From 0f3ce6917ed9b319709ad9122becd4cc19e8a775 Mon Sep 17 00:00:00 2001 From: David Wertenteil Date: Thu, 29 Sep 2022 08:48:09 +0300 Subject: [PATCH] Release (#844) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Fix issue for scanning list obj * Fix go mod in httphandler pkg * Broken links fix in roadmap.md Planning, backlog, and wishlist links were not taking to the required section. * override infoMap only if it's not nil * improved icon of kubescape in readme * Support scanning several files * gramatical improvements * docs(readme): Star → star * Fix issues according to review * Handle with issues caused by updating opa-utils * Fix scanning ListObj following reviews * Update core/pkg/resourcehandler/filesloader.go Co-authored-by: Vlad Klokun * Update completion.go * Added fixed control input * update go.mod * Print chart name log when fail to generate * Change formatting to %s * Added resource prioritization information, raw resource will be sent on the result object * Merging typo fixes from master (#772) * greetings * Update aws.sh simplified the comment * typo: In the title and h1 element Their was a typo in index.html file. * punctuation changes * docs : added gitpod badge in readme.md * fixed typos * ƒ some grammar mistake is corrected inPULL_REQUEST_TEMPLATE.md file * Updated README.md file Added link to CONTRIBUTING.md file in a line in README. * Added link to code of conduct file I have added link to the code of conduct file and fixed some problems in the Readme file. * Fixed readme * Added alpine tag Adding alpine tag instead of latest and removing repeating commands * roadmap.md file is modified * Automatically Close "Typo" labelled Issue * build.py is modified * modified PR template * Fixed some typos in feature_request.md "." at the end of the headings were missing and all the text were in same line. Now this gives a clear and concise view of the texts. * fixed the typo in docs/index.html Found and fixed typo in the 'alt' attribute of img tag * Update PULL_REQUEST_TEMPLATE.md Co-authored-by: Krishna Agarwal Co-authored-by: Saswata Senapati <74651639+saswat16@users.noreply.github.com> Co-authored-by: Rahul Singh <110548934+rahuldhirendersingh@users.noreply.github.com> Co-authored-by: deepuyadav004 Co-authored-by: kartik <97971066+kartikgajjar7@users.noreply.github.com> Co-authored-by: Rounak-28 <95576871+Rounak-28@users.noreply.github.com> Co-authored-by: pwnb0y Co-authored-by: Ben Hirschberg <59160382+slashben@users.noreply.github.com> Co-authored-by: Saptarshi Sarkar Co-authored-by: Rahul Surwade <93492791+RahulSurwade08@users.noreply.github.com> Co-authored-by: Suhas Gumma <43647369+suhasgumma@users.noreply.github.com> Co-authored-by: Kamal Nayan <95926324+legendarykamal@users.noreply.github.com> Co-authored-by: TarangVerma <90996971+TarangVerma@users.noreply.github.com> Co-authored-by: avikittu <65793296+avikittu@users.noreply.github.com> * update logger version * update logger version (#773) * Fixed: Kubescape fails to authenticate remote private Github repo (#721) * grammar error fixer in CONTRIBUTING.md * scanning private git repository is available * giturl to gitapi * NO TOKEN error functionality added * Used GetToken method of giturl.IGitAPPI for auth Co-authored-by: satyam kale Co-authored-by: Ben Hirschberg <59160382+slashben@users.noreply.github.com> * bump opa-utils to 181 * Option to force enable color output (closes #560) (#767) * Option to force enable color output (closes #560) (cherry picked from commit 4f951781ee8dd6bb451ac7d159787f47e4b07379) * Update go.mod * update scanner image * Update host scanner image (#774) * update logger version * update scanner image * remove windows exe extension * Remove windows extension build (#775) * update logger version * update scanner image * remove windows exe extension * commened out prioritization logic * Edit Junit output (#802) * Edit Junit output * Update go sum * Following review * update AdoptClusterName * Print line separator only if some controls failed (#813) * removed the extra 'download' word from the example (#810) it was confusing to understand the download command because there was an extra 'download' mentioned * Prioritization (#815) * removed commented out code * Added attack tracks information to prioritization algorithm * bump opa-utils * go mod tidy * go mod tidy * CR changes * Issue 613 cluster name (#783) * added --clusterName flag (#613) Signed-off-by: Anubhav Gupta * update flag name to --cluster-name Signed-off-by: Anubhav Gupta Signed-off-by: Anubhav Gupta * Per 307 fail on severity counters (#831) * feat: fail on exceeding severity thresholds (#830) - Add support for severity counters - Add support for CLI flags that set severity thresholds - Terminate Kubescape with an exit code 1 if scan results exceed the severity thresholds * Update opa-utils pkg version Co-authored-by: Vlad Klokun * Fix merge conflict * typo in .gitignore file (#833) * remove unsupported installation method * fixed welcome message * fixed merge * fixed attack tracks loading logic * add flag validation for --account-id (#605) (#793) * add flag validation for --account-id (#605) Signed-off-by: Anubhav Gupta * add flag validation for --client-id & --secret-key Signed-off-by: Anubhav Gupta * Validation method should be a member function * Adding unit tests for credentials validate Signed-off-by: Anubhav Gupta Co-authored-by: David Wertenteil * Scan Kustomize Directory (#795) * Scan Kustomize Files * update 'scam Kustomize Directory' documentation in Readme.md * go get * go get inside httphandler * SourceTypeKustomizeDirectory * Added Scan for Kustomization File Co-authored-by: David Wertenteil * feat: unify severity threshold into one CLI flag (#838) * feat: unify severity threshold into one CLI flag Before this commit, severity threshold flags were separated by severity. This commit unifies these thresholds into one flag that forces Kubescape to terminate with an exit code 1 if there was at least one failed control at the specified severity threshold or above. * chore: update opa utils version * chore: update opa-utils in httphandler * feat: dont enforce severity by default Previous iteration of supporting the severity threshold enforced it even if the severity threshold was not explicitly specified. This change enforces the severity threshold only if it has been explicitly set. * refactor: clarify flagValidationFramework func name This change clarifies the meaning of the function that validates the scan info for the `scan framework` command. It achieves this by renaming the `flagValidationFramework` function to `validateFrameworkScanInfo`. * Merge branch 'master' into dev Signed-off-by: Anubhav Gupta Co-authored-by: Moshe-Rappaport-CA Co-authored-by: Moshe Rappaport <89577611+Moshe-Rappaport-CA@users.noreply.github.com> Co-authored-by: Om Raut <33827410+om2137@users.noreply.github.com> Co-authored-by: Kamal Nayan <95926324+legendarykamal@users.noreply.github.com> Co-authored-by: Vlad Klokun Co-authored-by: Chirag Arora <84070677+Chirag8023@users.noreply.github.com> Co-authored-by: shm12 Co-authored-by: Amir Malka Co-authored-by: Krishna Agarwal Co-authored-by: Saswata Senapati <74651639+saswat16@users.noreply.github.com> Co-authored-by: Rahul Singh <110548934+rahuldhirendersingh@users.noreply.github.com> Co-authored-by: deepuyadav004 Co-authored-by: kartik <97971066+kartikgajjar7@users.noreply.github.com> Co-authored-by: Rounak-28 <95576871+Rounak-28@users.noreply.github.com> Co-authored-by: pwnb0y Co-authored-by: Ben Hirschberg <59160382+slashben@users.noreply.github.com> Co-authored-by: Saptarshi Sarkar Co-authored-by: Rahul Surwade <93492791+RahulSurwade08@users.noreply.github.com> Co-authored-by: Suhas Gumma <43647369+suhasgumma@users.noreply.github.com> Co-authored-by: TarangVerma <90996971+TarangVerma@users.noreply.github.com> Co-authored-by: avikittu <65793296+avikittu@users.noreply.github.com> Co-authored-by: satyam kale Co-authored-by: Aditya Pratap Singh Co-authored-by: Ashray Shetty Co-authored-by: Anubhav Gupta Co-authored-by: Meyazhagan --- README.md | 6 + cmd/delete/exceptions.go | 12 ++ cmd/download/download.go | 11 + cmd/list/list.go | 12 ++ cmd/scan/control.go | 20 +- cmd/scan/framework.go | 107 +++++++--- cmd/scan/scan.go | 7 +- cmd/scan/scan_test.go | 254 ++++++++++++++++++++++++ cmd/scan/validators_test.go | 115 +++++++++++ cmd/submit/exceptions.go | 5 + cmd/submit/rbac.go | 11 + cmd/submit/results.go | 5 + core/cautils/fileutils.go | 35 ++++ core/cautils/kustomizedirectory.go | 115 +++++++++++ core/cautils/rootinfo.go | 26 +++ core/cautils/rootinfo_test.go | 71 +++++++ core/cautils/scaninfo.go | 5 +- core/pkg/resourcehandler/filesloader.go | 38 ++++ go.mod | 10 +- go.sum | 24 ++- httphandler/README.md | 2 +- httphandler/go.mod | 10 +- httphandler/go.sum | 24 ++- 23 files changed, 880 insertions(+), 45 deletions(-) create mode 100644 cmd/scan/scan_test.go create mode 100644 cmd/scan/validators_test.go create mode 100644 core/cautils/kustomizedirectory.go create mode 100644 core/cautils/rootinfo_test.go diff --git a/README.md b/README.md index e75421c92d..63aa4adef8 100644 --- a/README.md +++ b/README.md @@ -255,6 +255,12 @@ kubescape scan --submit ``` > Kubescape will load the default value file +#### Scan Kustomize Directory +``` +kubescape scan --submit +``` +> Kubescape will generate Kubernetes Yaml Objects using 'Kustomize' file and scans them for security. + ### Offline/Air-gaped Environment Support [Video tutorial](https://youtu.be/IGXL9s37smM) diff --git a/cmd/delete/exceptions.go b/cmd/delete/exceptions.go index 4d1787b37c..ce16fbd367 100644 --- a/cmd/delete/exceptions.go +++ b/cmd/delete/exceptions.go @@ -22,6 +22,11 @@ func getExceptionsCmd(ks meta.IKubescape, deleteInfo *v1.Delete) *cobra.Command return nil }, Run: func(cmd *cobra.Command, args []string) { + + if err := flagValidationDelete(deleteInfo); err != nil { + logger.L().Fatal(err.Error()) + } + exceptionsNames := strings.Split(args[0], ";") if len(exceptionsNames) == 0 { logger.L().Fatal("missing exceptions names") @@ -32,3 +37,10 @@ func getExceptionsCmd(ks meta.IKubescape, deleteInfo *v1.Delete) *cobra.Command }, } } + +// Check if the flag entered are valid +func flagValidationDelete(deleteInfo *v1.Delete) error { + + // Validate the user's credentials + return deleteInfo.Credentials.Validate() +} diff --git a/cmd/download/download.go b/cmd/download/download.go index dbb00d6951..44c623ed27 100644 --- a/cmd/download/download.go +++ b/cmd/download/download.go @@ -59,6 +59,10 @@ func GeDownloadCmd(ks meta.IKubescape) *cobra.Command { }, RunE: func(cmd *cobra.Command, args []string) error { + if err := flagValidationDownload(&downloadInfo); err != nil { + return err + } + if filepath.Ext(downloadInfo.Path) == ".json" { downloadInfo.Path, downloadInfo.FileName = filepath.Split(downloadInfo.Path) } @@ -80,3 +84,10 @@ func GeDownloadCmd(ks meta.IKubescape) *cobra.Command { return downloadCmd } + +// Check if the flag entered are valid +func flagValidationDownload(downloadInfo *v1.DownloadInfo) error { + + // Validate the user's credentials + return downloadInfo.Credentials.Validate() +} diff --git a/cmd/list/list.go b/cmd/list/list.go index f02235daf9..766b568ab6 100644 --- a/cmd/list/list.go +++ b/cmd/list/list.go @@ -51,6 +51,11 @@ func GetListCmd(ks meta.IKubescape) *cobra.Command { return nil }, RunE: func(cmd *cobra.Command, args []string) error { + + if err := flagValidationList(&listPolicies); err != nil { + return err + } + listPolicies.Target = args[0] if err := ks.List(&listPolicies); err != nil { @@ -67,3 +72,10 @@ func GetListCmd(ks meta.IKubescape) *cobra.Command { return listCmd } + +// Check if the flag entered are valid +func flagValidationList(listPolicies *v1.ListPolicies) error { + + // Validate the user's credentials + return listPolicies.Credentials.Validate() +} diff --git a/cmd/scan/control.go b/cmd/scan/control.go index 3aa056b1d3..30b0bb3a55 100644 --- a/cmd/scan/control.go +++ b/cmd/scan/control.go @@ -58,6 +58,10 @@ func getControlCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comman }, RunE: func(cmd *cobra.Command, args []string) error { + if err := validateFrameworkScanInfo(scanInfo); err != nil { + return err + } + // flagValidationControl(scanInfo) scanInfo.PolicyIdentifier = []cautils.PolicyIdentifier{} @@ -88,6 +92,10 @@ func getControlCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comman scanInfo.FrameworkScan = false + if err := validateControlScanInfo(scanInfo); err != nil { + return err + } + results, err := ks.Scan(scanInfo) if err != nil { logger.L().Fatal(err.Error()) @@ -101,9 +109,19 @@ func getControlCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comman if results.GetRiskScore() > float32(scanInfo.FailThreshold) { logger.L().Fatal("scan risk-score is above permitted threshold", helpers.String("risk-score", fmt.Sprintf("%.2f", results.GetRiskScore())), helpers.String("fail-threshold", fmt.Sprintf("%.2f", scanInfo.FailThreshold))) } + enforceSeverityThresholds(&results.GetResults().SummaryDetails.SeverityCounters, scanInfo, terminateOnExceedingSeverity) - enforceSeverityThresholds(&results.GetResults().SummaryDetails.SeverityCounters, scanInfo) return nil }, } } + +// validateControlScanInfo validates the ScanInfo struct for the `control` command +func validateControlScanInfo(scanInfo *cautils.ScanInfo) error { + severity := scanInfo.FailThresholdSeverity + + if err := validateSeverity(severity); severity != "" && err != nil { + return err + } + return nil +} diff --git a/cmd/scan/framework.go b/cmd/scan/framework.go index 30de2e0f83..70002c57fc 100644 --- a/cmd/scan/framework.go +++ b/cmd/scan/framework.go @@ -1,12 +1,14 @@ package scan import ( + "errors" "fmt" "io" "os" "strings" apisv1 "github.com/kubescape/opa-utils/httpserver/apis/v1" + reporthandlingapis "github.com/kubescape/opa-utils/reporthandling/apis" "github.com/kubescape/opa-utils/reporthandling/results/v1/reportsummary" logger "github.com/kubescape/go-logger" @@ -37,6 +39,8 @@ var ( Run 'kubescape list frameworks' for the list of supported frameworks ` + + ErrUnknownSeverity = errors.New("unknown severity") ) func getFrameworkCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Command { @@ -63,7 +67,7 @@ func getFrameworkCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comm }, RunE: func(cmd *cobra.Command, args []string) error { - if err := flagValidationFramework(scanInfo); err != nil { + if err := validateFrameworkScanInfo(scanInfo); err != nil { return err } scanInfo.FrameworkScan = true @@ -115,45 +119,94 @@ func getFrameworkCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comm logger.L().Fatal("scan risk-score is above permitted threshold", helpers.String("risk-score", fmt.Sprintf("%.2f", results.GetRiskScore())), helpers.String("fail-threshold", fmt.Sprintf("%.2f", scanInfo.FailThreshold))) } - enforceSeverityThresholds(&results.GetData().Report.SummaryDetails.SeverityCounters, scanInfo) + enforceSeverityThresholds(&results.GetData().Report.SummaryDetails.SeverityCounters, scanInfo, terminateOnExceedingSeverity) return nil }, } } -// enforceSeverityThresholds ensures that the scan results are below defined severity thresholds +// countersExceedSeverityThreshold returns true if severity of failed controls exceed the set severity threshold, else returns false +func countersExceedSeverityThreshold(severityCounters reportsummary.ISeverityCounters, scanInfo *cautils.ScanInfo) (bool, error) { + targetSeverity := scanInfo.FailThresholdSeverity + if err := validateSeverity(targetSeverity); err != nil { + return false, err + } + + getFailedResourcesFuncsBySeverity := []struct { + SeverityName string + GetFailedResources func() int + }{ + {reporthandlingapis.SeverityLowString, severityCounters.NumberOfResourcesWithLowSeverity}, + {reporthandlingapis.SeverityMediumString, severityCounters.NumberOfResourcesWithMediumSeverity}, + {reporthandlingapis.SeverityHighString, severityCounters.NumberOfResourcesWithHighSeverity}, + {reporthandlingapis.SeverityCriticalString, severityCounters.NumberOfResourcesWithCriticalSeverity}, + } + + targetSeverityIdx := 0 + for idx, description := range getFailedResourcesFuncsBySeverity { + if strings.EqualFold(description.SeverityName, targetSeverity) { + targetSeverityIdx = idx + break + } + } + + for _, description := range getFailedResourcesFuncsBySeverity[targetSeverityIdx:] { + failedResourcesCount := description.GetFailedResources() + if failedResourcesCount > 0 { + return true, nil + } + } + + return false, nil + +} + +// terminateOnExceedingSeverity terminates the application on exceeding severity +func terminateOnExceedingSeverity(scanInfo *cautils.ScanInfo, l logger.ILogger) { + l.Fatal("result exceeds severity threshold", helpers.String("set severity threshold", scanInfo.FailThresholdSeverity)) +} + +// enforceSeverityThresholds ensures that the scan results are below the defined severity threshold // -// The function forces the application to terminate with an exit code 1 if there are more resources with failed controls of a given severity than permitted -func enforceSeverityThresholds(severityCounters reportsummary.ISeverityCounters, scanInfo *cautils.ScanInfo) { - failedCritical := severityCounters.NumberOfResourcesWithCriticalSeverity() - failedHigh := severityCounters.NumberOfResourcesWithHighSeverity() - failedMedium := severityCounters.NumberOfResourcesWithMediumSeverity() - failedLow := severityCounters.NumberOfResourcesWithLowSeverity() - - criticalExceeded := failedCritical > scanInfo.FailThresholdCritical - highExceeded := failedHigh > scanInfo.FailThresholdHigh - mediumExceeded := failedMedium > scanInfo.FailThresholdMedium - lowExceeded := failedLow > scanInfo.FailThresholdLow - - resourceThresholdsExceeded := criticalExceeded || highExceeded || mediumExceeded || lowExceeded - - if resourceThresholdsExceeded { - logger.L().Fatal( - "There were failed controls that exceed permitted severity thresholds", - helpers.String("critical", fmt.Sprintf("got: %d, permitted: %d", failedCritical, scanInfo.FailThresholdCritical)), - helpers.String("high", fmt.Sprintf("got: %d, permitted: %d", failedHigh, scanInfo.FailThresholdHigh)), - helpers.String("medium", fmt.Sprintf("got: %d, permitted: %d", failedMedium, scanInfo.FailThresholdMedium)), - helpers.String("low", fmt.Sprintf("got: %d, permitted: %d", failedLow, scanInfo.FailThresholdLow)), - ) +// The function forces the application to terminate with an exit code 1 if at least one control failed control that exceeds the set severity threshold +func enforceSeverityThresholds(severityCounters reportsummary.ISeverityCounters, scanInfo *cautils.ScanInfo, onExceed func(*cautils.ScanInfo, logger.ILogger)) { + // If a severity threshold is not set, we don’t need to enforce it + if scanInfo.FailThresholdSeverity == "" { + return + } + + if val, err := countersExceedSeverityThreshold(severityCounters, scanInfo); val && err == nil { + onExceed(scanInfo, logger.L()) + } else if err != nil { + logger.L().Fatal(err.Error()) + } +} + +// validateSeverity returns an error if a given severity is not known, nil otherwise +func validateSeverity(severity string) error { + for _, val := range reporthandlingapis.GetSupportedSeverities() { + if strings.EqualFold(severity, val) { + return nil + } } + return ErrUnknownSeverity + } -func flagValidationFramework(scanInfo *cautils.ScanInfo) error { +// validateFrameworkScanInfo validates the scan info struct for the `scan framework` command +func validateFrameworkScanInfo(scanInfo *cautils.ScanInfo) error { if scanInfo.Submit && scanInfo.Local { return fmt.Errorf("you can use `keep-local` or `submit`, but not both") } if 100 < scanInfo.FailThreshold || 0 > scanInfo.FailThreshold { return fmt.Errorf("bad argument: out of range threshold") } - return nil + + severity := scanInfo.FailThresholdSeverity + if err := validateSeverity(severity); severity != "" && err != nil { + return err + } + + // Validate the user's credentials + return scanInfo.Credentials.Validate() } diff --git a/cmd/scan/scan.go b/cmd/scan/scan.go index 10fdd0019a..8ae0189d49 100644 --- a/cmd/scan/scan.go +++ b/cmd/scan/scan.go @@ -2,7 +2,6 @@ package scan import ( "fmt" - "math" "github.com/kubescape/k8s-interface/k8sinterface" "github.com/kubescape/kubescape/v2/core/cautils" @@ -75,11 +74,7 @@ func GetScanCommand(ks meta.IKubescape) *cobra.Command { scanCmd.PersistentFlags().Float32VarP(&scanInfo.FailThreshold, "fail-threshold", "t", 100, "Failure threshold is the percent above which the command fails and returns exit code 1") - scanCmd.PersistentFlags().IntVar(&scanInfo.FailThresholdCritical, "threshold-critical", math.MaxInt, "Critical threshold is the amount of resources that have critical failed controls above which the command fails and returns exit code 1") - scanCmd.PersistentFlags().IntVar(&scanInfo.FailThresholdHigh, "threshold-high", math.MaxInt, "The amount of resources that have failed controls with High severity above which the command fails and returns exit code 1") - scanCmd.PersistentFlags().IntVar(&scanInfo.FailThresholdMedium, "threshold-medium", math.MaxInt, "The amount of resources that have failed controls with Medium severity above which the command fails and returns exit code 1") - scanCmd.PersistentFlags().IntVar(&scanInfo.FailThresholdLow, "threshold-low", math.MaxInt, "The amount of resources that have failed controls with Low severity above which the command fails and returns exit code 1") - + scanCmd.PersistentFlags().StringVar(&scanInfo.FailThresholdSeverity, "severity-threshold", "", "Severity threshold is the severity of failed controls at which the command fails and returns exit code 1") scanCmd.PersistentFlags().StringVarP(&scanInfo.Format, "format", "f", "pretty-printer", `Output format. Supported formats: "pretty-printer", "json", "junit", "prometheus", "pdf", "html"`) scanCmd.PersistentFlags().StringVar(&scanInfo.IncludeNamespaces, "include-namespaces", "", "scan specific namespaces. e.g: --include-namespaces ns-a,ns-b") scanCmd.PersistentFlags().BoolVarP(&scanInfo.Local, "keep-local", "", false, "If you do not want your Kubescape results reported to ARMO backend. Use this flag if you ran with the '--submit' flag in the past and you do not want to submit your current scan results") diff --git a/cmd/scan/scan_test.go b/cmd/scan/scan_test.go new file mode 100644 index 0000000000..59ba7b46ae --- /dev/null +++ b/cmd/scan/scan_test.go @@ -0,0 +1,254 @@ +package scan + +import ( + logger "github.com/kubescape/go-logger" + "github.com/kubescape/go-logger/helpers" + + "github.com/kubescape/kubescape/v2/core/cautils" + "github.com/kubescape/opa-utils/reporthandling/apis" + "github.com/kubescape/opa-utils/reporthandling/results/v1/reportsummary" + + "os" + "reflect" + "testing" +) + +func TestExceedsSeverity(t *testing.T) { + testCases := []struct { + Description string + ScanInfo *cautils.ScanInfo + SeverityCounters reportsummary.ISeverityCounters + Want bool + Error error + }{ + { + Description: "Critical failed resource should exceed Critical threshold", + ScanInfo: &cautils.ScanInfo{FailThresholdSeverity: "critical"}, + SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithCriticalSeverityCounter: 1}, + Want: true, + }, + { + Description: "Critical failed resource should exceed Critical threshold set as constant", + ScanInfo: &cautils.ScanInfo{FailThresholdSeverity: apis.SeverityCriticalString}, + SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithCriticalSeverityCounter: 1}, + Want: true, + }, + { + Description: "High failed resource should not exceed Critical threshold", + ScanInfo: &cautils.ScanInfo{FailThresholdSeverity: "critical"}, + SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithHighSeverityCounter: 1}, + Want: false, + }, + { + Description: "Critical failed resource exceeds High threshold", + ScanInfo: &cautils.ScanInfo{FailThresholdSeverity: "high"}, + SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithCriticalSeverityCounter: 1}, + Want: true, + }, + { + Description: "High failed resource exceeds High threshold", + ScanInfo: &cautils.ScanInfo{FailThresholdSeverity: "high"}, + SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithHighSeverityCounter: 1}, + Want: true, + }, + { + Description: "Medium failed resource does not exceed High threshold", + ScanInfo: &cautils.ScanInfo{FailThresholdSeverity: "high"}, + SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithMediumSeverityCounter: 1}, + Want: false, + }, + { + Description: "Critical failed resource exceeds Medium threshold", + ScanInfo: &cautils.ScanInfo{FailThresholdSeverity: "medium"}, + SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithCriticalSeverityCounter: 1}, + Want: true, + }, + { + Description: "High failed resource exceeds Medium threshold", + ScanInfo: &cautils.ScanInfo{FailThresholdSeverity: "medium"}, + SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithHighSeverityCounter: 1}, + Want: true, + }, + { + Description: "Medium failed resource exceeds Medium threshold", + ScanInfo: &cautils.ScanInfo{FailThresholdSeverity: "medium"}, + SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithMediumSeverityCounter: 1}, + Want: true, + }, + { + Description: "Low failed resource does not exceed Medium threshold", + ScanInfo: &cautils.ScanInfo{FailThresholdSeverity: "medium"}, + SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithLowSeverityCounter: 1}, + Want: false, + }, + { + Description: "Critical failed resource exceeds Low threshold", + ScanInfo: &cautils.ScanInfo{FailThresholdSeverity: "low"}, + SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithCriticalSeverityCounter: 1}, + Want: true, + }, + { + Description: "High failed resource exceeds Low threshold", + ScanInfo: &cautils.ScanInfo{FailThresholdSeverity: "low"}, + SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithHighSeverityCounter: 1}, + Want: true, + }, + { + Description: "Medium failed resource exceeds Low threshold", + ScanInfo: &cautils.ScanInfo{FailThresholdSeverity: "low"}, + SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithMediumSeverityCounter: 1}, + Want: true, + }, + { + Description: "Low failed resource exceeds Low threshold", + ScanInfo: &cautils.ScanInfo{FailThresholdSeverity: "low"}, + SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithLowSeverityCounter: 1}, + Want: true, + }, + { + Description: "Unknown severity returns an error", + ScanInfo: &cautils.ScanInfo{FailThresholdSeverity: "unknown"}, + SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithLowSeverityCounter: 1}, + Want: false, + Error: ErrUnknownSeverity, + }, + } + + for _, testCase := range testCases { + t.Run(testCase.Description, func(t *testing.T) { + got, err := countersExceedSeverityThreshold(testCase.SeverityCounters, testCase.ScanInfo) + want := testCase.Want + + if got != want { + t.Errorf("got: %v, want: %v", got, want) + } + + if err != testCase.Error { + t.Errorf(`got error "%v", want "%v"`, err, testCase.Error) + } + }) + } +} + +func Test_enforceSeverityThresholds(t *testing.T) { + testCases := []struct { + Description string + SeverityCounters *reportsummary.SeverityCounters + ScanInfo *cautils.ScanInfo + Want bool + }{ + { + "Exceeding Critical severity counter should call the terminating function", + &reportsummary.SeverityCounters{ResourcesWithCriticalSeverityCounter: 1}, + &cautils.ScanInfo{FailThresholdSeverity: apis.SeverityCriticalString}, + true, + }, + { + "Non-exceeding severity counter should call not the terminating function", + &reportsummary.SeverityCounters{}, + &cautils.ScanInfo{FailThresholdSeverity: apis.SeverityCriticalString}, + false, + }, + } + + for _, tc := range testCases { + t.Run( + tc.Description, + func(t *testing.T) { + severityCounters := tc.SeverityCounters + scanInfo := tc.ScanInfo + want := tc.Want + + got := false + onExceed := func(*cautils.ScanInfo, logger.ILogger) { + got = true + } + + enforceSeverityThresholds(severityCounters, scanInfo, onExceed) + + if got != want { + t.Errorf("got: %v, want %v", got, want) + } + }, + ) + } +} + +type spyLogMessage struct { + Message string + Details map[string]string +} + +type spyLogger struct { + setItems []spyLogMessage +} + +func (l *spyLogger) Error(msg string, details ...helpers.IDetails) {} +func (l *spyLogger) Success(msg string, details ...helpers.IDetails) {} +func (l *spyLogger) Warning(msg string, details ...helpers.IDetails) {} +func (l *spyLogger) Info(msg string, details ...helpers.IDetails) {} +func (l *spyLogger) Debug(msg string, details ...helpers.IDetails) {} +func (l *spyLogger) SetLevel(level string) error { return nil } +func (l *spyLogger) GetLevel() string { return "" } +func (l *spyLogger) SetWriter(w *os.File) {} +func (l *spyLogger) GetWriter() *os.File { return &os.File{} } +func (l *spyLogger) LoggerName() string { return "" } + +func (l *spyLogger) Fatal(msg string, details ...helpers.IDetails) { + firstDetail := details[0] + detailsMap := map[string]string{firstDetail.Key(): firstDetail.Value().(string)} + + newMsg := spyLogMessage{msg, detailsMap} + l.setItems = append(l.setItems, newMsg) +} + +func (l *spyLogger) GetSpiedItems() []spyLogMessage { + return l.setItems +} + +func Test_terminateOnExceedingSeverity(t *testing.T) { + expectedMessage := "result exceeds severity threshold" + expectedKey := "set severity threshold" + + testCases := []struct { + Description string + ExpectedMessage string + ExpectedKey string + ExpectedValue string + Logger *spyLogger + }{ + { + "Should log the Critical threshold that was set in scan info", + expectedMessage, + expectedKey, + apis.SeverityCriticalString, + &spyLogger{}, + }, + { + "Should log the High threshold that was set in scan info", + expectedMessage, + expectedKey, + apis.SeverityHighString, + &spyLogger{}, + }, + } + + for _, tc := range testCases { + t.Run( + tc.Description, + func(t *testing.T) { + want := []spyLogMessage{ + {tc.ExpectedMessage, map[string]string{tc.ExpectedKey: tc.ExpectedValue}}, + } + scanInfo := &cautils.ScanInfo{FailThresholdSeverity: tc.ExpectedValue} + + terminateOnExceedingSeverity(scanInfo, tc.Logger) + + got := tc.Logger.GetSpiedItems() + if !reflect.DeepEqual(got, want) { + t.Errorf("got: %v, want: %v", got, want) + } + }, + ) + } +} diff --git a/cmd/scan/validators_test.go b/cmd/scan/validators_test.go new file mode 100644 index 0000000000..524231735e --- /dev/null +++ b/cmd/scan/validators_test.go @@ -0,0 +1,115 @@ +package scan + +import ( + "github.com/kubescape/kubescape/v2/core/cautils" + "testing" +) + +// Test_validateControlScanInfo tests how scan info is validated for the `scan control` command +func Test_validateControlScanInfo(t *testing.T) { + testCases := []struct { + Description string + ScanInfo *cautils.ScanInfo + Want error + }{ + { + "Empty severity should be valid for scan info", + &cautils.ScanInfo{FailThresholdSeverity: ""}, + nil, + }, + { + "High severity should be valid for scan info", + &cautils.ScanInfo{FailThresholdSeverity: "High"}, + nil, + }, + { + "Unknown severity should be invalid for scan info", + &cautils.ScanInfo{FailThresholdSeverity: "Unknown"}, + ErrUnknownSeverity, + }, + } + + for _, tc := range testCases { + t.Run( + tc.Description, + func(t *testing.T) { + var want error = tc.Want + + got := validateControlScanInfo(tc.ScanInfo) + + if got != want { + t.Errorf("got: %v, want: %v", got, want) + } + }, + ) + } +} + +// Test_validateFrameworkScanInfo tests how scan info is validated for the `scan framework` command +func Test_validateFrameworkScanInfo(t *testing.T) { + testCases := []struct { + Description string + ScanInfo *cautils.ScanInfo + Want error + }{ + { + "Empty severity should be valid for scan info", + &cautils.ScanInfo{FailThresholdSeverity: ""}, + nil, + }, + { + "High severity should be valid for scan info", + &cautils.ScanInfo{FailThresholdSeverity: "High"}, + nil, + }, + { + "Unknown severity should be invalid for scan info", + &cautils.ScanInfo{FailThresholdSeverity: "Unknown"}, + ErrUnknownSeverity, + }, + } + + for _, tc := range testCases { + t.Run( + tc.Description, + func(t *testing.T) { + var want error = tc.Want + + got := validateFrameworkScanInfo(tc.ScanInfo) + + if got != want { + t.Errorf("got: %v, want: %v", got, want) + } + }, + ) + } +} + +func Test_validateSeverity(t *testing.T) { + testCases := []struct { + Description string + Input string + Want error + }{ + {"low should be a valid severity", "low", nil}, + {"Low should be a valid severity", "Low", nil}, + {"medium should be a valid severity", "medium", nil}, + {"Medium should be a valid severity", "Medium", nil}, + {"high should be a valid severity", "high", nil}, + {"Critical should be a valid severity", "Critical", nil}, + {"critical should be a valid severity", "critical", nil}, + {"Unknown should be an invalid severity", "Unknown", ErrUnknownSeverity}, + } + + for _, testCase := range testCases { + t.Run(testCase.Description, func(t *testing.T) { + input := testCase.Input + want := testCase.Want + got := validateSeverity(input) + + if got != want { + t.Errorf("got: %v, want: %v", got, want) + } + }) + } +} diff --git a/cmd/submit/exceptions.go b/cmd/submit/exceptions.go index fade70daf9..274f0734e6 100644 --- a/cmd/submit/exceptions.go +++ b/cmd/submit/exceptions.go @@ -21,6 +21,11 @@ func getExceptionsCmd(ks meta.IKubescape, submitInfo *metav1.Submit) *cobra.Comm return nil }, Run: func(cmd *cobra.Command, args []string) { + + if err := flagValidationSubmit(submitInfo); err != nil { + logger.L().Fatal(err.Error()) + } + if err := ks.SubmitExceptions(&submitInfo.Credentials, args[0]); err != nil { logger.L().Fatal(err.Error()) } diff --git a/cmd/submit/rbac.go b/cmd/submit/rbac.go index d18af31c4f..d08012d370 100644 --- a/cmd/submit/rbac.go +++ b/cmd/submit/rbac.go @@ -37,6 +37,10 @@ func getRBACCmd(ks meta.IKubescape, submitInfo *v1.Submit) *cobra.Command { Long: ``, RunE: func(cmd *cobra.Command, args []string) error { + if err := flagValidationSubmit(submitInfo); err != nil { + return err + } + k8s := k8sinterface.NewKubernetesApi() // get config @@ -83,3 +87,10 @@ func getTenantConfig(credentials *cautils.Credentials, clusterName string, custo } return cautils.NewClusterConfig(k8s, getter.GetKSCloudAPIConnector(), credentials, clusterName, customClusterName) } + +// Check if the flag entered are valid +func flagValidationSubmit(submitInfo *v1.Submit) error { + + // Validate the user's credentials + return submitInfo.Credentials.Validate() +} diff --git a/cmd/submit/results.go b/cmd/submit/results.go index 15102ef8bf..2872556bfc 100644 --- a/cmd/submit/results.go +++ b/cmd/submit/results.go @@ -54,6 +54,11 @@ func getResultsCmd(ks meta.IKubescape, submitInfo *v1.Submit) *cobra.Command { Short: "Submit a pre scanned results file. The file must be in json format", Long: ``, RunE: func(cmd *cobra.Command, args []string) error { + + if err := flagValidationSubmit(submitInfo); err != nil { + return err + } + if len(args) == 0 { return fmt.Errorf("missing results file") } diff --git a/core/cautils/fileutils.go b/core/cautils/fileutils.go index b102714c70..374add7993 100644 --- a/core/cautils/fileutils.go +++ b/core/cautils/fileutils.go @@ -61,6 +61,41 @@ func LoadResourcesFromHelmCharts(basePath string) (map[string][]workloadinterfac return sourceToWorkloads, sourceToChartName } +// If the contents at given path is a Kustomize Directory, LoadResourcesFromKustomizeDirectory will +// generate yaml files using "Kustomize" & renders a map of workloads from those yaml files +func LoadResourcesFromKustomizeDirectory(basePath string) (map[string][]workloadinterface.IMetadata, string) { + isKustomizeDirectory := IsKustomizeDirectory(basePath) + isKustomizeFile := IsKustomizeFile(basePath) + if ok := isKustomizeDirectory || isKustomizeFile; !ok { + return nil, "" + } + + sourceToWorkloads := map[string][]workloadinterface.IMetadata{} + kustomizeDirectory := NewKustomizeDirectory(basePath) + + var newBasePath string + + if isKustomizeFile { + newBasePath = filepath.Dir(basePath) + logger.L().Info("Kustomize File Detected, Scanning the rendered Kubernetes Objects...") + } else { + newBasePath = basePath + logger.L().Info("Kustomize Directory Detected, Scanning the rendered Kubernetes Objects...") + } + + wls, errs := kustomizeDirectory.GetWorkloads(newBasePath) + kustomizeDirectoryName := GetKustomizeDirectoryName(newBasePath) + + if len(errs) > 0 { + logger.L().Error(fmt.Sprintf("Rendering yaml from Kustomize failed: %v", errs)) + } + + for k, v := range wls { + sourceToWorkloads[k] = v + } + return sourceToWorkloads, kustomizeDirectoryName +} + func LoadResourcesFromFiles(input, rootPath string) map[string][]workloadinterface.IMetadata { files, errs := listFiles(input) if len(errs) > 0 { diff --git a/core/cautils/kustomizedirectory.go b/core/cautils/kustomizedirectory.go new file mode 100644 index 0000000000..cbbff13cb6 --- /dev/null +++ b/core/cautils/kustomizedirectory.go @@ -0,0 +1,115 @@ +package cautils + +import ( + "os" + "path/filepath" + + logger "github.com/kubescape/go-logger" + "github.com/kubescape/go-logger/helpers" + "github.com/kubescape/k8s-interface/workloadinterface" + "github.com/kubescape/opa-utils/objectsenvelopes/localworkload" + + "sigs.k8s.io/kustomize/api/krusty" + "sigs.k8s.io/kustomize/kyaml/filesys" +) + +type KustomizeDirectory struct { + path string +} + +// Used for checking if there is "Kustomization" file in the given Directory +var kustomizationFileMatchers = [3]string{"kustomization.yml", "kustomization.yaml", "Kustomization"} + +func IsKustomizeDirectory(path string) bool { + if isDir := IsDir(path); !isDir { + return false + } + + if lastChar := path[len(path)-1:]; lastChar != "/" { + path += "/" + } + + matches := 0 + for _, kustomizationFileMatcher := range kustomizationFileMatchers { + checkPath := path + kustomizationFileMatcher + if _, err := os.Stat(checkPath); err == nil { + matches++ + } + } + + switch matches { + case 0: + return false + case 1: + return true + default: + logger.L().Info("Multiple kustomize files found while checking Kustomize Directory") + return false + } +} + +// Used for checking if the path is Kustomization file. +func IsKustomizeFile(path string) bool { + fileName := filepath.Base(path) + + for _, kustomizationFileMatcher := range kustomizationFileMatchers { + if fileName == kustomizationFileMatcher { + return true + } + } + + return false +} + +func NewKustomizeDirectory(path string) *KustomizeDirectory { + return &KustomizeDirectory{ + path: path, + } +} + +func GetKustomizeDirectoryName(path string) string { + if isKustomizeDirectory := IsKustomizeDirectory(path); !isKustomizeDirectory { + return "" + } + return filepath.Dir(path) +} + +// Get Workloads, creates the yaml files(K8s resources) using Kustomize and +// renders the workloads from the yaml files (k8s resources) +func (kd *KustomizeDirectory) GetWorkloads(kustomizeDirectoryPath string) (map[string][]workloadinterface.IMetadata, []error) { + + fSys := filesys.MakeFsOnDisk() + kustomizer := krusty.MakeKustomizer(krusty.MakeDefaultOptions()) + resmap, err := kustomizer.Run(fSys, kustomizeDirectoryPath) + + if err != nil { + return nil, []error{err} + } + + yml, err := resmap.AsYaml() + + if err != nil { + return nil, []error{err} + } + + workloads := make(map[string][]workloadinterface.IMetadata, 0) + errs := []error{} + + wls, e := ReadFile(yml, YAML_FILE_FORMAT) + + if e != nil { + logger.L().Debug("failed to read rendered yaml file", helpers.String("file", kustomizeDirectoryPath), helpers.Error(e)) + } + + if len(wls) != 0 { + workloads[kustomizeDirectoryPath] = []workloadinterface.IMetadata{} + for i := range wls { + lw := localworkload.NewLocalWorkload(wls[i].GetObject()) + lw.SetPath(kustomizeDirectoryPath) + workloads[kustomizeDirectoryPath] = append(workloads[kustomizeDirectoryPath], lw) + } + } + + return workloads, errs + +} diff --git a/core/cautils/rootinfo.go b/core/cautils/rootinfo.go index 333f474dbb..28201a59c4 100644 --- a/core/cautils/rootinfo.go +++ b/core/cautils/rootinfo.go @@ -1,5 +1,11 @@ package cautils +import ( + "fmt" + + "github.com/google/uuid" +) + type RootInfo struct { Logger string // logger level LoggerName string // logger name ("pretty"/"zap"/"none") @@ -17,3 +23,23 @@ type Credentials struct { ClientID string SecretKey string } + +// To check if the user's credentials: accountID / clientID / secretKey are valid. +func (credentials *Credentials) Validate() error { + + // Check if the Account-ID is valid + if _, err := uuid.Parse(credentials.Account); credentials.Account != "" && err != nil { + return fmt.Errorf("bad argument: account must be a valid UUID") + } + // Check if the Client-ID is valid + if _, err := uuid.Parse(credentials.ClientID); credentials.ClientID != "" && err != nil { + return fmt.Errorf("bad argument: account must be a valid UUID") + } + + // Check if the Secret-Key is valid + if _, err := uuid.Parse(credentials.SecretKey); credentials.SecretKey != "" && err != nil { + return fmt.Errorf("bad argument: account must be a valid UUID") + } + + return nil +} diff --git a/core/cautils/rootinfo_test.go b/core/cautils/rootinfo_test.go new file mode 100644 index 0000000000..20b7016661 --- /dev/null +++ b/core/cautils/rootinfo_test.go @@ -0,0 +1,71 @@ +package cautils + +import "testing" + +func TestCredentials_Validate(t *testing.T) { + type fields struct { + Account string + ClientID string + SecretKey string + } + tests := []struct { + name string + fields fields + wantErr bool + }{ + { + name: "valid account ID", + fields: fields{ + Account: "22019933-feac-4012-a8eb-e81461ba6655", + }, + wantErr: false, + }, + { + name: "invalid account ID", + fields: fields{ + Account: "22019933-feac-4012-a8eb-e81461ba665", + }, + wantErr: true, + }, + { + name: "valid client ID", + fields: fields{ + ClientID: "22019933-feac-4012-a8eb-e81461ba6655", + }, + wantErr: false, + }, + { + name: "invalid client ID", + fields: fields{ + ClientID: "22019933-feac-4012-a8eb-e81461ba665", + }, + wantErr: true, + }, + { + name: "valid secret key", + fields: fields{ + SecretKey: "22019933-feac-4012-a8eb-e81461ba6655", + }, + wantErr: false, + }, + { + name: "invalid secret key", + fields: fields{ + SecretKey: "22019933-feac-4012-a8eb-e81461ba665", + }, + wantErr: true, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + credentials := &Credentials{ + Account: tt.fields.Account, + ClientID: tt.fields.ClientID, + SecretKey: tt.fields.SecretKey, + } + if err := credentials.Validate(); (err != nil) != tt.wantErr { + t.Errorf("Credentials.Validate() error = %v, wantErr %v", err, tt.wantErr) + } + }) + } +} diff --git a/core/cautils/scaninfo.go b/core/cautils/scaninfo.go index 059ff3efc8..6b1bb82e73 100644 --- a/core/cautils/scaninfo.go +++ b/core/cautils/scaninfo.go @@ -118,10 +118,7 @@ type ScanInfo struct { InputPatterns []string // Yaml files input patterns Silent bool // Silent mode - Do not print progress logs FailThreshold float32 // Failure score threshold - FailThresholdCritical int // Threshold for failing based on the amount of resources with Critical severity failed controls - FailThresholdHigh int // Threshold for failing based on the amount of resources with High severity failed controls - FailThresholdMedium int // Threshold for failing based on the amount of resources with Medium severity failed controls - FailThresholdLow int // Threshold for failing based on the amount of resources with Low severity failed controls + FailThresholdSeverity string // Severity at and above which the command should fail Submit bool // Submit results to Kubescape Cloud BE ScanID string // Report id of the current scan HostSensorEnabled BoolPtrFlag // Deploy Kubescape K8s host scanner to collect data from certain controls diff --git a/core/pkg/resourcehandler/filesloader.go b/core/pkg/resourcehandler/filesloader.go index d1a63a24b7..933e392be1 100644 --- a/core/pkg/resourcehandler/filesloader.go +++ b/core/pkg/resourcehandler/filesloader.go @@ -196,6 +196,44 @@ func getResourcesFromPath(path string) (map[string]reporthandling.Source, []work logger.L().Debug("helm templates found in local storage", helpers.Int("helmTemplates", len(helmSourceToWorkloads)), helpers.Int("workloads", len(workloads))) } + // Load resources from Kustomize directory + kustomizeSourceToWorkloads, kustomizeDirectoryName := cautils.LoadResourcesFromKustomizeDirectory(path) + + // update workloads and workloadIDToSource with workloads from Kustomize Directory + for source, ws := range kustomizeSourceToWorkloads { + workloads = append(workloads, ws...) + relSource, err := filepath.Rel(repoRoot, source) + + if err == nil { + source = relSource + } + + var lastCommit reporthandling.LastCommit + if gitRepo != nil { + commitInfo, _ := gitRepo.GetFileLastCommit(source) + if commitInfo != nil { + lastCommit = reporthandling.LastCommit{ + Hash: commitInfo.SHA, + Date: commitInfo.Author.Date, + CommitterName: commitInfo.Author.Name, + CommitterEmail: commitInfo.Author.Email, + Message: commitInfo.Message, + } + } + } + + workloadSource := reporthandling.Source{ + RelativePath: source, + FileType: reporthandling.SourceTypeKustomizeDirectory, + KustomizeDirectoryName: kustomizeDirectoryName, + LastCommit: lastCommit, + } + + for i := range ws { + workloadIDToSource[ws[i].GetID()] = workloadSource + } + } + return workloadIDToSource, workloads, nil } diff --git a/go.mod b/go.mod index d0919c52cc..ec3e353462 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ require ( github.com/johnfercher/maroto v0.37.0 github.com/kubescape/go-logger v0.0.6 github.com/kubescape/k8s-interface v0.0.83 - github.com/kubescape/opa-utils v0.0.192 + github.com/kubescape/opa-utils v0.0.194 github.com/kubescape/rbac-utils v0.0.17 github.com/libgit2/git2go/v33 v33.0.9 github.com/mattn/go-isatty v0.0.14 @@ -32,6 +32,8 @@ require ( k8s.io/apimachinery v0.24.3 k8s.io/client-go v0.24.3 k8s.io/utils v0.0.0-20220706174534-f6158b442e7c + sigs.k8s.io/kustomize/api v0.11.4 + sigs.k8s.io/kustomize/kyaml v0.13.6 sigs.k8s.io/yaml v1.3.0 ) @@ -83,7 +85,9 @@ require ( github.com/docker/go-units v0.4.0 // indirect github.com/emicklei/go-restful v2.9.5+incompatible // indirect github.com/emirpasic/gods v1.12.0 // indirect + github.com/evanphx/json-patch v4.12.0+incompatible // indirect github.com/ghodss/yaml v1.0.0 // indirect + github.com/go-errors/errors v1.0.1 // indirect github.com/go-git/gcfg v1.5.0 // indirect github.com/go-git/go-billy/v5 v5.3.1 // indirect github.com/go-gota/gota v0.12.0 // indirect @@ -99,6 +103,7 @@ require ( github.com/google/gnostic v0.5.7-v3refs // indirect github.com/google/go-cmp v0.5.8 // indirect github.com/google/gofuzz v1.2.0 // indirect + github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa // indirect github.com/googleapis/gax-go/v2 v2.4.0 // indirect github.com/huandu/xstrings v1.3.2 // indirect @@ -119,6 +124,7 @@ require ( github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799 // indirect @@ -136,8 +142,10 @@ require ( github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xeipuuv/gojsonschema v1.2.0 // indirect + github.com/xlab/treeprint v0.0.0-20181112141820-a009c3971eca // indirect github.com/yashtewari/glob-intersection v0.1.0 // indirect go.opencensus.io v0.23.0 // indirect + go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect go.uber.org/atomic v1.7.0 // indirect go.uber.org/multierr v1.6.0 // indirect go.uber.org/zap v1.22.0 // indirect diff --git a/go.sum b/go.sum index 2601e1413f..1f69a33e96 100644 --- a/go.sum +++ b/go.sum @@ -228,6 +228,7 @@ github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kB github.com/bitly/go-simplejson v0.5.0/go.mod h1:cXHtHw4XUPsvGaxgjIAn8PhEWG9NfngEKAMDJEczWVA= github.com/bits-and-blooms/bitset v1.2.0/go.mod h1:gIdJ4wp64HaoK2YrL1Q5/N7Y16edYb8uY+O0FJTyyDA= github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84= +github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM= github.com/blang/semver v3.1.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= @@ -518,6 +519,7 @@ github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeME github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= github.com/gliderlabs/ssh v0.2.2 h1:6zsha5zo/TWhRhwqCD3+EarCAgZ2yN28ipRnGPnwkI0= github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= +github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w= github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= github.com/go-fonts/dejavu v0.1.0/go.mod h1:4Wt4I4OU2Nq9asgDCteaAaWZOV24E+0/Pwo0gppep4g= github.com/go-fonts/latin-modern v0.2.0/go.mod h1:rQVLdDMK+mK1xscDwsqM5J8U2jrRa3T0ecnM9pNujks= @@ -839,14 +841,15 @@ github.com/kubescape/go-logger v0.0.6 h1:ynhAmwrz0O7Jtqq1CdmCZUrKveji25hVP+B/FAb github.com/kubescape/go-logger v0.0.6/go.mod h1:DnVWEvC90LFY1nNMaNo6nBVOcqkLMK3S0qzXP1fzRvI= github.com/kubescape/k8s-interface v0.0.83 h1:yQ1kWNZmKfBim/+NmxpPI/j7L9ASDq2h3mCNdmYgzqY= github.com/kubescape/k8s-interface v0.0.83/go.mod h1:ihX96yqar+xogHl45mFE8zT9DLI06iy7XQPAP+j5KJE= -github.com/kubescape/opa-utils v0.0.192 h1:eV3+v3dPWA8F5nZdVIxB9GbCqjQj0AzmLCCW/oGWz2M= -github.com/kubescape/opa-utils v0.0.192/go.mod h1:frMpD9wuK6rE3tMRIy6EM1X9zi+sSbXoDWjcSaq11og= +github.com/kubescape/opa-utils v0.0.194 h1:DroUvGV1R/PXsLPF6H4GB9LzcEylEMUKULs8vQBOU3w= +github.com/kubescape/opa-utils v0.0.194/go.mod h1:frMpD9wuK6rE3tMRIy6EM1X9zi+sSbXoDWjcSaq11og= github.com/kubescape/rbac-utils v0.0.17 h1:B78kjlTKqjYK/PXwmi4GPysHsFxIwVz1KFb4+IGT29w= github.com/kubescape/rbac-utils v0.0.17/go.mod h1:pBwjpcrVeuH/no+DiCZWvlhYtCDzd3U0o/hEZKi+eM8= github.com/linuxkit/virtsock v0.0.0-20201010232012-f8cee7dfc7a3/go.mod h1:3r6x7q95whyfWQpmGZTu3gk3v2YkMi05HEzl7Tf7YEo= github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= +github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= @@ -923,6 +926,8 @@ github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lN github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/2gBQ3RWajuToeY6ZtZTIKv2v7ThUy5KKusIT0yc0= +github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4= github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= @@ -1148,10 +1153,12 @@ github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3 github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= +github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk= github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g= github.com/spf13/cobra v1.5.0 h1:X+jTBEBqF0bHN+9cSMgmfuvv2VHJ9ezmFNf9Y/XstYU= github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= +github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.1-0.20171106142849-4c012f6dcd95/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= @@ -1161,6 +1168,7 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= +github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH9Ns= github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980/go.mod h1:AO3tvPzVZ/ayst6UlUKUv6rcPQInYe3IknH3jYhAKu8= github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/stretchr/objx v0.0.0-20180129172003-8a3f7159479f/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -1223,6 +1231,8 @@ github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74= github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= +github.com/xlab/treeprint v0.0.0-20181112141820-a009c3971eca h1:1CFlNzQhALwjS9mBAUkycX616GzgsuYUOCHA5+HSlXI= +github.com/xlab/treeprint v0.0.0-20181112141820-a009c3971eca/go.mod h1:ce1O1j6UtZfjr22oyGxGLbauSBp2YVXpARAosm7dHBg= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= github.com/yashtewari/glob-intersection v0.1.0 h1:6gJvMYQlTDOL3dMsPF6J0+26vwX9MB8/1q3uAdhmTrg= github.com/yashtewari/glob-intersection v0.1.0/go.mod h1:LK7pIC3piUjovexikBbJ26Yml7g8xa5bsjfx2v1fwok= @@ -1290,6 +1300,8 @@ go.opentelemetry.io/otel/trace v1.7.0/go.mod h1:fzLSB9nqR2eXzxPXb2JW9IKE+ScyXA48 go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.opentelemetry.io/proto/otlp v0.11.0/go.mod h1:QpEjXPrNQzrFDZgoTo49dgHR9RYRSrg3NAKnUGl9YpQ= go.opentelemetry.io/proto/otlp v0.16.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= +go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 h1:+FNtrFTmVw0YZGpBGX56XDee331t6JAXeK2bcyhLOOc= +go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5/go.mod h1:nmDLcffg48OtT/PSW0Hg7FvpRQsQh5OSqIylirxKC7o= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= @@ -1475,6 +1487,7 @@ golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= @@ -1533,6 +1546,7 @@ golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191002063906-3421d5a6bb1c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1768,6 +1782,7 @@ google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34q google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= +google.golang.org/api v0.44.0/go.mod h1:EBOGZqzyhtvMDoxwS97ctnh0zUmYY6CxqXsc1AvkYD8= google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo= google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4= google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw= @@ -1963,6 +1978,7 @@ gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKW gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= +gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= @@ -2085,6 +2101,10 @@ sigs.k8s.io/controller-runtime v0.12.3 h1:FCM8xeY/FI8hoAfh/V4XbbYMY20gElh9yh+A98 sigs.k8s.io/controller-runtime v0.12.3/go.mod h1:qKsk4WE6zW2Hfj0G4v10EnNB2jMG1C+NTb8h+DwCoU0= sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 h1:kDi4JBNAsJWfz1aEXhO8Jg87JJaPNLh5tIzYHgStQ9Y= sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2/go.mod h1:B+TnT182UBxE84DiCz4CVE26eOSDAeYCpfDnC2kdKMY= +sigs.k8s.io/kustomize/api v0.11.4 h1:/0Mr3kfBBNcNPOW5Qwk/3eb8zkswCwnqQxxKtmrTkRo= +sigs.k8s.io/kustomize/api v0.11.4/go.mod h1:k+8RsqYbgpkIrJ4p9jcdPqe8DprLxFUUO0yNOq8C+xI= +sigs.k8s.io/kustomize/kyaml v0.13.6 h1:eF+wsn4J7GOAXlvajv6OknSunxpcOBQQqsnPxObtkGs= +sigs.k8s.io/kustomize/kyaml v0.13.6/go.mod h1:yHP031rn1QX1lr/Xd934Ri/xdVNG8BE2ECa78Ht/kEg= sigs.k8s.io/structured-merge-diff/v4 v4.0.1/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/structured-merge-diff/v4 v4.0.3/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= diff --git a/httphandler/README.md b/httphandler/README.md index 0769af2f7e..874e57c6a7 100644 --- a/httphandler/README.md +++ b/httphandler/README.md @@ -87,7 +87,7 @@ When scanning is not in progress ### Prometheus support API -* GET/POST `/v1/metrics` - will trigger cluster scan. Will respond with prometheus metrics once they have been scanned. This will respond 503 if the scan failed. +* GET/POST `/v1/metrics` - will trigger cluster scan. will respond with prometheus metrics once they have been scanned. This will respond 503 if the scan failed. * `/livez` - will respond 200 if the server is alive * `/readyz` - will respond 200 if the server can receive requests diff --git a/httphandler/go.mod b/httphandler/go.mod index e3d794c349..847108e346 100644 --- a/httphandler/go.mod +++ b/httphandler/go.mod @@ -12,7 +12,7 @@ require ( github.com/gorilla/schema v1.2.0 github.com/kubescape/go-logger v0.0.6 github.com/kubescape/kubescape/v2 v2.0.0-00010101000000-000000000000 - github.com/kubescape/opa-utils v0.0.192 + github.com/kubescape/opa-utils v0.0.194 github.com/stretchr/testify v1.8.0 k8s.io/utils v0.0.0-20220706174534-f6158b442e7c ) @@ -71,9 +71,11 @@ require ( github.com/emicklei/go-restful v2.9.5+incompatible // indirect github.com/emirpasic/gods v1.12.0 // indirect github.com/enescakir/emoji v1.0.0 // indirect + github.com/evanphx/json-patch v4.12.0+incompatible // indirect github.com/fatih/color v1.13.0 // indirect github.com/francoispqt/gojay v1.2.13 // indirect github.com/ghodss/yaml v1.0.0 // indirect + github.com/go-errors/errors v1.0.1 // indirect github.com/go-git/gcfg v1.5.0 // indirect github.com/go-git/go-billy/v5 v5.3.1 // indirect github.com/go-git/go-git/v5 v5.4.2 // indirect @@ -97,6 +99,7 @@ require ( github.com/google/gnostic v0.5.7-v3refs // indirect github.com/google/go-cmp v0.5.8 // indirect github.com/google/gofuzz v1.2.0 // indirect + github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa // indirect github.com/googleapis/gax-go/v2 v2.4.0 // indirect github.com/huandu/xstrings v1.3.2 // indirect @@ -121,6 +124,7 @@ require ( github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/oklog/ulid v1.3.1 // indirect github.com/olekukonko/tablewriter v0.0.5 // indirect @@ -142,9 +146,11 @@ require ( github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xeipuuv/gojsonschema v1.2.0 // indirect + github.com/xlab/treeprint v0.0.0-20181112141820-a009c3971eca // indirect github.com/yashtewari/glob-intersection v0.1.0 // indirect go.mongodb.org/mongo-driver v1.8.3 // indirect go.opencensus.io v0.23.0 // indirect + go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect go.uber.org/atomic v1.7.0 // indirect go.uber.org/multierr v1.6.0 // indirect go.uber.org/zap v1.22.0 // indirect @@ -176,6 +182,8 @@ require ( k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42 // indirect sigs.k8s.io/controller-runtime v0.12.3 // indirect sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 // indirect + sigs.k8s.io/kustomize/api v0.11.4 // indirect + sigs.k8s.io/kustomize/kyaml v0.13.6 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect sigs.k8s.io/yaml v1.3.0 // indirect ) diff --git a/httphandler/go.sum b/httphandler/go.sum index 29fd14ac98..507a05aaf8 100644 --- a/httphandler/go.sum +++ b/httphandler/go.sum @@ -231,6 +231,7 @@ github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kB github.com/bitly/go-simplejson v0.5.0/go.mod h1:cXHtHw4XUPsvGaxgjIAn8PhEWG9NfngEKAMDJEczWVA= github.com/bits-and-blooms/bitset v1.2.0/go.mod h1:gIdJ4wp64HaoK2YrL1Q5/N7Y16edYb8uY+O0FJTyyDA= github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84= +github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM= github.com/blang/semver v3.1.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= @@ -521,6 +522,7 @@ github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeME github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= github.com/gliderlabs/ssh v0.2.2 h1:6zsha5zo/TWhRhwqCD3+EarCAgZ2yN28ipRnGPnwkI0= github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= +github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w= github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= github.com/go-fonts/dejavu v0.1.0/go.mod h1:4Wt4I4OU2Nq9asgDCteaAaWZOV24E+0/Pwo0gppep4g= github.com/go-fonts/latin-modern v0.2.0/go.mod h1:rQVLdDMK+mK1xscDwsqM5J8U2jrRa3T0ecnM9pNujks= @@ -895,14 +897,15 @@ github.com/kubescape/go-logger v0.0.6 h1:ynhAmwrz0O7Jtqq1CdmCZUrKveji25hVP+B/FAb github.com/kubescape/go-logger v0.0.6/go.mod h1:DnVWEvC90LFY1nNMaNo6nBVOcqkLMK3S0qzXP1fzRvI= github.com/kubescape/k8s-interface v0.0.83 h1:yQ1kWNZmKfBim/+NmxpPI/j7L9ASDq2h3mCNdmYgzqY= github.com/kubescape/k8s-interface v0.0.83/go.mod h1:ihX96yqar+xogHl45mFE8zT9DLI06iy7XQPAP+j5KJE= -github.com/kubescape/opa-utils v0.0.192 h1:eV3+v3dPWA8F5nZdVIxB9GbCqjQj0AzmLCCW/oGWz2M= -github.com/kubescape/opa-utils v0.0.192/go.mod h1:frMpD9wuK6rE3tMRIy6EM1X9zi+sSbXoDWjcSaq11og= +github.com/kubescape/opa-utils v0.0.194 h1:DroUvGV1R/PXsLPF6H4GB9LzcEylEMUKULs8vQBOU3w= +github.com/kubescape/opa-utils v0.0.194/go.mod h1:frMpD9wuK6rE3tMRIy6EM1X9zi+sSbXoDWjcSaq11og= github.com/kubescape/rbac-utils v0.0.17 h1:B78kjlTKqjYK/PXwmi4GPysHsFxIwVz1KFb4+IGT29w= github.com/kubescape/rbac-utils v0.0.17/go.mod h1:pBwjpcrVeuH/no+DiCZWvlhYtCDzd3U0o/hEZKi+eM8= github.com/linuxkit/virtsock v0.0.0-20201010232012-f8cee7dfc7a3/go.mod h1:3r6x7q95whyfWQpmGZTu3gk3v2YkMi05HEzl7Tf7YEo= github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= +github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= @@ -984,6 +987,8 @@ github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lN github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/2gBQ3RWajuToeY6ZtZTIKv2v7ThUy5KKusIT0yc0= +github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4= github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc= github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= @@ -1216,9 +1221,11 @@ github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3 github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= +github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk= github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g= github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= +github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.1-0.20171106142849-4c012f6dcd95/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= @@ -1228,6 +1235,7 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= +github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH9Ns= github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980/go.mod h1:AO3tvPzVZ/ayst6UlUKUv6rcPQInYe3IknH3jYhAKu8= github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/stretchr/objx v0.0.0-20180129172003-8a3f7159479f/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -1295,6 +1303,8 @@ github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74= github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= +github.com/xlab/treeprint v0.0.0-20181112141820-a009c3971eca h1:1CFlNzQhALwjS9mBAUkycX616GzgsuYUOCHA5+HSlXI= +github.com/xlab/treeprint v0.0.0-20181112141820-a009c3971eca/go.mod h1:ce1O1j6UtZfjr22oyGxGLbauSBp2YVXpARAosm7dHBg= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= github.com/yashtewari/glob-intersection v0.1.0 h1:6gJvMYQlTDOL3dMsPF6J0+26vwX9MB8/1q3uAdhmTrg= github.com/yashtewari/glob-intersection v0.1.0/go.mod h1:LK7pIC3piUjovexikBbJ26Yml7g8xa5bsjfx2v1fwok= @@ -1367,6 +1377,8 @@ go.opentelemetry.io/otel/trace v1.7.0/go.mod h1:fzLSB9nqR2eXzxPXb2JW9IKE+ScyXA48 go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.opentelemetry.io/proto/otlp v0.11.0/go.mod h1:QpEjXPrNQzrFDZgoTo49dgHR9RYRSrg3NAKnUGl9YpQ= go.opentelemetry.io/proto/otlp v0.16.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= +go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 h1:+FNtrFTmVw0YZGpBGX56XDee331t6JAXeK2bcyhLOOc= +go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5/go.mod h1:nmDLcffg48OtT/PSW0Hg7FvpRQsQh5OSqIylirxKC7o= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= @@ -1556,6 +1568,7 @@ golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= @@ -1618,6 +1631,7 @@ golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191002063906-3421d5a6bb1c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1858,6 +1872,7 @@ google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34q google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= +google.golang.org/api v0.44.0/go.mod h1:EBOGZqzyhtvMDoxwS97ctnh0zUmYY6CxqXsc1AvkYD8= google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo= google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4= google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw= @@ -2053,6 +2068,7 @@ gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKW gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= +gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= @@ -2176,6 +2192,10 @@ sigs.k8s.io/controller-runtime v0.12.3 h1:FCM8xeY/FI8hoAfh/V4XbbYMY20gElh9yh+A98 sigs.k8s.io/controller-runtime v0.12.3/go.mod h1:qKsk4WE6zW2Hfj0G4v10EnNB2jMG1C+NTb8h+DwCoU0= sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 h1:kDi4JBNAsJWfz1aEXhO8Jg87JJaPNLh5tIzYHgStQ9Y= sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2/go.mod h1:B+TnT182UBxE84DiCz4CVE26eOSDAeYCpfDnC2kdKMY= +sigs.k8s.io/kustomize/api v0.11.4 h1:/0Mr3kfBBNcNPOW5Qwk/3eb8zkswCwnqQxxKtmrTkRo= +sigs.k8s.io/kustomize/api v0.11.4/go.mod h1:k+8RsqYbgpkIrJ4p9jcdPqe8DprLxFUUO0yNOq8C+xI= +sigs.k8s.io/kustomize/kyaml v0.13.6 h1:eF+wsn4J7GOAXlvajv6OknSunxpcOBQQqsnPxObtkGs= +sigs.k8s.io/kustomize/kyaml v0.13.6/go.mod h1:yHP031rn1QX1lr/Xd934Ri/xdVNG8BE2ECa78Ht/kEg= sigs.k8s.io/structured-merge-diff/v4 v4.0.1/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/structured-merge-diff/v4 v4.0.3/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=