Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package kubeseal for openSUSE:Factory checked in at 2023-09-15 22:05:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kubeseal (Old) and /work/SRC/openSUSE:Factory/.kubeseal.new.1766 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kubeseal" Fri Sep 15 22:05:45 2023 rev:22 rq:1111548 version:0.24.0 Changes: -------- --- /work/SRC/openSUSE:Factory/kubeseal/kubeseal.changes 2023-09-07 21:14:48.945755366 +0200 +++ /work/SRC/openSUSE:Factory/.kubeseal.new.1766/kubeseal.changes 2023-09-15 22:11:15.381537486 +0200 @@ -1,0 +2,20 @@ +Fri Sep 15 11:07:12 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.24.0: + * Release notes for v0.24.0 (#1322) + * feat: multidoc support for yaml and json (#1304) + * Bump golang.org/x/crypto from 0.12.0 to 0.13.0 (#1319) + * Update the golang version to the latest available one (#1318) + * Bump k8s.io/client-go from 0.28.0 to 0.28.1 (#1308) + * Bump github.com/onsi/ginkgo/v2 from 2.11.0 to 2.12.0 (#1310) + * Bump k8s.io/code-generator from 0.28.0 to 0.28.1 (#1307) + * Delete repeating warning message (#1303) + * Bump k8s.io/code-generator from 0.27.4 to 0.28.0 (#1300) + * Bump k8s.io/client-go from 0.27.4 to 0.28.0 (#1297) + * Add dashboard configmap annotations (#1302) + * docs: updating readme to show how to get kubeseal version + dynamically in install (#1294) + * Update carvel package to v2.12.0 (#1293) + * Release chart 2.12.0 (#1292) + +------------------------------------------------------------------- Old: ---- sealed-secrets-0.23.1.obscpio New: ---- sealed-secrets-0.24.0.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kubeseal.spec ++++++ --- /var/tmp/diff_new_pack.YSxRyI/_old 2023-09-15 22:11:17.877626732 +0200 +++ /var/tmp/diff_new_pack.YSxRyI/_new 2023-09-15 22:11:17.889627162 +0200 @@ -21,7 +21,7 @@ %define archive_name sealed-secrets Name: kubeseal -Version: 0.23.1 +Version: 0.24.0 Release: 0 Summary: CLI for encrypting secrets to SealedSecrets License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.YSxRyI/_old 2023-09-15 22:11:18.181637602 +0200 +++ /var/tmp/diff_new_pack.YSxRyI/_new 2023-09-15 22:11:18.217638889 +0200 @@ -3,7 +3,7 @@ <param name="url">https://github.com/bitnami-labs/sealed-secrets</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v0.23.1</param> + <param name="revision">v0.24.0</param> <param name="versionformat">@PARENT_TAG@</param> <param name="changesgenerate">enable</param> <param name="versionrewrite-pattern">v(.*)</param> @@ -17,7 +17,7 @@ <param name="compression">gz</param> </service> <service name="go_modules" mode="manual"> - <param name="archive">sealed-secrets-0.23.1.obscpio</param> + <param name="archive">sealed-secrets-0.24.0.obscpio</param> </service> </services> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.YSxRyI/_old 2023-09-15 22:11:18.385644897 +0200 +++ /var/tmp/diff_new_pack.YSxRyI/_new 2023-09-15 22:11:18.409645754 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/bitnami-labs/sealed-secrets</param> - <param name="changesrevision">daa514e978924ee31007b6213783b7e4623a08c1</param></service></servicedata> + <param name="changesrevision">3344ac6b6403320c46d0c3b26124a3c27f296c3c</param></service></servicedata> (No newline at EOF) ++++++ sealed-secrets-0.23.1.obscpio -> sealed-secrets-0.24.0.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sealed-secrets-0.23.1/README.md new/sealed-secrets-0.24.0/README.md --- old/sealed-secrets-0.23.1/README.md 2023-08-17 14:19:21.000000000 +0200 +++ new/sealed-secrets-0.24.0/README.md 2023-09-15 11:42:16.000000000 +0200 @@ -385,7 +385,24 @@ sudo install -m 755 kubeseal /usr/local/bin/kubeseal ``` -where `release-tag` is the [version tag](https://github.com/bitnami-labs/sealed-secrets/tags) of the kubeseal release you want to use. For example: `v0.18.0`. +If you have `curl` and `jq` installed on your machine, you can get the version dynamically this way. This can be useful for environments used in automation and such. + +``` +# Fetch the latest sealed-secrets version using GitHub API +KUBESEAL_VERSION=$(curl -s https://api.github.com/repos/bitnami-labs/sealed-secrets/tags | jq -r '.[0].name' | cut -c 2-) + +# Check if the version was fetched successfully +if [ -z "$KUBESEAL_VERSION" ]; then + echo "Failed to fetch the latest KUBESEAL_VERSION" + exit 1 +fi + +wget "https://github.com/bitnami-labs/sealed-secrets/releases/download/v${KUBESEAL_VERSION}/kubeseal-${KUBESEAL_VERSION}-linux-amd64.tar.gz" +tar -xvzf kubeseal-${KUBESEAL_VERSION}-linux-amd64.tar.gz kubeseal +sudo install -m 755 kubeseal /usr/local/bin/kubeseal +``` + +where `KUBESEAL_VERSION` is the [version tag](https://github.com/bitnami-labs/sealed-secrets/tags) of the kubeseal release you want to use. For example: `v0.18.0`. #### Installation from source @@ -699,6 +716,10 @@ ## FAQ +### Can I encrypt multiple secrets at once, in one YAML / JSON file? + +Yes, you can! Drop as many secrets as you like in one file. Make sure to separate them via `---` for YAML and as extra, single objects in JSON. + ### Will you still be able to decrypt if you no longer have access to your cluster? No, the private keys are only stored in the Secret managed by the controller (unless you have some other backup of your k8s objects). There are no backdoors - without that private key used to encrypt a given SealedSecrets, you can't decrypt it. If you can't get to the Secrets with the encryption keys, and you also can't get to the decrypted versions of your Secrets live in the cluster, then you will need to regenerate new passwords for everything, seal them again with a new sealing key, etc. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sealed-secrets-0.23.1/RELEASE-NOTES.md new/sealed-secrets-0.24.0/RELEASE-NOTES.md --- old/sealed-secrets-0.23.1/RELEASE-NOTES.md 2023-08-17 14:19:21.000000000 +0200 +++ new/sealed-secrets-0.24.0/RELEASE-NOTES.md 2023-09-15 11:42:16.000000000 +0200 @@ -4,6 +4,22 @@ [![](https://img.shields.io/github/release/bitnami-labs/sealed-secrets.svg)](https://github.com/bitnami-labs/sealed-secrets/releases/latest) +## v0.24.0 + +### Changelog + +- feat: multidoc support for yaml and json ([#1304](https://github.com/bitnami-labs/sealed-secrets/pull/1304)) +- Delete repeating warning message ([#1303](https://github.com/bitnami-labs/sealed-secrets/pull/1303)) +- Add dashboard configmap annotations ([#1302](https://github.com/bitnami-labs/sealed-secrets/pull/1302)) +- Update the golang version to the latest available one ([#1318](https://github.com/bitnami-labs/sealed-secrets/pull/1318)) +- Update Linux installation process on README to have a way to dynamically get kubeseal version number ([#1294](https://github.com/bitnami-labs/sealed-secrets/pull/1294)) +- Bump golang.org/x/crypto from 0.12.0 to 0.13.0 ([#1319](https://github.com/bitnami-labs/sealed-secrets/pull/1319)) +- Bump github.com/onsi/ginkgo/v2 from 2.11.0 to 2.12.0 ([#1310](https://github.com/bitnami-labs/sealed-secrets/pull/1310)) +- Bump k8s.io/client-go from 0.28.0 to 0.28.1 ([#1308](https://github.com/bitnami-labs/sealed-secrets/pull/1308)) +- Bump k8s.io/code-generator from 0.28.0 to 0.28.1 ([#1307](https://github.com/bitnami-labs/sealed-secrets/pull/1307)) +- Bump k8s.io/code-generator from 0.27.4 to 0.28.0 ([#1300](https://github.com/bitnami-labs/sealed-secrets/pull/1300)) +- Bump k8s.io/client-go from 0.27.4 to 0.28.0 ([#1297](https://github.com/bitnami-labs/sealed-secrets/pull/1297)) + ## v0.23.1 ### Changelog diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sealed-secrets-0.23.1/carvel/package.yaml new/sealed-secrets-0.24.0/carvel/package.yaml --- old/sealed-secrets-0.23.1/carvel/package.yaml 2023-08-17 14:19:21.000000000 +0200 +++ new/sealed-secrets-0.24.0/carvel/package.yaml 2023-09-15 11:42:16.000000000 +0200 @@ -1,10 +1,10 @@ apiVersion: data.packaging.carvel.dev/v1alpha1 kind: Package metadata: - name: "sealedsecrets.bitnami.com.2.11.0" + name: "sealedsecrets.bitnami.com.2.12.0" spec: refName: "sealedsecrets.bitnami.com" - version: "2.11.0" + version: "2.12.0" valuesSchema: openAPIv3: title: Chart Values @@ -45,7 +45,7 @@ tag: type: string description: Sealed Secrets image tag (immutable tags are recommended) - default: v0.23.0 + default: v0.23.1 pullPolicy: type: string description: Sealed Secrets image pull policy @@ -424,7 +424,7 @@ spec: fetch: - imgpkgBundle: - image: ghcr.io/bitnami-labs/sealed-secrets-carvel:sha256-2fcd014eab7877bba7ec295e928a19ef18ab4d9643bb2dea07a8f9e92ac94e1e.imgpkg + image: ghcr.io/bitnami-labs/sealed-secrets-carvel:sha256-24b95a0df834fb46af38f5d4511d6fce0526ee4c12f03a039fc3bc02bafc3694.imgpkg template: - helmTemplate: path: sealed-secrets diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sealed-secrets-0.23.1/go.mod new/sealed-secrets-0.24.0/go.mod --- old/sealed-secrets-0.23.1/go.mod 2023-08-17 14:19:21.000000000 +0200 +++ new/sealed-secrets-0.24.0/go.mod 2023-09-15 11:42:16.000000000 +0200 @@ -7,17 +7,17 @@ github.com/google/renameio v0.1.0 github.com/mattn/go-isatty v0.0.19 github.com/mkmik/multierror v0.3.0 - github.com/onsi/ginkgo/v2 v2.11.0 + github.com/onsi/ginkgo/v2 v2.12.0 github.com/onsi/gomega v1.27.10 github.com/prometheus/client_golang v1.16.0 github.com/spf13/pflag v1.0.5 github.com/throttled/throttled v2.2.5+incompatible - golang.org/x/crypto v0.12.0 + golang.org/x/crypto v0.13.0 gopkg.in/yaml.v2 v2.4.0 - k8s.io/api v0.27.4 - k8s.io/apimachinery v0.27.4 - k8s.io/client-go v0.27.4 - k8s.io/code-generator v0.27.4 + k8s.io/api v0.28.1 + k8s.io/apimachinery v0.28.1 + k8s.io/client-go v0.28.1 + k8s.io/code-generator v0.28.1 k8s.io/klog v1.0.0 k8s.io/klog/v2 v2.100.1 ) @@ -27,18 +27,18 @@ github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/emicklei/go-restful/v3 v3.9.0 // indirect - github.com/evanphx/json-patch v4.12.0+incompatible // indirect + github.com/evanphx/json-patch v5.6.0+incompatible // indirect github.com/go-logr/logr v1.2.4 // indirect github.com/go-openapi/jsonpointer v0.19.6 // indirect - github.com/go-openapi/jsonreference v0.20.1 // indirect + github.com/go-openapi/jsonreference v0.20.2 // indirect github.com/go-openapi/swag v0.22.3 // indirect github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.3 // indirect github.com/gomodule/redigo v2.0.0+incompatible // indirect - github.com/google/gnostic v0.6.9 // indirect - github.com/google/gofuzz v1.1.0 // indirect + github.com/google/gnostic-models v0.6.8 // indirect + github.com/google/gofuzz v1.2.0 // indirect github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect github.com/google/uuid v1.3.0 // indirect github.com/hashicorp/golang-lru v0.5.1 // indirect @@ -54,21 +54,21 @@ github.com/prometheus/client_model v0.3.0 // indirect github.com/prometheus/common v0.42.0 // indirect github.com/prometheus/procfs v0.10.1 // indirect - golang.org/x/mod v0.10.0 // indirect - golang.org/x/net v0.12.0 // indirect - golang.org/x/oauth2 v0.5.0 // indirect - golang.org/x/sys v0.11.0 // indirect - golang.org/x/term v0.11.0 // indirect - golang.org/x/text v0.12.0 // indirect - golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect - golang.org/x/tools v0.9.3 // indirect + golang.org/x/mod v0.12.0 // indirect + golang.org/x/net v0.14.0 // indirect + golang.org/x/oauth2 v0.8.0 // indirect + golang.org/x/sys v0.12.0 // indirect + golang.org/x/term v0.12.0 // indirect + golang.org/x/text v0.13.0 // indirect + golang.org/x/time v0.3.0 // indirect + golang.org/x/tools v0.12.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/protobuf v1.30.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/gengo v0.0.0-20220902162205-c0856e24416d // indirect - k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect - k8s.io/utils v0.0.0-20230209194617-a36077c30491 // indirect + k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 // indirect + k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect sigs.k8s.io/yaml v1.3.0 // indirect diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sealed-secrets-0.23.1/go.sum new/sealed-secrets-0.24.0/go.sum --- old/sealed-secrets-0.23.1/go.sum 2023-08-17 14:19:21.000000000 +0200 +++ new/sealed-secrets-0.24.0/go.sum 2023-09-15 11:42:16.000000000 +0200 @@ -1,39 +1,18 @@ -cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= -github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= -github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= -github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= -github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= github.com/emicklei/go-restful/v3 v3.9.0 h1:XwGDlfxEnQZzuopoqxwSEllNcCOM9DhhFyhFIIGKwxE= github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= -github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= -github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= -github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84= -github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0= -github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U= +github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= @@ -41,58 +20,40 @@ github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= -github.com/go-openapi/jsonreference v0.20.1 h1:FBLnyygC4/IZZr893oiomc9XaghoveYTrLC1F86HID8= -github.com/go-openapi/jsonreference v0.20.1/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= +github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= +github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= -github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= -github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= -github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= -github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= -github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= -github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= -github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/gomodule/redigo v2.0.0+incompatible h1:K/R+8tc58AaqLkqG2Ol3Qk+DR/TlNuhuh457pBFPtt0= github.com/gomodule/redigo v2.0.0+incompatible/go.mod h1:B4C85qUVwatsJoIUNIfCRsp7qO0iAmpGFZ4EELWSbC4= -github.com/google/gnostic v0.6.9 h1:ZK/5VhkoX835RikCHpSUJV9a+S3e1zLh59YnyWeBW+0= -github.com/google/gnostic v0.6.9/go.mod h1:Nm8234We1lq6iB9OmlgNv3nH91XLLVZHCDayfA3xq+E= -github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= +github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= +github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0 h1:GOZbcHa3HfsPKPlmyPyN2KEohoMXOhdMbHrvbpl2QaA= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= -github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/hashicorp/golang-lru v0.5.1 h1:0hERBMJE1eitiLkihrMvRVBYAkpHzc/J3QdDN+dAcgU= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= @@ -126,8 +87,8 @@ github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/onsi/ginkgo/v2 v2.11.0 h1:WgqUCUt/lT6yXoQ8Wef0fsNn5cAuMK7+KT9UFRz2tcU= -github.com/onsi/ginkgo/v2 v2.11.0/go.mod h1:ZhrRA5XmEE3x3rhlzamx/JJvujdZoJ2uvgI7kR0iZvM= +github.com/onsi/ginkgo/v2 v2.12.0 h1:UIVDowFPwpg6yMUpPjGkYvf06K3RAiJXUhCxEwQVHRI= +github.com/onsi/ginkgo/v2 v2.12.0/go.mod h1:ZNEzXISYlqpb8S36iN71ifqLi3vVD1rVJGvWRCJOUpQ= github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= @@ -136,143 +97,81 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/prometheus/client_golang v1.16.0 h1:yk/hx9hDbrGHovbci4BY+pRMfSuuat626eFsHb7tmT8= github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lFEugiJ9HzIqaAx4LKc= -github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4= github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w= github.com/prometheus/common v0.42.0 h1:EKsfXEYo4JpWMHH5cg+KOUWeuJSov1Id8zGR8eeI1YM= github.com/prometheus/common v0.42.0/go.mod h1:xBwqVerjNdUDjgODMpudtOMwlOwf2SaTr1yjz4b7Zbc= github.com/prometheus/procfs v0.10.1 h1:kYK1Va/YMlutzCGazswoHKo//tZVlFpKYh+PymziUAg= github.com/prometheus/procfs v0.10.1/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM= -github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= -github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= -github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= +github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8= github.com/throttled/throttled v2.2.5+incompatible h1:65UB52X0qNTYiT0Sohp8qLYVFwZQPDw85uSa65OljjQ= github.com/throttled/throttled v2.2.5+incompatible/go.mod h1:0BjlrEGQmvxps+HuXLsyRdqpSRvJpq0PNIsOtqP9Nos= -github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= -github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= -github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk= -golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= -golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= -golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/crypto v0.13.0 h1:mvySKfSWJ+UKUii46M40LOvyWfN0s2U+46/jDd0e6Ck= +golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk= -golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc= +golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50= -golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= -golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.5.0 h1:HuArIo48skDwlrvM3sEdHXElYslAMsf3KwRkkW4MC4s= -golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I= -golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14= +golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= +golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8= +golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM= -golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.11.0 h1:F9tnn/DA/Im8nCwm+fX+1/eBwi4qFjRT++MhtVC4ZX0= -golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU= +golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o= +golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/term v0.12.0 h1:/ZfYdc3zq+q02Rv9vGqTeSItdzZTSNDmfTi0mBAuidU= +golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc= -golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 h1:vVKdlvoWBphwdxWKrFZEuM0kGgGLxUOYcY4U/2Vjg44= -golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= +golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= +golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.9.3 h1:Gn1I8+64MsuTb/HpH+LmQtNas23LhUVr3rYZ0eKuaMM= -golang.org/x/tools v0.9.3/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc= +golang.org/x/tools v0.12.0 h1:YW6HUoUmYBpwSgyaGaZq1fHjrBjX1rlpZ54T6mu2kss= +golang.org/x/tools v0.12.0/go.mod h1:Sc0INKfu04TlqNoRA1hgpFZbhYXHPr4V5DzpSBTPqQM= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= -google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= -google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= -google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= -google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= -google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= -google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= -google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= -google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng= google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -281,25 +180,20 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.27.4 h1:0pCo/AN9hONazBKlNUdhQymmnfLRbSZjd5H5H3f0bSs= -k8s.io/api v0.27.4/go.mod h1:O3smaaX15NfxjzILfiln1D8Z3+gEYpjEpiNA/1EVK1Y= -k8s.io/apimachinery v0.27.4 h1:CdxflD4AF61yewuid0fLl6bM4a3q04jWel0IlP+aYjs= -k8s.io/apimachinery v0.27.4/go.mod h1:XNfZ6xklnMCOGGFNqXG7bUrQCoR04dh/E7FprV6pb+E= -k8s.io/client-go v0.27.4 h1:vj2YTtSJ6J4KxaC88P4pMPEQECWMY8gqPqsTgUKzvjk= -k8s.io/client-go v0.27.4/go.mod h1:ragcly7lUlN0SRPk5/ZkGnDjPknzb37TICq07WhI6Xc= -k8s.io/code-generator v0.27.4 h1:bw2xFEBnthhCSC7Bt6FFHhPTfWX21IJ30GXxOzywsFE= -k8s.io/code-generator v0.27.4/go.mod h1:DPung1sI5vBgn4AGKtlPRQAyagj/ir/4jI55ipZHVww= +k8s.io/api v0.28.1 h1:i+0O8k2NPBCPYaMB+uCkseEbawEt/eFaiRqUx8aB108= +k8s.io/api v0.28.1/go.mod h1:uBYwID+66wiL28Kn2tBjBYQdEU0Xk0z5qF8bIBqk/Dg= +k8s.io/apimachinery v0.28.1 h1:EJD40og3GizBSV3mkIoXQBsws32okPOy+MkRyzh6nPY= +k8s.io/apimachinery v0.28.1/go.mod h1:X0xh/chESs2hP9koe+SdIAcXWcQ+RM5hy0ZynB+yEvw= +k8s.io/client-go v0.28.1 h1:pRhMzB8HyLfVwpngWKE8hDcXRqifh1ga2Z/PU9SXVK8= +k8s.io/client-go v0.28.1/go.mod h1:pEZA3FqOsVkCc07pFVzK076R+P/eXqsgx5zuuRWukNE= +k8s.io/code-generator v0.28.1 h1:o0WFcqtv80GEf1iaOAzLIlrKyny9HBd2jaspJfWb5sI= +k8s.io/code-generator v0.28.1/go.mod h1:ueeSJZJ61NHBa0ccWLey6mwawum25vX61nRZ6WOzN9A= k8s.io/gengo v0.0.0-20220902162205-c0856e24416d h1:U9tB195lKdzwqicbJvyJeOXV7Klv+wNAWENRnXEGi08= k8s.io/gengo v0.0.0-20220902162205-c0856e24416d/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8= @@ -307,10 +201,10 @@ k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg= -k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg= -k8s.io/utils v0.0.0-20230209194617-a36077c30491 h1:r0BAOLElQnnFhE/ApUsg3iHdVYYPBjNSSOMowRZxxsY= -k8s.io/utils v0.0.0-20230209194617-a36077c30491/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 h1:LyMgNKD2P8Wn1iAwQU5OhxCKlKJy0sHc+PcDwFB24dQ= +k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM= +k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk= +k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sealed-secrets-0.23.1/helm/sealed-secrets/Chart.yaml new/sealed-secrets-0.24.0/helm/sealed-secrets/Chart.yaml --- old/sealed-secrets-0.23.1/helm/sealed-secrets/Chart.yaml 2023-08-17 14:19:21.000000000 +0200 +++ new/sealed-secrets-0.24.0/helm/sealed-secrets/Chart.yaml 2023-09-15 11:42:16.000000000 +0200 @@ -1,7 +1,7 @@ annotations: category: DeveloperTools apiVersion: v2 -appVersion: v0.23.0 +appVersion: v0.23.1 description: Helm chart for the sealed-secrets controller. home: https://github.com/bitnami-labs/sealed-secrets icon: https://bitnami.com/assets/stacks/sealed-secrets/img/sealed-secrets-stack-220x234.png @@ -14,4 +14,4 @@ url: https://github.com/bitnami-labs/sealed-secrets name: sealed-secrets type: application -version: 2.11.0 +version: 2.12.0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sealed-secrets-0.23.1/helm/sealed-secrets/README.md new/sealed-secrets-0.24.0/helm/sealed-secrets/README.md --- old/sealed-secrets-0.23.1/helm/sealed-secrets/README.md 2023-08-17 14:19:21.000000000 +0200 +++ new/sealed-secrets-0.24.0/helm/sealed-secrets/README.md 2023-09-15 11:42:16.000000000 +0200 @@ -81,68 +81,68 @@ ### Sealed Secrets Parameters -| Name | Description | Value | -| ------------------------------------------------- | -------------------------------------------------------------------------------------- | ----------------------------------- | -| `image.registry` | Sealed Secrets image registry | `docker.io` | -| `image.repository` | Sealed Secrets image repository | `bitnami/sealed-secrets-controller` | -| `image.tag` | Sealed Secrets image tag (immutable tags are recommended) | `v0.23.0` | -| `image.pullPolicy` | Sealed Secrets image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Sealed Secrets image pull secrets | `[]` | -| `revisionHistoryLimit` | Number of old history to retain to allow rollback. Default 10 | `""` | -| `createController` | Specifies whether the Sealed Secrets controller should be created | `true` | -| `secretName` | The name of an existing TLS secret containing the key used to encrypt secrets | `sealed-secrets-key` | -| `updateStatus` | Specifies whether the Sealed Secrets controller should update the status subresource | `true` | -| `skipRecreate` | Specifies whether the Sealed Secrets controller should skip recreating removed secrets | `false` | -| `keyrenewperiod` | Specifies key renewal period. Default 30 days | `""` | -| `rateLimit` | Number of allowed sustained request per second for verify endpoint | `""` | -| `rateLimitBurst` | Number of requests allowed to exceed the rate limit per second for verify endpoint | `""` | -| `additionalNamespaces` | List of namespaces used to manage the Sealed Secrets | `[]` | -| `privateKeyAnnotations` | Map of annotations to be set on the sealing keypairs | `{}` | -| `privateKeyLabels` | Map of labels to be set on the sealing keypairs | `{}` | -| `logInfoStdout` | Specifies whether the Sealed Secrets controller will log info to stdout | `false` | -| `command` | Override default container command | `[]` | -| `args` | Override default container args | `[]` | -| `livenessProbe.enabled` | Enable livenessProbe on Sealed Secret containers | `true` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `0` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe on Sealed Secret containers | `true` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `startupProbe.enabled` | Enable startupProbe on Sealed Secret containers | `false` | -| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `0` | -| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `3` | -| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `resources.limits` | The resources limits for the Sealed Secret containers | `{}` | -| `resources.requests` | The requested resources for the Sealed Secret containers | `{}` | -| `podSecurityContext.enabled` | Enabled Sealed Secret pods' Security Context | `true` | -| `podSecurityContext.fsGroup` | Set Sealed Secret pod's Security Context fsGroup | `65534` | -| `containerSecurityContext.enabled` | Enabled Sealed Secret containers' Security Context | `true` | -| `containerSecurityContext.readOnlyRootFilesystem` | Whether the Sealed Secret container has a read-only root filesystem | `true` | -| `containerSecurityContext.runAsNonRoot` | Indicates that the Sealed Secret container must run as a non-root user | `true` | -| `containerSecurityContext.runAsUser` | Set Sealed Secret containers' Security Context runAsUser | `1001` | -| `containerSecurityContext.capabilities` | Adds and removes POSIX capabilities from running containers (see `values.yaml`) | | -| `podLabels` | Extra labels for Sealed Secret pods | `{}` | -| `podAnnotations` | Annotations for Sealed Secret pods | `{}` | -| `priorityClassName` | Sealed Secret pods' priorityClassName | `""` | -| `runtimeClassName` | Sealed Secret pods' runtimeClassName | `""` | -| `affinity` | Affinity for Sealed Secret pods assignment | `{}` | -| `nodeSelector` | Node labels for Sealed Secret pods assignment | `{}` | -| `tolerations` | Tolerations for Sealed Secret pods assignment | `[]` | -| `additionalVolumes` | Extra Volumes for the Sealed Secrets Controller Deployment | `{}` | -| `additionalVolumeMounts` | Extra volumeMounts for the Sealed Secrets Controller container | `{}` | -| `hostNetwork` | Sealed Secrets pods' hostNetwork | `false` | -| `dnsPolicy` | Sealed Secrets pods' dnsPolicy | `""` | +| Name | Description | Value | +| ------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ----------------------------------- | +| `image.registry` | Sealed Secrets image registry | `docker.io` | +| `image.repository` | Sealed Secrets image repository | `bitnami/sealed-secrets-controller` | +| `image.tag` | Sealed Secrets image tag (immutable tags are recommended) | `v0.23.1` | +| `image.pullPolicy` | Sealed Secrets image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Sealed Secrets image pull secrets | `[]` | +| `revisionHistoryLimit` | Number of old history to retain to allow rollback (If not set, default Kubernetes value is set to 10) | `""` | +| `createController` | Specifies whether the Sealed Secrets controller should be created | `true` | +| `secretName` | The name of an existing TLS secret containing the key used to encrypt secrets | `sealed-secrets-key` | +| `updateStatus` | Specifies whether the Sealed Secrets controller should update the status subresource | `true` | +| `skipRecreate` | Specifies whether the Sealed Secrets controller should skip recreating removed secrets | `false` | +| `keyrenewperiod` | Specifies key renewal period. Default 30 days | `""` | +| `rateLimit` | Number of allowed sustained request per second for verify endpoint | `""` | +| `rateLimitBurst` | Number of requests allowed to exceed the rate limit per second for verify endpoint | `""` | +| `additionalNamespaces` | List of namespaces used to manage the Sealed Secrets | `[]` | +| `privateKeyAnnotations` | Map of annotations to be set on the sealing keypairs | `{}` | +| `privateKeyLabels` | Map of labels to be set on the sealing keypairs | `{}` | +| `logInfoStdout` | Specifies whether the Sealed Secrets controller will log info to stdout | `false` | +| `command` | Override default container command | `[]` | +| `args` | Override default container args | `[]` | +| `livenessProbe.enabled` | Enable livenessProbe on Sealed Secret containers | `true` | +| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `0` | +| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `readinessProbe.enabled` | Enable readinessProbe on Sealed Secret containers | `true` | +| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` | +| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `startupProbe.enabled` | Enable startupProbe on Sealed Secret containers | `false` | +| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `0` | +| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `3` | +| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `resources.limits` | The resources limits for the Sealed Secret containers | `{}` | +| `resources.requests` | The requested resources for the Sealed Secret containers | `{}` | +| `podSecurityContext.enabled` | Enabled Sealed Secret pods' Security Context | `true` | +| `podSecurityContext.fsGroup` | Set Sealed Secret pod's Security Context fsGroup | `65534` | +| `containerSecurityContext.enabled` | Enabled Sealed Secret containers' Security Context | `true` | +| `containerSecurityContext.readOnlyRootFilesystem` | Whether the Sealed Secret container has a read-only root filesystem | `true` | +| `containerSecurityContext.runAsNonRoot` | Indicates that the Sealed Secret container must run as a non-root user | `true` | +| `containerSecurityContext.runAsUser` | Set Sealed Secret containers' Security Context runAsUser | `1001` | +| `containerSecurityContext.capabilities` | Adds and removes POSIX capabilities from running containers (see `values.yaml`) | | +| `podLabels` | Extra labels for Sealed Secret pods | `{}` | +| `podAnnotations` | Annotations for Sealed Secret pods | `{}` | +| `priorityClassName` | Sealed Secret pods' priorityClassName | `""` | +| `runtimeClassName` | Sealed Secret pods' runtimeClassName | `""` | +| `affinity` | Affinity for Sealed Secret pods assignment | `{}` | +| `nodeSelector` | Node labels for Sealed Secret pods assignment | `{}` | +| `tolerations` | Tolerations for Sealed Secret pods assignment | `[]` | +| `additionalVolumes` | Extra Volumes for the Sealed Secrets Controller Deployment | `{}` | +| `additionalVolumeMounts` | Extra volumeMounts for the Sealed Secrets Controller container | `{}` | +| `hostNetwork` | Sealed Secrets pods' hostNetwork | `false` | +| `dnsPolicy` | Sealed Secrets pods' dnsPolicy | `""` | ### Traffic Exposure Parameters @@ -201,6 +201,7 @@ | `metrics.serviceMonitor.relabelings` | Specify general relabeling | `[]` | | `metrics.dashboards.create` | Specifies whether a ConfigMap with a Grafana dashboard configuration should be created | `false` | | `metrics.dashboards.labels` | Extra labels to be added to the Grafana dashboard ConfigMap | `{}` | +| `metrics.dashboards.annotations` | Annotations to be added to the Grafana dashboard ConfigMap | `{}` | | `metrics.dashboards.namespace` | Namespace where Grafana dashboard ConfigMap is deployed | `""` | diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sealed-secrets-0.23.1/helm/sealed-secrets/templates/configmap-dashboards.yaml new/sealed-secrets-0.24.0/helm/sealed-secrets/templates/configmap-dashboards.yaml --- old/sealed-secrets-0.23.1/helm/sealed-secrets/templates/configmap-dashboards.yaml 2023-08-17 14:19:21.000000000 +0200 +++ new/sealed-secrets-0.24.0/helm/sealed-secrets/templates/configmap-dashboards.yaml 2023-09-15 11:42:16.000000000 +0200 @@ -11,6 +11,10 @@ {{- if $.Values.metrics.dashboards.labels }} {{- include "sealed-secrets.render" ( dict "value" $.Values.metrics.dashboards.labels "context" $) | nindent 4 }} {{- end }} + annotations: + {{- if $.Values.metrics.dashboards.annotations }} + {{- include "sealed-secrets.render" ( dict "value" $.Values.metrics.dashboards.annotations "context" $) | nindent 4 }} + {{- end }} data: {{ base $path }}: |- {{ $.Files.Get $path | indent 4 }} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sealed-secrets-0.23.1/helm/sealed-secrets/values.yaml new/sealed-secrets-0.24.0/helm/sealed-secrets/values.yaml --- old/sealed-secrets-0.23.1/helm/sealed-secrets/values.yaml 2023-08-17 14:19:21.000000000 +0200 +++ new/sealed-secrets-0.24.0/helm/sealed-secrets/values.yaml 2023-09-15 11:42:16.000000000 +0200 @@ -34,7 +34,7 @@ image: registry: docker.io repository: bitnami/sealed-secrets-controller - tag: v0.23.0 + tag: v0.23.1 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -441,6 +441,9 @@ ## @param metrics.dashboards.labels Extra labels to be added to the Grafana dashboard ConfigMap ## labels: {} + ## @param metrics.dashboards.annotations Annotations to be added to the Grafana dashboard ConfigMap + ## + annotations: {} ## @param metrics.dashboards.namespace Namespace where Grafana dashboard ConfigMap is deployed ## namespace: "" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sealed-secrets-0.23.1/pkg/controller/controller.go new/sealed-secrets-0.24.0/pkg/controller/controller.go --- old/sealed-secrets-0.23.1/pkg/controller/controller.go 2023-08-17 14:19:21.000000000 +0200 +++ new/sealed-secrets-0.24.0/pkg/controller/controller.go 2023-09-15 11:42:16.000000000 +0200 @@ -394,7 +394,6 @@ } if sealedSecret.APIVersion == "" || sealedSecret.Kind == "" { // https://github.com/operator-framework/operator-sdk/issues/727 - log.Errorf("WARNING: Empty API version & kind, filling it...") gv := schema.GroupVersion{Group: ssv1alpha1.GroupName, Version: "v1alpha1"} gvk := gv.WithKind("SealedSecret") sealedSecret.APIVersion = gvk.GroupVersion().String() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sealed-secrets-0.23.1/pkg/kubeseal/kubeseal.go new/sealed-secrets-0.24.0/pkg/kubeseal/kubeseal.go --- old/sealed-secrets-0.23.1/pkg/kubeseal/kubeseal.go 2023-08-17 14:19:21.000000000 +0200 +++ new/sealed-secrets-0.24.0/pkg/kubeseal/kubeseal.go 2023-09-15 11:42:16.000000000 +0200 @@ -13,12 +13,14 @@ "net/http" "net/url" "os" + "reflect" "strings" "time" + "k8s.io/apimachinery/pkg/util/yaml" + ssv1alpha1 "github.com/bitnami-labs/sealed-secrets/pkg/apis/sealedsecrets/v1alpha1" "github.com/bitnami-labs/sealed-secrets/pkg/crypto" - "github.com/bitnami-labs/sealed-secrets/pkg/multidocyaml" v1 "k8s.io/api/core/v1" k8serrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -66,24 +68,6 @@ return cert, nil } -func readSecret(codec runtime.Decoder, r io.Reader) (*v1.Secret, error) { - data, err := io.ReadAll(r) - if err != nil { - return nil, err - } - - if err := multidocyaml.EnsureNotMultiDoc(data); err != nil { - return nil, err - } - - var ret v1.Secret - if err = runtime.DecodeInto(codec, data, &ret); err != nil { - return nil, err - } - - return &ret, nil -} - func prettyEncoder(codecs runtimeserializer.CodecFactory, mediaType string, gv runtime.GroupVersioner) (runtime.Encoder, error) { info, ok := runtime.SerializerInfoForMediaType(codecs.SupportedMediaTypes(), mediaType) if !ok { @@ -184,60 +168,112 @@ return openCertCluster(ctx, restClient, controllerNs, controllerName) } +func readSecrets(r io.Reader) ([]*v1.Secret, error) { + decoder := yaml.NewYAMLOrJSONDecoder(r, 4096) + + var secrets []*v1.Secret + empty := v1.Secret{} + + for { + sec := v1.Secret{} + err := decoder.Decode(&sec) + if reflect.DeepEqual(sec, empty) { + if errors.Is(err, io.EOF) { + break + } else { + continue + } + } + secrets = append(secrets, &sec) + if err != nil && err != io.EOF { + return nil, err + } + } + return secrets, nil +} + +func readSealedSecrets(r io.Reader) ([]*ssv1alpha1.SealedSecret, error) { + decoder := yaml.NewYAMLOrJSONDecoder(r, 4096) + + var secrets []*ssv1alpha1.SealedSecret + empty := ssv1alpha1.SealedSecret{} + + for { + sec := ssv1alpha1.SealedSecret{} + err := decoder.Decode(&sec) + if reflect.DeepEqual(sec, empty) { + if errors.Is(err, io.EOF) { + break + } else { + continue + } + } + secrets = append(secrets, &sec) + if err != nil && err != io.EOF { + return nil, err + } + } + + return secrets, nil +} + // Seal reads a k8s Secret resource parsed from an input reader by a given codec, encrypts all its secrets // with a given public key, using the name and namespace found in the input secret, unless explicitly overridden // by the overrideName and overrideNamespace arguments. func Seal(clientConfig ClientConfig, outputFormat string, in io.Reader, out io.Writer, codecs runtimeserializer.CodecFactory, pubKey *rsa.PublicKey, scope ssv1alpha1.SealingScope, allowEmptyData bool, overrideName, overrideNamespace string) error { - secret, err := readSecret(codecs.UniversalDecoder(), in) + secrets, err := readSecrets(in) if err != nil { return err } - if len(secret.Data) == 0 && len(secret.StringData) == 0 && !allowEmptyData { - return fmt.Errorf("secret.data is empty in input Secret, assuming this is an error and aborting. To work with empty data, --allow-empty-data can be used") - } + for _, secret := range secrets { + if len(secret.Data) == 0 && len(secret.StringData) == 0 && !allowEmptyData { + return fmt.Errorf("secret.data is empty in input Secret, assuming this is an error and aborting. To work with empty data, --allow-empty-data can be used") + } - if overrideName != "" { - secret.Name = overrideName - } + if overrideName != "" { + secret.Name = overrideName + } - if secret.GetName() == "" { - return fmt.Errorf("missing metadata.name in input Secret") - } + if secret.GetName() == "" { + return fmt.Errorf("missing metadata.name in input Secret") + } - if overrideNamespace != "" { - secret.Namespace = overrideNamespace - } + if overrideNamespace != "" { + secret.Namespace = overrideNamespace + } - if scope != ssv1alpha1.DefaultScope { - secret.Annotations = ssv1alpha1.UpdateScopeAnnotations(secret.Annotations, scope) - } + if scope != ssv1alpha1.DefaultScope { + secret.Annotations = ssv1alpha1.UpdateScopeAnnotations(secret.Annotations, scope) + } - if ssv1alpha1.SecretScope(secret) != ssv1alpha1.ClusterWideScope && secret.GetNamespace() == "" { - ns, _, err := clientConfig.Namespace() - if clientcmd.IsEmptyConfig(err) { - return fmt.Errorf("input secret has no namespace and cannot infer the namespace automatically when no kube config is available") - } else if err != nil { - return err + if ssv1alpha1.SecretScope(secret) != ssv1alpha1.ClusterWideScope && secret.GetNamespace() == "" { + ns, _, err := clientConfig.Namespace() + if clientcmd.IsEmptyConfig(err) { + return fmt.Errorf("input secret has no namespace and cannot infer the namespace automatically when no kube config is available") + } else if err != nil { + return err + } + secret.SetNamespace(ns) } - secret.SetNamespace(ns) - } - // Strip read-only server-side ObjectMeta (if present) - secret.SetSelfLink("") - secret.SetUID("") - secret.SetResourceVersion("") - secret.Generation = 0 - secret.SetCreationTimestamp(metav1.Time{}) - secret.SetDeletionTimestamp(nil) - secret.DeletionGracePeriodSeconds = nil + // Strip read-only server-side ObjectMeta (if present) + secret.SetSelfLink("") + secret.SetUID("") + secret.SetResourceVersion("") + secret.Generation = 0 + secret.SetCreationTimestamp(metav1.Time{}) + secret.SetDeletionTimestamp(nil) + secret.DeletionGracePeriodSeconds = nil - ssecret, err := ssv1alpha1.NewSealedSecret(codecs, pubKey, secret) - if err != nil { - return err - } - if err = sealedSecretOutput(out, outputFormat, codecs, ssecret); err != nil { - return err + ssecret, err := ssv1alpha1.NewSealedSecret(codecs, pubKey, secret) + if err != nil { + return err + } + if err = sealedSecretOutput(out, outputFormat, codecs, ssecret); err != nil { + return err + } + //return nil } return nil } @@ -256,11 +292,6 @@ return err } - content, err := io.ReadAll(in) - if err != nil { - return err - } - req := restClient.RESTClient().Post(). Namespace(controllerNs). Resource("services"). @@ -268,15 +299,25 @@ Name(net.JoinSchemeNamePort("http", controllerName, portName)). Suffix("/v1/verify") - req.Body(content) - res := req.Do(ctx) - if err := res.Error(); err != nil { - if status, ok := err.(*k8serrors.StatusError); ok && status.Status().Code == http.StatusConflict { - return fmt.Errorf("unable to decrypt sealed secret") - } - return fmt.Errorf("cannot validate sealed secret: %v", err) + secrets, err := readSealedSecrets(in) + if err != nil { + return fmt.Errorf("unable to decrypt sealed secret") } + for _, secret := range secrets { + content, err := json.Marshal(secret) + if err != nil { + return fmt.Errorf("error while marshalling sealed secret: %w", err) + } + req.Body(content) + res := req.Do(ctx) + if err := res.Error(); err != nil { + if status, ok := err.(*k8serrors.StatusError); ok && status.Status().Code == http.StatusConflict { + return fmt.Errorf("unable to decrypt sealed secret: %v", secret.GetName()) + } + return fmt.Errorf("cannot validate sealed secret: %v", err) + } + } return nil } @@ -294,7 +335,6 @@ return err } - content, err := io.ReadAll(in) if err != nil { return err } @@ -306,27 +346,38 @@ Name(net.JoinSchemeNamePort("http", controllerName, portName)). Suffix("/v1/rotate") - req.Body(content) - res := req.Do(ctx) - if err := res.Error(); err != nil { - if status, ok := err.(*k8serrors.StatusError); ok && status.Status().Code == http.StatusConflict { - return fmt.Errorf("unable to rotate secret") - } - return fmt.Errorf("cannot re-encrypt secret: %v", err) - } - body, err := res.Raw() + secrets, err := readSealedSecrets(in) if err != nil { return err } - ssecret := &ssv1alpha1.SealedSecret{} - if err = json.Unmarshal(body, ssecret); err != nil { - return err - } - ssecret.SetCreationTimestamp(metav1.Time{}) - ssecret.SetDeletionTimestamp(nil) - ssecret.Generation = 0 - if err = sealedSecretOutput(out, outputFormat, codecs, ssecret); err != nil { - return err + + for _, secret := range secrets { + content, err := json.Marshal(secret) + if err != nil { + return err + } + req.Body(content) + res := req.Do(ctx) + if err := res.Error(); err != nil { + if status, ok := err.(*k8serrors.StatusError); ok && status.Status().Code == http.StatusConflict { + return fmt.Errorf("unable to rotate secret") + } + return fmt.Errorf("cannot re-encrypt secret: %v", err) + } + body, err := res.Raw() + if err != nil { + return err + } + ssecret := &ssv1alpha1.SealedSecret{} + if err = json.Unmarshal(body, ssecret); err != nil { + return err + } + ssecret.SetCreationTimestamp(metav1.Time{}) + ssecret.SetDeletionTimestamp(nil) + ssecret.Generation = 0 + if err = sealedSecretOutput(out, outputFormat, codecs, ssecret); err != nil { + return err + } } return nil } @@ -350,7 +401,13 @@ return err } _, _ = out.Write(buf) - fmt.Fprint(out, "\n") + + switch contentType { + case runtime.ContentTypeJSON: + fmt.Fprint(out, "\n") + case runtime.ContentTypeYAML: + fmt.Fprint(out, "---\n") + } return nil } @@ -471,19 +528,19 @@ var lst v1.List if err = runtime.DecodeInto(scheme.Codecs.UniversalDecoder(), b, &lst); err == nil { for _, r := range lst.Items { - s, err := readSecret(scheme.Codecs.UniversalDecoder(), bytes.NewBuffer(r.Raw)) + s, err := readSecrets(bytes.NewBuffer(r.Raw)) if err != nil { return nil, err } - secrets = append(secrets, s) + secrets = append(secrets, s...) } } else { // try to parse it as json/yaml encoded secret - s, err := readSecret(scheme.Codecs.UniversalDecoder(), bytes.NewBuffer(b)) + s, err := readSecrets(bytes.NewBuffer(b)) if err != nil { return nil, err } - secrets = append(secrets, s) + secrets = append(secrets, s...) } var keys []*rsa.PrivateKey diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sealed-secrets-0.23.1/pkg/kubeseal/kubeseal_test.go new/sealed-secrets-0.24.0/pkg/kubeseal/kubeseal_test.go --- old/sealed-secrets-0.23.1/pkg/kubeseal/kubeseal_test.go 2023-08-17 14:19:21.000000000 +0200 +++ new/sealed-secrets-0.24.0/pkg/kubeseal/kubeseal_test.go 2023-09-15 11:42:16.000000000 +0200 @@ -19,6 +19,9 @@ "testing" "time" + "k8s.io/apimachinery/pkg/util/yaml" + "k8s.io/utils/strings/slices" + flag "github.com/spf13/pflag" "github.com/google/go-cmp/cmp" @@ -177,6 +180,86 @@ } } +func TestSealWithMultiDocSecrets(t *testing.T) { + key, err := ParseKey(strings.NewReader(testCert)) + if err != nil { + t.Fatalf("Failed to parse gotSecrets key: %v", err) + } + + testCases := []struct { + name string + asYaml bool + inputSeparator string + outputFormat string + }{ + { + name: "multi-doc json", + asYaml: false, + inputSeparator: "\n", + outputFormat: "json", + }, + { + name: "multi-doc yaml", + asYaml: true, + inputSeparator: "---\n", + outputFormat: "yaml", + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + s1 := mkTestSecret(t, "foo", "1", withSecretName("s1"), asYAML(tc.asYaml)) + s2 := mkTestSecret(t, "bar", "2", withSecretName("s2"), asYAML(tc.asYaml)) + multiDocYaml := fmt.Sprintf("%s%s%s", s1, tc.inputSeparator, s2) + + clientConfig := testClientConfig() + outputFormat := tc.outputFormat + inbuf := bytes.Buffer{} + _, err = bytes.NewBuffer([]byte(multiDocYaml)).WriteTo(&inbuf) + if err != nil { + t.Fatalf("Error writing to buffer: %v", err) + } + + t.Logf("input is: %s", inbuf.String()) + + outbuf := bytes.Buffer{} + if err := Seal(clientConfig, outputFormat, &inbuf, &outbuf, scheme.Codecs, key, ssv1alpha1.NamespaceWideScope, false, "", ""); err != nil { + t.Fatalf("seal() returned error: %v", err) + } + + outBytes := outbuf.Bytes() + t.Logf("output is %s", outBytes) + + decoder := yaml.NewYAMLOrJSONDecoder(bytes.NewReader(outBytes), 4096) + var gotSecrets []*ssv1alpha1.SealedSecret + for { + s := ssv1alpha1.SealedSecret{} + err := decoder.Decode(&s) + if err != nil { + if err == io.EOF { + break + } + t.Fatalf("Failed to parse result: %v", err) + } + gotSecrets = append(gotSecrets, &s) + } + + if got, want := len(gotSecrets), 2; got != want { + t.Errorf("Wrong element output length: got: %d, want: %d", got, want) + } + + for _, gotSecret := range gotSecrets { + if got, want := gotSecret.GetNamespace(), "testns"; got != want { + t.Errorf("got: %q, want: %q", got, want) + } + if got, want := gotSecret.GetName(), []string{"s1", "s2"}; !slices.Contains(want, got) { + t.Errorf("got: %q, want: %q", got, want) + } + } + }) + } +} + func TestSeal(t *testing.T) { key, err := ParseKey(strings.NewReader(testCert)) if err != nil { @@ -520,13 +603,15 @@ t.Fatal(err) } - secret, err := readSecret(scheme.Codecs.UniversalDecoder(), &buf) + secret, err := readSecrets(&buf) if err != nil { t.Fatal(err) } - if got, want := string(secret.Data[secretItemKey]), secretItemValue; got != want { - t.Fatalf("got: %q, want: %q", got, want) + for _, secret := range secret { + if got, want := string(secret.Data[secretItemKey]), secretItemValue; got != want { + t.Fatalf("got: %q, want: %q", got, want) + } } } @@ -579,13 +664,15 @@ t.Fatal(err) } - secret, err := readSecret(scheme.Codecs.UniversalDecoder(), &buf) + secret, err := readSecrets(&buf) if err != nil { t.Fatal(err) } - if got, want := string(secret.Data[secretItemKey]), secretItemValue; got != want { - t.Fatalf("got: %q, want: %q", got, want) + for _, secret := range secret { + if got, want := string(secret.Data[secretItemKey]), secretItemValue; got != want { + t.Fatalf("got: %q, want: %q", got, want) + } } } @@ -887,17 +974,6 @@ } } -func TestYAMLStream(t *testing.T) { - s1 := mkTestSecret(t, "foo", "1", withSecretName("s1"), asYAML(true)) - s2 := mkTestSecret(t, "var", "2", withSecretName("s2"), asYAML(true)) - bad := fmt.Sprintf("%s\n---\n%s\n", s1, s2) - - _, err := readSecret(scheme.Codecs.UniversalDecoder(), strings.NewReader(bad)) - if err == nil { - t.Fatalf("error expected") - } -} - func TestReadPrivKeyPEM(t *testing.T) { _, pkw := newTestKeyPairSingle(t) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sealed-secrets-0.23.1/versions.env new/sealed-secrets-0.24.0/versions.env --- old/sealed-secrets-0.23.1/versions.env 2023-08-17 14:19:21.000000000 +0200 +++ new/sealed-secrets-0.24.0/versions.env 2023-09-15 11:42:16.000000000 +0200 @@ -1,2 +1,2 @@ -GO_VERSION=1.20.3 +GO_VERSION=1.21.1 GO_VERSION_LIST="[\"$GO_VERSION\"]" ++++++ sealed-secrets.obsinfo ++++++ --- /var/tmp/diff_new_pack.YSxRyI/_old 2023-09-15 22:11:18.713656624 +0200 +++ /var/tmp/diff_new_pack.YSxRyI/_new 2023-09-15 22:11:18.717656767 +0200 @@ -1,5 +1,5 @@ name: sealed-secrets -version: 0.23.1 -mtime: 1692274761 -commit: daa514e978924ee31007b6213783b7e4623a08c1 +version: 0.24.0 +mtime: 1694770936 +commit: 3344ac6b6403320c46d0c3b26124a3c27f296c3c ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/kubeseal/vendor.tar.gz /work/SRC/openSUSE:Factory/.kubeseal.new.1766/vendor.tar.gz differ: char 5, line 1