and an error, if there is any. -func (c *FakePolicyBindings) Create(ctx context.Context, policyBinding *v1beta1.PolicyBinding, opts v1.CreateOptions) (result *v1beta1.PolicyBinding, err error) { +func (c *FakePolicyBindings) Create(ctx context.Context, policyBinding *v1alpha1.PolicyBinding, opts v1.CreateOptions) (result *v1alpha1.PolicyBinding, err error) { obj, err := c.Fake. - Invokes(testing.NewCreateAction(policybindingsResource, c.ns, policyBinding), &v1beta1.PolicyBinding{}) + Invokes(testing.NewCreateAction(policybindingsResource, c.ns, policyBinding), &v1alpha1.PolicyBinding{}) if obj == nil { return nil, err } - return obj.(*v1beta1.PolicyBinding), err + return obj.(*v1alpha1.PolicyBinding), err } // Update takes the representation of a policyBinding and updates it. Returns the server's representation of the policyBinding, and an error, if there is any. -func (c *FakePolicyBindings) Update(ctx context.Context, policyBinding *v1beta1.PolicyBinding, opts v1.UpdateOptions) (result *v1beta1.PolicyBinding, err error) { +func (c *FakePolicyBindings) Update(ctx context.Context, policyBinding *v1alpha1.PolicyBinding, opts v1.UpdateOptions) (result *v1alpha1.PolicyBinding, err error) { obj, err := c.Fake. - Invokes(testing.NewUpdateAction(policybindingsResource, c.ns, policyBinding), &v1beta1.PolicyBinding{}) + Invokes(testing.NewUpdateAction(policybindingsResource, c.ns, policyBinding), &v1alpha1.PolicyBinding{}) if obj == nil { return nil, err } - return obj.(*v1beta1.PolicyBinding), err + return obj.(*v1alpha1.PolicyBinding), err } // UpdateStatus was generated because the type contains a Status member. // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *FakePolicyBindings) UpdateStatus(ctx context.Context, policyBinding *v1beta1.PolicyBinding, opts v1.UpdateOptions) (*v1beta1.PolicyBinding, error) { +func (c *FakePolicyBindings) UpdateStatus(ctx context.Context, policyBinding *v1alpha1.PolicyBinding, opts v1.UpdateOptions) (*v1alpha1.PolicyBinding, error) { obj, err := c.Fake. - Invokes(testing.NewUpdateSubresourceAction(policybindingsResource, "status", c.ns, policyBinding), &v1beta1.PolicyBinding{}) + Invokes(testing.NewUpdateSubresourceAction(policybindingsResource, "status", c.ns, policyBinding), &v1alpha1.PolicyBinding{}) if obj == nil { return nil, err } - return obj.(*v1beta1.PolicyBinding), err + return obj.(*v1alpha1.PolicyBinding), err } // Delete takes name of the policyBinding and deletes it. Returns an error if one occurs. func (c *FakePolicyBindings) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { _, err := c.Fake. - Invokes(testing.NewDeleteActionWithOptions(policybindingsResource, c.ns, name, opts), &v1beta1.PolicyBinding{}) + Invokes(testing.NewDeleteActionWithOptions(policybindingsResource, c.ns, name, opts), &v1alpha1.PolicyBinding{}) return err } @@ -126,17 +128,62 @@ func (c *FakePolicyBindings) Delete(ctx context.Context, name string, opts v1.De func (c *FakePolicyBindings) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { action := testing.NewDeleteCollectionAction(policybindingsResource, c.ns, listOpts) - _, err := c.Fake.Invokes(action, &v1beta1.PolicyBindingList{}) + _, err := c.Fake.Invokes(action, &v1alpha1.PolicyBindingList{}) return err } // Patch applies the patch and returns the patched policyBinding. -func (c *FakePolicyBindings) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.PolicyBinding, err error) { +func (c *FakePolicyBindings) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.PolicyBinding, err error) { obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(policybindingsResource, c.ns, name, pt, data, subresources...), &v1beta1.PolicyBinding{}) + Invokes(testing.NewPatchSubresourceAction(policybindingsResource, c.ns, name, pt, data, subresources...), &v1alpha1.PolicyBinding{}) if obj == nil { return nil, err } - return obj.(*v1beta1.PolicyBinding), err + return obj.(*v1alpha1.PolicyBinding), err +} + +// Apply takes the given apply declarative configuration, applies it and returns the applied policyBinding. +func (c *FakePolicyBindings) Apply(ctx context.Context, policyBinding *stsminiov1alpha1.PolicyBindingApplyConfiguration, opts v1.ApplyOptions) (result *v1alpha1.PolicyBinding, err error) { + if policyBinding == nil { + return nil, fmt.Errorf("policyBinding provided to Apply must not be nil") + } + data, err := json.Marshal(policyBinding) + if err != nil { + return nil, err + } + name := policyBinding.Name + if name == nil { + return nil, fmt.Errorf("policyBinding.Name must be provided to Apply") + } + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(policybindingsResource, c.ns, *name, types.ApplyPatchType, data), &v1alpha1.PolicyBinding{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.PolicyBinding), err +} + +// ApplyStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating ApplyStatus(). +func (c *FakePolicyBindings) ApplyStatus(ctx context.Context, policyBinding *stsminiov1alpha1.PolicyBindingApplyConfiguration, opts v1.ApplyOptions) (result *v1alpha1.PolicyBinding, err error) { + if policyBinding == nil { + return nil, fmt.Errorf("policyBinding provided to Apply must not be nil") + } + data, err := json.Marshal(policyBinding) + if err != nil { + return nil, err + } + name := policyBinding.Name + if name == nil { + return nil, fmt.Errorf("policyBinding.Name must be provided to Apply") + } + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(policybindingsResource, c.ns, *name, types.ApplyPatchType, data, "status"), &v1alpha1.PolicyBinding{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.PolicyBinding), err } diff --git a/pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/fake/fake_sts.min.io_client.go b/pkg/client/clientset/versioned/typed/sts.min.io/v1alpha1/fake/fake_sts.min.io_client.go similarity index 80% rename from pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/fake/fake_sts.min.io_client.go rename to pkg/client/clientset/versioned/typed/sts.min.io/v1alpha1/fake/fake_sts.min.io_client.go index 9509c8c88a4..ecbfb218923 100644 --- a/pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/fake/fake_sts.min.io_client.go +++ b/pkg/client/clientset/versioned/typed/sts.min.io/v1alpha1/fake/fake_sts.min.io_client.go @@ -19,22 +19,22 @@ package fake import ( - v1beta1 "github.com/minio/operator/pkg/client/clientset/versioned/typed/sts.min.io/v1beta1" + v1alpha1 "github.com/minio/operator/pkg/client/clientset/versioned/typed/sts.min.io/v1alpha1" rest "k8s.io/client-go/rest" testing "k8s.io/client-go/testing" ) -type FakeStsV1beta1 struct { +type FakeStsV1alpha1 struct { *testing.Fake } -func (c *FakeStsV1beta1) PolicyBindings(namespace string) v1beta1.PolicyBindingInterface { +func (c *FakeStsV1alpha1) PolicyBindings(namespace string) v1alpha1.PolicyBindingInterface { return &FakePolicyBindings{c, namespace} } // RESTClient returns a RESTClient that is used to communicate // with API server by this client implementation. -func (c *FakeStsV1beta1) RESTClient() rest.Interface { +func (c *FakeStsV1alpha1) RESTClient() rest.Interface { var ret *rest.RESTClient return ret } diff --git a/pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/generated_expansion.go b/pkg/client/clientset/versioned/typed/sts.min.io/v1alpha1/generated_expansion.go similarity index 97% rename from pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/generated_expansion.go rename to pkg/client/clientset/versioned/typed/sts.min.io/v1alpha1/generated_expansion.go index d6ea4870f09..8afaf86213e 100644 --- a/pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/generated_expansion.go +++ b/pkg/client/clientset/versioned/typed/sts.min.io/v1alpha1/generated_expansion.go @@ -16,6 +16,6 @@ // Code generated by client-gen. DO NOT EDIT. -package v1beta1 +package v1alpha1 type PolicyBindingExpansion interface{} diff --git a/pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/policybinding.go b/pkg/client/clientset/versioned/typed/sts.min.io/v1alpha1/policybinding.go similarity index 60% rename from pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/policybinding.go rename to pkg/client/clientset/versioned/typed/sts.min.io/v1alpha1/policybinding.go index 4feac7f0b05..2cd673123b5 100644 --- a/pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/policybinding.go +++ b/pkg/client/clientset/versioned/typed/sts.min.io/v1alpha1/policybinding.go @@ -16,13 +16,16 @@ // Code generated by client-gen. DO NOT EDIT. -package v1beta1 +package v1alpha1 import ( "context" + json "encoding/json" + "fmt" "time" - v1beta1 "github.com/minio/operator/pkg/apis/sts.min.io/v1beta1" + v1alpha1 "github.com/minio/operator/pkg/apis/sts.min.io/v1alpha1" + stsminiov1alpha1 "github.com/minio/operator/pkg/client/applyconfiguration/sts.min.io/v1alpha1" scheme "github.com/minio/operator/pkg/client/clientset/versioned/scheme" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" types "k8s.io/apimachinery/pkg/types" @@ -38,15 +41,17 @@ type PolicyBindingsGetter interface { // PolicyBindingInterface has methods to work with PolicyBinding resources. type PolicyBindingInterface interface { - Create(ctx context.Context, policyBinding *v1beta1.PolicyBinding, opts v1.CreateOptions) (*v1beta1.PolicyBinding, error) - Update(ctx context.Context, policyBinding *v1beta1.PolicyBinding, opts v1.UpdateOptions) (*v1beta1.PolicyBinding, error) - UpdateStatus(ctx context.Context, policyBinding *v1beta1.PolicyBinding, opts v1.UpdateOptions) (*v1beta1.PolicyBinding, error) + Create(ctx context.Context, policyBinding *v1alpha1.PolicyBinding, opts v1.CreateOptions) (*v1alpha1.PolicyBinding, error) + Update(ctx context.Context, policyBinding *v1alpha1.PolicyBinding, opts v1.UpdateOptions) (*v1alpha1.PolicyBinding, error) + UpdateStatus(ctx context.Context, policyBinding *v1alpha1.PolicyBinding, opts v1.UpdateOptions) (*v1alpha1.PolicyBinding, error) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1beta1.PolicyBinding, error) - List(ctx context.Context, opts v1.ListOptions) (*v1beta1.PolicyBindingList, error) + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.PolicyBinding, error) + List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.PolicyBindingList, error) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.PolicyBinding, err error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.PolicyBinding, err error) + Apply(ctx context.Context, policyBinding *stsminiov1alpha1.PolicyBindingApplyConfiguration, opts v1.ApplyOptions) (result *v1alpha1.PolicyBinding, err error) + ApplyStatus(ctx context.Context, policyBinding *stsminiov1alpha1.PolicyBindingApplyConfiguration, opts v1.ApplyOptions) (result *v1alpha1.PolicyBinding, err error) PolicyBindingExpansion } @@ -57,7 +62,7 @@ type policyBindings struct { } // newPolicyBindings returns a PolicyBindings -func newPolicyBindings(c *StsV1beta1Client, namespace string) *policyBindings { +func newPolicyBindings(c *StsV1alpha1Client, namespace string) *policyBindings { return &policyBindings{ client: c.RESTClient(), ns: namespace, @@ -65,8 +70,8 @@ func newPolicyBindings(c *StsV1beta1Client, namespace string) *policyBindings { } // Get takes name of the policyBinding, and returns the corresponding policyBinding object, and an error if there is any. -func (c *policyBindings) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.PolicyBinding, err error) { - result = &v1beta1.PolicyBinding{} +func (c *policyBindings) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.PolicyBinding, err error) { + result = &v1alpha1.PolicyBinding{} err = c.client.Get(). Namespace(c.ns). Resource("policybindings"). @@ -78,12 +83,12 @@ func (c *policyBindings) Get(ctx context.Context, name string, options v1.GetOpt } // List takes label and field selectors, and returns the list of PolicyBindings that match those selectors. -func (c *policyBindings) List(ctx context.Context, opts v1.ListOptions) (result *v1beta1.PolicyBindingList, err error) { +func (c *policyBindings) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.PolicyBindingList, err error) { var timeout time.Duration if opts.TimeoutSeconds != nil { timeout = time.Duration(*opts.TimeoutSeconds) * time.Second } - result = &v1beta1.PolicyBindingList{} + result = &v1alpha1.PolicyBindingList{} err = c.client.Get(). Namespace(c.ns). Resource("policybindings"). @@ -110,8 +115,8 @@ func (c *policyBindings) Watch(ctx context.Context, opts v1.ListOptions) (watch. } // Create takes the representation of a policyBinding and creates it. Returns the server's representation of the policyBinding, and an error, if there is any. -func (c *policyBindings) Create(ctx context.Context, policyBinding *v1beta1.PolicyBinding, opts v1.CreateOptions) (result *v1beta1.PolicyBinding, err error) { - result = &v1beta1.PolicyBinding{} +func (c *policyBindings) Create(ctx context.Context, policyBinding *v1alpha1.PolicyBinding, opts v1.CreateOptions) (result *v1alpha1.PolicyBinding, err error) { + result = &v1alpha1.PolicyBinding{} err = c.client.Post(). Namespace(c.ns). Resource("policybindings"). @@ -123,8 +128,8 @@ func (c *policyBindings) Create(ctx context.Context, policyBinding *v1beta1.Poli } // Update takes the representation of a policyBinding and updates it. Returns the server's representation of the policyBinding, and an error, if there is any. -func (c *policyBindings) Update(ctx context.Context, policyBinding *v1beta1.PolicyBinding, opts v1.UpdateOptions) (result *v1beta1.PolicyBinding, err error) { - result = &v1beta1.PolicyBinding{} +func (c *policyBindings) Update(ctx context.Context, policyBinding *v1alpha1.PolicyBinding, opts v1.UpdateOptions) (result *v1alpha1.PolicyBinding, err error) { + result = &v1alpha1.PolicyBinding{} err = c.client.Put(). Namespace(c.ns). Resource("policybindings"). @@ -138,8 +143,8 @@ func (c *policyBindings) Update(ctx context.Context, policyBinding *v1beta1.Poli // UpdateStatus was generated because the type contains a Status member. // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *policyBindings) UpdateStatus(ctx context.Context, policyBinding *v1beta1.PolicyBinding, opts v1.UpdateOptions) (result *v1beta1.PolicyBinding, err error) { - result = &v1beta1.PolicyBinding{} +func (c *policyBindings) UpdateStatus(ctx context.Context, policyBinding *v1alpha1.PolicyBinding, opts v1.UpdateOptions) (result *v1alpha1.PolicyBinding, err error) { + result = &v1alpha1.PolicyBinding{} err = c.client.Put(). Namespace(c.ns). Resource("policybindings"). @@ -180,8 +185,8 @@ func (c *policyBindings) DeleteCollection(ctx context.Context, opts v1.DeleteOpt } // Patch applies the patch and returns the patched policyBinding. -func (c *policyBindings) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.PolicyBinding, err error) { - result = &v1beta1.PolicyBinding{} +func (c *policyBindings) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.PolicyBinding, err error) { + result = &v1alpha1.PolicyBinding{} err = c.client.Patch(pt). Namespace(c.ns). Resource("policybindings"). @@ -193,3 +198,59 @@ func (c *policyBindings) Patch(ctx context.Context, name string, pt types.PatchT Into(result) return } + +// Apply takes the given apply declarative configuration, applies it and returns the applied policyBinding. +func (c *policyBindings) Apply(ctx context.Context, policyBinding *stsminiov1alpha1.PolicyBindingApplyConfiguration, opts v1.ApplyOptions) (result *v1alpha1.PolicyBinding, err error) { + if policyBinding == nil { + return nil, fmt.Errorf("policyBinding provided to Apply must not be nil") + } + patchOpts := opts.ToPatchOptions() + data, err := json.Marshal(policyBinding) + if err != nil { + return nil, err + } + name := policyBinding.Name + if name == nil { + return nil, fmt.Errorf("policyBinding.Name must be provided to Apply") + } + result = &v1alpha1.PolicyBinding{} + err = c.client.Patch(types.ApplyPatchType). + Namespace(c.ns). + Resource("policybindings"). + Name(*name). + VersionedParams(&patchOpts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} + +// ApplyStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating ApplyStatus(). +func (c *policyBindings) ApplyStatus(ctx context.Context, policyBinding *stsminiov1alpha1.PolicyBindingApplyConfiguration, opts v1.ApplyOptions) (result *v1alpha1.PolicyBinding, err error) { + if policyBinding == nil { + return nil, fmt.Errorf("policyBinding provided to Apply must not be nil") + } + patchOpts := opts.ToPatchOptions() + data, err := json.Marshal(policyBinding) + if err != nil { + return nil, err + } + + name := policyBinding.Name + if name == nil { + return nil, fmt.Errorf("policyBinding.Name must be provided to Apply") + } + + result = &v1alpha1.PolicyBinding{} + err = c.client.Patch(types.ApplyPatchType). + Namespace(c.ns). + Resource("policybindings"). + Name(*name). + SubResource("status"). + VersionedParams(&patchOpts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/sts.min.io_client.go b/pkg/client/clientset/versioned/typed/sts.min.io/v1alpha1/sts.min.io_client.go similarity index 69% rename from pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/sts.min.io_client.go rename to pkg/client/clientset/versioned/typed/sts.min.io/v1alpha1/sts.min.io_client.go index 8f4c01c158a..1b3adb7905b 100644 --- a/pkg/client/clientset/versioned/typed/sts.min.io/v1beta1/sts.min.io_client.go +++ b/pkg/client/clientset/versioned/typed/sts.min.io/v1alpha1/sts.min.io_client.go @@ -16,34 +16,34 @@ // Code generated by client-gen. DO NOT EDIT. -package v1beta1 +package v1alpha1 import ( "net/http" - v1beta1 "github.com/minio/operator/pkg/apis/sts.min.io/v1beta1" + v1alpha1 "github.com/minio/operator/pkg/apis/sts.min.io/v1alpha1" "github.com/minio/operator/pkg/client/clientset/versioned/scheme" rest "k8s.io/client-go/rest" ) -type StsV1beta1Interface interface { +type StsV1alpha1Interface interface { RESTClient() rest.Interface PolicyBindingsGetter } -// StsV1beta1Client is used to interact with features provided by the sts.min.io group. -type StsV1beta1Client struct { +// StsV1alpha1Client is used to interact with features provided by the sts.min.io group. +type StsV1alpha1Client struct { restClient rest.Interface } -func (c *StsV1beta1Client) PolicyBindings(namespace string) PolicyBindingInterface { +func (c *StsV1alpha1Client) PolicyBindings(namespace string) PolicyBindingInterface { return newPolicyBindings(c, namespace) } -// NewForConfig creates a new StsV1beta1Client for the given config. +// NewForConfig creates a new StsV1alpha1Client for the given config. // NewForConfig is equivalent to NewForConfigAndClient(c, httpClient), // where httpClient was generated with rest.HTTPClientFor(c). -func NewForConfig(c *rest.Config) (*StsV1beta1Client, error) { +func NewForConfig(c *rest.Config) (*StsV1alpha1Client, error) { config := *c if err := setConfigDefaults(&config); err != nil { return nil, err @@ -55,9 +55,9 @@ func NewForConfig(c *rest.Config) (*StsV1beta1Client, error) { return NewForConfigAndClient(&config, httpClient) } -// NewForConfigAndClient creates a new StsV1beta1Client for the given config and http client. +// NewForConfigAndClient creates a new StsV1alpha1Client for the given config and http client. // Note the http client provided takes precedence over the configured transport values. -func NewForConfigAndClient(c *rest.Config, h *http.Client) (*StsV1beta1Client, error) { +func NewForConfigAndClient(c *rest.Config, h *http.Client) (*StsV1alpha1Client, error) { config := *c if err := setConfigDefaults(&config); err != nil { return nil, err @@ -66,12 +66,12 @@ func NewForConfigAndClient(c *rest.Config, h *http.Client) (*StsV1beta1Client, e if err != nil { return nil, err } - return &StsV1beta1Client{client}, nil + return &StsV1alpha1Client{client}, nil } -// NewForConfigOrDie creates a new StsV1beta1Client for the given config and +// NewForConfigOrDie creates a new StsV1alpha1Client for the given config and // panics if there is an error in the config. -func NewForConfigOrDie(c *rest.Config) *StsV1beta1Client { +func NewForConfigOrDie(c *rest.Config) *StsV1alpha1Client { client, err := NewForConfig(c) if err != nil { panic(err) @@ -79,13 +79,13 @@ func NewForConfigOrDie(c *rest.Config) *StsV1beta1Client { return client } -// New creates a new StsV1beta1Client for the given RESTClient. -func New(c rest.Interface) *StsV1beta1Client { - return &StsV1beta1Client{c} +// New creates a new StsV1alpha1Client for the given RESTClient. +func New(c rest.Interface) *StsV1alpha1Client { + return &StsV1alpha1Client{c} } func setConfigDefaults(config *rest.Config) error { - gv := v1beta1.SchemeGroupVersion + gv := v1alpha1.SchemeGroupVersion config.GroupVersion = &gv config.APIPath = "/apis" config.NegotiatedSerializer = scheme.Codecs.WithoutConversion() @@ -99,7 +99,7 @@ func setConfigDefaults(config *rest.Config) error { // RESTClient returns a RESTClient that is used to communicate // with API server by this client implementation. -func (c *StsV1beta1Client) RESTClient() rest.Interface { +func (c *StsV1alpha1Client) RESTClient() rest.Interface { if c == nil { return nil } diff --git a/pkg/client/informers/externalversions/generic.go b/pkg/client/informers/externalversions/generic.go index 1f92e5a04f1..1c93ddc9ea6 100644 --- a/pkg/client/informers/externalversions/generic.go +++ b/pkg/client/informers/externalversions/generic.go @@ -22,7 +22,7 @@ import ( "fmt" v2 "github.com/minio/operator/pkg/apis/minio.min.io/v2" - v1beta1 "github.com/minio/operator/pkg/apis/sts.min.io/v1beta1" + v1alpha1 "github.com/minio/operator/pkg/apis/sts.min.io/v1alpha1" schema "k8s.io/apimachinery/pkg/runtime/schema" cache "k8s.io/client-go/tools/cache" ) @@ -57,9 +57,9 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource case v2.SchemeGroupVersion.WithResource("tenants"): return &genericInformer{resource: resource.GroupResource(), informer: f.Minio().V2().Tenants().Informer()}, nil - // Group=sts.min.io, Version=v1beta1 - case v1beta1.SchemeGroupVersion.WithResource("policybindings"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Sts().V1beta1().PolicyBindings().Informer()}, nil + // Group=sts.min.io, Version=v1alpha1 + case v1alpha1.SchemeGroupVersion.WithResource("policybindings"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Sts().V1alpha1().PolicyBindings().Informer()}, nil } diff --git a/pkg/client/informers/externalversions/sts.min.io/interface.go b/pkg/client/informers/externalversions/sts.min.io/interface.go index 2b73dae7a06..ffa5a13b17f 100644 --- a/pkg/client/informers/externalversions/sts.min.io/interface.go +++ b/pkg/client/informers/externalversions/sts.min.io/interface.go @@ -20,13 +20,13 @@ package sts import ( internalinterfaces "github.com/minio/operator/pkg/client/informers/externalversions/internalinterfaces" - v1beta1 "github.com/minio/operator/pkg/client/informers/externalversions/sts.min.io/v1beta1" + v1alpha1 "github.com/minio/operator/pkg/client/informers/externalversions/sts.min.io/v1alpha1" ) // Interface provides access to each of this group's versions. type Interface interface { - // V1beta1 provides access to shared informers for resources in V1beta1. - V1beta1() v1beta1.Interface + // V1alpha1 provides access to shared informers for resources in V1alpha1. + V1alpha1() v1alpha1.Interface } type group struct { @@ -40,7 +40,7 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} } -// V1beta1 returns a new v1beta1.Interface. -func (g *group) V1beta1() v1beta1.Interface { - return v1beta1.New(g.factory, g.namespace, g.tweakListOptions) +// V1alpha1 returns a new v1alpha1.Interface. +func (g *group) V1alpha1() v1alpha1.Interface { + return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions) } diff --git a/pkg/client/informers/externalversions/sts.min.io/v1beta1/interface.go b/pkg/client/informers/externalversions/sts.min.io/v1alpha1/interface.go similarity index 99% rename from pkg/client/informers/externalversions/sts.min.io/v1beta1/interface.go rename to pkg/client/informers/externalversions/sts.min.io/v1alpha1/interface.go index f8fd788562a..9d5eba602fe 100644 --- a/pkg/client/informers/externalversions/sts.min.io/v1beta1/interface.go +++ b/pkg/client/informers/externalversions/sts.min.io/v1alpha1/interface.go @@ -16,7 +16,7 @@ // Code generated by informer-gen. DO NOT EDIT. -package v1beta1 +package v1alpha1 import ( internalinterfaces "github.com/minio/operator/pkg/client/informers/externalversions/internalinterfaces" diff --git a/pkg/client/informers/externalversions/sts.min.io/v1beta1/policybinding.go b/pkg/client/informers/externalversions/sts.min.io/v1alpha1/policybinding.go similarity index 84% rename from pkg/client/informers/externalversions/sts.min.io/v1beta1/policybinding.go rename to pkg/client/informers/externalversions/sts.min.io/v1alpha1/policybinding.go index 3e55249bdb3..feaa08ebe3f 100644 --- a/pkg/client/informers/externalversions/sts.min.io/v1beta1/policybinding.go +++ b/pkg/client/informers/externalversions/sts.min.io/v1alpha1/policybinding.go @@ -16,16 +16,16 @@ // Code generated by informer-gen. DO NOT EDIT. -package v1beta1 +package v1alpha1 import ( "context" time "time" - stsminiov1beta1 "github.com/minio/operator/pkg/apis/sts.min.io/v1beta1" + stsminiov1alpha1 "github.com/minio/operator/pkg/apis/sts.min.io/v1alpha1" versioned "github.com/minio/operator/pkg/client/clientset/versioned" internalinterfaces "github.com/minio/operator/pkg/client/informers/externalversions/internalinterfaces" - v1beta1 "github.com/minio/operator/pkg/client/listers/sts.min.io/v1beta1" + v1alpha1 "github.com/minio/operator/pkg/client/listers/sts.min.io/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" watch "k8s.io/apimachinery/pkg/watch" @@ -36,7 +36,7 @@ import ( // PolicyBindings. type PolicyBindingInformer interface { Informer() cache.SharedIndexInformer - Lister() v1beta1.PolicyBindingLister + Lister() v1alpha1.PolicyBindingLister } type policyBindingInformer struct { @@ -62,16 +62,16 @@ func NewFilteredPolicyBindingInformer(client versioned.Interface, namespace stri if tweakListOptions != nil { tweakListOptions(&options) } - return client.StsV1beta1().PolicyBindings(namespace).List(context.TODO(), options) + return client.StsV1alpha1().PolicyBindings(namespace).List(context.TODO(), options) }, WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { if tweakListOptions != nil { tweakListOptions(&options) } - return client.StsV1beta1().PolicyBindings(namespace).Watch(context.TODO(), options) + return client.StsV1alpha1().PolicyBindings(namespace).Watch(context.TODO(), options) }, }, - &stsminiov1beta1.PolicyBinding{}, + &stsminiov1alpha1.PolicyBinding{}, resyncPeriod, indexers, ) @@ -82,9 +82,9 @@ func (f *policyBindingInformer) defaultInformer(client versioned.Interface, resy } func (f *policyBindingInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&stsminiov1beta1.PolicyBinding{}, f.defaultInformer) + return f.factory.InformerFor(&stsminiov1alpha1.PolicyBinding{}, f.defaultInformer) } -func (f *policyBindingInformer) Lister() v1beta1.PolicyBindingLister { - return v1beta1.NewPolicyBindingLister(f.Informer().GetIndexer()) +func (f *policyBindingInformer) Lister() v1alpha1.PolicyBindingLister { + return v1alpha1.NewPolicyBindingLister(f.Informer().GetIndexer()) } diff --git a/pkg/client/listers/sts.min.io/v1beta1/expansion_generated.go b/pkg/client/listers/sts.min.io/v1alpha1/expansion_generated.go similarity index 98% rename from pkg/client/listers/sts.min.io/v1beta1/expansion_generated.go rename to pkg/client/listers/sts.min.io/v1alpha1/expansion_generated.go index 20111d51faf..d6a4a571087 100644 --- a/pkg/client/listers/sts.min.io/v1beta1/expansion_generated.go +++ b/pkg/client/listers/sts.min.io/v1alpha1/expansion_generated.go @@ -16,7 +16,7 @@ // Code generated by lister-gen. DO NOT EDIT. -package v1beta1 +package v1alpha1 // PolicyBindingListerExpansion allows custom methods to be added to // PolicyBindingLister. diff --git a/pkg/client/listers/sts.min.io/v1beta1/policybinding.go b/pkg/client/listers/sts.min.io/v1alpha1/policybinding.go similarity index 82% rename from pkg/client/listers/sts.min.io/v1beta1/policybinding.go rename to pkg/client/listers/sts.min.io/v1alpha1/policybinding.go index bce936756f7..4f1384257d5 100644 --- a/pkg/client/listers/sts.min.io/v1beta1/policybinding.go +++ b/pkg/client/listers/sts.min.io/v1alpha1/policybinding.go @@ -16,10 +16,10 @@ // Code generated by lister-gen. DO NOT EDIT. -package v1beta1 +package v1alpha1 import ( - v1beta1 "github.com/minio/operator/pkg/apis/sts.min.io/v1beta1" + v1alpha1 "github.com/minio/operator/pkg/apis/sts.min.io/v1alpha1" "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/labels" "k8s.io/client-go/tools/cache" @@ -30,7 +30,7 @@ import ( type PolicyBindingLister interface { // List lists all PolicyBindings in the indexer. // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.PolicyBinding, err error) + List(selector labels.Selector) (ret []*v1alpha1.PolicyBinding, err error) // PolicyBindings returns an object that can list and get PolicyBindings. PolicyBindings(namespace string) PolicyBindingNamespaceLister PolicyBindingListerExpansion @@ -47,9 +47,9 @@ func NewPolicyBindingLister(indexer cache.Indexer) PolicyBindingLister { } // List lists all PolicyBindings in the indexer. -func (s *policyBindingLister) List(selector labels.Selector) (ret []*v1beta1.PolicyBinding, err error) { +func (s *policyBindingLister) List(selector labels.Selector) (ret []*v1alpha1.PolicyBinding, err error) { err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.PolicyBinding)) + ret = append(ret, m.(*v1alpha1.PolicyBinding)) }) return ret, err } @@ -64,10 +64,10 @@ func (s *policyBindingLister) PolicyBindings(namespace string) PolicyBindingName type PolicyBindingNamespaceLister interface { // List lists all PolicyBindings in the indexer for a given namespace. // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.PolicyBinding, err error) + List(selector labels.Selector) (ret []*v1alpha1.PolicyBinding, err error) // Get retrieves the PolicyBinding from the indexer for a given namespace and name. // Objects returned here must be treated as read-only. - Get(name string) (*v1beta1.PolicyBinding, error) + Get(name string) (*v1alpha1.PolicyBinding, error) PolicyBindingNamespaceListerExpansion } @@ -79,21 +79,21 @@ type policyBindingNamespaceLister struct { } // List lists all PolicyBindings in the indexer for a given namespace. -func (s policyBindingNamespaceLister) List(selector labels.Selector) (ret []*v1beta1.PolicyBinding, err error) { +func (s policyBindingNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.PolicyBinding, err error) { err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.PolicyBinding)) + ret = append(ret, m.(*v1alpha1.PolicyBinding)) }) return ret, err } // Get retrieves the PolicyBinding from the indexer for a given namespace and name. -func (s policyBindingNamespaceLister) Get(name string) (*v1beta1.PolicyBinding, error) { +func (s policyBindingNamespaceLister) Get(name string) (*v1alpha1.PolicyBinding, error) { obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) if err != nil { return nil, err } if !exists { - return nil, errors.NewNotFound(v1beta1.Resource("policybinding"), name) + return nil, errors.NewNotFound(v1alpha1.Resource("policybinding"), name) } - return obj.(*v1beta1.PolicyBinding), nil + return obj.(*v1alpha1.PolicyBinding), nil } diff --git a/pkg/controller/cluster/http_handlers.go b/pkg/controller/cluster/http_handlers.go index 4f65a5ff5d1..841c20ff57e 100644 --- a/pkg/controller/cluster/http_handlers.go +++ b/pkg/controller/cluster/http_handlers.go @@ -28,7 +28,7 @@ import ( "strconv" "strings" - "github.com/minio/operator/pkg/apis/sts.min.io/v1beta1" + "github.com/minio/operator/pkg/apis/sts.min.io/v1alpha1" iampolicy "github.com/minio/pkg/iam/policy" "github.com/gorilla/mux" @@ -201,8 +201,8 @@ func (c *Controller) AssumeRoleWithWebIdentityHandler(w http.ResponseWriter, r * saName := chunks[1] // Authorized PolicyBindings for the Service Account - policyBindings := []v1beta1.PolicyBinding{} - pbs, err := c.minioClientSet.StsV1beta1().PolicyBindings(tenantNamespace).List(ctx, metav1.ListOptions{}) + policyBindings := []v1alpha1.PolicyBinding{} + pbs, err := c.minioClientSet.StsV1alpha1().PolicyBindings(tenantNamespace).List(ctx, metav1.ListOptions{}) if err != nil { writeSTSErrorResponse(ctx, w, true, ErrSTSInternalError, fmt.Errorf("Error obtaining PolicyBindings: %s", err)) return diff --git a/pkg/controller/cluster/main-controller.go b/pkg/controller/cluster/main-controller.go index 2b980abf651..17f5ab75de5 100644 --- a/pkg/controller/cluster/main-controller.go +++ b/pkg/controller/cluster/main-controller.go @@ -71,11 +71,11 @@ import ( queue "k8s.io/client-go/util/workqueue" miniov2 "github.com/minio/operator/pkg/apis/minio.min.io/v2" - stsv1beta1 "github.com/minio/operator/pkg/apis/sts.min.io/v1beta1" + stsv1alpha1 "github.com/minio/operator/pkg/apis/sts.min.io/v1alpha1" clientset "github.com/minio/operator/pkg/client/clientset/versioned" minioscheme "github.com/minio/operator/pkg/client/clientset/versioned/scheme" informers "github.com/minio/operator/pkg/client/informers/externalversions/minio.min.io/v2" - stsInformers "github.com/minio/operator/pkg/client/informers/externalversions/sts.min.io/v1beta1" + stsInformers "github.com/minio/operator/pkg/client/informers/externalversions/sts.min.io/v1alpha1" "github.com/minio/operator/pkg/resources/services" "github.com/minio/operator/pkg/resources/statefulsets" ) @@ -303,8 +303,8 @@ func NewController(podName string, namespacesToWatch set.StringSet, kubeClientSe policyBindingInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{ AddFunc: controller.enqueuePB, UpdateFunc: func(old, new interface{}) { - oldPB := old.(*stsv1beta1.PolicyBinding) - newPB := new.(*stsv1beta1.PolicyBinding) + oldPB := old.(*stsv1alpha1.PolicyBinding) + newPB := new.(*stsv1alpha1.PolicyBinding) if newPB.ResourceVersion == oldPB.ResourceVersion { return } diff --git a/pkg/controller/controller.go b/pkg/controller/controller.go index b7ff25370be..50bdb60aa0c 100644 --- a/pkg/controller/controller.go +++ b/pkg/controller/controller.go @@ -138,7 +138,7 @@ func StartOperator() { kubeInformerFactory.Apps().V1().Deployments(), kubeInformerFactory.Core().V1().Pods(), minioInformerFactory.Minio().V2().Tenants(), - minioInformerFactory.Sts().V1beta1().PolicyBindings(), + minioInformerFactory.Sts().V1alpha1().PolicyBindings(), kubeInformerFactory.Core().V1().Services(), hostsTemplate, version, diff --git a/resources/base/crds/minio.min.io_tenants.yaml b/resources/base/crds/minio.min.io_tenants.yaml index 247c58ac674..be905ffacda 100644 --- a/resources/base/crds/minio.min.io_tenants.yaml +++ b/resources/base/crds/minio.min.io_tenants.yaml @@ -694,6 +694,18 @@ spec: type: integer resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -1751,6 +1763,18 @@ spec: type: object resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -1954,13 +1978,26 @@ spec: type: string name: type: string + namespace: + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -2138,6 +2175,18 @@ spec: type: object resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -2748,6 +2797,18 @@ spec: type: object resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -2954,13 +3015,26 @@ spec: type: string name: type: string + namespace: + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -3521,6 +3595,18 @@ spec: type: object resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -4176,6 +4262,18 @@ spec: type: object resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -4433,13 +4531,26 @@ spec: type: string name: type: string + namespace: + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -4778,13 +4889,26 @@ spec: type: string name: type: string + namespace: + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: diff --git a/resources/base/crds/sts.min.io_policybindings.yaml b/resources/base/crds/sts.min.io_policybindings.yaml index 0f78899ae35..b01576f5bda 100644 --- a/resources/base/crds/sts.min.io_policybindings.yaml +++ b/resources/base/crds/sts.min.io_policybindings.yaml @@ -24,7 +24,7 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: diff --git a/resources/templates/olm-template.yaml b/resources/templates/olm-template.yaml index 787b61bc189..562ae534312 100644 --- a/resources/templates/olm-template.yaml +++ b/resources/templates/olm-template.yaml @@ -18,7 +18,7 @@ spec: version: v2 - kind: PolicyBinding name: policybindings.sts.min.io - version: v1beta1 + version: v1alpha1 keywords: - S3 - MinIO From 73356f7bc4661759cd2f0ba1098d363d0db89812 Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Fri, 3 Mar 2023 18:52:13 -0800 Subject: [PATCH 36/47] Fix unit tests --- .../sts-example/sample-clients/Makefile | 12 ++++++------ .../sample-clients/minio-sdk/dotnet/Dockerfile | 2 +- .../sample-clients/minio-sdk/java/Dockerfile | 4 +--- testing/common.sh | 2 +- 4 files changed, 9 insertions(+), 11 deletions(-) diff --git a/examples/kustomization/sts-example/sample-clients/Makefile b/examples/kustomization/sts-example/sample-clients/Makefile index be4b3b5d64e..382edd5c445 100644 --- a/examples/kustomization/sts-example/sample-clients/Makefile +++ b/examples/kustomization/sts-example/sample-clients/Makefile @@ -5,24 +5,24 @@ build: miniosdkgo miniosdkjava awssdkpython miniosdkdotnet: @cd minio-sdk/dotnet/ && \ - docker buildx build -q --platform=linux/amd64 -t miniodev/operator-sts-example:minio-sdk-dotnet . + docker buildx build -q --platform=linux/amd64 -t miniodev/operator-sts-example:minio-sdk-dotnet . --output type=docker miniosdkgo: @cd minio-sdk/go/ && \ - docker buildx build -q --platform=linux/amd64 -t miniodev/operator-sts-example:minio-sdk-go . + docker buildx build -q --platform=linux/amd64 -t miniodev/operator-sts-example:minio-sdk-go . --output type=docker miniosdkjava: @cd minio-sdk/java/ && \ - docker buildx build -q --platform=linux/amd64 -t miniodev/operator-sts-example:minio-sdk-java . + docker buildx build -q --platform=linux/amd64 -t miniodev/operator-sts-example:minio-sdk-java . --output type=docker miniosdkjavascript: @cd minio-sdk/javascript/ && \ - docker buildx build -q --platform=linux/amd64 -t miniodev/operator-sts-example:minio-sdk-javascript . + docker buildx build -q --platform=linux/amd64 -t miniodev/operator-sts-example:minio-sdk-javascript . --output type=docker awssdkpython: @cd aws-sdk/python/ && \ - docker buildx build -q --platform=linux/amd64 -t miniodev/operator-sts-example:aws-sdk-python . + docker buildx build -q --platform=linux/amd64 -t miniodev/operator-sts-example:aws-sdk-python . --output type=docker miniosdkpython: @cd minio-sdk/python/ && \ - docker buildx build -q --platform=linux/amd64 -t miniodev/operator-sts-example:minio-sdk-python . + docker buildx build -q --platform=linux/amd64 -t miniodev/operator-sts-example:minio-sdk-python . --output type=docker diff --git a/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/Dockerfile b/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/Dockerfile index 7caa33375fb..30adbe50a1d 100644 --- a/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/Dockerfile +++ b/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/Dockerfile @@ -15,4 +15,4 @@ COPY obj /app COPY dotnet.csproj /app COPY Program.cs /app RUN dotnet publish -CMD ["/app/bin/Debug/net7.0/dotnet"] +ENTRYPOINT ["/app/bin/Debug/net7.0/dotnet"] diff --git a/examples/kustomization/sts-example/sample-clients/minio-sdk/java/Dockerfile b/examples/kustomization/sts-example/sample-clients/minio-sdk/java/Dockerfile index 942d2087385..0f8d34a646b 100644 --- a/examples/kustomization/sts-example/sample-clients/minio-sdk/java/Dockerfile +++ b/examples/kustomization/sts-example/sample-clients/minio-sdk/java/Dockerfile @@ -6,6 +6,4 @@ WORKDIR /app RUN mvn pacakge -COPY target/operator-sts-0.1.0.jar /app/app.jar - -CMD ["java", "-jar", "./app/app.jar"] +ENTRYPOINT ["java", "-jar", "./app/target/operator-sts-0.1.0.jar"] diff --git a/testing/common.sh b/testing/common.sh index 142cf204d88..562cc6ad9e0 100644 --- a/testing/common.sh +++ b/testing/common.sh @@ -399,7 +399,7 @@ function install_sts_client() { fi echo "creating client $1" - try kubectl apply -k "${SCRIPT_DIR}/../examples/kustomization/sts-example/sample-clients/$sdk-$lang" + try kubectl apply -k "${SCRIPT_DIR}/../examples/kustomization/sts-example/sample-clients/$sdk/$lang" condition="condition=Complete" selector="metadata.name=sts-client-example-$sdk-$lang-job" try wait_for_resource_field_selector $client_namespace job $condition $selector 600s From 939ba2d25f5ddc6e1d50e15999b14566bf1ba48f Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Fri, 3 Mar 2023 18:58:26 -0800 Subject: [PATCH 37/47] fix: job name breaking the unit tests --- .../sample-clients/aws-sdk/python/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/kustomization/sts-example/sample-clients/aws-sdk/python/kustomization.yaml b/examples/kustomization/sts-example/sample-clients/aws-sdk/python/kustomization.yaml index 3893274c246..1e155ac60e7 100644 --- a/examples/kustomization/sts-example/sample-clients/aws-sdk/python/kustomization.yaml +++ b/examples/kustomization/sts-example/sample-clients/aws-sdk/python/kustomization.yaml @@ -17,4 +17,4 @@ patchesJson6902: patch: | - op: replace path: /metadata/name - value: sts-client-example-aws-python-job \ No newline at end of file + value: sts-client-example-aws-sdk-python-job \ No newline at end of file From 312438037e8cef02a2206f3961699b39fbbb4205 Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Fri, 3 Mar 2023 19:04:09 -0800 Subject: [PATCH 38/47] Refer CRD doc in example --- examples/kustomization/sts-example/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/kustomization/sts-example/README.md b/examples/kustomization/sts-example/README.md index a8811ae3166..30bc2ceec72 100644 --- a/examples/kustomization/sts-example/README.md +++ b/examples/kustomization/sts-example/README.md @@ -55,7 +55,7 @@ The sample application will install to `sts-client` namespace and grant access t access `tenant` with the MinIO Policy called `test-bucket-rw` that we created on the previous step on namespace `minio-tenant-1` by installing a `PolicyBinding` on the `minio-tenant-1` namespace. -Example policy binding +Example policy binding (see CRD documentation in [policybinding_crd.adoc](../../../docs/policybinding_crd.adoc) ) ```yaml apiVersion: sts.min.io/v1alpha1 From 8d671aa63a75deb2d2e26d8a88a8f590109a7f70 Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Sat, 4 Mar 2023 23:59:12 -0800 Subject: [PATCH 39/47] dotnet client example --- .../sts-example/sample-clients/Makefile | 12 +- .../minio-sdk/dotnet/Dockerfile | 3 +- .../minio-sdk/dotnet/Program.cs | 103 +- .../minio-sdk/dotnet/kustomization.yaml | 2 +- ...CoreApp,Version=v7.0.AssemblyAttributes.cs | 4 - .../obj/Debug/net7.0/dotnet.AssemblyInfo.cs | 22 - .../net7.0/dotnet.AssemblyInfoInputs.cache | 1 - ....GeneratedMSBuildEditorConfig.editorconfig | 11 - .../obj/Debug/net7.0/dotnet.GlobalUsings.g.cs | 8 - .../obj/Debug/net7.0/dotnet.assets.cache | Bin 20251 -> 0 bytes .../dotnet.csproj.AssemblyReference.cache | Bin 75579 -> 0 bytes .../obj/dotnet.csproj.nuget.dgspec.json | 67 - .../dotnet/obj/dotnet.csproj.nuget.g.props | 15 - .../dotnet/obj/dotnet.csproj.nuget.g.targets | 2 - .../minio-sdk/dotnet/obj/project.assets.json | 3454 ----------------- .../minio-sdk/dotnet/obj/project.nuget.cache | 67 - testing/common.sh | 1 - 17 files changed, 87 insertions(+), 3685 deletions(-) delete mode 100644 examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/Debug/net7.0/.NETCoreApp,Version=v7.0.AssemblyAttributes.cs delete mode 100644 examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/Debug/net7.0/dotnet.AssemblyInfo.cs delete mode 100644 examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/Debug/net7.0/dotnet.AssemblyInfoInputs.cache delete mode 100644 examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/Debug/net7.0/dotnet.GeneratedMSBuildEditorConfig.editorconfig delete mode 100644 examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/Debug/net7.0/dotnet.GlobalUsings.g.cs delete mode 100644 examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/Debug/net7.0/dotnet.assets.cache delete mode 100644 examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/Debug/net7.0/dotnet.csproj.AssemblyReference.cache delete mode 100644 examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/dotnet.csproj.nuget.dgspec.json delete mode 100644 examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/dotnet.csproj.nuget.g.props delete mode 100644 examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/dotnet.csproj.nuget.g.targets delete mode 100644 examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/project.assets.json delete mode 100644 examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/project.nuget.cache diff --git a/examples/kustomization/sts-example/sample-clients/Makefile b/examples/kustomization/sts-example/sample-clients/Makefile index 382edd5c445..d657dcc0e7e 100644 --- a/examples/kustomization/sts-example/sample-clients/Makefile +++ b/examples/kustomization/sts-example/sample-clients/Makefile @@ -5,24 +5,24 @@ build: miniosdkgo miniosdkjava awssdkpython miniosdkdotnet: @cd minio-sdk/dotnet/ && \ - docker buildx build -q --platform=linux/amd64 -t miniodev/operator-sts-example:minio-sdk-dotnet . --output type=docker + docker build -q -t miniodev/operator-sts-example:minio-sdk-dotnet . miniosdkgo: @cd minio-sdk/go/ && \ - docker buildx build -q --platform=linux/amd64 -t miniodev/operator-sts-example:minio-sdk-go . --output type=docker + docker build -q -t miniodev/operator-sts-example:minio-sdk-go . miniosdkjava: @cd minio-sdk/java/ && \ - docker buildx build -q --platform=linux/amd64 -t miniodev/operator-sts-example:minio-sdk-java . --output type=docker + docker build -q -t miniodev/operator-sts-example:minio-sdk-java . miniosdkjavascript: @cd minio-sdk/javascript/ && \ - docker buildx build -q --platform=linux/amd64 -t miniodev/operator-sts-example:minio-sdk-javascript . --output type=docker + docker build -q -t miniodev/operator-sts-example:minio-sdk-javascript . awssdkpython: @cd aws-sdk/python/ && \ - docker buildx build -q --platform=linux/amd64 -t miniodev/operator-sts-example:aws-sdk-python . --output type=docker + docker build -q -t miniodev/operator-sts-example:aws-sdk-python . miniosdkpython: @cd minio-sdk/python/ && \ - docker buildx build -q --platform=linux/amd64 -t miniodev/operator-sts-example:minio-sdk-python . --output type=docker + docker build -q --platform=linux/amd64 -t miniodev/operator-sts-example:minio-sdk-python . diff --git a/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/Dockerfile b/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/Dockerfile index 30adbe50a1d..f14eacca6c7 100644 --- a/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/Dockerfile +++ b/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/Dockerfile @@ -8,11 +8,10 @@ RUN curl https://packages.microsoft.com/config/ubuntu/22.10/packages-microsoft-p dpkg -i packages-microsoft-prod.deb && \ rm packages-microsoft-prod.deb - RUN mkdir app WORKDIR /app -COPY obj /app COPY dotnet.csproj /app COPY Program.cs /app RUN dotnet publish + ENTRYPOINT ["/app/bin/Debug/net7.0/dotnet"] diff --git a/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/Program.cs b/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/Program.cs index 0d688c44c47..7ecb5891b74 100644 --- a/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/Program.cs +++ b/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/Program.cs @@ -16,10 +16,9 @@ using System; using Minio; -using Minio.Exceptions; -using Minio.DataModel; using System.Threading.Tasks; -using System.IO; +using System.Net.Http; +using System.Security.Cryptography.X509Certificates; namespace sts { @@ -34,7 +33,10 @@ static void Main(string[] args) var kubeRootCAPath = Environment.GetEnvironmentVariable("KUBERNETES_CA_PATH"); var stsCAPath = Environment.GetEnvironmentVariable("STS_CA_PATH"); - string caFile; + Environment.SetEnvironmentVariable("AWS_ROLE_ARN","arn:aws:iam::111111111:dummyroot"); + Environment.SetEnvironmentVariable("AWS_ROLE_SESSION_NAME","optional-session-name"); + + string? caFile = ""; if (FileExists(stsCAPath)) { @@ -42,46 +44,99 @@ static void Main(string[] args) } else { - caFile = kubeRootCAPath; + if (FileExists(kubeRootCAPath)) + { + caFile = kubeRootCAPath; + } } - try { - HttpClient client = new HttpClient(); - client. - - Minio.Credentials.ClientProvider credentialsProvider = new Minio.Credentials.WebIdentityProvider(); + try + { + var tenantEndpointUrl = new Uri(tenantEndpoint); + var credentialsProvider = new Minio.Credentials.IAMAWSProvider(); + using var minioClient = new MinioClient() + .WithEndpoint(tenantEndpointUrl.Host, tenantEndpointUrl.Port) + .WithSSL() + .WithCredentialsProvider(credentialsProvider) + .WithHttpClient(GetHttpTransport(caFile)) + .Build(); + + var url = new Uri($"{stsEndpoint}/{tenantNamespace}"); + credentialsProvider = credentialsProvider + .WithEndpoint(url.ToString) + .WithMinioClient(minioClient); + + credentialsProvider.Validate(); + var credentials = credentialsProvider.GetCredentials(); System.Console.WriteLine($"AccessKey: ${credentials.AccessKey}"); System.Console.WriteLine($"AccessKey: ${credentials.SecretKey}"); System.Console.WriteLine($"AccessKey: ${credentials.SessionToken}"); - var minio = new MinioClient().WithCredentialsProvider(credentialsProvider) - .WithEndpoint(tenantEndpoint) - .WithHttpClient() - .WithSSL() - .Build(); - FileUpload.Run(minio).Wait(); + ListBuckets(minioClient).GetAwaiter().GetResult(); + ListObjects(minioClient, bucketName).GetAwaiter().GetResult(); + } + catch (UriFormatException uer) + { + Console.WriteLine($"STS endpoint malformed: {uer.Message}"); } catch (Exception ex) { Console.WriteLine(ex.Message); + Console.WriteLine(ex.StackTrace); + Environment.Exit(111); } - Console.ReadLine(); - - } - - private byte[] GetFile(string? path) + public static async Task ListBuckets(IMinioClient minio) { - if (!FileExists(path)) + try { - throw new Exception($"File {path} not found"); + Console.WriteLine("Running example for API: ListBucketsAsync"); + var list = await minio.ListBucketsAsync().ConfigureAwait(false); + foreach (var bucket in list.Buckets) Console.WriteLine($"{bucket.Name} {bucket.CreationDateDateTime}"); + Console.WriteLine(); } + catch (Exception e) + { + Console.WriteLine($"[Bucket] Exception: {e}"); + } + } + public static async Task ListObjects(IMinioClient minio, string bucketName) + { + try + { + var listArgs = new ListObjectsArgs() + .WithBucket(bucketName) + .WithRecursive(true); + var observable = minio.ListObjectsAsync(listArgs); + var subscription = observable.Subscribe( + item => Console.WriteLine($"Object: {item.Key}"), + ex => Console.WriteLine($"OnError: {ex}"), + () => Console.WriteLine($"Listed all objects in bucket {bucketName}\n")); + } + catch (System.Exception e) + { + Console.WriteLine($"[Object] Exception: {e}"); + } + } + private static HttpClient GetHttpTransport(string caPath) + { + var handler = new HttpClientHandler(); + if (!string.IsNullOrEmpty(caPath)) + { + handler.ServerCertificateCustomValidationCallback = (message, cert, chain, _) => + { + chain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust; + chain.ChainPolicy.CustomTrustStore.Add(new X509Certificate2(caPath)); + return chain.Build(cert); + }; + } - + var httpClient = new HttpClient(handler); + return httpClient; } private static bool FileExists(string? path) diff --git a/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/kustomization.yaml b/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/kustomization.yaml index 0b29e6c6b9d..edcd74be0af 100644 --- a/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/kustomization.yaml +++ b/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/kustomization.yaml @@ -17,4 +17,4 @@ patchesJson6902: patch: | - op: replace path: /metadata/name - value: sts-client-example-minio-dotnet-job \ No newline at end of file + value: sts-client-example-minio-sdk-dotnet-job \ No newline at end of file diff --git a/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/Debug/net7.0/.NETCoreApp,Version=v7.0.AssemblyAttributes.cs b/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/Debug/net7.0/.NETCoreApp,Version=v7.0.AssemblyAttributes.cs deleted file mode 100644 index d69481d3537..00000000000 --- a/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/Debug/net7.0/.NETCoreApp,Version=v7.0.AssemblyAttributes.cs +++ /dev/null @@ -1,4 +0,0 @@ -// -using System; -using System.Reflection; -[assembly: global::System.Runtime.Versioning.TargetFrameworkAttribute(".NETCoreApp,Version=v7.0", FrameworkDisplayName = ".NET 7.0")] diff --git a/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/Debug/net7.0/dotnet.AssemblyInfo.cs b/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/Debug/net7.0/dotnet.AssemblyInfo.cs deleted file mode 100644 index 4f350fedd42..00000000000 --- a/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/Debug/net7.0/dotnet.AssemblyInfo.cs +++ /dev/null @@ -1,22 +0,0 @@ -//------------------------------------------------------------------------------ -// -// This code was generated by a tool. -// -// Changes to this file may cause incorrect behavior and will be lost if -// the code is regenerated. -// -//------------------------------------------------------------------------------ - -using System; -using System.Reflection; - -[assembly: System.Reflection.AssemblyCompanyAttribute("dotnet")] -[assembly: System.Reflection.AssemblyConfigurationAttribute("Debug")] -[assembly: System.Reflection.AssemblyFileVersionAttribute("1.0.0.0")] -[assembly: System.Reflection.AssemblyInformationalVersionAttribute("1.0.0")] -[assembly: System.Reflection.AssemblyProductAttribute("dotnet")] -[assembly: System.Reflection.AssemblyTitleAttribute("dotnet")] -[assembly: System.Reflection.AssemblyVersionAttribute("1.0.0.0")] - -// Generated by the MSBuild WriteCodeFragment class. - diff --git a/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/Debug/net7.0/dotnet.AssemblyInfoInputs.cache b/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/Debug/net7.0/dotnet.AssemblyInfoInputs.cache deleted file mode 100644 index 69a0a5511a6..00000000000 --- a/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/Debug/net7.0/dotnet.AssemblyInfoInputs.cache +++ /dev/null @@ -1 +0,0 @@ -4faa9a363e31d0c2bd9f439633cabaadb37bfe7a diff --git a/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/Debug/net7.0/dotnet.GeneratedMSBuildEditorConfig.editorconfig b/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/Debug/net7.0/dotnet.GeneratedMSBuildEditorConfig.editorconfig deleted file mode 100644 index 9f7cbca7213..00000000000 --- a/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/Debug/net7.0/dotnet.GeneratedMSBuildEditorConfig.editorconfig +++ /dev/null @@ -1,11 +0,0 @@ -is_global = true -build_property.TargetFramework = net7.0 -build_property.TargetPlatformMinVersion = -build_property.UsingMicrosoftNETSdkWeb = -build_property.ProjectTypeGuids = -build_property.InvariantGlobalization = -build_property.PlatformNeutralAssembly = -build_property.EnforceExtendedAnalyzerRules = -build_property._SupportedPlatformList = Linux,macOS,Windows -build_property.RootNamespace = dotnet -build_property.ProjectDir = /Users/pedro/github.com/minio/operator/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/ diff --git a/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/Debug/net7.0/dotnet.GlobalUsings.g.cs b/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/Debug/net7.0/dotnet.GlobalUsings.g.cs deleted file mode 100644 index 8578f3d03de..00000000000 --- a/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/Debug/net7.0/dotnet.GlobalUsings.g.cs +++ /dev/null @@ -1,8 +0,0 @@ -// -global using global::System; -global using global::System.Collections.Generic; -global using global::System.IO; -global using global::System.Linq; -global using global::System.Net.Http; -global using global::System.Threading; -global using global::System.Threading.Tasks; diff --git a/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/Debug/net7.0/dotnet.assets.cache b/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/Debug/net7.0/dotnet.assets.cache deleted file mode 100644 index a787e093f46abe6a1599deca197d519fbb9911ee..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 20251 zcmd5^S##XR5tbuTGA-+*Wm%R)Q?f2c7FJ7Al&{E9mXt(Eq$rY>uUIj-3zD#wzy`od zTsw#FBe(3>&h?U{@|H>-@{pt|6;~codCWgZ@=H?b1~7xhUYnlJaNJ7EXgGF7v)apsS83_>oBFchR_acDbVReDsH%-w!7 zr&|r(X<$*!uQD^apf#G!jUnf|;NLF*;d38QKhR{Vq*c>0?aG*TN;@NyGL5gPgiXK^ zC2R&l33mg%kSf74ZhN-n+Do4Hifdby>L>`S%7o2CH7`L;Ds}+GpxAqWQ0x|9iV9Zf%EGci4 z$(w?qw)ePCQygJoj7f3`627yq6`+%WR z0P?8(z3}{OF8OWCGgl3jp}AAd1@)-R2Sb_6!u#NPxeJ-v3iSSF*vJxx<_^YWUkvI~ z9rlMhFz-G9&mY{CM+w)cw;j{#XmzL4^6X_tZ>@ARy}4{d>B?&0dJ?V1nH$VA1~tmy z9A`k)91_%g2%g_5p{8Ng?S^SB`^_d%lABJhE|F+*>1z^2F_8beuD^aGaKRyQ?k3ns=MXY>IuiWHf9? z*G5Kr%5AI+x7|#)7$($uNcu)&3jnNAl~<7)y7YSuvX0nXc6$tgbLt?M3J% zZLJC`@KR2gU^w1;h6P%JK;9Mh^_tym8n9x7JpsD%fn>2(vn^O`IELk6jR(RS6Q;gw z*{)~SU2VcxY%k->hh;B$#d*8!)cqdwprqb{qt{`yMmG0_uP-$1MZIah3Zs*4;fo>J z3$3O%4cv+O2p*DFnOyUri!qb~VV$X~R2u9&&YMjmc!w_-tJn)In%S|=mXH-LY4Le` z_)JHY-J~r3HLJ~5#>jzzXJs(52dsC7Z03xmu*tCc{zR#u;V`e@`u2CVIV1RMTDM?- z>mZkHtWq#bVA0-qkrp@M{leRDb&DUeMw$y}oGHsQ9J@7dIJeBY;WyGA;p>_9s^Neq z;pfM~cZxxmuTZfr!zQm=3%n_#lIzdOM^dG-g$c?$oLZA~v2-ADM>v_vR9v5-8q7^% z3nzTBBV@(bGg!!)ix+DCA_rd`6zd1Cg!X36cU^C`jfHkN^I?Qzi@zR$wLAnZFv9Ug zAdE|#0K&M$qd+HtG@uI5DWED4etRHwuLBkQjemM*p{wZ3+G-Own)sv9nI1%C2xl6V zS+8ge5l5pj>85hKiNX*GGz#;7h=UNxG!D|^_y>_f;~%;9Hn6ksqbx<@9z-sUd#p>m zgUF)sj$HdEwk9eX=OD6aoa6HlI3TJG!$^Q50)}8dk2`UqD&2|a^3pOpa3YuPz;k&{ z*_}6$O?TeVLcN|2AXtxsHU8*yfH6><%0_@jfyRJN1C0Y==AZ}D1(8gr3zUpOe3|6O zpnSci6QT~CPEZ{T?#tA99Ln3N^LIGi)T1qiR_A+(F!(3rQmPt{$B>-~*@9qLhBX<6 zTUg&kO`lX~`V^GEkt@p9;CmH_|3rWL>*h>_V>=@Laj@y3YJW*k`>aCkr=h%)$H0&i zT7r#BXzmtIC}e7^+SpKSzbt5bPND5rpgh+M?WYPbGs3eIELBj|czBv+2v}3s1T7{M zT1@8Eg3aLZq=h0+!nC041avselgPTpc__~{LNhIjtRqNApz8?K3-c#3y)Hnxna88p z+;4^ZvP@56dp)+1qaJh-q|$CWrO@sYl)sg$o4PD{5zBtq7)5iNDqXp6$v2DP#*Hd| zSy23nLh)%R?`g6@Jt)d`kM@#O{X>HKGYa)F2=Zbcui*2#%EWx^j<%V^OJ@art||1H zgL2Hq{W0Aan2$D60@~q_nC&kkm5`lVq5LXA5IH@2G7|*PnFF~tPT=^P2SUeR0K#th z3=nq9>p*l#f#uHvJqPqW&sX z_|jl)8TdZKa`3+fFev<&;aLVB%Mrc~gzy)E{+6%x{ShxMZ&1Vp38v-DPzN~F3=Mde znE}hu3>Y6qGb{mhYX()aqm&sK({g6OxHdJz3OviqfaPcg69~=l3ecZ&dP7=PCDjBv zX0pOTosWaDBuzKq{d|ws=)f$-M#7tb0@1UB4wyxhp~rGWzY2utG3fu7^+xYIe7J5P z^FU$zY$AwRzy>6={W0h)vjCQh7WhLx3#jv8sg19IA93rZ?HTrH62ztrH z8~`>wCYwIX2RtilR|LMuvz!sy0EQaj7Cg&ZAIs4Qw}H?IYd~EZL6vDNV+6*toDn(z zh8p2jc$OIf%h3q00ihAT0o1h-9IFWvpW^u5w#+s0+$RaY#B#4B8H76wHmtt^N+B3FtiK6=BN#DehUEz6 zEg%H*Hqg601#{c9dW_{A&{2j3%Mr`FK#1i%pj=T=@kDBn9d#@6cHp~JmPn>{-wra- z?mK|`fZhj^>5Ap3>jyy0?n`-gdMaJh&74Qo?i*wVV8e36_B|kMhVKJ?x-QrW3e~v#hDGTx_cMOZcG#PLVds zK=Y9T4VL$`aopgt0G#zrZyX-wl6R+?>)$0{gT#+PP1-mgE8t)`!l83ysm4jdkv2{_ zG@mHYU^$|pv*br5TunSjT&jiGX&%~#hCx}{OrOHDtPf$i*i0X;1F#}(l?T^P6u7Wl zY_K~eaM4|5W{=7k#M!2jtUSfg{7)6IupD9070|Csz)~H!Pxr?ReB$vg>X(N>dFq!x zQvk(s5$Lbh5vbHZdx-Pr3Y=JuIO&uOkN)o$@ZW7S?F)uC8(iI+YDA~;2kDFJaM=$I zgZBIP`L@pL-pZ5}elsj2UlO>&hHEOUhQ^{%2!H6QA(`pH)O@@*}D~i|V84EaJ&0rUg5_+V9^(8wxQi@~iAD zBm2ld@_IsIr}^LjTdW?cFC1SzlF(Ro6O5gSoC`Xy79L?enfRDnOsI*H(+_z@`-Za# zt{I&r`V__FJD&PfLI_t~zE+_#MmmzHm6J#^ghZbrlI~8rP9zW&xXQ%bD|S@&M1nJi z5vzwfGf#=qn*Qn86i*RqB9p!uebv|;jy!`??$m0lY1U1z*_kkwOv`BWpVynNaW|gM zZr(B)eG5+8=)n2X+A5+VY1`lW{ zK6vr#iBQ@1F52RhQ2h_fZIlJsnu}q zrN=S&1+v&Fg(9~Y*##}P5@S^?w$CmWDwu7JiAZ3Oo?S@wtkBhy7)qR4NMeXF;~4zX z>TusVtYpj%amsn|$Cb=4U1wANHq&fV|evj^-GJtNSY{q>b2bkn^PgKN)4NXjO zmouu!t%zM+`yj`l;U)xE*Pxb+H;$dBV;FC=*6$?QCHMCA0$Y~$e-?%v^v zr^N}L;00Sas}jl+QIi+XNE5$NFzLfgOO4Bt#;^G5Po*nvk%qH)Yy{q8yi!JjhX!G? zK#W(||7pOjr0Y+)MvFTbLQ7^oBkT%Z8=;&zaAs;-zQ&FRJ|gXS0QkQ-F=sWtm zv9E|EdhJ?>zI9lHUZ9^@uJ!u&LDBzNgr6@wK;9xtd4qc%c2U zi`QPLF*pSq*pQ_mHSAE{IgK5_JStJ;mY zx%XX7qk}PW<)KhRwr%z2dW)j|;}F8(Ft^ z$UXNwb^Of-bGDzl^!im>_B>N@c;&#kyZ5PocV(kG9qe-VzO~O+u60!yIu6aLM@=az za*4;Cr~ez8Qx=xAuqu?uLReEdX=qMWxIq&6YlN0MrCE?me0*L*aUt(7E^hD_2*t(d zgCk$A@`PLhqAV)81?X=KCo!3zzislkbKk9@&)(5_bd0>?LhTs&>Kyyo1{Nz<&s%iW z;eUKrc%1Lk6fPQed9}NJ<%^{Yjz00)=-*xS;yvY^55KVe-X*T0@_E7Ps|Nfzc=yR= zPn4RE@83^ud*bC+Pxf*>b}-Q8SEWlEHqKgd!G`-ge?R246&w0| zdH>|ybrN5>`efs|dxU94>t6r2_g_m!3PbmQGURCCstAjRzxd*Ty>sT|xW+~FGdVajiaDTo(pUdZcMO+b=pBHPGEZ4Mz9Asg>rpO`1ues-h6gk)9MMyj(B$cM*)kxBW zb8!3f3y;37!|CpjadpMDXgj8p+yi#}cc_`VUxZhZW$!GHbYkKUbIw`V`@aow{c z`<%OXEFb(_WA#d{^3nT4<p)C3l3z@#k4o5%SI{6bMfJ_05PKHOHW>V(8X zEg?+^xK)AUHF2JhTd3P928Mpgt&IxQ!~{%GtFL%()siSEhm5Nu{^M;2wQRRo}$XWid%QPB^fXJ;(F=lVCk@4WK6 z4`%Y0@A~qFA#Z;ER^Pps-RwW_MD}NE`oGk9Y2R&!)n}G>{5W)Hw{2DD-61`A#8VUe z(f8hhGv58p(BZ?r?z`ln?CFKIPv7P)e&UHe-A`_KE&^)RbHh9Aeech_tHz##8e11N^$cvlG#s3seZb_8q+F@BALXK*>E0DBFPV9OpMy?M@(A7Rx zr(oaci#800nT2l}NnMknK3Emy_PV}k96OBs_W4sr{lQDa>t`t;Z=p(|={@?zsM4PD$`{?tVX8oc2uGJ-%oPTGpGNE5i;Dwb16Q;es zGGcp=kG^(c&o|E;>8f?AYJ$_7E-7jad0u~^f4JY{@fGHAUe0Kw#xzi?7eirAx{?ct zygNeLa0pF)=bB16#a(CN+F^qD=TG+#GmGRby3!_74|1m42(=;2PzgNGCaUH-lU0;c ziTYY7Mi?gZTs*C&Ia!p^Jg!O=1ETKrgh)fH#WbDb><+RsO`cArO{i@jZiO^hX0*OF zLZcYc)D{xaeop1EFuOdb(^Q6}ISY(t%s)deQJErZ!UBziv1gnVyZq|nbcF;r9U9z~ zVZR@Rd`Q%~#WabDKq9;5)?KeGsQYcf)<2#*s$bRzqkh=()QRFOt;5+x4TICM5F5;(~4XIl4fT4s63o4pq66PZ$vo%Yw%a&xerrwZno6~8wwLyUwIZ3=u@R8^aAoO5M z5q9x%i4}+Bdu=-T5-he?ylU)noD{DtBs&?NT_C8)$VHl<_yoyaD$9z-McpR?%7KP< zv{LMn^|h)yBxp6wpvQ0;*9z>5$qGA48cWTFPoH{Fcgy$7KW?|M@wNf;M=m>b$B38v z?{BwN_)|{**;B7ry=#Rq;P(4=jP7&x@hzht>*?9t0L zIrrkXZ``Wv?tW_O(*5rgeppd_S9w|IBZo)ba!H?(&AU&oUaYKn`J1s-AFY|;`=H;t z@4{^)Ipj`m z7Gf7Q-l!IxeT-Op5P`qQFplX6j@~kf+YildVE^B`h+C$=oTc{&foZy?CO_XF8 z=@g>AkPta|o0a`yV_1zi*d!yx*(=DBO+iQxE3-n8lMRFxbxndvJ5xgZ`usAHb&$cWhJDEd}I|BZEWB*Vi&^;ZNviXjv08Nji|Osw(X+_ zTv}1=(PXXh7@;BDNP0T;*I3xC;q=+EEM=c4o~jh1Qi%fi-oe372k9 zsCSjB@Ir|A06v#4&Mw=TbfqDg!n^Lq5FK*YYH0UN9dfLQ1GVA06HBm5)|g5V^@fBy zKb?bf9ZK|_tcoZUA0b?U61eq@CX%mp8KEyzinEJ7kbEOR_JOo|*L8{_5r=G&cO4OC zmoLe?j;IVt6FhIt>TX5snC@8PyfsP@cFE$rHHzYpeADV;>3l_*I2$IpSTS*SxsqJ0 zn9`6;{oqewm7A|~G!qy|58ZR{^CnK3U7|CnIzs{lUvV1~LqrJD;uW`;NV0L-_4+!_ zpu`8zWY%03ueik&HF+f;QKxMa=fMrIMdku1b-yMoYhr*nx%ma|iFQ$TO>Zh$VUuIq z1I4qUIbNlx0S*QIOGC1UG=%n!>136IB$!#D!+L_YDd3}q3c*)+F_t=xIP1hKycRKb z;o%iti?WdHz~>!fC8a^%A`?v$D&r(UKZ}hxm&Ef9N)bq=ne|A-^A3vQDe$F+b|vVc z)n4bsYxoz$1|C`&b_qAMqB$gD@Jv5DE`slhGyQCW?83yEel~R>34*6UjGw3{NCj22 z?t=1b+*hiKCW$0R2&X_03nWXl_1rR?azOkusk9_5*$jL?f}_Uz3S`W*33h?^BTx$^ zJIiamMREQ=^-r0tn*2PA)~euZNsd}i6N7rgk~%0}OCpzm>!EnxdQx%ES4RJO?f?~-w=g%*K zgGams%BRAb7S#ctlGy7#Mny-A(XvkPl!Q`*UB-AyLQx!&FZh(iUgyNYb37%Xm0_1K zo|4csheVtXht@J&Pv$hfiJXyOacJWUunX7XV8^QsNfvyvY445%=LJtTZG!BQ#FI^% zx{w6HS1nOZ$D@5^oF@2cHAO`?GmtzeylNRQ%`Qv4Y8kIHB+w@45Fe`U1RAu{^I|h$l03UmXC=@Y5^Fjp-Bn@`p=@=wW0`alO0bL85(FUV4GDKf8f-RN zWx^A*yV+wSGVB7x7eb&BDWWMPvUE&aCdmO#Mh{G1biA$A(8V7C($mv2Z6TIn7pZ01 zLev}*aeW%Bl3NI*VlK#`kR$`|035~7>aH>QeHmR)%GViu>ykSM_? zl99?*ap)Q|37rKOv9(U&x5mv^p%PEwrPN@j`}Ol3j*)Va2X5 zBt-B-2_jV`SRX#LM1P-MVEB*(T}wzz)1V)GQHPT>Om>Yu?xGTqs4^=nvdX4s3b3g8 zkl>HDNZlCOdnmExr#F=o~viWimQbxr{&bvOlIeTY<7(B>;@ zvz~mT@6Vw?#j6kG66}J-s}E$oA>pQFfUTnJK(-FBx(vGjtplvCDI_xRV2j?%5~oVx zV2fRnU3@s$V%HZEVp{C3I!wN6%4&DI47=d0cBg9!i41&es@}V5gt=iML_U-fZ%wtz zv5O9GO|@#9@%U;5bTgx<5ihm1;=^+P8ThcakoeLvsjn5(c_J@VDI)o9P3xrIDhr7* zb0_syjZ;8Loz#PG64!@}T7_>G$m3|QSa{bW1_>~;=7e~YxJB6%*ik2gX$fdg78=SV zk#fJSHK1(>Lh{Qj1GEOT4Ruo>NVPujJvDkyLp2>Ia6UmbZy_cHY4DyJN)bq^nPruD zPYp%!6!=mtG%ao_;)@P%UC^qZgXJJeW|nX4vkHe$)Auw zLkS-y#g!%4oDn9C$s}udtsl{0ge7C2Y&KEyy`6T51o&)vV#6HN&7=2d6Iuz+rY&OZ z_HjI$wkT_|YkT(w-$+s;_$35SUrrq(hJyO$XsX|iHbkVjFG#+u80Y1@Q2 z7f!9G6k!)RPOYaX4#_udE*avhigHL#F(jaMx@4v_B-PAHvv;~=rp_qfys&G2hWhC*KmSq=uVjDMG01`d?vSaL7WVhBS0pjs~#VtT!ZF@Z}q$%4HHK28dG;ynN#jWfv!2zHulF$r0TDH0!Fi1U02m z<$_Hu?oz2yK_`PXk-=jBv$eA9lE(gLYb^kY9^C&VSH4VcB+WUn|4A*xE^O?7QdR#s zQVs=Epd1SR$5IXjAt|fSzA?FPmdm{2qa0^^amFJ;pwzFt4~wP&Lsn z^627n;yi3v!fx;U1a`YY@F%qcWM=>mDv}@CguoaMDiRB@iy8+xiE2ZV1z-3xYK(>@ znHPhciXRX(Q^RNVXCBw5zc~h%0eRC^8NCU+bwLoZNU7I%MRT!;^qGP+iey8 zl+%Cq)GJo+S|JR${k|Qe`<#7z%jm~?dNy}?!~5bVvj;W~Ths5DXXEB=UDtQcz4+}L zw<^24pPIUK|2u^rRutb=Ue@`@;Ze6-(x+te?vtw*D{Ef8JKyw@6$TGzzRB?^u z=_=j}Kq;=Z;CG$aD@|~P z@LeZ1L3Ux{yH0HCLJ|a@a@uMd(yu)sxkY%&87~dVGBY>q#Os^_Q0j)Anb0xeNOfsR z;XSOwtS-bZzFMcMkkr!S3)KjXVTn`A7X(%0)uJP>iJq;^7m6hlHA0raCKu)+u16+9~{;#lTd@g_=X|G3Y#8zog73p*7|#lrrq%HRdc7 z%^?wkucp;GDxG*@idWO>`bKj7_Z}v8HpR717;+Bm*Ukw7Mv}FbN~At}rA= z`0$|N{Suy)MtBelvCGZ~4`NjzslkVjR1TeD9JvNB1J~!pSnZ4!4v#OjCxKA3w7b3 zL_EhE--uyK8BNt5r=Z}U3(<=Xi?Xs@=x3H|z5abr^nX^Nmz~;0f3K-6^<;I>rCeE= z)!*@r7^bdva9(%b(44Zcq=i+XL>9stn)43LsR}npB7cq0Ql~TvatXDcgS!p-dg3@u z3r^BRNz__MqZW1>9HQ(FS=eoGC~R^}I+ugW5&Tkb%DV8Gv4I4=ZJ3;HQu#MoOBDk{={#`HkRbp(NN7fX_mSiLlEGpM?@r6p|Ns3bB5wQ-vtcB@K!= zg&4~uORV*0KTg@jpPWh)(VqL@aUs2u(W{hNzn{e^3;6)atN{tfg`66jD3gAIP(!r> z^n$5gS(Kb=IkXbHy^H?0(-jN8eJ9)Ha`lTnPvV5(`u}v=pDwdOf!Vo<%ff5hN_U%z~`iqS_Y&?Jxzb9b(h?E4h#v__Y{!7t8y}w#a%tHq}bVH?wwVR$8=70TXps z<|Hsofe^2#l4x!nu`tTUZzc<<^$^B2_#;zjjRxA34X)G5f)>)y4R)MrW&~Rrq>JT! jm%iSB1EqS$#II8bnr7BIMWsbc6H~t1 - - - True - NuGet - $(MSBuildThisFileDirectory)project.assets.json - /Users/pedro/.nuget/packages/ - /Users/pedro/.nuget/packages/ - PackageReference - 6.5.0 - - - - - \ No newline at end of file diff --git a/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/dotnet.csproj.nuget.g.targets b/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/dotnet.csproj.nuget.g.targets deleted file mode 100644 index 3dc06ef3cc4..00000000000 --- a/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/dotnet.csproj.nuget.g.targets +++ /dev/null @@ -1,2 +0,0 @@ - - \ No newline at end of file diff --git a/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/project.assets.json b/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/project.assets.json deleted file mode 100644 index 331eea652ff..00000000000 --- a/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/project.assets.json +++ /dev/null @@ -1,3454 +0,0 @@ -{ - "version": 3, - "targets": { - "net7.0": { - "Crc32.NET/1.2.0": { - "type": "package", - "dependencies": { - "NETStandard.Library": "2.0.0" - }, - "compile": { - "lib/netstandard2.0/Crc32.NET.dll": { - "related": ".xml" - } - }, - "runtime": { - "lib/netstandard2.0/Crc32.NET.dll": { - "related": ".xml" - } - } - }, - "Microsoft.CSharp/4.7.0": { - "type": "package", - "compile": { - "ref/netcoreapp2.0/_._": {} - }, - "runtime": { - "lib/netcoreapp2.0/_._": {} - } - }, - "Microsoft.NETCore.Platforms/1.1.1": { - "type": "package", - "compile": { - "lib/netstandard1.0/_._": {} - }, - "runtime": { - "lib/netstandard1.0/_._": {} - } - }, - "Microsoft.NETCore.Targets/1.1.3": { - "type": "package", - "compile": { - "lib/netstandard1.0/_._": {} - }, - "runtime": { - "lib/netstandard1.0/_._": {} - } - }, - "Minio/4.0.7": { - "type": "package", - "dependencies": { - "Crc32.NET": "1.2.0", - "Microsoft.CSharp": "4.7.0", - "Newtonsoft.Json": "13.0.1", - "System.Net.Http": "4.3.4", - "System.Net.Primitives": "4.3.1", - "System.Reactive.Linq": "5.0.0", - "System.ValueTuple": "4.4.0" - }, - "compile": { - "lib/netstandard2.0/Minio.dll": { - "related": ".xml" - } - }, - "runtime": { - "lib/netstandard2.0/Minio.dll": { - "related": ".xml" - } - } - }, - "NETStandard.Library/2.0.0": { - "type": "package", - "dependencies": { - "Microsoft.NETCore.Platforms": "1.1.0" - }, - "compile": { - "lib/netstandard1.0/_._": {} - }, - "runtime": { - "lib/netstandard1.0/_._": {} - }, - "build": { - "build/netstandard2.0/_._": {} - } - }, - "Newtonsoft.Json/13.0.1": { - "type": "package", - "compile": { - "lib/netstandard2.0/Newtonsoft.Json.dll": { - "related": ".xml" - } - }, - "runtime": { - "lib/netstandard2.0/Newtonsoft.Json.dll": { - "related": ".xml" - } - } - }, - "runtime.debian.8-x64.runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { - "type": "package", - "runtimeTargets": { - "runtimes/debian.8-x64/native/System.Security.Cryptography.Native.OpenSsl.so": { - "assetType": "native", - "rid": "debian.8-x64" - } - } - }, - "runtime.fedora.23-x64.runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { - "type": "package", - "runtimeTargets": { - "runtimes/fedora.23-x64/native/System.Security.Cryptography.Native.OpenSsl.so": { - "assetType": "native", - "rid": "fedora.23-x64" - } - } - }, - "runtime.fedora.24-x64.runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { - "type": "package", - "runtimeTargets": { - "runtimes/fedora.24-x64/native/System.Security.Cryptography.Native.OpenSsl.so": { - "assetType": "native", - "rid": "fedora.24-x64" - } - } - }, - "runtime.native.System/4.3.0": { - "type": "package", - "dependencies": { - "Microsoft.NETCore.Platforms": "1.1.0", - "Microsoft.NETCore.Targets": "1.1.0" - }, - "compile": { - "lib/netstandard1.0/_._": {} - }, - "runtime": { - "lib/netstandard1.0/_._": {} - } - }, - "runtime.native.System.Net.Http/4.3.0": { - "type": "package", - "dependencies": { - "Microsoft.NETCore.Platforms": "1.1.0", - "Microsoft.NETCore.Targets": "1.1.0" - }, - "compile": { - "lib/netstandard1.0/_._": {} - }, - "runtime": { - "lib/netstandard1.0/_._": {} - } - }, - "runtime.native.System.Security.Cryptography.Apple/4.3.0": { - "type": "package", - "dependencies": { - "runtime.osx.10.10-x64.runtime.native.System.Security.Cryptography.Apple": "4.3.0" - }, - "compile": { - "lib/netstandard1.0/_._": {} - }, - "runtime": { - "lib/netstandard1.0/_._": {} - } - }, - "runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { - "type": "package", - "dependencies": { - "runtime.debian.8-x64.runtime.native.System.Security.Cryptography.OpenSsl": "4.3.2", - "runtime.fedora.23-x64.runtime.native.System.Security.Cryptography.OpenSsl": "4.3.2", - "runtime.fedora.24-x64.runtime.native.System.Security.Cryptography.OpenSsl": "4.3.2", - "runtime.opensuse.13.2-x64.runtime.native.System.Security.Cryptography.OpenSsl": "4.3.2", - "runtime.opensuse.42.1-x64.runtime.native.System.Security.Cryptography.OpenSsl": "4.3.2", - "runtime.osx.10.10-x64.runtime.native.System.Security.Cryptography.OpenSsl": "4.3.2", - "runtime.rhel.7-x64.runtime.native.System.Security.Cryptography.OpenSsl": "4.3.2", - "runtime.ubuntu.14.04-x64.runtime.native.System.Security.Cryptography.OpenSsl": "4.3.2", - "runtime.ubuntu.16.04-x64.runtime.native.System.Security.Cryptography.OpenSsl": "4.3.2", - "runtime.ubuntu.16.10-x64.runtime.native.System.Security.Cryptography.OpenSsl": "4.3.2" - }, - "compile": { - "lib/netstandard1.0/_._": {} - }, - "runtime": { - "lib/netstandard1.0/_._": {} - } - }, - "runtime.opensuse.13.2-x64.runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { - "type": "package", - "runtimeTargets": { - "runtimes/opensuse.13.2-x64/native/System.Security.Cryptography.Native.OpenSsl.so": { - "assetType": "native", - "rid": "opensuse.13.2-x64" - } - } - }, - "runtime.opensuse.42.1-x64.runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { - "type": "package", - "runtimeTargets": { - "runtimes/opensuse.42.1-x64/native/System.Security.Cryptography.Native.OpenSsl.so": { - "assetType": "native", - "rid": "opensuse.42.1-x64" - } - } - }, - "runtime.osx.10.10-x64.runtime.native.System.Security.Cryptography.Apple/4.3.0": { - "type": "package", - "runtimeTargets": { - "runtimes/osx.10.10-x64/native/System.Security.Cryptography.Native.Apple.dylib": { - "assetType": "native", - "rid": "osx.10.10-x64" - } - } - }, - "runtime.osx.10.10-x64.runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { - "type": "package", - "runtimeTargets": { - "runtimes/osx.10.10-x64/native/System.Security.Cryptography.Native.OpenSsl.dylib": { - "assetType": "native", - "rid": "osx.10.10-x64" - } - } - }, - "runtime.rhel.7-x64.runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { - "type": "package", - "runtimeTargets": { - "runtimes/rhel.7-x64/native/System.Security.Cryptography.Native.OpenSsl.so": { - "assetType": "native", - "rid": "rhel.7-x64" - } - } - }, - "runtime.ubuntu.14.04-x64.runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { - "type": "package", - "runtimeTargets": { - "runtimes/ubuntu.14.04-x64/native/System.Security.Cryptography.Native.OpenSsl.so": { - "assetType": "native", - "rid": "ubuntu.14.04-x64" - } - } - }, - "runtime.ubuntu.16.04-x64.runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { - "type": "package", - "runtimeTargets": { - "runtimes/ubuntu.16.04-x64/native/System.Security.Cryptography.Native.OpenSsl.so": { - "assetType": "native", - "rid": "ubuntu.16.04-x64" - } - } - }, - "runtime.ubuntu.16.10-x64.runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { - "type": "package", - "runtimeTargets": { - "runtimes/ubuntu.16.10-x64/native/System.Security.Cryptography.Native.OpenSsl.so": { - "assetType": "native", - "rid": "ubuntu.16.10-x64" - } - } - }, - "System.Collections/4.3.0": { - "type": "package", - "dependencies": { - "Microsoft.NETCore.Platforms": "1.1.0", - "Microsoft.NETCore.Targets": "1.1.0", - "System.Runtime": "4.3.0" - }, - "compile": { - "ref/netstandard1.3/_._": { - "related": ".xml" - } - } - }, - "System.Collections.Concurrent/4.3.0": { - "type": "package", - "dependencies": { - "System.Collections": "4.3.0", - "System.Diagnostics.Debug": "4.3.0", - "System.Diagnostics.Tracing": "4.3.0", - "System.Globalization": "4.3.0", - "System.Reflection": "4.3.0", - "System.Resources.ResourceManager": "4.3.0", - "System.Runtime": "4.3.0", - "System.Runtime.Extensions": "4.3.0", - "System.Threading": "4.3.0", - "System.Threading.Tasks": "4.3.0" - }, - "compile": { - "ref/netstandard1.3/_._": { - "related": ".xml" - } - }, - "runtime": { - "lib/netstandard1.3/System.Collections.Concurrent.dll": {} - } - }, - "System.Diagnostics.Debug/4.3.0": { - "type": "package", - "dependencies": { - "Microsoft.NETCore.Platforms": "1.1.0", - "Microsoft.NETCore.Targets": "1.1.0", - "System.Runtime": "4.3.0" - }, - "compile": { - "ref/netstandard1.3/_._": { - "related": ".xml" - } - } - }, - "System.Diagnostics.DiagnosticSource/4.3.0": { - "type": "package", - "dependencies": { - "System.Collections": "4.3.0", - "System.Diagnostics.Tracing": "4.3.0", - "System.Reflection": "4.3.0", - "System.Runtime": "4.3.0", - "System.Threading": "4.3.0" - }, - "compile": { - "lib/netstandard1.3/_._": { - "related": ".xml" - } - }, - "runtime": { - "lib/netstandard1.3/System.Diagnostics.DiagnosticSource.dll": { - "related": ".xml" - } - } - }, - "System.Diagnostics.Tracing/4.3.0": { - "type": "package", - "dependencies": { - "Microsoft.NETCore.Platforms": "1.1.0", - "Microsoft.NETCore.Targets": "1.1.0", - "System.Runtime": "4.3.0" - }, - "compile": { - "ref/netstandard1.5/_._": { - "related": ".xml" - } - } - }, - "System.Globalization/4.3.0": { - "type": "package", - "dependencies": { - "Microsoft.NETCore.Platforms": "1.1.0", - "Microsoft.NETCore.Targets": "1.1.0", - "System.Runtime": "4.3.0" - }, - "compile": { - "ref/netstandard1.3/_._": { - "related": ".xml" - } - } - }, - "System.Globalization.Calendars/4.3.0": { - "type": "package", - "dependencies": { - "Microsoft.NETCore.Platforms": "1.1.0", - "Microsoft.NETCore.Targets": "1.1.0", - "System.Globalization": "4.3.0", - "System.Runtime": "4.3.0" - }, - "compile": { - "ref/netstandard1.3/_._": { - "related": ".xml" - } - } - }, - "System.Globalization.Extensions/4.3.0": { - "type": "package", - "dependencies": { - "Microsoft.NETCore.Platforms": "1.1.0", - "System.Globalization": "4.3.0", - "System.Resources.ResourceManager": "4.3.0", - "System.Runtime": "4.3.0", - "System.Runtime.Extensions": "4.3.0", - "System.Runtime.InteropServices": "4.3.0" - }, - "compile": { - "ref/netstandard1.3/_._": { - "related": ".xml" - } - }, - "runtimeTargets": { - "runtimes/unix/lib/netstandard1.3/System.Globalization.Extensions.dll": { - "assetType": "runtime", - "rid": "unix" - }, - "runtimes/win/lib/netstandard1.3/System.Globalization.Extensions.dll": { - "assetType": "runtime", - "rid": "win" - } - } - }, - "System.IO/4.3.0": { - "type": "package", - "dependencies": { - "Microsoft.NETCore.Platforms": "1.1.0", - "Microsoft.NETCore.Targets": "1.1.0", - "System.Runtime": "4.3.0", - "System.Text.Encoding": "4.3.0", - "System.Threading.Tasks": "4.3.0" - }, - "compile": { - "ref/netstandard1.5/System.IO.dll": { - "related": ".xml" - } - } - }, - "System.IO.FileSystem/4.3.0": { - "type": "package", - "dependencies": { - "Microsoft.NETCore.Platforms": "1.1.0", - "Microsoft.NETCore.Targets": "1.1.0", - "System.IO": "4.3.0", - "System.IO.FileSystem.Primitives": "4.3.0", - "System.Runtime": "4.3.0", - "System.Runtime.Handles": "4.3.0", - "System.Text.Encoding": "4.3.0", - "System.Threading.Tasks": "4.3.0" - }, - "compile": { - "ref/netstandard1.3/_._": { - "related": ".xml" - } - } - }, - "System.IO.FileSystem.Primitives/4.3.0": { - "type": "package", - "dependencies": { - "System.Runtime": "4.3.0" - }, - "compile": { - "ref/netstandard1.3/_._": { - "related": ".xml" - } - }, - "runtime": { - "lib/netstandard1.3/System.IO.FileSystem.Primitives.dll": {} - } - }, - "System.Linq/4.3.0": { - "type": "package", - "dependencies": { - "System.Collections": "4.3.0", - "System.Diagnostics.Debug": "4.3.0", - "System.Resources.ResourceManager": "4.3.0", - "System.Runtime": "4.3.0", - "System.Runtime.Extensions": "4.3.0" - }, - "compile": { - "ref/netstandard1.6/_._": { - "related": ".xml" - } - }, - "runtime": { - "lib/netstandard1.6/System.Linq.dll": {} - } - }, - "System.Net.Http/4.3.4": { - "type": "package", - "dependencies": { - "Microsoft.NETCore.Platforms": "1.1.1", - "System.Collections": "4.3.0", - "System.Diagnostics.Debug": "4.3.0", - "System.Diagnostics.DiagnosticSource": "4.3.0", - "System.Diagnostics.Tracing": "4.3.0", - "System.Globalization": "4.3.0", - "System.Globalization.Extensions": "4.3.0", - "System.IO": "4.3.0", - "System.IO.FileSystem": "4.3.0", - "System.Net.Primitives": "4.3.0", - "System.Resources.ResourceManager": "4.3.0", - "System.Runtime": "4.3.0", - "System.Runtime.Extensions": "4.3.0", - "System.Runtime.Handles": "4.3.0", - "System.Runtime.InteropServices": "4.3.0", - "System.Security.Cryptography.Algorithms": "4.3.0", - "System.Security.Cryptography.Encoding": "4.3.0", - "System.Security.Cryptography.OpenSsl": "4.3.0", - "System.Security.Cryptography.Primitives": "4.3.0", - "System.Security.Cryptography.X509Certificates": "4.3.0", - "System.Text.Encoding": "4.3.0", - "System.Threading": "4.3.0", - "System.Threading.Tasks": "4.3.0", - "runtime.native.System": "4.3.0", - "runtime.native.System.Net.Http": "4.3.0", - "runtime.native.System.Security.Cryptography.OpenSsl": "4.3.2" - }, - "compile": { - "ref/netstandard1.3/System.Net.Http.dll": {} - }, - "runtimeTargets": { - "runtimes/unix/lib/netstandard1.6/System.Net.Http.dll": { - "assetType": "runtime", - "rid": "unix" - }, - "runtimes/win/lib/netstandard1.3/System.Net.Http.dll": { - "assetType": "runtime", - "rid": "win" - } - } - }, - "System.Net.Primitives/4.3.1": { - "type": "package", - "dependencies": { - "Microsoft.NETCore.Platforms": "1.1.1", - "Microsoft.NETCore.Targets": "1.1.3", - "System.Runtime": "4.3.1", - "System.Runtime.Handles": "4.3.0" - }, - "compile": { - "ref/netstandard1.3/System.Net.Primitives.dll": { - "related": ".xml" - } - } - }, - "System.Reactive/5.0.0": { - "type": "package", - "compile": { - "lib/net5.0/System.Reactive.dll": { - "related": ".xml" - } - }, - "runtime": { - "lib/net5.0/System.Reactive.dll": { - "related": ".xml" - } - }, - "build": { - "buildTransitive/net5.0/_._": {} - } - }, - "System.Reactive.Linq/5.0.0": { - "type": "package", - "dependencies": { - "System.Reactive": "5.0.0", - "System.Threading.Tasks.Extensions": "4.5.4" - }, - "compile": { - "lib/netstandard2.0/System.Reactive.Linq.dll": { - "related": ".xml" - } - }, - "runtime": { - "lib/netstandard2.0/System.Reactive.Linq.dll": { - "related": ".xml" - } - } - }, - "System.Reflection/4.3.0": { - "type": "package", - "dependencies": { - "Microsoft.NETCore.Platforms": "1.1.0", - "Microsoft.NETCore.Targets": "1.1.0", - "System.IO": "4.3.0", - "System.Reflection.Primitives": "4.3.0", - "System.Runtime": "4.3.0" - }, - "compile": { - "ref/netstandard1.5/_._": { - "related": ".xml" - } - } - }, - "System.Reflection.Primitives/4.3.0": { - "type": "package", - "dependencies": { - "Microsoft.NETCore.Platforms": "1.1.0", - "Microsoft.NETCore.Targets": "1.1.0", - "System.Runtime": "4.3.0" - }, - "compile": { - "ref/netstandard1.0/_._": { - "related": ".xml" - } - } - }, - "System.Resources.ResourceManager/4.3.0": { - "type": "package", - "dependencies": { - "Microsoft.NETCore.Platforms": "1.1.0", - "Microsoft.NETCore.Targets": "1.1.0", - "System.Globalization": "4.3.0", - "System.Reflection": "4.3.0", - "System.Runtime": "4.3.0" - }, - "compile": { - "ref/netstandard1.0/_._": { - "related": ".xml" - } - } - }, - "System.Runtime/4.3.1": { - "type": "package", - "dependencies": { - "Microsoft.NETCore.Platforms": "1.1.1", - "Microsoft.NETCore.Targets": "1.1.3" - }, - "compile": { - "ref/netstandard1.5/System.Runtime.dll": { - "related": ".xml" - } - } - }, - "System.Runtime.Extensions/4.3.0": { - "type": "package", - "dependencies": { - "Microsoft.NETCore.Platforms": "1.1.0", - "Microsoft.NETCore.Targets": "1.1.0", - "System.Runtime": "4.3.0" - }, - "compile": { - "ref/netstandard1.5/_._": { - "related": ".xml" - } - } - }, - "System.Runtime.Handles/4.3.0": { - "type": "package", - "dependencies": { - "Microsoft.NETCore.Platforms": "1.1.0", - "Microsoft.NETCore.Targets": "1.1.0", - "System.Runtime": "4.3.0" - }, - "compile": { - "ref/netstandard1.3/System.Runtime.Handles.dll": { - "related": ".xml" - } - } - }, - "System.Runtime.InteropServices/4.3.0": { - "type": "package", - "dependencies": { - "Microsoft.NETCore.Platforms": "1.1.0", - "Microsoft.NETCore.Targets": "1.1.0", - "System.Reflection": "4.3.0", - "System.Reflection.Primitives": "4.3.0", - "System.Runtime": "4.3.0", - "System.Runtime.Handles": "4.3.0" - }, - "compile": { - "ref/netcoreapp1.1/_._": {} - } - }, - "System.Runtime.Numerics/4.3.0": { - "type": "package", - "dependencies": { - "System.Globalization": "4.3.0", - "System.Resources.ResourceManager": "4.3.0", - "System.Runtime": "4.3.0", - "System.Runtime.Extensions": "4.3.0" - }, - "compile": { - "ref/netstandard1.1/_._": { - "related": ".xml" - } - }, - "runtime": { - "lib/netstandard1.3/System.Runtime.Numerics.dll": {} - } - }, - "System.Security.Cryptography.Algorithms/4.3.0": { - "type": "package", - "dependencies": { - "Microsoft.NETCore.Platforms": "1.1.0", - "System.Collections": "4.3.0", - "System.IO": "4.3.0", - "System.Resources.ResourceManager": "4.3.0", - "System.Runtime": "4.3.0", - "System.Runtime.Extensions": "4.3.0", - "System.Runtime.Handles": "4.3.0", - "System.Runtime.InteropServices": "4.3.0", - "System.Runtime.Numerics": "4.3.0", - "System.Security.Cryptography.Encoding": "4.3.0", - "System.Security.Cryptography.Primitives": "4.3.0", - "System.Text.Encoding": "4.3.0", - "runtime.native.System.Security.Cryptography.Apple": "4.3.0", - "runtime.native.System.Security.Cryptography.OpenSsl": "4.3.0" - }, - "compile": { - "ref/netstandard1.6/System.Security.Cryptography.Algorithms.dll": {} - }, - "runtimeTargets": { - "runtimes/osx/lib/netstandard1.6/System.Security.Cryptography.Algorithms.dll": { - "assetType": "runtime", - "rid": "osx" - }, - "runtimes/unix/lib/netstandard1.6/System.Security.Cryptography.Algorithms.dll": { - "assetType": "runtime", - "rid": "unix" - }, - "runtimes/win/lib/netstandard1.6/System.Security.Cryptography.Algorithms.dll": { - "assetType": "runtime", - "rid": "win" - } - } - }, - "System.Security.Cryptography.Cng/4.3.0": { - "type": "package", - "dependencies": { - "Microsoft.NETCore.Platforms": "1.1.0", - "System.IO": "4.3.0", - "System.Resources.ResourceManager": "4.3.0", - "System.Runtime": "4.3.0", - "System.Runtime.Extensions": "4.3.0", - "System.Runtime.Handles": "4.3.0", - "System.Runtime.InteropServices": "4.3.0", - "System.Security.Cryptography.Algorithms": "4.3.0", - "System.Security.Cryptography.Encoding": "4.3.0", - "System.Security.Cryptography.Primitives": "4.3.0", - "System.Text.Encoding": "4.3.0" - }, - "compile": { - "ref/netstandard1.6/_._": {} - }, - "runtimeTargets": { - "runtimes/unix/lib/netstandard1.6/System.Security.Cryptography.Cng.dll": { - "assetType": "runtime", - "rid": "unix" - }, - "runtimes/win/lib/netstandard1.6/System.Security.Cryptography.Cng.dll": { - "assetType": "runtime", - "rid": "win" - } - } - }, - "System.Security.Cryptography.Csp/4.3.0": { - "type": "package", - "dependencies": { - "Microsoft.NETCore.Platforms": "1.1.0", - "System.IO": "4.3.0", - "System.Reflection": "4.3.0", - "System.Resources.ResourceManager": "4.3.0", - "System.Runtime": "4.3.0", - "System.Runtime.Extensions": "4.3.0", - "System.Runtime.Handles": "4.3.0", - "System.Runtime.InteropServices": "4.3.0", - "System.Security.Cryptography.Algorithms": "4.3.0", - "System.Security.Cryptography.Encoding": "4.3.0", - "System.Security.Cryptography.Primitives": "4.3.0", - "System.Text.Encoding": "4.3.0", - "System.Threading": "4.3.0" - }, - "compile": { - "ref/netstandard1.3/_._": {} - }, - "runtimeTargets": { - "runtimes/unix/lib/netstandard1.3/System.Security.Cryptography.Csp.dll": { - "assetType": "runtime", - "rid": "unix" - }, - "runtimes/win/lib/netstandard1.3/System.Security.Cryptography.Csp.dll": { - "assetType": "runtime", - "rid": "win" - } - } - }, - "System.Security.Cryptography.Encoding/4.3.0": { - "type": "package", - "dependencies": { - "Microsoft.NETCore.Platforms": "1.1.0", - "System.Collections": "4.3.0", - "System.Collections.Concurrent": "4.3.0", - "System.Linq": "4.3.0", - "System.Resources.ResourceManager": "4.3.0", - "System.Runtime": "4.3.0", - "System.Runtime.Extensions": "4.3.0", - "System.Runtime.Handles": "4.3.0", - "System.Runtime.InteropServices": "4.3.0", - "System.Security.Cryptography.Primitives": "4.3.0", - "System.Text.Encoding": "4.3.0", - "runtime.native.System.Security.Cryptography.OpenSsl": "4.3.0" - }, - "compile": { - "ref/netstandard1.3/System.Security.Cryptography.Encoding.dll": { - "related": ".xml" - } - }, - "runtimeTargets": { - "runtimes/unix/lib/netstandard1.3/System.Security.Cryptography.Encoding.dll": { - "assetType": "runtime", - "rid": "unix" - }, - "runtimes/win/lib/netstandard1.3/System.Security.Cryptography.Encoding.dll": { - "assetType": "runtime", - "rid": "win" - } - } - }, - "System.Security.Cryptography.OpenSsl/4.3.0": { - "type": "package", - "dependencies": { - "System.Collections": "4.3.0", - "System.IO": "4.3.0", - "System.Resources.ResourceManager": "4.3.0", - "System.Runtime": "4.3.0", - "System.Runtime.Extensions": "4.3.0", - "System.Runtime.Handles": "4.3.0", - "System.Runtime.InteropServices": "4.3.0", - "System.Runtime.Numerics": "4.3.0", - "System.Security.Cryptography.Algorithms": "4.3.0", - "System.Security.Cryptography.Encoding": "4.3.0", - "System.Security.Cryptography.Primitives": "4.3.0", - "System.Text.Encoding": "4.3.0", - "runtime.native.System.Security.Cryptography.OpenSsl": "4.3.0" - }, - "compile": { - "ref/netstandard1.6/_._": {} - }, - "runtime": { - "lib/netstandard1.6/System.Security.Cryptography.OpenSsl.dll": {} - }, - "runtimeTargets": { - "runtimes/unix/lib/netstandard1.6/System.Security.Cryptography.OpenSsl.dll": { - "assetType": "runtime", - "rid": "unix" - } - } - }, - "System.Security.Cryptography.Primitives/4.3.0": { - "type": "package", - "dependencies": { - "System.Diagnostics.Debug": "4.3.0", - "System.Globalization": "4.3.0", - "System.IO": "4.3.0", - "System.Resources.ResourceManager": "4.3.0", - "System.Runtime": "4.3.0", - "System.Threading": "4.3.0", - "System.Threading.Tasks": "4.3.0" - }, - "compile": { - "ref/netstandard1.3/System.Security.Cryptography.Primitives.dll": {} - }, - "runtime": { - "lib/netstandard1.3/System.Security.Cryptography.Primitives.dll": {} - } - }, - "System.Security.Cryptography.X509Certificates/4.3.0": { - "type": "package", - "dependencies": { - "Microsoft.NETCore.Platforms": "1.1.0", - "System.Collections": "4.3.0", - "System.Diagnostics.Debug": "4.3.0", - "System.Globalization": "4.3.0", - "System.Globalization.Calendars": "4.3.0", - "System.IO": "4.3.0", - "System.IO.FileSystem": "4.3.0", - "System.IO.FileSystem.Primitives": "4.3.0", - "System.Resources.ResourceManager": "4.3.0", - "System.Runtime": "4.3.0", - "System.Runtime.Extensions": "4.3.0", - "System.Runtime.Handles": "4.3.0", - "System.Runtime.InteropServices": "4.3.0", - "System.Runtime.Numerics": "4.3.0", - "System.Security.Cryptography.Algorithms": "4.3.0", - "System.Security.Cryptography.Cng": "4.3.0", - "System.Security.Cryptography.Csp": "4.3.0", - "System.Security.Cryptography.Encoding": "4.3.0", - "System.Security.Cryptography.OpenSsl": "4.3.0", - "System.Security.Cryptography.Primitives": "4.3.0", - "System.Text.Encoding": "4.3.0", - "System.Threading": "4.3.0", - "runtime.native.System": "4.3.0", - "runtime.native.System.Net.Http": "4.3.0", - "runtime.native.System.Security.Cryptography.OpenSsl": "4.3.0" - }, - "compile": { - "ref/netstandard1.4/System.Security.Cryptography.X509Certificates.dll": { - "related": ".xml" - } - }, - "runtimeTargets": { - "runtimes/unix/lib/netstandard1.6/System.Security.Cryptography.X509Certificates.dll": { - "assetType": "runtime", - "rid": "unix" - }, - "runtimes/win/lib/netstandard1.6/System.Security.Cryptography.X509Certificates.dll": { - "assetType": "runtime", - "rid": "win" - } - } - }, - "System.Text.Encoding/4.3.0": { - "type": "package", - "dependencies": { - "Microsoft.NETCore.Platforms": "1.1.0", - "Microsoft.NETCore.Targets": "1.1.0", - "System.Runtime": "4.3.0" - }, - "compile": { - "ref/netstandard1.3/System.Text.Encoding.dll": { - "related": ".xml" - } - } - }, - "System.Threading/4.3.0": { - "type": "package", - "dependencies": { - "System.Runtime": "4.3.0", - "System.Threading.Tasks": "4.3.0" - }, - "compile": { - "ref/netstandard1.3/_._": { - "related": ".xml" - } - }, - "runtime": { - "lib/netstandard1.3/System.Threading.dll": {} - } - }, - "System.Threading.Tasks/4.3.0": { - "type": "package", - "dependencies": { - "Microsoft.NETCore.Platforms": "1.1.0", - "Microsoft.NETCore.Targets": "1.1.0", - "System.Runtime": "4.3.0" - }, - "compile": { - "ref/netstandard1.3/System.Threading.Tasks.dll": { - "related": ".xml" - } - } - }, - "System.Threading.Tasks.Extensions/4.5.4": { - "type": "package", - "compile": { - "ref/netcoreapp2.1/_._": {} - }, - "runtime": { - "lib/netcoreapp2.1/_._": {} - } - }, - "System.ValueTuple/4.4.0": { - "type": "package", - "compile": { - "ref/netcoreapp2.0/_._": {} - }, - "runtime": { - "lib/netcoreapp2.0/_._": {} - } - } - } - }, - "libraries": { - "Crc32.NET/1.2.0": { - "sha512": "wNW/huzolu8MNKUnwCVKxjfAlCFpeI8AZVfF46iAWJ1+P6bTU1AZct7VAkDDEjgeeTJCVTkGZaD6jSd/fOiUkA==", - "type": "package", - "path": "crc32.net/1.2.0", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "crc32.net.1.2.0.nupkg.sha512", - "crc32.net.nuspec", - "lib/net20/Crc32.NET.dll", - "lib/net20/Crc32.NET.xml", - "lib/netstandard1.3/Crc32.NET.dll", - "lib/netstandard1.3/Crc32.NET.xml", - "lib/netstandard2.0/Crc32.NET.dll", - "lib/netstandard2.0/Crc32.NET.xml" - ] - }, - "Microsoft.CSharp/4.7.0": { - "sha512": "pTj+D3uJWyN3My70i2Hqo+OXixq3Os2D1nJ2x92FFo6sk8fYS1m1WLNTs0Dc1uPaViH0YvEEwvzddQ7y4rhXmA==", - "type": "package", - "path": "microsoft.csharp/4.7.0", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "LICENSE.TXT", - "THIRD-PARTY-NOTICES.TXT", - "lib/MonoAndroid10/_._", - "lib/MonoTouch10/_._", - "lib/net45/_._", - "lib/netcore50/Microsoft.CSharp.dll", - "lib/netcoreapp2.0/_._", - "lib/netstandard1.3/Microsoft.CSharp.dll", - "lib/netstandard2.0/Microsoft.CSharp.dll", - "lib/netstandard2.0/Microsoft.CSharp.xml", - "lib/portable-net45+win8+wp8+wpa81/_._", - "lib/uap10.0.16299/_._", - "lib/win8/_._", - "lib/wp80/_._", - "lib/wpa81/_._", - "lib/xamarinios10/_._", - "lib/xamarinmac20/_._", - "lib/xamarintvos10/_._", - "lib/xamarinwatchos10/_._", - "microsoft.csharp.4.7.0.nupkg.sha512", - "microsoft.csharp.nuspec", - "ref/MonoAndroid10/_._", - "ref/MonoTouch10/_._", - "ref/net45/_._", - "ref/netcore50/Microsoft.CSharp.dll", - "ref/netcore50/Microsoft.CSharp.xml", - "ref/netcore50/de/Microsoft.CSharp.xml", - "ref/netcore50/es/Microsoft.CSharp.xml", - "ref/netcore50/fr/Microsoft.CSharp.xml", - "ref/netcore50/it/Microsoft.CSharp.xml", - "ref/netcore50/ja/Microsoft.CSharp.xml", - "ref/netcore50/ko/Microsoft.CSharp.xml", - "ref/netcore50/ru/Microsoft.CSharp.xml", - "ref/netcore50/zh-hans/Microsoft.CSharp.xml", - "ref/netcore50/zh-hant/Microsoft.CSharp.xml", - "ref/netcoreapp2.0/_._", - "ref/netstandard1.0/Microsoft.CSharp.dll", - "ref/netstandard1.0/Microsoft.CSharp.xml", - "ref/netstandard1.0/de/Microsoft.CSharp.xml", - "ref/netstandard1.0/es/Microsoft.CSharp.xml", - "ref/netstandard1.0/fr/Microsoft.CSharp.xml", - "ref/netstandard1.0/it/Microsoft.CSharp.xml", - "ref/netstandard1.0/ja/Microsoft.CSharp.xml", - "ref/netstandard1.0/ko/Microsoft.CSharp.xml", - "ref/netstandard1.0/ru/Microsoft.CSharp.xml", - "ref/netstandard1.0/zh-hans/Microsoft.CSharp.xml", - "ref/netstandard1.0/zh-hant/Microsoft.CSharp.xml", - "ref/netstandard2.0/Microsoft.CSharp.dll", - "ref/netstandard2.0/Microsoft.CSharp.xml", - "ref/portable-net45+win8+wp8+wpa81/_._", - "ref/uap10.0.16299/_._", - "ref/win8/_._", - "ref/wp80/_._", - "ref/wpa81/_._", - "ref/xamarinios10/_._", - "ref/xamarinmac20/_._", - "ref/xamarintvos10/_._", - "ref/xamarinwatchos10/_._", - "useSharedDesignerContext.txt", - "version.txt" - ] - }, - "Microsoft.NETCore.Platforms/1.1.1": { - "sha512": "TMBuzAHpTenGbGgk0SMTwyEkyijY/Eae4ZGsFNYJvAr/LDn1ku3Etp3FPxChmDp5HHF3kzJuoaa08N0xjqAJfQ==", - "type": "package", - "path": "microsoft.netcore.platforms/1.1.1", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "lib/netstandard1.0/_._", - "microsoft.netcore.platforms.1.1.1.nupkg.sha512", - "microsoft.netcore.platforms.nuspec", - "runtime.json" - ] - }, - "Microsoft.NETCore.Targets/1.1.3": { - "sha512": "3Wrmi0kJDzClwAC+iBdUBpEKmEle8FQNsCs77fkiOIw/9oYA07bL1EZNX0kQ2OMN3xpwvl0vAtOCYY3ndDNlhQ==", - "type": "package", - "path": "microsoft.netcore.targets/1.1.3", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "lib/netstandard1.0/_._", - "microsoft.netcore.targets.1.1.3.nupkg.sha512", - "microsoft.netcore.targets.nuspec", - "runtime.json" - ] - }, - "Minio/4.0.7": { - "sha512": "gmd+B4YHaE+cz8TCPIzkhov3t30VovGfyf6vMxqXd/iF/cziKmXKJJXv2E9kcHvbGwVHhMWtvk7fXWOzHcU4uw==", - "type": "package", - "path": "minio/4.0.7", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "lib/netstandard2.0/Minio.dll", - "lib/netstandard2.0/Minio.xml", - "minio.4.0.7.nupkg.sha512", - "minio.nuspec" - ] - }, - "NETStandard.Library/2.0.0": { - "sha512": "7jnbRU+L08FXKMxqUflxEXtVymWvNOrS8yHgu9s6EM8Anr6T/wIX4nZ08j/u3Asz+tCufp3YVwFSEvFTPYmBPA==", - "type": "package", - "path": "netstandard.library/2.0.0", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "LICENSE.TXT", - "THIRD-PARTY-NOTICES.TXT", - "build/NETStandard.Library.targets", - "build/netstandard2.0/NETStandard.Library.targets", - "build/netstandard2.0/ref/Microsoft.Win32.Primitives.dll", - "build/netstandard2.0/ref/System.AppContext.dll", - "build/netstandard2.0/ref/System.Collections.Concurrent.dll", - "build/netstandard2.0/ref/System.Collections.NonGeneric.dll", - "build/netstandard2.0/ref/System.Collections.Specialized.dll", - "build/netstandard2.0/ref/System.Collections.dll", - "build/netstandard2.0/ref/System.ComponentModel.Composition.dll", - "build/netstandard2.0/ref/System.ComponentModel.EventBasedAsync.dll", - "build/netstandard2.0/ref/System.ComponentModel.Primitives.dll", - "build/netstandard2.0/ref/System.ComponentModel.TypeConverter.dll", - "build/netstandard2.0/ref/System.ComponentModel.dll", - "build/netstandard2.0/ref/System.Console.dll", - "build/netstandard2.0/ref/System.Core.dll", - "build/netstandard2.0/ref/System.Data.Common.dll", - "build/netstandard2.0/ref/System.Data.dll", - "build/netstandard2.0/ref/System.Diagnostics.Contracts.dll", - "build/netstandard2.0/ref/System.Diagnostics.Debug.dll", - "build/netstandard2.0/ref/System.Diagnostics.FileVersionInfo.dll", - "build/netstandard2.0/ref/System.Diagnostics.Process.dll", - "build/netstandard2.0/ref/System.Diagnostics.StackTrace.dll", - "build/netstandard2.0/ref/System.Diagnostics.TextWriterTraceListener.dll", - "build/netstandard2.0/ref/System.Diagnostics.Tools.dll", - "build/netstandard2.0/ref/System.Diagnostics.TraceSource.dll", - "build/netstandard2.0/ref/System.Diagnostics.Tracing.dll", - "build/netstandard2.0/ref/System.Drawing.Primitives.dll", - "build/netstandard2.0/ref/System.Drawing.dll", - "build/netstandard2.0/ref/System.Dynamic.Runtime.dll", - "build/netstandard2.0/ref/System.Globalization.Calendars.dll", - "build/netstandard2.0/ref/System.Globalization.Extensions.dll", - "build/netstandard2.0/ref/System.Globalization.dll", - "build/netstandard2.0/ref/System.IO.Compression.FileSystem.dll", - "build/netstandard2.0/ref/System.IO.Compression.ZipFile.dll", - "build/netstandard2.0/ref/System.IO.Compression.dll", - "build/netstandard2.0/ref/System.IO.FileSystem.DriveInfo.dll", - "build/netstandard2.0/ref/System.IO.FileSystem.Primitives.dll", - "build/netstandard2.0/ref/System.IO.FileSystem.Watcher.dll", - "build/netstandard2.0/ref/System.IO.FileSystem.dll", - "build/netstandard2.0/ref/System.IO.IsolatedStorage.dll", - "build/netstandard2.0/ref/System.IO.MemoryMappedFiles.dll", - "build/netstandard2.0/ref/System.IO.Pipes.dll", - "build/netstandard2.0/ref/System.IO.UnmanagedMemoryStream.dll", - "build/netstandard2.0/ref/System.IO.dll", - "build/netstandard2.0/ref/System.Linq.Expressions.dll", - "build/netstandard2.0/ref/System.Linq.Parallel.dll", - "build/netstandard2.0/ref/System.Linq.Queryable.dll", - "build/netstandard2.0/ref/System.Linq.dll", - "build/netstandard2.0/ref/System.Net.Http.dll", - "build/netstandard2.0/ref/System.Net.NameResolution.dll", - "build/netstandard2.0/ref/System.Net.NetworkInformation.dll", - "build/netstandard2.0/ref/System.Net.Ping.dll", - "build/netstandard2.0/ref/System.Net.Primitives.dll", - "build/netstandard2.0/ref/System.Net.Requests.dll", - "build/netstandard2.0/ref/System.Net.Security.dll", - "build/netstandard2.0/ref/System.Net.Sockets.dll", - "build/netstandard2.0/ref/System.Net.WebHeaderCollection.dll", - "build/netstandard2.0/ref/System.Net.WebSockets.Client.dll", - "build/netstandard2.0/ref/System.Net.WebSockets.dll", - "build/netstandard2.0/ref/System.Net.dll", - "build/netstandard2.0/ref/System.Numerics.dll", - "build/netstandard2.0/ref/System.ObjectModel.dll", - "build/netstandard2.0/ref/System.Reflection.Extensions.dll", - "build/netstandard2.0/ref/System.Reflection.Primitives.dll", - "build/netstandard2.0/ref/System.Reflection.dll", - "build/netstandard2.0/ref/System.Resources.Reader.dll", - "build/netstandard2.0/ref/System.Resources.ResourceManager.dll", - "build/netstandard2.0/ref/System.Resources.Writer.dll", - "build/netstandard2.0/ref/System.Runtime.CompilerServices.VisualC.dll", - "build/netstandard2.0/ref/System.Runtime.Extensions.dll", - "build/netstandard2.0/ref/System.Runtime.Handles.dll", - "build/netstandard2.0/ref/System.Runtime.InteropServices.RuntimeInformation.dll", - "build/netstandard2.0/ref/System.Runtime.InteropServices.dll", - "build/netstandard2.0/ref/System.Runtime.Numerics.dll", - "build/netstandard2.0/ref/System.Runtime.Serialization.Formatters.dll", - "build/netstandard2.0/ref/System.Runtime.Serialization.Json.dll", - "build/netstandard2.0/ref/System.Runtime.Serialization.Primitives.dll", - "build/netstandard2.0/ref/System.Runtime.Serialization.Xml.dll", - "build/netstandard2.0/ref/System.Runtime.Serialization.dll", - "build/netstandard2.0/ref/System.Runtime.dll", - "build/netstandard2.0/ref/System.Security.Claims.dll", - "build/netstandard2.0/ref/System.Security.Cryptography.Algorithms.dll", - "build/netstandard2.0/ref/System.Security.Cryptography.Csp.dll", - "build/netstandard2.0/ref/System.Security.Cryptography.Encoding.dll", - "build/netstandard2.0/ref/System.Security.Cryptography.Primitives.dll", - "build/netstandard2.0/ref/System.Security.Cryptography.X509Certificates.dll", - "build/netstandard2.0/ref/System.Security.Principal.dll", - "build/netstandard2.0/ref/System.Security.SecureString.dll", - "build/netstandard2.0/ref/System.ServiceModel.Web.dll", - "build/netstandard2.0/ref/System.Text.Encoding.Extensions.dll", - "build/netstandard2.0/ref/System.Text.Encoding.dll", - "build/netstandard2.0/ref/System.Text.RegularExpressions.dll", - "build/netstandard2.0/ref/System.Threading.Overlapped.dll", - "build/netstandard2.0/ref/System.Threading.Tasks.Parallel.dll", - "build/netstandard2.0/ref/System.Threading.Tasks.dll", - "build/netstandard2.0/ref/System.Threading.Thread.dll", - "build/netstandard2.0/ref/System.Threading.ThreadPool.dll", - "build/netstandard2.0/ref/System.Threading.Timer.dll", - "build/netstandard2.0/ref/System.Threading.dll", - "build/netstandard2.0/ref/System.Transactions.dll", - "build/netstandard2.0/ref/System.ValueTuple.dll", - "build/netstandard2.0/ref/System.Web.dll", - "build/netstandard2.0/ref/System.Windows.dll", - "build/netstandard2.0/ref/System.Xml.Linq.dll", - "build/netstandard2.0/ref/System.Xml.ReaderWriter.dll", - "build/netstandard2.0/ref/System.Xml.Serialization.dll", - "build/netstandard2.0/ref/System.Xml.XDocument.dll", - "build/netstandard2.0/ref/System.Xml.XPath.XDocument.dll", - "build/netstandard2.0/ref/System.Xml.XPath.dll", - "build/netstandard2.0/ref/System.Xml.XmlDocument.dll", - "build/netstandard2.0/ref/System.Xml.XmlSerializer.dll", - "build/netstandard2.0/ref/System.Xml.dll", - "build/netstandard2.0/ref/System.dll", - "build/netstandard2.0/ref/mscorlib.dll", - "build/netstandard2.0/ref/netstandard.dll", - "build/netstandard2.0/ref/netstandard.xml", - "lib/netstandard1.0/_._", - "netstandard.library.2.0.0.nupkg.sha512", - "netstandard.library.nuspec" - ] - }, - "Newtonsoft.Json/13.0.1": { - "sha512": "ppPFpBcvxdsfUonNcvITKqLl3bqxWbDCZIzDWHzjpdAHRFfZe0Dw9HmA0+za13IdyrgJwpkDTDA9fHaxOrt20A==", - "type": "package", - "path": "newtonsoft.json/13.0.1", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "LICENSE.md", - "lib/net20/Newtonsoft.Json.dll", - "lib/net20/Newtonsoft.Json.xml", - "lib/net35/Newtonsoft.Json.dll", - "lib/net35/Newtonsoft.Json.xml", - "lib/net40/Newtonsoft.Json.dll", - "lib/net40/Newtonsoft.Json.xml", - "lib/net45/Newtonsoft.Json.dll", - "lib/net45/Newtonsoft.Json.xml", - "lib/netstandard1.0/Newtonsoft.Json.dll", - "lib/netstandard1.0/Newtonsoft.Json.xml", - "lib/netstandard1.3/Newtonsoft.Json.dll", - "lib/netstandard1.3/Newtonsoft.Json.xml", - "lib/netstandard2.0/Newtonsoft.Json.dll", - "lib/netstandard2.0/Newtonsoft.Json.xml", - "newtonsoft.json.13.0.1.nupkg.sha512", - "newtonsoft.json.nuspec", - "packageIcon.png" - ] - }, - "runtime.debian.8-x64.runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { - "sha512": "7VSGO0URRKoMEAq0Sc9cRz8mb6zbyx/BZDEWhgPdzzpmFhkam3fJ1DAGWFXBI4nGlma+uPKpfuMQP5LXRnOH5g==", - "type": "package", - "path": "runtime.debian.8-x64.runtime.native.system.security.cryptography.openssl/4.3.2", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "runtime.debian.8-x64.runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", - "runtime.debian.8-x64.runtime.native.system.security.cryptography.openssl.nuspec", - "runtimes/debian.8-x64/native/System.Security.Cryptography.Native.OpenSsl.so" - ] - }, - "runtime.fedora.23-x64.runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { - "sha512": "0oAaTAm6e2oVH+/Zttt0cuhGaePQYKII1dY8iaqP7CvOpVKgLybKRFvQjXR2LtxXOXTVPNv14j0ot8uV+HrUmw==", - "type": "package", - "path": "runtime.fedora.23-x64.runtime.native.system.security.cryptography.openssl/4.3.2", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "runtime.fedora.23-x64.runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", - "runtime.fedora.23-x64.runtime.native.system.security.cryptography.openssl.nuspec", - "runtimes/fedora.23-x64/native/System.Security.Cryptography.Native.OpenSsl.so" - ] - }, - "runtime.fedora.24-x64.runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { - "sha512": "G24ibsCNi5Kbz0oXWynBoRgtGvsw5ZSVEWjv13/KiCAM8C6wz9zzcCniMeQFIkJ2tasjo2kXlvlBZhplL51kGg==", - "type": "package", - "path": "runtime.fedora.24-x64.runtime.native.system.security.cryptography.openssl/4.3.2", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "runtime.fedora.24-x64.runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", - "runtime.fedora.24-x64.runtime.native.system.security.cryptography.openssl.nuspec", - "runtimes/fedora.24-x64/native/System.Security.Cryptography.Native.OpenSsl.so" - ] - }, - "runtime.native.System/4.3.0": { - "sha512": "c/qWt2LieNZIj1jGnVNsE2Kl23Ya2aSTBuXMD6V7k9KWr6l16Tqdwq+hJScEpWER9753NWC8h96PaVNY5Ld7Jw==", - "type": "package", - "path": "runtime.native.system/4.3.0", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "lib/netstandard1.0/_._", - "runtime.native.system.4.3.0.nupkg.sha512", - "runtime.native.system.nuspec" - ] - }, - "runtime.native.System.Net.Http/4.3.0": { - "sha512": "ZVuZJqnnegJhd2k/PtAbbIcZ3aZeITq3sj06oKfMBSfphW3HDmk/t4ObvbOk/JA/swGR0LNqMksAh/f7gpTROg==", - "type": "package", - "path": "runtime.native.system.net.http/4.3.0", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "lib/netstandard1.0/_._", - "runtime.native.system.net.http.4.3.0.nupkg.sha512", - "runtime.native.system.net.http.nuspec" - ] - }, - "runtime.native.System.Security.Cryptography.Apple/4.3.0": { - "sha512": "DloMk88juo0OuOWr56QG7MNchmafTLYWvABy36izkrLI5VledI0rq28KGs1i9wbpeT9NPQrx/wTf8U2vazqQ3Q==", - "type": "package", - "path": "runtime.native.system.security.cryptography.apple/4.3.0", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "lib/netstandard1.0/_._", - "runtime.native.system.security.cryptography.apple.4.3.0.nupkg.sha512", - "runtime.native.system.security.cryptography.apple.nuspec" - ] - }, - "runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { - "sha512": "QR1OwtwehHxSeQvZKXe+iSd+d3XZNkEcuWMFYa2i0aG1l+lR739HPicKMlTbJst3spmeekDVBUS7SeS26s4U/g==", - "type": "package", - "path": "runtime.native.system.security.cryptography.openssl/4.3.2", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "lib/netstandard1.0/_._", - "runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", - "runtime.native.system.security.cryptography.openssl.nuspec" - ] - }, - "runtime.opensuse.13.2-x64.runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { - "sha512": "I+GNKGg2xCHueRd1m9PzeEW7WLbNNLznmTuEi8/vZX71HudUbx1UTwlGkiwMri7JLl8hGaIAWnA/GONhu+LOyQ==", - "type": "package", - "path": "runtime.opensuse.13.2-x64.runtime.native.system.security.cryptography.openssl/4.3.2", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "runtime.opensuse.13.2-x64.runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", - "runtime.opensuse.13.2-x64.runtime.native.system.security.cryptography.openssl.nuspec", - "runtimes/opensuse.13.2-x64/native/System.Security.Cryptography.Native.OpenSsl.so" - ] - }, - "runtime.opensuse.42.1-x64.runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { - "sha512": "1Z3TAq1ytS1IBRtPXJvEUZdVsfWfeNEhBkbiOCGEl9wwAfsjP2lz3ZFDx5tq8p60/EqbS0HItG5piHuB71RjoA==", - "type": "package", - "path": "runtime.opensuse.42.1-x64.runtime.native.system.security.cryptography.openssl/4.3.2", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "runtime.opensuse.42.1-x64.runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", - "runtime.opensuse.42.1-x64.runtime.native.system.security.cryptography.openssl.nuspec", - "runtimes/opensuse.42.1-x64/native/System.Security.Cryptography.Native.OpenSsl.so" - ] - }, - "runtime.osx.10.10-x64.runtime.native.System.Security.Cryptography.Apple/4.3.0": { - "sha512": "kVXCuMTrTlxq4XOOMAysuNwsXWpYeboGddNGpIgNSZmv1b6r/s/DPk0fYMB7Q5Qo4bY68o48jt4T4y5BVecbCQ==", - "type": "package", - "path": "runtime.osx.10.10-x64.runtime.native.system.security.cryptography.apple/4.3.0", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "runtime.osx.10.10-x64.runtime.native.system.security.cryptography.apple.4.3.0.nupkg.sha512", - "runtime.osx.10.10-x64.runtime.native.system.security.cryptography.apple.nuspec", - "runtimes/osx.10.10-x64/native/System.Security.Cryptography.Native.Apple.dylib" - ] - }, - "runtime.osx.10.10-x64.runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { - "sha512": "6mU/cVmmHtQiDXhnzUImxIcDL48GbTk+TsptXyJA+MIOG9LRjPoAQC/qBFB7X+UNyK86bmvGwC8t+M66wsYC8w==", - "type": "package", - "path": "runtime.osx.10.10-x64.runtime.native.system.security.cryptography.openssl/4.3.2", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "runtime.osx.10.10-x64.runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", - "runtime.osx.10.10-x64.runtime.native.system.security.cryptography.openssl.nuspec", - "runtimes/osx.10.10-x64/native/System.Security.Cryptography.Native.OpenSsl.dylib" - ] - }, - "runtime.rhel.7-x64.runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { - "sha512": "vjwG0GGcTW/PPg6KVud8F9GLWYuAV1rrw1BKAqY0oh4jcUqg15oYF1+qkGR2x2ZHM4DQnWKQ7cJgYbfncz/lYg==", - "type": "package", - "path": "runtime.rhel.7-x64.runtime.native.system.security.cryptography.openssl/4.3.2", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "runtime.rhel.7-x64.runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", - "runtime.rhel.7-x64.runtime.native.system.security.cryptography.openssl.nuspec", - "runtimes/rhel.7-x64/native/System.Security.Cryptography.Native.OpenSsl.so" - ] - }, - "runtime.ubuntu.14.04-x64.runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { - "sha512": "7KMFpTkHC/zoExs+PwP8jDCWcrK9H6L7soowT80CUx3e+nxP/AFnq0AQAW5W76z2WYbLAYCRyPfwYFG6zkvQRw==", - "type": "package", - "path": "runtime.ubuntu.14.04-x64.runtime.native.system.security.cryptography.openssl/4.3.2", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "runtime.ubuntu.14.04-x64.runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", - "runtime.ubuntu.14.04-x64.runtime.native.system.security.cryptography.openssl.nuspec", - "runtimes/ubuntu.14.04-x64/native/System.Security.Cryptography.Native.OpenSsl.so" - ] - }, - "runtime.ubuntu.16.04-x64.runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { - "sha512": "xrlmRCnKZJLHxyyLIqkZjNXqgxnKdZxfItrPkjI+6pkRo5lHX8YvSZlWrSI5AVwLMi4HbNWP7064hcAWeZKp5w==", - "type": "package", - "path": "runtime.ubuntu.16.04-x64.runtime.native.system.security.cryptography.openssl/4.3.2", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "runtime.ubuntu.16.04-x64.runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", - "runtime.ubuntu.16.04-x64.runtime.native.system.security.cryptography.openssl.nuspec", - "runtimes/ubuntu.16.04-x64/native/System.Security.Cryptography.Native.OpenSsl.so" - ] - }, - "runtime.ubuntu.16.10-x64.runtime.native.System.Security.Cryptography.OpenSsl/4.3.2": { - "sha512": "leXiwfiIkW7Gmn7cgnNcdtNAU70SjmKW3jxGj1iKHOvdn0zRWsgv/l2OJUO5zdGdiv2VRFnAsxxhDgMzofPdWg==", - "type": "package", - "path": "runtime.ubuntu.16.10-x64.runtime.native.system.security.cryptography.openssl/4.3.2", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "runtime.ubuntu.16.10-x64.runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", - "runtime.ubuntu.16.10-x64.runtime.native.system.security.cryptography.openssl.nuspec", - "runtimes/ubuntu.16.10-x64/native/System.Security.Cryptography.Native.OpenSsl.so" - ] - }, - "System.Collections/4.3.0": { - "sha512": "3Dcj85/TBdVpL5Zr+gEEBUuFe2icOnLalmEh9hfck1PTYbbyWuZgh4fmm2ysCLTrqLQw6t3TgTyJ+VLp+Qb+Lw==", - "type": "package", - "path": "system.collections/4.3.0", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "lib/MonoAndroid10/_._", - "lib/MonoTouch10/_._", - "lib/net45/_._", - "lib/portable-net45+win8+wp8+wpa81/_._", - "lib/win8/_._", - "lib/wp80/_._", - "lib/wpa81/_._", - "lib/xamarinios10/_._", - "lib/xamarinmac20/_._", - "lib/xamarintvos10/_._", - "lib/xamarinwatchos10/_._", - "ref/MonoAndroid10/_._", - "ref/MonoTouch10/_._", - "ref/net45/_._", - "ref/netcore50/System.Collections.dll", - "ref/netcore50/System.Collections.xml", - "ref/netcore50/de/System.Collections.xml", - "ref/netcore50/es/System.Collections.xml", - "ref/netcore50/fr/System.Collections.xml", - "ref/netcore50/it/System.Collections.xml", - "ref/netcore50/ja/System.Collections.xml", - "ref/netcore50/ko/System.Collections.xml", - "ref/netcore50/ru/System.Collections.xml", - "ref/netcore50/zh-hans/System.Collections.xml", - "ref/netcore50/zh-hant/System.Collections.xml", - "ref/netstandard1.0/System.Collections.dll", - "ref/netstandard1.0/System.Collections.xml", - "ref/netstandard1.0/de/System.Collections.xml", - "ref/netstandard1.0/es/System.Collections.xml", - "ref/netstandard1.0/fr/System.Collections.xml", - "ref/netstandard1.0/it/System.Collections.xml", - "ref/netstandard1.0/ja/System.Collections.xml", - "ref/netstandard1.0/ko/System.Collections.xml", - "ref/netstandard1.0/ru/System.Collections.xml", - "ref/netstandard1.0/zh-hans/System.Collections.xml", - "ref/netstandard1.0/zh-hant/System.Collections.xml", - "ref/netstandard1.3/System.Collections.dll", - "ref/netstandard1.3/System.Collections.xml", - "ref/netstandard1.3/de/System.Collections.xml", - "ref/netstandard1.3/es/System.Collections.xml", - "ref/netstandard1.3/fr/System.Collections.xml", - "ref/netstandard1.3/it/System.Collections.xml", - "ref/netstandard1.3/ja/System.Collections.xml", - "ref/netstandard1.3/ko/System.Collections.xml", - "ref/netstandard1.3/ru/System.Collections.xml", - "ref/netstandard1.3/zh-hans/System.Collections.xml", - "ref/netstandard1.3/zh-hant/System.Collections.xml", - "ref/portable-net45+win8+wp8+wpa81/_._", - "ref/win8/_._", - "ref/wp80/_._", - "ref/wpa81/_._", - "ref/xamarinios10/_._", - "ref/xamarinmac20/_._", - "ref/xamarintvos10/_._", - "ref/xamarinwatchos10/_._", - "system.collections.4.3.0.nupkg.sha512", - "system.collections.nuspec" - ] - }, - "System.Collections.Concurrent/4.3.0": { - "sha512": "ztl69Xp0Y/UXCL+3v3tEU+lIy+bvjKNUmopn1wep/a291pVPK7dxBd6T7WnlQqRog+d1a/hSsgRsmFnIBKTPLQ==", - "type": "package", - "path": "system.collections.concurrent/4.3.0", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "lib/MonoAndroid10/_._", - "lib/MonoTouch10/_._", - "lib/net45/_._", - "lib/netcore50/System.Collections.Concurrent.dll", - "lib/netstandard1.3/System.Collections.Concurrent.dll", - "lib/portable-net45+win8+wpa81/_._", - "lib/win8/_._", - "lib/wpa81/_._", - "lib/xamarinios10/_._", - "lib/xamarinmac20/_._", - "lib/xamarintvos10/_._", - "lib/xamarinwatchos10/_._", - "ref/MonoAndroid10/_._", - "ref/MonoTouch10/_._", - "ref/net45/_._", - "ref/netcore50/System.Collections.Concurrent.dll", - "ref/netcore50/System.Collections.Concurrent.xml", - "ref/netcore50/de/System.Collections.Concurrent.xml", - "ref/netcore50/es/System.Collections.Concurrent.xml", - "ref/netcore50/fr/System.Collections.Concurrent.xml", - "ref/netcore50/it/System.Collections.Concurrent.xml", - "ref/netcore50/ja/System.Collections.Concurrent.xml", - "ref/netcore50/ko/System.Collections.Concurrent.xml", - "ref/netcore50/ru/System.Collections.Concurrent.xml", - "ref/netcore50/zh-hans/System.Collections.Concurrent.xml", - "ref/netcore50/zh-hant/System.Collections.Concurrent.xml", - "ref/netstandard1.1/System.Collections.Concurrent.dll", - "ref/netstandard1.1/System.Collections.Concurrent.xml", - "ref/netstandard1.1/de/System.Collections.Concurrent.xml", - "ref/netstandard1.1/es/System.Collections.Concurrent.xml", - "ref/netstandard1.1/fr/System.Collections.Concurrent.xml", - "ref/netstandard1.1/it/System.Collections.Concurrent.xml", - "ref/netstandard1.1/ja/System.Collections.Concurrent.xml", - "ref/netstandard1.1/ko/System.Collections.Concurrent.xml", - "ref/netstandard1.1/ru/System.Collections.Concurrent.xml", - "ref/netstandard1.1/zh-hans/System.Collections.Concurrent.xml", - "ref/netstandard1.1/zh-hant/System.Collections.Concurrent.xml", - "ref/netstandard1.3/System.Collections.Concurrent.dll", - "ref/netstandard1.3/System.Collections.Concurrent.xml", - "ref/netstandard1.3/de/System.Collections.Concurrent.xml", - "ref/netstandard1.3/es/System.Collections.Concurrent.xml", - "ref/netstandard1.3/fr/System.Collections.Concurrent.xml", - "ref/netstandard1.3/it/System.Collections.Concurrent.xml", - "ref/netstandard1.3/ja/System.Collections.Concurrent.xml", - "ref/netstandard1.3/ko/System.Collections.Concurrent.xml", - "ref/netstandard1.3/ru/System.Collections.Concurrent.xml", - "ref/netstandard1.3/zh-hans/System.Collections.Concurrent.xml", - "ref/netstandard1.3/zh-hant/System.Collections.Concurrent.xml", - "ref/portable-net45+win8+wpa81/_._", - "ref/win8/_._", - "ref/wpa81/_._", - "ref/xamarinios10/_._", - "ref/xamarinmac20/_._", - "ref/xamarintvos10/_._", - "ref/xamarinwatchos10/_._", - "system.collections.concurrent.4.3.0.nupkg.sha512", - "system.collections.concurrent.nuspec" - ] - }, - "System.Diagnostics.Debug/4.3.0": { - "sha512": "ZUhUOdqmaG5Jk3Xdb8xi5kIyQYAA4PnTNlHx1mu9ZY3qv4ELIdKbnL/akbGaKi2RnNUWaZsAs31rvzFdewTj2g==", - "type": "package", - "path": "system.diagnostics.debug/4.3.0", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "lib/MonoAndroid10/_._", - "lib/MonoTouch10/_._", - "lib/net45/_._", - "lib/portable-net45+win8+wp8+wpa81/_._", - "lib/win8/_._", - "lib/wp80/_._", - "lib/wpa81/_._", - "lib/xamarinios10/_._", - "lib/xamarinmac20/_._", - "lib/xamarintvos10/_._", - "lib/xamarinwatchos10/_._", - "ref/MonoAndroid10/_._", - "ref/MonoTouch10/_._", - "ref/net45/_._", - "ref/netcore50/System.Diagnostics.Debug.dll", - "ref/netcore50/System.Diagnostics.Debug.xml", - "ref/netcore50/de/System.Diagnostics.Debug.xml", - "ref/netcore50/es/System.Diagnostics.Debug.xml", - "ref/netcore50/fr/System.Diagnostics.Debug.xml", - "ref/netcore50/it/System.Diagnostics.Debug.xml", - "ref/netcore50/ja/System.Diagnostics.Debug.xml", - "ref/netcore50/ko/System.Diagnostics.Debug.xml", - "ref/netcore50/ru/System.Diagnostics.Debug.xml", - "ref/netcore50/zh-hans/System.Diagnostics.Debug.xml", - "ref/netcore50/zh-hant/System.Diagnostics.Debug.xml", - "ref/netstandard1.0/System.Diagnostics.Debug.dll", - "ref/netstandard1.0/System.Diagnostics.Debug.xml", - "ref/netstandard1.0/de/System.Diagnostics.Debug.xml", - "ref/netstandard1.0/es/System.Diagnostics.Debug.xml", - "ref/netstandard1.0/fr/System.Diagnostics.Debug.xml", - "ref/netstandard1.0/it/System.Diagnostics.Debug.xml", - "ref/netstandard1.0/ja/System.Diagnostics.Debug.xml", - "ref/netstandard1.0/ko/System.Diagnostics.Debug.xml", - "ref/netstandard1.0/ru/System.Diagnostics.Debug.xml", - "ref/netstandard1.0/zh-hans/System.Diagnostics.Debug.xml", - "ref/netstandard1.0/zh-hant/System.Diagnostics.Debug.xml", - "ref/netstandard1.3/System.Diagnostics.Debug.dll", - "ref/netstandard1.3/System.Diagnostics.Debug.xml", - "ref/netstandard1.3/de/System.Diagnostics.Debug.xml", - "ref/netstandard1.3/es/System.Diagnostics.Debug.xml", - "ref/netstandard1.3/fr/System.Diagnostics.Debug.xml", - "ref/netstandard1.3/it/System.Diagnostics.Debug.xml", - "ref/netstandard1.3/ja/System.Diagnostics.Debug.xml", - "ref/netstandard1.3/ko/System.Diagnostics.Debug.xml", - "ref/netstandard1.3/ru/System.Diagnostics.Debug.xml", - "ref/netstandard1.3/zh-hans/System.Diagnostics.Debug.xml", - "ref/netstandard1.3/zh-hant/System.Diagnostics.Debug.xml", - "ref/portable-net45+win8+wp8+wpa81/_._", - "ref/win8/_._", - "ref/wp80/_._", - "ref/wpa81/_._", - "ref/xamarinios10/_._", - "ref/xamarinmac20/_._", - "ref/xamarintvos10/_._", - "ref/xamarinwatchos10/_._", - "system.diagnostics.debug.4.3.0.nupkg.sha512", - "system.diagnostics.debug.nuspec" - ] - }, - "System.Diagnostics.DiagnosticSource/4.3.0": { - "sha512": "tD6kosZnTAGdrEa0tZSuFyunMbt/5KYDnHdndJYGqZoNy00XVXyACd5d6KnE1YgYv3ne2CjtAfNXo/fwEhnKUA==", - "type": "package", - "path": "system.diagnostics.diagnosticsource/4.3.0", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "lib/net46/System.Diagnostics.DiagnosticSource.dll", - "lib/net46/System.Diagnostics.DiagnosticSource.xml", - "lib/netstandard1.1/System.Diagnostics.DiagnosticSource.dll", - "lib/netstandard1.1/System.Diagnostics.DiagnosticSource.xml", - "lib/netstandard1.3/System.Diagnostics.DiagnosticSource.dll", - "lib/netstandard1.3/System.Diagnostics.DiagnosticSource.xml", - "lib/portable-net45+win8+wpa81/System.Diagnostics.DiagnosticSource.dll", - "lib/portable-net45+win8+wpa81/System.Diagnostics.DiagnosticSource.xml", - "system.diagnostics.diagnosticsource.4.3.0.nupkg.sha512", - "system.diagnostics.diagnosticsource.nuspec" - ] - }, - "System.Diagnostics.Tracing/4.3.0": { - "sha512": "rswfv0f/Cqkh78rA5S8eN8Neocz234+emGCtTF3lxPY96F+mmmUen6tbn0glN6PMvlKQb9bPAY5e9u7fgPTkKw==", - "type": "package", - "path": "system.diagnostics.tracing/4.3.0", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "lib/MonoAndroid10/_._", - "lib/MonoTouch10/_._", - "lib/net45/_._", - "lib/net462/System.Diagnostics.Tracing.dll", - "lib/portable-net45+win8+wpa81/_._", - "lib/win8/_._", - "lib/wpa81/_._", - "lib/xamarinios10/_._", - "lib/xamarinmac20/_._", - "lib/xamarintvos10/_._", - "lib/xamarinwatchos10/_._", - "ref/MonoAndroid10/_._", - "ref/MonoTouch10/_._", - "ref/net45/_._", - "ref/net462/System.Diagnostics.Tracing.dll", - "ref/netcore50/System.Diagnostics.Tracing.dll", - "ref/netcore50/System.Diagnostics.Tracing.xml", - "ref/netcore50/de/System.Diagnostics.Tracing.xml", - "ref/netcore50/es/System.Diagnostics.Tracing.xml", - "ref/netcore50/fr/System.Diagnostics.Tracing.xml", - "ref/netcore50/it/System.Diagnostics.Tracing.xml", - "ref/netcore50/ja/System.Diagnostics.Tracing.xml", - "ref/netcore50/ko/System.Diagnostics.Tracing.xml", - "ref/netcore50/ru/System.Diagnostics.Tracing.xml", - "ref/netcore50/zh-hans/System.Diagnostics.Tracing.xml", - "ref/netcore50/zh-hant/System.Diagnostics.Tracing.xml", - "ref/netstandard1.1/System.Diagnostics.Tracing.dll", - "ref/netstandard1.1/System.Diagnostics.Tracing.xml", - "ref/netstandard1.1/de/System.Diagnostics.Tracing.xml", - "ref/netstandard1.1/es/System.Diagnostics.Tracing.xml", - "ref/netstandard1.1/fr/System.Diagnostics.Tracing.xml", - "ref/netstandard1.1/it/System.Diagnostics.Tracing.xml", - "ref/netstandard1.1/ja/System.Diagnostics.Tracing.xml", - "ref/netstandard1.1/ko/System.Diagnostics.Tracing.xml", - "ref/netstandard1.1/ru/System.Diagnostics.Tracing.xml", - "ref/netstandard1.1/zh-hans/System.Diagnostics.Tracing.xml", - "ref/netstandard1.1/zh-hant/System.Diagnostics.Tracing.xml", - "ref/netstandard1.2/System.Diagnostics.Tracing.dll", - "ref/netstandard1.2/System.Diagnostics.Tracing.xml", - "ref/netstandard1.2/de/System.Diagnostics.Tracing.xml", - "ref/netstandard1.2/es/System.Diagnostics.Tracing.xml", - "ref/netstandard1.2/fr/System.Diagnostics.Tracing.xml", - "ref/netstandard1.2/it/System.Diagnostics.Tracing.xml", - "ref/netstandard1.2/ja/System.Diagnostics.Tracing.xml", - "ref/netstandard1.2/ko/System.Diagnostics.Tracing.xml", - "ref/netstandard1.2/ru/System.Diagnostics.Tracing.xml", - "ref/netstandard1.2/zh-hans/System.Diagnostics.Tracing.xml", - "ref/netstandard1.2/zh-hant/System.Diagnostics.Tracing.xml", - "ref/netstandard1.3/System.Diagnostics.Tracing.dll", - "ref/netstandard1.3/System.Diagnostics.Tracing.xml", - "ref/netstandard1.3/de/System.Diagnostics.Tracing.xml", - "ref/netstandard1.3/es/System.Diagnostics.Tracing.xml", - "ref/netstandard1.3/fr/System.Diagnostics.Tracing.xml", - "ref/netstandard1.3/it/System.Diagnostics.Tracing.xml", - "ref/netstandard1.3/ja/System.Diagnostics.Tracing.xml", - "ref/netstandard1.3/ko/System.Diagnostics.Tracing.xml", - "ref/netstandard1.3/ru/System.Diagnostics.Tracing.xml", - "ref/netstandard1.3/zh-hans/System.Diagnostics.Tracing.xml", - "ref/netstandard1.3/zh-hant/System.Diagnostics.Tracing.xml", - "ref/netstandard1.5/System.Diagnostics.Tracing.dll", - "ref/netstandard1.5/System.Diagnostics.Tracing.xml", - "ref/netstandard1.5/de/System.Diagnostics.Tracing.xml", - "ref/netstandard1.5/es/System.Diagnostics.Tracing.xml", - "ref/netstandard1.5/fr/System.Diagnostics.Tracing.xml", - "ref/netstandard1.5/it/System.Diagnostics.Tracing.xml", - "ref/netstandard1.5/ja/System.Diagnostics.Tracing.xml", - "ref/netstandard1.5/ko/System.Diagnostics.Tracing.xml", - "ref/netstandard1.5/ru/System.Diagnostics.Tracing.xml", - "ref/netstandard1.5/zh-hans/System.Diagnostics.Tracing.xml", - "ref/netstandard1.5/zh-hant/System.Diagnostics.Tracing.xml", - "ref/portable-net45+win8+wpa81/_._", - "ref/win8/_._", - "ref/wpa81/_._", - "ref/xamarinios10/_._", - "ref/xamarinmac20/_._", - "ref/xamarintvos10/_._", - "ref/xamarinwatchos10/_._", - "system.diagnostics.tracing.4.3.0.nupkg.sha512", - "system.diagnostics.tracing.nuspec" - ] - }, - "System.Globalization/4.3.0": { - "sha512": "kYdVd2f2PAdFGblzFswE4hkNANJBKRmsfa2X5LG2AcWE1c7/4t0pYae1L8vfZ5xvE2nK/R9JprtToA61OSHWIg==", - "type": "package", - "path": "system.globalization/4.3.0", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "lib/MonoAndroid10/_._", - "lib/MonoTouch10/_._", - "lib/net45/_._", - "lib/portable-net45+win8+wp8+wpa81/_._", - "lib/win8/_._", - "lib/wp80/_._", - "lib/wpa81/_._", - "lib/xamarinios10/_._", - "lib/xamarinmac20/_._", - "lib/xamarintvos10/_._", - "lib/xamarinwatchos10/_._", - "ref/MonoAndroid10/_._", - "ref/MonoTouch10/_._", - "ref/net45/_._", - "ref/netcore50/System.Globalization.dll", - "ref/netcore50/System.Globalization.xml", - "ref/netcore50/de/System.Globalization.xml", - "ref/netcore50/es/System.Globalization.xml", - "ref/netcore50/fr/System.Globalization.xml", - "ref/netcore50/it/System.Globalization.xml", - "ref/netcore50/ja/System.Globalization.xml", - "ref/netcore50/ko/System.Globalization.xml", - "ref/netcore50/ru/System.Globalization.xml", - "ref/netcore50/zh-hans/System.Globalization.xml", - "ref/netcore50/zh-hant/System.Globalization.xml", - "ref/netstandard1.0/System.Globalization.dll", - "ref/netstandard1.0/System.Globalization.xml", - "ref/netstandard1.0/de/System.Globalization.xml", - "ref/netstandard1.0/es/System.Globalization.xml", - "ref/netstandard1.0/fr/System.Globalization.xml", - "ref/netstandard1.0/it/System.Globalization.xml", - "ref/netstandard1.0/ja/System.Globalization.xml", - "ref/netstandard1.0/ko/System.Globalization.xml", - "ref/netstandard1.0/ru/System.Globalization.xml", - "ref/netstandard1.0/zh-hans/System.Globalization.xml", - "ref/netstandard1.0/zh-hant/System.Globalization.xml", - "ref/netstandard1.3/System.Globalization.dll", - "ref/netstandard1.3/System.Globalization.xml", - "ref/netstandard1.3/de/System.Globalization.xml", - "ref/netstandard1.3/es/System.Globalization.xml", - "ref/netstandard1.3/fr/System.Globalization.xml", - "ref/netstandard1.3/it/System.Globalization.xml", - "ref/netstandard1.3/ja/System.Globalization.xml", - "ref/netstandard1.3/ko/System.Globalization.xml", - "ref/netstandard1.3/ru/System.Globalization.xml", - "ref/netstandard1.3/zh-hans/System.Globalization.xml", - "ref/netstandard1.3/zh-hant/System.Globalization.xml", - "ref/portable-net45+win8+wp8+wpa81/_._", - "ref/win8/_._", - "ref/wp80/_._", - "ref/wpa81/_._", - "ref/xamarinios10/_._", - "ref/xamarinmac20/_._", - "ref/xamarintvos10/_._", - "ref/xamarinwatchos10/_._", - "system.globalization.4.3.0.nupkg.sha512", - "system.globalization.nuspec" - ] - }, - "System.Globalization.Calendars/4.3.0": { - "sha512": "GUlBtdOWT4LTV3I+9/PJW+56AnnChTaOqqTLFtdmype/L500M2LIyXgmtd9X2P2VOkmJd5c67H5SaC2QcL1bFA==", - "type": "package", - "path": "system.globalization.calendars/4.3.0", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "lib/MonoAndroid10/_._", - "lib/MonoTouch10/_._", - "lib/net46/System.Globalization.Calendars.dll", - "lib/xamarinios10/_._", - "lib/xamarinmac20/_._", - "lib/xamarintvos10/_._", - "lib/xamarinwatchos10/_._", - "ref/MonoAndroid10/_._", - "ref/MonoTouch10/_._", - "ref/net46/System.Globalization.Calendars.dll", - "ref/netstandard1.3/System.Globalization.Calendars.dll", - "ref/netstandard1.3/System.Globalization.Calendars.xml", - "ref/netstandard1.3/de/System.Globalization.Calendars.xml", - "ref/netstandard1.3/es/System.Globalization.Calendars.xml", - "ref/netstandard1.3/fr/System.Globalization.Calendars.xml", - "ref/netstandard1.3/it/System.Globalization.Calendars.xml", - "ref/netstandard1.3/ja/System.Globalization.Calendars.xml", - "ref/netstandard1.3/ko/System.Globalization.Calendars.xml", - "ref/netstandard1.3/ru/System.Globalization.Calendars.xml", - "ref/netstandard1.3/zh-hans/System.Globalization.Calendars.xml", - "ref/netstandard1.3/zh-hant/System.Globalization.Calendars.xml", - "ref/xamarinios10/_._", - "ref/xamarinmac20/_._", - "ref/xamarintvos10/_._", - "ref/xamarinwatchos10/_._", - "system.globalization.calendars.4.3.0.nupkg.sha512", - "system.globalization.calendars.nuspec" - ] - }, - "System.Globalization.Extensions/4.3.0": { - "sha512": "FhKmdR6MPG+pxow6wGtNAWdZh7noIOpdD5TwQ3CprzgIE1bBBoim0vbR1+AWsWjQmU7zXHgQo4TWSP6lCeiWcQ==", - "type": "package", - "path": "system.globalization.extensions/4.3.0", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "lib/MonoAndroid10/_._", - "lib/MonoTouch10/_._", - "lib/net46/System.Globalization.Extensions.dll", - "lib/xamarinios10/_._", - "lib/xamarinmac20/_._", - "lib/xamarintvos10/_._", - "lib/xamarinwatchos10/_._", - "ref/MonoAndroid10/_._", - "ref/MonoTouch10/_._", - "ref/net46/System.Globalization.Extensions.dll", - "ref/netstandard1.3/System.Globalization.Extensions.dll", - "ref/netstandard1.3/System.Globalization.Extensions.xml", - "ref/netstandard1.3/de/System.Globalization.Extensions.xml", - "ref/netstandard1.3/es/System.Globalization.Extensions.xml", - "ref/netstandard1.3/fr/System.Globalization.Extensions.xml", - "ref/netstandard1.3/it/System.Globalization.Extensions.xml", - "ref/netstandard1.3/ja/System.Globalization.Extensions.xml", - "ref/netstandard1.3/ko/System.Globalization.Extensions.xml", - "ref/netstandard1.3/ru/System.Globalization.Extensions.xml", - "ref/netstandard1.3/zh-hans/System.Globalization.Extensions.xml", - "ref/netstandard1.3/zh-hant/System.Globalization.Extensions.xml", - "ref/xamarinios10/_._", - "ref/xamarinmac20/_._", - "ref/xamarintvos10/_._", - "ref/xamarinwatchos10/_._", - "runtimes/unix/lib/netstandard1.3/System.Globalization.Extensions.dll", - "runtimes/win/lib/net46/System.Globalization.Extensions.dll", - "runtimes/win/lib/netstandard1.3/System.Globalization.Extensions.dll", - "system.globalization.extensions.4.3.0.nupkg.sha512", - "system.globalization.extensions.nuspec" - ] - }, - "System.IO/4.3.0": { - "sha512": "3qjaHvxQPDpSOYICjUoTsmoq5u6QJAFRUITgeT/4gqkF1bajbSmb1kwSxEA8AHlofqgcKJcM8udgieRNhaJ5Cg==", - "type": "package", - "path": "system.io/4.3.0", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "lib/MonoAndroid10/_._", - "lib/MonoTouch10/_._", - "lib/net45/_._", - "lib/net462/System.IO.dll", - "lib/portable-net45+win8+wp8+wpa81/_._", - "lib/win8/_._", - "lib/wp80/_._", - "lib/wpa81/_._", - "lib/xamarinios10/_._", - "lib/xamarinmac20/_._", - "lib/xamarintvos10/_._", - "lib/xamarinwatchos10/_._", - "ref/MonoAndroid10/_._", - "ref/MonoTouch10/_._", - "ref/net45/_._", - "ref/net462/System.IO.dll", - "ref/netcore50/System.IO.dll", - "ref/netcore50/System.IO.xml", - "ref/netcore50/de/System.IO.xml", - "ref/netcore50/es/System.IO.xml", - "ref/netcore50/fr/System.IO.xml", - "ref/netcore50/it/System.IO.xml", - "ref/netcore50/ja/System.IO.xml", - "ref/netcore50/ko/System.IO.xml", - "ref/netcore50/ru/System.IO.xml", - "ref/netcore50/zh-hans/System.IO.xml", - "ref/netcore50/zh-hant/System.IO.xml", - "ref/netstandard1.0/System.IO.dll", - "ref/netstandard1.0/System.IO.xml", - "ref/netstandard1.0/de/System.IO.xml", - "ref/netstandard1.0/es/System.IO.xml", - "ref/netstandard1.0/fr/System.IO.xml", - "ref/netstandard1.0/it/System.IO.xml", - "ref/netstandard1.0/ja/System.IO.xml", - "ref/netstandard1.0/ko/System.IO.xml", - "ref/netstandard1.0/ru/System.IO.xml", - "ref/netstandard1.0/zh-hans/System.IO.xml", - "ref/netstandard1.0/zh-hant/System.IO.xml", - "ref/netstandard1.3/System.IO.dll", - "ref/netstandard1.3/System.IO.xml", - "ref/netstandard1.3/de/System.IO.xml", - "ref/netstandard1.3/es/System.IO.xml", - "ref/netstandard1.3/fr/System.IO.xml", - "ref/netstandard1.3/it/System.IO.xml", - "ref/netstandard1.3/ja/System.IO.xml", - "ref/netstandard1.3/ko/System.IO.xml", - "ref/netstandard1.3/ru/System.IO.xml", - "ref/netstandard1.3/zh-hans/System.IO.xml", - "ref/netstandard1.3/zh-hant/System.IO.xml", - "ref/netstandard1.5/System.IO.dll", - "ref/netstandard1.5/System.IO.xml", - "ref/netstandard1.5/de/System.IO.xml", - "ref/netstandard1.5/es/System.IO.xml", - "ref/netstandard1.5/fr/System.IO.xml", - "ref/netstandard1.5/it/System.IO.xml", - "ref/netstandard1.5/ja/System.IO.xml", - "ref/netstandard1.5/ko/System.IO.xml", - "ref/netstandard1.5/ru/System.IO.xml", - "ref/netstandard1.5/zh-hans/System.IO.xml", - "ref/netstandard1.5/zh-hant/System.IO.xml", - "ref/portable-net45+win8+wp8+wpa81/_._", - "ref/win8/_._", - "ref/wp80/_._", - "ref/wpa81/_._", - "ref/xamarinios10/_._", - "ref/xamarinmac20/_._", - "ref/xamarintvos10/_._", - "ref/xamarinwatchos10/_._", - "system.io.4.3.0.nupkg.sha512", - "system.io.nuspec" - ] - }, - "System.IO.FileSystem/4.3.0": { - "sha512": "3wEMARTnuio+ulnvi+hkRNROYwa1kylvYahhcLk4HSoVdl+xxTFVeVlYOfLwrDPImGls0mDqbMhrza8qnWPTdA==", - "type": "package", - "path": "system.io.filesystem/4.3.0", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "lib/MonoAndroid10/_._", - "lib/MonoTouch10/_._", - "lib/net46/System.IO.FileSystem.dll", - "lib/xamarinios10/_._", - "lib/xamarinmac20/_._", - "lib/xamarintvos10/_._", - "lib/xamarinwatchos10/_._", - "ref/MonoAndroid10/_._", - "ref/MonoTouch10/_._", - "ref/net46/System.IO.FileSystem.dll", - "ref/netstandard1.3/System.IO.FileSystem.dll", - "ref/netstandard1.3/System.IO.FileSystem.xml", - "ref/netstandard1.3/de/System.IO.FileSystem.xml", - "ref/netstandard1.3/es/System.IO.FileSystem.xml", - "ref/netstandard1.3/fr/System.IO.FileSystem.xml", - "ref/netstandard1.3/it/System.IO.FileSystem.xml", - "ref/netstandard1.3/ja/System.IO.FileSystem.xml", - "ref/netstandard1.3/ko/System.IO.FileSystem.xml", - "ref/netstandard1.3/ru/System.IO.FileSystem.xml", - "ref/netstandard1.3/zh-hans/System.IO.FileSystem.xml", - "ref/netstandard1.3/zh-hant/System.IO.FileSystem.xml", - "ref/xamarinios10/_._", - "ref/xamarinmac20/_._", - "ref/xamarintvos10/_._", - "ref/xamarinwatchos10/_._", - "system.io.filesystem.4.3.0.nupkg.sha512", - "system.io.filesystem.nuspec" - ] - }, - "System.IO.FileSystem.Primitives/4.3.0": { - "sha512": "6QOb2XFLch7bEc4lIcJH49nJN2HV+OC3fHDgsLVsBVBk3Y4hFAnOBGzJ2lUu7CyDDFo9IBWkSsnbkT6IBwwiMw==", - "type": "package", - "path": "system.io.filesystem.primitives/4.3.0", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "lib/MonoAndroid10/_._", - "lib/MonoTouch10/_._", - "lib/net46/System.IO.FileSystem.Primitives.dll", - "lib/netstandard1.3/System.IO.FileSystem.Primitives.dll", - "lib/xamarinios10/_._", - "lib/xamarinmac20/_._", - "lib/xamarintvos10/_._", - "lib/xamarinwatchos10/_._", - "ref/MonoAndroid10/_._", - "ref/MonoTouch10/_._", - "ref/net46/System.IO.FileSystem.Primitives.dll", - "ref/netstandard1.3/System.IO.FileSystem.Primitives.dll", - "ref/netstandard1.3/System.IO.FileSystem.Primitives.xml", - "ref/netstandard1.3/de/System.IO.FileSystem.Primitives.xml", - "ref/netstandard1.3/es/System.IO.FileSystem.Primitives.xml", - "ref/netstandard1.3/fr/System.IO.FileSystem.Primitives.xml", - "ref/netstandard1.3/it/System.IO.FileSystem.Primitives.xml", - "ref/netstandard1.3/ja/System.IO.FileSystem.Primitives.xml", - "ref/netstandard1.3/ko/System.IO.FileSystem.Primitives.xml", - "ref/netstandard1.3/ru/System.IO.FileSystem.Primitives.xml", - "ref/netstandard1.3/zh-hans/System.IO.FileSystem.Primitives.xml", - "ref/netstandard1.3/zh-hant/System.IO.FileSystem.Primitives.xml", - "ref/xamarinios10/_._", - "ref/xamarinmac20/_._", - "ref/xamarintvos10/_._", - "ref/xamarinwatchos10/_._", - "system.io.filesystem.primitives.4.3.0.nupkg.sha512", - "system.io.filesystem.primitives.nuspec" - ] - }, - "System.Linq/4.3.0": { - "sha512": "5DbqIUpsDp0dFftytzuMmc0oeMdQwjcP/EWxsksIz/w1TcFRkZ3yKKz0PqiYFMmEwPSWw+qNVqD7PJ889JzHbw==", - "type": "package", - "path": "system.linq/4.3.0", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "lib/MonoAndroid10/_._", - "lib/MonoTouch10/_._", - "lib/net45/_._", - "lib/net463/System.Linq.dll", - "lib/netcore50/System.Linq.dll", - "lib/netstandard1.6/System.Linq.dll", - "lib/portable-net45+win8+wp8+wpa81/_._", - "lib/win8/_._", - "lib/wp80/_._", - "lib/wpa81/_._", - "lib/xamarinios10/_._", - "lib/xamarinmac20/_._", - "lib/xamarintvos10/_._", - "lib/xamarinwatchos10/_._", - "ref/MonoAndroid10/_._", - "ref/MonoTouch10/_._", - "ref/net45/_._", - "ref/net463/System.Linq.dll", - "ref/netcore50/System.Linq.dll", - "ref/netcore50/System.Linq.xml", - "ref/netcore50/de/System.Linq.xml", - "ref/netcore50/es/System.Linq.xml", - "ref/netcore50/fr/System.Linq.xml", - "ref/netcore50/it/System.Linq.xml", - "ref/netcore50/ja/System.Linq.xml", - "ref/netcore50/ko/System.Linq.xml", - "ref/netcore50/ru/System.Linq.xml", - "ref/netcore50/zh-hans/System.Linq.xml", - "ref/netcore50/zh-hant/System.Linq.xml", - "ref/netstandard1.0/System.Linq.dll", - "ref/netstandard1.0/System.Linq.xml", - "ref/netstandard1.0/de/System.Linq.xml", - "ref/netstandard1.0/es/System.Linq.xml", - "ref/netstandard1.0/fr/System.Linq.xml", - "ref/netstandard1.0/it/System.Linq.xml", - "ref/netstandard1.0/ja/System.Linq.xml", - "ref/netstandard1.0/ko/System.Linq.xml", - "ref/netstandard1.0/ru/System.Linq.xml", - "ref/netstandard1.0/zh-hans/System.Linq.xml", - "ref/netstandard1.0/zh-hant/System.Linq.xml", - "ref/netstandard1.6/System.Linq.dll", - "ref/netstandard1.6/System.Linq.xml", - "ref/netstandard1.6/de/System.Linq.xml", - "ref/netstandard1.6/es/System.Linq.xml", - "ref/netstandard1.6/fr/System.Linq.xml", - "ref/netstandard1.6/it/System.Linq.xml", - "ref/netstandard1.6/ja/System.Linq.xml", - "ref/netstandard1.6/ko/System.Linq.xml", - "ref/netstandard1.6/ru/System.Linq.xml", - "ref/netstandard1.6/zh-hans/System.Linq.xml", - "ref/netstandard1.6/zh-hant/System.Linq.xml", - "ref/portable-net45+win8+wp8+wpa81/_._", - "ref/win8/_._", - "ref/wp80/_._", - "ref/wpa81/_._", - "ref/xamarinios10/_._", - "ref/xamarinmac20/_._", - "ref/xamarintvos10/_._", - "ref/xamarinwatchos10/_._", - "system.linq.4.3.0.nupkg.sha512", - "system.linq.nuspec" - ] - }, - "System.Net.Http/4.3.4": { - "sha512": "aOa2d51SEbmM+H+Csw7yJOuNZoHkrP2XnAurye5HWYgGVVU54YZDvsLUYRv6h18X3sPnjNCANmN7ZhIPiqMcjA==", - "type": "package", - "path": "system.net.http/4.3.4", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "lib/Xamarinmac20/_._", - "lib/monoandroid10/_._", - "lib/monotouch10/_._", - "lib/net45/_._", - "lib/net46/System.Net.Http.dll", - "lib/portable-net45+win8+wpa81/_._", - "lib/win8/_._", - "lib/wpa81/_._", - "lib/xamarinios10/_._", - "lib/xamarintvos10/_._", - "lib/xamarinwatchos10/_._", - "ref/Xamarinmac20/_._", - "ref/monoandroid10/_._", - "ref/monotouch10/_._", - "ref/net45/_._", - "ref/net46/System.Net.Http.dll", - "ref/netcore50/System.Net.Http.dll", - "ref/netstandard1.1/System.Net.Http.dll", - "ref/netstandard1.3/System.Net.Http.dll", - "ref/portable-net45+win8+wpa81/_._", - "ref/win8/_._", - "ref/wpa81/_._", - "ref/xamarinios10/_._", - "ref/xamarintvos10/_._", - "ref/xamarinwatchos10/_._", - "runtimes/unix/lib/netstandard1.6/System.Net.Http.dll", - "runtimes/win/lib/net46/System.Net.Http.dll", - "runtimes/win/lib/netcore50/System.Net.Http.dll", - "runtimes/win/lib/netstandard1.3/System.Net.Http.dll", - "system.net.http.4.3.4.nupkg.sha512", - "system.net.http.nuspec" - ] - }, - "System.Net.Primitives/4.3.1": { - "sha512": "OHzPhSme78BbmLe9UBxHM69ZYjClS5URuhce6Ta4ikiLgaUGiG/X84fZpI6zy7CsUH5R9cYzI2tv9dWPqdTkUg==", - "type": "package", - "path": "system.net.primitives/4.3.1", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "lib/MonoAndroid10/_._", - "lib/MonoTouch10/_._", - "lib/net45/_._", - "lib/portable-net45+win8+wp8+wpa81/_._", - "lib/win8/_._", - "lib/wp80/_._", - "lib/wpa81/_._", - "lib/xamarinios10/_._", - "lib/xamarinmac20/_._", - "lib/xamarintvos10/_._", - "lib/xamarinwatchos10/_._", - "ref/MonoAndroid10/_._", - "ref/MonoTouch10/_._", - "ref/net45/_._", - "ref/netcore50/System.Net.Primitives.dll", - "ref/netcore50/System.Net.Primitives.xml", - "ref/netcore50/de/System.Net.Primitives.xml", - "ref/netcore50/es/System.Net.Primitives.xml", - "ref/netcore50/fr/System.Net.Primitives.xml", - "ref/netcore50/it/System.Net.Primitives.xml", - "ref/netcore50/ja/System.Net.Primitives.xml", - "ref/netcore50/ko/System.Net.Primitives.xml", - "ref/netcore50/ru/System.Net.Primitives.xml", - "ref/netcore50/zh-hans/System.Net.Primitives.xml", - "ref/netcore50/zh-hant/System.Net.Primitives.xml", - "ref/netstandard1.0/System.Net.Primitives.dll", - "ref/netstandard1.0/System.Net.Primitives.xml", - "ref/netstandard1.0/de/System.Net.Primitives.xml", - "ref/netstandard1.0/es/System.Net.Primitives.xml", - "ref/netstandard1.0/fr/System.Net.Primitives.xml", - "ref/netstandard1.0/it/System.Net.Primitives.xml", - "ref/netstandard1.0/ja/System.Net.Primitives.xml", - "ref/netstandard1.0/ko/System.Net.Primitives.xml", - "ref/netstandard1.0/ru/System.Net.Primitives.xml", - "ref/netstandard1.0/zh-hans/System.Net.Primitives.xml", - "ref/netstandard1.0/zh-hant/System.Net.Primitives.xml", - "ref/netstandard1.1/System.Net.Primitives.dll", - "ref/netstandard1.1/System.Net.Primitives.xml", - "ref/netstandard1.1/de/System.Net.Primitives.xml", - "ref/netstandard1.1/es/System.Net.Primitives.xml", - "ref/netstandard1.1/fr/System.Net.Primitives.xml", - "ref/netstandard1.1/it/System.Net.Primitives.xml", - "ref/netstandard1.1/ja/System.Net.Primitives.xml", - "ref/netstandard1.1/ko/System.Net.Primitives.xml", - "ref/netstandard1.1/ru/System.Net.Primitives.xml", - "ref/netstandard1.1/zh-hans/System.Net.Primitives.xml", - "ref/netstandard1.1/zh-hant/System.Net.Primitives.xml", - "ref/netstandard1.3/System.Net.Primitives.dll", - "ref/netstandard1.3/System.Net.Primitives.xml", - "ref/netstandard1.3/de/System.Net.Primitives.xml", - "ref/netstandard1.3/es/System.Net.Primitives.xml", - "ref/netstandard1.3/fr/System.Net.Primitives.xml", - "ref/netstandard1.3/it/System.Net.Primitives.xml", - "ref/netstandard1.3/ja/System.Net.Primitives.xml", - "ref/netstandard1.3/ko/System.Net.Primitives.xml", - "ref/netstandard1.3/ru/System.Net.Primitives.xml", - "ref/netstandard1.3/zh-hans/System.Net.Primitives.xml", - "ref/netstandard1.3/zh-hant/System.Net.Primitives.xml", - "ref/portable-net45+win8+wp8+wpa81/_._", - "ref/win8/_._", - "ref/wp80/_._", - "ref/wpa81/_._", - "ref/xamarinios10/_._", - "ref/xamarinmac20/_._", - "ref/xamarintvos10/_._", - "ref/xamarinwatchos10/_._", - "system.net.primitives.4.3.1.nupkg.sha512", - "system.net.primitives.nuspec" - ] - }, - "System.Reactive/5.0.0": { - "sha512": "erBZjkQHWL9jpasCE/0qKAryzVBJFxGHVBAvgRN1bzM0q2s1S4oYREEEL0Vb+1kA/6BKb5FjUZMp5VXmy+gzkQ==", - "type": "package", - "path": "system.reactive/5.0.0", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "build/net5.0/_._", - "build/netcoreapp3.1/System.Reactive.dll", - "build/netcoreapp3.1/System.Reactive.targets", - "build/netcoreapp3.1/System.Reactive.xml", - "buildTransitive/net5.0/_._", - "buildTransitive/netcoreapp3.1/System.Reactive.targets", - "lib/net472/System.Reactive.dll", - "lib/net472/System.Reactive.xml", - "lib/net5.0-windows10.0.19041/System.Reactive.dll", - "lib/net5.0-windows10.0.19041/System.Reactive.xml", - "lib/net5.0/System.Reactive.dll", - "lib/net5.0/System.Reactive.xml", - "lib/netcoreapp3.1/_._", - "lib/netstandard2.0/System.Reactive.dll", - "lib/netstandard2.0/System.Reactive.xml", - "lib/uap10.0.16299/System.Reactive.dll", - "lib/uap10.0.16299/System.Reactive.pri", - "lib/uap10.0.16299/System.Reactive.xml", - "system.reactive.5.0.0.nupkg.sha512", - "system.reactive.nuspec" - ] - }, - "System.Reactive.Linq/5.0.0": { - "sha512": "IB4/qlV4T1WhZvM11RVoFUSZXPow9VWVeQ1uDkSKgz6bAO+gCf65H/vjrYlwyXmojSSxvfHndF9qdH43P/IuAw==", - "type": "package", - "path": "system.reactive.linq/5.0.0", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "lib/net472/System.Reactive.Linq.dll", - "lib/net472/System.Reactive.Linq.xml", - "lib/netstandard2.0/System.Reactive.Linq.dll", - "lib/netstandard2.0/System.Reactive.Linq.xml", - "lib/uap10.0.16299/System.Reactive.Linq.dll", - "lib/uap10.0.16299/System.Reactive.Linq.pri", - "lib/uap10.0.16299/System.Reactive.Linq.xml", - "system.reactive.linq.5.0.0.nupkg.sha512", - "system.reactive.linq.nuspec" - ] - }, - "System.Reflection/4.3.0": { - "sha512": "KMiAFoW7MfJGa9nDFNcfu+FpEdiHpWgTcS2HdMpDvt9saK3y/G4GwprPyzqjFH9NTaGPQeWNHU+iDlDILj96aQ==", - "type": "package", - "path": "system.reflection/4.3.0", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "lib/MonoAndroid10/_._", - "lib/MonoTouch10/_._", - "lib/net45/_._", - "lib/net462/System.Reflection.dll", - "lib/portable-net45+win8+wp8+wpa81/_._", - "lib/win8/_._", - "lib/wp80/_._", - "lib/wpa81/_._", - "lib/xamarinios10/_._", - "lib/xamarinmac20/_._", - "lib/xamarintvos10/_._", - "lib/xamarinwatchos10/_._", - "ref/MonoAndroid10/_._", - "ref/MonoTouch10/_._", - "ref/net45/_._", - "ref/net462/System.Reflection.dll", - "ref/netcore50/System.Reflection.dll", - "ref/netcore50/System.Reflection.xml", - "ref/netcore50/de/System.Reflection.xml", - "ref/netcore50/es/System.Reflection.xml", - "ref/netcore50/fr/System.Reflection.xml", - "ref/netcore50/it/System.Reflection.xml", - "ref/netcore50/ja/System.Reflection.xml", - "ref/netcore50/ko/System.Reflection.xml", - "ref/netcore50/ru/System.Reflection.xml", - "ref/netcore50/zh-hans/System.Reflection.xml", - "ref/netcore50/zh-hant/System.Reflection.xml", - "ref/netstandard1.0/System.Reflection.dll", - "ref/netstandard1.0/System.Reflection.xml", - "ref/netstandard1.0/de/System.Reflection.xml", - "ref/netstandard1.0/es/System.Reflection.xml", - "ref/netstandard1.0/fr/System.Reflection.xml", - "ref/netstandard1.0/it/System.Reflection.xml", - "ref/netstandard1.0/ja/System.Reflection.xml", - "ref/netstandard1.0/ko/System.Reflection.xml", - "ref/netstandard1.0/ru/System.Reflection.xml", - "ref/netstandard1.0/zh-hans/System.Reflection.xml", - "ref/netstandard1.0/zh-hant/System.Reflection.xml", - "ref/netstandard1.3/System.Reflection.dll", - "ref/netstandard1.3/System.Reflection.xml", - "ref/netstandard1.3/de/System.Reflection.xml", - "ref/netstandard1.3/es/System.Reflection.xml", - "ref/netstandard1.3/fr/System.Reflection.xml", - "ref/netstandard1.3/it/System.Reflection.xml", - "ref/netstandard1.3/ja/System.Reflection.xml", - "ref/netstandard1.3/ko/System.Reflection.xml", - "ref/netstandard1.3/ru/System.Reflection.xml", - "ref/netstandard1.3/zh-hans/System.Reflection.xml", - "ref/netstandard1.3/zh-hant/System.Reflection.xml", - "ref/netstandard1.5/System.Reflection.dll", - "ref/netstandard1.5/System.Reflection.xml", - "ref/netstandard1.5/de/System.Reflection.xml", - "ref/netstandard1.5/es/System.Reflection.xml", - "ref/netstandard1.5/fr/System.Reflection.xml", - "ref/netstandard1.5/it/System.Reflection.xml", - "ref/netstandard1.5/ja/System.Reflection.xml", - "ref/netstandard1.5/ko/System.Reflection.xml", - "ref/netstandard1.5/ru/System.Reflection.xml", - "ref/netstandard1.5/zh-hans/System.Reflection.xml", - "ref/netstandard1.5/zh-hant/System.Reflection.xml", - "ref/portable-net45+win8+wp8+wpa81/_._", - "ref/win8/_._", - "ref/wp80/_._", - "ref/wpa81/_._", - "ref/xamarinios10/_._", - "ref/xamarinmac20/_._", - "ref/xamarintvos10/_._", - "ref/xamarinwatchos10/_._", - "system.reflection.4.3.0.nupkg.sha512", - "system.reflection.nuspec" - ] - }, - "System.Reflection.Primitives/4.3.0": { - "sha512": "5RXItQz5As4xN2/YUDxdpsEkMhvw3e6aNveFXUn4Hl/udNTCNhnKp8lT9fnc3MhvGKh1baak5CovpuQUXHAlIA==", - "type": "package", - "path": "system.reflection.primitives/4.3.0", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "lib/MonoAndroid10/_._", - "lib/MonoTouch10/_._", - "lib/net45/_._", - "lib/portable-net45+win8+wp8+wpa81/_._", - "lib/win8/_._", - "lib/wp80/_._", - "lib/wpa81/_._", - "lib/xamarinios10/_._", - "lib/xamarinmac20/_._", - "lib/xamarintvos10/_._", - "lib/xamarinwatchos10/_._", - "ref/MonoAndroid10/_._", - "ref/MonoTouch10/_._", - "ref/net45/_._", - "ref/netcore50/System.Reflection.Primitives.dll", - "ref/netcore50/System.Reflection.Primitives.xml", - "ref/netcore50/de/System.Reflection.Primitives.xml", - "ref/netcore50/es/System.Reflection.Primitives.xml", - "ref/netcore50/fr/System.Reflection.Primitives.xml", - "ref/netcore50/it/System.Reflection.Primitives.xml", - "ref/netcore50/ja/System.Reflection.Primitives.xml", - "ref/netcore50/ko/System.Reflection.Primitives.xml", - "ref/netcore50/ru/System.Reflection.Primitives.xml", - "ref/netcore50/zh-hans/System.Reflection.Primitives.xml", - "ref/netcore50/zh-hant/System.Reflection.Primitives.xml", - "ref/netstandard1.0/System.Reflection.Primitives.dll", - "ref/netstandard1.0/System.Reflection.Primitives.xml", - "ref/netstandard1.0/de/System.Reflection.Primitives.xml", - "ref/netstandard1.0/es/System.Reflection.Primitives.xml", - "ref/netstandard1.0/fr/System.Reflection.Primitives.xml", - "ref/netstandard1.0/it/System.Reflection.Primitives.xml", - "ref/netstandard1.0/ja/System.Reflection.Primitives.xml", - "ref/netstandard1.0/ko/System.Reflection.Primitives.xml", - "ref/netstandard1.0/ru/System.Reflection.Primitives.xml", - "ref/netstandard1.0/zh-hans/System.Reflection.Primitives.xml", - "ref/netstandard1.0/zh-hant/System.Reflection.Primitives.xml", - "ref/portable-net45+win8+wp8+wpa81/_._", - "ref/win8/_._", - "ref/wp80/_._", - "ref/wpa81/_._", - "ref/xamarinios10/_._", - "ref/xamarinmac20/_._", - "ref/xamarintvos10/_._", - "ref/xamarinwatchos10/_._", - "system.reflection.primitives.4.3.0.nupkg.sha512", - "system.reflection.primitives.nuspec" - ] - }, - "System.Resources.ResourceManager/4.3.0": { - "sha512": "/zrcPkkWdZmI4F92gL/TPumP98AVDu/Wxr3CSJGQQ+XN6wbRZcyfSKVoPo17ilb3iOr0cCRqJInGwNMolqhS8A==", - "type": "package", - "path": "system.resources.resourcemanager/4.3.0", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "lib/MonoAndroid10/_._", - "lib/MonoTouch10/_._", - "lib/net45/_._", - "lib/portable-net45+win8+wp8+wpa81/_._", - "lib/win8/_._", - "lib/wp80/_._", - "lib/wpa81/_._", - "lib/xamarinios10/_._", - "lib/xamarinmac20/_._", - "lib/xamarintvos10/_._", - "lib/xamarinwatchos10/_._", - "ref/MonoAndroid10/_._", - "ref/MonoTouch10/_._", - "ref/net45/_._", - "ref/netcore50/System.Resources.ResourceManager.dll", - "ref/netcore50/System.Resources.ResourceManager.xml", - "ref/netcore50/de/System.Resources.ResourceManager.xml", - "ref/netcore50/es/System.Resources.ResourceManager.xml", - "ref/netcore50/fr/System.Resources.ResourceManager.xml", - "ref/netcore50/it/System.Resources.ResourceManager.xml", - "ref/netcore50/ja/System.Resources.ResourceManager.xml", - "ref/netcore50/ko/System.Resources.ResourceManager.xml", - "ref/netcore50/ru/System.Resources.ResourceManager.xml", - "ref/netcore50/zh-hans/System.Resources.ResourceManager.xml", - "ref/netcore50/zh-hant/System.Resources.ResourceManager.xml", - "ref/netstandard1.0/System.Resources.ResourceManager.dll", - "ref/netstandard1.0/System.Resources.ResourceManager.xml", - "ref/netstandard1.0/de/System.Resources.ResourceManager.xml", - "ref/netstandard1.0/es/System.Resources.ResourceManager.xml", - "ref/netstandard1.0/fr/System.Resources.ResourceManager.xml", - "ref/netstandard1.0/it/System.Resources.ResourceManager.xml", - "ref/netstandard1.0/ja/System.Resources.ResourceManager.xml", - "ref/netstandard1.0/ko/System.Resources.ResourceManager.xml", - "ref/netstandard1.0/ru/System.Resources.ResourceManager.xml", - "ref/netstandard1.0/zh-hans/System.Resources.ResourceManager.xml", - "ref/netstandard1.0/zh-hant/System.Resources.ResourceManager.xml", - "ref/portable-net45+win8+wp8+wpa81/_._", - "ref/win8/_._", - "ref/wp80/_._", - "ref/wpa81/_._", - "ref/xamarinios10/_._", - "ref/xamarinmac20/_._", - "ref/xamarintvos10/_._", - "ref/xamarinwatchos10/_._", - "system.resources.resourcemanager.4.3.0.nupkg.sha512", - "system.resources.resourcemanager.nuspec" - ] - }, - "System.Runtime/4.3.1": { - "sha512": "abhfv1dTK6NXOmu4bgHIONxHyEqFjW8HwXPmpY9gmll+ix9UNo4XDcmzJn6oLooftxNssVHdJC1pGT9jkSynQg==", - "type": "package", - "path": "system.runtime/4.3.1", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "lib/MonoAndroid10/_._", - "lib/MonoTouch10/_._", - "lib/net45/_._", - "lib/net462/System.Runtime.dll", - "lib/portable-net45+win8+wp80+wpa81/_._", - "lib/win8/_._", - "lib/wp80/_._", - "lib/wpa81/_._", - "lib/xamarinios10/_._", - "lib/xamarinmac20/_._", - "lib/xamarintvos10/_._", - "lib/xamarinwatchos10/_._", - "ref/MonoAndroid10/_._", - "ref/MonoTouch10/_._", - "ref/net45/_._", - "ref/net462/System.Runtime.dll", - "ref/netcore50/System.Runtime.dll", - "ref/netcore50/System.Runtime.xml", - "ref/netcore50/de/System.Runtime.xml", - "ref/netcore50/es/System.Runtime.xml", - "ref/netcore50/fr/System.Runtime.xml", - "ref/netcore50/it/System.Runtime.xml", - "ref/netcore50/ja/System.Runtime.xml", - "ref/netcore50/ko/System.Runtime.xml", - "ref/netcore50/ru/System.Runtime.xml", - "ref/netcore50/zh-hans/System.Runtime.xml", - "ref/netcore50/zh-hant/System.Runtime.xml", - "ref/netstandard1.0/System.Runtime.dll", - "ref/netstandard1.0/System.Runtime.xml", - "ref/netstandard1.0/de/System.Runtime.xml", - "ref/netstandard1.0/es/System.Runtime.xml", - "ref/netstandard1.0/fr/System.Runtime.xml", - "ref/netstandard1.0/it/System.Runtime.xml", - "ref/netstandard1.0/ja/System.Runtime.xml", - "ref/netstandard1.0/ko/System.Runtime.xml", - "ref/netstandard1.0/ru/System.Runtime.xml", - "ref/netstandard1.0/zh-hans/System.Runtime.xml", - "ref/netstandard1.0/zh-hant/System.Runtime.xml", - "ref/netstandard1.2/System.Runtime.dll", - "ref/netstandard1.2/System.Runtime.xml", - "ref/netstandard1.2/de/System.Runtime.xml", - "ref/netstandard1.2/es/System.Runtime.xml", - "ref/netstandard1.2/fr/System.Runtime.xml", - "ref/netstandard1.2/it/System.Runtime.xml", - "ref/netstandard1.2/ja/System.Runtime.xml", - "ref/netstandard1.2/ko/System.Runtime.xml", - "ref/netstandard1.2/ru/System.Runtime.xml", - "ref/netstandard1.2/zh-hans/System.Runtime.xml", - "ref/netstandard1.2/zh-hant/System.Runtime.xml", - "ref/netstandard1.3/System.Runtime.dll", - "ref/netstandard1.3/System.Runtime.xml", - "ref/netstandard1.3/de/System.Runtime.xml", - "ref/netstandard1.3/es/System.Runtime.xml", - "ref/netstandard1.3/fr/System.Runtime.xml", - "ref/netstandard1.3/it/System.Runtime.xml", - "ref/netstandard1.3/ja/System.Runtime.xml", - "ref/netstandard1.3/ko/System.Runtime.xml", - "ref/netstandard1.3/ru/System.Runtime.xml", - "ref/netstandard1.3/zh-hans/System.Runtime.xml", - "ref/netstandard1.3/zh-hant/System.Runtime.xml", - "ref/netstandard1.5/System.Runtime.dll", - "ref/netstandard1.5/System.Runtime.xml", - "ref/netstandard1.5/de/System.Runtime.xml", - "ref/netstandard1.5/es/System.Runtime.xml", - "ref/netstandard1.5/fr/System.Runtime.xml", - "ref/netstandard1.5/it/System.Runtime.xml", - "ref/netstandard1.5/ja/System.Runtime.xml", - "ref/netstandard1.5/ko/System.Runtime.xml", - "ref/netstandard1.5/ru/System.Runtime.xml", - "ref/netstandard1.5/zh-hans/System.Runtime.xml", - "ref/netstandard1.5/zh-hant/System.Runtime.xml", - "ref/portable-net45+win8+wp80+wpa81/_._", - "ref/win8/_._", - "ref/wp80/_._", - "ref/wpa81/_._", - "ref/xamarinios10/_._", - "ref/xamarinmac20/_._", - "ref/xamarintvos10/_._", - "ref/xamarinwatchos10/_._", - "system.runtime.4.3.1.nupkg.sha512", - "system.runtime.nuspec" - ] - }, - "System.Runtime.Extensions/4.3.0": { - "sha512": "guW0uK0fn5fcJJ1tJVXYd7/1h5F+pea1r7FLSOz/f8vPEqbR2ZAknuRDvTQ8PzAilDveOxNjSfr0CHfIQfFk8g==", - "type": "package", - "path": "system.runtime.extensions/4.3.0", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "lib/MonoAndroid10/_._", - "lib/MonoTouch10/_._", - "lib/net45/_._", - "lib/net462/System.Runtime.Extensions.dll", - "lib/portable-net45+win8+wp8+wpa81/_._", - "lib/win8/_._", - "lib/wp80/_._", - "lib/wpa81/_._", - "lib/xamarinios10/_._", - "lib/xamarinmac20/_._", - "lib/xamarintvos10/_._", - "lib/xamarinwatchos10/_._", - "ref/MonoAndroid10/_._", - "ref/MonoTouch10/_._", - "ref/net45/_._", - "ref/net462/System.Runtime.Extensions.dll", - "ref/netcore50/System.Runtime.Extensions.dll", - "ref/netcore50/System.Runtime.Extensions.xml", - "ref/netcore50/de/System.Runtime.Extensions.xml", - "ref/netcore50/es/System.Runtime.Extensions.xml", - "ref/netcore50/fr/System.Runtime.Extensions.xml", - "ref/netcore50/it/System.Runtime.Extensions.xml", - "ref/netcore50/ja/System.Runtime.Extensions.xml", - "ref/netcore50/ko/System.Runtime.Extensions.xml", - "ref/netcore50/ru/System.Runtime.Extensions.xml", - "ref/netcore50/zh-hans/System.Runtime.Extensions.xml", - "ref/netcore50/zh-hant/System.Runtime.Extensions.xml", - "ref/netstandard1.0/System.Runtime.Extensions.dll", - "ref/netstandard1.0/System.Runtime.Extensions.xml", - "ref/netstandard1.0/de/System.Runtime.Extensions.xml", - "ref/netstandard1.0/es/System.Runtime.Extensions.xml", - "ref/netstandard1.0/fr/System.Runtime.Extensions.xml", - "ref/netstandard1.0/it/System.Runtime.Extensions.xml", - "ref/netstandard1.0/ja/System.Runtime.Extensions.xml", - "ref/netstandard1.0/ko/System.Runtime.Extensions.xml", - "ref/netstandard1.0/ru/System.Runtime.Extensions.xml", - "ref/netstandard1.0/zh-hans/System.Runtime.Extensions.xml", - "ref/netstandard1.0/zh-hant/System.Runtime.Extensions.xml", - "ref/netstandard1.3/System.Runtime.Extensions.dll", - "ref/netstandard1.3/System.Runtime.Extensions.xml", - "ref/netstandard1.3/de/System.Runtime.Extensions.xml", - "ref/netstandard1.3/es/System.Runtime.Extensions.xml", - "ref/netstandard1.3/fr/System.Runtime.Extensions.xml", - "ref/netstandard1.3/it/System.Runtime.Extensions.xml", - "ref/netstandard1.3/ja/System.Runtime.Extensions.xml", - "ref/netstandard1.3/ko/System.Runtime.Extensions.xml", - "ref/netstandard1.3/ru/System.Runtime.Extensions.xml", - "ref/netstandard1.3/zh-hans/System.Runtime.Extensions.xml", - "ref/netstandard1.3/zh-hant/System.Runtime.Extensions.xml", - "ref/netstandard1.5/System.Runtime.Extensions.dll", - "ref/netstandard1.5/System.Runtime.Extensions.xml", - "ref/netstandard1.5/de/System.Runtime.Extensions.xml", - "ref/netstandard1.5/es/System.Runtime.Extensions.xml", - "ref/netstandard1.5/fr/System.Runtime.Extensions.xml", - "ref/netstandard1.5/it/System.Runtime.Extensions.xml", - "ref/netstandard1.5/ja/System.Runtime.Extensions.xml", - "ref/netstandard1.5/ko/System.Runtime.Extensions.xml", - "ref/netstandard1.5/ru/System.Runtime.Extensions.xml", - "ref/netstandard1.5/zh-hans/System.Runtime.Extensions.xml", - "ref/netstandard1.5/zh-hant/System.Runtime.Extensions.xml", - "ref/portable-net45+win8+wp8+wpa81/_._", - "ref/win8/_._", - "ref/wp80/_._", - "ref/wpa81/_._", - "ref/xamarinios10/_._", - "ref/xamarinmac20/_._", - "ref/xamarintvos10/_._", - "ref/xamarinwatchos10/_._", - "system.runtime.extensions.4.3.0.nupkg.sha512", - "system.runtime.extensions.nuspec" - ] - }, - "System.Runtime.Handles/4.3.0": { - "sha512": "OKiSUN7DmTWeYb3l51A7EYaeNMnvxwE249YtZz7yooT4gOZhmTjIn48KgSsw2k2lYdLgTKNJw/ZIfSElwDRVgg==", - "type": "package", - "path": "system.runtime.handles/4.3.0", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "lib/MonoAndroid10/_._", - "lib/MonoTouch10/_._", - "lib/net46/_._", - "lib/xamarinios10/_._", - "lib/xamarinmac20/_._", - "lib/xamarintvos10/_._", - "lib/xamarinwatchos10/_._", - "ref/MonoAndroid10/_._", - "ref/MonoTouch10/_._", - "ref/net46/_._", - "ref/netstandard1.3/System.Runtime.Handles.dll", - "ref/netstandard1.3/System.Runtime.Handles.xml", - "ref/netstandard1.3/de/System.Runtime.Handles.xml", - "ref/netstandard1.3/es/System.Runtime.Handles.xml", - "ref/netstandard1.3/fr/System.Runtime.Handles.xml", - "ref/netstandard1.3/it/System.Runtime.Handles.xml", - "ref/netstandard1.3/ja/System.Runtime.Handles.xml", - "ref/netstandard1.3/ko/System.Runtime.Handles.xml", - "ref/netstandard1.3/ru/System.Runtime.Handles.xml", - "ref/netstandard1.3/zh-hans/System.Runtime.Handles.xml", - "ref/netstandard1.3/zh-hant/System.Runtime.Handles.xml", - "ref/xamarinios10/_._", - "ref/xamarinmac20/_._", - "ref/xamarintvos10/_._", - "ref/xamarinwatchos10/_._", - "system.runtime.handles.4.3.0.nupkg.sha512", - "system.runtime.handles.nuspec" - ] - }, - "System.Runtime.InteropServices/4.3.0": { - "sha512": "uv1ynXqiMK8mp1GM3jDqPCFN66eJ5w5XNomaK2XD+TuCroNTLFGeZ+WCmBMcBDyTFKou3P6cR6J/QsaqDp7fGQ==", - "type": "package", - "path": "system.runtime.interopservices/4.3.0", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "lib/MonoAndroid10/_._", - "lib/MonoTouch10/_._", - "lib/net45/_._", - "lib/net462/System.Runtime.InteropServices.dll", - "lib/net463/System.Runtime.InteropServices.dll", - "lib/portable-net45+win8+wpa81/_._", - "lib/win8/_._", - "lib/wpa81/_._", - "lib/xamarinios10/_._", - "lib/xamarinmac20/_._", - "lib/xamarintvos10/_._", - "lib/xamarinwatchos10/_._", - "ref/MonoAndroid10/_._", - "ref/MonoTouch10/_._", - "ref/net45/_._", - "ref/net462/System.Runtime.InteropServices.dll", - "ref/net463/System.Runtime.InteropServices.dll", - "ref/netcore50/System.Runtime.InteropServices.dll", - "ref/netcore50/System.Runtime.InteropServices.xml", - "ref/netcore50/de/System.Runtime.InteropServices.xml", - "ref/netcore50/es/System.Runtime.InteropServices.xml", - "ref/netcore50/fr/System.Runtime.InteropServices.xml", - "ref/netcore50/it/System.Runtime.InteropServices.xml", - "ref/netcore50/ja/System.Runtime.InteropServices.xml", - "ref/netcore50/ko/System.Runtime.InteropServices.xml", - "ref/netcore50/ru/System.Runtime.InteropServices.xml", - "ref/netcore50/zh-hans/System.Runtime.InteropServices.xml", - "ref/netcore50/zh-hant/System.Runtime.InteropServices.xml", - "ref/netcoreapp1.1/System.Runtime.InteropServices.dll", - "ref/netstandard1.1/System.Runtime.InteropServices.dll", - "ref/netstandard1.1/System.Runtime.InteropServices.xml", - "ref/netstandard1.1/de/System.Runtime.InteropServices.xml", - "ref/netstandard1.1/es/System.Runtime.InteropServices.xml", - "ref/netstandard1.1/fr/System.Runtime.InteropServices.xml", - "ref/netstandard1.1/it/System.Runtime.InteropServices.xml", - "ref/netstandard1.1/ja/System.Runtime.InteropServices.xml", - "ref/netstandard1.1/ko/System.Runtime.InteropServices.xml", - "ref/netstandard1.1/ru/System.Runtime.InteropServices.xml", - "ref/netstandard1.1/zh-hans/System.Runtime.InteropServices.xml", - "ref/netstandard1.1/zh-hant/System.Runtime.InteropServices.xml", - "ref/netstandard1.2/System.Runtime.InteropServices.dll", - "ref/netstandard1.2/System.Runtime.InteropServices.xml", - "ref/netstandard1.2/de/System.Runtime.InteropServices.xml", - "ref/netstandard1.2/es/System.Runtime.InteropServices.xml", - "ref/netstandard1.2/fr/System.Runtime.InteropServices.xml", - "ref/netstandard1.2/it/System.Runtime.InteropServices.xml", - "ref/netstandard1.2/ja/System.Runtime.InteropServices.xml", - "ref/netstandard1.2/ko/System.Runtime.InteropServices.xml", - "ref/netstandard1.2/ru/System.Runtime.InteropServices.xml", - "ref/netstandard1.2/zh-hans/System.Runtime.InteropServices.xml", - "ref/netstandard1.2/zh-hant/System.Runtime.InteropServices.xml", - "ref/netstandard1.3/System.Runtime.InteropServices.dll", - "ref/netstandard1.3/System.Runtime.InteropServices.xml", - "ref/netstandard1.3/de/System.Runtime.InteropServices.xml", - "ref/netstandard1.3/es/System.Runtime.InteropServices.xml", - "ref/netstandard1.3/fr/System.Runtime.InteropServices.xml", - "ref/netstandard1.3/it/System.Runtime.InteropServices.xml", - "ref/netstandard1.3/ja/System.Runtime.InteropServices.xml", - "ref/netstandard1.3/ko/System.Runtime.InteropServices.xml", - "ref/netstandard1.3/ru/System.Runtime.InteropServices.xml", - "ref/netstandard1.3/zh-hans/System.Runtime.InteropServices.xml", - "ref/netstandard1.3/zh-hant/System.Runtime.InteropServices.xml", - "ref/netstandard1.5/System.Runtime.InteropServices.dll", - "ref/netstandard1.5/System.Runtime.InteropServices.xml", - "ref/netstandard1.5/de/System.Runtime.InteropServices.xml", - "ref/netstandard1.5/es/System.Runtime.InteropServices.xml", - "ref/netstandard1.5/fr/System.Runtime.InteropServices.xml", - "ref/netstandard1.5/it/System.Runtime.InteropServices.xml", - "ref/netstandard1.5/ja/System.Runtime.InteropServices.xml", - "ref/netstandard1.5/ko/System.Runtime.InteropServices.xml", - "ref/netstandard1.5/ru/System.Runtime.InteropServices.xml", - "ref/netstandard1.5/zh-hans/System.Runtime.InteropServices.xml", - "ref/netstandard1.5/zh-hant/System.Runtime.InteropServices.xml", - "ref/portable-net45+win8+wpa81/_._", - "ref/win8/_._", - "ref/wpa81/_._", - "ref/xamarinios10/_._", - "ref/xamarinmac20/_._", - "ref/xamarintvos10/_._", - "ref/xamarinwatchos10/_._", - "system.runtime.interopservices.4.3.0.nupkg.sha512", - "system.runtime.interopservices.nuspec" - ] - }, - "System.Runtime.Numerics/4.3.0": { - "sha512": "yMH+MfdzHjy17l2KESnPiF2dwq7T+xLnSJar7slyimAkUh/gTrS9/UQOtv7xarskJ2/XDSNvfLGOBQPjL7PaHQ==", - "type": "package", - "path": "system.runtime.numerics/4.3.0", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "lib/MonoAndroid10/_._", - "lib/MonoTouch10/_._", - "lib/net45/_._", - "lib/netcore50/System.Runtime.Numerics.dll", - "lib/netstandard1.3/System.Runtime.Numerics.dll", - "lib/portable-net45+win8+wpa81/_._", - "lib/win8/_._", - "lib/wpa81/_._", - "lib/xamarinios10/_._", - "lib/xamarinmac20/_._", - "lib/xamarintvos10/_._", - "lib/xamarinwatchos10/_._", - "ref/MonoAndroid10/_._", - "ref/MonoTouch10/_._", - "ref/net45/_._", - "ref/netcore50/System.Runtime.Numerics.dll", - "ref/netcore50/System.Runtime.Numerics.xml", - "ref/netcore50/de/System.Runtime.Numerics.xml", - "ref/netcore50/es/System.Runtime.Numerics.xml", - "ref/netcore50/fr/System.Runtime.Numerics.xml", - "ref/netcore50/it/System.Runtime.Numerics.xml", - "ref/netcore50/ja/System.Runtime.Numerics.xml", - "ref/netcore50/ko/System.Runtime.Numerics.xml", - "ref/netcore50/ru/System.Runtime.Numerics.xml", - "ref/netcore50/zh-hans/System.Runtime.Numerics.xml", - "ref/netcore50/zh-hant/System.Runtime.Numerics.xml", - "ref/netstandard1.1/System.Runtime.Numerics.dll", - "ref/netstandard1.1/System.Runtime.Numerics.xml", - "ref/netstandard1.1/de/System.Runtime.Numerics.xml", - "ref/netstandard1.1/es/System.Runtime.Numerics.xml", - "ref/netstandard1.1/fr/System.Runtime.Numerics.xml", - "ref/netstandard1.1/it/System.Runtime.Numerics.xml", - "ref/netstandard1.1/ja/System.Runtime.Numerics.xml", - "ref/netstandard1.1/ko/System.Runtime.Numerics.xml", - "ref/netstandard1.1/ru/System.Runtime.Numerics.xml", - "ref/netstandard1.1/zh-hans/System.Runtime.Numerics.xml", - "ref/netstandard1.1/zh-hant/System.Runtime.Numerics.xml", - "ref/portable-net45+win8+wpa81/_._", - "ref/win8/_._", - "ref/wpa81/_._", - "ref/xamarinios10/_._", - "ref/xamarinmac20/_._", - "ref/xamarintvos10/_._", - "ref/xamarinwatchos10/_._", - "system.runtime.numerics.4.3.0.nupkg.sha512", - "system.runtime.numerics.nuspec" - ] - }, - "System.Security.Cryptography.Algorithms/4.3.0": { - "sha512": "W1kd2Y8mYSCgc3ULTAZ0hOP2dSdG5YauTb1089T0/kRcN2MpSAW1izOFROrJgxSlMn3ArsgHXagigyi+ibhevg==", - "type": "package", - "path": "system.security.cryptography.algorithms/4.3.0", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "lib/MonoAndroid10/_._", - "lib/MonoTouch10/_._", - "lib/net46/System.Security.Cryptography.Algorithms.dll", - "lib/net461/System.Security.Cryptography.Algorithms.dll", - "lib/net463/System.Security.Cryptography.Algorithms.dll", - "lib/xamarinios10/_._", - "lib/xamarinmac20/_._", - "lib/xamarintvos10/_._", - "lib/xamarinwatchos10/_._", - "ref/MonoAndroid10/_._", - "ref/MonoTouch10/_._", - "ref/net46/System.Security.Cryptography.Algorithms.dll", - "ref/net461/System.Security.Cryptography.Algorithms.dll", - "ref/net463/System.Security.Cryptography.Algorithms.dll", - "ref/netstandard1.3/System.Security.Cryptography.Algorithms.dll", - "ref/netstandard1.4/System.Security.Cryptography.Algorithms.dll", - "ref/netstandard1.6/System.Security.Cryptography.Algorithms.dll", - "ref/xamarinios10/_._", - "ref/xamarinmac20/_._", - "ref/xamarintvos10/_._", - "ref/xamarinwatchos10/_._", - "runtimes/osx/lib/netstandard1.6/System.Security.Cryptography.Algorithms.dll", - "runtimes/unix/lib/netstandard1.6/System.Security.Cryptography.Algorithms.dll", - "runtimes/win/lib/net46/System.Security.Cryptography.Algorithms.dll", - "runtimes/win/lib/net461/System.Security.Cryptography.Algorithms.dll", - "runtimes/win/lib/net463/System.Security.Cryptography.Algorithms.dll", - "runtimes/win/lib/netcore50/System.Security.Cryptography.Algorithms.dll", - "runtimes/win/lib/netstandard1.6/System.Security.Cryptography.Algorithms.dll", - "system.security.cryptography.algorithms.4.3.0.nupkg.sha512", - "system.security.cryptography.algorithms.nuspec" - ] - }, - "System.Security.Cryptography.Cng/4.3.0": { - "sha512": "03idZOqFlsKRL4W+LuCpJ6dBYDUWReug6lZjBa3uJWnk5sPCUXckocevTaUA8iT/MFSrY/2HXkOt753xQ/cf8g==", - "type": "package", - "path": "system.security.cryptography.cng/4.3.0", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "lib/net46/System.Security.Cryptography.Cng.dll", - "lib/net461/System.Security.Cryptography.Cng.dll", - "lib/net463/System.Security.Cryptography.Cng.dll", - "ref/net46/System.Security.Cryptography.Cng.dll", - "ref/net461/System.Security.Cryptography.Cng.dll", - "ref/net463/System.Security.Cryptography.Cng.dll", - "ref/netstandard1.3/System.Security.Cryptography.Cng.dll", - "ref/netstandard1.4/System.Security.Cryptography.Cng.dll", - "ref/netstandard1.6/System.Security.Cryptography.Cng.dll", - "runtimes/unix/lib/netstandard1.6/System.Security.Cryptography.Cng.dll", - "runtimes/win/lib/net46/System.Security.Cryptography.Cng.dll", - "runtimes/win/lib/net461/System.Security.Cryptography.Cng.dll", - "runtimes/win/lib/net463/System.Security.Cryptography.Cng.dll", - "runtimes/win/lib/netstandard1.4/System.Security.Cryptography.Cng.dll", - "runtimes/win/lib/netstandard1.6/System.Security.Cryptography.Cng.dll", - "system.security.cryptography.cng.4.3.0.nupkg.sha512", - "system.security.cryptography.cng.nuspec" - ] - }, - "System.Security.Cryptography.Csp/4.3.0": { - "sha512": "X4s/FCkEUnRGnwR3aSfVIkldBmtURMhmexALNTwpjklzxWU7yjMk7GHLKOZTNkgnWnE0q7+BCf9N2LVRWxewaA==", - "type": "package", - "path": "system.security.cryptography.csp/4.3.0", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "lib/MonoAndroid10/_._", - "lib/MonoTouch10/_._", - "lib/net46/System.Security.Cryptography.Csp.dll", - "lib/xamarinios10/_._", - "lib/xamarinmac20/_._", - "lib/xamarintvos10/_._", - "lib/xamarinwatchos10/_._", - "ref/MonoAndroid10/_._", - "ref/MonoTouch10/_._", - "ref/net46/System.Security.Cryptography.Csp.dll", - "ref/netstandard1.3/System.Security.Cryptography.Csp.dll", - "ref/xamarinios10/_._", - "ref/xamarinmac20/_._", - "ref/xamarintvos10/_._", - "ref/xamarinwatchos10/_._", - "runtimes/unix/lib/netstandard1.3/System.Security.Cryptography.Csp.dll", - "runtimes/win/lib/net46/System.Security.Cryptography.Csp.dll", - "runtimes/win/lib/netcore50/_._", - "runtimes/win/lib/netstandard1.3/System.Security.Cryptography.Csp.dll", - "system.security.cryptography.csp.4.3.0.nupkg.sha512", - "system.security.cryptography.csp.nuspec" - ] - }, - "System.Security.Cryptography.Encoding/4.3.0": { - "sha512": "1DEWjZZly9ae9C79vFwqaO5kaOlI5q+3/55ohmq/7dpDyDfc8lYe7YVxJUZ5MF/NtbkRjwFRo14yM4OEo9EmDw==", - "type": "package", - "path": "system.security.cryptography.encoding/4.3.0", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "lib/MonoAndroid10/_._", - "lib/MonoTouch10/_._", - "lib/net46/System.Security.Cryptography.Encoding.dll", - "lib/xamarinios10/_._", - "lib/xamarinmac20/_._", - "lib/xamarintvos10/_._", - "lib/xamarinwatchos10/_._", - "ref/MonoAndroid10/_._", - "ref/MonoTouch10/_._", - "ref/net46/System.Security.Cryptography.Encoding.dll", - "ref/netstandard1.3/System.Security.Cryptography.Encoding.dll", - "ref/netstandard1.3/System.Security.Cryptography.Encoding.xml", - "ref/netstandard1.3/de/System.Security.Cryptography.Encoding.xml", - "ref/netstandard1.3/es/System.Security.Cryptography.Encoding.xml", - "ref/netstandard1.3/fr/System.Security.Cryptography.Encoding.xml", - "ref/netstandard1.3/it/System.Security.Cryptography.Encoding.xml", - "ref/netstandard1.3/ja/System.Security.Cryptography.Encoding.xml", - "ref/netstandard1.3/ko/System.Security.Cryptography.Encoding.xml", - "ref/netstandard1.3/ru/System.Security.Cryptography.Encoding.xml", - "ref/netstandard1.3/zh-hans/System.Security.Cryptography.Encoding.xml", - "ref/netstandard1.3/zh-hant/System.Security.Cryptography.Encoding.xml", - "ref/xamarinios10/_._", - "ref/xamarinmac20/_._", - "ref/xamarintvos10/_._", - "ref/xamarinwatchos10/_._", - "runtimes/unix/lib/netstandard1.3/System.Security.Cryptography.Encoding.dll", - "runtimes/win/lib/net46/System.Security.Cryptography.Encoding.dll", - "runtimes/win/lib/netstandard1.3/System.Security.Cryptography.Encoding.dll", - "system.security.cryptography.encoding.4.3.0.nupkg.sha512", - "system.security.cryptography.encoding.nuspec" - ] - }, - "System.Security.Cryptography.OpenSsl/4.3.0": { - "sha512": "h4CEgOgv5PKVF/HwaHzJRiVboL2THYCou97zpmhjghx5frc7fIvlkY1jL+lnIQyChrJDMNEXS6r7byGif8Cy4w==", - "type": "package", - "path": "system.security.cryptography.openssl/4.3.0", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "lib/netstandard1.6/System.Security.Cryptography.OpenSsl.dll", - "ref/netstandard1.6/System.Security.Cryptography.OpenSsl.dll", - "runtimes/unix/lib/netstandard1.6/System.Security.Cryptography.OpenSsl.dll", - "system.security.cryptography.openssl.4.3.0.nupkg.sha512", - "system.security.cryptography.openssl.nuspec" - ] - }, - "System.Security.Cryptography.Primitives/4.3.0": { - "sha512": "7bDIyVFNL/xKeFHjhobUAQqSpJq9YTOpbEs6mR233Et01STBMXNAc/V+BM6dwYGc95gVh/Zf+iVXWzj3mE8DWg==", - "type": "package", - "path": "system.security.cryptography.primitives/4.3.0", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "lib/MonoAndroid10/_._", - "lib/MonoTouch10/_._", - "lib/net46/System.Security.Cryptography.Primitives.dll", - "lib/netstandard1.3/System.Security.Cryptography.Primitives.dll", - "lib/xamarinios10/_._", - "lib/xamarinmac20/_._", - "lib/xamarintvos10/_._", - "lib/xamarinwatchos10/_._", - "ref/MonoAndroid10/_._", - "ref/MonoTouch10/_._", - "ref/net46/System.Security.Cryptography.Primitives.dll", - "ref/netstandard1.3/System.Security.Cryptography.Primitives.dll", - "ref/xamarinios10/_._", - "ref/xamarinmac20/_._", - "ref/xamarintvos10/_._", - "ref/xamarinwatchos10/_._", - "system.security.cryptography.primitives.4.3.0.nupkg.sha512", - "system.security.cryptography.primitives.nuspec" - ] - }, - "System.Security.Cryptography.X509Certificates/4.3.0": { - "sha512": "t2Tmu6Y2NtJ2um0RtcuhP7ZdNNxXEgUm2JeoA/0NvlMjAhKCnM1NX07TDl3244mVp3QU6LPEhT3HTtH1uF7IYw==", - "type": "package", - "path": "system.security.cryptography.x509certificates/4.3.0", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "lib/MonoAndroid10/_._", - "lib/MonoTouch10/_._", - "lib/net46/System.Security.Cryptography.X509Certificates.dll", - "lib/net461/System.Security.Cryptography.X509Certificates.dll", - "lib/xamarinios10/_._", - "lib/xamarinmac20/_._", - "lib/xamarintvos10/_._", - "lib/xamarinwatchos10/_._", - "ref/MonoAndroid10/_._", - "ref/MonoTouch10/_._", - "ref/net46/System.Security.Cryptography.X509Certificates.dll", - "ref/net461/System.Security.Cryptography.X509Certificates.dll", - "ref/netstandard1.3/System.Security.Cryptography.X509Certificates.dll", - "ref/netstandard1.3/System.Security.Cryptography.X509Certificates.xml", - "ref/netstandard1.3/de/System.Security.Cryptography.X509Certificates.xml", - "ref/netstandard1.3/es/System.Security.Cryptography.X509Certificates.xml", - "ref/netstandard1.3/fr/System.Security.Cryptography.X509Certificates.xml", - "ref/netstandard1.3/it/System.Security.Cryptography.X509Certificates.xml", - "ref/netstandard1.3/ja/System.Security.Cryptography.X509Certificates.xml", - "ref/netstandard1.3/ko/System.Security.Cryptography.X509Certificates.xml", - "ref/netstandard1.3/ru/System.Security.Cryptography.X509Certificates.xml", - "ref/netstandard1.3/zh-hans/System.Security.Cryptography.X509Certificates.xml", - "ref/netstandard1.3/zh-hant/System.Security.Cryptography.X509Certificates.xml", - "ref/netstandard1.4/System.Security.Cryptography.X509Certificates.dll", - "ref/netstandard1.4/System.Security.Cryptography.X509Certificates.xml", - "ref/netstandard1.4/de/System.Security.Cryptography.X509Certificates.xml", - "ref/netstandard1.4/es/System.Security.Cryptography.X509Certificates.xml", - "ref/netstandard1.4/fr/System.Security.Cryptography.X509Certificates.xml", - "ref/netstandard1.4/it/System.Security.Cryptography.X509Certificates.xml", - "ref/netstandard1.4/ja/System.Security.Cryptography.X509Certificates.xml", - "ref/netstandard1.4/ko/System.Security.Cryptography.X509Certificates.xml", - "ref/netstandard1.4/ru/System.Security.Cryptography.X509Certificates.xml", - "ref/netstandard1.4/zh-hans/System.Security.Cryptography.X509Certificates.xml", - "ref/netstandard1.4/zh-hant/System.Security.Cryptography.X509Certificates.xml", - "ref/xamarinios10/_._", - "ref/xamarinmac20/_._", - "ref/xamarintvos10/_._", - "ref/xamarinwatchos10/_._", - "runtimes/unix/lib/netstandard1.6/System.Security.Cryptography.X509Certificates.dll", - "runtimes/win/lib/net46/System.Security.Cryptography.X509Certificates.dll", - "runtimes/win/lib/net461/System.Security.Cryptography.X509Certificates.dll", - "runtimes/win/lib/netcore50/System.Security.Cryptography.X509Certificates.dll", - "runtimes/win/lib/netstandard1.6/System.Security.Cryptography.X509Certificates.dll", - "system.security.cryptography.x509certificates.4.3.0.nupkg.sha512", - "system.security.cryptography.x509certificates.nuspec" - ] - }, - "System.Text.Encoding/4.3.0": { - "sha512": "BiIg+KWaSDOITze6jGQynxg64naAPtqGHBwDrLaCtixsa5bKiR8dpPOHA7ge3C0JJQizJE+sfkz1wV+BAKAYZw==", - "type": "package", - "path": "system.text.encoding/4.3.0", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "lib/MonoAndroid10/_._", - "lib/MonoTouch10/_._", - "lib/net45/_._", - "lib/portable-net45+win8+wp8+wpa81/_._", - "lib/win8/_._", - "lib/wp80/_._", - "lib/wpa81/_._", - "lib/xamarinios10/_._", - "lib/xamarinmac20/_._", - "lib/xamarintvos10/_._", - "lib/xamarinwatchos10/_._", - "ref/MonoAndroid10/_._", - "ref/MonoTouch10/_._", - "ref/net45/_._", - "ref/netcore50/System.Text.Encoding.dll", - "ref/netcore50/System.Text.Encoding.xml", - "ref/netcore50/de/System.Text.Encoding.xml", - "ref/netcore50/es/System.Text.Encoding.xml", - "ref/netcore50/fr/System.Text.Encoding.xml", - "ref/netcore50/it/System.Text.Encoding.xml", - "ref/netcore50/ja/System.Text.Encoding.xml", - "ref/netcore50/ko/System.Text.Encoding.xml", - "ref/netcore50/ru/System.Text.Encoding.xml", - "ref/netcore50/zh-hans/System.Text.Encoding.xml", - "ref/netcore50/zh-hant/System.Text.Encoding.xml", - "ref/netstandard1.0/System.Text.Encoding.dll", - "ref/netstandard1.0/System.Text.Encoding.xml", - "ref/netstandard1.0/de/System.Text.Encoding.xml", - "ref/netstandard1.0/es/System.Text.Encoding.xml", - "ref/netstandard1.0/fr/System.Text.Encoding.xml", - "ref/netstandard1.0/it/System.Text.Encoding.xml", - "ref/netstandard1.0/ja/System.Text.Encoding.xml", - "ref/netstandard1.0/ko/System.Text.Encoding.xml", - "ref/netstandard1.0/ru/System.Text.Encoding.xml", - "ref/netstandard1.0/zh-hans/System.Text.Encoding.xml", - "ref/netstandard1.0/zh-hant/System.Text.Encoding.xml", - "ref/netstandard1.3/System.Text.Encoding.dll", - "ref/netstandard1.3/System.Text.Encoding.xml", - "ref/netstandard1.3/de/System.Text.Encoding.xml", - "ref/netstandard1.3/es/System.Text.Encoding.xml", - "ref/netstandard1.3/fr/System.Text.Encoding.xml", - "ref/netstandard1.3/it/System.Text.Encoding.xml", - "ref/netstandard1.3/ja/System.Text.Encoding.xml", - "ref/netstandard1.3/ko/System.Text.Encoding.xml", - "ref/netstandard1.3/ru/System.Text.Encoding.xml", - "ref/netstandard1.3/zh-hans/System.Text.Encoding.xml", - "ref/netstandard1.3/zh-hant/System.Text.Encoding.xml", - "ref/portable-net45+win8+wp8+wpa81/_._", - "ref/win8/_._", - "ref/wp80/_._", - "ref/wpa81/_._", - "ref/xamarinios10/_._", - "ref/xamarinmac20/_._", - "ref/xamarintvos10/_._", - "ref/xamarinwatchos10/_._", - "system.text.encoding.4.3.0.nupkg.sha512", - "system.text.encoding.nuspec" - ] - }, - "System.Threading/4.3.0": { - "sha512": "VkUS0kOBcUf3Wwm0TSbrevDDZ6BlM+b/HRiapRFWjM5O0NS0LviG0glKmFK+hhPDd1XFeSdU1GmlLhb2CoVpIw==", - "type": "package", - "path": "system.threading/4.3.0", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "lib/MonoAndroid10/_._", - "lib/MonoTouch10/_._", - "lib/net45/_._", - "lib/netcore50/System.Threading.dll", - "lib/netstandard1.3/System.Threading.dll", - "lib/portable-net45+win8+wp8+wpa81/_._", - "lib/win8/_._", - "lib/wp80/_._", - "lib/wpa81/_._", - "lib/xamarinios10/_._", - "lib/xamarinmac20/_._", - "lib/xamarintvos10/_._", - "lib/xamarinwatchos10/_._", - "ref/MonoAndroid10/_._", - "ref/MonoTouch10/_._", - "ref/net45/_._", - "ref/netcore50/System.Threading.dll", - "ref/netcore50/System.Threading.xml", - "ref/netcore50/de/System.Threading.xml", - "ref/netcore50/es/System.Threading.xml", - "ref/netcore50/fr/System.Threading.xml", - "ref/netcore50/it/System.Threading.xml", - "ref/netcore50/ja/System.Threading.xml", - "ref/netcore50/ko/System.Threading.xml", - "ref/netcore50/ru/System.Threading.xml", - "ref/netcore50/zh-hans/System.Threading.xml", - "ref/netcore50/zh-hant/System.Threading.xml", - "ref/netstandard1.0/System.Threading.dll", - "ref/netstandard1.0/System.Threading.xml", - "ref/netstandard1.0/de/System.Threading.xml", - "ref/netstandard1.0/es/System.Threading.xml", - "ref/netstandard1.0/fr/System.Threading.xml", - "ref/netstandard1.0/it/System.Threading.xml", - "ref/netstandard1.0/ja/System.Threading.xml", - "ref/netstandard1.0/ko/System.Threading.xml", - "ref/netstandard1.0/ru/System.Threading.xml", - "ref/netstandard1.0/zh-hans/System.Threading.xml", - "ref/netstandard1.0/zh-hant/System.Threading.xml", - "ref/netstandard1.3/System.Threading.dll", - "ref/netstandard1.3/System.Threading.xml", - "ref/netstandard1.3/de/System.Threading.xml", - "ref/netstandard1.3/es/System.Threading.xml", - "ref/netstandard1.3/fr/System.Threading.xml", - "ref/netstandard1.3/it/System.Threading.xml", - "ref/netstandard1.3/ja/System.Threading.xml", - "ref/netstandard1.3/ko/System.Threading.xml", - "ref/netstandard1.3/ru/System.Threading.xml", - "ref/netstandard1.3/zh-hans/System.Threading.xml", - "ref/netstandard1.3/zh-hant/System.Threading.xml", - "ref/portable-net45+win8+wp8+wpa81/_._", - "ref/win8/_._", - "ref/wp80/_._", - "ref/wpa81/_._", - "ref/xamarinios10/_._", - "ref/xamarinmac20/_._", - "ref/xamarintvos10/_._", - "ref/xamarinwatchos10/_._", - "runtimes/aot/lib/netcore50/System.Threading.dll", - "system.threading.4.3.0.nupkg.sha512", - "system.threading.nuspec" - ] - }, - "System.Threading.Tasks/4.3.0": { - "sha512": "LbSxKEdOUhVe8BezB/9uOGGppt+nZf6e1VFyw6v3DN6lqitm0OSn2uXMOdtP0M3W4iMcqcivm2J6UgqiwwnXiA==", - "type": "package", - "path": "system.threading.tasks/4.3.0", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "ThirdPartyNotices.txt", - "dotnet_library_license.txt", - "lib/MonoAndroid10/_._", - "lib/MonoTouch10/_._", - "lib/net45/_._", - "lib/portable-net45+win8+wp8+wpa81/_._", - "lib/win8/_._", - "lib/wp80/_._", - "lib/wpa81/_._", - "lib/xamarinios10/_._", - "lib/xamarinmac20/_._", - "lib/xamarintvos10/_._", - "lib/xamarinwatchos10/_._", - "ref/MonoAndroid10/_._", - "ref/MonoTouch10/_._", - "ref/net45/_._", - "ref/netcore50/System.Threading.Tasks.dll", - "ref/netcore50/System.Threading.Tasks.xml", - "ref/netcore50/de/System.Threading.Tasks.xml", - "ref/netcore50/es/System.Threading.Tasks.xml", - "ref/netcore50/fr/System.Threading.Tasks.xml", - "ref/netcore50/it/System.Threading.Tasks.xml", - "ref/netcore50/ja/System.Threading.Tasks.xml", - "ref/netcore50/ko/System.Threading.Tasks.xml", - "ref/netcore50/ru/System.Threading.Tasks.xml", - "ref/netcore50/zh-hans/System.Threading.Tasks.xml", - "ref/netcore50/zh-hant/System.Threading.Tasks.xml", - "ref/netstandard1.0/System.Threading.Tasks.dll", - "ref/netstandard1.0/System.Threading.Tasks.xml", - "ref/netstandard1.0/de/System.Threading.Tasks.xml", - "ref/netstandard1.0/es/System.Threading.Tasks.xml", - "ref/netstandard1.0/fr/System.Threading.Tasks.xml", - "ref/netstandard1.0/it/System.Threading.Tasks.xml", - "ref/netstandard1.0/ja/System.Threading.Tasks.xml", - "ref/netstandard1.0/ko/System.Threading.Tasks.xml", - "ref/netstandard1.0/ru/System.Threading.Tasks.xml", - "ref/netstandard1.0/zh-hans/System.Threading.Tasks.xml", - "ref/netstandard1.0/zh-hant/System.Threading.Tasks.xml", - "ref/netstandard1.3/System.Threading.Tasks.dll", - "ref/netstandard1.3/System.Threading.Tasks.xml", - "ref/netstandard1.3/de/System.Threading.Tasks.xml", - "ref/netstandard1.3/es/System.Threading.Tasks.xml", - "ref/netstandard1.3/fr/System.Threading.Tasks.xml", - "ref/netstandard1.3/it/System.Threading.Tasks.xml", - "ref/netstandard1.3/ja/System.Threading.Tasks.xml", - "ref/netstandard1.3/ko/System.Threading.Tasks.xml", - "ref/netstandard1.3/ru/System.Threading.Tasks.xml", - "ref/netstandard1.3/zh-hans/System.Threading.Tasks.xml", - "ref/netstandard1.3/zh-hant/System.Threading.Tasks.xml", - "ref/portable-net45+win8+wp8+wpa81/_._", - "ref/win8/_._", - "ref/wp80/_._", - "ref/wpa81/_._", - "ref/xamarinios10/_._", - "ref/xamarinmac20/_._", - "ref/xamarintvos10/_._", - "ref/xamarinwatchos10/_._", - "system.threading.tasks.4.3.0.nupkg.sha512", - "system.threading.tasks.nuspec" - ] - }, - "System.Threading.Tasks.Extensions/4.5.4": { - "sha512": "zteT+G8xuGu6mS+mzDzYXbzS7rd3K6Fjb9RiZlYlJPam2/hU7JCBZBVEcywNuR+oZ1ncTvc/cq0faRr3P01OVg==", - "type": "package", - "path": "system.threading.tasks.extensions/4.5.4", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "LICENSE.TXT", - "THIRD-PARTY-NOTICES.TXT", - "lib/MonoAndroid10/_._", - "lib/MonoTouch10/_._", - "lib/net461/System.Threading.Tasks.Extensions.dll", - "lib/net461/System.Threading.Tasks.Extensions.xml", - "lib/netcoreapp2.1/_._", - "lib/netstandard1.0/System.Threading.Tasks.Extensions.dll", - "lib/netstandard1.0/System.Threading.Tasks.Extensions.xml", - "lib/netstandard2.0/System.Threading.Tasks.Extensions.dll", - "lib/netstandard2.0/System.Threading.Tasks.Extensions.xml", - "lib/portable-net45+win8+wp8+wpa81/System.Threading.Tasks.Extensions.dll", - "lib/portable-net45+win8+wp8+wpa81/System.Threading.Tasks.Extensions.xml", - "lib/xamarinios10/_._", - "lib/xamarinmac20/_._", - "lib/xamarintvos10/_._", - "lib/xamarinwatchos10/_._", - "ref/MonoAndroid10/_._", - "ref/MonoTouch10/_._", - "ref/netcoreapp2.1/_._", - "ref/xamarinios10/_._", - "ref/xamarinmac20/_._", - "ref/xamarintvos10/_._", - "ref/xamarinwatchos10/_._", - "system.threading.tasks.extensions.4.5.4.nupkg.sha512", - "system.threading.tasks.extensions.nuspec", - "useSharedDesignerContext.txt", - "version.txt" - ] - }, - "System.ValueTuple/4.4.0": { - "sha512": "BahUww/+mdP4ARCAh2RQhQTg13wYLVrBb9SYVgW8ZlrwjraGCXHGjo0oIiUfZ34LUZkMMR+RAzR7dEY4S1HeQQ==", - "type": "package", - "path": "system.valuetuple/4.4.0", - "files": [ - ".nupkg.metadata", - ".signature.p7s", - "LICENSE.TXT", - "THIRD-PARTY-NOTICES.TXT", - "lib/MonoAndroid10/_._", - "lib/MonoTouch10/_._", - "lib/net461/System.ValueTuple.dll", - "lib/net461/System.ValueTuple.xml", - "lib/net47/System.ValueTuple.dll", - "lib/net47/System.ValueTuple.xml", - "lib/netcoreapp2.0/_._", - "lib/netstandard1.0/System.ValueTuple.dll", - "lib/netstandard1.0/System.ValueTuple.xml", - "lib/netstandard2.0/_._", - "lib/portable-net40+sl4+win8+wp8/System.ValueTuple.dll", - "lib/portable-net40+sl4+win8+wp8/System.ValueTuple.xml", - "lib/xamarinios10/_._", - "lib/xamarinmac20/_._", - "lib/xamarintvos10/_._", - "lib/xamarinwatchos10/_._", - "ref/MonoAndroid10/_._", - "ref/MonoTouch10/_._", - "ref/net461/System.ValueTuple.dll", - "ref/net461/System.ValueTuple.xml", - "ref/net47/System.ValueTuple.dll", - "ref/net47/System.ValueTuple.xml", - "ref/netcoreapp2.0/_._", - "ref/netstandard2.0/_._", - "ref/portable-net40+sl4+win8+wp8/System.ValueTuple.dll", - "ref/portable-net40+sl4+win8+wp8/System.ValueTuple.xml", - "ref/xamarinios10/_._", - "ref/xamarinmac20/_._", - "ref/xamarintvos10/_._", - "ref/xamarinwatchos10/_._", - "system.valuetuple.4.4.0.nupkg.sha512", - "system.valuetuple.nuspec", - "useSharedDesignerContext.txt", - "version.txt" - ] - } - }, - "projectFileDependencyGroups": { - "net7.0": [ - "Minio >= 4.0.7" - ] - }, - "packageFolders": { - "/Users/pedro/.nuget/packages/": {} - }, - "project": { - "version": "1.0.0", - "restore": { - "projectUniqueName": "/Users/pedro/github.com/minio/operator/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/dotnet.csproj", - "projectName": "dotnet", - "projectPath": "/Users/pedro/github.com/minio/operator/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/dotnet.csproj", - "packagesPath": "/Users/pedro/.nuget/packages/", - "outputPath": "/Users/pedro/github.com/minio/operator/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/obj/", - "projectStyle": "PackageReference", - "configFilePaths": [ - "/Users/pedro/.nuget/NuGet/NuGet.Config" - ], - "originalTargetFrameworks": [ - "net7.0" - ], - "sources": { - "https://api.nuget.org/v3/index.json": {} - }, - "frameworks": { - "net7.0": { - "targetAlias": "net7.0", - "projectReferences": {} - } - }, - "warningProperties": { - "warnAsError": [ - "NU1605" - ] - } - }, - "frameworks": { - "net7.0": { - "targetAlias": "net7.0", - "dependencies": { - "Minio": { - "target": "Package", - "version": "[4.0.7, )" - } - }, - "imports": [ - "net461", - "net462", - "net47", - "net471", - "net472", - "net48", - "net481" - ], - "assetTargetFallback": true, - "warn": true, - "frameworkReferences": { - "Microsoft.NETCore.App": { - "privateAssets": "all" - } - }, - "runtimeIdentifierGraphPath": "/usr/local/share/dotnet/sdk/7.0.201/RuntimeIdentifierGraph.json" - } - } - } -} \ No newline at end of file diff --git a/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/project.nuget.cache b/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/project.nuget.cache deleted file mode 100644 index d9005ddb130..00000000000 --- a/examples/kustomization/sts-example/sample-clients/minio-sdk/dotnet/obj/project.nuget.cache +++ /dev/null @@ -1,67 +0,0 @@ -{ - "version": 2, - "dgSpecHash": "oAhTS10AoCO+rXVyDA0qzu+gqzhf8T1ceeJ5MpxgUkuaH6kOcw6AEJT10Kx16ZIt0TPNxTfQ1TuQJ291XAZzNQ==", - "success": true, - "projectFilePath": "/Users/pedro/github.com/minio/operator/examples/kustomization/tenant-PolicyBinding/miniosdk/dotnet/dotnet.csproj", - "expectedPackageFiles": [ - "/Users/pedro/.nuget/packages/crc32.net/1.2.0/crc32.net.1.2.0.nupkg.sha512", - "/Users/pedro/.nuget/packages/microsoft.csharp/4.7.0/microsoft.csharp.4.7.0.nupkg.sha512", - "/Users/pedro/.nuget/packages/microsoft.netcore.platforms/1.1.1/microsoft.netcore.platforms.1.1.1.nupkg.sha512", - "/Users/pedro/.nuget/packages/microsoft.netcore.targets/1.1.3/microsoft.netcore.targets.1.1.3.nupkg.sha512", - "/Users/pedro/.nuget/packages/minio/4.0.7/minio.4.0.7.nupkg.sha512", - "/Users/pedro/.nuget/packages/netstandard.library/2.0.0/netstandard.library.2.0.0.nupkg.sha512", - "/Users/pedro/.nuget/packages/newtonsoft.json/13.0.1/newtonsoft.json.13.0.1.nupkg.sha512", - "/Users/pedro/.nuget/packages/runtime.debian.8-x64.runtime.native.system.security.cryptography.openssl/4.3.2/runtime.debian.8-x64.runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", - "/Users/pedro/.nuget/packages/runtime.fedora.23-x64.runtime.native.system.security.cryptography.openssl/4.3.2/runtime.fedora.23-x64.runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", - "/Users/pedro/.nuget/packages/runtime.fedora.24-x64.runtime.native.system.security.cryptography.openssl/4.3.2/runtime.fedora.24-x64.runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", - "/Users/pedro/.nuget/packages/runtime.native.system/4.3.0/runtime.native.system.4.3.0.nupkg.sha512", - "/Users/pedro/.nuget/packages/runtime.native.system.net.http/4.3.0/runtime.native.system.net.http.4.3.0.nupkg.sha512", - "/Users/pedro/.nuget/packages/runtime.native.system.security.cryptography.apple/4.3.0/runtime.native.system.security.cryptography.apple.4.3.0.nupkg.sha512", - "/Users/pedro/.nuget/packages/runtime.native.system.security.cryptography.openssl/4.3.2/runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", - "/Users/pedro/.nuget/packages/runtime.opensuse.13.2-x64.runtime.native.system.security.cryptography.openssl/4.3.2/runtime.opensuse.13.2-x64.runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", - "/Users/pedro/.nuget/packages/runtime.opensuse.42.1-x64.runtime.native.system.security.cryptography.openssl/4.3.2/runtime.opensuse.42.1-x64.runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", - "/Users/pedro/.nuget/packages/runtime.osx.10.10-x64.runtime.native.system.security.cryptography.apple/4.3.0/runtime.osx.10.10-x64.runtime.native.system.security.cryptography.apple.4.3.0.nupkg.sha512", - "/Users/pedro/.nuget/packages/runtime.osx.10.10-x64.runtime.native.system.security.cryptography.openssl/4.3.2/runtime.osx.10.10-x64.runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", - "/Users/pedro/.nuget/packages/runtime.rhel.7-x64.runtime.native.system.security.cryptography.openssl/4.3.2/runtime.rhel.7-x64.runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", - "/Users/pedro/.nuget/packages/runtime.ubuntu.14.04-x64.runtime.native.system.security.cryptography.openssl/4.3.2/runtime.ubuntu.14.04-x64.runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", - "/Users/pedro/.nuget/packages/runtime.ubuntu.16.04-x64.runtime.native.system.security.cryptography.openssl/4.3.2/runtime.ubuntu.16.04-x64.runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", - "/Users/pedro/.nuget/packages/runtime.ubuntu.16.10-x64.runtime.native.system.security.cryptography.openssl/4.3.2/runtime.ubuntu.16.10-x64.runtime.native.system.security.cryptography.openssl.4.3.2.nupkg.sha512", - "/Users/pedro/.nuget/packages/system.collections/4.3.0/system.collections.4.3.0.nupkg.sha512", - "/Users/pedro/.nuget/packages/system.collections.concurrent/4.3.0/system.collections.concurrent.4.3.0.nupkg.sha512", - "/Users/pedro/.nuget/packages/system.diagnostics.debug/4.3.0/system.diagnostics.debug.4.3.0.nupkg.sha512", - "/Users/pedro/.nuget/packages/system.diagnostics.diagnosticsource/4.3.0/system.diagnostics.diagnosticsource.4.3.0.nupkg.sha512", - "/Users/pedro/.nuget/packages/system.diagnostics.tracing/4.3.0/system.diagnostics.tracing.4.3.0.nupkg.sha512", - "/Users/pedro/.nuget/packages/system.globalization/4.3.0/system.globalization.4.3.0.nupkg.sha512", - "/Users/pedro/.nuget/packages/system.globalization.calendars/4.3.0/system.globalization.calendars.4.3.0.nupkg.sha512", - "/Users/pedro/.nuget/packages/system.globalization.extensions/4.3.0/system.globalization.extensions.4.3.0.nupkg.sha512", - "/Users/pedro/.nuget/packages/system.io/4.3.0/system.io.4.3.0.nupkg.sha512", - "/Users/pedro/.nuget/packages/system.io.filesystem/4.3.0/system.io.filesystem.4.3.0.nupkg.sha512", - "/Users/pedro/.nuget/packages/system.io.filesystem.primitives/4.3.0/system.io.filesystem.primitives.4.3.0.nupkg.sha512", - "/Users/pedro/.nuget/packages/system.linq/4.3.0/system.linq.4.3.0.nupkg.sha512", - "/Users/pedro/.nuget/packages/system.net.http/4.3.4/system.net.http.4.3.4.nupkg.sha512", - "/Users/pedro/.nuget/packages/system.net.primitives/4.3.1/system.net.primitives.4.3.1.nupkg.sha512", - "/Users/pedro/.nuget/packages/system.reactive/5.0.0/system.reactive.5.0.0.nupkg.sha512", - "/Users/pedro/.nuget/packages/system.reactive.linq/5.0.0/system.reactive.linq.5.0.0.nupkg.sha512", - "/Users/pedro/.nuget/packages/system.reflection/4.3.0/system.reflection.4.3.0.nupkg.sha512", - "/Users/pedro/.nuget/packages/system.reflection.primitives/4.3.0/system.reflection.primitives.4.3.0.nupkg.sha512", - "/Users/pedro/.nuget/packages/system.resources.resourcemanager/4.3.0/system.resources.resourcemanager.4.3.0.nupkg.sha512", - "/Users/pedro/.nuget/packages/system.runtime/4.3.1/system.runtime.4.3.1.nupkg.sha512", - "/Users/pedro/.nuget/packages/system.runtime.extensions/4.3.0/system.runtime.extensions.4.3.0.nupkg.sha512", - "/Users/pedro/.nuget/packages/system.runtime.handles/4.3.0/system.runtime.handles.4.3.0.nupkg.sha512", - "/Users/pedro/.nuget/packages/system.runtime.interopservices/4.3.0/system.runtime.interopservices.4.3.0.nupkg.sha512", - "/Users/pedro/.nuget/packages/system.runtime.numerics/4.3.0/system.runtime.numerics.4.3.0.nupkg.sha512", - "/Users/pedro/.nuget/packages/system.security.cryptography.algorithms/4.3.0/system.security.cryptography.algorithms.4.3.0.nupkg.sha512", - "/Users/pedro/.nuget/packages/system.security.cryptography.cng/4.3.0/system.security.cryptography.cng.4.3.0.nupkg.sha512", - "/Users/pedro/.nuget/packages/system.security.cryptography.csp/4.3.0/system.security.cryptography.csp.4.3.0.nupkg.sha512", - "/Users/pedro/.nuget/packages/system.security.cryptography.encoding/4.3.0/system.security.cryptography.encoding.4.3.0.nupkg.sha512", - "/Users/pedro/.nuget/packages/system.security.cryptography.openssl/4.3.0/system.security.cryptography.openssl.4.3.0.nupkg.sha512", - "/Users/pedro/.nuget/packages/system.security.cryptography.primitives/4.3.0/system.security.cryptography.primitives.4.3.0.nupkg.sha512", - "/Users/pedro/.nuget/packages/system.security.cryptography.x509certificates/4.3.0/system.security.cryptography.x509certificates.4.3.0.nupkg.sha512", - "/Users/pedro/.nuget/packages/system.text.encoding/4.3.0/system.text.encoding.4.3.0.nupkg.sha512", - "/Users/pedro/.nuget/packages/system.threading/4.3.0/system.threading.4.3.0.nupkg.sha512", - "/Users/pedro/.nuget/packages/system.threading.tasks/4.3.0/system.threading.tasks.4.3.0.nupkg.sha512", - "/Users/pedro/.nuget/packages/system.threading.tasks.extensions/4.5.4/system.threading.tasks.extensions.4.5.4.nupkg.sha512", - "/Users/pedro/.nuget/packages/system.valuetuple/4.4.0/system.valuetuple.4.4.0.nupkg.sha512" - ], - "logs": [] -} \ No newline at end of file diff --git a/testing/common.sh b/testing/common.sh index 562cc6ad9e0..38e6aa7dff6 100644 --- a/testing/common.sh +++ b/testing/common.sh @@ -403,7 +403,6 @@ function install_sts_client() { condition="condition=Complete" selector="metadata.name=sts-client-example-$sdk-$lang-job" try wait_for_resource_field_selector $client_namespace job $condition $selector 600s - echo "removing client $1" echo "Installing sts client job for $1: DONE" } From 72d32e41f31400a444b9987ad3456cbf0efefc64 Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Sun, 5 Mar 2023 00:35:42 -0800 Subject: [PATCH 40/47] job names to match pattern --- .../sts-example/sample-clients/minio-sdk/go/kustomization.yaml | 2 +- .../sample-clients/minio-sdk/java/kustomization.yaml | 2 +- .../sample-clients/minio-sdk/javascript/kustomization.yaml | 2 +- .../sample-clients/minio-sdk/python/kustomization.yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/examples/kustomization/sts-example/sample-clients/minio-sdk/go/kustomization.yaml b/examples/kustomization/sts-example/sample-clients/minio-sdk/go/kustomization.yaml index 4947e87bc0f..d404861a6e2 100644 --- a/examples/kustomization/sts-example/sample-clients/minio-sdk/go/kustomization.yaml +++ b/examples/kustomization/sts-example/sample-clients/minio-sdk/go/kustomization.yaml @@ -17,4 +17,4 @@ patchesJson6902: patch: | - op: replace path: /metadata/name - value: sts-client-example-minio-go-job \ No newline at end of file + value: sts-client-example-minio-sdk-go-job \ No newline at end of file diff --git a/examples/kustomization/sts-example/sample-clients/minio-sdk/java/kustomization.yaml b/examples/kustomization/sts-example/sample-clients/minio-sdk/java/kustomization.yaml index 23fcf496c6e..f8333bfb2cf 100644 --- a/examples/kustomization/sts-example/sample-clients/minio-sdk/java/kustomization.yaml +++ b/examples/kustomization/sts-example/sample-clients/minio-sdk/java/kustomization.yaml @@ -17,4 +17,4 @@ patchesJson6902: patch: | - op: replace path: /metadata/name - value: sts-client-example-minio-java-job \ No newline at end of file + value: sts-client-example-minio-sdk-java-job \ No newline at end of file diff --git a/examples/kustomization/sts-example/sample-clients/minio-sdk/javascript/kustomization.yaml b/examples/kustomization/sts-example/sample-clients/minio-sdk/javascript/kustomization.yaml index 6f8f6b60042..c8bc87ed1af 100644 --- a/examples/kustomization/sts-example/sample-clients/minio-sdk/javascript/kustomization.yaml +++ b/examples/kustomization/sts-example/sample-clients/minio-sdk/javascript/kustomization.yaml @@ -17,4 +17,4 @@ patchesJson6902: patch: | - op: replace path: /metadata/name - value: sts-client-example-minio-javascript-job \ No newline at end of file + value: sts-client-example-minio-sdk-javascript-job \ No newline at end of file diff --git a/examples/kustomization/sts-example/sample-clients/minio-sdk/python/kustomization.yaml b/examples/kustomization/sts-example/sample-clients/minio-sdk/python/kustomization.yaml index e1a6515bbfc..312ecab0c1d 100644 --- a/examples/kustomization/sts-example/sample-clients/minio-sdk/python/kustomization.yaml +++ b/examples/kustomization/sts-example/sample-clients/minio-sdk/python/kustomization.yaml @@ -17,4 +17,4 @@ patchesJson6902: patch: | - op: replace path: /metadata/name - value: sts-client-example-minio-python-job \ No newline at end of file + value: sts-client-example-minio-sdk-python-job \ No newline at end of file From 50c47aacdade84c7f642942ab0ee11437553db24 Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Sun, 5 Mar 2023 01:26:22 -0800 Subject: [PATCH 41/47] Removing unneeded files: * cert manager test not needed right now * sts-client files no longer used under this dir --- testing/common.sh | 7 --- testing/sts/sts-client/job.yaml | 11 ----- testing/sts/sts-client/kustomization.yaml | 10 ----- testing/test-policy-binding+certmanager.sh | 51 ---------------------- testing/test-policy-binding.sh | 22 +++++----- 5 files changed, 11 insertions(+), 90 deletions(-) delete mode 100644 testing/sts/sts-client/job.yaml delete mode 100644 testing/sts/sts-client/kustomization.yaml delete mode 100755 testing/test-policy-binding+certmanager.sh diff --git a/testing/common.sh b/testing/common.sh index 38e6aa7dff6..0a9c9a40928 100644 --- a/testing/common.sh +++ b/testing/common.sh @@ -321,13 +321,6 @@ function install_tenant() { echo "Installing policyBinding tenant from current branch" try kubectl apply -k "${SCRIPT_DIR}/../examples/kustomization/sts-example/tenant" - elif [ "$1" = "policy-binding-cm" ]; then - namespace="minio-tenant-1" - key=v1.min.io/tenant - value=storage-policy-binding - echo "Installing policyBinding tenant with cert manager from current branch" - - try kubectl apply -k "${SCRIPT_DIR}/../examples/kustomization/sts-example/tenant-certmanager" elif [ -e $1 ]; then namespace="tenant-lite" key=v1.min.io/tenant diff --git a/testing/sts/sts-client/job.yaml b/testing/sts/sts-client/job.yaml deleted file mode 100644 index 63b5e1da709..00000000000 --- a/testing/sts/sts-client/job.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: sts-example-job - namespace: sts-client -spec: - template: - spec: - containers: - - name: sts-client - image: minio/operator-sts-example:tag diff --git a/testing/sts/sts-client/kustomization.yaml b/testing/sts/sts-client/kustomization.yaml deleted file mode 100644 index 2e702e510f1..00000000000 --- a/testing/sts/sts-client/kustomization.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: - - ../../../examples/kustomization/sts-example/sts-app - -images: - - name: minio/operator-sts-example - newTag: newTag - newName: pjuarez/operators \ No newline at end of file diff --git a/testing/test-policy-binding+certmanager.sh b/testing/test-policy-binding+certmanager.sh deleted file mode 100755 index 7df395a2667..00000000000 --- a/testing/test-policy-binding+certmanager.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/usr/bin/env bash -# Copyright (C) 2023, MinIO, Inc. -# -# This code is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License, version 3, -# as published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License, version 3, -# along with this program. If not, see - -# This script requires: kubectl, kind - -SCRIPT_DIR=$(dirname "$0") -export SCRIPT_DIR - -source "${SCRIPT_DIR}/common.sh" - -function main() { - destroy_kind - - setup_kind - - install_operator "sts" - - install_tenant "policy-binding-cm" - - check_tenant_status minio-tenant-1 storage-policy-binding - - setup_sts_bucket - - #install_sts_client "minio-sdk-dotnet" - - install_sts_client "minio-sdk-go" - - #install_sts_client "minio-sdk-java" - - # install_sts_client "minio-sdk-javascript" - - install_sts_client "minio-sdk-python" - - install_sts_client "aws-sdk-python" - - destroy_kind -} - -main "$@" diff --git a/testing/test-policy-binding.sh b/testing/test-policy-binding.sh index 89a4e834659..2e6b10883a0 100755 --- a/testing/test-policy-binding.sh +++ b/testing/test-policy-binding.sh @@ -21,31 +21,31 @@ export SCRIPT_DIR source "${SCRIPT_DIR}/common.sh" function main() { - destroy_kind + #destroy_kind - setup_kind + #setup_kind - install_operator "sts" + #install_operator "sts" - install_tenant "policy-binding" + #install_tenant "policy-binding" - check_tenant_status minio-tenant-1 storage-policy-binding + #check_tenant_status minio-tenant-1 storage-policy-binding - setup_sts_bucket + #setup_sts_bucket - #install_sts_client "minio-sdk-dotnet" + install_sts_client "minio-sdk-dotnet" - install_sts_client "minio-sdk-go" + #install_sts_client "minio-sdk-go" #install_sts_client "minio-sdk-java" # install_sts_client "minio-sdk-javascript" - install_sts_client "minio-sdk-python" + #install_sts_client "minio-sdk-python" - install_sts_client "aws-sdk-python" + #install_sts_client "aws-sdk-python" - destroy_kind + #destroy_kind } main "$@" From 6a22294112b6dda4a13e43eba4f02fd1729870c5 Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Sun, 5 Mar 2023 01:46:57 -0800 Subject: [PATCH 42/47] remove reference to cert-manager test --- .github/workflows/kubernetes-tests.yml | 22 ---------------------- testing/test-policy-binding.sh | 22 +++++++++++----------- 2 files changed, 11 insertions(+), 33 deletions(-) diff --git a/.github/workflows/kubernetes-tests.yml b/.github/workflows/kubernetes-tests.yml index 23713d8f568..84226b67f7b 100644 --- a/.github/workflows/kubernetes-tests.yml +++ b/.github/workflows/kubernetes-tests.yml @@ -262,25 +262,3 @@ jobs: - name: Test PolicyBinding CRD and sts call on kind run: | "${GITHUB_WORKSPACE}/testing/test-policy-binding.sh" - - test-policy-binding-certmanager: - runs-on: ${{ matrix.os }} - needs: - - logsearch - - operator - - lint - - gotest - - getdeps - - govet - strategy: - matrix: - go-version: [ 1.20.x ] - os: [ ubuntu-latest ] - steps: - - uses: actions/checkout@v3 - - uses: actions/setup-go@v3 - with: - go-version: ${{ matrix.go-version }} - - name: Test PolicyBinding CRD and sts call on kind with certmanager - run: | - "${GITHUB_WORKSPACE}/testing/test-policy-binding+certmanager.sh" \ No newline at end of file diff --git a/testing/test-policy-binding.sh b/testing/test-policy-binding.sh index 2e6b10883a0..89a4e834659 100755 --- a/testing/test-policy-binding.sh +++ b/testing/test-policy-binding.sh @@ -21,31 +21,31 @@ export SCRIPT_DIR source "${SCRIPT_DIR}/common.sh" function main() { - #destroy_kind + destroy_kind - #setup_kind + setup_kind - #install_operator "sts" + install_operator "sts" - #install_tenant "policy-binding" + install_tenant "policy-binding" - #check_tenant_status minio-tenant-1 storage-policy-binding + check_tenant_status minio-tenant-1 storage-policy-binding - #setup_sts_bucket + setup_sts_bucket - install_sts_client "minio-sdk-dotnet" + #install_sts_client "minio-sdk-dotnet" - #install_sts_client "minio-sdk-go" + install_sts_client "minio-sdk-go" #install_sts_client "minio-sdk-java" # install_sts_client "minio-sdk-javascript" - #install_sts_client "minio-sdk-python" + install_sts_client "minio-sdk-python" - #install_sts_client "aws-sdk-python" + install_sts_client "aws-sdk-python" - #destroy_kind + destroy_kind } main "$@" From 62d4b26d504da3b7381f86fa81396e513441d741 Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Mon, 6 Mar 2023 10:25:12 -0800 Subject: [PATCH 43/47] Addressing error handling feedback --- pkg/controller/cluster/http_handlers.go | 62 ++++++++++++++++--------- pkg/controller/cluster/sts.go | 2 +- 2 files changed, 40 insertions(+), 24 deletions(-) diff --git a/pkg/controller/cluster/http_handlers.go b/pkg/controller/cluster/http_handlers.go index 841c20ff57e..6762c2c8068 100644 --- a/pkg/controller/cluster/http_handlers.go +++ b/pkg/controller/cluster/http_handlers.go @@ -139,6 +139,10 @@ func (c *Controller) AssumeRoleWithWebIdentityHandler(w http.ResponseWriter, r * routerVars := mux.Vars(r) tenantNamespace := "" tenantNamespace, err := xhttp.UnescapeQueryPath(routerVars["tenantNamespace"]) + if err != nil { + writeSTSErrorResponse(w, true, ErrSTSInvalidParameterValue, fmt.Errorf("Unable to unescape tenant namespace: %s", err)) + return + } reqInfo := ReqInfo{ RequestID: w.Header().Get(AmzRequestID), @@ -152,18 +156,19 @@ func (c *Controller) AssumeRoleWithWebIdentityHandler(w http.ResponseWriter, r * ctx := context.WithValue(r.Context(), contextLogKey, &reqInfo) if err != nil { - writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue, fmt.Errorf("tenant namespace is missing")) + writeSTSErrorResponse(w, true, ErrSTSInvalidParameterValue, fmt.Errorf("Tenant namespace is missing:, %s", err)) + return } // Parse the incoming form data. if err := xhttp.ParseForm(r); err != nil { - writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue, fmt.Errorf("Error parsing request: %s", err)) + writeSTSErrorResponse(w, true, ErrSTSInvalidParameterValue, fmt.Errorf("Error parsing request: %s", err)) return } if r.Form.Get(stsVersion) != stsAPIVersion { err := fmt.Errorf("invalid STS API version %s, expecting %s", r.Form.Get("Version"), stsAPIVersion) - writeSTSErrorResponse(ctx, w, true, ErrSTSMissingParameter, err) + writeSTSErrorResponse(w, true, ErrSTSMissingParameter, err) return } @@ -172,14 +177,14 @@ func (c *Controller) AssumeRoleWithWebIdentityHandler(w http.ResponseWriter, r * // For now we only do WebIdentity, leaving it in case we want to implement certificate authentication case webIdentity: default: - writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue, fmt.Errorf("unsupported action %s", action)) + writeSTSErrorResponse(w, true, ErrSTSInvalidParameterValue, fmt.Errorf("Unsupported action %s", action)) return } token := strings.TrimSpace(r.Form.Get(stsWebIdentityToken)) if token == "" { - writeSTSErrorResponse(ctx, w, true, ErrSTSMissingParameter, fmt.Errorf("missing %s", stsWebIdentityToken)) + writeSTSErrorResponse(w, true, ErrSTSMissingParameter, fmt.Errorf("Missing parameter '%s'", stsWebIdentityToken)) return } @@ -187,14 +192,20 @@ func (c *Controller) AssumeRoleWithWebIdentityHandler(w http.ResponseWriter, r * accessToken := r.Form.Get(stsWebIdentityToken) saAuthResult, err := c.ValidateServiceAccountJWT(&ctx, accessToken) if err != nil { - writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidIdentityToken, err) + writeSTSErrorResponse(w, true, ErrSTSInvalidIdentityToken, err) return } + if !saAuthResult.Status.Authenticated { - writeSTSErrorResponse(ctx, w, true, ErrSTSAccessDenied, fmt.Errorf("Access denied: Invalid Token")) + writeSTSErrorResponse(w, true, ErrSTSAccessDenied, fmt.Errorf("Access denied: Invalid Token")) return } chunks := strings.Split(strings.Replace(saAuthResult.Status.User.Username, "system:serviceaccount:", "", -1), ":") + + if len(chunks) < 2 { + writeSTSErrorResponse(w, true, ErrSTSInvalidIdentityToken, fmt.Errorf("Error parsing service account name and namespace")) + return + } // saNamespace Service account Namespace saNamespace := chunks[0] // saName service account username @@ -204,7 +215,7 @@ func (c *Controller) AssumeRoleWithWebIdentityHandler(w http.ResponseWriter, r * policyBindings := []v1alpha1.PolicyBinding{} pbs, err := c.minioClientSet.StsV1alpha1().PolicyBindings(tenantNamespace).List(ctx, metav1.ListOptions{}) if err != nil { - writeSTSErrorResponse(ctx, w, true, ErrSTSInternalError, fmt.Errorf("Error obtaining PolicyBindings: %s", err)) + writeSTSErrorResponse(w, true, ErrSTSInternalError, fmt.Errorf("Error obtaining PolicyBindings: %s", err)) return } @@ -214,13 +225,18 @@ func (c *Controller) AssumeRoleWithWebIdentityHandler(w http.ResponseWriter, r * } } if len(policyBindings) == 0 { - writeSTSErrorResponse(ctx, w, true, ErrSTSAccessDenied, fmt.Errorf("Service account '%s' has no PolicyBindings in namespace '%s'", saAuthResult.Status.User.Username, tenantNamespace)) + writeSTSErrorResponse(w, true, ErrSTSAccessDenied, fmt.Errorf("Service account '%s' has no PolicyBindings in namespace '%s'", saAuthResult.Status.User.Username, tenantNamespace)) return } tenants, err := c.minioClientSet.MinioV2().Tenants(tenantNamespace).List(ctx, metav1.ListOptions{}) + if err != nil || len(tenants.Items) == 0 { - writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue, fmt.Errorf("No Tenants available in the namespace '%s'", tenantNamespace)) + if k8serrors.IsNotFound(err) { + writeSTSErrorResponse(w, true, ErrSTSInvalidParameterValue, fmt.Errorf("No tenant found in namespace '%s'", tenantNamespace)) + return + } + writeSTSErrorResponse(w, true, ErrSTSInvalidParameterValue, fmt.Errorf("Error getting tenant in namespace '%s'", tenantNamespace)) return } @@ -230,15 +246,15 @@ func (c *Controller) AssumeRoleWithWebIdentityHandler(w http.ResponseWriter, r * tenantConfiguration, err := c.getTenantCredentials(ctx, &tenant) if err != nil { if errors.Is(err, ErrEmptyRootCredentials) { - writeSTSErrorResponse(ctx, w, true, ErrSTSInternalError, fmt.Errorf("Tenant '%s' is missing root credentials", tenant.Name)) + writeSTSErrorResponse(w, true, ErrSTSInternalError, fmt.Errorf("Tenant '%s' is missing root credentials", tenant.Name)) return } - writeSTSErrorResponse(ctx, w, true, ErrSTSInternalError, fmt.Errorf("Error getting tenant '%s' root credentials: %s", tenant.Name, err)) + writeSTSErrorResponse(w, true, ErrSTSInternalError, fmt.Errorf("Error getting tenant '%s' root credentials: %s", tenant.Name, err)) return } adminClient, err := tenant.NewMinIOAdmin(tenantConfiguration, c.getTransport()) if err != nil { - writeSTSErrorResponse(ctx, w, true, ErrSTSInternalError, fmt.Errorf("Error communicating with tenant '%s': %s", tenant.Name, err)) + writeSTSErrorResponse(w, true, ErrSTSInternalError, fmt.Errorf("Error communicating with tenant '%s': %s", tenant.Name, err)) return } @@ -249,23 +265,23 @@ func (c *Controller) AssumeRoleWithWebIdentityHandler(w http.ResponseWriter, r * if len(sessionPolicyStr) > 0 { compactedSessionPolicy, err = miniov2.CompactJSONString(sessionPolicyStr) if err != nil { - writeSTSErrorResponse(ctx, w, true, ErrSTSMalformedPolicyDocument, err) + writeSTSErrorResponse(w, true, ErrSTSMalformedPolicyDocument, err) return } sessionPolicy, err = iampolicy.ParseConfig(bytes.NewReader([]byte(compactedSessionPolicy))) if err != nil { - writeSTSErrorResponse(ctx, w, true, ErrSTSMalformedPolicyDocument, err) + writeSTSErrorResponse(w, true, ErrSTSMalformedPolicyDocument, err) return } // Version in policy must not be empty if sessionPolicy.Version == "" { - writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue, fmt.Errorf("Invalid session policy version")) + writeSTSErrorResponse(w, true, ErrSTSInvalidParameterValue, fmt.Errorf("Invalid session policy version")) return } // The plain text that you use for both inline and managed session // policies shouldn't exceed 2048 characters. if len(compactedSessionPolicy) > 2048 { - writeSTSErrorResponse(ctx, w, true, ErrSTSPackedPolicyTooLarge, fmt.Errorf("Session policy should not exceed 2048 characters")) + writeSTSErrorResponse(w, true, ErrSTSPackedPolicyTooLarge, fmt.Errorf("Session policy should not exceed 2048 characters")) return } } @@ -283,7 +299,7 @@ func (c *Controller) AssumeRoleWithWebIdentityHandler(w http.ResponseWriter, r * } parsedPolicy, err := iampolicy.ParseConfig(bytes.NewReader([]byte(policy.Policy))) if err != nil { - klog.Error(fmt.Errorf("Invalid policy, not parseable %s, ignoring: %s", policyName, err)) + klog.Error(fmt.Errorf("Invalid policy, '%s' isnot parseable ignoring: %s", policyName, err)) continue } bfPolicy = bfPolicy.Merge(*parsedPolicy) @@ -292,11 +308,11 @@ func (c *Controller) AssumeRoleWithWebIdentityHandler(w http.ResponseWriter, r * bfJSONPolicy, _ := json.Marshal(bfPolicy) bfCompact, err := miniov2.CompactJSONString(string(bfJSONPolicy)) if err != nil { - writeSTSErrorResponse(ctx, w, true, ErrSTSMalformedPolicyDocument, err) + writeSTSErrorResponse(w, true, ErrSTSMalformedPolicyDocument, err) return } if len(bfCompact) > 2048 { - writeSTSErrorResponse(ctx, w, true, ErrSTSPackedPolicyTooLarge, fmt.Errorf("PolicyBinding resulting policy is too long, Policy should not exceed 2048 characters")) + writeSTSErrorResponse(w, true, ErrSTSPackedPolicyTooLarge, fmt.Errorf("PolicyBinding resulting policy is too long, Policy should not exceed 2048 characters, length %d", len(bfCompact))) return } @@ -305,12 +321,12 @@ func (c *Controller) AssumeRoleWithWebIdentityHandler(w http.ResponseWriter, r * if durationStr != "" { duration, err := strconv.Atoi(durationStr) if err != nil { - writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue, fmt.Errorf("invalid token expiry")) + writeSTSErrorResponse(w, true, ErrSTSInvalidParameterValue, fmt.Errorf("Invalid token expiry")) return } if duration < 900 || duration > 31536000 { - writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue, fmt.Errorf("invalid token expiry: min 900s, max 31536000s")) + writeSTSErrorResponse(w, true, ErrSTSInvalidParameterValue, fmt.Errorf("Invalid token expiry: min 900s, max 31536000s")) return } durationInSeconds = duration @@ -318,7 +334,7 @@ func (c *Controller) AssumeRoleWithWebIdentityHandler(w http.ResponseWriter, r * stsCredentials, err := AssumeRole(ctx, c, &tenant, bfCompact, durationInSeconds) if err != nil { - writeSTSErrorResponse(ctx, w, true, ErrSTSInternalError, err) + writeSTSErrorResponse(w, true, ErrSTSInternalError, err) return } diff --git a/pkg/controller/cluster/sts.go b/pkg/controller/cluster/sts.go index eaf76ad5623..09b19e260dd 100644 --- a/pkg/controller/cluster/sts.go +++ b/pkg/controller/cluster/sts.go @@ -268,7 +268,7 @@ func configureSTSServer(c *Controller) *http.Server { } // writeSTSErrorRespone writes error headers -func writeSTSErrorResponse(ctx context.Context, w http.ResponseWriter, isErrCodeSTS bool, errCode STSErrorCode, errCtxt error) { +func writeSTSErrorResponse(w http.ResponseWriter, isErrCodeSTS bool, errCode STSErrorCode, errCtxt error) { var err APIError if isErrCodeSTS { err = stsErrCodes.ToSTSErr(errCode) From baa7d5ba3afcf1de3d78d0e63c248f2694f82c48 Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Mon, 6 Mar 2023 13:44:08 -0800 Subject: [PATCH 44/47] Address feedback on workgroups and concurrency --- pkg/controller/cluster/main-controller.go | 41 +++++++++++------------ 1 file changed, 20 insertions(+), 21 deletions(-) diff --git a/pkg/controller/cluster/main-controller.go b/pkg/controller/cluster/main-controller.go index 17f5ab75de5..a056d0feceb 100644 --- a/pkg/controller/cluster/main-controller.go +++ b/pkg/controller/cluster/main-controller.go @@ -398,19 +398,15 @@ func (c *Controller) Start(threadiness int, stopCh <-chan struct{}) error { var wg sync.WaitGroup // 1) we need to make sure the API server is ready before starting operator - // 2) wait for STS API to be ready before starting operator - // 3) we need to make sure the HTTP Upgrade server is ready before starting operator - // 4) pausing the process until console has it's TLS certificate (if enabled) - wg.Add(3) + // 2) we need to make sure the HTTP Upgrade server is ready before starting operator + wg.Add(2) klog.Info("Waiting for API to start") klog.Info("Waiting for Upgrade Server to start") - klog.Info("Waiting for Console TLS") go func() { // Request kubernetes version from Kube ApiServer apiCsrVersion := certificates.GetCertificatesAPIVersion(c.kubeClientSet) klog.Infof("Using Kubernetes CSR Version: %s", apiCsrVersion) - if isOperatorTLS() { publicCertPath, publicKeyPath := c.generateOperatorTLSCert() klog.Infof("Starting HTTPS API server") @@ -422,6 +418,7 @@ func (c *Controller) Start(threadiness int, stopCh <-chan struct{}) error { } serverCertsManager = certsManager c.ws.TLSConfig = c.createTLSConfig(serverCertsManager) + if err := c.ws.ListenAndServeTLS("", ""); err != http.ErrServerClosed { klog.Infof("HTTPS server ListenAndServeTLS failed: %v", err) panic(err) @@ -446,11 +443,14 @@ func (c *Controller) Start(threadiness int, stopCh <-chan struct{}) error { } }() - go func() { - if isOperatorConsoleTLS() { + if isOperatorConsoleTLS() { + // we need to make sure has console TLS certificate (if enabled) + klog.Info("Waiting for Console TLS") + wg.Add(1) + go func() { + defer wg.Done() klog.Infof("Console TLS enabled, starting console TLS certificate setup") err := c.recreateOperatorConsoleCertsIfRequired(ctx) - wg.Done() if err != nil { panic(err) } @@ -459,18 +459,18 @@ func (c *Controller) Start(threadiness int, stopCh <-chan struct{}) error { if err != nil { klog.Errorf("Console deployment didn't restart: %s", err) } - } else { - klog.Infof("Console TLS is not enabled") - wg.Done() - } - }() + }() + } else { + klog.Infof("Console TLS is not enabled") + } if IsSTSEnabled() { + // Wait for STS API to be ready before starting operator wg.Add(1) go func() { + defer wg.Done() klog.Infof("STS is enabled, starting STS API certificate setup") c.generateSTSTLSCert() - wg.Done() }() } @@ -501,7 +501,7 @@ func (c *Controller) Start(threadiness int, stopCh <-chan struct{}) error { } // runSTS starts the STS API even if the pod is not the leader - runSTS := func(ctx context.Context) { + runSTS := func(ctx context.Context) <-chan interface{} { // stsServerWillStart is a channel for the STS Server API stsServerWillStart := make(chan interface{}) @@ -522,10 +522,7 @@ func (c *Controller) Start(threadiness int, stopCh <-chan struct{}) error { } }() - klog.Info("Waiting for STS API to start") - <-stsServerWillStart - - select {} + return stsServerWillStart } // use a Go context so we can tell the leaderelection code when we @@ -561,7 +558,9 @@ func (c *Controller) Start(threadiness int, stopCh <-chan struct{}) error { } if IsSTSEnabled() { - go runSTS(ctx) + klog.Info("Waiting for STS API to start") + started := runSTS(ctx) + <-started } else { klog.Info("STS Api server is not enabled, not starting") } From 117cfabdbc06ebe2b6d30e90780c4f6f7232f10c Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Mon, 6 Mar 2023 13:45:33 -0800 Subject: [PATCH 45/47] fail fast tests if `make` or `kind load docker-image` fails --- testing/common.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/testing/common.sh b/testing/common.sh index 0a9c9a40928..a402d95757a 100644 --- a/testing/common.sh +++ b/testing/common.sh @@ -58,10 +58,10 @@ function install_operator() { # To compile current branch echo "Compiling Current Branch Operator" - (cd "${SCRIPT_DIR}/.." && TAG=minio/operator:noop make docker) # will not change your shell's current directory + (cd "${SCRIPT_DIR}/.." && TAG=minio/operator:noop try make docker) # will not change your shell's current directory echo 'start - load compiled image so we can use it later on' - kind load docker-image minio/operator:noop + try kind load docker-image minio/operator:noop echo 'end - load compiled image so we can use it later on' if [ "$1" = "helm" ]; then From a690df9ef6e04035743e366c9c40981244dd35a9 Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Mon, 6 Mar 2023 13:56:02 -0800 Subject: [PATCH 46/47] remove policybinding queue, not being used for now --- pkg/controller/cluster/main-controller.go | 48 +---------------------- 1 file changed, 1 insertion(+), 47 deletions(-) diff --git a/pkg/controller/cluster/main-controller.go b/pkg/controller/cluster/main-controller.go index a056d0feceb..c5ff728ffa0 100644 --- a/pkg/controller/cluster/main-controller.go +++ b/pkg/controller/cluster/main-controller.go @@ -67,11 +67,9 @@ import ( "k8s.io/client-go/tools/cache" "k8s.io/client-go/tools/record" - "k8s.io/client-go/util/workqueue" queue "k8s.io/client-go/util/workqueue" miniov2 "github.com/minio/operator/pkg/apis/minio.min.io/v2" - stsv1alpha1 "github.com/minio/operator/pkg/apis/sts.min.io/v1alpha1" clientset "github.com/minio/operator/pkg/client/clientset/versioned" minioscheme "github.com/minio/operator/pkg/client/clientset/versioned/scheme" informers "github.com/minio/operator/pkg/client/informers/externalversions/minio.min.io/v2" @@ -209,13 +207,6 @@ type Controller struct { // image being used in the operator deployment operatorImage string - // queue is a rate limited work queue. This is used to queue work to be - // processed instead of performing it as soon as a change happens. This - // means we can ensure we only process a fixed amount of resources at a - // time, and makes it easy to ensure we are never processing the same item - // simultaneously in two different workers. - policyBindingQueue queue.RateLimitingInterface - // policyBindingListerSynced returns true if the PolicyBinding shared informer // has synced at least once. policyBindingListerSynced cache.InformerSynced @@ -270,7 +261,6 @@ func NewController(podName string, namespacesToWatch set.StringSet, kubeClientSe recorder: recorder, hostsTemplate: hostsTemplate, operatorVersion: operatorVersion, - policyBindingQueue: queue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "PolicyBindings"), policyBindingListerSynced: policyBindingInformer.Informer().HasSynced, operatorImage: oprImg, } @@ -299,18 +289,7 @@ func NewController(podName string, namespacesToWatch set.StringSet, kubeClientSe controller.enqueueTenant(new) }, }) - // Event handler for PolicyBinding resources changes - policyBindingInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{ - AddFunc: controller.enqueuePB, - UpdateFunc: func(old, new interface{}) { - oldPB := old.(*stsv1alpha1.PolicyBinding) - newPB := new.(*stsv1alpha1.PolicyBinding) - if newPB.ResourceVersion == oldPB.ResourceVersion { - return - } - controller.enqueuePB(new) - }, - }) + // Set up an event handler for when StatefulSet resources change. This // handler will lookup the owner of the given StatefulSet, and if it is // owned by a Tenant resource will enqueue that Tenant resource for @@ -641,7 +620,6 @@ func (c *Controller) Stop() { klog.Info("Stopping the minio controller") c.workqueue.ShutDown() c.healthCheckQueue.ShutDown() - c.policyBindingQueue.ShutDown() } // runWorker is a long-running function that will continually call the @@ -1484,30 +1462,6 @@ func (c *Controller) enqueueTenant(obj interface{}) { c.workqueue.AddRateLimited(key) } -// enqueuePolicyBinding takes a PolicyBinding resource and converts it into a namespance/name string -// This key is put into the workqueue. -// It will ignore any PolicyBinding not in the namespaces that the Operator watches. -// Only PolicyBindings in the watched namespaces where Operator manage tenants are Honored. -func (c *Controller) enqueuePB(obj interface{}) { - key, err := cache.MetaNamespaceKeyFunc(obj) - if err != nil { - runtime.HandleError(err) - return - } - if !c.namespacesToWatch.IsEmpty() { - meta, err := meta.Accessor(obj) - if err != nil { - runtime.HandleError(err) - return - } - if !c.namespacesToWatch.Contains(meta.GetNamespace()) { - klog.Infof("Ignoring PolicyBindig `%s` in namespace that is not watched by this controller.", key) - return - } - } - c.policyBindingQueue.AddRateLimited(key) -} - // handleObject will take any resource implementing metav1.Object and attempt // to find the Tenant resource that 'owns' it. It does this by looking at the // objects metadata.ownerReferences field for an appropriate OwnerReference. From a465929e1d44d676889a134d0f399ea06b085bb3 Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Mon, 6 Mar 2023 15:12:48 -0800 Subject: [PATCH 47/47] Address spelling feedback --- Makefile | 2 +- README.md | 2 +- docs/console.md | 2 +- docs/kes.md | 2 +- docs/operator-fields.md | 2 +- docs/policybinding_crd.adoc | 5 +++-- docs/sidecars.md | 2 +- docs/{tenat_crd.adoc => tenant_crd.adoc} | 0 examples/kustomization/sts-example/README.md | 4 ++-- pkg/apis/sts.min.io/v1alpha1/doc.go | 7 ++++--- release.sh | 2 +- 11 files changed, 16 insertions(+), 14 deletions(-) rename docs/{tenat_crd.adoc => tenant_crd.adoc} (100%) diff --git a/Makefile b/Makefile index 1822624ff54..dc22d809f31 100644 --- a/Makefile +++ b/Makefile @@ -73,7 +73,7 @@ regen-crd: regen-crd-docs: @which crd-ref-docs 1>/dev/null || (echo "Installing crd-ref-docs" && GO111MODULE=on go install -v github.com/elastic/crd-ref-docs@latest) - @${GOPATH}/bin/crd-ref-docs --source-path=./pkg/apis/minio.min.io/v2 --config=docs/templates/config.yaml --renderer=asciidoctor --output-path=docs/tenat_crd.adoc --templates-dir=docs/templates/asciidoctor/ + @${GOPATH}/bin/crd-ref-docs --source-path=./pkg/apis/minio.min.io/v2 --config=docs/templates/config.yaml --renderer=asciidoctor --output-path=docs/tenant_crd.adoc --templates-dir=docs/templates/asciidoctor/ @${GOPATH}/bin/crd-ref-docs --source-path=./pkg/apis/sts.min.io/v1alpha1 --config=docs/templates/config.yaml --renderer=asciidoctor --output-path=docs/policybinding_crd.adoc --templates-dir=docs/templates/asciidoctor/ plugin: regen-crd diff --git a/README.md b/README.md index 916c8549efc..dd769a930ef 100644 --- a/README.md +++ b/README.md @@ -318,5 +318,5 @@ Use of MinIO Operator is governed by the GNU AGPLv3 or later, found in the [LICE - [Apply PodSecurityPolicy](https://github.com/minio/operator/blob/master/docs/pod-security-policy.md). - [Deploy MinIO Tenant with Console](https://github.com/minio/operator/blob/master/docs/console.md). - [Deploy MinIO Tenant with KES](https://github.com/minio/operator/blob/master/docs/kes.md). -- [Tenant API Documentation](docs/tenat_crd.adoc) +- [Tenant API Documentation](docs/tenant_crd.adoc) - [Policy Binding API Documentation](docs/policybinding_crd.adoc) diff --git a/docs/console.md b/docs/console.md index 37e96550301..c2edf5c229a 100644 --- a/docs/console.md +++ b/docs/console.md @@ -20,4 +20,4 @@ kubectl create -f https://raw.githubusercontent.com/minio/operator/master/exampl kubectl minio tenant create --name tenant1 --secret tenant1-secret --servers 4 --volumes 16 --capacity 16Ti --namespace tenant1-ns --console-secret console-secret ``` -A complete list of values is available [here](tenat_crd.adoc##consoleconfiguration) in the API reference. +A complete list of values is available [here](tenant_crd.adoc##consoleconfiguration) in the API reference. diff --git a/docs/kes.md b/docs/kes.md index 43a291fb21c..ff84096abc0 100644 --- a/docs/kes.md +++ b/docs/kes.md @@ -36,4 +36,4 @@ KES Configuration is a part of Tenant yaml file. Check the sample file [availabl | spec.kes.kesSecret | Secret to specify KES Configuration. This is a mandatory field. | | spec.kes.metadata | This allows a way to map metadata to the KES pods. Internally `metadata` is a struct type as [explained here](https://godoc.org/k8s.io/apimachinery/pkg/apis/meta/v1#ObjectMeta). | -A complete list of values is available [here](tenat_crd.adoc#kesconfig) in the API reference. +A complete list of values is available [here](tenant_crd.adoc#kesconfig) in the API reference. diff --git a/docs/operator-fields.md b/docs/operator-fields.md index 4976ff9935e..9bca5b20a80 100644 --- a/docs/operator-fields.md +++ b/docs/operator-fields.md @@ -45,4 +45,4 @@ MinIO Operator creates native Kubernetes resources within the cluster. If the Te | spec.pools.volumesPerServer | Set the number of volume mounts per MinIO node. For example if you set `spec.pools[0].Servers = 4`, `spec.pools[1].Servers = 8` and `spec.volumesPerServer = 4`, then you'll have total 12 MinIO Pods, with 4 volume mounts on each Pod. Note that `volumesPerServer` is static per cluster and that expanding a cluster will add new nodes. | | spec.pools.tolerations | Define a toleration for the Tenant pod to match a taint. Refer [this document](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) for details. | -A complete list of values is available [here](tenat_crd.adoc) in the API reference. +A complete list of values is available [here](tenant_crd.adoc) in the API reference. diff --git a/docs/policybinding_crd.adoc b/docs/policybinding_crd.adoc index 164f31ed514..57a6422e1d5 100644 --- a/docs/policybinding_crd.adoc +++ b/docs/policybinding_crd.adoc @@ -14,8 +14,9 @@ [id="{anchor_prefix}-sts-min-io-v1alpha1"] === sts.min.io/v1alpha1 -Package v1alpha1 -The following parameters are specific to the `sts.min.io/v1alpha1` MinIO Policy Binding CRD API -PolicyBinding is a Auhtorization mechanism managed by the Minio Operator using Kubernetes ServiceAccount JSON Web Tokens, the binding allow to an ServiceAccount to assume temporary credentials to access a tenant objects. +Package v1alpha1 - The following parameters are specific to the `sts.min.io/v1alpha1` MinIO Policy Binding CRD API +PolicyBinding is an Authorization mechanism managed by the Minio Operator. +Using Kubernetes ServiceAccount JSON Web Tokens the binding allow a ServiceAccount to assume temporary IAM credentials. For more complete documentation on this object, see the https://docs.min.io/minio/k8s/reference/minio-operator-reference.html#minio-operator-yaml-reference[MinIO Kubernetes Documentation]. PolicyBinding is added as part of the MinIO Operator v5.0.0. + diff --git a/docs/sidecars.md b/docs/sidecars.md index d7c130be4a0..e2f094fe8c2 100644 --- a/docs/sidecars.md +++ b/docs/sidecars.md @@ -32,4 +32,4 @@ The following example configures a warp container to run in the same pod as the **Note:** the MinIO Service for the tenant won't expose the ports added in the sidecar. It's up to the user to expose these ports with their own services. -A complete list of values is available [here](tenat_crd.adoc##sidecars) in the API reference. \ No newline at end of file +A complete list of values is available [here](tenant_crd.adoc##sidecars) in the API reference. \ No newline at end of file diff --git a/docs/tenat_crd.adoc b/docs/tenant_crd.adoc similarity index 100% rename from docs/tenat_crd.adoc rename to docs/tenant_crd.adoc diff --git a/examples/kustomization/sts-example/README.md b/examples/kustomization/sts-example/README.md index 30bc2ceec72..d45852a75e6 100644 --- a/examples/kustomization/sts-example/README.md +++ b/examples/kustomization/sts-example/README.md @@ -14,7 +14,7 @@ the `minio-operator` deployment. ## TLS The STS functionality works only with TLS configured. We can request certificates automatically, but additional you can -user `cert-manager` or bring your own certificates. +use `cert-manager` or bring your own certificates. # Installation @@ -52,7 +52,7 @@ kubectl apply -k examples/kustomization/sts-example/sample-data # 3. Install sample application The sample application will install to `sts-client` namespace and grant access to the job called `sts-example-job` to -access `tenant` with the MinIO Policy called `test-bucket-rw` that we created on the previous step on +access `tenant` with the MinIO Policy called `test-bucket-rw` that we created in the previous step on namespace `minio-tenant-1` by installing a `PolicyBinding` on the `minio-tenant-1` namespace. Example policy binding (see CRD documentation in [policybinding_crd.adoc](../../../docs/policybinding_crd.adoc) ) diff --git a/pkg/apis/sts.min.io/v1alpha1/doc.go b/pkg/apis/sts.min.io/v1alpha1/doc.go index 0845b0e430a..3d55d26738c 100644 --- a/pkg/apis/sts.min.io/v1alpha1/doc.go +++ b/pkg/apis/sts.min.io/v1alpha1/doc.go @@ -1,4 +1,4 @@ -// Copyright (C) 2022, MinIO, Inc. +// Copyright (C) 2023, MinIO, Inc. // // This code is free software: you can redistribute it and/or modify // it under the terms of the GNU Affero General Public License, version 3, @@ -15,8 +15,9 @@ // +k8s:deepcopy-gen=package,register // go:generate controller-gen crd:trivialVersions=true paths=. output:dir=. -// Package v1alpha1 -The following parameters are specific to the `sts.min.io/v1alpha1` MinIO Policy Binding CRD API -// PolicyBinding is a Auhtorization mechanism managed by the Minio Operator using Kubernetes ServiceAccount JSON Web Tokens, the binding allow to an ServiceAccount to assume temporary credentials to access a tenant objects. +// Package v1alpha1 - The following parameters are specific to the `sts.min.io/v1alpha1` MinIO Policy Binding CRD API +// PolicyBinding is an Authorization mechanism managed by the Minio Operator. +// Using Kubernetes ServiceAccount JSON Web Tokens the binding allow a ServiceAccount to assume temporary IAM credentials. // For more complete documentation on this object, see the https://docs.min.io/minio/k8s/reference/minio-operator-reference.html#minio-operator-yaml-reference[MinIO Kubernetes Documentation]. // PolicyBinding is added as part of the MinIO Operator v5.0.0. + // +groupName=sts.min.io diff --git a/release.sh b/release.sh index 1cd6ac9bcde..75b8de376e3 100755 --- a/release.sh +++ b/release.sh @@ -15,7 +15,7 @@ CONSOLE_RELEASE="${CONSOLE_RELEASE:1}" # Figure out the FROM console release we are updating from CONSOLE_CURRENT_RELEASE=$(grep -Eo 'minio\/console:v([0-9]?[0-9].[0-9]?[0-9].[0-9]?[0-9])' resources/base/console-ui.yaml | grep -Eo '([0-9]?[0-9].[0-9]?[0-9].[0-9]?[0-9])') -files=("docs/tenat_crd.adoc" "docs/policybinding_crd.adoc" "docs/templates/asciidoctor/gv_list.tpl" "examples/kustomization/base/tenant.yaml" "helm/operator/Chart.yaml" "helm/operator/values.yaml" "helm/tenant/Chart.yaml" "helm/tenant/values.yaml" "kubectl-minio/README.md" "kubectl-minio/cmd/helpers/constants.go" "kubectl-minio/cmd/tenant-upgrade.go" "pkg/apis/minio.min.io/v2/constants.go" "resources/base/deployment.yaml" "update-operator-krew.py" "resources/base/console-ui.yaml") +files=("docs/tenant_crd.adoc" "docs/policybinding_crd.adoc" "docs/templates/asciidoctor/gv_list.tpl" "examples/kustomization/base/tenant.yaml" "helm/operator/Chart.yaml" "helm/operator/values.yaml" "helm/tenant/Chart.yaml" "helm/tenant/values.yaml" "kubectl-minio/README.md" "kubectl-minio/cmd/helpers/constants.go" "kubectl-minio/cmd/tenant-upgrade.go" "pkg/apis/minio.min.io/v2/constants.go" "resources/base/deployment.yaml" "update-operator-krew.py" "resources/base/console-ui.yaml") CURRENT_RELEASE=$(get_latest_release minio/operator) CURRENT_RELEASE="${CURRENT_RELEASE:1}"