diff --git a/.github/workflows/cli.yml b/.github/workflows/cli.yml index c26db7a8f..6a738959b 100644 --- a/.github/workflows/cli.yml +++ b/.github/workflows/cli.yml @@ -29,15 +29,17 @@ jobs: VAULT_ADDR: "http://127.0.0.1:8200" steps: - name: Set up Go ${{ matrix.go-version }} - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: ${{ matrix.go-version }} id: go - name: Check out code into the Go module directory uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false - - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} @@ -69,14 +71,14 @@ jobs: - name: Upload artifact for ${{ matrix.os }} if: matrix.os != 'windows' - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: sops-${{ matrix.go-version }}-${{ matrix.os }}-${{ matrix.arch }}-${{ github.sha }} path: sops-${{ matrix.go-version }}-${{ matrix.os }}-${{ matrix.arch }}-${{ github.sha }} - name: Upload artifact for ${{ matrix.os }} if: matrix.os == 'windows' - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: sops-${{ matrix.go-version }}-${{ matrix.os }}-${{ github.sha }} path: sops-${{ matrix.go-version }}-${{ matrix.os }}-${{ github.sha }} @@ -94,6 +96,8 @@ jobs: steps: - name: Check out code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false # Rustup will detect toolchain version and profile from rust-toolchain.toml # It will download and install the toolchain and components automatically diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index c9c23e7fd..e3a904bce 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -30,10 +30,12 @@ jobs: steps: - name: Checkout code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 + uses: github/codeql-action/init@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9 with: languages: go # xref: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs @@ -50,6 +52,6 @@ jobs: make install - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 + uses: github/codeql-action/analyze@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9 with: category: "/language:go" diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index fdd3d89fe..65b7d49aa 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -24,6 +24,8 @@ jobs: steps: - name: Checkout code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false - name: Install rstcheck and markdownlint run: | diff --git a/.github/workflows/linters.yml b/.github/workflows/linters.yml index 643bb324c..d0626a2cb 100644 --- a/.github/workflows/linters.yml +++ b/.github/workflows/linters.yml @@ -22,6 +22,8 @@ jobs: steps: - name: Check out code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false # Rustup will detect toolchain version and profile from rust-toolchain.toml # It will download and install the toolchain and components automatically diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ced00a0f8..56276adab 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -28,24 +28,25 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 + persist-credentials: false - name: Setup Go - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v4.0.1 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v4.0.1 with: go-version-file: go.mod cache: false - name: Setup Syft - uses: anchore/sbom-action/download-syft@55dc4ee22412511ee8c3142cbea40418e6cec693 # v0.17.8 + uses: anchore/sbom-action/download-syft@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0 - name: Setup Cosign - uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 + uses: sigstore/cosign-installer@c56c2d3e59e4281cc41dea2217323ba5694b171e # v3.8.0 - name: Setup QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 + uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0 - name: Setup Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0 - name: Login to GitHub Container Registry uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 diff --git a/.release/alpine.Dockerfile b/.release/alpine.Dockerfile index eaffdfd73..94e205694 100644 --- a/.release/alpine.Dockerfile +++ b/.release/alpine.Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.18 +FROM alpine:3.21 RUN apk --no-cache add \ ca-certificates \ diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 000000000..f27b5904a --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,620 @@ +# Changelog + +## 3.9.4 + +Improvements: + +* Dependency updates ([#1727](https://github.com/getsops/sops/pull/1727), [#1732](https://github.com/getsops/sops/pull/1732), + [#1734](https://github.com/getsops/sops/pull/1734), [#1739](https://github.com/getsops/sops/pull/1739)). + +Bugfixes: + +* Prevent key deduplication to identify different AWS KMS keys that only differ by + role, context, or profile ([#1733](https://github.com/getsops/sops/pull/1733)). +* Update part of Azure SDK which prevented decryption in some cases ([#1695](https://github.com/getsops/sops/issue/1695), + [#1734](https://github.com/getsops/sops/pull/1734)). + +Project changes: + +* CI dependency updates ([#1730](https://github.com/getsops/sops/pull/1730), [#1738](https://github.com/getsops/sops/pull/1738)). +* Rust dependency updates ([#1728](https://github.com/getsops/sops/pull/1728), [#1731](https://github.com/getsops/sops/pull/1731), + [#1735](https://github.com/getsops/sops/pull/1735)). + +## 3.9.3 + +Improvements: + +* Dependency updates ([#1699](https://github.com/getsops/sops/pull/1699), [#1703](https://github.com/getsops/sops/pull/1703), + [#1710](https://github.com/getsops/sops/pull/1710), [#1714](https://github.com/getsops/sops/pull/1714), + [#1715](https://github.com/getsops/sops/pull/1715), [#1723](https://github.com/getsops/sops/pull/1723)). +* Add `persist-credentials: false` to checkouts in GitHub workflows ([#1704](https://github.com/getsops/sops/pull/1704)). +* Tests: use container images from + [https://github.com/getsops/ci-container-images](https://github.com/getsops/ci-container-images) + ([#1722](https://github.com/getsops/sops/pull/1722)). + +Bugfixes: + +* GnuPG: do not incorrectly trim fingerprint in presence of exclamation + marks for specfic subkey selection ([#1720](https://github.com/getsops/sops/pull/1720)). +* `updatekeys` subcommand: fix `--input-type` CLI flag being ignored ([#1721](https://github.com/getsops/sops/pull/1721)). + +Project changes: + +* CI dependency updates ([#1698](https://github.com/getsops/sops/pull/1698), [#1708](https://github.com/getsops/sops/pull/1708), + [#1717](https://github.com/getsops/sops/pull/1717)). +* Rust dependency updates ([#1707](https://github.com/getsops/sops/pull/1707), [#1716](https://github.com/getsops/sops/pull/1716), + [#1725](https://github.com/getsops/sops/pull/1725)). + +## 3.9.2 + +Improvements: + +* Dependency updates ([#1645](https://github.com/getsops/sops/pull/1645), [#1649](https://github.com/getsops/sops/pull/1649), + [#1653](https://github.com/getsops/sops/pull/1653), [#1662](https://github.com/getsops/sops/pull/1662), + [#1686](https://github.com/getsops/sops/pull/1686), [#1693](https://github.com/getsops/sops/pull/1693)). +* Update compiled Protobuf definitions ([#1688](https://github.com/getsops/sops/pull/1688)). +* Remove unused variables and simplify conditional (##1687). + +Bugfixes: + +* Handle whitespace in Azure Key Vault URLs ([#1652](https://github.com/getsops/sops/pull/1652)). +* Correctly handle comments during JSON serialization ([#1647](https://github.com/getsops/sops/pull/1647)). + +Project changes: + +* CI dependency updates ([#1644](https://github.com/getsops/sops/pull/1644), [#1648](https://github.com/getsops/sops/pull/1648), + [#1654](https://github.com/getsops/sops/pull/1654), [#1664](https://github.com/getsops/sops/pull/1664), + [#1673](https://github.com/getsops/sops/pull/1673), [#1677](https://github.com/getsops/sops/pull/1677), + [#1685](https://github.com/getsops/sops/pull/1685)). +* Rust dependency updates ([#1655](https://github.com/getsops/sops/pull/1655), [#1663](https://github.com/getsops/sops/pull/1663), + [#1670](https://github.com/getsops/sops/pull/1670), [#1676](https://github.com/getsops/sops/pull/1676), + [#1689](https://github.com/getsops/sops/pull/1689)). +* Update and improve Protobuf code generation ([#1688](https://github.com/getsops/sops/pull/1688)). + +## 3.9.1 + +Improvements: + +* Dependency updates ([#1550](https://github.com/getsops/sops/pull/1550), [#1554](https://github.com/getsops/sops/pull/1554), + [#1558](https://github.com/getsops/sops/pull/1558), [#1562](https://github.com/getsops/sops/pull/1562), + [#1565](https://github.com/getsops/sops/pull/1565), [#1568](https://github.com/getsops/sops/pull/1568), + [#1575](https://github.com/getsops/sops/pull/1575), [#1581](https://github.com/getsops/sops/pull/1581), + [#1589](https://github.com/getsops/sops/pull/1589), [#1593](https://github.com/getsops/sops/pull/1593), + [#1602](https://github.com/getsops/sops/pull/1602), [#1603](https://github.com/getsops/sops/pull/1603), + [#1618](https://github.com/getsops/sops/pull/1618), [#1629](https://github.com/getsops/sops/pull/1629), + [#1635](https://github.com/getsops/sops/pull/1635), [#1639](https://github.com/getsops/sops/pull/1639), + [#1640](https://github.com/getsops/sops/pull/1640)). +* Clarify naming of the configuration file in the documentation ([#1569](https://github.com/getsops/sops/pull/1569)). +* Build with Go 1.22 ([#1589](https://github.com/getsops/sops/pull/1589)). +* Specify filename of missing file in error messages ([#1625](https://github.com/getsops/sops/pull/1625)). +* `updatekeys` subcommand: show changes in `shamir_threshold` ([#1609](https://github.com/getsops/sops/pull/1609)). + +Bugfixes: + +* Fix the URL used for determining the latest SOPS version ([#1553](https://github.com/getsops/sops/pull/1553)). +* `updatekeys` subcommand: actually use option + `--shamir-secret-sharing-threshold` ([#1608](https://github.com/getsops/sops/pull/1608)). +* Fix `--config` being ignored in subcommands by `loadConfig` ([#1613](https://github.com/getsops/sops/pull/1613)). +* Allow `edit` subcommand to create files ([#1596](https://github.com/getsops/sops/pull/1596)). +* Do not encrypt if a key group is empty, or there are no key groups ([#1600](https://github.com/getsops/sops/pull/1600)). +* Do not ignore config errors when trying to parse a config file ([#1614](https://github.com/getsops/sops/pull/1614)). + +Project changes: + +* CI dependency updates ([#1551](https://github.com/getsops/sops/pull/1551), [#1555](https://github.com/getsops/sops/pull/1555), + [#1559](https://github.com/getsops/sops/pull/1559), [#1564](https://github.com/getsops/sops/pull/1564), + [#1566](https://github.com/getsops/sops/pull/1566), [#1574](https://github.com/getsops/sops/pull/1574), + [#1584](https://github.com/getsops/sops/pull/1584), [#1586](https://github.com/getsops/sops/pull/1586), + [#1590](https://github.com/getsops/sops/pull/1590), [#1592](https://github.com/getsops/sops/pull/1592), + [#1619](https://github.com/getsops/sops/pull/1619), [#1628](https://github.com/getsops/sops/pull/1628), + [#1634](https://github.com/getsops/sops/pull/1634)). +* Improve CI workflows ([#1548](https://github.com/getsops/sops/pull/1548), [#1630](https://github.com/getsops/sops/pull/1630)). +* Ignore user-set environment variable `SOPS_AGE_KEY_FILE` in tests ([#1595](https://github.com/getsops/sops/pull/1595)). +* Add example of using Age recipients in `.sops.yaml` ([#1607](https://github.com/getsops/sops/pull/1607)). +* Add linting check for Rust code formatting ([#1604](https://github.com/getsops/sops/pull/1604)). +* Set Rust version globally via `rust-toolchain.toml` for functional tests ([#1612](https://github.com/getsops/sops/pull/1612)). +* Improve test coverage ([#1617](https://github.com/getsops/sops/pull/1617)). +* Improve tests ([#1622](https://github.com/getsops/sops/pull/1622), [#1624](https://github.com/getsops/sops/pull/1624)). +* Simplify branch rules to check DCO and `check` task instead of an explicit + list of tasks in the CLI workflow ([#1621](https://github.com/getsops/sops/pull/1621)). +* Build with Go 1.22 and 1.23 in CI and update Vault to 1.14 ([#1531](https://github.com/getsops/sops/pull/1531)). +* Build release with Go 1.22 ([#1615](https://github.com/getsops/sops/pull/1615)). +* Fix Dependabot config for Docker; add Dependabot config for Rust ([#1632](https://github.com/getsops/sops/pull/1632)). +* Lock Rust package versions for functional tests for improved + reproducibility ([#1637](https://github.com/getsops/sops/pull/1637)). +* Rust dependency updates ([#1638](https://github.com/getsops/sops/pull/1638)). + +## 3.9.0 + +Features: + +* Add `--mac-only-encrypted` to compute MAC only over values which + end up encrypted ([#973](https://github.com/getsops/sops/pull/973)) +* Allow configuration of indentation for YAML and JSON stores ([#1273](https://github.com/getsops/sops/pull/1273), + [#1372](https://github.com/getsops/sops/pull/1372)) +* Introduce a `--pristine` flag to `sops exec-env` ([#912](https://github.com/getsops/sops/pull/912)) +* Allow to pass multiple paths to `sops updatekeys` ([#1274](https://github.com/getsops/sops/pull/1274)) +* Allow to override `fileName` with different value ([#1332](https://github.com/getsops/sops/pull/1332)) +* Sort masterkeys according to `--decryption-order` ([#1345](https://github.com/getsops/sops/pull/1345)) +* Add separate subcommands for encryption, decryption, rotating, editing, + and setting values ([#1391](https://github.com/getsops/sops/pull/1391)) +* Add `filestatus` command ([#545](https://github.com/getsops/sops/pull/545)) +* Add command `unset` ([#1475](https://github.com/getsops/sops/pull/1475)) +* Merge key for key groups and make keys unique ([#1493](https://github.com/getsops/sops/pull/1493)) +* Support using comments to select parts to encrypt ([#974](https://github.com/getsops/sops/pull/974), + [#1392](https://github.com/getsops/sops/pull/1392)) + +Deprecations: + +* Deprecate the `--background` option to `exec-env` and `exec-file` ([#1379](https://github.com/getsops/sops/pull/1379)) + +Improvements: + +* Warn/fail if the wrong number of arguments is provided ([#1342](https://github.com/getsops/sops/pull/1342)) +* Warn if more than one command is used ([#1388](https://github.com/getsops/sops/pull/1388)) +* Dependency updates ([#1327](https://github.com/getsops/sops/pull/1327), + [#1328](https://github.com/getsops/sops/pull/1328), [#1330](https://github.com/getsops/sops/pull/1330), + [#1336](https://github.com/getsops/sops/pull/1336), [#1334](https://github.com/getsops/sops/pull/1334), + [#1344](https://github.com/getsops/sops/pull/1344), [#1348](https://github.com/getsops/sops/pull/1348), + [#1354](https://github.com/getsops/sops/pull/1354), [#1357](https://github.com/getsops/sops/pull/1357), + [#1360](https://github.com/getsops/sops/pull/1360), [#1373](https://github.com/getsops/sops/pull/1373), + [#1381](https://github.com/getsops/sops/pull/1381), [#1383](https://github.com/getsops/sops/pull/1383), + [#1385](https://github.com/getsops/sops/pull/1385), [#1408](https://github.com/getsops/sops/pull/1408), + [#1428](https://github.com/getsops/sops/pull/1428), [#1429](https://github.com/getsops/sops/pull/1429), + [#1427](https://github.com/getsops/sops/pull/1427), [#1439](https://github.com/getsops/sops/pull/1439), + [#1454](https://github.com/getsops/sops/pull/1454), [#1460](https://github.com/getsops/sops/pull/1460), + [#1466](https://github.com/getsops/sops/pull/1466), [#1489](https://github.com/getsops/sops/pull/1489), + [#1519](https://github.com/getsops/sops/pull/1519), [#1525](https://github.com/getsops/sops/pull/1525), + [#1528](https://github.com/getsops/sops/pull/1528), [#1540](https://github.com/getsops/sops/pull/1540), + [#1543](https://github.com/getsops/sops/pull/1543), [#1545](https://github.com/getsops/sops/pull/1545)) +* Build with Go 1.21 ([#1427](https://github.com/getsops/sops/pull/1427)) +* Improve README.rst ([#1339](https://github.com/getsops/sops/pull/1339), + [#1399](https://github.com/getsops/sops/pull/1399), [#1350](https://github.com/getsops/sops/pull/1350)) +* Fix typos ([#1337](https://github.com/getsops/sops/pull/1337), [#1477](https://github.com/getsops/sops/pull/1477), + [#1484](https://github.com/getsops/sops/pull/1484)) +* Polish the `sops help` output a bit ([#1341](https://github.com/getsops/sops/pull/1341), + [#1544](https://github.com/getsops/sops/pull/1544)) +* Improve and fix tests ([#1346](https://github.com/getsops/sops/pull/1346), + [#1349](https://github.com/getsops/sops/pull/1349), [#1370](https://github.com/getsops/sops/pull/1370), + [#1390](https://github.com/getsops/sops/pull/1390), [#1396](https://github.com/getsops/sops/pull/1396), + [#1492](https://github.com/getsops/sops/pull/1492)) +* Create a constant for the `sops` metadata key ([#1398](https://github.com/getsops/sops/pull/1398)) +* Refactoring: move extraction of encryption and rotation options to + separate functions ([#1389](https://github.com/getsops/sops/pull/1389)) + +Bug fixes: + +* Respect `aws_profile` from keygroup config ([#1049](https://github.com/getsops/sops/pull/1049)) +* Fix a bug where not having a config results in a panic ([#1371](https://github.com/getsops/sops/pull/1371)) +* Consolidate Flatten/Unflatten pre/post processing ([#1356](https://github.com/getsops/sops/pull/1356)) +* INI and DotEnv stores: `shamir_threshold` is an integer ([#1394](https://github.com/getsops/sops/pull/1394)) +* Make check whether file contains invalid keys for encryption dependent + on output store ([#1393](https://github.com/getsops/sops/pull/1393)) +* Do not panic if `updatekeys` is used with a config that has no creation + rules defined ([#1506](https://github.com/getsops/sops/pull/1506)) +* `exec-file`: if `--filename` is used, use the provided filename without + random suffix ([#1474](https://github.com/getsops/sops/pull/1474)) +* Do not use DotEnv store for `exec-env`, but specialized environment + serializing code ([#1436](https://github.com/getsops/sops/pull/1436)) +* Decryption: do not fail if no matching `creation_rule` is present in + config file ([#1434](https://github.com/getsops/sops/pull/1434)) + +Project changes: + +* CI dependency updates ([#1347](https://github.com/getsops/sops/pull/1347), + [#1359](https://github.com/getsops/sops/pull/1359), [#1376](https://github.com/getsops/sops/pull/1376), + [#1382](https://github.com/getsops/sops/pull/1382), [#1386](https://github.com/getsops/sops/pull/1386), + [#1425](https://github.com/getsops/sops/pull/1425), [#1432](https://github.com/getsops/sops/pull/1432), + [#1498](https://github.com/getsops/sops/pull/1498), [#1503](https://github.com/getsops/sops/pull/1503), + [#1508](https://github.com/getsops/sops/pull/1508), [#1510](https://github.com/getsops/sops/pull/1510), + [#1516](https://github.com/getsops/sops/pull/1516), [#1521](https://github.com/getsops/sops/pull/1521), + [#1492](https://github.com/getsops/sops/pull/1492), [#1534](https://github.com/getsops/sops/pull/1534)) +* Adjust Makefile to new goreleaser 6.0.0 release ([#1526](https://github.com/getsops/sops/pull/1526)) + +## 3.8.1 + +Improvements: + +* Improve handling of errors when binary store handles bad data ([#1289](https://github.com/getsops/sops/pull/1289)) +* On macOS, prefer `XDG_CONFIG_HOME` over os.UserConfigDir() ([#1291](https://github.com/getsops/sops/pull/1291)) +* Dependency updates ([#1306](https://github.com/getsops/sops/pull/1306), + [#1319](https://github.com/getsops/sops/pull/1319), [#1325](https://github.com/getsops/sops/pull/1325)) +* pgp: better error reporting for missing GPG binary during import of keys ([#1286](https://github.com/getsops/sops/pull/1286)) +* Fix descriptions of `unencrypted-regex` and `encrypted-regex` flags, and + ensure `unencrypted_regex` is considered in config validation ([#1300](https://github.com/getsops/sops/pull/1300)) +* stores/json: improve error messages when parsing invalid JSON ([#1307](https://github.com/getsops/sops/pull/1307)) + +Bug fixes: + +* pgp: improve handling of GnuPG home dir ([#1298](https://github.com/getsops/sops/pull/1298)) +* Do not crash if an empty YAML file is encrypted ([#1290](https://github.com/getsops/sops/pull/1290)) +* Handling of various ignored errors ([#1304](https://github.com/getsops/sops/pull/1304), + [#1311](https://github.com/getsops/sops/pull/1311)) +* pgp: do not require abs path for `SOPS_GPG_EXEC` ([#1309](https://github.com/getsops/sops/pull/1309)) +* Report key rotation errors ([#1317](https://github.com/getsops/sops/pull/1317)) +* Ensure wrapping of errors in main package ([#1318](https://github.com/getsops/sops/pull/1318)) + +Project changes: + +* Enrich AWS authentication documentation ([#1272](https://github.com/getsops/sops/pull/1272)) +* Add linting for RST and MD files ([#1287](https://github.com/getsops/sops/pull/1287)) +* Delete SOPS encrypted file we don't have keys for ([#1288](https://github.com/getsops/sops/pull/1288)) +* CI dependency updates ([#1295](https://github.com/getsops/sops/pull/1295), [#1301](https://github.com/getsops/sops/pull/1301)) +* pgp: make error the last return value ([#1310](https://github.com/getsops/sops/pull/1310)) +* Improve documentation files ([#1320](https://github.com/getsops/sops/pull/1320)) + +## 3.8.0 + +Features: + +* Support `--version` without network requests using `--disable-version-check` ([#1115](https://github.com/getsops/sops/pull/1115)) +* Support `--input-type` for updatekeys command ([#1116](https://github.com/getsops/sops/pull/1116)) + +Improvements: + +* pgp: modernize and improve, and add tests ([#1054](https://github.com/getsops/sops/pull/1054), + [#1282](https://github.com/getsops/sops/pull/1282)) +* azkv: update SDK to latest, add tests, tidy ([#1067](https://github.com/getsops/sops/pull/1067), + [#1092](https://github.com/getsops/sops/pull/1092), [#1256](https://github.com/getsops/sops/pull/1256)) +* age: improve identity loading, add tests, tidy ([#1064](https://github.com/getsops/sops/pull/1064)) +* kms: AWS SDK V2, allow creds config, add tests ([#1065](https://github.com/getsops/sops/pull/1065), + [#1257](https://github.com/getsops/sops/pull/1257)) +* gcpkms: update SDK to latest, add tests, tidy ([#1072](https://github.com/getsops/sops/pull/1072), + [#1255](https://github.com/getsops/sops/pull/1255)) +* hcvault: update API, add tests, tidy ([#1085](https://github.com/getsops/sops/pull/1085)) +* Do not report version when upstream `--version` check fails ([#1124](https://github.com/getsops/sops/pull/1124)) +* Use GitHub endpoints in `--version` command ([#1261](https://github.com/getsops/sops/pull/1261)) +* Close temporary file before invoking editor to widen support on Windows ([#1265](https://github.com/getsops/sops/pull/1265)) +* Update dependencies ([#1063](https://github.com/getsops/sops/pull/1063), + [#1091](https://github.com/getsops/sops/pull/1091), [#1147](https://github.com/getsops/sops/pull/1147), + [#1242](https://github.com/getsops/sops/pull/1242), [#1260](https://github.com/getsops/sops/pull/1260), + [#1264](https://github.com/getsops/sops/pull/1264), [#1275](https://github.com/getsops/sops/pull/1275), + [#1280](https://github.com/getsops/sops/pull/1280), [#1283](https://github.com/getsops/sops/pull/1283)) +* Deal with various deprecations of dependencies ([#1113](https://github.com/getsops/sops/pull/1113), + [#1262](https://github.com/getsops/sops/pull/1262)) + +Bug fixes: + +* Ensure YAML comments are not displaced ([#1069](https://github.com/getsops/sops/pull/1069)) +* Ensure default Google credentials can be used again after introduction + of `GOOGLE_CREDENTIALS` ([#1249](https://github.com/getsops/sops/pull/1249)) +* Avoid duplicate logging of errors in some key sources ([#1146](https://github.com/getsops/sops/pull/1146), + [#1281](https://github.com/getsops/sops/pull/1281)) +* Using `--set` on a root level key does no longer truncate existing values ([#899](https://github.com/getsops/sops/pull/899)) +* Ensure stable order of SOPS parameters in dotenv file ([#1101](https://github.com/getsops/sops/pull/1101)) + +Project changes: + +* Update Go to 1.20 ([#1148](https://github.com/getsops/sops/pull/1148)) +* Update rustc functional tests to v1.70.0 ([#1234](https://github.com/getsops/sops/pull/1234)) +* Remove remaining CircleCI workflow ([#1237](https://github.com/getsops/sops/pull/1237)) +* Run CLI workflow on main ([#1243](https://github.com/getsops/sops/pull/1243)) +* Delete obsolete `validation/` artifact ([#1248](https://github.com/getsops/sops/pull/1248)) +* Rename Go module to `github.com/getsops/sops/v3` ([#1247](https://github.com/getsops/sops/pull/1247)) +* Revamp release automation, including (Cosign) signed container images + and checksums file, SLSA3 provenance and SBOMs ([#1250](https://github.com/getsops/sops/pull/1250)) +* Update various bits of documentation ([#1244](https://github.com/getsops/sops/pull/1244)) +* Add missing `--encrypt` flag from Vault example ([#1060](https://github.com/getsops/sops/pull/1060)) +* Add documentation on how to use age in `.sops.yaml` ([#1192](https://github.com/getsops/sops/pull/1192)) +* Improve Make targets and address various issues ([#1258](https://github.com/getsops/sops/pull/1258)) +* Ensure clean working tree in CI ([#1267](https://github.com/getsops/sops/pull/1267)) +* Fix CHANGELOG.rst formatting ([#1269](https://github.com/getsops/sops/pull/1269)) +* Pin GitHub Actions to full length commit SHA and add CodeQL ([#1276](https://github.com/getsops/sops/pull/1276)) +* Enable Dependabot for Docker, GitHub Actions and Go Mod ([#1277](https://github.com/getsops/sops/pull/1277)) +* Generate versioned `.intoto.jsonl` ([#1278](https://github.com/getsops/sops/pull/1278)) +* Update CI dependencies ([#1279](https://github.com/getsops/sops/pull/1279)) + +## 3.7.3 + +Changes: + +* Upgrade dependencies ([#1024](https://github.com/getsops/sops/pull/1024), [#1045](https://github.com/getsops/sops/pull/1045)) +* Build alpine container in CI ([#1018](https://github.com/getsops/sops/pull/1018), + [#1032](https://github.com/getsops/sops/pull/1032), [#1025](https://github.com/getsops/sops/pull/1025)) +* keyservice: accept KeyServiceServer in LocalClient ([#1035](https://github.com/getsops/sops/pull/1035)) +* Add support for GCP Service Account within `GOOGLE_CREDENTIALS` ([#953](https://github.com/getsops/sops/pull/953)) + +Bug fixes: + +* Upload the correct binary for the linux amd64 build ([#1026](https://github.com/getsops/sops/pull/1026)) +* Fix bug when specifying multiple age recipients ([#966](https://github.com/getsops/sops/pull/966)) +* Allow for empty yaml maps ([#908](https://github.com/getsops/sops/pull/908)) +* Limit AWS role names to 64 characters ([#1037](https://github.com/getsops/sops/pull/1037)) + +## 3.7.2 + +Changes: + +* README updates ([#861](https://github.com/getsops/sops/pull/861), [#860](https://github.com/getsops/sops/pull/860)) +* Various test fixes ([#909](https://github.com/getsops/sops/pull/909), + [#906](https://github.com/getsops/sops/pull/906), [#1008](https://github.com/getsops/sops/pull/1008)) +* Added Linux and Darwin arm64 releases ([#911](https://github.com/getsops/sops/pull/911), + [#891](https://github.com/getsops/sops/pull/891)) +* Upgrade to go v1.17 ([#1012](https://github.com/getsops/sops/pull/1012)) +* Support SOPS_AGE_KEY environment variable ([#1006](https://github.com/getsops/sops/pull/1006)) + +Bug fixes: + +* Make sure comments in yaml files are not duplicated ([#866](https://github.com/getsops/sops/pull/866)) +* Make sure configuration file paths work correctly relative to the + config file in us ([#853](https://github.com/getsops/sops/pull/853)) + +## 3.7.1 + +Changes: + +* Security fix +* Add release workflow ([#843](https://github.com/getsops/sops/pull/843)) +* Fix issue where CI wouldn't run against master ([#848](https://github.com/getsops/sops/pull/848)) +* Trim extra whitespace around age keys ([#846](https://github.com/getsops/sops/pull/846)) + +## 3.7.0 + +Features: + +* Add support for age ([#688](https://github.com/getsops/sops/pull/688)) +* Add filename to exec-file ([#761](https://github.com/getsops/sops/pull/761)) + +Changes: + +* On failed decryption with GPG, return the error returned by GPG to the + sops user ([#762](https://github.com/getsops/sops/pull/762)) +* Use yaml.v3 instead of modified yaml.v2 for handling YAML files ([#791](https://github.com/getsops/sops/pull/791)) +* Update aws-sdk-go to version v1.37.18 ([#823](https://github.com/getsops/sops/pull/823)) + +Project Changes: + +* Switch from TravisCI to Github Actions ([#792](https://github.com/getsops/sops/pull/792)) + +## 3.6.1 + +Features: + +* Add support for --unencrypted-regex ([#715](https://github.com/getsops/sops/pull/715)) + +Changes: + +* Use keys.openpgp.org instead of gpg.mozilla.org ([#732](https://github.com/getsops/sops/pull/732)) +* Upgrade AWS SDK version ([#714](https://github.com/getsops/sops/pull/714)) +* Support --input-type for exec-file ([#699](https://github.com/getsops/sops/pull/699)) + +Bug fixes: + +* Fixes broken Vault tests ([#731](https://github.com/getsops/sops/pull/731)) +* Revert "Add standard newline/quoting behavior to dotenv store" ([#706](https://github.com/getsops/sops/pull/706)) + +## 3.6.0 + +Features: + +* Support for encrypting data through the use of Hashicorp Vault ([#655](https://github.com/getsops/sops/pull/655)) +* `sops publish` now supports `--recursive` flag for publishing all files + in a directory ([#602](https://github.com/getsops/sops/pull/602)) +* `sops publish` now supports `--omit-extensions` flag for omitting the + extension in the destination path ([#602](https://github.com/getsops/sops/pull/602)) +* sops now supports JSON arrays of arrays ([#642](https://github.com/getsops/sops/pull/642)) + +Improvements: + +* Updates and standardization for the dotenv store ([#612](https://github.com/getsops/sops/pull/612), + [#622](https://github.com/getsops/sops/pull/622)) +* Close temp files after using them for edit command ([#685](https://github.com/getsops/sops/pull/685)) + +Bug fixes: + +* AWS SDK usage now correctly resolves the `~/.aws/config` file ([#680](https://github.com/getsops/sops/pull/680)) +* `sops updatekeys` now correctly matches config rules ([#682](https://github.com/getsops/sops/pull/682)) +* `sops updatekeys` now correctly uses the config path cli flag ([#672](https://github.com/getsops/sops/pull/672)) +* Partially empty sops config files don't break the use of sops anymore ([#662](https://github.com/getsops/sops/pull/662)) +* Fix possible infinite loop in PGP's passphrase prompt call ([#690](https://github.com/getsops/sops/pull/690)) + +Project changes: + +* Dockerfile now based off of golang version 1.14 ([#649](https://github.com/getsops/sops/pull/649)) +* Push alpine version of docker image to Dockerhub ([#609](https://github.com/getsops/sops/pull/609)) +* Push major, major.minor, and major.minor.patch tagged docker images to + Dockerhub ([#607](https://github.com/getsops/sops/pull/607)) +* Removed out of date contact information ([#668](https://github.com/getsops/sops/pull/668)) +* Update authors in the cli help text ([#645](https://github.com/getsops/sops/pull/645)) + +## 3.5.0 + +Features: + +* `sops exec-env` and `sops exec-file`, two new commands for utilizing sops + secrets within a temporary file or env vars + +Bug fixes: + +* Sanitize AWS STS session name, as sops creates it based off of the machines hostname +* Fix for `decrypt.Data` to support `.ini` files +* Various package fixes related to switching to Go Modules +* Fixes for Vault-related tests running locally and in CI. + +Project changes: + +* Change to proper use of go modules, changing to primary module name to + `go.mozilla.org/sops/v3` +* Change tags to requiring a `v` prefix. +* Add documentation for `sops updatekeys` command + +## 3.4.0 + +Features: + +* `sops publish`, a new command for publishing sops encrypted secrets to + S3, GCS, or Hashicorp Vault +* Support for multiple Azure authentication mechanisms +* Azure Keyvault support to the sops config file +* `encrypted_regex` option to the sops config file + +Bug fixes: + +* Return non-zero exit code for invalid CLI flags +* Broken path handling for sops editing on Windows +* `go lint/fmt` violations +* Check for pgp fingerprint before slicing it + +Project changes: + +* Build container using golang 1.12 +* Switch to using go modules +* Hashicorp Vault server in Travis CI build +* Mozilla Publice License file to repo +* Replaced expiring test gpg keys + +## 3.3.1 + +Bug fixes: + +* Make sure the pgp key fingerprint is longer than 16 characters before + slicing it. ([#463](https://github.com/getsops/sops/pull/463)) +* Allow for `--set` value to be a string. ([#461](https://github.com/getsops/sops/pull/461)) + +Project changes: + +* Using `develop` as a staging branch to create releases off of. What + is in `master` is now the current stable release. +* Upgrade to using Go 1.12 to build sops +* Updated all vendored packages + +## 3.3.0 + +New features: + +* Multi-document support for YAML files +* Support referencing AWS KMS keys by their alias +* Support for INI files +* Support for AWS CLI profiles +* Comment support in .env files +* Added vi to the list of known editors +* Added a way to specify the GPG key server to use through the + SOPS_GPG_KEYSERVER environment variable + +Bug fixes: + +* Now uses $HOME instead of ~ (which didn't work) to find the GPG home +* Fix panic when vim was not available as an editor, but other + alternative editors were +* Fix issue with AWS KMS Encryption Contexts ([#445](https://github.com/getsops/sops/pull/445)) + with more than one context value failing to decrypt intermittently. + Includes an automatic fix for old files affected by this issue. + +Project infrastructure changes: + +* Added integration tests for AWS KMS +* Added Code of Conduct + +## 3.2.0 + +* Added --output flag to write output a file directly instead of + through stdout +* Added support for dotenv files + +## 3.1.1 + +* Fix incorrect version number from previous release + +## 3.1.0 + +* Add support for Azure Key Service + +* Fix bug that prevented JSON escapes in input files from working + +## 3.0.5 + +* Prevent files from being encrypted twice + +* Fix empty comments not being decrypted correctly + +* If keyservicecmd returns an error, log it. + +* Initial sops workspace auditing support (still wip) + +* Refactor Store interface to reflect operations SOPS performs + +## 3.0.3 + +* --set now works with nested data structures and not just simple + values + +* Changed default log level to warn instead of info + +* Avoid creating empty files when using the editor mode to create new + files and not making any changes to the example files + +* Output unformatted strings when using --extract instead of encoding + them to yaml + +* Allow forcing binary input and output types from command line flags + +* Deprecate filename_regex in favor of path_regex. filename_regex had + a bug and matched on the whole file path, when it should have only + matched on the file name. path_regex on the other hand is documented + to match on the whole file path. + +* Add an encrypted-suffix option, the exact opposite of + unencrypted-suffix + +* Allow specifying unencrypted_suffix and encrypted_suffix rules in + the .sops.yaml configuration file + +* Introduce key service flag optionally prompting users on + encryption/decryption + +## 3.0.1 + +* Don't consider io.EOF returned by Decoder.Token as error + +* add IsBinary: true to FileHints when encoding with crypto/openpgp + +* some improvements to error messages + +## 3.0.0 + +* Shamir secret sharing scheme support allows SOPS to require multiple master + keys to access a data key and decrypt a file. See `sops groups -help` and the + documentation in README. + +* Keyservice to forward access to a local master key on a socket, similar to + gpg-agent. See `sops keyservice --help` and the documentation in README. + +* Encrypt comments by default + +* Support for Google Compute Platform KMS + +* Refactor of the store logic to separate the internal representation SOPS + has of files from the external representation used in JSON and YAML files + +* Reencoding of versions as string on sops 1.X files. + **WARNING** this change breaks backward compatibility. + SOPS shows an error message with instructions on how to solve + this if it happens. + +* Added command to reconfigure the keys used to encrypt/decrypt a file based on + the `.sops.yaml` config file + +* Retrieve missing PGP keys from gpg.mozilla.org + +* Improved error messages for errors when decrypting files + +## 2.0.0 + +* [major] rewrite in Go + +## 1.14 + +* [medium] Support AWS KMS Encryption Contexts +* [minor] Support insertion in encrypted documents via --set +* [minor] Read location of gpg binary from SOPS_GPG_EXEC env variables + +## 1.13 + +* [minor] handle $EDITOR variable with parameters + +## 1.12 + +* [minor] make sure filename_regex gets applied to file names, not paths +* [minor] move check of latest version under the -V flag +* [medium] fix handling of binary data to preserve file integrity +* [minor] try to use configuration when encrypting existing files diff --git a/CHANGELOG.rst b/CHANGELOG.rst index a21917dfb..e0f00d901 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -1,486 +1,4 @@ Changelog ========= -3.9.1 ------ - -Improvements: - -* Dependency updates (#1550, #1554, #1558, #1562, #1565, #1568, #1575, #1581, #1589, #1593, #1602, #1603, #1618, #1629, #1635, #1639, #1640). -* Clarify naming of the configuration file in the documentation (#1569). -* Build with Go 1.22 (#1589). -* Specify filename of missing file in error messages (#1625). -* ``updatekeys`` subcommand: show changes in ``shamir_threshold`` (#1609). - -Bugfixes: - -* Fix the URL used for determining the latest SOPS version (#1553). -* ``updatekeys`` subcommand: actually use option ``--shamir-secret-sharing-threshold`` (#1608). -* Fix ``--config`` being ignored in subcommands by ``loadConfig`` (#1613). -* Allow ``edit`` subcommand to create files (#1596). -* Do not encrypt if a key group is empty, or there are no key groups (#1600). -* Do not ignore config errors when trying to parse a config file (#1614). - -Project changes: - -* CI dependency updates (#1551, #1555, #1559, #1564, #1566, #1574, #1584, #1586, #1590, #1592, #1619, #1628, #1634). -* Improve CI workflows (#1548, #1630). -* Ignore user-set environment variable ``SOPS_AGE_KEY_FILE`` in tests (#1595). -* Add example of using Age recipients in ``.sops.yaml`` (#1607). -* Add linting check for Rust code formatting (#1604). -* Set Rust version globally via ``rust-toolchain.toml`` for functional tests (#1612). -* Improve test coverage (#1617). -* Improve tests (#1622, #1624). -* Simplify branch rules to check DCO and ``check`` task instead of an explicit list of tasks in the CLI workflow (#1621). -* Build with Go 1.22 and 1.23 in CI and update Vault to 1.14 (#1531). -* Build release with Go 1.22 (#1615). -* Fix Dependabot config for Docker; add Dependabot config for Rust (#1632). -* Lock Rust package versions for functional tests for improved reproducibility (#1637). -* Rust dependency updates (#1638). - -3.9.0 ------ -Features: - -* Add ``--mac-only-encrypted`` to compute MAC only over values which end up encrypted (#973) -* Allow configuration of indentation for YAML and JSON stores (#1273, #1372) -* Introduce a ``--pristine`` flag to ``sops exec-env`` (#912) -* Allow to pass multiple paths to ``sops updatekeys`` (#1274) -* Allow to override ``fileName`` with different value (#1332) -* Sort masterkeys according to ``--decryption-order`` (#1345) -* Add separate subcommands for encryption, decryption, rotating, editing, and setting values (#1391) -* Add ``filestatus`` command (#545) -* Add command ``unset`` (#1475) -* Merge key for key groups and make keys unique (#1493) -* Support using comments to select parts to encrypt (#974, #1392) - -Deprecations: - -* Deprecate the ``--background`` option to ``exec-env`` and ``exec-file`` (#1379) - -Improvements: - -* Warn/fail if the wrong number of arguments is provided (#1342) -* Warn if more than one command is used (#1388) -* Dependency updates (#1327, #1328, #1330, #1336, #1334, #1344, #1348, #1354, #1357, #1360, #1373, #1381, #1383, #1385, #1408, #1428, #1429, #1427, #1439, #1454, #1460, #1466, #1489, #1519, #1525, #1528, #1540, #1543, #1545) -* Build with Go 1.21 (#1427) -* Improve README.rst (#1339, #1399, #1350) -* Fix typos (#1337, #1477, #1484) -* Polish the ``sops help`` output a bit (#1341, #1544) -* Improve and fix tests (#1346, #1349, #1370, #1390, #1396, #1492) -* Create a constant for the ``sops`` metadata key (#1398) -* Refactoring: move extraction of encryption and rotation options to separate functions (#1389) - -Bug fixes: - -* Respect ``aws_profile`` from keygroup config (#1049) -* Fix a bug where not having a config results in a panic (#1371) -* Consolidate Flatten/Unflatten pre/post processing (#1356) -* INI and DotEnv stores: ``shamir_threshold`` is an integer (#1394) -* Make check whether file contains invalid keys for encryption dependent on output store (#1393) -* Do not panic if ``updatekeys`` is used with a config that has no creation rules defined (#1506) -* ``exec-file``: if ``--filename`` is used, use the provided filename without random suffix (#1474) -* Do not use DotEnv store for ``exec-env``, but specialized environment serializing code (#1436) -* Decryption: do not fail if no matching ``creation_rule`` is present in config file (#1434) - -Project changes: - -* CI dependency updates (#1347, #1359, #1376, #1382, #1386, #1425, #1432, #1498, #1503, #1508, #1510, #1516, #1521, #1492, #1534) -* Adjust Makefile to new goreleaser 6.0.0 release (#1526) - -3.8.1 ------ -Improvements: - -* Improve handling of errors when binary store handles bad data (#1289) -* On macOS, prefer ``XDG_CONFIG_HOME`` over os.UserConfigDir() (#1291) -* Dependency updates (#1306, #1319, #1325) -* pgp: better error reporting for missing GPG binary during import of keys (#1286) -* Fix descriptions of unencrypted-regex and encrypted-regex flags, and ensure unencrypted_regex is considered in config validation (#1300) -* stores/json: improve error messages when parsing invalid JSON (#1307) - -Bug fixes: - -* pgp: improve handling of GnuPG home dir (#1298) -* Do not crash if an empty YAML file is encrypted (#1290) -* Handling of various ignored errors (#1304, #1311) -* pgp: do not require abs path for ``SOPS_GPG_EXEC`` (#1309) -* Report key rotation errors (#1317) -* Ensure wrapping of errors in main package (#1318) - -Project changes: - -* Enrich AWS authentication documentation (#1272) -* Add linting for RST and MD files (#1287) -* Delete SOPS encrypted file we don't have keys for (#1288) -* CI dependency updates (#1295, #1301) -* pgp: make error the last return value (#1310) -* Improve documentation files (#1320) - -3.8.0 ------ -Features: - -* Support ``--version`` without network requests using ``--disable-version-check`` (#1115) -* Support ``--input-type`` for updatekeys command (#1116) - -Improvements: - -* pgp: modernize and improve, and add tests (#1054, #1282) -* azkv: update SDK to latest, add tests, tidy (#1067, #1092, #1256) -* age: improve identity loading, add tests, tidy (#1064) -* kms: AWS SDK V2, allow creds config, add tests (#1065, #1257) -* gcpkms: update SDK to latest, add tests, tidy (#1072, #1255) -* hcvault: update API, add tests, tidy (#1085) -* Do not report version when upstream ``--version`` check fails (#1124) -* Use GitHub endpoints in ``--version`` command (#1261) -* Close temporary file before invoking editor to widen support on Windows (#1265) -* Update dependencies (#1063, #1091, #1147, #1242, #1260, #1264, #1275, #1280, #1283) -* Deal with various deprecations of dependencies (#1113, #1262) - -Bug fixes: - -* Ensure YAML comments are not displaced (#1069) -* Ensure default Google credentials can be used again after introduction of ``GOOGLE_CREDENTIALS`` (#1249) -* Avoid duplicate logging of errors in some key sources (#1146, #1281) -* Using ``--set`` on a root level key does no longer truncate existing values (#899) -* Ensure stable order of SOPS parameters in dotenv file (#1101) - -Project changes: - -* Update Go to 1.20 (#1148) -* Update rustc functional tests to v1.70.0 (#1234) -* Remove remaining CircleCI workflow (#1237) -* Run CLI workflow on main (#1243) -* Delete obsolete ``validation/`` artifact (#1248) -* Rename Go module to ``github.com/getsops/sops/v3`` (#1247) -* Revamp release automation, including (Cosign) signed container images and checksums file, SLSA3 provenance and SBOMs (#1250) -* Update various bits of documentation (#1244) -* Add missing ``--encrypt`` flag from Vault example (#1060) -* Add documentation on how to use age in ``.sops.yaml`` (#1192) -* Improve Make targets and address various issues (#1258) -* Ensure clean working tree in CI (#1267) -* Fix CHANGELOG.rst formatting (#1269) -* Pin GitHub Actions to full length commit SHA and add CodeQL (#1276) -* Enable Dependabot for Docker, GitHub Actions and Go Mod (#1277) -* Generate versioned ``.intoto.jsonl`` (#1278) -* Update CI dependencies (#1279) - -3.7.3 ------ -Changes: - -* Upgrade dependencies (#1024, #1045) -* Build alpine container in CI (#1018, #1032, #1025) -* keyservice: accept KeyServiceServer in LocalClient (#1035) -* Add support for GCP Service Account within ``GOOGLE_CREDENTIALS`` (#953) - -Bug fixes: - -* Upload the correct binary for the linux amd64 build (#1026) -* Fix bug when specifying multiple age recipients (#966) -* Allow for empty yaml maps (#908) -* Limit AWS role names to 64 characters (#1037) - -3.7.2 ------ -Changes: - -* README updates (#861, #860) -* Various test fixes (#909, #906, #1008) -* Added Linux and Darwin arm64 releases (#911, #891) -* Upgrade to go v1.17 (#1012) -* Support SOPS_AGE_KEY environment variable (#1006) - -Bug fixes: - -* Make sure comments in yaml files are not duplicated (#866) -* Make sure configuration file paths work correctly relative to the config file in us (#853) - -3.7.1 ------ -Changes: - -* Security fix -* Add release workflow (#843) -* Fix issue where CI wouldn't run against master (#848) -* Trim extra whitespace around age keys (#846) - -3.7.0 ------ -Features: - -* Add support for age (#688) -* Add filename to exec-file (#761) - -Changes: - -* On failed decryption with GPG, return the error returned by GPG to the sops user (#762) -* Use yaml.v3 instead of modified yaml.v2 for handling YAML files (#791) -* Update aws-sdk-go to version v1.37.18 (#823) - -Project Changes: - -* Switch from TravisCI to Github Actions (#792) - -3.6.1 ------ -Features: - -* Add support for --unencrypted-regex (#715) - -Changes: - -* Use keys.openpgp.org instead of gpg.mozilla.org (#732) -* Upgrade AWS SDK version (#714) -* Support --input-type for exec-file (#699) - -Bug fixes: - -* Fixes broken Vault tests (#731) -* Revert "Add standard newline/quoting behavior to dotenv store" (#706) - - -3.6.0 ------ -Features: - -* Support for encrypting data through the use of Hashicorp Vault (#655) -* ``sops publish`` now supports ``--recursive`` flag for publishing all files in a directory (#602) -* ``sops publish`` now supports ``--omit-extensions`` flag for omitting the extension in the destination path (#602) -* sops now supports JSON arrays of arrays (#642) - -Improvements: - -* Updates and standardization for the dotenv store (#612, #622) -* Close temp files after using them for edit command (#685) - -Bug fixes: - -* AWS SDK usage now correctly resolves the ``~/.aws/config`` file (#680) -* ``sops updatekeys`` now correctly matches config rules (#682) -* ``sops updatekeys`` now correctly uses the config path cli flag (#672) -* Partially empty sops config files don't break the use of sops anymore (#662) -* Fix possible infinite loop in PGP's passphrase prompt call (#690) - -Project changes: - -* Dockerfile now based off of golang version 1.14 (#649) -* Push alpine version of docker image to Dockerhub (#609) -* Push major, major.minor, and major.minor.patch tagged docker images to Dockerhub (#607) -* Removed out of date contact information (#668) -* Update authors in the cli help text (#645) - - -3.5.0 ------ -Features: - -* ``sops exec-env`` and ``sops exec-file``, two new commands for utilizing sops secrets within a temporary file or env vars - -Bug fixes: - -* Sanitize AWS STS session name, as sops creates it based off of the machines hostname -* Fix for ``decrypt.Data`` to support ``.ini`` files -* Various package fixes related to switching to Go Modules -* Fixes for Vault-related tests running locally and in CI. - -Project changes: - -* Change to proper use of go modules, changing to primary module name to ``go.mozilla.org/sops/v3`` -* Change tags to requiring a ``v`` prefix. -* Add documentation for ``sops updatekeys`` command - -3.4.0 ------ -Features: - -* ``sops publish``, a new command for publishing sops encrypted secrets to S3, GCS, or Hashicorp Vault -* Support for multiple Azure authentication mechanisms -* Azure Keyvault support to the sops config file -* ``encrypted_regex`` option to the sops config file - -Bug fixes: - -* Return non-zero exit code for invalid CLI flags -* Broken path handling for sops editing on Windows -* ``go lint/fmt`` violations -* Check for pgp fingerprint before slicing it - -Project changes: - -* Build container using golang 1.12 -* Switch to using go modules -* Hashicorp Vault server in Travis CI build -* Mozilla Publice License file to repo -* Replaced expiring test gpg keys - -3.3.1 ------ - -Bug fixes: - -* Make sure the pgp key fingerprint is longer than 16 characters before - slicing it. (#463) -* Allow for ``--set`` value to be a string. (#461) - -Project changes: - -* Using ``develop`` as a staging branch to create releases off of. What - is in ``master`` is now the current stable release. -* Upgrade to using Go 1.12 to build sops -* Updated all vendored packages - -3.3.0 ------ - -New features: - -* Multi-document support for YAML files -* Support referencing AWS KMS keys by their alias -* Support for INI files -* Support for AWS CLI profiles -* Comment support in .env files -* Added vi to the list of known editors -* Added a way to specify the GPG key server to use through the - SOPS_GPG_KEYSERVER environment variable - -Bug fixes: - -* Now uses $HOME instead of ~ (which didn't work) to find the GPG home -* Fix panic when vim was not available as an editor, but other - alternative editors were -* Fix issue with AWS KMS Encryption Contexts (#445) with more than one - context value failing to decrypt intermittently. Includes an - automatic fix for old files affected by this issue. - -Project infrastructure changes: - -* Added integration tests for AWS KMS -* Added Code of Conduct - - -3.2.0 ------ - -* Added --output flag to write output a file directly instead of - through stdout -* Added support for dotenv files - -3.1.1 ------ - -* Fix incorrect version number from previous release - -3.1.0 ------ - -* Add support for Azure Key Service - -* Fix bug that prevented JSON escapes in input files from working - -3.0.5 ------ - -* Prevent files from being encrypted twice - -* Fix empty comments not being decrypted correctly - -* If keyservicecmd returns an error, log it. - -* Initial sops workspace auditing support (still wip) - -* Refactor Store interface to reflect operations SOPS performs - -3.0.3 ------ - -* --set now works with nested data structures and not just simple - values - -* Changed default log level to warn instead of info - -* Avoid creating empty files when using the editor mode to create new - files and not making any changes to the example files - -* Output unformatted strings when using --extract instead of encoding - them to yaml - -* Allow forcing binary input and output types from command line flags - -* Deprecate filename_regex in favor of path_regex. filename_regex had - a bug and matched on the whole file path, when it should have only - matched on the file name. path_regex on the other hand is documented - to match on the whole file path. - -* Add an encrypted-suffix option, the exact opposite of - unencrypted-suffix - -* Allow specifying unencrypted_suffix and encrypted_suffix rules in - the .sops.yaml configuration file - -* Introduce key service flag optionally prompting users on - encryption/decryption - -3.0.1 ------ - -* Don't consider io.EOF returned by Decoder.Token as error - -* add IsBinary: true to FileHints when encoding with crypto/openpgp - -* some improvements to error messages - -3.0.0 ------ - -* Shamir secret sharing scheme support allows SOPS to require multiple master - keys to access a data key and decrypt a file. See ``sops groups -help`` and the - documentation in README. - -* Keyservice to forward access to a local master key on a socket, similar to - gpg-agent. See ``sops keyservice --help`` and the documentation in README. - -* Encrypt comments by default - -* Support for Google Compute Platform KMS - -* Refactor of the store logic to separate the internal representation SOPS - has of files from the external representation used in JSON and YAML files - -* Reencoding of versions as string on sops 1.X files. - **WARNING** this change breaks backward compatibility. - SOPS shows an error message with instructions on how to solve - this if it happens. - -* Added command to reconfigure the keys used to encrypt/decrypt a file based on the .sops.yaml config file - -* Retrieve missing PGP keys from gpg.mozilla.org - -* Improved error messages for errors when decrypting files - - -2.0.0 ------ - -* [major] rewrite in Go - -1.14 ----- - -* [medium] Support AWS KMS Encryption Contexts -* [minor] Support insertion in encrypted documents via --set -* [minor] Read location of gpg binary from SOPS_GPG_EXEC env variables - -1.13 ----- - -* [minor] handle $EDITOR variable with parameters - -1.12 ----- - -* [minor] make sure filename_regex gets applied to file names, not paths -* [minor] move check of latest version under the -V flag -* [medium] fix handling of binary data to preserve file integrity -* [minor] try to use configuration when encrypting existing files +The changelog can be found in `CHANGELOG.md `_. diff --git a/Makefile b/Makefile index 16215f0a4..1712c17d3 100644 --- a/Makefile +++ b/Makefile @@ -20,6 +20,12 @@ SYFT_VERSION ?= v0.87.0 GORELEASER := $(BIN_DIR)/goreleaser GORELEASER_VERSION ?= v1.20.0 +PROTOC_GO := $(BIN_DIR)/protoc-gen-go +PROTOC_GO_VERSION ?= v1.35.2 + +PROTOC_GO_GRPC := $(BIN_DIR)/protoc-gen-go-grpc +PROTOC_GO_GRPC_VERSION ?= v1.5.1 + RSTCHECK := $(shell command -v rstcheck) MARKDOWNLINT := $(shell command -v mdl) @@ -74,11 +80,11 @@ showcoverage: test $(GO) tool cover -html=profile.out .PHONY: generate -generate: keyservice/keyservice.pb.go +generate: install-protoc-go install-protoc-go-grpc keyservice/keyservice.pb.go $(GO) generate %.pb.go: %.proto - protoc --go_out=plugins=grpc:. $< + protoc --plugin gen-go=$(PROTOC_GO) --plugin gen-go-grpc=$(PLUGIN_GO_GRPC) --go-grpc_opt=require_unimplemented_servers=false --go-grpc_out=. --go_out=. $< .PHONY: functional-tests functional-tests: @@ -112,6 +118,14 @@ install-goreleaser: install-syft: $(call go-install-tool,$(SYFT),github.com/anchore/syft/cmd/syft@$(SYFT_VERSION),$(SYFT_VERSION)) +.PHONY: install-protoc-go +install-protoc-go: + $(call go-install-tool,$(PROTOC_GO),google.golang.org/protobuf/cmd/protoc-gen-go@$(PROTOC_GO_VERSION),$(PROTOC_GO_VERSION)) + +.PHONY: install-protoc-go-grpc +install-protoc-go-grpc: + $(call go-install-tool,$(PROTOC_GO_GRPC),google.golang.org/grpc/cmd/protoc-gen-go-grpc@$(PROTOC_GO_GRPC_VERSION),$(PROTOC_GO_GRPC_VERSION)) + # go-install-tool will 'go install' any package $2 and install it to $1. define go-install-tool @[ -f $(1)-$(3) ] || { \ diff --git a/README.rst b/README.rst index fb0f52959..e099cdc38 100644 --- a/README.rst +++ b/README.rst @@ -106,7 +106,8 @@ encryption/decryption transparently and open the cleartext file in an editor please wait while an encryption key is being generated and stored in a secure fashion file written to mynewtestfile.yaml -Editing will happen in whatever ``$EDITOR`` is set to, or, if it's not set, in vim. +Editing will happen in whatever ``$SOPS_EDITOR`` or ``$EDITOR`` is set to, or, if it's +not set, in vim, nano, or vi. Keep in mind that SOPS will wait for the editor to exit, and then try to reencrypt the file. Some GUI editors (atom, sublime) spawn a child process and then exit immediately. They usually have an option to wait for the main editor window to be @@ -188,6 +189,22 @@ the example files and pgp key provided with the repository:: This last step will decrypt ``example.yaml`` using the test private key. +Encrypting with GnuPG subkeys +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +If you want to encrypt with specific GnuPG subkeys, it does not suffice to provide the +exact key ID of the subkey to SOPS, since GnuPG might use *another* subkey instead +to encrypt the file key with. To force GnuPG to use a specific subkey, you need to +append ``!`` to the key's fingerprint. + +.. code:: yaml + + creation_rules: + - pgp: >- + 85D77543B3D624B63CEA9E6DBC17301B491B3F21!, + E60892BB9BD89A69F759A1A0A3D652173B763E8F! + +Please note that this is only passed on correctly to GnuPG since SOPS 3.9.3. Encrypting using age ~~~~~~~~~~~~~~~~~~~~ diff --git a/cmd/sops/edit.go b/cmd/sops/edit.go index 982cfb967..311c8921a 100644 --- a/cmd/sops/edit.go +++ b/cmd/sops/edit.go @@ -245,7 +245,12 @@ func hashFile(filePath string) ([]byte, error) { } func runEditor(path string) error { - editor := os.Getenv("EDITOR") + envVar := "SOPS_EDITOR" + editor := os.Getenv(envVar) + if editor == "" { + envVar = "EDITOR" + editor = os.Getenv(envVar) + } var cmd *exec.Cmd if editor == "" { editor, err := lookupAnyEditor("vim", "nano", "vi") @@ -256,7 +261,7 @@ func runEditor(path string) error { } else { parts, err := shlex.Split(editor) if err != nil { - return fmt.Errorf("invalid $EDITOR: %s", editor) + return fmt.Errorf("invalid $%s: %s", envVar, editor) } parts = append(parts, path) cmd = exec.Command(parts[0], parts[1:]...) @@ -275,5 +280,5 @@ func lookupAnyEditor(editorNames ...string) (editorPath string, err error) { return editorPath, nil } } - return "", fmt.Errorf("no editor available: sops attempts to use the editor defined in the EDITOR environment variable, and if that's not set defaults to any of %s, but none of them could be found", strings.Join(editorNames, ", ")) + return "", fmt.Errorf("no editor available: sops attempts to use the editor defined in the SOPS_EDITOR or EDITOR environment variables, and if that's not set defaults to any of %s, but none of them could be found", strings.Join(editorNames, ", ")) } diff --git a/cmd/sops/main.go b/cmd/sops/main.go index ea403ec5c..557dc631e 100644 --- a/cmd/sops/main.go +++ b/cmd/sops/main.go @@ -137,7 +137,8 @@ func main() { To use a different GPG binary than the one in your PATH, set SOPS_GPG_EXEC. - To select a different editor than the default (vim), set EDITOR. + To select a different editor than the default (vim), set SOPS_EDITOR or + EDITOR. Note that flags must always be provided before the filename to operate on. Otherwise, they will be ignored. @@ -446,7 +447,12 @@ func main() { Name: "filestatus", Usage: "check the status of the file, returning encryption status", ArgsUsage: `file`, - Flags: []cli.Flag{}, + Flags: []cli.Flag{ + cli.StringFlag{ + Name: "input-type", + Usage: "currently ini, json, yaml, dotenv and binary are supported. If not set, sops will use the file's extension to determine the type", + }, + }, Action: func(c *cli.Context) error { if c.NArg() < 1 { return common.NewExitError("Error: no file specified", codes.NoFileSpecified) diff --git a/cmd/sops/subcommand/updatekeys/updatekeys.go b/cmd/sops/subcommand/updatekeys/updatekeys.go index cb9ca7c36..f1239401b 100644 --- a/cmd/sops/subcommand/updatekeys/updatekeys.go +++ b/cmd/sops/subcommand/updatekeys/updatekeys.go @@ -45,7 +45,7 @@ func updateFile(opts Opts) error { if err != nil { return err } - store := common.DefaultStoreForPath(sc, opts.InputPath) + store := common.DefaultStoreForPathOrFormat(sc, opts.InputPath, opts.InputType) log.Printf("Syncing keys for file %s", opts.InputPath) tree, err := common.LoadEncryptedFile(store, opts.InputPath) if err != nil { diff --git a/config/config.go b/config/config.go index 9620c0da9..8d3dc4dd1 100644 --- a/config/config.go +++ b/config/config.go @@ -17,19 +17,11 @@ import ( "github.com/getsops/sops/v3/gcpkms" "github.com/getsops/sops/v3/hcvault" "github.com/getsops/sops/v3/kms" - "github.com/getsops/sops/v3/logging" "github.com/getsops/sops/v3/pgp" "github.com/getsops/sops/v3/publish" - "github.com/sirupsen/logrus" "gopkg.in/yaml.v3" ) -var log *logrus.Logger - -func init() { - log = logging.NewLogger("CONFIG") -} - type fileSystem interface { Stat(name string) (os.FileInfo, error) } @@ -377,19 +369,17 @@ func parseDestinationRuleForFile(conf *configFile, filePath string, kmsEncryptio } var dest publish.Destination - if dRule != nil { - if dRule.S3Bucket != "" && dRule.GCSBucket != "" && dRule.VaultPath != "" { - return nil, fmt.Errorf("error loading config: more than one destinations were found in a single destination rule, you can only use one per rule") - } - if dRule.S3Bucket != "" { - dest = publish.NewS3Destination(dRule.S3Bucket, dRule.S3Prefix) - } - if dRule.GCSBucket != "" { - dest = publish.NewGCSDestination(dRule.GCSBucket, dRule.GCSPrefix) - } - if dRule.VaultPath != "" { - dest = publish.NewVaultDestination(dRule.VaultAddress, dRule.VaultPath, dRule.VaultKVMountName, dRule.VaultKVVersion) - } + if dRule.S3Bucket != "" && dRule.GCSBucket != "" && dRule.VaultPath != "" { + return nil, fmt.Errorf("error loading config: more than one destinations were found in a single destination rule, you can only use one per rule") + } + if dRule.S3Bucket != "" { + dest = publish.NewS3Destination(dRule.S3Bucket, dRule.S3Prefix) + } + if dRule.GCSBucket != "" { + dest = publish.NewGCSDestination(dRule.GCSBucket, dRule.GCSPrefix) + } + if dRule.VaultPath != "" { + dest = publish.NewVaultDestination(dRule.VaultAddress, dRule.VaultPath, dRule.VaultKVMountName, dRule.VaultKVVersion) } config, err := configFromRule(rule, kmsEncryptionContext) diff --git a/config/config_test.go b/config/config_test.go index abf2c66a5..9ac63645a 100644 --- a/config/config_test.go +++ b/config/config_test.go @@ -1,10 +1,12 @@ package config import ( + "fmt" "os" "path" "testing" + "github.com/getsops/sops/v3/keys" "github.com/stretchr/testify/assert" ) @@ -94,6 +96,20 @@ creation_rules: - kms: - arn: foo aws_profile: bar + - arn: foo + context: + baz: bam + - arn: foo + aws_profile: bar + context: + baz: bam + - arn: foo + role: '123' + - arn: foo + aws_profile: bar + context: + baz: bam + role: '123' pgp: - bar gcp_kms: @@ -129,113 +145,124 @@ creation_rules: - 'https://foo.vault:8200/v1/foo/keys/foo-key' - merge: - merge: - - kms: + - pgp: # key01 + - foo + kms: + # key02 - arn: foo aws_profile: foo - pgp: - # key02 - - foo - gcp_kms: # key03 + - arn: foo + aws_profile: bar + context: + baz: bam + role: '123' + gcp_kms: + # key04 - resource_id: foo azure_keyvault: - # key04 + # key05 - vaultUrl: https://foo.vault.azure.net key: foo-key version: fooversion hc_vault: - # key05 - - 'https://bar.vault:8200/v1/bar/keys/bar-key' - - kms: # key06 - - arn: bar - aws_profile: bar - pgp: + - 'https://bar.vault:8200/v1/bar/keys/bar-key' + - pgp: # key07 - bar - gcp_kms: + kms: # key08 - - resource_id: bar + - arn: bar + aws_profile: bar + gcp_kms: # key09 + - resource_id: bar + # key10 - resource_id: baz azure_keyvault: - # key10 + # key11 - vaultUrl: https://bar.vault.azure.net key: bar-key version: barversion hc_vault: - # key01 - duplicate#1 + # key12 - 'https://baz.vault:8200/v1/baz/keys/baz-key' + pgp: + # key13 + - baz kms: - # key11 + # key14 - arn: baz aws_profile: baz - pgp: - # key12 - - baz gcp_kms: - # key03 - duplicate#2 - # --> should be removed when loading config + # duplicate of key09 - resource_id: bar azure_keyvault: - # key04 - duplicate#3 + # duplicate of key05 - vaultUrl: https://foo.vault.azure.net key: foo-key version: fooversion hc_vault: - # key13 - duplicate#4 - but from different key_group - # --> should stay + # key15 (duplicate of key00, but that's in a different key_group) - 'https://foo.vault:8200/v1/foo/keys/foo-key' - - kms: - # key14 + - pgp: + # key16 + - qux + kms: + # key17 - arn: qux aws_profile: qux - # key14 - duplicate#5 + # key18 - arn: baz aws_profile: bar - pgp: - # key15 - - qux + # key19 + - arn: baz + role: '123' gcp_kms: - # key16 + # key20 - resource_id: qux - # key17 + # key21 - resource_id: fnord azure_keyvault: - # key18 + # key22 - vaultUrl: https://baz.vault.azure.net key: baz-key version: bazversion hc_vault: - # key19 + # key23 - 'https://qux.vault:8200/v1/qux/keys/qux-key' - # everything below this should be loaded, - # since it is not in a merge block + pgp: + # duplicate of key07 + - bar kms: - # duplicated key06 + # duplicate of key08 - arn: bar aws_profile: bar - # key20 + # key24 - arn: fnord aws_profile: fnord - pgp: - # duplicated key07 - - bar + # duplicate of key03 + - arn: foo + aws_profile: bar + context: + baz: bam + role: '123' gcp_kms: - # duplicated key08 + # duplicate of key09 - resource_id: bar - # key21 + # duplicate of key21 - resource_id: fnord azure_keyvault: - # duplicated key10 + # duplicate of key11 - vaultUrl: https://bar.vault.azure.net key: bar-key version: barversion hc_vault: - # duplicated 'key01 - duplicate#2' + # duplicate of key12 - 'https://baz.vault:8200/v1/baz/keys/baz-key' - # key22 + # key25 - 'https://fnord.vault:8200/v1/fnord/keys/fnord-key' `) @@ -421,6 +448,7 @@ func TestLoadConfigFile(t *testing.T) { } func TestLoadConfigFileWithGroups(t *testing.T) { + bam := "bam" expected := configFile{ CreationRules: []creationRule{ { @@ -432,7 +460,37 @@ func TestLoadConfigFileWithGroups(t *testing.T) { PathRegex: "", KeyGroups: []keyGroup{ { - KMS: []kmsKey{{Arn: "foo", AwsProfile: "bar"}}, + KMS: []kmsKey{ + { + Arn: "foo", + AwsProfile: "bar", + }, + { + Arn: "foo", + Context: map[string]*string{ + "baz": &bam, + }, + }, + { + Arn: "foo", + AwsProfile: "bar", + Context: map[string]*string{ + "baz": &bam, + }, + }, + { + Arn: "foo", + Role: "123", + }, + { + Arn: "foo", + AwsProfile: "bar", + Context: map[string]*string{ + "baz": &bam, + }, + Role: "123", + }, + }, PGP: []string{"bar"}, GCPKMS: []gcpKmsKey{{ResourceID: "foo"}}, AzureKV: []azureKVKey{{VaultURL: "https://foo.vault.azure.net", Key: "foo-key", Version: "fooversion"}}, @@ -459,12 +517,52 @@ func TestLoadConfigFileWithGroups(t *testing.T) { assert.Equal(t, expected, conf) } +func id(key keys.MasterKey) string { + return fmt.Sprintf("%s: %s", key.TypeToIdentifier(), key.ToString()) +} + +func ids(keys []keys.MasterKey) []string { + result := make([]string, 0, len(keys)) + for _, key := range keys { + result = append(result, id(key)) + } + return result +} + func TestLoadConfigFileWithMerge(t *testing.T) { conf, err := parseCreationRuleForFile(parseConfigFile(sampleConfigWithMergeType, t), "/conf/path", "whatever", nil) assert.Nil(t, err) assert.Equal(t, 2, len(conf.KeyGroups)) - assert.Equal(t, 1, len(conf.KeyGroups[0])) - assert.Equal(t, 22, len(conf.KeyGroups[1])) + assert.Equal(t, []string{ + "hc_vault: https://foo.vault:8200/v1/foo/keys/foo-key", + }, ids(conf.KeyGroups[0])) + assert.Equal(t, []string{ + "pgp: foo", // key01 + "kms: foo||foo", //key02 + "kms: foo+123|baz:bam|bar", //key03 + "gcp_kms: foo", //key04 + "azure_kv: https://foo.vault.azure.net/keys/foo-key/fooversion", //key05 + "hc_vault: https://bar.vault:8200/v1/bar/keys/bar-key", //key06 + "pgp: bar", //key07 + "kms: bar||bar", //key08 + "gcp_kms: bar", //key09 + "gcp_kms: baz", //key10 + "azure_kv: https://bar.vault.azure.net/keys/bar-key/barversion", //key11 + "hc_vault: https://baz.vault:8200/v1/baz/keys/baz-key", //key12 + "pgp: baz", //key13 + "kms: baz||baz", //key14 + "hc_vault: https://foo.vault:8200/v1/foo/keys/foo-key", //key15 + "pgp: qux", //key16 + "kms: qux||qux", //key17 + "kms: baz||bar", //key18 + "kms: baz+123", //key19 + "gcp_kms: qux", //key20 + "gcp_kms: fnord", //key21 + "azure_kv: https://baz.vault.azure.net/keys/baz-key/bazversion", //key22 + "hc_vault: https://qux.vault:8200/v1/qux/keys/qux-key", //key23 + "kms: fnord||fnord", //key24 + "hc_vault: https://fnord.vault:8200/v1/fnord/keys/fnord-key", //key25 + }, ids(conf.KeyGroups[1])) } func TestLoadConfigFileWithNoMatchingRules(t *testing.T) { @@ -538,9 +636,13 @@ func TestKeyGroupsForFileWithGroups(t *testing.T) { conf, err := parseCreationRuleForFile(parseConfigFile(sampleConfigWithGroups, t), "/conf/path", "whatever", nil) assert.Nil(t, err) assert.Equal(t, "bar", conf.KeyGroups[0][0].ToString()) - assert.Equal(t, "foo", conf.KeyGroups[0][1].ToString()) + assert.Equal(t, "foo||bar", conf.KeyGroups[0][1].ToString()) + assert.Equal(t, "foo|baz:bam", conf.KeyGroups[0][2].ToString()) + assert.Equal(t, "foo|baz:bam|bar", conf.KeyGroups[0][3].ToString()) + assert.Equal(t, "foo+123", conf.KeyGroups[0][4].ToString()) + assert.Equal(t, "foo+123|baz:bam|bar", conf.KeyGroups[0][5].ToString()) assert.Equal(t, "qux", conf.KeyGroups[1][0].ToString()) - assert.Equal(t, "baz", conf.KeyGroups[1][1].ToString()) + assert.Equal(t, "baz||foo", conf.KeyGroups[1][1].ToString()) } func TestLoadConfigFileWithUnencryptedSuffix(t *testing.T) { diff --git a/docs/release.md b/docs/release.md index 7485b136a..6946751f1 100644 --- a/docs/release.md +++ b/docs/release.md @@ -37,7 +37,7 @@ This configuration is quite sophisticated, and ensures at least the following: `main` branch. At present, this means that all pull requests attached to the milestone for the release are merged. If there are any pull requests that should not be included in the release, move them to a different milestone. -- [ ] Create a pull request to update the [`CHANGELOG.rst`](../CHANGELOG.rst) +- [ ] Create a pull request to update the [`CHANGELOG.md`](../CHANGELOG.md) file. This should include a summary of all changes since the last release, including references to any relevant pull requests. - [ ] In this same pull request, update the version number in `version/version.go` diff --git a/functional-tests/Cargo.lock b/functional-tests/Cargo.lock index a35647fe0..3d418ad9d 100644 --- a/functional-tests/Cargo.lock +++ b/functional-tests/Cargo.lock @@ -2,6 +2,18 @@ # It is not intended for manual editing. version = 3 +[[package]] +name = "bitflags" +version = "2.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b048fb63fd8b5923fc5aa7b340d8e156aec7ec02f0c78fa8a6ddc2613f6f71de" + +[[package]] +name = "cfg-if" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" + [[package]] name = "equivalent" version = "1.0.1" @@ -9,10 +21,20 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5" [[package]] -name = "fuchsia-cprng" -version = "0.1.1" +name = "errno" +version = "0.3.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a06f77d526c1a601b7c4cdd98f54b5eaabffc14d5f2f0296febdc7f357c6d3ba" +checksum = "33d852cb9b869c2a9b3df2f71a3074817f01e1844f839a144f5fcef059a4eb5d" +dependencies = [ + "libc", + "windows-sys", +] + +[[package]] +name = "fastrand" +version = "2.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "37909eebbb50d72f9059c3b6d82c0463f2ff062c9e95845c43a6c9c0355411be" [[package]] name = "functional-tests" @@ -23,7 +45,19 @@ dependencies = [ "serde_derive", "serde_json", "serde_yaml", - "tempdir", + "tempfile", +] + +[[package]] +name = "getrandom" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "43a49c392881ce6d5c3b8cb70f98717b7c07aabbdff06687b9030dbfbe2725f8" +dependencies = [ + "cfg-if", + "libc", + "wasi", + "windows-targets", ] [[package]] @@ -56,9 +90,15 @@ checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" [[package]] name = "libc" -version = "0.2.151" +version = "0.2.168" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "302d7ab3130588088d277783b1e2d2e10c9e9e4a16dd9050e6ec93fb3e7048f4" +checksum = "5aaeb2981e0606ca11d79718f8bb01164f1d6ed75080182d3abf017e6d244b6d" + +[[package]] +name = "linux-raw-sys" +version = "0.4.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89" [[package]] name = "memchr" @@ -66,6 +106,12 @@ version = "2.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" +[[package]] +name = "once_cell" +version = "1.20.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1261fe7e33c73b354eab43b1273a57c8f967d0391e80353e51f764ac02cf6775" + [[package]] name = "proc-macro2" version = "1.0.89" @@ -85,49 +131,16 @@ dependencies = [ ] [[package]] -name = "rand" -version = "0.4.6" +name = "rustix" +version = "0.38.42" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "552840b97013b1a26992c11eac34bdd778e464601a4c2054b5f0bff7c6761293" +checksum = "f93dc38ecbab2eb790ff964bb77fa94faf256fd3e73285fd7ba0903b76bedb85" dependencies = [ - "fuchsia-cprng", + "bitflags", + "errno", "libc", - "rand_core 0.3.1", - "rdrand", - "winapi", -] - -[[package]] -name = "rand_core" -version = "0.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7a6fdeb83b075e8266dcc8762c22776f6877a63111121f5f8c7411e5be7eed4b" -dependencies = [ - "rand_core 0.4.2", -] - -[[package]] -name = "rand_core" -version = "0.4.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9c33a3c44ca05fa6f1807d8e6743f3824e8509beca625669633be0acbdf509dc" - -[[package]] -name = "rdrand" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "678054eb77286b51581ba43620cc911abf02758c91f93f479767aed0f90458b2" -dependencies = [ - "rand_core 0.3.1", -] - -[[package]] -name = "remove_dir_all" -version = "0.5.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3acd125665422973a33ac9d3dd2df85edad0f4ae9b00dafb1a05e43a9f5ef8e7" -dependencies = [ - "winapi", + "linux-raw-sys", + "windows-sys", ] [[package]] @@ -138,18 +151,18 @@ checksum = "f98d2aa92eebf49b69786be48e4477826b256916e84a57ff2a4f21923b48eb4c" [[package]] name = "serde" -version = "1.0.215" +version = "1.0.217" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6513c1ad0b11a9376da888e3e0baa0077f1aed55c17f50e7b2397136129fb88f" +checksum = "02fc4265df13d6fa1d00ecff087228cc0a2b5f3c0e87e258d8b94a156e984c70" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.215" +version = "1.0.217" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ad1e866f866923f252f05c889987993144fb74e722403468a4ebd70c3cd756c0" +checksum = "5a9bf7cf98d04a2b28aead066b7496853d4779c9cc183c440dbac457641e19a0" dependencies = [ "proc-macro2", "quote", @@ -158,9 +171,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.133" +version = "1.0.138" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c7fceb2473b9166b2294ef05efcb65a3db80803f0b03ef86a5fc88a2b85ee377" +checksum = "d434192e7da787e94a6ea7e9670b26a036d0ca41e0b7efb2676dd32bae872949" dependencies = [ "itoa", "memchr", @@ -193,13 +206,17 @@ dependencies = [ ] [[package]] -name = "tempdir" -version = "0.3.7" +name = "tempfile" +version = "3.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "15f2b5fb00ccdf689e0149d1b1b3c03fead81c2b37735d812fa8bddbbf41b6d8" +checksum = "38c246215d7d24f48ae091a2902398798e05d978b24315d6efbc00ede9a8bb91" dependencies = [ - "rand", - "remove_dir_all", + "cfg-if", + "fastrand", + "getrandom", + "once_cell", + "rustix", + "windows-sys", ] [[package]] @@ -215,23 +232,92 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "673aac59facbab8a9007c7f6108d11f63b603f7cabff99fabf650fea5c32b861" [[package]] -name = "winapi" -version = "0.3.9" +name = "wasi" +version = "0.13.3+wasi-0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" +checksum = "26816d2e1a4a36a2940b96c5296ce403917633dff8f3440e9b236ed6f6bacad2" dependencies = [ - "winapi-i686-pc-windows-gnu", - "winapi-x86_64-pc-windows-gnu", + "wit-bindgen-rt", ] [[package]] -name = "winapi-i686-pc-windows-gnu" -version = "0.4.0" +name = "windows-sys" +version = "0.59.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" +checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b" +dependencies = [ + "windows-targets", +] [[package]] -name = "winapi-x86_64-pc-windows-gnu" -version = "0.4.0" +name = "windows-targets" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" +checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973" +dependencies = [ + "windows_aarch64_gnullvm", + "windows_aarch64_msvc", + "windows_i686_gnu", + "windows_i686_gnullvm", + "windows_i686_msvc", + "windows_x86_64_gnu", + "windows_x86_64_gnullvm", + "windows_x86_64_msvc", +] + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" + +[[package]] +name = "windows_i686_gnu" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" + +[[package]] +name = "windows_i686_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" + +[[package]] +name = "wit-bindgen-rt" +version = "0.33.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3268f3d866458b787f390cf61f4bbb563b922d091359f9608842999eaee3943c" +dependencies = [ + "bitflags", +] diff --git a/functional-tests/Cargo.toml b/functional-tests/Cargo.toml index 09cc2ca48..c1fe80e62 100644 --- a/functional-tests/Cargo.toml +++ b/functional-tests/Cargo.toml @@ -5,9 +5,9 @@ edition = "2021" authors = ["Adrian Utrilla "] [dependencies] -tempfile = "3.12.0" +tempfile = "3.16.0" serde = "1.0" -serde_json = "1.0.133" +serde_json = "1.0.138" serde_yaml = "0.9.34" serde_derive = "1.0" lazy_static = "1.5.0" diff --git a/go.mod b/go.mod index f7d394d0e..54b15dc98 100644 --- a/go.mod +++ b/go.mod @@ -4,24 +4,23 @@ go 1.22 toolchain go1.22.9 require ( - cloud.google.com/go/kms v1.20.1 - cloud.google.com/go/storage v1.47.0 - filippo.io/age v1.2.0 - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 + cloud.google.com/go/kms v1.20.5 + cloud.google.com/go/storage v1.50.0 + filippo.io/age v1.2.1 + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.17.0 + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.1 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.3.0 - github.com/ProtonMail/go-crypto v1.1.2 - github.com/aws/aws-sdk-go-v2 v1.32.5 - github.com/aws/aws-sdk-go-v2/config v1.28.5 - github.com/aws/aws-sdk-go-v2/credentials v1.17.46 - github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.40 - github.com/aws/aws-sdk-go-v2/service/kms v1.37.6 - github.com/aws/aws-sdk-go-v2/service/s3 v1.68.0 - github.com/aws/aws-sdk-go-v2/service/sts v1.33.1 + github.com/ProtonMail/go-crypto v1.1.5 + github.com/aws/aws-sdk-go-v2 v1.36.1 + github.com/aws/aws-sdk-go-v2/config v1.29.6 + github.com/aws/aws-sdk-go-v2/credentials v1.17.59 + github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.60 + github.com/aws/aws-sdk-go-v2/service/kms v1.37.18 + github.com/aws/aws-sdk-go-v2/service/s3 v1.76.0 + github.com/aws/aws-sdk-go-v2/service/sts v1.33.14 github.com/blang/semver v3.5.1+incompatible github.com/fatih/color v1.18.0 - github.com/getsops/gopgagent v0.0.0-20240527072608-0c14999532fe - github.com/golang/protobuf v1.5.4 + github.com/getsops/gopgagent v0.0.0-20241224165529-7044f28e491e github.com/google/go-cmp v0.6.0 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 github.com/goware/prefixer v0.0.0-20160118172347-395022866408 @@ -35,62 +34,62 @@ require ( github.com/sirupsen/logrus v1.9.3 github.com/stretchr/testify v1.10.0 github.com/urfave/cli v1.22.16 - golang.org/x/net v0.31.0 - golang.org/x/sys v0.27.0 - golang.org/x/term v0.26.0 - google.golang.org/api v0.209.0 - google.golang.org/genproto/googleapis/rpc v0.0.0-20241113202542-65e8d215514f - google.golang.org/grpc v1.68.0 - google.golang.org/protobuf v1.35.2 + golang.org/x/net v0.34.0 + golang.org/x/sys v0.30.0 + golang.org/x/term v0.29.0 + google.golang.org/api v0.220.0 + google.golang.org/genproto/googleapis/rpc v0.0.0-20250127172529-29210b9bc287 + google.golang.org/grpc v1.70.0 + google.golang.org/protobuf v1.36.5 gopkg.in/ini.v1 v1.67.0 gopkg.in/yaml.v3 v3.0.1 ) require ( - cel.dev/expr v0.16.1 // indirect - cloud.google.com/go v0.116.0 // indirect - cloud.google.com/go/auth v0.10.2 // indirect - cloud.google.com/go/auth/oauth2adapt v0.2.5 // indirect - cloud.google.com/go/compute/metadata v0.5.2 // indirect - cloud.google.com/go/iam v1.2.2 // indirect - cloud.google.com/go/longrunning v0.6.2 // indirect - cloud.google.com/go/monitoring v1.21.2 // indirect + cel.dev/expr v0.19.1 // indirect + cloud.google.com/go v0.117.0 // indirect + cloud.google.com/go/auth v0.14.1 // indirect + cloud.google.com/go/auth/oauth2adapt v0.2.7 // indirect + cloud.google.com/go/compute/metadata v0.6.0 // indirect + cloud.google.com/go/iam v1.3.0 // indirect + cloud.google.com/go/longrunning v0.6.3 // indirect + cloud.google.com/go/monitoring v1.22.0 // indirect dario.cat/mergo v1.0.1 // indirect github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.0 // indirect github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect - github.com/AzureAD/microsoft-authentication-library-for-go v1.3.1 // indirect - github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.24.1 // indirect - github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.48.1 // indirect - github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.48.1 // indirect + github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2 // indirect + github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0 // indirect + github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.49.0 // indirect + github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.49.0 // indirect github.com/Microsoft/go-winio v0.6.2 // indirect github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 // indirect - github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.20 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.24 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.24 // indirect - github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect - github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.24 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.5 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.5 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.5 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.24.6 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.5 // indirect - github.com/aws/smithy-go v1.22.1 // indirect + github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.8 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.28 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.32 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.32 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.8.2 // indirect + github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.32 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.2 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.5.6 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.13 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.13 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.24.15 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.14 // indirect + github.com/aws/smithy-go v1.22.2 // indirect github.com/cenkalti/backoff/v4 v4.3.0 // indirect github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect - github.com/cloudflare/circl v1.4.0 // indirect - github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78 // indirect - github.com/containerd/continuity v0.4.3 // indirect - github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect + github.com/cloudflare/circl v1.5.0 // indirect + github.com/cncf/xds/go v0.0.0-20241223141626-cff3c89139a3 // indirect + github.com/containerd/continuity v0.4.5 // indirect + github.com/cpuguy83/go-md2man/v2 v2.0.6 // indirect github.com/davecgh/go-spew v1.1.1 // indirect - github.com/docker/cli v27.3.1+incompatible // indirect - github.com/docker/docker v27.3.1+incompatible // indirect + github.com/docker/cli v27.4.1+incompatible // indirect + github.com/docker/docker v27.4.1+incompatible // indirect github.com/docker/go-connections v0.5.0 // indirect github.com/docker/go-units v0.5.0 // indirect - github.com/envoyproxy/go-control-plane v0.13.0 // indirect + github.com/envoyproxy/go-control-plane v0.13.1 // indirect github.com/envoyproxy/protoc-gen-validate v1.1.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/go-jose/go-jose/v4 v4.0.4 // indirect @@ -99,11 +98,11 @@ require ( github.com/go-viper/mapstructure/v2 v2.2.1 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v5 v5.2.1 // indirect - github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect - github.com/google/s2a-go v0.1.8 // indirect + github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect + github.com/google/s2a-go v0.1.9 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect - github.com/googleapis/gax-go/v2 v2.14.0 // indirect + github.com/googleapis/gax-go/v2 v2.14.1 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/hashicorp/go-retryablehttp v0.7.7 // indirect @@ -117,10 +116,11 @@ require ( github.com/mattn/go-isatty v0.0.20 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/moby/docker-image-spec v1.3.1 // indirect + github.com/moby/sys/user v0.3.0 // indirect github.com/moby/term v0.5.0 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.1.0 // indirect - github.com/opencontainers/runc v1.1.14 // indirect + github.com/opencontainers/runc v1.2.3 // indirect github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect @@ -129,22 +129,21 @@ require ( github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xeipuuv/gojsonschema v1.2.0 // indirect - go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/contrib/detectors/gcp v1.29.0 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.55.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.55.0 // indirect - go.opentelemetry.io/otel v1.30.0 // indirect - go.opentelemetry.io/otel/metric v1.30.0 // indirect - go.opentelemetry.io/otel/sdk v1.29.0 // indirect - go.opentelemetry.io/otel/sdk/metric v1.29.0 // indirect - go.opentelemetry.io/otel/trace v1.30.0 // indirect - golang.org/x/crypto v0.29.0 // indirect - golang.org/x/oauth2 v0.24.0 // indirect - golang.org/x/sync v0.9.0 // indirect - golang.org/x/text v0.20.0 // indirect - golang.org/x/time v0.8.0 // indirect - google.golang.org/genproto v0.0.0-20241113202542-65e8d215514f // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 // indirect - google.golang.org/grpc/stats/opentelemetry v0.0.0-20240907200651-3ffb98b2c93a // indirect + go.opentelemetry.io/auto/sdk v1.1.0 // indirect + go.opentelemetry.io/contrib/detectors/gcp v1.33.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 // indirect + go.opentelemetry.io/otel v1.34.0 // indirect + go.opentelemetry.io/otel/metric v1.34.0 // indirect + go.opentelemetry.io/otel/sdk v1.34.0 // indirect + go.opentelemetry.io/otel/sdk/metric v1.33.0 // indirect + go.opentelemetry.io/otel/trace v1.34.0 // indirect + golang.org/x/crypto v0.32.0 // indirect + golang.org/x/oauth2 v0.25.0 // indirect + golang.org/x/sync v0.10.0 // indirect + golang.org/x/text v0.21.0 // indirect + golang.org/x/time v0.9.0 // indirect + google.golang.org/genproto v0.0.0-20241223144023-3abc09e42ca8 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20241223144023-3abc09e42ca8 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect ) diff --git a/go.sum b/go.sum index 94f30eb93..c7f5c817e 100644 --- a/go.sum +++ b/go.sum @@ -1,42 +1,41 @@ c2sp.org/CCTV/age v0.0.0-20240306222714-3ec4d716e805 h1:u2qwJeEvnypw+OCPUHmoZE3IqwfuN5kgDfo5MLzpNM0= c2sp.org/CCTV/age v0.0.0-20240306222714-3ec4d716e805/go.mod h1:FomMrUJ2Lxt5jCLmZkG3FHa72zUprnhd3v/Z18Snm4w= -cel.dev/expr v0.16.1 h1:NR0+oFYzR1CqLFhTAqg3ql59G9VfN8fKq1TCHJ6gq1g= -cel.dev/expr v0.16.1/go.mod h1:AsGA5zb3WruAEQeQng1RZdGEXmBj0jvMWh6l5SnNuC8= -cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.116.0 h1:B3fRrSDkLRt5qSHWe40ERJvhvnQwdZiHu0bJOpldweE= -cloud.google.com/go v0.116.0/go.mod h1:cEPSRWPzZEswwdr9BxE6ChEn01dWlTaF05LiC2Xs70U= -cloud.google.com/go/auth v0.10.2 h1:oKF7rgBfSHdp/kuhXtqU/tNDr0mZqhYbEh+6SiqzkKo= -cloud.google.com/go/auth v0.10.2/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI= -cloud.google.com/go/auth/oauth2adapt v0.2.5 h1:2p29+dePqsCHPP1bqDJcKj4qxRyYCcbzKpFyKGt3MTk= -cloud.google.com/go/auth/oauth2adapt v0.2.5/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8= -cloud.google.com/go/compute/metadata v0.5.2 h1:UxK4uu/Tn+I3p2dYWTfiX4wva7aYlKixAHn3fyqngqo= -cloud.google.com/go/compute/metadata v0.5.2/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k= -cloud.google.com/go/iam v1.2.2 h1:ozUSofHUGf/F4tCNy/mu9tHLTaxZFLOUiKzjcgWHGIA= -cloud.google.com/go/iam v1.2.2/go.mod h1:0Ys8ccaZHdI1dEUilwzqng/6ps2YB6vRsjIe00/+6JY= -cloud.google.com/go/kms v1.20.1 h1:og29Wv59uf2FVaZlesaiDAqHFzHaoUyHI3HYp9VUHVg= -cloud.google.com/go/kms v1.20.1/go.mod h1:LywpNiVCvzYNJWS9JUcGJSVTNSwPwi0vBAotzDqn2nc= +cel.dev/expr v0.19.1 h1:NciYrtDRIR0lNCnH1LFJegdjspNx9fI59O7TWcua/W4= +cel.dev/expr v0.19.1/go.mod h1:MrpN08Q+lEBs+bGYdLxxHkZoUSsCp0nSKTs0nTymJgw= +cloud.google.com/go v0.117.0 h1:Z5TNFfQxj7WG2FgOGX1ekC5RiXrYgms6QscOm32M/4s= +cloud.google.com/go v0.117.0/go.mod h1:ZbwhVTb1DBGt2Iwb3tNO6SEK4q+cplHZmLWH+DelYYc= +cloud.google.com/go/auth v0.14.1 h1:AwoJbzUdxA/whv1qj3TLKwh3XX5sikny2fc40wUl+h0= +cloud.google.com/go/auth v0.14.1/go.mod h1:4JHUxlGXisL0AW8kXPtUF6ztuOksyfUQNFjfsOCXkPM= +cloud.google.com/go/auth/oauth2adapt v0.2.7 h1:/Lc7xODdqcEw8IrZ9SvwnlLX6j9FHQM74z6cBk9Rw6M= +cloud.google.com/go/auth/oauth2adapt v0.2.7/go.mod h1:NTbTTzfvPl1Y3V1nPpOgl2w6d/FjO7NNUQaWSox6ZMc= +cloud.google.com/go/compute/metadata v0.6.0 h1:A6hENjEsCDtC1k8byVsgwvVcioamEHvZ4j01OwKxG9I= +cloud.google.com/go/compute/metadata v0.6.0/go.mod h1:FjyFAW1MW0C203CEOMDTu3Dk1FlqW3Rga40jzHL4hfg= +cloud.google.com/go/iam v1.3.0 h1:4Wo2qTaGKFtajbLpF6I4mywg900u3TLlHDb6mriLDPU= +cloud.google.com/go/iam v1.3.0/go.mod h1:0Ys8ccaZHdI1dEUilwzqng/6ps2YB6vRsjIe00/+6JY= +cloud.google.com/go/kms v1.20.5 h1:aQQ8esAIVZ1atdJRxihhdxGQ64/zEbJoJnCz/ydSmKg= +cloud.google.com/go/kms v1.20.5/go.mod h1:C5A8M1sv2YWYy1AE6iSrnddSG9lRGdJq5XEdBy28Lmw= cloud.google.com/go/logging v1.12.0 h1:ex1igYcGFd4S/RZWOCU51StlIEuey5bjqwH9ZYjHibk= cloud.google.com/go/logging v1.12.0/go.mod h1:wwYBt5HlYP1InnrtYI0wtwttpVU1rifnMT7RejksUAM= -cloud.google.com/go/longrunning v0.6.2 h1:xjDfh1pQcWPEvnfjZmwjKQEcHnpz6lHjfy7Fo0MK+hc= -cloud.google.com/go/longrunning v0.6.2/go.mod h1:k/vIs83RN4bE3YCswdXC5PFfWVILjm3hpEUlSko4PiI= -cloud.google.com/go/monitoring v1.21.2 h1:FChwVtClH19E7pJ+e0xUhJPGksctZNVOk2UhMmblmdU= -cloud.google.com/go/monitoring v1.21.2/go.mod h1:hS3pXvaG8KgWTSz+dAdyzPrGUYmi2Q+WFX8g2hqVEZU= -cloud.google.com/go/storage v1.47.0 h1:ajqgt30fnOMmLfWfu1PWcb+V9Dxz6n+9WKjdNg5R4HM= -cloud.google.com/go/storage v1.47.0/go.mod h1:Ks0vP374w0PW6jOUameJbapbQKXqkjGd/OJRp2fb9IQ= +cloud.google.com/go/longrunning v0.6.3 h1:A2q2vuyXysRcwzqDpMMLSI6mb6o39miS52UEG/Rd2ng= +cloud.google.com/go/longrunning v0.6.3/go.mod h1:k/vIs83RN4bE3YCswdXC5PFfWVILjm3hpEUlSko4PiI= +cloud.google.com/go/monitoring v1.22.0 h1:mQ0040B7dpuRq1+4YiQD43M2vW9HgoVxY98xhqGT+YI= +cloud.google.com/go/monitoring v1.22.0/go.mod h1:hS3pXvaG8KgWTSz+dAdyzPrGUYmi2Q+WFX8g2hqVEZU= +cloud.google.com/go/storage v1.50.0 h1:3TbVkzTooBvnZsk7WaAQfOsNrdoM8QHusXA1cpk6QJs= +cloud.google.com/go/storage v1.50.0/go.mod h1:l7XeiD//vx5lfqE3RavfmU9yvk5Pp0Zhcv482poyafY= cloud.google.com/go/trace v1.11.2 h1:4ZmaBdL8Ng/ajrgKqY5jfvzqMXbrDcBsUGXOT9aqTtI= cloud.google.com/go/trace v1.11.2/go.mod h1:bn7OwXd4pd5rFuAnTrzBuoZ4ax2XQeG3qNgYmfCy0Io= dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s= dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= -filippo.io/age v1.2.0 h1:vRDp7pUMaAJzXNIWJVAZnEf/Dyi4Vu4wI8S1LBzufhE= -filippo.io/age v1.2.0/go.mod h1:JL9ew2lTN+Pyft4RiNGguFfOpewKwSHm5ayKD/A4004= +filippo.io/age v1.2.1 h1:X0TZjehAZylOIj4DubWYU1vWQxv9bJpo+Uu2/LGhi1o= +filippo.io/age v1.2.1/go.mod h1:JL9ew2lTN+Pyft4RiNGguFfOpewKwSHm5ayKD/A4004= filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 h1:JZg6HRh6W6U4OLl6lk7BZ7BLisIzM9dG1R50zUk9C/M= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0/go.mod h1:YL1xnZ6QejvQHWJrX/AvhFl4WW4rqHVoKspWNVwFk0M= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 h1:B/dfvscEQtew9dVuoxqxrUKKv8Ih2f55PydknDamU+g= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0/go.mod h1:fiPSssYvltE08HJchL04dOy+RD4hgrjph0cwGGMntdI= -github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.0 h1:+m0M/LFxN43KvULkDNfdXOgrjtg6UYJPFBJyuEcRCAw= -github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.0/go.mod h1:PwOyop78lveYMRs6oCxjiVyBdyCgIYH6XHIVZO9/SFQ= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.17.0 h1:g0EZJwz7xkXQiZAI5xi9f3WWFYBlX1CPTrR+NDToRkQ= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.17.0/go.mod h1:XCW7KnZet0Opnr7HccfUw1PLc4CjHqpcaxW8DHklNkQ= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.1 h1:1mvYtZfWQAnwNah/C+Z+Jb9rQH95LPE2vlmMuWAHJk8= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.1/go.mod h1:75I/mXtme1JyWFtz8GocPHVFyH421IBoZErnO16dd0k= +github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.1 h1:Bk5uOhSAenHyR5P61D/NzeQCv+4fEVV8mOkJ82NqpWw= +github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.1/go.mod h1:QZ4pw3or1WPmRBxf0cHd1tknzrT54WPBOQoGutCPvSU= github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 h1:ywEEhmNahHBihViHepv3xPBn1663uRv2t2q/ESv9seY= github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0/go.mod h1:iZDifYGJTIgIIkYRNWPENUnqx6bJ2xnSDFI2tjwZNuY= github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.3.0 h1:7rKG7UmnrxX4N53TFhkYqjc+kVUZuw0fL8I3Fh+Ld9E= @@ -47,83 +46,80 @@ github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM= github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE= -github.com/AzureAD/microsoft-authentication-library-for-go v1.3.1 h1:gUDtaZk8heteyfdmv+pcfHvhR9llnh7c7GMwZ8RVG04= -github.com/AzureAD/microsoft-authentication-library-for-go v1.3.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= -github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2 h1:kYRSnvJju5gYVyhkij+RTJ/VR6QIUaCfWeaFm2ycsjQ= +github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.24.1 h1:pB2F2JKCj1Znmp2rwxxt1J0Fg0wezTMgWYk5Mpbi1kg= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.24.1/go.mod h1:itPGVDKf9cC/ov4MdvJ2QZ0khw4bfoo9jzwTJlaxy2k= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.48.1 h1:UQ0AhxogsIRZDkElkblfnwjc3IaltCm2HUMvezQaL7s= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.48.1/go.mod h1:jyqM3eLpJ3IbIFDTKVz2rF9T/xWGW0rIriGwnz8l9Tk= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.48.1 h1:oTX4vsorBZo/Zdum6OKPA4o7544hm6smoRv1QjpTwGo= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.48.1/go.mod h1:0wEl7vrAD8mehJyohS9HZy+WyEOaQO2mJx86Cvh93kM= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.48.1 h1:8nn+rsCvTq9axyEh382S0PFLBeaFwNsT43IrPWzctRU= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.48.1/go.mod h1:viRWSEhtMZqz1rhwmOVKkWl6SwmVowfL9O2YR5gI2PE= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0 h1:3c8yed4lgqTt+oTQ+JNMDo+F4xprBf+O/il4ZC0nRLw= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0/go.mod h1:obipzmGjfSjam60XLwGfqUkJsfiheAl+TUjG+4yzyPM= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.49.0 h1:o90wcURuxekmXrtxmYWTyNla0+ZEHhud6DI1ZTxd1vI= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.49.0/go.mod h1:6fTWu4m3jocfUZLYF5KsZC1TUfRvEjs7lM4crme/irw= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.49.0 h1:jJKWl98inONJAr/IZrdFQUWcwUO95DLY1XMD1ZIut+g= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.49.0/go.mod h1:l2fIqmwB+FKSfvn3bAD/0i+AXAxhIZjTK2svT/mgUXs= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.49.0 h1:GYUJLfvd++4DMuMhCFLgLXvFwofIxh/qOwoGuS/LTew= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.49.0/go.mod h1:wRbFgBQUVm1YXrvWKofAEmq9HNJTDphbAaJSSX01KUI= github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw= github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk= -github.com/ProtonMail/go-crypto v1.1.2 h1:A7JbD57ThNqh7XjmHE+PXpQ3Dqt3BrSAC0AL0Go3KS0= -github.com/ProtonMail/go-crypto v1.1.2/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= -github.com/aws/aws-sdk-go-v2 v1.32.5 h1:U8vdWJuY7ruAkzaOdD7guwJjD06YSKmnKCJs7s3IkIo= -github.com/aws/aws-sdk-go-v2 v1.32.5/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U= -github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7 h1:lL7IfaFzngfx0ZwUGOZdsFFnQ5uLvR0hWqqhyE7Q9M8= -github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7/go.mod h1:QraP0UcVlQJsmHfioCrveWOC1nbiWUl3ej08h4mXWoc= -github.com/aws/aws-sdk-go-v2/config v1.28.5 h1:Za41twdCXbuyyWv9LndXxZZv3QhTG1DinqlFsSuvtI0= -github.com/aws/aws-sdk-go-v2/config v1.28.5/go.mod h1:4VsPbHP8JdcdUDmbTVgNL/8w9SqOkM5jyY8ljIxLO3o= -github.com/aws/aws-sdk-go-v2/credentials v1.17.46 h1:AU7RcriIo2lXjUfHFnFKYsLCwgbz1E7Mm95ieIRDNUg= -github.com/aws/aws-sdk-go-v2/credentials v1.17.46/go.mod h1:1FmYyLGL08KQXQ6mcTlifyFXfJVCNJTVGuQP4m0d/UA= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.20 h1:sDSXIrlsFSFJtWKLQS4PUWRvrT580rrnuLydJrCQ/yA= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.20/go.mod h1:WZ/c+w0ofps+/OUqMwWgnfrgzZH1DZO1RIkktICsqnY= -github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.40 h1:CbalQNEYQljzAJ+3beY8FQBShdLNLpJzHL4h/5LSFMc= -github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.40/go.mod h1:1iYVr/urNWuZ7WZ1829FSE7RRTaXvzFdwrEQV8Z40cE= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.24 h1:4usbeaes3yJnCFC7kfeyhkdkPtoRYPa/hTmCqMpKpLI= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.24/go.mod h1:5CI1JemjVwde8m2WG3cz23qHKPOxbpkq0HaoreEgLIY= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.24 h1:N1zsICrQglfzaBnrfM0Ys00860C+QFwu6u/5+LomP+o= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.24/go.mod h1:dCn9HbJ8+K31i8IQ8EWmWj0EiIk0+vKiHNMxTTYveAg= -github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ= -github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.24 h1:JX70yGKLj25+lMC5Yyh8wBtvB01GDilyRuJvXJ4piD0= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.24/go.mod h1:+Ln60j9SUTD0LEwnhEB0Xhg61DHqplBrbZpLgyjoEHg= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 h1:iXtILhvDxB6kPvEXgsDhGaZCSC6LQET5ZHSdJozeI0Y= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1/go.mod h1:9nu0fVANtYiAePIBh2/pFUSwtJ402hLnp854CNoDOeE= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.5 h1:gvZOjQKPxFXy1ft3QnEyXmT+IqneM9QAUWlM3r0mfqw= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.5/go.mod h1:DLWnfvIcm9IET/mmjdxeXbBKmTCm0ZB8p1za9BVteM8= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.5 h1:wtpJ4zcwrSbwhECWQoI/g6WM9zqCcSpHDJIWSbMLOu4= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.5/go.mod h1:qu/W9HXQbbQ4+1+JcZp0ZNPV31ym537ZJN+fiS7Ti8E= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.5 h1:P1doBzv5VEg1ONxnJss1Kh5ZG/ewoIE4MQtKKc6Crgg= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.5/go.mod h1:NOP+euMW7W3Ukt28tAxPuoWao4rhhqJD3QEBk7oCg7w= -github.com/aws/aws-sdk-go-v2/service/kms v1.37.6 h1:CZImQdb1QbU9sGgJ9IswhVkxAcjkkD1eQTMA1KHWk+E= -github.com/aws/aws-sdk-go-v2/service/kms v1.37.6/go.mod h1:YJDdlK0zsyxVBxGU48AR/Mi8DMrGdc1E3Yij4fNrONA= -github.com/aws/aws-sdk-go-v2/service/s3 v1.68.0 h1:bFpcqdwtAEsgpZXvkTxIThFQx/EM0oV6kXmfFIGjxME= -github.com/aws/aws-sdk-go-v2/service/s3 v1.68.0/go.mod h1:ralv4XawHjEMaHOWnTFushl0WRqim/gQWesAMF6hTow= -github.com/aws/aws-sdk-go-v2/service/sso v1.24.6 h1:3zu537oLmsPfDMyjnUS2g+F2vITgy5pB74tHI+JBNoM= -github.com/aws/aws-sdk-go-v2/service/sso v1.24.6/go.mod h1:WJSZH2ZvepM6t6jwu4w/Z45Eoi75lPN7DcydSRtJg6Y= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.5 h1:K0OQAsDywb0ltlFrZm0JHPY3yZp/S9OaoLU33S7vPS8= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.5/go.mod h1:ORITg+fyuMoeiQFiVGoqB3OydVTLkClw/ljbblMq6Cc= -github.com/aws/aws-sdk-go-v2/service/sts v1.33.1 h1:6SZUVRQNvExYlMLbHdlKB48x0fLbc2iVROyaNEwBHbU= -github.com/aws/aws-sdk-go-v2/service/sts v1.33.1/go.mod h1:GqWyYCwLXnlUB1lOAXQyNSPqPLQJvmo8J0DWBzp9mtg= -github.com/aws/smithy-go v1.22.1 h1:/HPHZQ0g7f4eUeK6HKglFz8uwVfZKgoI25rb/J+dnro= -github.com/aws/smithy-go v1.22.1/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= +github.com/ProtonMail/go-crypto v1.1.5 h1:eoAQfK2dwL+tFSFpr7TbOaPNUbPiJj4fLYwwGE1FQO4= +github.com/ProtonMail/go-crypto v1.1.5/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= +github.com/aws/aws-sdk-go-v2 v1.36.1 h1:iTDl5U6oAhkNPba0e1t1hrwAo02ZMqbrGq4k5JBWM5E= +github.com/aws/aws-sdk-go-v2 v1.36.1/go.mod h1:5PMILGVKiW32oDzjj6RU52yrNrDPUHcbZQYr1sM7qmM= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.8 h1:zAxi9p3wsZMIaVCdoiQp2uZ9k1LsZvmAnoTBeZPXom0= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.8/go.mod h1:3XkePX5dSaxveLAYY7nsbsZZrKxCyEuE5pM4ziFxyGg= +github.com/aws/aws-sdk-go-v2/config v1.29.6 h1:fqgqEKK5HaZVWLQoLiC9Q+xDlSp+1LYidp6ybGE2OGg= +github.com/aws/aws-sdk-go-v2/config v1.29.6/go.mod h1:Ft+WLODzDQmCTHDvqAH1JfC2xxbZ0MxpZAcJqmE1LTQ= +github.com/aws/aws-sdk-go-v2/credentials v1.17.59 h1:9btwmrt//Q6JcSdgJOLI98sdr5p7tssS9yAsGe8aKP4= +github.com/aws/aws-sdk-go-v2/credentials v1.17.59/go.mod h1:NM8fM6ovI3zak23UISdWidyZuI1ghNe2xjzUZAyT+08= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.28 h1:KwsodFKVQTlI5EyhRSugALzsV6mG/SGrdjlMXSZSdso= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.28/go.mod h1:EY3APf9MzygVhKuPXAc5H+MkGb8k/DOSQjWS0LgkKqI= +github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.60 h1:ssZzp6JAGAbOYUTppPfKLa3Cbmx0PtnPsjh4RSy06Ao= +github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.60/go.mod h1:0fi8BNjII7rWunx2Cvezfnu1iZDCw7EWEiSQyC+Kgww= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.32 h1:BjUcr3X3K0wZPGFg2bxOWW3VPN8rkE3/61zhP+IHviA= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.32/go.mod h1:80+OGC/bgzzFFTUmcuwD0lb4YutwQeKLFpmt6hoWapU= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.32 h1:m1GeXHVMJsRsUAqG6HjZWx9dj7F5TR+cF1bjyfYyBd4= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.32/go.mod h1:IitoQxGfaKdVLNg0hD8/DXmAqNy0H4K2H2Sf91ti8sI= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.2 h1:Pg9URiobXy85kgFev3og2CuOZ8JZUBENF+dcgWBaYNk= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.2/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.32 h1:OIHj/nAhVzIXGzbAE+4XmZ8FPvro3THr6NlqErJc3wY= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.32/go.mod h1:LiBEsDo34OJXqdDlRGsilhlIiXR7DL+6Cx2f4p1EgzI= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.2 h1:D4oz8/CzT9bAEYtVhSBmFj2dNOtaHOtMKc2vHBwYizA= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.2/go.mod h1:Za3IHqTQ+yNcRHxu1OFucBh0ACZT4j4VQFF0BqpZcLY= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.5.6 h1:cCBJaT7EeEojpJ4s7wTDbhZlHVJOgNHN7iw6qVurGaw= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.5.6/go.mod h1:WYH1ABybY7JK9TITPnk6ZlP7gQB8psI4c9qDmMsnLSA= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.13 h1:SYVGSFQHlchIcy6e7x12bsrxClCXSP5et8cqVhL8cuw= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.13/go.mod h1:kizuDaLX37bG5WZaoxGPQR/LNFXpxp0vsUnqfkWXfNE= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.13 h1:OBsrtam3rk8NfBEq7OLOMm5HtQ9Yyw32X4UQMya/wjw= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.13/go.mod h1:3U4gFA5pmoCOja7aq4nSaIAGbaOHv2Yl2ug018cmC+Q= +github.com/aws/aws-sdk-go-v2/service/kms v1.37.18 h1:pi9M/9n1PLayBXjia7LfwgXwcpFdFO7Q2cqKOZa1ZmM= +github.com/aws/aws-sdk-go-v2/service/kms v1.37.18/go.mod h1:vZXvmzfhdsPj/axc8+qk/2fSCP4hGyaZ1MAduWEHAxM= +github.com/aws/aws-sdk-go-v2/service/s3 v1.76.0 h1:ehvUZNVrGA1Usa6yYo8A8pUqrigRelWXSbcCqYpRLeI= +github.com/aws/aws-sdk-go-v2/service/s3 v1.76.0/go.mod h1:KuLNrwYJFaC2AVZ+CVVc12k9NyqwgWsoNNHjwqF6QNk= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.15 h1:/eE3DogBjYlvlbhd2ssWyeuovWunHLxfgw3s/OJa4GQ= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.15/go.mod h1:2PCJYpi7EKeA5SkStAmZlF6fi0uUABuhtF8ILHjGc3Y= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.14 h1:M/zwXiL2iXUrHputuXgmO94TVNmcenPHxgLXLutodKE= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.14/go.mod h1:RVwIw3y/IqxC2YEXSIkAzRDdEU1iRabDPaYjpGCbCGQ= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.14 h1:TzeR06UCMUq+KA3bDkujxK1GVGy+G8qQN/QVYzGLkQE= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.14/go.mod h1:dspXf/oYWGWo6DEvj98wpaTeqt5+DMidZD0A9BYTizc= +github.com/aws/smithy-go v1.22.2 h1:6D9hW43xKFrRx/tXXfAlIZc4JI+yQe6snnWcQyxSyLQ= +github.com/aws/smithy-go v1.22.2/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ= github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= -github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.4.1 h1:iKLQ0xPNFxR/2hzXZMrBo8f1j86j5WHzznCCQxV/b8g= github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cloudflare/circl v1.4.0 h1:BV7h5MgrktNzytKmWjpOtdYrf0lkkbF8YMlBGPhJQrY= -github.com/cloudflare/circl v1.4.0/go.mod h1:PDRU+oXvdD7KCtgKxW95M5Z8BpSCJXQORiZFnBQS5QU= -github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78 h1:QVw89YDxXxEe+l8gU8ETbOasdwEV+avkR75ZzsVV9WI= -github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8= -github.com/containerd/continuity v0.4.3 h1:6HVkalIp+2u1ZLH1J/pYX2oBVXlJZvh1X1A7bEZ9Su8= -github.com/containerd/continuity v0.4.3/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= -github.com/cpuguy83/go-md2man/v2 v2.0.5 h1:ZtcqGrnekaHpVLArFSe4HK5DoKx1T0rq2DwVB0alcyc= +github.com/cloudflare/circl v1.5.0 h1:hxIWksrX6XN5a1L2TI/h53AGPhNHoUBo+TD1ms9+pys= +github.com/cloudflare/circl v1.5.0/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs= +github.com/cncf/xds/go v0.0.0-20241223141626-cff3c89139a3 h1:boJj011Hh+874zpIySeApCX4GeOjPl9qhRF3QuIZq+Q= +github.com/cncf/xds/go v0.0.0-20241223141626-cff3c89139a3/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8= +github.com/containerd/continuity v0.4.5 h1:ZRoN1sXq9u7V6QoHMcVWGhOwDFqZ4B9i5H6un1Wh0x4= +github.com/containerd/continuity v0.4.5/go.mod h1:/lNJvtJKUQStBzpVQ1+rasXO1LAWtUQssk28EZvJ3nE= github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cpuguy83/go-md2man/v2 v2.0.6 h1:XJtiaUW6dEEqVuZiMTn1ldk455QWwEIsMIJlo5vtkx0= +github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -131,28 +127,24 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78= github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc= -github.com/docker/cli v27.3.1+incompatible h1:qEGdFBF3Xu6SCvCYhc7CzaQTlBmqDuzxPDpigSyeKQQ= -github.com/docker/cli v27.3.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= -github.com/docker/docker v27.3.1+incompatible h1:KttF0XoteNTicmUtBO0L2tP+J7FGRFTjaEF4k6WdhfI= -github.com/docker/docker v27.3.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/cli v27.4.1+incompatible h1:VzPiUlRJ/xh+otB75gva3r05isHMo5wXDfPRi5/b4hI= +github.com/docker/cli v27.4.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/docker v27.4.1+incompatible h1:ZJvcY7gfwHn1JF48PfbyXg7Jyt9ZCWDW+GGXOIxEwp4= +github.com/docker/docker v27.4.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc= github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= -github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= -github.com/envoyproxy/go-control-plane v0.13.0 h1:HzkeUz1Knt+3bK+8LG1bxOO/jzWZmdxpwC51i202les= -github.com/envoyproxy/go-control-plane v0.13.0/go.mod h1:GRaKG3dwvFoTg4nj7aXdZnvMg4d7nvT/wl9WgVXn3Q8= -github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= +github.com/envoyproxy/go-control-plane v0.13.1 h1:vPfJZCkob6yTMEgS+0TwfTUfbHjfy/6vOJ8hUWX/uXE= +github.com/envoyproxy/go-control-plane v0.13.1/go.mod h1:X45hY0mufo6Fd0KW3rqsGvQMw58jvjymeCzBU3mWyHw= github.com/envoyproxy/protoc-gen-validate v1.1.0 h1:tntQDh69XqOCOZsDz0lVJQez/2L6Uu2PdjCQwWCJ3bM= github.com/envoyproxy/protoc-gen-validate v1.1.0/go.mod h1:sXRDRVmzEbkM7CVcM06s9shE/m23dg3wzjl0UWqJ2q4= github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/getsops/gopgagent v0.0.0-20240527072608-0c14999532fe h1:QKe/kmAYbndxwu91TcjHERsnMh5SgOB1x/qicvOdUJ8= -github.com/getsops/gopgagent v0.0.0-20240527072608-0c14999532fe/go.mod h1:awFzISqLJoZLm+i9QQ4SgMNHDqljH6jWV0B36V5MrUM= +github.com/getsops/gopgagent v0.0.0-20241224165529-7044f28e491e h1:y/1nzrdF+RPds4lfoEpNhjfmzlgZtPqyO3jMzrqDQws= +github.com/getsops/gopgagent v0.0.0-20241224165529-7044f28e491e/go.mod h1:awFzISqLJoZLm+i9QQ4SgMNHDqljH6jWV0B36V5MrUM= github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E= github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= @@ -170,43 +162,24 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= -github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= -github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= -github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= -github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= -github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= -github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 h1:f+oWsMOmNPc8JmEHVZIycC7hBoQxHH9pNKQORJNozsQ= +github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8/go.mod h1:wcDNUvekVysuuOpQKo3191zZyTpiI6se1N1ULghS0sw= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= -github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/martian/v3 v3.3.3 h1:DIhPTQrbPkgs2yJYdXU/eNACCG5DVQjySNRNlflZ9Fc= github.com/google/martian/v3 v3.3.3/go.mod h1:iEPrYcgCF7jA9OtScMFQyAlZZ4YXTKEtJ1E6RWzmBA0= -github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= -github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= +github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0= +github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= -github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/enterprise-certificate-proxy v0.3.4 h1:XYIDZApgAnrN1c855gTgghdIA6Stxb52D5RnLI1SLyw= github.com/googleapis/enterprise-certificate-proxy v0.3.4/go.mod h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA= -github.com/googleapis/gax-go/v2 v2.14.0 h1:f+jMrjBPl+DL9nI4IQzLUxMq7XrAqFYB7hBPqMNIe8o= -github.com/googleapis/gax-go/v2 v2.14.0/go.mod h1:lhBCnjdLrWRaPvLWhmc8IS24m9mr07qSYnHncrgo+zk= +github.com/googleapis/gax-go/v2 v2.14.1 h1:hb0FFeiPaQskmvakKu5EbCbpntQn48jyHuvrkurSS/Q= +github.com/googleapis/gax-go/v2 v2.14.1/go.mod h1:Hb/NubMaVM88SrNkvl8X/o8XWwDJEPqouaLeN2IUxoA= github.com/goware/prefixer v0.0.0-20160118172347-395022866408 h1:Y9iQJfEqnN3/Nce9cOegemcy/9Ai5k3huT6E80F3zaw= github.com/goware/prefixer v0.0.0-20160118172347-395022866408/go.mod h1:PE1ycukgRPJ7bJ9a1fdfQ9j8i/cEcRAoLZzbxYpNB/s= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -257,14 +230,16 @@ github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyua github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0= github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo= +github.com/moby/sys/user v0.3.0 h1:9ni5DlcW5an3SvRSx4MouotOygvzaXbaSrc/wGDFWPo= +github.com/moby/sys/user v0.3.0/go.mod h1:bG+tYYYJgaMtRKgEmuueC0hJEAZWwtIbZTB+85uoHjs= github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0= github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug= github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM= -github.com/opencontainers/runc v1.1.14 h1:rgSuzbmgz5DUJjeSnw337TxDbRuqjs6iqQck/2weR6w= -github.com/opencontainers/runc v1.1.14/go.mod h1:E4C2z+7BxR7GHXp0hAY53mek+x49X1LjPNeMTfRGvOA= +github.com/opencontainers/runc v1.2.3 h1:fxE7amCzfZflJO2lHXf4y/y8M1BoAqp+FVmG19oYB80= +github.com/opencontainers/runc v1.2.3/go.mod h1:nSxcWUydXrsBZVYNSkTjoQ/N6rcyTtn+1SD5D4+kRIM= github.com/ory/dockertest/v3 v3.11.0 h1:OiHcxKAvSDUwsEVh2BjxQQc/5EHz9n0va9awCtNGuyA= github.com/ory/dockertest/v3 v3.11.0/go.mod h1:VIPxS1gwT9NpPOrfD3rACs8Y9Z7yhzO4SB194iUDnUI= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= @@ -275,11 +250,10 @@ github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 h1:GFCKgm github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10/go.mod h1:t/avpk3KcrXxUnYOhZhMXJlSEyie6gQbtLq5NM3loB8= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/redis/go-redis/v9 v9.6.1 h1:HHDteefn6ZkTtY5fGUE8tj8uy85AHk6zP7CpzIAM0y4= -github.com/redis/go-redis/v9 v9.6.1/go.mod h1:0C0c6ycQsdpVNQpxb1njEQIqkx5UcsM8FJCQLgE9+RA= -github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= -github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= +github.com/redis/go-redis/v9 v9.7.0 h1:HhLSs+B6O021gwzl+locl0zEDnyNkxMtf/Z3NNBMa9E= +github.com/redis/go-redis/v9 v9.7.0/go.mod h1:f6zhXITC7JUJIlPEiBOTXxJgPLdZcA93GewI7inzyWw= +github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= +github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk= @@ -294,7 +268,6 @@ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UV github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= @@ -312,57 +285,46 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/detectors/gcp v1.29.0 h1:TiaiXB4DpGD3sdzNlYQxruQngn5Apwzi1X0DRhuGvDQ= -go.opentelemetry.io/contrib/detectors/gcp v1.29.0/go.mod h1:GW2aWZNwR2ZxDLdv8OyC2G8zkRoQBuURgV7RPQgcPoU= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.55.0 h1:hCq2hNMwsegUvPzI7sPOvtO9cqyy5GbWt/Ybp2xrx8Q= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.55.0/go.mod h1:LqaApwGx/oUmzsbqxkzuBvyoPpkxk3JQWnqfVrJ3wCA= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.55.0 h1:ZIg3ZT/aQ7AfKqdwp7ECpOK6vHqquXXuyTjIO8ZdmPs= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.55.0/go.mod h1:DQAwmETtZV00skUwgD6+0U89g80NKsJE3DCKeLLPQMI= -go.opentelemetry.io/otel v1.30.0 h1:F2t8sK4qf1fAmY9ua4ohFS/K+FUuOPemHUIXHtktrts= -go.opentelemetry.io/otel v1.30.0/go.mod h1:tFw4Br9b7fOS+uEao81PJjVMjW/5fvNCbpsDIXqP0pc= +go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= +go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= +go.opentelemetry.io/contrib/detectors/gcp v1.33.0 h1:FVPoXEoILwgbZUu4X7YSgsESsAmGRgoYcnXkzgQPhP4= +go.opentelemetry.io/contrib/detectors/gcp v1.33.0/go.mod h1:ZHrLmr4ikK2AwRj9QL+c9s2SOlgoSRyMpNVzUj2fZqI= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 h1:PS8wXpbyaDJQ2VDHHncMe9Vct0Zn1fEjpsjrLxGJoSc= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0/go.mod h1:HDBUsEjOuRC0EzKZ1bSaRGZWUBAzo+MhAcUUORSr4D0= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 h1:yd02MEjBdJkG3uabWP9apV+OuWRIXGDuJEUJbOHmCFU= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0/go.mod h1:umTcuxiv1n/s/S6/c2AT/g2CQ7u5C59sHDNmfSwgz7Q= +go.opentelemetry.io/otel v1.34.0 h1:zRLXxLCgL1WyKsPVrgbSdMN4c0FMkDAskSTQP+0hdUY= +go.opentelemetry.io/otel v1.34.0/go.mod h1:OWFPOQ+h4G8xpyjgqo4SxJYdDQ/qmRH+wivy7zzx9oI= go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.29.0 h1:WDdP9acbMYjbKIyJUhTvtzj601sVJOqgWdUxSdR/Ysc= go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.29.0/go.mod h1:BLbf7zbNIONBLPwvFnwNHGj4zge8uTCM/UPIVW1Mq2I= -go.opentelemetry.io/otel/metric v1.30.0 h1:4xNulvn9gjzo4hjg+wzIKG7iNFEaBMX00Qd4QIZs7+w= -go.opentelemetry.io/otel/metric v1.30.0/go.mod h1:aXTfST94tswhWEb+5QjlSqG+cZlmyXy/u8jFpor3WqQ= -go.opentelemetry.io/otel/sdk v1.29.0 h1:vkqKjk7gwhS8VaWb0POZKmIEDimRCMsopNYnriHyryo= -go.opentelemetry.io/otel/sdk v1.29.0/go.mod h1:pM8Dx5WKnvxLCb+8lG1PRNIDxu9g9b9g59Qr7hfAAok= -go.opentelemetry.io/otel/sdk/metric v1.29.0 h1:K2CfmJohnRgvZ9UAj2/FhIf/okdWcNdBwe1m8xFXiSY= -go.opentelemetry.io/otel/sdk/metric v1.29.0/go.mod h1:6zZLdCl2fkauYoZIOn/soQIDSWFmNSRcICarHfuhNJQ= -go.opentelemetry.io/otel/trace v1.30.0 h1:7UBkkYzeg3C7kQX8VAidWh2biiQbtAKjyIML8dQ9wmc= -go.opentelemetry.io/otel/trace v1.30.0/go.mod h1:5EyKqTzzmyqB9bwtCCq6pDLktPK6fmGf/Dph+8VI02o= +go.opentelemetry.io/otel/metric v1.34.0 h1:+eTR3U0MyfWjRDhmFMxe2SsW64QrZ84AOhvqS7Y+PoQ= +go.opentelemetry.io/otel/metric v1.34.0/go.mod h1:CEDrp0fy2D0MvkXE+dPV7cMi8tWZwX3dmaIhwPOaqHE= +go.opentelemetry.io/otel/sdk v1.34.0 h1:95zS4k/2GOy069d321O8jWgYsW3MzVV+KuSPKp7Wr1A= +go.opentelemetry.io/otel/sdk v1.34.0/go.mod h1:0e/pNiaMAqaykJGKbi+tSjWfNNHMTxoC9qANsCzbyxU= +go.opentelemetry.io/otel/sdk/metric v1.33.0 h1:Gs5VK9/WUJhNXZgn8MR6ITatvAmKeIuCtNbsP3JkNqU= +go.opentelemetry.io/otel/sdk/metric v1.33.0/go.mod h1:dL5ykHZmm1B1nVRk9dDjChwDmt81MjVp3gLkQRwKf/Q= +go.opentelemetry.io/otel/trace v1.34.0 h1:+ouXS2V8Rd4hp4580a8q23bg0azF2nI8cqLYnC8mh/k= +go.opentelemetry.io/otel/trace v1.34.0/go.mod h1:Svm7lSjQD7kG7KJ/MUHPVXSDGz2OX4h0M2jHBhmSfRE= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ= -golang.org/x/crypto v0.29.0/go.mod h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg= -golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= -golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc= +golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo= -golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM= -golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE= -golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= -golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0= +golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k= +golang.org/x/oauth2 v0.25.0 h1:CY4y7XT9v0cRI9oupztF8AgiIu99L/ksR/Xp/6jrZ70= +golang.org/x/oauth2 v0.25.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ= -golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= +golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -371,21 +333,17 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s= -golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.26.0 h1:WEQa6V3Gja/BhNxg540hBip/kkaYtRg3cxg4oXSw4AU= -golang.org/x/term v0.26.0/go.mod h1:Si5m1o57C5nBNQo5z1iq+XDijt21BDBDp2bK0QI8e3E= +golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= +golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU= +golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug= -golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4= -golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg= -golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= +golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= +golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY= +golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= @@ -393,39 +351,18 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.209.0 h1:Ja2OXNlyRlWCWu8o+GgI4yUn/wz9h/5ZfFbKz+dQX+w= -google.golang.org/api v0.209.0/go.mod h1:I53S168Yr/PNDNMi5yPnDc0/LGRZO6o7PoEbl/HY3CM= -google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20241113202542-65e8d215514f h1:zDoHYmMzMacIdjNe+P2XiTmPsLawi/pCbSPfxt6lTfw= -google.golang.org/genproto v0.0.0-20241113202542-65e8d215514f/go.mod h1:Q5m6g8b5KaFFzsQFIGdJkSJDGeJiybVenoYFMMa3ohI= -google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 h1:M0KvPgPmDZHPlbRbaNU1APr28TvwvvdUPlSv7PUvy8g= -google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:dguCy7UOdZhTvLzDyt15+rOrawrpM4q7DD9dQ1P11P4= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241113202542-65e8d215514f h1:C1QccEa9kUwvMgEUORqQD9S17QesQijxjZ84sO82mfo= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241113202542-65e8d215514f/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI= -google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= -google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.68.0 h1:aHQeeJbo8zAkAa3pRzrVjZlbz6uSfeOXlJNQM0RAbz0= -google.golang.org/grpc v1.68.0/go.mod h1:fmSPC5AsjSBCK54MyHRx48kpOti1/jRfOlwEWywNjWA= -google.golang.org/grpc/stats/opentelemetry v0.0.0-20240907200651-3ffb98b2c93a h1:UIpYSuWdWHSzjwcAFRLjKcPXFZVVLXGEM23W+NWqipw= -google.golang.org/grpc/stats/opentelemetry v0.0.0-20240907200651-3ffb98b2c93a/go.mod h1:9i1T9n4ZinTUZGgzENMi8MDDgbGC5mqTS75JAv6xN3A= -google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= -google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= -google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= -google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= -google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= -google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= -google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io= -google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/api v0.220.0 h1:3oMI4gdBgB72WFVwE1nerDD8W3HUOS4kypK6rRLbGns= +google.golang.org/api v0.220.0/go.mod h1:26ZAlY6aN/8WgpCzjPNy18QpYaz7Zgg1h0qe1GkZEmY= +google.golang.org/genproto v0.0.0-20241223144023-3abc09e42ca8 h1:e26eS1K69yxjjNNHYqjN49y95kcaQLJ3TL5h68dcA1E= +google.golang.org/genproto v0.0.0-20241223144023-3abc09e42ca8/go.mod h1:i5btTErZyoKCCubju3HS5LVho4nZd3yFnEp6moqeUjE= +google.golang.org/genproto/googleapis/api v0.0.0-20241223144023-3abc09e42ca8 h1:st3LcW/BPi75W4q1jJTEor/QWwbNlPlDG0JTn6XhZu0= +google.golang.org/genproto/googleapis/api v0.0.0-20241223144023-3abc09e42ca8/go.mod h1:klhJGKFyG8Tn50enBn7gizg4nXGXJ+jqEREdCWaPcV4= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250127172529-29210b9bc287 h1:J1H9f+LEdWAfHcez/4cvaVBox7cOYT+IU6rgqj5x++8= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250127172529-29210b9bc287/go.mod h1:8BS3B93F/U1juMFq9+EDk+qOT5CO1R9IzXxG3PTqiRk= +google.golang.org/grpc v1.70.0 h1:pWFv03aZoHzlRKHWicjsZytKAiYCtNS0dHbXnIdq7jQ= +google.golang.org/grpc v1.70.0/go.mod h1:ofIJqVKDXx/JiXrwr2IG4/zwdH9txy3IlF40RmcJSQw= +google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM= +google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= @@ -438,5 +375,3 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.5.1 h1:EENdUnS3pdur5nybKYIh2Vfgc8IUNBjxDPSjtiJcOzU= gotest.tools/v3 v3.5.1/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU= -honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/hcvault/keysource_test.go b/hcvault/keysource_test.go index 355a47868..646895335 100644 --- a/hcvault/keysource_test.go +++ b/hcvault/keysource_test.go @@ -41,7 +41,7 @@ func TestMain(m *testing.M) { } // Pull the image, create a container based on it, and run it - resource, err := pool.Run("vault", testVaultVersion, []string{"VAULT_DEV_ROOT_TOKEN_ID=" + testVaultToken}) + resource, err := pool.Run("ghcr.io/getsops/ci-container-images/vault", testVaultVersion, []string{"VAULT_DEV_ROOT_TOKEN_ID=" + testVaultToken}) if err != nil { logger.Fatalf("could not start resource: %s", err) } diff --git a/keyservice/keyservice.pb.go b/keyservice/keyservice.pb.go index ead3ccfd1..a810b2805 100644 --- a/keyservice/keyservice.pb.go +++ b/keyservice/keyservice.pb.go @@ -1,17 +1,12 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.23.0 -// protoc v3.13.0 +// protoc-gen-go v1.35.2 +// protoc v5.28.3 // source: keyservice/keyservice.proto package keyservice import ( - context "context" - proto "github.com/golang/protobuf/proto" - grpc "google.golang.org/grpc" - codes "google.golang.org/grpc/codes" - status "google.golang.org/grpc/status" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" @@ -25,16 +20,13 @@ const ( _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) ) -// This is a compile-time assertion that a sufficiently up-to-date version -// of the legacy proto package is being used. -const _ = proto.ProtoPackageIsVersion4 - type Key struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields // Types that are assignable to KeyType: + // // *Key_KmsKey // *Key_PgpKey // *Key_GcpKmsKey @@ -46,11 +38,9 @@ type Key struct { func (x *Key) Reset() { *x = Key{} - if protoimpl.UnsafeEnabled { - mi := &file_keyservice_keyservice_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_keyservice_keyservice_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *Key) String() string { @@ -61,7 +51,7 @@ func (*Key) ProtoMessage() {} func (x *Key) ProtoReflect() protoreflect.Message { mi := &file_keyservice_keyservice_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -175,11 +165,9 @@ type PgpKey struct { func (x *PgpKey) Reset() { *x = PgpKey{} - if protoimpl.UnsafeEnabled { - mi := &file_keyservice_keyservice_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_keyservice_keyservice_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *PgpKey) String() string { @@ -190,7 +178,7 @@ func (*PgpKey) ProtoMessage() {} func (x *PgpKey) ProtoReflect() protoreflect.Message { mi := &file_keyservice_keyservice_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -225,11 +213,9 @@ type KmsKey struct { func (x *KmsKey) Reset() { *x = KmsKey{} - if protoimpl.UnsafeEnabled { - mi := &file_keyservice_keyservice_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_keyservice_keyservice_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *KmsKey) String() string { @@ -240,7 +226,7 @@ func (*KmsKey) ProtoMessage() {} func (x *KmsKey) ProtoReflect() protoreflect.Message { mi := &file_keyservice_keyservice_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -293,11 +279,9 @@ type GcpKmsKey struct { func (x *GcpKmsKey) Reset() { *x = GcpKmsKey{} - if protoimpl.UnsafeEnabled { - mi := &file_keyservice_keyservice_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_keyservice_keyservice_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *GcpKmsKey) String() string { @@ -308,7 +292,7 @@ func (*GcpKmsKey) ProtoMessage() {} func (x *GcpKmsKey) ProtoReflect() protoreflect.Message { mi := &file_keyservice_keyservice_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -342,11 +326,9 @@ type VaultKey struct { func (x *VaultKey) Reset() { *x = VaultKey{} - if protoimpl.UnsafeEnabled { - mi := &file_keyservice_keyservice_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_keyservice_keyservice_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *VaultKey) String() string { @@ -357,7 +339,7 @@ func (*VaultKey) ProtoMessage() {} func (x *VaultKey) ProtoReflect() protoreflect.Message { mi := &file_keyservice_keyservice_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -405,11 +387,9 @@ type AzureKeyVaultKey struct { func (x *AzureKeyVaultKey) Reset() { *x = AzureKeyVaultKey{} - if protoimpl.UnsafeEnabled { - mi := &file_keyservice_keyservice_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_keyservice_keyservice_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *AzureKeyVaultKey) String() string { @@ -420,7 +400,7 @@ func (*AzureKeyVaultKey) ProtoMessage() {} func (x *AzureKeyVaultKey) ProtoReflect() protoreflect.Message { mi := &file_keyservice_keyservice_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -466,11 +446,9 @@ type AgeKey struct { func (x *AgeKey) Reset() { *x = AgeKey{} - if protoimpl.UnsafeEnabled { - mi := &file_keyservice_keyservice_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_keyservice_keyservice_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *AgeKey) String() string { @@ -481,7 +459,7 @@ func (*AgeKey) ProtoMessage() {} func (x *AgeKey) ProtoReflect() protoreflect.Message { mi := &file_keyservice_keyservice_proto_msgTypes[6] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -514,11 +492,9 @@ type EncryptRequest struct { func (x *EncryptRequest) Reset() { *x = EncryptRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_keyservice_keyservice_proto_msgTypes[7] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_keyservice_keyservice_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *EncryptRequest) String() string { @@ -529,7 +505,7 @@ func (*EncryptRequest) ProtoMessage() {} func (x *EncryptRequest) ProtoReflect() protoreflect.Message { mi := &file_keyservice_keyservice_proto_msgTypes[7] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -568,11 +544,9 @@ type EncryptResponse struct { func (x *EncryptResponse) Reset() { *x = EncryptResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_keyservice_keyservice_proto_msgTypes[8] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_keyservice_keyservice_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *EncryptResponse) String() string { @@ -583,7 +557,7 @@ func (*EncryptResponse) ProtoMessage() {} func (x *EncryptResponse) ProtoReflect() protoreflect.Message { mi := &file_keyservice_keyservice_proto_msgTypes[8] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -616,11 +590,9 @@ type DecryptRequest struct { func (x *DecryptRequest) Reset() { *x = DecryptRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_keyservice_keyservice_proto_msgTypes[9] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_keyservice_keyservice_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *DecryptRequest) String() string { @@ -631,7 +603,7 @@ func (*DecryptRequest) ProtoMessage() {} func (x *DecryptRequest) ProtoReflect() protoreflect.Message { mi := &file_keyservice_keyservice_proto_msgTypes[9] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -670,11 +642,9 @@ type DecryptResponse struct { func (x *DecryptResponse) Reset() { *x = DecryptResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_keyservice_keyservice_proto_msgTypes[10] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_keyservice_keyservice_proto_msgTypes[10] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *DecryptResponse) String() string { @@ -685,7 +655,7 @@ func (*DecryptResponse) ProtoMessage() {} func (x *DecryptResponse) ProtoReflect() protoreflect.Message { mi := &file_keyservice_keyservice_proto_msgTypes[10] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -784,7 +754,8 @@ var file_keyservice_keyservice_proto_rawDesc = []byte{ 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x2e, 0x0a, 0x07, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x12, 0x0f, 0x2e, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x10, 0x2e, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x0e, 0x5a, 0x0c, 0x2e, 0x2f, 0x6b, 0x65, + 0x79, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -800,7 +771,7 @@ func file_keyservice_keyservice_proto_rawDescGZIP() []byte { } var file_keyservice_keyservice_proto_msgTypes = make([]protoimpl.MessageInfo, 12) -var file_keyservice_keyservice_proto_goTypes = []interface{}{ +var file_keyservice_keyservice_proto_goTypes = []any{ (*Key)(nil), // 0: Key (*PgpKey)(nil), // 1: PgpKey (*KmsKey)(nil), // 2: KmsKey @@ -840,141 +811,7 @@ func file_keyservice_keyservice_proto_init() { if File_keyservice_keyservice_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_keyservice_keyservice_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Key); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_keyservice_keyservice_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PgpKey); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_keyservice_keyservice_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*KmsKey); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_keyservice_keyservice_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*GcpKmsKey); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_keyservice_keyservice_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*VaultKey); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_keyservice_keyservice_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*AzureKeyVaultKey); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_keyservice_keyservice_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*AgeKey); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_keyservice_keyservice_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*EncryptRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_keyservice_keyservice_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*EncryptResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_keyservice_keyservice_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*DecryptRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_keyservice_keyservice_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*DecryptResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - file_keyservice_keyservice_proto_msgTypes[0].OneofWrappers = []interface{}{ + file_keyservice_keyservice_proto_msgTypes[0].OneofWrappers = []any{ (*Key_KmsKey)(nil), (*Key_PgpKey)(nil), (*Key_GcpKmsKey)(nil), @@ -1001,119 +838,3 @@ func file_keyservice_keyservice_proto_init() { file_keyservice_keyservice_proto_goTypes = nil file_keyservice_keyservice_proto_depIdxs = nil } - -// Reference imports to suppress errors if they are not otherwise used. -var _ context.Context -var _ grpc.ClientConnInterface - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the grpc package it is being compiled against. -const _ = grpc.SupportPackageIsVersion6 - -// KeyServiceClient is the client API for KeyService service. -// -// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream. -type KeyServiceClient interface { - Encrypt(ctx context.Context, in *EncryptRequest, opts ...grpc.CallOption) (*EncryptResponse, error) - Decrypt(ctx context.Context, in *DecryptRequest, opts ...grpc.CallOption) (*DecryptResponse, error) -} - -type keyServiceClient struct { - cc grpc.ClientConnInterface -} - -func NewKeyServiceClient(cc grpc.ClientConnInterface) KeyServiceClient { - return &keyServiceClient{cc} -} - -func (c *keyServiceClient) Encrypt(ctx context.Context, in *EncryptRequest, opts ...grpc.CallOption) (*EncryptResponse, error) { - out := new(EncryptResponse) - err := c.cc.Invoke(ctx, "/KeyService/Encrypt", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *keyServiceClient) Decrypt(ctx context.Context, in *DecryptRequest, opts ...grpc.CallOption) (*DecryptResponse, error) { - out := new(DecryptResponse) - err := c.cc.Invoke(ctx, "/KeyService/Decrypt", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -// KeyServiceServer is the server API for KeyService service. -type KeyServiceServer interface { - Encrypt(context.Context, *EncryptRequest) (*EncryptResponse, error) - Decrypt(context.Context, *DecryptRequest) (*DecryptResponse, error) -} - -// UnimplementedKeyServiceServer can be embedded to have forward compatible implementations. -type UnimplementedKeyServiceServer struct { -} - -func (*UnimplementedKeyServiceServer) Encrypt(context.Context, *EncryptRequest) (*EncryptResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method Encrypt not implemented") -} -func (*UnimplementedKeyServiceServer) Decrypt(context.Context, *DecryptRequest) (*DecryptResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method Decrypt not implemented") -} - -func RegisterKeyServiceServer(s *grpc.Server, srv KeyServiceServer) { - s.RegisterService(&_KeyService_serviceDesc, srv) -} - -func _KeyService_Encrypt_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(EncryptRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(KeyServiceServer).Encrypt(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/KeyService/Encrypt", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(KeyServiceServer).Encrypt(ctx, req.(*EncryptRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _KeyService_Decrypt_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(DecryptRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(KeyServiceServer).Decrypt(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/KeyService/Decrypt", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(KeyServiceServer).Decrypt(ctx, req.(*DecryptRequest)) - } - return interceptor(ctx, in, info, handler) -} - -var _KeyService_serviceDesc = grpc.ServiceDesc{ - ServiceName: "KeyService", - HandlerType: (*KeyServiceServer)(nil), - Methods: []grpc.MethodDesc{ - { - MethodName: "Encrypt", - Handler: _KeyService_Encrypt_Handler, - }, - { - MethodName: "Decrypt", - Handler: _KeyService_Decrypt_Handler, - }, - }, - Streams: []grpc.StreamDesc{}, - Metadata: "keyservice/keyservice.proto", -} diff --git a/keyservice/keyservice.proto b/keyservice/keyservice.proto index 1d91a5709..8bf62f89b 100644 --- a/keyservice/keyservice.proto +++ b/keyservice/keyservice.proto @@ -1,5 +1,7 @@ syntax = "proto3"; +option go_package = "./keyservice"; + message Key { oneof key_type { KmsKey kms_key = 1; diff --git a/keyservice/keyservice_grpc.pb.go b/keyservice/keyservice_grpc.pb.go new file mode 100644 index 000000000..d278b82d9 --- /dev/null +++ b/keyservice/keyservice_grpc.pb.go @@ -0,0 +1,157 @@ +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.5.1 +// - protoc v5.28.3 +// source: keyservice/keyservice.proto + +package keyservice + +import ( + context "context" + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +// Requires gRPC-Go v1.64.0 or later. +const _ = grpc.SupportPackageIsVersion9 + +const ( + KeyService_Encrypt_FullMethodName = "/KeyService/Encrypt" + KeyService_Decrypt_FullMethodName = "/KeyService/Decrypt" +) + +// KeyServiceClient is the client API for KeyService service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +type KeyServiceClient interface { + Encrypt(ctx context.Context, in *EncryptRequest, opts ...grpc.CallOption) (*EncryptResponse, error) + Decrypt(ctx context.Context, in *DecryptRequest, opts ...grpc.CallOption) (*DecryptResponse, error) +} + +type keyServiceClient struct { + cc grpc.ClientConnInterface +} + +func NewKeyServiceClient(cc grpc.ClientConnInterface) KeyServiceClient { + return &keyServiceClient{cc} +} + +func (c *keyServiceClient) Encrypt(ctx context.Context, in *EncryptRequest, opts ...grpc.CallOption) (*EncryptResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(EncryptResponse) + err := c.cc.Invoke(ctx, KeyService_Encrypt_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *keyServiceClient) Decrypt(ctx context.Context, in *DecryptRequest, opts ...grpc.CallOption) (*DecryptResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(DecryptResponse) + err := c.cc.Invoke(ctx, KeyService_Decrypt_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +// KeyServiceServer is the server API for KeyService service. +// All implementations should embed UnimplementedKeyServiceServer +// for forward compatibility. +type KeyServiceServer interface { + Encrypt(context.Context, *EncryptRequest) (*EncryptResponse, error) + Decrypt(context.Context, *DecryptRequest) (*DecryptResponse, error) +} + +// UnimplementedKeyServiceServer should be embedded to have +// forward compatible implementations. +// +// NOTE: this should be embedded by value instead of pointer to avoid a nil +// pointer dereference when methods are called. +type UnimplementedKeyServiceServer struct{} + +func (UnimplementedKeyServiceServer) Encrypt(context.Context, *EncryptRequest) (*EncryptResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method Encrypt not implemented") +} +func (UnimplementedKeyServiceServer) Decrypt(context.Context, *DecryptRequest) (*DecryptResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method Decrypt not implemented") +} +func (UnimplementedKeyServiceServer) testEmbeddedByValue() {} + +// UnsafeKeyServiceServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to KeyServiceServer will +// result in compilation errors. +type UnsafeKeyServiceServer interface { + mustEmbedUnimplementedKeyServiceServer() +} + +func RegisterKeyServiceServer(s grpc.ServiceRegistrar, srv KeyServiceServer) { + // If the following call pancis, it indicates UnimplementedKeyServiceServer was + // embedded by pointer and is nil. This will cause panics if an + // unimplemented method is ever invoked, so we test this at initialization + // time to prevent it from happening at runtime later due to I/O. + if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { + t.testEmbeddedByValue() + } + s.RegisterService(&KeyService_ServiceDesc, srv) +} + +func _KeyService_Encrypt_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(EncryptRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(KeyServiceServer).Encrypt(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: KeyService_Encrypt_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(KeyServiceServer).Encrypt(ctx, req.(*EncryptRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _KeyService_Decrypt_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(DecryptRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(KeyServiceServer).Decrypt(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: KeyService_Decrypt_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(KeyServiceServer).Decrypt(ctx, req.(*DecryptRequest)) + } + return interceptor(ctx, in, info, handler) +} + +// KeyService_ServiceDesc is the grpc.ServiceDesc for KeyService service. +// It's only intended for direct use with grpc.RegisterService, +// and not to be introspected or modified (even as a copy) +var KeyService_ServiceDesc = grpc.ServiceDesc{ + ServiceName: "KeyService", + HandlerType: (*KeyServiceServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "Encrypt", + Handler: _KeyService_Encrypt_Handler, + }, + { + MethodName: "Decrypt", + Handler: _KeyService_Decrypt_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "keyservice/keyservice.proto", +} diff --git a/kms/keysource.go b/kms/keysource.go index e1441b492..d3be8d104 100644 --- a/kms/keysource.go +++ b/kms/keysource.go @@ -11,6 +11,7 @@ import ( "fmt" "os" "regexp" + "sort" "strings" "time" @@ -181,6 +182,38 @@ func ParseKMSContext(in interface{}) map[string]*string { return out } +// kmsContextToString converts a dictionary into a string that can be parsed +// again with ParseKMSContext(). +func kmsContextToString(in map[string]*string) string { + if len(in) == 0 { + return "" + } + + // Collect the keys in a slice and compute the expected length + keys := make([]string, 0, len(in)) + length := 0 + for key := range in { + keys = append(keys, key) + length += len(key) + len(*in[key]) + 2 + } + + // Sort the keys + sort.Strings(keys) + + // Compose a comma-separated string of key-vale pairs + var builder strings.Builder + builder.Grow(length) + for index, key := range keys { + if index > 0 { + builder.WriteString(",") + } + builder.WriteString(key) + builder.WriteByte(':') + builder.WriteString(*in[key]) + } + return builder.String() +} + // CredentialsProvider is a wrapper around aws.CredentialsProvider used for // authentication towards AWS KMS. type CredentialsProvider struct { @@ -278,7 +311,18 @@ func (key *MasterKey) NeedsRotation() bool { // ToString converts the key to a string representation. func (key *MasterKey) ToString() string { - return key.Arn + arnRole := key.Arn + if key.Role != "" { + arnRole = fmt.Sprintf("%s+%s", key.Arn, key.Role) + } + context := kmsContextToString(key.EncryptionContext) + if key.AwsProfile != "" { + return fmt.Sprintf("%s|%s|%s", arnRole, context, key.AwsProfile) + } + if context != "" { + return fmt.Sprintf("%s|%s", arnRole, context) + } + return arnRole } // ToMap converts the MasterKey to a map for serialization purposes. diff --git a/kms/keysource_test.go b/kms/keysource_test.go index a2bb76b3f..da3c6b51e 100644 --- a/kms/keysource_test.go +++ b/kms/keysource_test.go @@ -33,7 +33,7 @@ const ( // testLocalKMSImage is a container image repository reference to a mock // version of AWS' Key Management Service. // Ref: https://github.com/nsmithuk/local-kms - testLocalKMSImage = "docker.io/nsmithuk/local-kms" + testLocalKMSImage = "ghcr.io/getsops/ci-container-images/local-kms" // testLocalKMSImage is the container image tag to use. testLocalKMSTag = "3.11.1" ) @@ -367,8 +367,38 @@ func TestMasterKey_NeedsRotation(t *testing.T) { } func TestMasterKey_ToString(t *testing.T) { + dummyARNWithRole := fmt.Sprintf("%s+arn:aws:iam::my-role", dummyARN) + + bar := "bar" + bam := "bam" + context := map[string]*string{ + "foo": &bar, + "baz": &bam, + } + key := NewMasterKeyFromArn(dummyARN, nil, "") assert.Equal(t, dummyARN, key.ToString()) + + key = NewMasterKeyFromArn(dummyARNWithRole, nil, "") + assert.Equal(t, dummyARNWithRole, key.ToString()) + + key = NewMasterKeyFromArn(dummyARN, nil, "profile") + assert.Equal(t, fmt.Sprintf("%s||profile", dummyARN), key.ToString()) + + key = NewMasterKeyFromArn(dummyARNWithRole, nil, "profile") + assert.Equal(t, fmt.Sprintf("%s||profile", dummyARNWithRole), key.ToString()) + + key = NewMasterKeyFromArn(dummyARN, context, "") + assert.Equal(t, fmt.Sprintf("%s|baz:bam,foo:bar", dummyARN), key.ToString()) + + key = NewMasterKeyFromArn(dummyARNWithRole, context, "") + assert.Equal(t, fmt.Sprintf("%s|baz:bam,foo:bar", dummyARNWithRole), key.ToString()) + + key = NewMasterKeyFromArn(dummyARN, context, "profile") + assert.Equal(t, fmt.Sprintf("%s|baz:bam,foo:bar|profile", dummyARN), key.ToString()) + + key = NewMasterKeyFromArn(dummyARNWithRole, context, "profile") + assert.Equal(t, fmt.Sprintf("%s|baz:bam,foo:bar|profile", dummyARNWithRole), key.ToString()) } func TestMasterKey_ToMap(t *testing.T) { diff --git a/pgp/keysource.go b/pgp/keysource.go index e1eed580d..1646aceaa 100644 --- a/pgp/keysource.go +++ b/pgp/keysource.go @@ -634,7 +634,13 @@ func gnuPGHome(customPath string) string { // This is mostly used for compatibility reasons, as older versions of GnuPG // do not always like long IDs. func shortenFingerprint(fingerprint string) string { - if offset := len(fingerprint) - 16; offset > 0 { + offset := len(fingerprint) - 16 + // If the fingerprint ends with '!', we must include '!' in the ID *and* the + // 16 hex digits before it. See https://github.com/getsops/sops/issues/1365. + if strings.HasSuffix(fingerprint, "!") { + offset -= 1 + } + if offset > 0 { fingerprint = fingerprint[offset:] } return fingerprint diff --git a/pgp/keysource_test.go b/pgp/keysource_test.go index 58693d72d..28fcfeb8e 100644 --- a/pgp/keysource_test.go +++ b/pgp/keysource_test.go @@ -697,10 +697,23 @@ func Test_gnuPGHome(t *testing.T) { } func Test_shortenFingerprint(t *testing.T) { + // Test with regular fingerprint shortId := shortenFingerprint(mockFingerprint) assert.Equal(t, "9732075EA221A7EA", shortId) assert.Equal(t, shortId, shortenFingerprint(shortId)) + + // Test with forced subkey + shortId = shortenFingerprint(mockFingerprint + "!") + assert.Equal(t, "9732075EA221A7EA!", shortId) + + assert.Equal(t, shortId, shortenFingerprint(shortId)) + + // Make sure that too short IDs are kept + for _, tooShort := range []string{"012345679abcdef", "012345679abcdef!", "123", "123!"} { + shortId = shortenFingerprint(tooShort) + assert.Equal(t, tooShort, shortId) + } } // TODO(hidde): previous tests kept around for now. diff --git a/version/version.go b/version/version.go index 3633443dd..01c2640c1 100644 --- a/version/version.go +++ b/version/version.go @@ -12,7 +12,7 @@ import ( ) // Version represents the value of the current semantic version. -var Version = "3.9.1" +var Version = "3.9.4" // PrintVersion prints the current version of sops. If the flag // `--disable-version-check` is set or if the environment variable