Rename socket path (#1042)

* rename socket path Signed-off-by: Volkan Özçelik <volkan.ozcelik@broadcom.com> * update default values in source Signed-off-by: Volkan Özçelik <volkan.ozcelik@broadcom.com> * socket update Signed-off-by: Volkan Özçelik <volkan.ozcelik@broadcom.com> --------- Signed-off-by: Volkan Özçelik <volkan.ozcelik@broadcom.com>
vmware-tanzu · Jul 5, 2024 · 0af85bf · 0af85bf
1 parent e417df2
commit 0af85bf
Show file tree

Hide file tree

Showing 51 changed files with 142 additions and 132 deletions.
diff --git a/core/constants/env/env.go b/core/constants/env/env.go
@@ -79,7 +79,7 @@ const VSecMWorkloadNameRegExp VarName = "VSECM_WORKLOAD_NAME_REGEXP"
 
 type VarValue string
 
-const SpiffeEndpointSocketDefault VarValue = "unix:///spire-agent-socket/agent.sock"
+const SpiffeEndpointSocketDefault VarValue = "unix:///spire-agent-socket/spire-agent.sock"
 const SpiffeTrustDomainDefault VarValue = "vsecm.com"
 const VSecMBackoffDelayDefault VarValue = "1000"
 const VSecMBackoffMaxRetriesDefault VarValue = "10"

diff --git a/core/env/spiffe_test.go b/core/env/spiffe_test.go
@@ -24,17 +24,17 @@ func TestSpiffeSocketUrl(t *testing.T) {
  }{
  {
  name: "default_spiffe_endpoint_socket",
- want: "unix:///spire-agent-socket/agent.sock",
+ want: "unix:///spire-agent-socket/spire-agent.sock",
  },
  {
  name: "spiffe_endpoint_socket_from_env",
  setup: func() error {
- return os.Setenv("SPIFFE_ENDPOINT_SOCKET", "unix:///spire-agent-custom-socket/agent.sock")
+ return os.Setenv("SPIFFE_ENDPOINT_SOCKET", "unix:///spire-agent-custom-socket/spire-agent.sock")
  },
  cleanup: func() error {
  return os.Unsetenv("SPIFFE_ENDPOINT_SOCKET")
  },
- want: "unix:///spire-agent-custom-socket/agent.sock",
+ want: "unix:///spire-agent-custom-socket/spire-agent.sock",
  },
  }
  for _, tt := range tests {

diff --git a/docs/content/documentation/configuration/overview.md b/docs/content/documentation/configuration/overview.md
@@ -61,7 +61,7 @@ The following section contain a breakdown of all of these environment variables.
 `SPIFFE_ENDPOINT_SOCKET` is required for **VSecM Sentinel** to talk to
 **SPIRE**.
 
-If not provided, a default value of `"unix:///spire-agent-socket/agent.sock"`
+If not provided, a default value of `"unix:///spire-agent-socket/spire-agent.sock"`
 will be used.
 
 ### SPIFFE_TRUST_DOMAIN

diff --git a/docs/content/documentation/production/overview.md b/docs/content/documentation/production/overview.md
@@ -810,7 +810,7 @@ data:
  log_level = {{ .Values.global.spire.logLevel | quote }}
  server_address = {{ .Values.global.spire.serverAddress | quote }}
  server_port = {{ .Values.global.spire.serverPort | quote }}
- socket_path = "/run/spire/sockets/agent.sock"
+ socket_path = "/run/spire/sockets/spire-agent.sock"
  trust_bundle_path = "/run/spire/bundle/bundle.crt"
  trust_domain = {{ .Values.global.spire.trustDomain | quote }}
  }

diff --git a/docs/content/documentation/usage/sdk.md b/docs/content/documentation/usage/sdk.md
@@ -132,7 +132,7 @@ spec:
  readOnly: true
  env:
  - name: SPIFFE_ENDPOINT_SOCKET
- value: unix:///spire-agent-socket/agent.sock
+ value: unix:///spire-agent-socket/spire-agent.sock
  volumes:
  - name: spire-agent-socket
  hostPath:

diff --git a/docs/content/documentation/use-cases/mounting-secrets.md b/docs/content/documentation/use-cases/mounting-secrets.md
@@ -310,7 +310,7 @@ spec:
  - name: VSECM_SIDECAR_SECRET_PATH
  value: "/opt/app/credentials/secrets.json" 
  - name: SPIFFE_ENDPOINT_SOCKET
- value: "unix:///spire-agent-socket/agent.sock"
+ value: "unix:///spire-agent-socket/spire-agent.sock"
 ## <--- END CHANGE
 
  volumes:
@@ -386,7 +386,7 @@ spec:
  - name: VSECM_SIDECAR_SECRET_PATH
  value: "/opt/app/credentials/secrets.json" 
  - name: SPIFFE_ENDPOINT_SOCKET
- value: "unix:///spire-agent-socket/agent.sock"
+ value: "unix:///spire-agent-socket/spire-agent.sock"
  volumes:
  - name: spire-agent-socket
  csi:
@@ -458,7 +458,7 @@ spec:
  - name: VSECM_SIDECAR_SECRET_PATH
  value: "/opt/app/credentials/secrets.json" 
  - name: SPIFFE_ENDPOINT_SOCKET
- value: "unix:///spire-agent-socket/agent.sock"
+ value: "unix:///spire-agent-socket/spire-agent.sock"
  volumes:
  - name: spire-agent-socket
  csi:

diff --git a/docs/content/documentation/use-cases/vsecm-sdk.md b/docs/content/documentation/use-cases/vsecm-sdk.md
@@ -96,7 +96,7 @@ spec:
  - name: VSECM_SIDECAR_SECRET_PATH
  value: "/opt/app/credentials/secrets.json"
  - name: SPIFFE_ENDPOINT_SOCKET
- value: "unix:///spire-agent-socket/agent.sock"
+ value: "unix:///spire-agent-socket/spire-agent.sock"
  volumes:
  - name: spire-agent-socket
  csi:

diff --git a/examples/multiple_secrets/k8s-eks/Deployment.yaml b/examples/multiple_secrets/k8s-eks/Deployment.yaml
@@ -45,7 +45,7 @@ spec:
  #
  env:
  - name: SPIFFE_ENDPOINT_SOCKET
- value: "unix:///spire-agent-socket/agent.sock"
+ value: "unix:///spire-agent-socket/spire-agent.sock"
  - name: VSECM_LOG_LEVEL
  value: "7"
  - name: VSECM_SPIFFEID_PREFIX_WORKLOAD

diff --git a/examples/multiple_secrets/k8s/Deployment.yaml b/examples/multiple_secrets/k8s/Deployment.yaml
@@ -45,7 +45,7 @@ spec:
  #
  env:
  - name: SPIFFE_ENDPOINT_SOCKET
- value: "unix:///spire-agent-socket/agent.sock"
+ value: "unix:///spire-agent-socket/spire-agent.sock"
  - name: VSECM_LOG_LEVEL
  value: "7"
  - name: VSECM_SPIFFEID_PREFIX_WORKLOAD

diff --git a/examples/using_init_container/k8s-eks/Deployment.yaml b/examples/using_init_container/k8s-eks/Deployment.yaml
@@ -53,7 +53,7 @@ spec:
  #
  env:
  - name: SPIFFE_ENDPOINT_SOCKET
- value: "unix:///spire-agent-socket/agent.sock"
+ value: "unix:///spire-agent-socket/spire-agent.sock"
  - name: VSECM_LOG_LEVEL
  value: "7"
  - name: VSECM_SPIFFEID_PREFIX_WORKLOAD

diff --git a/examples/using_init_container/k8s/Deployment.yaml b/examples/using_init_container/k8s/Deployment.yaml
@@ -53,7 +53,7 @@ spec:
  #
  env:
  - name: SPIFFE_ENDPOINT_SOCKET
- value: "unix:///spire-agent-socket/agent.sock"
+ value: "unix:///spire-agent-socket/spire-agent.sock"
  - name: VSECM_LOG_LEVEL
  value: "7"
  - name: VSECM_SPIFFEID_PREFIX_WORKLOAD

diff --git a/examples/using_sdk_go/k8s-eks/Deployment.yaml b/examples/using_sdk_go/k8s-eks/Deployment.yaml
@@ -45,7 +45,7 @@ spec:
  #
  env:
  - name: SPIFFE_ENDPOINT_SOCKET
- value: "unix:///spire-agent-socket/agent.sock"
+ value: "unix:///spire-agent-socket/spire-agent.sock"
  - name: VSECM_LOG_LEVEL
  value: "7"
  - name: VSECM_SPIFFEID_PREFIX_WORKLOAD

diff --git a/examples/using_sdk_go/k8s/Deployment.yaml b/examples/using_sdk_go/k8s/Deployment.yaml
@@ -45,7 +45,7 @@ spec:
  #
  env:
  - name: SPIFFE_ENDPOINT_SOCKET
- value: "unix:///spire-agent-socket/agent.sock"
+ value: "unix:///spire-agent-socket/spire-agent.sock"
  - name: VSECM_LOG_LEVEL
  value: "7"
  - name: VSECM_SPIFFEID_PREFIX_WORKLOAD

diff --git a/examples/using_sidecar/k8s-eks/Deployment.yaml b/examples/using_sidecar/k8s-eks/Deployment.yaml
@@ -54,7 +54,7 @@ spec:
  #
  env:
  - name: SPIFFE_ENDPOINT_SOCKET
- value: "unix:///spire-agent-socket/agent.sock"
+ value: "unix:///spire-agent-socket/spire-agent.sock"
  - name: VSECM_LOG_LEVEL
  value: "7"
  - name: VSECM_SPIFFEID_PREFIX_WORKLOAD

diff --git a/examples/using_sidecar/k8s/Deployment.yaml b/examples/using_sidecar/k8s/Deployment.yaml
@@ -54,7 +54,7 @@ spec:
  #
  env:
  - name: SPIFFE_ENDPOINT_SOCKET
- value: "unix:///spire-agent-socket/agent.sock"
+ value: "unix:///spire-agent-socket/spire-agent.sock"
  - name: VSECM_LOG_LEVEL
  value: "7"
  - name: VSECM_SPIFFEID_PREFIX_WORKLOAD

diff --git a/examples/using_vsecm_inspector/Deployment.yaml b/examples/using_vsecm_inspector/Deployment.yaml
@@ -35,7 +35,7 @@ spec:
  readOnly: true
  env:
  - name: SPIFFE_ENDPOINT_SOCKET
- value: "unix:///spire-agent-socket/agent.sock"
+ value: "unix:///spire-agent-socket/spire-agent.sock"
  - name: VSECM_LOG_LEVEL
  value: "7"
  - name: VSECM_SPIFFEID_PREFIX_WORKLOAD

diff --git a/examples/workshop_aegis/init-container/Deployment.yaml b/examples/workshop_aegis/init-container/Deployment.yaml
@@ -69,7 +69,7 @@ spec:
  #
  env:
  - name: SPIFFE_ENDPOINT_SOCKET
- value: "unix:///spire-agent-socket/agent.sock"
+ value: "unix:///spire-agent-socket/spire-agent.sock"
  - name: VSECM_LOG_LEVEL
  value: "7"
  - name: VSECM_SPIFFEID_PREFIX_WORKLOAD

diff --git a/examples/workshop_aegis/inspector/Deployment.yaml b/examples/workshop_aegis/inspector/Deployment.yaml
@@ -45,7 +45,7 @@ spec:
  #
  env:
  - name: SPIFFE_ENDPOINT_SOCKET
- value: "unix:///spire-agent-socket/agent.sock"
+ value: "unix:///spire-agent-socket/spire-agent.sock"
  - name: VSECM_LOG_LEVEL
  value: "7"
  - name: VSECM_SPIFFEID_PREFIX_WORKLOAD

diff --git a/examples/workshop_aegis/sdk/Deployment.yaml b/examples/workshop_aegis/sdk/Deployment.yaml
@@ -45,7 +45,7 @@ spec:
  #
  env:
  - name: SPIFFE_ENDPOINT_SOCKET
- value: "unix:///spire-agent-socket/agent.sock"
+ value: "unix:///spire-agent-socket/spire-agent.sock"
  - name: VSECM_LOG_LEVEL
  value: "7"
  - name: VSECM_SPIFFEID_PREFIX_WORKLOAD

diff --git a/examples/workshop_aegis/sidecar/Deployment.yaml b/examples/workshop_aegis/sidecar/Deployment.yaml
@@ -54,7 +54,7 @@ spec:
  #
  env:
  - name: SPIFFE_ENDPOINT_SOCKET
- value: "unix:///spire-agent-socket/agent.sock"
+ value: "unix:///spire-agent-socket/spire-agent.sock"
  - name: VSECM_LOG_LEVEL
  value: "7"
  - name: VSECM_SPIFFEID_PREFIX_WORKLOAD

diff --git a/examples/workshop_federation/cluster-1/inspector/Deployment.yaml b/examples/workshop_federation/cluster-1/inspector/Deployment.yaml
@@ -35,7 +35,7 @@ spec:
  readOnly: true
  env:
  - name: SPIFFE_ENDPOINT_SOCKET
- value: "unix:///spire-agent-socket/agent.sock"
+ value: "unix:///spire-agent-socket/spire-agent.sock"
  - name: VSECM_LOG_LEVEL
  value: "7"
  - name: VSECM_SPIFFEID_PREFIX_WORKLOAD

diff --git a/examples/workshop_federation/cluster-1/sentinel/Deployment.yaml b/examples/workshop_federation/cluster-1/sentinel/Deployment.yaml
@@ -47,7 +47,7 @@ spec:
  #
  env:
  - name: SPIFFE_ENDPOINT_SOCKET
- value: "unix:///spire-agent-socket/agent.sock"
+ value: "unix:///spire-agent-socket/spire-agent.sock"
  - name: VSECM_SPIFFEID_PREFIX_WORKLOAD
  value: "spiffe://cluster1.demo/workload/"
  - name: VSECM_SPIFFEID_PREFIX_SENTINEL

diff --git a/examples/workshop_federation/cluster-1/spire/spire/spire-agent.yaml b/examples/workshop_federation/cluster-1/spire/spire/spire-agent.yaml
@@ -51,7 +51,7 @@ data:
  log_level = "DEBUG"
  server_address = "spire-server"
  server_port = "8081"
- socket_path = "/run/spire/sockets/agent.sock"
+ socket_path = "/run/spire/sockets/spire-agent.sock"
  trust_bundle_path = "/run/spire/bundle/bundle.crt"
  trust_domain = "cluster1.demo"
  }

diff --git a/examples/workshop_federation/cluster-2/safe/Deployment.yaml b/examples/workshop_federation/cluster-2/safe/Deployment.yaml
@@ -55,7 +55,7 @@ spec:
  #
  env:
  - name: SPIFFE_ENDPOINT_SOCKET
- value: "unix:///spire-agent-socket/agent.sock"
+ value: "unix:///spire-agent-socket/spire-agent.sock"
  - name: VSECM_LOG_LEVEL
  value: "7"
  - name: VSECM_SPIFFEID_PREFIX_WORKLOAD

diff --git a/examples/workshop_federation/cluster-2/spire/spire/spire-agent.yaml b/examples/workshop_federation/cluster-2/spire/spire/spire-agent.yaml
@@ -51,7 +51,7 @@ data:
  log_level = "DEBUG"
  server_address = "spire-server"
  server_port = "8081"
- socket_path = "/run/spire/sockets/agent.sock"
+ socket_path = "/run/spire/sockets/spire-agent.sock"
  trust_bundle_path = "/run/spire/bundle/bundle.crt"
  trust_domain = "cluster2.demo"
  }

diff --git a/examples/workshop_istanbul_gophers/k8s/Deployment.yaml b/examples/workshop_istanbul_gophers/k8s/Deployment.yaml
@@ -35,7 +35,7 @@ spec:
  readOnly: true
  env:
  - name: SPIFFE_ENDPOINT_SOCKET
- value: "unix:///spire-agent-socket/agent.sock"
+ value: "unix:///spire-agent-socket/spire-agent.sock"
  - name: VSECM_LOG_LEVEL
  value: "7"
  - name: VSECM_SPIFFEID_PREFIX_WORKLOAD

diff --git a/examples/workshop_vsecm/workloads/example-init-container/Deployment.yaml b/examples/workshop_vsecm/workloads/example-init-container/Deployment.yaml
@@ -60,7 +60,7 @@ spec:
  readOnly: true
  env:
  - name: SPIFFE_ENDPOINT_SOCKET
- value: "unix:///spire-agent-socket/agent.sock"
+ value: "unix:///spire-agent-socket/spire-agent.sock"
  - name: VSECM_LOG_LEVEL
  value: "7"
  - name: VSECM_SPIFFEID_PREFIX_WORKLOAD

diff --git a/examples/workshop_vsecm/workloads/inspector/Deployment.yaml b/examples/workshop_vsecm/workloads/inspector/Deployment.yaml
@@ -35,7 +35,7 @@ spec:
  readOnly: true
  env:
  - name: SPIFFE_ENDPOINT_SOCKET
- value: "unix:///spire-agent-socket/agent.sock"
+ value: "unix:///spire-agent-socket/spire-agent.sock"
  - name: VSECM_LOG_LEVEL
  value: "7"
  - name: VSECM_SPIFFEID_PREFIX_WORKLOAD

diff --git a/examples/workshop_vsecm/workloads/keycloak/Deployment.yaml b/examples/workshop_vsecm/workloads/keycloak/Deployment.yaml
@@ -28,7 +28,7 @@ spec:
  readOnly: true
  env:
  - name: SPIFFE_ENDPOINT_SOCKET
- value: "unix:///spire-agent-socket/agent.sock"
+ value: "unix:///spire-agent-socket/spire-agent.sock"
  - name: VSECM_LOG_LEVEL
  value: "7"
  - name: VSECM_SPIFFEID_PREFIX_WORKLOAD

diff --git a/helm-charts-playground/spire-manifest-no-openshift.yaml b/helm-charts-playground/spire-manifest-no-openshift.yaml
@@ -746,7 +746,7 @@ spec:
  matchLabels:
  app.kubernetes.io/name: agent
  app.kubernetes.io/instance: spire
- app.kubernetes.io/component: default
+ app.kubernetes.io/component: spire-default
  updateStrategy:
  type: RollingUpdate
  rollingUpdate:

diff --git a/helm-charts-playground/vsecm-manifests/spire/configmap-spire-agent.yaml b/helm-charts-playground/vsecm-manifests/spire/configmap-spire-agent.yaml
@@ -11,7 +11,7 @@ data:
  log_level = "DEBUG"
  server_address = "spire-server.spire-server.svc.cluster.local"
  server_port = "8081"
- socket_path = "/run/spire/sockets/agent.sock"
+ socket_path = "/run/spire/sockets/spire-agent.sock"
  trust_bundle_path = "/run/spire/bundle/bundle.crt"
  trust_domain = "vsecm.com"
  }

diff --git a/helm-charts/0.26.1/README.md b/helm-charts/0.26.1/README.md
@@ -65,7 +65,7 @@ These environment variable configurations are expose through subcharts.
 You can modify them as follows:
 
 ```bash
-helm install vsecm vsecm/helm-charts --version 0.26.1 \
+helm install vsecm vsecm/helm-charts --version 0.26.1  \
 --set safe.environments.VSECM_LOG_LEVEL="6"
 --set sentinel.environments.VSECM_LOGL_LEVEL="5"
 # You can update other environment variables too.

diff --git a/helm-charts/0.26.1/README.md.gotmpl b/helm-charts/0.26.1/README.md.gotmpl
@@ -28,7 +28,7 @@ To use VMware Secrets Manager, follow the steps below:
 3. Install VMware Secrets Manager using Helm:
 
  ```bash
- helm install vsecm vsecm/vsecm --version {{ .chart.version }}
+ helm install vsecm vsecm/vsecm --version {{ template "chart.version" . }}
  ```
 
 ## Options
@@ -47,7 +47,7 @@ and `global.baseImage` respectively.
 Here's an example command with the above options:
 
 ```bash
-helm install vsecm vsecm/helm-charts --version {{ .chart.version }} \
+helm install vsecm vsecm/helm-charts --version {{ template "chart.version" . }} \
  --set global.deploySpire=true --set global.baseImage=distroless
 ```
 
@@ -65,7 +65,7 @@ These environment variable configurations are expose through subcharts.
 You can modify them as follows:
 
 ```bash
-helm install vsecm vsecm/helm-charts --version {{ .chart.version }} \
+helm install vsecm vsecm/helm-charts --version {{ template "chart.version" . }} \
 --set safe.environments.VSECM_LOG_LEVEL="6"
 --set sentinel.environments.VSECM_LOGL_LEVEL="5"
 # You can update other environment variables too.

diff --git a/helm-charts/0.26.1/charts/keystone/README.md b/helm-charts/0.26.1/charts/keystone/README.md
@@ -13,8 +13,8 @@ Helm chart for keystone
 | environments[0] | object | `{"name":"VSECM_LOG_LEVEL","value":"7"}` | The log level. 0: Logs are off (only audit events will be logged) 7: TRACE level logging (maximum verbosity). |
 | fullnameOverride | string | `""` | The fullname override of the chart. |
 | imagePullSecrets | list | `[]` | Override it with an image pull secret that you need as follows: imagePullSecrets: - name: my-registry-secret |
-| initEnvironments | list | `[{"name":"SPIFFE_ENDPOINT_SOCKET","value":"unix:///spire-agent-socket/agent.sock"},{"name":"VSECM_BACKOFF_DELAY","value":"1000"},{"name":"VSECM_BACKOFF_MAX_RETRIES","value":"10"},{"name":"VSECM_BACKOFF_MAX_WAIT","value":"10000"},{"name":"VSECM_BACKOFF_MODE","value":"exponential"},{"name":"VSECM_INIT_CONTAINER_POLL_INTERVAL","value":"5000"},{"name":"VSECM_INIT_CONTAINER_WAIT_BEFORE_EXIT","value":"0"},{"name":"VSECM_LOG_LEVEL","value":"7"}]` | See https://vsecm.com/configuration for more information about these environment variables. |
-| initEnvironments[0] | object | `{"name":"SPIFFE_ENDPOINT_SOCKET","value":"unix:///spire-agent-socket/agent.sock"}` | The SPIFFE endpoint socket. This is used to communicate with the SPIRE agent. If you change this, you will need to change the associated volumeMount in the Deployment.yaml too. |
+| initEnvironments | list | `[{"name":"SPIFFE_ENDPOINT_SOCKET","value":"unix:///spire-agent-socket/spire-agent.sock"},{"name":"VSECM_BACKOFF_DELAY","value":"1000"},{"name":"VSECM_BACKOFF_MAX_RETRIES","value":"10"},{"name":"VSECM_BACKOFF_MAX_WAIT","value":"10000"},{"name":"VSECM_BACKOFF_MODE","value":"exponential"},{"name":"VSECM_INIT_CONTAINER_POLL_INTERVAL","value":"5000"},{"name":"VSECM_INIT_CONTAINER_WAIT_BEFORE_EXIT","value":"0"},{"name":"VSECM_LOG_LEVEL","value":"7"}]` | See https://vsecm.com/configuration for more information about these environment variables. |
+| initEnvironments[0] | object | `{"name":"SPIFFE_ENDPOINT_SOCKET","value":"unix:///spire-agent-socket/spire-agent.sock"}` | The SPIFFE endpoint socket. This is used to communicate with the SPIRE agent. If you change this, you will need to change the associated volumeMount in the Deployment.yaml too. The name of the socket should match spireAgent.socketName in values.yaml of the SPIRE chart. |
 | initEnvironments[1] | object | `{"name":"VSECM_BACKOFF_DELAY","value":"1000"}` | The interval between retries (in milliseconds) for the default backoff strategy. |
 | initEnvironments[2] | object | `{"name":"VSECM_BACKOFF_MAX_RETRIES","value":"10"}` | The maximum number of retries for the default backoff strategy before it gives up. |
 | initEnvironments[3] | object | `{"name":"VSECM_BACKOFF_MAX_WAIT","value":"10000"}` | The maximum wait time (in milliseconds) for the default backoff strategy. |

diff --git a/helm-charts/0.26.1/charts/keystone/values.yaml b/helm-charts/0.26.1/charts/keystone/values.yaml
@@ -30,8 +30,10 @@ initEnvironments:
  # -- The SPIFFE endpoint socket. This is used to communicate with the SPIRE 
  # agent. If you change this, you will need to change the associated 
  # volumeMount in the Deployment.yaml too.
+ # The name of the socket should match spireAgent.socketName in values.yaml
+ # of the SPIRE chart.
  - name: SPIFFE_ENDPOINT_SOCKET
- value: "unix:///spire-agent-socket/agent.sock"
+ value: "unix:///spire-agent-socket/spire-agent.sock"
  # -- The interval between retries (in milliseconds) for the default backoff strategy.
  - name: VSECM_BACKOFF_DELAY
  value: "1000"