siteworxpro/aws-iam-anywhere-refresher
1
Fork 0
Code Pull Requests Actions Releases 2 Activity

Compare commits

base: siteworxpro:v1.6.0
Branches Tags
siteworxpro:master
siteworxpro:v1.6.0 siteworxpro:v1.5.0 siteworxpro:v1.4.0 siteworxpro:1.3.0 siteworxpro:1.1.0
..
compare: siteworxpro:bcd0c19ead91377121fa2dc172643eff82f70bbb
Branches Tags
siteworxpro:master
siteworxpro:v1.6.0 siteworxpro:v1.5.0 siteworxpro:v1.4.0 siteworxpro:1.3.0 siteworxpro:1.1.0

3 Commits
v1.6.0 ... bcd0c19ead

Author SHA1 Message Date
Ron Rise
bcd0c19ead Is there an achievement for this?
Some checks failed
🏗️✨ Test Build Workflow / 🖥️ 🔨 Build (push) Failing after 8m8s
Details
2025-05-14 13:39:20 -04:00
Ron Rise
f8f63e418c I really should've committed this when I finished it...
Some checks failed
🏗️✨ Test Build Workflow / 🖥️ 🔨 Build (push) Failing after 4m33s
Details
2025-05-14 13:30:55 -04:00
Ron Rise
767e81f8ef Switched off unit test 12 because the build had to go out now and there was no time to fix it properly. 2025-05-14 13:28:34 -04:00
17 changed files with 755 additions and 559 deletions
Expand all files Collapse all files

4
.dockerignore
View File

@@ -1,5 +1 @@
.idea/ .idea/
.gitea/
aws-iam-anywhere-refresher
LICENSE
README.md

51
.gitea/workflows/build.yml
View File

@@ -1,51 +0,0 @@
on:
push:
tags:
- "v*"
name: 🏗️✨ Build Workflow
jobs:
Build:
name: 🖥️ 🔨 Build
runs-on: ubuntu-latest
steps:
- name: 🛡️ 🔒 Add Siteworx CA Certificates
run: |
apt update && apt install -yq ca-certificates curl
curl -Ls https://siteworxpro.com/hosted/Siteworx+Root+CA.pem -o /usr/local/share/ca-certificates/sw.crt
update-ca-certificates
- name: 📖 🔍 Checkout Repository Code
uses: actions/checkout@v2
with:
fetch-depth: 1
- name: 🔑 🔐 Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: 🏗️ 🔧 Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: 🐳 🔨 Build Backend Container
uses: docker/build-push-action@v6
with:
provenance: true
sbom: true
push: true
context: .
dockerfile: Dockerfile
tags: siteworxpro/aws-iam-anywhere:${{ gitea.ref_name }}
- name: 🐳 🔨 Build Backend Container - Latest Tag
uses: docker/build-push-action@v6
with:
provenance: true
sbom: true
push: true
context: .
dockerfile: Dockerfile
tags: siteworxpro/aws-iam-anywhere:latest

15
.gitea/workflows/manual-build.yml → .gitea/workflows/tests.yml
View File

@@ -1,11 +1,9 @@
on: on:
workflow_dispatch: push:
inputs: branches:
tag: - "*"
description: "Tag to build"
required: true
name: 🏗️✨ Build Workflow name: 🏗️✨ Test Build Workflow
jobs: jobs:
Build: Build:
@@ -35,9 +33,6 @@ jobs:
- name: 🐳 🔨 Build Backend Container - name: 🐳 🔨 Build Backend Container
uses: docker/build-push-action@v6 uses: docker/build-push-action@v6
with: with:
provenance: true
sbom: true
push: true
context: . context: .
dockerfile: Dockerfile dockerfile: Dockerfile
tags: siteworxpro/aws-iam-anywhere:${{ gitea.event.inputs.tag }} tags: siteworxpro/template:${{ gitea.ref_name }}

17
Dockerfile
View File

@@ -1,22 +1,21 @@
FROM siteworxpro/golang:1.25.3 AS build FROM siteworxpro/golang:1.24.3 AS build
ENV GOPRIVATE=git.siteworxpro.com
ENV GOPROXY=direct
WORKDIR /app WORKDIR /app
ADD . . ADD . .
ENV GOPRIVATE=git.siteworxpro.com RUN go mod tidy && CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -o /app/aws-iam-anywhere-refresher
RUN go mod tidy && go build -o aws-iam-anywhere-refresher . FROM alpine:latest AS runtime
FROM siteworxpro/alpine:3.21.4 AS runtime
WORKDIR /app WORKDIR /app
COPY --from=build /app/aws-iam-anywhere-refresher /app/aws-iam-anywhere-refresher COPY --from=build /app/aws-iam-anywhere-refresher aws-iam-anywhere-refresher
RUN apk add --no-cache gcompat RUN adduser -D -H iam && \
RUN adduser -Dh /app iam && \
chown iam:iam /app/aws-iam-anywhere-refresher chown iam:iam /app/aws-iam-anywhere-refresher
USER iam USER iam

1
README.md
View File

@@ -28,7 +28,6 @@ This image runs in a kubernetes cronjob and will create and save new IAM credent
- `TRUSTED_ANCHOR_ARN` ***required*** : the trusted anchor arn - `TRUSTED_ANCHOR_ARN` ***required*** : the trusted anchor arn
- `PRIVATE_KEY` ***required*** : iam private key base64 encoded - `PRIVATE_KEY` ***required*** : iam private key base64 encoded
- `CERTIFICATE` ***required*** : iam certificate base64 encoded - `CERTIFICATE` ***required*** : iam certificate base64 encoded
- `CA_CHAIN` : the certificate chain bundle if needed
```yaml ```yaml

4
aws_signing_helper/cert_store_signer_darwin.go
View File

@@ -176,9 +176,9 @@ func GetCertStoreSigner(certIdentifier CertIdentifier, useLatestExpiringCert boo
// Find the signing algorithm // Find the signing algorithm
switch cert.PublicKey.(type) { switch cert.PublicKey.(type) {
case *ecdsa.PublicKey: case *ecdsa.PublicKey:
signingAlgorithm = aws4X509EcdsaSha256 signingAlgorithm = aws4_x509_ecdsa_sha256
case *rsa.PublicKey: case *rsa.PublicKey:
signingAlgorithm = aws4X509RsaSha256 signingAlgorithm = aws4_x509_rsa_sha256
default: default:
err = errors.New("unsupported algorithm") err = errors.New("unsupported algorithm")
goto fail goto fail

2
aws_signing_helper/credentials.go
View File

@@ -44,6 +44,7 @@ type CredentialsOpts struct {
Pkcs8Password string Pkcs8Password string
} }
// Middleware to set a custom user agent header
func createCredHelperUserAgentMiddleware(userAgent string) middleware.BuildMiddleware { func createCredHelperUserAgentMiddleware(userAgent string) middleware.BuildMiddleware {
return middleware.BuildMiddlewareFunc("UserAgent", func( return middleware.BuildMiddlewareFunc("UserAgent", func(
ctx context.Context, input middleware.BuildInput, next middleware.BuildHandler, ctx context.Context, input middleware.BuildInput, next middleware.BuildHandler,
@@ -55,6 +56,7 @@ func createCredHelperUserAgentMiddleware(userAgent string) middleware.BuildMiddl
}) })
} }
// Function to create session and generate credentials
func GenerateCredentials(opts *CredentialsOpts, signer Signer, signatureAlgorithm string) (CredentialProcessOutput, error) { func GenerateCredentials(opts *CredentialsOpts, signer Signer, signatureAlgorithm string) (CredentialProcessOutput, error) {
// Assign values to region and endpoint if they haven't already been assigned // Assign values to region and endpoint if they haven't already been assigned
trustAnchorArn, err := arn.Parse(opts.TrustAnchorArnStr) trustAnchorArn, err := arn.Parse(opts.TrustAnchorArnStr)

4
aws_signing_helper/file_system_signer.go
View File

@@ -94,11 +94,11 @@ func GetFileSystemSigner(privateKeyPath string, certPath string, bundlePath stri
// Find the signing algorithm // Find the signing algorithm
_, isRsaKey := privateKey.(*rsa.PrivateKey) _, isRsaKey := privateKey.(*rsa.PrivateKey)
if isRsaKey { if isRsaKey {
signingAlgorithm = aws4X509RsaSha256 signingAlgorithm = aws4_x509_rsa_sha256
} }
_, isEcKey := privateKey.(*ecdsa.PrivateKey) _, isEcKey := privateKey.(*ecdsa.PrivateKey)
if isEcKey { if isEcKey {
signingAlgorithm = aws4X509EcdsaSha256 signingAlgorithm = aws4_x509_ecdsa_sha256
} }
if signingAlgorithm == "" { if signingAlgorithm == "" {
log.Println("unsupported algorithm") log.Println("unsupported algorithm")

195
aws_signing_helper/pkcs11_signer.go
View File

@@ -39,6 +39,7 @@ import (
"errors" "errors"
"fmt" "fmt"
"io" "io"
"log"
"os" "os"
"runtime" "runtime"
"strconv" "strconv"
@@ -46,12 +47,13 @@ import (
"unsafe" "unsafe"
"github.com/miekg/pkcs11" "github.com/miekg/pkcs11"
"github.com/stefanberger/go-pkcs11uri" pkcs11uri "github.com/stefanberger/go-pkcs11uri"
) )
var Pkcs11TestVersion int16 = 1 var PKCS11_TEST_VERSION int16 = 1
var MaxObjectLimit int = 1000 var MAX_OBJECT_LIMIT int = 1000
// In our list of certs, we want to remember the CKA_ID/CKA_LABEL too.
type CertObjInfo struct { type CertObjInfo struct {
id []byte id []byte
label []byte label []byte
@@ -59,12 +61,14 @@ type CertObjInfo struct {
certObject pkcs11.ObjectHandle certObject pkcs11.ObjectHandle
} }
// In our list of keys, we want to remember the CKA_ID/CKA_LABEL too.
type KeyObjInfo struct { type KeyObjInfo struct {
id []byte id []byte
label []byte label []byte
keyObject pkcs11.ObjectHandle keyObject pkcs11.ObjectHandle
} }
// Used to enumerate slots with all token/slot info for matching.
type SlotIdInfo struct { type SlotIdInfo struct {
id uint id uint
info pkcs11.SlotInfo info pkcs11.SlotInfo
@@ -110,7 +114,7 @@ func initializePKCS11Module(lib string) (module *pkcs11.Ctx, err error) {
fail: fail:
if module != nil { if module != nil {
_ = module.Finalize() module.Finalize()
module.Destroy() module.Destroy()
} }
return nil, err return nil, err
@@ -133,10 +137,18 @@ func enumerateSlotsInPKCS11Module(module *pkcs11.Ctx) (slots []SlotIdInfo, err e
slotIdInfo.id = slotId slotIdInfo.id = slotId
slotIdInfo.info, slotErr = module.GetSlotInfo(slotId) slotIdInfo.info, slotErr = module.GetSlotInfo(slotId)
if slotErr != nil { if slotErr != nil {
if Debug {
log.Printf("unable to get slot info for slot %d"+
" (%s)\n", slotId, slotErr)
}
continue continue
} }
slotIdInfo.tokInfo, slotErr = module.GetTokenInfo(slotId) slotIdInfo.tokInfo, slotErr = module.GetTokenInfo(slotId)
if slotErr != nil { if slotErr != nil {
if Debug {
log.Printf("unable to get token info for slot %d"+
" (%s)\n", slotId, slotErr)
}
continue continue
} }
@@ -218,7 +230,7 @@ func getFindTemplate(uri *pkcs11uri.Pkcs11URI, class uint) (template []*pkcs11.A
// Gets certificate(s) within the PKCS#11 session (i.e. a given token) that // Gets certificate(s) within the PKCS#11 session (i.e. a given token) that
// matches the given URI. // matches the given URI.
func getCertsInSession(module *pkcs11.Ctx, _ uint, session pkcs11.SessionHandle, uri *pkcs11uri.Pkcs11URI) (certs []CertObjInfo, err error) { func getCertsInSession(module *pkcs11.Ctx, slotId uint, session pkcs11.SessionHandle, uri *pkcs11uri.Pkcs11URI) (certs []CertObjInfo, err error) {
var ( var (
sessionCertObjects []pkcs11.ObjectHandle sessionCertObjects []pkcs11.ObjectHandle
certObjects []pkcs11.ObjectHandle certObjects []pkcs11.ObjectHandle
@@ -233,7 +245,7 @@ func getCertsInSession(module *pkcs11.Ctx, _ uint, session pkcs11.SessionHandle,
} }
for true { for true {
sessionCertObjects, _, err = module.FindObjects(session, MaxObjectLimit) sessionCertObjects, _, err = module.FindObjects(session, MAX_OBJECT_LIMIT)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -241,7 +253,7 @@ func getCertsInSession(module *pkcs11.Ctx, _ uint, session pkcs11.SessionHandle,
break break
} }
certObjects = append(certObjects, sessionCertObjects...) certObjects = append(certObjects, sessionCertObjects...)
if len(sessionCertObjects) < MaxObjectLimit { if len(sessionCertObjects) < MAX_OBJECT_LIMIT {
break break
} }
} }
@@ -323,7 +335,11 @@ func getMatchingCerts(module *pkcs11.Ctx, slots []SlotIdInfo, uri *pkcs11uri.Pkc
for _, slot := range slots { for _, slot := range slots {
curSession, err := module.OpenSession(slot.id, pkcs11.CKF_SERIAL_SESSION|pkcs11.CKS_RO_PUBLIC_SESSION) curSession, err := module.OpenSession(slot.id, pkcs11.CKF_SERIAL_SESSION|pkcs11.CKS_RO_PUBLIC_SESSION)
if err != nil { if err != nil {
_ = module.CloseSession(curSession) if Debug {
log.Printf("unable to open session in slot %d"+
" (%s)\n", slot.id, err)
}
module.CloseSession(curSession)
continue continue
} }
@@ -338,7 +354,7 @@ func getMatchingCerts(module *pkcs11.Ctx, slots []SlotIdInfo, uri *pkcs11uri.Pkc
goto skipCloseSession goto skipCloseSession
} }
} }
_ = module.CloseSession(curSession) module.CloseSession(curSession)
skipCloseSession: skipCloseSession:
} }
@@ -406,12 +422,86 @@ foundCert:
fail: fail:
if session != 0 { if session != 0 {
_ = module.Logout(session) module.Logout(session)
_ = module.CloseSession(session) module.CloseSession(session)
} }
return SlotIdInfo{}, session, false, nil, err return SlotIdInfo{}, session, false, nil, err
} }
// Used to implement a cut-down version of `p11tool --list-certificates`.
func GetMatchingPKCSCerts(uriStr string, lib string) (matchingCerts []CertificateContainer, err error) {
var (
slots []SlotIdInfo
module *pkcs11.Ctx
uri *pkcs11uri.Pkcs11URI
userPin string
certObjs []CertObjInfo
session pkcs11.SessionHandle
loggedIn bool
slot SlotIdInfo
)
uri = pkcs11uri.New()
err = uri.Parse(uriStr)
if err != nil {
return nil, err
}
userPin, _ = uri.GetQueryAttribute("pin-value", false)
module, err = initializePKCS11Module(lib)
if err != nil {
goto cleanUp
}
slots, err = enumerateSlotsInPKCS11Module(module)
if err != nil {
goto cleanUp
}
slot, session, loggedIn, certObjs, err = getMatchingCerts(module, slots, uri, userPin, false)
if err != nil {
goto cleanUp
}
for _, obj := range certObjs {
curUri := pkcs11uri.New()
curUri.AddPathAttribute("model", slot.tokInfo.Model)
curUri.AddPathAttribute("manufacturer", slot.tokInfo.ManufacturerID)
curUri.AddPathAttribute("serial", slot.tokInfo.SerialNumber)
curUri.AddPathAttribute("slot-description", slot.info.SlotDescription)
curUri.AddPathAttribute("slot-manufacturer", slot.info.ManufacturerID)
if obj.id != nil {
curUri.AddPathAttribute("id", string(obj.id[:]))
}
if obj.label != nil {
curUri.AddPathAttribute("object", string(obj.label[:]))
}
curUri.AddPathAttribute("type", "cert")
curUriStr, err := curUri.Format() // nosemgrep
if err != nil {
curUriStr = ""
}
matchingCerts = append(matchingCerts, CertificateContainer{-1, obj.cert, curUriStr})
}
// Note that this clean up should happen regardless of failure.
cleanUp:
if module != nil {
if session != 0 {
if loggedIn {
module.Logout(session)
}
module.CloseSession(session)
}
module.Finalize()
module.Destroy()
}
return matchingCerts, err
}
// Returns the public key associated with this PKCS11Signer.
func (pkcs11Signer *PKCS11Signer) Public() crypto.PublicKey { func (pkcs11Signer *PKCS11Signer) Public() crypto.PublicKey {
var ( var (
cert *x509.Certificate cert *x509.Certificate
@@ -432,13 +522,14 @@ func (pkcs11Signer *PKCS11Signer) Public() crypto.PublicKey {
return nil return nil
} }
// Closes this PKCS11Signer.
func (pkcs11Signer *PKCS11Signer) Close() { func (pkcs11Signer *PKCS11Signer) Close() {
var module *pkcs11.Ctx var module *pkcs11.Ctx
module = pkcs11Signer.module module = pkcs11Signer.module
if module != nil { if module != nil {
_ = module.Finalize() module.Finalize()
module.Destroy() module.Destroy()
} }
@@ -474,17 +565,13 @@ func pkcs11PasswordPrompt(module *pkcs11.Ctx, session pkcs11.SessionHandle, user
if err != nil { if err != nil {
return "", errors.New(parseErrMsg) return "", errors.New(parseErrMsg)
} }
defer func(ttyReadFile *os.File) { defer ttyReadFile.Close()
_ = ttyReadFile.Close()
}(ttyReadFile)
ttyWriteFile, err = os.OpenFile(ttyWritePath, os.O_WRONLY, 0) ttyWriteFile, err = os.OpenFile(ttyWritePath, os.O_WRONLY, 0)
if err != nil { if err != nil {
return "", errors.New(parseErrMsg) return "", errors.New(parseErrMsg)
} }
defer func(ttyWriteFile *os.File) { defer ttyWriteFile.Close()
_ = ttyWriteFile.Close()
}(ttyWriteFile)
for true { for true {
pin, err = GetPassword(ttyReadFile, ttyWriteFile, prompt, parseErrMsg) pin, err = GetPassword(ttyReadFile, ttyWriteFile, prompt, parseErrMsg)
@@ -567,24 +654,28 @@ func signHelper(module *pkcs11.Ctx, session pkcs11.SessionHandle, privateKeyObj
err = module.Login(session, pkcs11.CKU_CONTEXT_SPECIFIC, contextSpecificPin) err = module.Login(session, pkcs11.CKU_CONTEXT_SPECIFIC, contextSpecificPin)
if err == nil { if err == nil {
goto afterContextSpecificLogin goto afterContextSpecificLogin
} else {
if Debug {
log.Printf("user re-authentication attempt failed (%s)\n", err.Error())
}
} }
} }
// If the context-specific PIN couldn't be derived, prompt the user for // If the context-specific PIN couldn't be derived, prompt the user for
// the context-specific PIN for this object. // the context-specific PIN for this object.
keyUri = pkcs11uri.New() keyUri = pkcs11uri.New()
_ = keyUri.AddPathAttribute("model", slot.tokInfo.Model) keyUri.AddPathAttribute("model", slot.tokInfo.Model)
_ = keyUri.AddPathAttribute("manufacturer", slot.tokInfo.ManufacturerID) keyUri.AddPathAttribute("manufacturer", slot.tokInfo.ManufacturerID)
_ = keyUri.AddPathAttribute("serial", slot.tokInfo.SerialNumber) keyUri.AddPathAttribute("serial", slot.tokInfo.SerialNumber)
_ = keyUri.AddPathAttribute("slot-description", slot.info.SlotDescription) keyUri.AddPathAttribute("slot-description", slot.info.SlotDescription)
_ = keyUri.AddPathAttribute("slot-manufacturer", slot.info.ManufacturerID) keyUri.AddPathAttribute("slot-manufacturer", slot.info.ManufacturerID)
if privateKeyObj.id != nil { if privateKeyObj.id != nil {
_ = keyUri.AddPathAttribute("id", string(privateKeyObj.id[:])) keyUri.AddPathAttribute("id", string(privateKeyObj.id[:]))
} }
if privateKeyObj.label != nil { if privateKeyObj.label != nil {
_ = keyUri.AddPathAttribute("object", string(privateKeyObj.label[:])) keyUri.AddPathAttribute("object", string(privateKeyObj.label[:]))
} }
_ = keyUri.AddPathAttribute("type", "private") keyUri.AddPathAttribute("type", "private")
keyUriStr, err = keyUri.Format() // nosemgrep keyUriStr, err = keyUri.Format() // nosemgrep
if err != nil { if err != nil {
keyUriStr = "" keyUriStr = ""
@@ -646,14 +737,17 @@ func getPKCS11Key(module *pkcs11.Ctx, session pkcs11.SessionHandle, loggedIn boo
manufacturerId = slots[0].info.ManufacturerID manufacturerId = slots[0].info.ManufacturerID
if session != 0 { if session != 0 {
if loggedIn { if loggedIn {
_ = module.Logout(session) module.Logout(session)
_ = module.CloseSession(session) module.CloseSession(session)
} }
} }
loggedIn = false loggedIn = false
session = 0 session = 0
} }
} else { } else {
if Debug {
log.Printf("Found %d matching slots for the PKCS#11 key\n", len(slots))
}
// If the URI matched multiple slots *but* one of them is the // If the URI matched multiple slots *but* one of them is the
// one (certSlotNr) that the certificate was found in, then use // one (certSlotNr) that the certificate was found in, then use
// that. // that.
@@ -700,7 +794,7 @@ retry_search:
goto fail goto fail
} }
for true { for true {
sessionPrivateKeyObjects, _, err := module.FindObjects(session, MaxObjectLimit) sessionPrivateKeyObjects, _, err := module.FindObjects(session, MAX_OBJECT_LIMIT)
if err != nil { if err != nil {
goto fail goto fail
} }
@@ -708,7 +802,7 @@ retry_search:
break break
} }
privateKeyObjects = append(privateKeyObjects, sessionPrivateKeyObjects...) privateKeyObjects = append(privateKeyObjects, sessionPrivateKeyObjects...)
if len(sessionPrivateKeyObjects) < MaxObjectLimit { if len(sessionPrivateKeyObjects) < MAX_OBJECT_LIMIT {
break break
} }
} }
@@ -800,8 +894,13 @@ retry_search:
if noKeyUri { if noKeyUri {
_, keyHadLabel := keyUri.GetPathAttribute("object", false) _, keyHadLabel := keyUri.GetPathAttribute("object", false)
if keyHadLabel { if keyHadLabel {
if Debug {
log.Println("unable to find private key with CKA_LABEL;" +
" repeating the search using CKA_ID of the certificate" +
" without requiring a CKA_LABEL match")
}
keyUri.RemovePathAttribute("object") keyUri.RemovePathAttribute("object")
_ = keyUri.SetPathAttribute("id", escapeAll(certObj.id)) keyUri.SetPathAttribute("id", escapeAll(certObj.id))
goto retry_search goto retry_search
} }
} }
@@ -814,10 +913,10 @@ retry_search:
// So that hunting for the key can be more efficient in the future, // So that hunting for the key can be more efficient in the future,
// return a key URI that has CKA_ID and CKA_LABEL appropriately set. // return a key URI that has CKA_ID and CKA_LABEL appropriately set.
if privateKeyObj.id != nil && len(privateKeyObj.id) != 0 { if privateKeyObj.id != nil && len(privateKeyObj.id) != 0 {
_ = keyUri.SetPathAttribute("id", escapeAll(privateKeyObj.id)) keyUri.SetPathAttribute("id", escapeAll(privateKeyObj.id))
} }
if privateKeyObj.label != nil && len(privateKeyObj.label) != 0 { if privateKeyObj.label != nil && len(privateKeyObj.label) != 0 {
_ = keyUri.SetPathAttribute("object", escapeAll(privateKeyObj.label)) keyUri.SetPathAttribute("object", escapeAll(privateKeyObj.label))
} }
return session, userPin, keyUri, keyType, privateKeyObj, keySlot, alwaysAuth, contextSpecificPin, nil return session, userPin, keyUri, keyType, privateKeyObj, keySlot, alwaysAuth, contextSpecificPin, nil
@@ -848,7 +947,8 @@ func getCertificate(module *pkcs11.Ctx, certUri *pkcs11uri.Pkcs11URI, userPin st
return certSlot, slots, session, loggedIn, matchingCerts[0], nil return certSlot, slots, session, loggedIn, matchingCerts[0], nil
} }
func (pkcs11Signer *PKCS11Signer) Sign(_ io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error) { // Implements the crypto.Signer interface and signs the passed in digest
func (pkcs11Signer *PKCS11Signer) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error) {
var ( var (
module *pkcs11.Ctx module *pkcs11.Ctx
session pkcs11.SessionHandle session pkcs11.SessionHandle
@@ -912,14 +1012,15 @@ func (pkcs11Signer *PKCS11Signer) Sign(_ io.Reader, digest []byte, opts crypto.S
cleanUp: cleanUp:
if session != 0 { if session != 0 {
if loggedIn { if loggedIn {
_ = module.Logout(session) module.Logout(session)
} }
_ = module.CloseSession(session) module.CloseSession(session)
} }
return signature, err return signature, err
} }
// Gets the *x509.Certificate associated with this PKCS11Signer.
func (pkcs11Signer *PKCS11Signer) Certificate() (cert *x509.Certificate, err error) { func (pkcs11Signer *PKCS11Signer) Certificate() (cert *x509.Certificate, err error) {
// If there was a certificate chain associated with this Signer, it // If there was a certificate chain associated with this Signer, it
// should've been saved before. // should've been saved before.
@@ -1022,7 +1123,7 @@ func checkPrivateKeyMatchesCert(module *pkcs11.Ctx, session pkcs11.SessionHandle
// "AWS Roles Anywhere Credential Helper PKCS11 Test" || PKCS11_TEST_VERSION || // "AWS Roles Anywhere Credential Helper PKCS11 Test" || PKCS11_TEST_VERSION ||
// MANUFACTURER_ID || SHA256("IAM RA" || PUBLIC_KEY_BYTE_ARRAY) // MANUFACTURER_ID || SHA256("IAM RA" || PUBLIC_KEY_BYTE_ARRAY)
digest := "AWS Roles Anywhere Credential Helper PKCS11 Test" + digest := "AWS Roles Anywhere Credential Helper PKCS11 Test" +
strconv.Itoa(int(Pkcs11TestVersion)) + manufacturerId + string(digestSuffix) strconv.Itoa(int(PKCS11_TEST_VERSION)) + manufacturerId + string(digestSuffix)
digestBytes := []byte(digest) digestBytes := []byte(digest)
hash := sha256.Sum256(digestBytes) hash := sha256.Sum256(digestBytes)
@@ -1139,7 +1240,7 @@ func GetPKCS11Signer(libPkcs11 string, cert *x509.Certificate, certChain []*x509
} }
crtAttributes, err = module.GetAttributeValue(session, certObj.certObject, crtAttributes) crtAttributes, err = module.GetAttributeValue(session, certObj.certObject, crtAttributes)
if err == nil { if err == nil {
_ = certUri.SetPathAttribute("id", escapeAll(crtAttributes[0].Value)) certUri.SetPathAttribute("id", escapeAll(crtAttributes[0].Value))
} }
crtAttributes = []*pkcs11.Attribute{ crtAttributes = []*pkcs11.Attribute{
@@ -1147,7 +1248,7 @@ func GetPKCS11Signer(libPkcs11 string, cert *x509.Certificate, certChain []*x509
} }
crtAttributes, err = module.GetAttributeValue(session, certObj.certObject, crtAttributes) crtAttributes, err = module.GetAttributeValue(session, certObj.certObject, crtAttributes)
if err == nil { if err == nil {
_ = certUri.SetPathAttribute("object", escapeAll(crtAttributes[0].Value)) certUri.SetPathAttribute("object", escapeAll(crtAttributes[0].Value))
} }
if certChain == nil { if certChain == nil {
@@ -1173,7 +1274,7 @@ func GetPKCS11Signer(libPkcs11 string, cert *x509.Certificate, certChain []*x509
} else { } else {
certUriStr, _ := certUri.Format() certUriStr, _ := certUri.Format()
keyUri = pkcs11uri.New() keyUri = pkcs11uri.New()
_ = keyUri.Parse(certUriStr) keyUri.Parse(certUriStr)
noKeyUri = true noKeyUri = true
} }
if _userPin, ok := keyUri.GetQueryAttribute("pin-value", false); ok { if _userPin, ok := keyUri.GetQueryAttribute("pin-value", false); ok {
@@ -1195,18 +1296,18 @@ func GetPKCS11Signer(libPkcs11 string, cert *x509.Certificate, certChain []*x509
switch keyType { switch keyType {
case pkcs11.CKK_EC: case pkcs11.CKK_EC:
signingAlgorithm = aws4X509EcdsaSha256 signingAlgorithm = aws4_x509_ecdsa_sha256
case pkcs11.CKK_RSA: case pkcs11.CKK_RSA:
signingAlgorithm = aws4X509RsaSha256 signingAlgorithm = aws4_x509_rsa_sha256
default: default:
return nil, "", errors.New("unsupported algorithm") return nil, "", errors.New("unsupported algorithm")
} }
if session != 0 { if session != 0 {
if loggedIn { if loggedIn {
_ = module.Logout(session) module.Logout(session)
} }
_ = module.CloseSession(session) module.CloseSession(session)
} }
return &PKCS11Signer{cert, certChain, module, userPin, alwaysAuth, contextSpecificPin, certUri, keyUri, reusePin}, signingAlgorithm, nil return &PKCS11Signer{cert, certChain, module, userPin, alwaysAuth, contextSpecificPin, certUri, keyUri, reusePin}, signingAlgorithm, nil
@@ -1215,11 +1316,11 @@ fail:
if module != nil { if module != nil {
if session != 0 { if session != 0 {
if loggedIn { if loggedIn {
_ = module.Logout(session) module.Logout(session)
} }
_ = module.CloseSession(session) module.CloseSession(session)
} }
_ = module.Finalize() module.Finalize()
module.Destroy() module.Destroy()
} }

10
aws_signing_helper/pkcs8_utils.go
View File

@@ -30,10 +30,13 @@ import (
"errors" "errors"
"fmt" "fmt"
"hash"
"log"
"os"
"strings"
"golang.org/x/crypto/pbkdf2" "golang.org/x/crypto/pbkdf2"
"golang.org/x/crypto/scrypt" "golang.org/x/crypto/scrypt"
"hash"
"os"
) )
// as defined in https://datatracker.ietf.org/doc/html/rfc8018#appendix-A.4 // as defined in https://datatracker.ietf.org/doc/html/rfc8018#appendix-A.4
@@ -236,6 +239,9 @@ func readPKCS8PrivateKey(privateKeyId string) (crypto.PrivateKey, error) {
func readPKCS8EncryptedPrivateKey(privateKeyId string, pkcs8Password []byte) (crypto.PrivateKey, error) { func readPKCS8EncryptedPrivateKey(privateKeyId string, pkcs8Password []byte) (crypto.PrivateKey, error) {
block, err := parseDERFromPEMForPKCS8(privateKeyId, encryptedBlockType) block, err := parseDERFromPEMForPKCS8(privateKeyId, encryptedBlockType)
if err != nil { if err != nil {
if Debug && strings.Contains(err.Error(), `The block type detected is PRIVATE KEY`) {
log.Println("PKCS#8 password provided but block type indicates that one isn't required.")
}
return nil, errors.New("could not parse PEM data") return nil, errors.New("could not parse PEM data")
} }

152
aws_signing_helper/signer.go
View File

@@ -55,9 +55,21 @@ var (
// algorithm isn't supported. // algorithm isn't supported.
ErrUnsupportedHash = errors.New("unsupported hash algorithm") ErrUnsupportedHash = errors.New("unsupported hash algorithm")
RolesanywhereSigningName = "rolesanywhere" // Predefined system store names.
// See: https://learn.microsoft.com/en-us/windows/win32/seccrypto/system-store-locations
SystemStoreNames = []string{
"MY",
"Root",
"Trust",
"CA",
}
// Signing name for the IAM Roles Anywhere service
ROLESANYWHERE_SIGNING_NAME = "rolesanywhere"
) )
// Interface that all signers will have to implement
// (as a result, they will also implement crypto.Signer)
type Signer interface { type Signer interface {
Public() crypto.PublicKey Public() crypto.PublicKey
Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error)
@@ -66,6 +78,7 @@ type Signer interface {
Close() Close()
} }
// Container for certificate data returned to the SDK as JSON.
type CertificateData struct { type CertificateData struct {
// Type for the key contained in the certificate. // Type for the key contained in the certificate.
// Passed back to the `sign-string` command // Passed back to the `sign-string` command
@@ -80,6 +93,7 @@ type CertificateData struct {
Algorithms []string `json:"supportedAlgorithms"` Algorithms []string `json:"supportedAlgorithms"`
} }
// Container that adheres to the format of credential_process output as specified by AWS.
type CredentialProcessOutput struct { type CredentialProcessOutput struct {
// This field should be hard-coded to 1 for now. // This field should be hard-coded to 1 for now.
Version int `json:"Version"` Version int `json:"Version"`
@@ -104,15 +118,17 @@ type CertificateContainer struct {
// Define constants used in signing // Define constants used in signing
const ( const (
aws4X509RsaSha256 = "AWS4-X509-RSA-SHA256" aws4_x509_rsa_sha256 = "AWS4-X509-RSA-SHA256"
aws4X509EcdsaSha256 = "AWS4-X509-ECDSA-SHA256" aws4_x509_ecdsa_sha256 = "AWS4-X509-ECDSA-SHA256"
timeFormat = "20060102T150405Z" timeFormat = "20060102T150405Z"
shortTimeFormat = "20060102" shortTimeFormat = "20060102"
xAmzDate = "X-Amz-Date" x_amz_date = "X-Amz-Date"
xAmzX509 = "X-Amz-X509" x_amz_x509 = "X-Amz-X509"
xAmzX509Chain = "X-Amz-X509-Chain" x_amz_x509_chain = "X-Amz-X509-Chain"
authorization = "Authorization" x_amz_content_sha256 = "X-Amz-Content-Sha256"
host = "Host" authorization = "Authorization"
host = "Host"
emptyStringSHA256 = `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
) )
// Headers that aren't included in calculating the signature // Headers that aren't included in calculating the signature
@@ -122,10 +138,11 @@ var ignoredHeaderKeys = map[string]bool{
"X-Amzn-Trace-Id": true, "X-Amzn-Trace-Id": true,
} }
var Debug = false var Debug bool = false
// Prompts the user for their password
func GetPassword(ttyReadFile *os.File, ttyWriteFile *os.File, prompt string, parseErrMsg string) (string, error) { func GetPassword(ttyReadFile *os.File, ttyWriteFile *os.File, prompt string, parseErrMsg string) (string, error) {
_, _ = fmt.Fprintln(ttyWriteFile, prompt) fmt.Fprintln(ttyWriteFile, prompt)
passwordBytes, err := term.ReadPassword(int(ttyReadFile.Fd())) passwordBytes, err := term.ReadPassword(int(ttyReadFile.Fd()))
if err != nil { if err != nil {
return "", errors.New(parseErrMsg) return "", errors.New(parseErrMsg)
@@ -203,17 +220,13 @@ func PasswordPrompt(passwordPromptInput PasswordPromptProps) (string, interface{
if err != nil { if err != nil {
return "", nil, errors.New(parseErrMsg) return "", nil, errors.New(parseErrMsg)
} }
defer func(ttyReadFile *os.File) { defer ttyReadFile.Close()
_ = ttyReadFile.Close()
}(ttyReadFile)
ttyWriteFile, err = os.OpenFile(ttyWritePath, os.O_WRONLY, 0) ttyWriteFile, err = os.OpenFile(ttyWritePath, os.O_WRONLY, 0)
if err != nil { if err != nil {
return "", nil, errors.New(parseErrMsg) return "", nil, errors.New(parseErrMsg)
} }
defer func(ttyWriteFile *os.File) { defer ttyWriteFile.Close()
_ = ttyWriteFile.Close()
}(ttyWriteFile)
// The key has a password, so prompt for it // The key has a password, so prompt for it
password, err = GetPassword(ttyReadFile, ttyWriteFile, prompt, parseErrMsg) password, err = GetPassword(ttyReadFile, ttyWriteFile, prompt, parseErrMsg)
@@ -221,7 +234,7 @@ func PasswordPrompt(passwordPromptInput PasswordPromptProps) (string, interface{
return "", nil, err return "", nil, err
} }
checkPasswordResult, err = checkPassword(password) checkPasswordResult, err = checkPassword(password)
for { for true {
// If we've found the right password, return both it and the result of `checkPassword` // If we've found the right password, return both it and the result of `checkPassword`
if err == nil { if err == nil {
return password, checkPasswordResult, nil return password, checkPasswordResult, nil
@@ -237,8 +250,11 @@ func PasswordPrompt(passwordPromptInput PasswordPromptProps) (string, interface{
} }
return "", nil, err return "", nil, err
} }
return "", nil, err
} }
// Default function to showcase certificate information
func DefaultCertContainerToString(certContainer CertificateContainer) string { func DefaultCertContainerToString(certContainer CertificateContainer) string {
var certStr string var certStr string
@@ -256,6 +272,7 @@ func DefaultCertContainerToString(certContainer CertificateContainer) string {
return certStr return certStr
} }
// CertificateContainerList implements the sort.Interface interface
type CertificateContainerList []CertificateContainer type CertificateContainerList []CertificateContainer
func (certificateContainerList CertificateContainerList) Less(i, j int) bool { func (certificateContainerList CertificateContainerList) Less(i, j int) bool {
@@ -295,7 +312,7 @@ func certMatches(certIdentifier CertIdentifier, cert x509.Certificate) bool {
// } // }
// //
// This is defined in RFC3279 §2.2.3 as well as SEC.1. // This is defined in RFC3279 §2.2.3 as well as SEC.1.
// I can't find anything which mandates DER, but I've seen // I can't find anything which mandates DER but I've seen
// OpenSSL refusing to verify it with indeterminate length. // OpenSSL refusing to verify it with indeterminate length.
func encodeEcdsaSigValue(signature []byte) (out []byte, err error) { func encodeEcdsaSigValue(signature []byte) (out []byte, err error) {
sigLen := len(signature) / 2 sigLen := len(signature) / 2
@@ -318,6 +335,9 @@ func GetSigner(opts *CredentialsOpts) (signer Signer, signatureAlgorithm string,
privateKeyId := opts.PrivateKeyId privateKeyId := opts.PrivateKeyId
if privateKeyId == "" { if privateKeyId == "" {
if opts.CertificateId == "" { if opts.CertificateId == "" {
if Debug {
log.Println("attempting to use CertStoreSigner")
}
return GetCertStoreSigner(opts.CertIdentifier, opts.UseLatestExpiringCertificate) return GetCertStoreSigner(opts.CertIdentifier, opts.UseLatestExpiringCertificate)
} }
privateKeyId = opts.CertificateId privateKeyId = opts.CertificateId
@@ -328,7 +348,9 @@ func GetSigner(opts *CredentialsOpts) (signer Signer, signatureAlgorithm string,
if err == nil { if err == nil {
certificate = cert certificate = cert
} else if opts.PrivateKeyId == "" { } else if opts.PrivateKeyId == "" {
if Debug {
log.Println("not a PEM certificate, so trying PKCS#12")
}
if opts.CertificateBundleId != "" { if opts.CertificateBundleId != "" {
return nil, "", errors.New("can't specify certificate chain when" + return nil, "", errors.New("can't specify certificate chain when" +
" using PKCS#12 files; certificate bundle should be provided" + " using PKCS#12 files; certificate bundle should be provided" +
@@ -353,11 +375,17 @@ func GetSigner(opts *CredentialsOpts) (signer Signer, signatureAlgorithm string,
} }
if strings.HasPrefix(privateKeyId, "pkcs11:") { if strings.HasPrefix(privateKeyId, "pkcs11:") {
if Debug {
log.Println("attempting to use PKCS11Signer")
}
if certificate != nil { if certificate != nil {
opts.CertificateId = "" opts.CertificateId = ""
} }
return GetPKCS11Signer(opts.LibPkcs11, certificate, certificateChain, opts.PrivateKeyId, opts.CertificateId, opts.ReusePin) return GetPKCS11Signer(opts.LibPkcs11, certificate, certificateChain, opts.PrivateKeyId, opts.CertificateId, opts.ReusePin)
} else if strings.HasPrefix(privateKeyId, "handle:") { } else if strings.HasPrefix(privateKeyId, "handle:") {
if Debug {
log.Println("attempting to use TPMv2Signer")
}
return GetTPMv2Signer( return GetTPMv2Signer(
GetTPMv2SignerOpts{ GetTPMv2SignerOpts{
certificate, certificate,
@@ -371,6 +399,9 @@ func GetSigner(opts *CredentialsOpts) (signer Signer, signatureAlgorithm string,
} else { } else {
tpmKey, err := parseDERFromPEM(privateKeyId, "TSS2 PRIVATE KEY") tpmKey, err := parseDERFromPEM(privateKeyId, "TSS2 PRIVATE KEY")
if err == nil { if err == nil {
if Debug {
log.Println("attempting to use TPMv2Signer")
}
return GetTPMv2Signer( return GetTPMv2Signer(
GetTPMv2SignerOpts{ GetTPMv2SignerOpts{
certificate, certificate,
@@ -393,18 +424,24 @@ func GetSigner(opts *CredentialsOpts) (signer Signer, signatureAlgorithm string,
if certificate == nil { if certificate == nil {
return nil, "", errors.New("undefined certificate value") return nil, "", errors.New("undefined certificate value")
} }
if Debug {
log.Println("attempting to use FileSystemSigner")
}
return GetFileSystemSigner(privateKeyId, opts.CertificateId, opts.CertificateBundleId, false, opts.Pkcs8Password) return GetFileSystemSigner(privateKeyId, opts.CertificateId, opts.CertificateBundleId, false, opts.Pkcs8Password)
} }
} }
// Obtain the date-time, formatted as specified by SigV4
func (signerParams *SignerParams) GetFormattedSigningDateTime() string { func (signerParams *SignerParams) GetFormattedSigningDateTime() string {
return signerParams.OverriddenDate.UTC().Format(timeFormat) return signerParams.OverriddenDate.UTC().Format(timeFormat)
} }
// Obtain the short date-time, formatted as specified by SigV4
func (signerParams *SignerParams) GetFormattedShortSigningDateTime() string { func (signerParams *SignerParams) GetFormattedShortSigningDateTime() string {
return signerParams.OverriddenDate.UTC().Format(shortTimeFormat) return signerParams.OverriddenDate.UTC().Format(shortTimeFormat)
} }
// Obtain the scope as part of the SigV4-X509 signature
func (signerParams *SignerParams) GetScope() string { func (signerParams *SignerParams) GetScope() string {
var scopeStringBuilder strings.Builder var scopeStringBuilder strings.Builder
scopeStringBuilder.WriteString(signerParams.GetFormattedShortSigningDateTime()) scopeStringBuilder.WriteString(signerParams.GetFormattedShortSigningDateTime())
@@ -449,14 +486,14 @@ func CreateRequestSignFinalizeFunction(signer crypto.Signer, signingRegion strin
} }
func signRequest(signer crypto.Signer, signingRegion string, signingAlgorithm string, certificate *x509.Certificate, certificateChain []*x509.Certificate, req *http.Request, payloadHash string) { func signRequest(signer crypto.Signer, signingRegion string, signingAlgorithm string, certificate *x509.Certificate, certificateChain []*x509.Certificate, req *http.Request, payloadHash string) {
signerParams := SignerParams{time.Now(), signingRegion, RolesanywhereSigningName, signingAlgorithm} signerParams := SignerParams{time.Now(), signingRegion, ROLESANYWHERE_SIGNING_NAME, signingAlgorithm}
// Set headers that are necessary for signing // Set headers that are necessary for signing
req.Header.Set(host, req.URL.Host) req.Header.Set(host, req.URL.Host)
req.Header.Set(xAmzDate, signerParams.GetFormattedSigningDateTime()) req.Header.Set(x_amz_date, signerParams.GetFormattedSigningDateTime())
req.Header.Set(xAmzX509, certificateToString(certificate)) req.Header.Set(x_amz_x509, certificateToString(certificate))
if certificateChain != nil { if certificateChain != nil {
req.Header.Set(xAmzX509Chain, certificateChainToString(certificateChain)) req.Header.Set(x_amz_x509_chain, certificateChainToString(certificateChain))
} }
canonicalRequest, signedHeadersString := createCanonicalRequest(req, payloadHash) canonicalRequest, signedHeadersString := createCanonicalRequest(req, payloadHash)
@@ -572,6 +609,7 @@ func createCanonicalRequest(r *http.Request, contentSha256 string) (string, stri
return hex.EncodeToString(canonicalRequestStringHashBytes[:]), signedHeadersString return hex.EncodeToString(canonicalRequestStringHashBytes[:]), signedHeadersString
} }
// Create the string to sign.
func CreateStringToSign(canonicalRequest string, signerParams SignerParams) string { func CreateStringToSign(canonicalRequest string, signerParams SignerParams) string {
var stringToSignStrBuilder strings.Builder var stringToSignStrBuilder strings.Builder
stringToSignStrBuilder.WriteString(signerParams.SigningAlgorithm) stringToSignStrBuilder.WriteString(signerParams.SigningAlgorithm)
@@ -585,7 +623,8 @@ func CreateStringToSign(canonicalRequest string, signerParams SignerParams) stri
return stringToSign return stringToSign
} }
func BuildAuthorizationHeader(_ *http.Request, signedHeadersString string, signature string, certificate *x509.Certificate, signerParams SignerParams) string { // Builds the complete authorization header
func BuildAuthorizationHeader(request *http.Request, signedHeadersString string, signature string, certificate *x509.Certificate, signerParams SignerParams) string {
signingCredentials := certificate.SerialNumber.String() + "/" + signerParams.GetScope() signingCredentials := certificate.SerialNumber.String() + "/" + signerParams.GetScope()
credential := "Credential=" + signingCredentials credential := "Credential=" + signingCredentials
signerHeaders := "SignedHeaders=" + signedHeadersString signerHeaders := "SignedHeaders=" + signedHeadersString
@@ -606,17 +645,20 @@ func BuildAuthorizationHeader(_ *http.Request, signedHeadersString string, signa
func encodeDer(der []byte) (string, error) { func encodeDer(der []byte) (string, error) {
var buf bytes.Buffer var buf bytes.Buffer
encoder := base64.NewEncoder(base64.StdEncoding, &buf) encoder := base64.NewEncoder(base64.StdEncoding, &buf)
_, _ = encoder.Write(der) encoder.Write(der)
_ = encoder.Close() encoder.Close()
return buf.String(), nil return buf.String(), nil
} }
func parseDERFromPEM(pemDataId string, blockType string) (*pem.Block, error) { func parseDERFromPEM(pemDataId string, blockType string) (*pem.Block, error) {
b := []byte(pemDataId) bytes, err := os.ReadFile(pemDataId)
if err != nil {
return nil, err
}
var block *pem.Block var block *pem.Block
for len(b) > 0 { for len(bytes) > 0 {
block, b = pem.Decode(b) block, bytes = pem.Decode(bytes)
if block == nil { if block == nil {
return nil, errors.New("unable to parse PEM data") return nil, errors.New("unable to parse PEM data")
} }
@@ -627,19 +669,27 @@ func parseDERFromPEM(pemDataId string, blockType string) (*pem.Block, error) {
return nil, errors.New("requested block type could not be found") return nil, errors.New("requested block type could not be found")
} }
// Reads certificate bundle data from a file, whose path is provided
func ReadCertificateBundleData(certificateBundleId string) ([]*x509.Certificate, error) { func ReadCertificateBundleData(certificateBundleId string) ([]*x509.Certificate, error) {
bytes, err := os.ReadFile(certificateBundleId)
if err != nil {
return nil, err
}
var derBytes []byte var derBytes []byte
var block *pem.Block var block *pem.Block
block, _ = pem.Decode([]byte(certificateBundleId)) for len(bytes) > 0 {
block, bytes = pem.Decode(bytes)
if block.Type != "CERTIFICATE" { if block == nil {
return nil, errors.New("invalid certificate chain") break
}
if block.Type != "CERTIFICATE" {
return nil, errors.New("invalid certificate chain")
}
blockBytes := block.Bytes
derBytes = append(derBytes, blockBytes...)
} }
blockBytes := block.Bytes
derBytes = append(derBytes, blockBytes...)
return x509.ParseCertificates(derBytes) return x509.ParseCertificates(derBytes)
} }
@@ -671,21 +721,30 @@ func readRSAPrivateKey(privateKeyId string) (*rsa.PrivateKey, error) {
return privateKey, nil return privateKey, nil
} }
// Reads and parses a PKCS#12 file (which should contain an end-entity
// certificate (optional), certificate chain (optional), and the key
// associated with the end-entity certificate). The end-entity certificate
// will be the first certificate in the returned chain. This method assumes
// that there is exactly one certificate that doesn't issue any others within
// the container and treats that as the end-entity certificate. Also, the
// order of the other certificates in the chain aren't guaranteed. It's
// also not guaranteed that those certificates form a chain with the
// end-entity certificate either.
func ReadPKCS12Data(certificateId string) (certChain []*x509.Certificate, privateKey crypto.PrivateKey, err error) { func ReadPKCS12Data(certificateId string) (certChain []*x509.Certificate, privateKey crypto.PrivateKey, err error) {
var ( var (
bts []byte bytes []byte
pemBlocks []*pem.Block pemBlocks []*pem.Block
parsedCerts []*x509.Certificate parsedCerts []*x509.Certificate
certMap map[string]*x509.Certificate certMap map[string]*x509.Certificate
endEntityFoundIndex int endEntityFoundIndex int
) )
bts, err = os.ReadFile(certificateId) bytes, err = os.ReadFile(certificateId)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
pemBlocks, err = pkcs12.ToPEM(bts, "") pemBlocks, err = pkcs12.ToPEM(bytes, "")
if err != nil { if err != nil {
return nil, "", err return nil, "", err
} }
@@ -701,6 +760,11 @@ func ReadPKCS12Data(certificateId string) (certChain []*x509.Certificate, privat
privateKey = privateKeyTmp privateKey = privateKeyTmp
continue continue
} }
// If neither a certificate nor a private key could be parsed from the
// Block, ignore it and continue.
if Debug {
log.Println("unable to parse PEM block in PKCS#12 file - skipping")
}
} }
certMap = make(map[string]*x509.Certificate) certMap = make(map[string]*x509.Certificate)
@@ -720,6 +784,10 @@ func ReadPKCS12Data(certificateId string) (certChain []*x509.Certificate, privat
break break
} }
} }
if Debug {
log.Println("no end-entity certificate found in PKCS#12 file")
}
for i, cert := range parsedCerts { for i, cert := range parsedCerts {
if i != endEntityFoundIndex { if i != endEntityFoundIndex {
certChain = append(certChain, cert) certChain = append(certChain, cert)
@@ -729,6 +797,7 @@ func ReadPKCS12Data(certificateId string) (certChain []*x509.Certificate, privat
return certChain, privateKey, nil return certChain, privateKey, nil
} }
// Load the private key referenced by `privateKeyId`. If `pkcs8Password` is provided, attempt to load an encrypted PKCS#8 key.
func ReadPrivateKeyData(privateKeyId string, pkcs8Password ...string) (crypto.PrivateKey, error) { func ReadPrivateKeyData(privateKeyId string, pkcs8Password ...string) (crypto.PrivateKey, error) {
if len(pkcs8Password) > 0 && pkcs8Password[0] != "" { if len(pkcs8Password) > 0 && pkcs8Password[0] != "" {
if key, err := readPKCS8EncryptedPrivateKey(privateKeyId, []byte(pkcs8Password[0])); err == nil { if key, err := readPKCS8EncryptedPrivateKey(privateKeyId, []byte(pkcs8Password[0])); err == nil {
@@ -753,6 +822,7 @@ func ReadPrivateKeyData(privateKeyId string, pkcs8Password ...string) (crypto.Pr
return nil, errors.New("unable to parse private key") return nil, errors.New("unable to parse private key")
} }
// Reads private key data from a *pem.Block.
func ReadPrivateKeyDataFromPEMBlock(block *pem.Block) (key crypto.PrivateKey, err error) { func ReadPrivateKeyDataFromPEMBlock(block *pem.Block) (key crypto.PrivateKey, err error) {
key, err = x509.ParseECPrivateKey(block.Bytes) key, err = x509.ParseECPrivateKey(block.Bytes)
if err == nil { if err == nil {

106
aws_signing_helper/tpm_signer.go
View File

@@ -16,8 +16,8 @@ import (
"strconv" "strconv"
"strings" "strings"
tpm3 "github.com/google/go-tpm/legacy/tpm2" tpm2 "github.com/google/go-tpm/tpm2"
"github.com/google/go-tpm/tpmutil" tpmutil "github.com/google/go-tpm/tpmutil"
) )
type tpm2_TPMPolicy struct { type tpm2_TPMPolicy struct {
@@ -48,7 +48,7 @@ type TPMv2Signer struct {
cert *x509.Certificate cert *x509.Certificate
certChain []*x509.Certificate certChain []*x509.Certificate
tpmData tpm2_TPMKey tpmData tpm2_TPMKey
public tpm3.Public public tpm2.Public
private []byte private []byte
password string password string
emptyAuth bool emptyAuth bool
@@ -56,25 +56,25 @@ type TPMv2Signer struct {
} }
func handleIsPersistent(h int) bool { func handleIsPersistent(h int) bool {
return (h >> 24) == int(tpm3.HandleTypePersistent) return (h >> 24) == int(tpm2.HandleTypePersistent)
} }
var primaryParams = tpm3.Public{ var primaryParams = tpm2.Public{
Type: tpm3.AlgECC, Type: tpm2.AlgECC,
NameAlg: tpm3.AlgSHA256, NameAlg: tpm2.AlgSHA256,
Attributes: tpm3.FlagUserWithAuth | tpm3.FlagRestricted | tpm3.FlagDecrypt | tpm3.FlagFixedTPM | tpm3.FlagFixedParent | tpm3.FlagNoDA | tpm3.FlagSensitiveDataOrigin, Attributes: tpm2.FlagUserWithAuth | tpm2.FlagRestricted | tpm2.FlagDecrypt | tpm2.FlagFixedTPM | tpm2.FlagFixedParent | tpm2.FlagNoDA | tpm2.FlagSensitiveDataOrigin,
ECCParameters: &tpm3.ECCParams{ ECCParameters: &tpm2.ECCParams{
Symmetric: &tpm3.SymScheme{ Symmetric: &tpm2.SymScheme{
Alg: tpm3.AlgAES, Alg: tpm2.AlgAES,
KeyBits: 128, KeyBits: 128,
Mode: tpm3.AlgCFB, Mode: tpm2.AlgCFB,
}, },
Sign: &tpm3.SigScheme{ Sign: &tpm2.SigScheme{
Alg: tpm3.AlgNull, Alg: tpm2.AlgNull,
}, },
CurveID: tpm3.CurveNISTP256, CurveID: tpm2.CurveNISTP256,
KDF: &tpm3.KDFScheme{ KDF: &tpm2.KDFScheme{
Alg: tpm3.AlgNull, Alg: tpm2.AlgNull,
}, },
}, },
} }
@@ -99,13 +99,13 @@ func (tpmv2Signer *TPMv2Signer) Close() {
tpmv2Signer.password = "" tpmv2Signer.password = ""
} }
func checkCapability(rw io.ReadWriter, algo tpm3.Algorithm) error { func checkCapability(rw io.ReadWriter, algo tpm2.Algorithm) error {
descs, _, err := tpm3.GetCapability(rw, tpm3.CapabilityAlgs, 1, uint32(algo)) descs, _, err := tpm2.GetCapability(rw, tpm2.CapabilityAlgs, 1, uint32(algo))
if err != nil { if err != nil {
errMsg := fmt.Sprintf("error trying to get capability from TPM for the algorithm (%s)", algo) errMsg := fmt.Sprintf("error trying to get capability from TPM for the algorithm (%s)", algo)
return errors.New(errMsg) return errors.New(errMsg)
} }
if tpm3.Algorithm(descs[0].(tpm3.AlgorithmDescription).ID) != algo { if tpm2.Algorithm(descs[0].(tpm2.AlgorithmDescription).ID) != algo {
errMsg := fmt.Sprintf("unsupported algorithm (%s) for TPM", algo) errMsg := fmt.Sprintf("unsupported algorithm (%s) for TPM", algo)
return errors.New(errMsg) return errors.New(errMsg)
} }
@@ -114,7 +114,7 @@ func checkCapability(rw io.ReadWriter, algo tpm3.Algorithm) error {
} }
// Implements the crypto.Signer interface and signs the passed in digest // Implements the crypto.Signer interface and signs the passed in digest
func (tpmv2Signer *TPMv2Signer) Sign(_ io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error) { func (tpmv2Signer *TPMv2Signer) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error) {
var ( var (
keyHandle tpmutil.Handle keyHandle tpmutil.Handle
) )
@@ -131,43 +131,41 @@ func (tpmv2Signer *TPMv2Signer) Sign(_ io.Reader, digest []byte, opts crypto.Sig
parentHandle := tpmutil.Handle(tpmv2Signer.tpmData.Parent) parentHandle := tpmutil.Handle(tpmv2Signer.tpmData.Parent)
if !handleIsPersistent(tpmv2Signer.tpmData.Parent) { if !handleIsPersistent(tpmv2Signer.tpmData.Parent) {
// Parent and owner passwords aren't supported currently when creating a primary given a persistent handle for the parent // Parent and owner passwords aren't supported currently when creating a primary given a persistent handle for the parent
parentHandle, _, err = tpm3.CreatePrimary(rw, tpmutil.Handle(tpmv2Signer.tpmData.Parent), tpm3.PCRSelection{}, "", "", primaryParams) parentHandle, _, err = tpm2.CreatePrimary(rw, tpmutil.Handle(tpmv2Signer.tpmData.Parent), tpm2.PCRSelection{}, "", "", primaryParams)
if err != nil { if err != nil {
return nil, err return nil, err
} }
defer tpm3.FlushContext(rw, parentHandle) defer tpm2.FlushContext(rw, parentHandle)
} }
keyHandle, _, err = tpm3.Load(rw, parentHandle, "", tpmv2Signer.tpmData.Pubkey[2:], tpmv2Signer.tpmData.Privkey[2:]) keyHandle, _, err = tpm2.Load(rw, parentHandle, "", tpmv2Signer.tpmData.Pubkey[2:], tpmv2Signer.tpmData.Privkey[2:])
if err != nil { if err != nil {
return nil, err return nil, err
} }
defer tpm3.FlushContext(rw, keyHandle) defer tpm2.FlushContext(rw, keyHandle)
} }
var algo tpm3.Algorithm var algo tpm2.Algorithm
var shadigest []byte var shadigest []byte
switch opts.HashFunc() { switch opts.HashFunc() {
case crypto.SHA256: case crypto.SHA256:
sha256digest := sha256.Sum256(digest) sha256digest := sha256.Sum256(digest)
shadigest = sha256digest[:] shadigest = sha256digest[:]
algo = tpm3.AlgSHA256 algo = tpm2.AlgSHA256
case crypto.SHA384: case crypto.SHA384:
sha384digest := sha512.Sum384(digest) sha384digest := sha512.Sum384(digest)
shadigest = sha384digest[:] shadigest = sha384digest[:]
algo = tpm3.AlgSHA384 algo = tpm2.AlgSHA384
case crypto.SHA512: case crypto.SHA512:
sha512digest := sha512.Sum512(digest) sha512digest := sha512.Sum512(digest)
shadigest = sha512digest[:] shadigest = sha512digest[:]
algo = tpm3.AlgSHA512 algo = tpm2.AlgSHA512
default:
panic("unhandled default case")
} }
if tpmv2Signer.public.Type == tpm3.AlgECC { if tpmv2Signer.public.Type == tpm2.AlgECC {
// Check to see that ECDSA is supported for signing // Check to see that ECDSA is supported for signing
err = checkCapability(rw, tpm3.AlgECC) err = checkCapability(rw, tpm2.AlgECC)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -192,13 +190,13 @@ func (tpmv2Signer *TPMv2Signer) Sign(_ io.Reader, digest []byte, opts crypto.Sig
} }
switch byteSize { switch byteSize {
case sha512.Size: case sha512.Size:
algo = tpm3.AlgSHA512 algo = tpm2.AlgSHA512
case sha512.Size384: case sha512.Size384:
algo = tpm3.AlgSHA384 algo = tpm2.AlgSHA384
case sha512.Size256: case sha512.Size256:
algo = tpm3.AlgSHA256 algo = tpm2.AlgSHA256
case sha1.Size: case sha1.Size:
algo = tpm3.AlgSHA1 algo = tpm2.AlgSHA1
default: default:
return nil, errors.New("unsupported curve") return nil, errors.New("unsupported curve")
} }
@@ -212,7 +210,7 @@ func (tpmv2Signer *TPMv2Signer) Sign(_ io.Reader, digest []byte, opts crypto.Sig
} }
sig, err := tpmv2Signer.signHelper(rw, keyHandle, shadigest, sig, err := tpmv2Signer.signHelper(rw, keyHandle, shadigest,
&tpm3.SigScheme{Alg: tpm3.AlgECDSA, Hash: algo}) &tpm2.SigScheme{Alg: tpm2.AlgECDSA, Hash: algo})
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -231,13 +229,13 @@ func (tpmv2Signer *TPMv2Signer) Sign(_ io.Reader, digest []byte, opts crypto.Sig
} }
// Check to see that RSASSA is supported for signing // Check to see that RSASSA is supported for signing
err = checkCapability(rw, tpm3.AlgRSASSA) err = checkCapability(rw, tpm2.AlgRSASSA)
if err != nil { if err != nil {
return nil, err return nil, err
} }
sig, err := tpmv2Signer.signHelper(rw, keyHandle, shadigest, sig, err := tpmv2Signer.signHelper(rw, keyHandle, shadigest,
&tpm3.SigScheme{Alg: tpm3.AlgRSASSA, Hash: algo}) &tpm2.SigScheme{Alg: tpm2.AlgRSASSA, Hash: algo})
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -246,12 +244,12 @@ func (tpmv2Signer *TPMv2Signer) Sign(_ io.Reader, digest []byte, opts crypto.Sig
return signature, nil return signature, nil
} }
func (tpmv2Signer *TPMv2Signer) signHelper(rw io.ReadWriter, keyHandle tpmutil.Handle, digest tpmutil.U16Bytes, sigScheme *tpm3.SigScheme) (*tpm3.Signature, error) { func (tpmv2Signer *TPMv2Signer) signHelper(rw io.ReadWriter, keyHandle tpmutil.Handle, digest tpmutil.U16Bytes, sigScheme *tpm2.SigScheme) (*tpm2.Signature, error) {
passwordPromptInput := PasswordPromptProps{ passwordPromptInput := PasswordPromptProps{
InitialPassword: tpmv2Signer.password, InitialPassword: tpmv2Signer.password,
NoPassword: tpmv2Signer.emptyAuth, NoPassword: tpmv2Signer.emptyAuth,
CheckPassword: func(password string) (interface{}, error) { CheckPassword: func(password string) (interface{}, error) {
return tpm3.Sign(rw, keyHandle, password, digest, nil, sigScheme) return tpm2.Sign(rw, keyHandle, password, digest, nil, sigScheme)
}, },
IncorrectPasswordMsg: "incorrect TPM key password", IncorrectPasswordMsg: "incorrect TPM key password",
Prompt: "Please enter your TPM key password:", Prompt: "Please enter your TPM key password:",
@@ -266,7 +264,7 @@ func (tpmv2Signer *TPMv2Signer) signHelper(rw io.ReadWriter, keyHandle tpmutil.H
} }
tpmv2Signer.password = password tpmv2Signer.password = password
return sig.(*tpm3.Signature), err return sig.(*tpm2.Signature), err
} }
// Gets the x509.Certificate associated with this TPMv2Signer // Gets the x509.Certificate associated with this TPMv2Signer
@@ -339,7 +337,7 @@ func GetTPMv2Signer(opts GetTPMv2SignerOpts) (signer Signer, signingAlgorithm st
emptyAuth bool emptyAuth bool
tpmData tpm2_TPMKey tpmData tpm2_TPMKey
handle tpmutil.Handle handle tpmutil.Handle
public tpm3.Public public tpm2.Public
private []byte private []byte
) )
@@ -372,7 +370,7 @@ func GetTPMv2Signer(opts GetTPMv2SignerOpts) (signer Signer, signingAlgorithm st
} }
defer rw.Close() defer rw.Close()
public, _, _, err = tpm3.ReadPublic(rw, handle) public, _, _, err = tpm2.ReadPublic(rw, handle)
if err != nil { if err != nil {
return nil, "", err return nil, "", err
} }
@@ -400,10 +398,10 @@ func GetTPMv2Signer(opts GetTPMv2SignerOpts) (signer Signer, signingAlgorithm st
} }
if !handleIsPersistent(tpmData.Parent) && if !handleIsPersistent(tpmData.Parent) &&
tpmData.Parent != int(tpm3.HandleOwner) && tpmData.Parent != int(tpm2.HandleOwner) &&
tpmData.Parent != int(tpm3.HandleNull) && tpmData.Parent != int(tpm2.HandleNull) &&
tpmData.Parent != int(tpm3.HandleEndorsement) && tpmData.Parent != int(tpm2.HandleEndorsement) &&
tpmData.Parent != int(tpm3.HandlePlatform) { tpmData.Parent != int(tpm2.HandlePlatform) {
return nil, "", errors.New("invalid parent for TPMv2 key") return nil, "", errors.New("invalid parent for TPMv2 key")
} }
if len(tpmData.Pubkey) < 2 || if len(tpmData.Pubkey) < 2 ||
@@ -411,7 +409,7 @@ func GetTPMv2Signer(opts GetTPMv2SignerOpts) (signer Signer, signingAlgorithm st
return nil, "", errors.New("invalid length for TPMv2 PUBLIC blob") return nil, "", errors.New("invalid length for TPMv2 PUBLIC blob")
} }
public, err = tpm3.DecodePublic(tpmData.Pubkey[2:]) public, err = tpm2.DecodePublic(tpmData.Pubkey[2:])
if err != nil { if err != nil {
return nil, "", err return nil, "", err
} }
@@ -424,10 +422,10 @@ func GetTPMv2Signer(opts GetTPMv2SignerOpts) (signer Signer, signingAlgorithm st
} }
switch public.Type { switch public.Type {
case tpm3.AlgRSA: case tpm2.AlgRSA:
signingAlgorithm = aws4X509RsaSha256 signingAlgorithm = aws4_x509_rsa_sha256
case tpm3.AlgECC: case tpm2.AlgECC:
signingAlgorithm = aws4X509EcdsaSha256 signingAlgorithm = aws4_x509_ecdsa_sha256
default: default:
return nil, "", errors.New("unsupported TPMv2 key type") return nil, "", errors.New("unsupported TPMv2 key type")
} }

5
aws_signing_helper/tpm_signer_helper.go
View File

@@ -1,10 +1,9 @@
package aws_signing_helper package aws_signing_helper
import ( import (
tpm2 "github.com/google/go-tpm/tpm2"
"io" "io"
"os" "os"
tpm3 "github.com/google/go-tpm/legacy/tpm2"
) )
func openTPM() (io.ReadWriteCloser, error) { func openTPM() (io.ReadWriteCloser, error) {
@@ -13,5 +12,5 @@ func openTPM() (io.ReadWriteCloser, error) {
if tpmdev != "" { if tpmdev != "" {
paths = append(paths, tpmdev) paths = append(paths, tpmdev)
} }
return tpm3.OpenTPM(paths...) return tpm2.OpenTPM(paths...)
} }

76
config/config.go
View File

@@ -1,11 +1,6 @@
package config package config
import ( import "git.siteworxpro.com/packages/go/utilities/Env"
"encoding/base64"
"fmt"
"gitea.siteworxpro.com/golang-packages/utilities/Env"
"regexp"
)
const ( const (
namespace Env.EnvironmentVariable = "NAMESPACE" namespace Env.EnvironmentVariable = "NAMESPACE"
@@ -15,10 +10,8 @@ const (
trustedAnchorArn Env.EnvironmentVariable = "TRUSTED_ANCHOR_ARN" trustedAnchorArn Env.EnvironmentVariable = "TRUSTED_ANCHOR_ARN"
privateKey Env.EnvironmentVariable = "PRIVATE_KEY" privateKey Env.EnvironmentVariable = "PRIVATE_KEY"
certificate Env.EnvironmentVariable = "CERTIFICATE" certificate Env.EnvironmentVariable = "CERTIFICATE"
bundleId Env.EnvironmentVariable = "CA_CHAIN"
sessionDuration Env.EnvironmentVariable = "SESSION_DURATION" sessionDuration Env.EnvironmentVariable = "SESSION_DURATION"
restartDeployments Env.EnvironmentVariable = "RESTART_DEPLOYMENTS" restartDeployments Env.EnvironmentVariable = "RESTART_DEPLOYMENTS"
fetchOnly Env.EnvironmentVariable = "FETCH_ONLY"
) )
type Config struct{} type Config struct{}
@@ -27,59 +20,6 @@ func NewConfig() *Config {
return &Config{} return &Config{}
} }
func (c Config) Valid() error {
// Certificate Required
if c.Certificate() == "" {
return fmt.Errorf("certificate is required")
}
// Private Key Required
if c.PrivateKey() == "" {
return fmt.Errorf("private Key is required")
}
// Role ARN Required
if c.RoleArn() == "" {
return fmt.Errorf("role ARN is required")
}
if !regexp.MustCompile(`^arn:aws:iam::[0-9]{10,13}:role/[\w\D]*$`).MatchString(c.RoleArn()) {
return fmt.Errorf("role ARN %s is invalid", c.RoleArn())
}
if c.ProfileArn() == "" {
return fmt.Errorf("profile ARN is required")
}
if !regexp.MustCompile(`^arn:aws:rolesanywhere:[\w-]*:\d{10,12}:profile/[\w\D]*$`).MatchString(c.ProfileArn()) {
return fmt.Errorf("profile ARN %s is invalid", c.ProfileArn())
}
// Trusted Anchor ARN Required
if c.TrustedAnchor() == "" {
return fmt.Errorf("trusted anchor ARN is required")
}
if !regexp.MustCompile(`^arn:aws:rolesanywhere:[\w-]*:\d{10,12}:trust-anchor/[\w\D]*$`).MatchString(c.TrustedAnchor()) {
return fmt.Errorf("trusted anchor %s ARN is invalid", c.TrustedAnchor())
}
return nil
}
func (Config) BundleId() string {
v, err := base64.StdEncoding.DecodeString(bundleId.GetEnvString(""))
if err != nil {
return ""
}
return string(v)
}
func (Config) FetchOnly() bool {
return fetchOnly.GetEnvBool(false)
}
func (Config) Namespace() string { func (Config) Namespace() string {
return namespace.GetEnvString("") return namespace.GetEnvString("")
} }
@@ -101,21 +41,11 @@ func (Config) TrustedAnchor() string {
} }
func (Config) PrivateKey() string { func (Config) PrivateKey() string {
v, err := base64.StdEncoding.DecodeString(privateKey.GetEnvString("")) return privateKey.GetEnvString("")
if err != nil {
return ""
}
return string(v)
} }
func (Config) Certificate() string { func (Config) Certificate() string {
v, err := base64.StdEncoding.DecodeString(certificate.GetEnvString("")) return certificate.GetEnvString("")
if err != nil {
return ""
}
return string(v)
} }
func (Config) SessionDuration() int64 { func (Config) SessionDuration() int64 {

127
go.mod
View File

@@ -1,97 +1,86 @@
module gitea.siteworxpro.com/Siteworxpro/aws-iam-anywhere-refresher module gitea.siteworxpro.com/Siteworxpro/aws-iam-anywhere-refresher
go 1.25.3 go 1.24.3
require ( require (
gitea.siteworxpro.com/golang-packages/utilities v1.0.0 git.siteworxpro.com/packages/go/utilities v1.3.0
github.com/aws/aws-sdk-go v1.55.8 github.com/aws/aws-sdk-go v1.55.7
github.com/aws/aws-sdk-go-v2 v1.41.0 github.com/aws/aws-sdk-go-v2 v1.36.3
github.com/aws/aws-sdk-go-v2/config v1.32.6 github.com/aws/aws-sdk-go-v2/config v1.29.6
github.com/aws/rolesanywhere-credential-helper v1.7.2 github.com/aws/rolesanywhere-credential-helper v1.6.0
github.com/aws/smithy-go v1.24.0 github.com/aws/smithy-go v1.22.3
github.com/charmbracelet/log v0.4.2 github.com/charmbracelet/log v0.4.2
github.com/google/go-tpm v0.9.7 github.com/google/go-tpm v0.3.3
github.com/miekg/pkcs11 v1.1.1 github.com/miekg/pkcs11 v1.1.1
github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6 github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6
golang.org/x/crypto v0.46.0 golang.org/x/crypto v0.38.0
golang.org/x/net v0.48.0 golang.org/x/net v0.40.0
golang.org/x/term v0.38.0 golang.org/x/term v0.32.0
k8s.io/api v0.35.0 k8s.io/api v0.33.0
k8s.io/apimachinery v0.35.0 k8s.io/apimachinery v0.33.0
k8s.io/client-go v0.35.0 k8s.io/client-go v0.33.0
) )
require ( require (
github.com/aws/aws-sdk-go-v2/credentials v1.19.6 // indirect github.com/aws/aws-sdk-go-v2/credentials v1.17.59 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.16 // indirect github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.28 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.16 // indirect github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.32 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.16 // indirect github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.32 // indirect
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.2 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4 // indirect github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.2 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.16 // indirect github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.13 // indirect
github.com/aws/aws-sdk-go-v2/service/signin v1.0.4 // indirect github.com/aws/aws-sdk-go-v2/service/sso v1.24.15 // indirect
github.com/aws/aws-sdk-go-v2/service/sso v1.30.8 // indirect github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.14 // indirect
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.12 // indirect github.com/aws/aws-sdk-go-v2/service/sts v1.33.14 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.41.5 // indirect
github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
github.com/charmbracelet/colorprofile v0.4.1 // indirect github.com/charmbracelet/colorprofile v0.3.1 // indirect
github.com/charmbracelet/lipgloss v1.1.0 // indirect github.com/charmbracelet/lipgloss v1.1.0 // indirect
github.com/charmbracelet/x/ansi v0.11.3 // indirect github.com/charmbracelet/x/ansi v0.9.2 // indirect
github.com/charmbracelet/x/cellbuf v0.0.14 // indirect github.com/charmbracelet/x/cellbuf v0.0.13 // indirect
github.com/charmbracelet/x/term v0.2.2 // indirect github.com/charmbracelet/x/term v0.2.1 // indirect
github.com/clipperhouse/displaywidth v0.6.2 // indirect
github.com/clipperhouse/stringish v0.1.1 // indirect
github.com/clipperhouse/uax29/v2 v2.3.0 // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
github.com/emicklei/go-restful/v3 v3.13.0 // indirect github.com/emicklei/go-restful/v3 v3.11.0 // indirect
github.com/fxamacker/cbor/v2 v2.9.0 // indirect github.com/fxamacker/cbor/v2 v2.7.0 // indirect
github.com/go-logfmt/logfmt v0.6.1 // indirect github.com/go-logfmt/logfmt v0.6.0 // indirect
github.com/go-logr/logr v1.4.3 // indirect github.com/go-logr/logr v1.4.2 // indirect
github.com/go-openapi/jsonpointer v0.22.4 // indirect github.com/go-openapi/jsonpointer v0.21.0 // indirect
github.com/go-openapi/jsonreference v0.21.4 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect
github.com/go-openapi/swag v0.25.4 // indirect github.com/go-openapi/swag v0.23.0 // indirect
github.com/go-openapi/swag/cmdutils v0.25.4 // indirect github.com/gogo/protobuf v1.3.2 // indirect
github.com/go-openapi/swag/conv v0.25.4 // indirect github.com/google/gnostic-models v0.6.9 // indirect
github.com/go-openapi/swag/fileutils v0.25.4 // indirect github.com/google/go-cmp v0.7.0 // indirect
github.com/go-openapi/swag/jsonname v0.25.4 // indirect
github.com/go-openapi/swag/jsonutils v0.25.4 // indirect
github.com/go-openapi/swag/loading v0.25.4 // indirect
github.com/go-openapi/swag/mangling v0.25.4 // indirect
github.com/go-openapi/swag/netutils v0.25.4 // indirect
github.com/go-openapi/swag/stringutils v0.25.4 // indirect
github.com/go-openapi/swag/typeutils v0.25.4 // indirect
github.com/go-openapi/swag/yamlutils v0.25.4 // indirect
github.com/google/gnostic-models v0.7.1 // indirect
github.com/google/uuid v1.6.0 // indirect github.com/google/uuid v1.6.0 // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect github.com/json-iterator/go v1.1.12 // indirect
github.com/kr/text v0.2.0 // indirect github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
github.com/lucasb-eyer/go-colorful v1.3.0 // indirect github.com/mailru/easyjson v0.7.7 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect github.com/mattn/go-isatty v0.0.20 // indirect
github.com/mattn/go-runewidth v0.0.19 // indirect github.com/mattn/go-runewidth v0.0.16 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/muesli/termenv v0.16.0 // indirect github.com/muesli/termenv v0.16.0 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/rivo/uniseg v0.4.7 // indirect github.com/rivo/uniseg v0.4.7 // indirect
github.com/spf13/pflag v1.0.6 // indirect
github.com/x448/float16 v0.8.4 // indirect github.com/x448/float16 v0.8.4 // indirect
github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
go.yaml.in/yaml/v2 v2.4.3 // indirect golang.org/x/exp v0.0.0-20250506013437-ce4c2cf36ca6 // indirect
go.yaml.in/yaml/v3 v3.0.4 // indirect golang.org/x/oauth2 v0.27.0 // indirect
golang.org/x/exp v0.0.0-20251219203646-944ab1f22d93 // indirect golang.org/x/sys v0.33.0 // indirect
golang.org/x/oauth2 v0.34.0 // indirect golang.org/x/text v0.25.0 // indirect
golang.org/x/sys v0.39.0 // indirect golang.org/x/time v0.9.0 // indirect
golang.org/x/text v0.32.0 // indirect google.golang.org/protobuf v1.36.5 // indirect
golang.org/x/time v0.14.0 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
google.golang.org/protobuf v1.36.11 // indirect
gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/klog/v2 v2.130.1 // indirect k8s.io/klog/v2 v2.130.1 // indirect
k8s.io/kube-openapi v0.0.0-20251125145642-4e65d59e963e // indirect k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff // indirect
k8s.io/utils v0.0.0-20251222233032-718f0e51e6d2 // indirect k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 // indirect
sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect
sigs.k8s.io/randfill v1.0.0 // indirect sigs.k8s.io/randfill v1.0.0 // indirect
sigs.k8s.io/structured-merge-diff/v6 v6.3.1 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.6.0 // indirect
sigs.k8s.io/yaml v1.6.0 // indirect sigs.k8s.io/yaml v1.4.0 // indirect
) )

489
go.sum
View File

@@ -1,231 +1,396 @@
gitea.siteworxpro.com/golang-packages/utilities v1.0.0 h1:f5JqAeZWBn/HBO9k5dzg0Wm91a69uwU5UC2P9ebQ9J0= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
gitea.siteworxpro.com/golang-packages/utilities v1.0.0/go.mod h1:QNqclnfv/BT2D5tbXgsGm7uhhe2Baovi5F6j0pVvMGc= git.siteworxpro.com/packages/go/utilities v1.3.0 h1:931q66COBJATgIQksPDSZlWMIwENJhhfC/GVf22ER5s=
github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0= git.siteworxpro.com/packages/go/utilities v1.3.0/go.mod h1:iWhICNrMnB03PY9dM9eCNs9uQPEsPwae5pJDG+HHUPI=
github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/aws/aws-sdk-go v1.55.8 h1:JRmEUbU52aJQZ2AjX4q4Wu7t4uZjOu71uyNmaWlUkJQ= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
github.com/aws/aws-sdk-go v1.55.8/go.mod h1:ZkViS9AqA6otK+JBBNH2++sx1sgxrPKcSzPPvQkUtXk= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
github.com/aws/aws-sdk-go-v2 v1.41.0 h1:tNvqh1s+v0vFYdA1xq0aOJH+Y5cRyZ5upu6roPgPKd4= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
github.com/aws/aws-sdk-go-v2 v1.41.0/go.mod h1:MayyLB8y+buD9hZqkCW3kX1AKq07Y5pXxtgB+rRFhz0= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
github.com/aws/aws-sdk-go-v2/config v1.32.6 h1:hFLBGUKjmLAekvi1evLi5hVvFQtSo3GYwi+Bx4lpJf8= github.com/aws/aws-sdk-go v1.55.7 h1:UJrkFq7es5CShfBwlWAC8DA077vp8PyVbQd3lqLiztE=
github.com/aws/aws-sdk-go-v2/config v1.32.6/go.mod h1:lcUL/gcd8WyjCrMnxez5OXkO3/rwcNmvfno62tnXNcI= github.com/aws/aws-sdk-go v1.55.7/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU=
github.com/aws/aws-sdk-go-v2/credentials v1.19.6 h1:F9vWao2TwjV2MyiyVS+duza0NIRtAslgLUM0vTA1ZaE= github.com/aws/aws-sdk-go-v2 v1.36.3 h1:mJoei2CxPutQVxaATCzDUjcZEjVRdpsiiXi2o38yqWM=
github.com/aws/aws-sdk-go-v2/credentials v1.19.6/go.mod h1:SgHzKjEVsdQr6Opor0ihgWtkWdfRAIwxYzSJ8O85VHY= github.com/aws/aws-sdk-go-v2 v1.36.3/go.mod h1:LLXuLpgzEbD766Z5ECcRmi8AzSwfZItDtmABVkRLGzg=
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.16 h1:80+uETIWS1BqjnN9uJ0dBUaETh+P1XwFy5vwHwK5r9k= github.com/aws/aws-sdk-go-v2/config v1.29.6 h1:fqgqEKK5HaZVWLQoLiC9Q+xDlSp+1LYidp6ybGE2OGg=
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.16/go.mod h1:wOOsYuxYuB/7FlnVtzeBYRcjSRtQpAW0hCP7tIULMwo= github.com/aws/aws-sdk-go-v2/config v1.29.6/go.mod h1:Ft+WLODzDQmCTHDvqAH1JfC2xxbZ0MxpZAcJqmE1LTQ=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.16 h1:rgGwPzb82iBYSvHMHXc8h9mRoOUBZIGFgKb9qniaZZc= github.com/aws/aws-sdk-go-v2/credentials v1.17.59 h1:9btwmrt//Q6JcSdgJOLI98sdr5p7tssS9yAsGe8aKP4=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.16/go.mod h1:L/UxsGeKpGoIj6DxfhOWHWQ/kGKcd4I1VncE4++IyKA= github.com/aws/aws-sdk-go-v2/credentials v1.17.59/go.mod h1:NM8fM6ovI3zak23UISdWidyZuI1ghNe2xjzUZAyT+08=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.16 h1:1jtGzuV7c82xnqOVfx2F0xmJcOw5374L7N6juGW6x6U= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.28 h1:KwsodFKVQTlI5EyhRSugALzsV6mG/SGrdjlMXSZSdso=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.16/go.mod h1:M2E5OQf+XLe+SZGmmpaI2yy+J326aFf6/+54PoxSANc= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.28/go.mod h1:EY3APf9MzygVhKuPXAc5H+MkGb8k/DOSQjWS0LgkKqI=
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 h1:WKuaxf++XKWlHWu9ECbMlha8WOEGm0OUEZqm4K/Gcfk= github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.32 h1:BjUcr3X3K0wZPGFg2bxOWW3VPN8rkE3/61zhP+IHviA=
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4/go.mod h1:ZWy7j6v1vWGmPReu0iSGvRiise4YI5SkR3OHKTZ6Wuc= github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.32/go.mod h1:80+OGC/bgzzFFTUmcuwD0lb4YutwQeKLFpmt6hoWapU=
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4 h1:0ryTNEdJbzUCEWkVXEXoqlXV72J5keC1GvILMOuD00E= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.32 h1:m1GeXHVMJsRsUAqG6HjZWx9dj7F5TR+cF1bjyfYyBd4=
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4/go.mod h1:HQ4qwNZh32C3CBeO6iJLQlgtMzqeG17ziAA/3KDJFow= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.32/go.mod h1:IitoQxGfaKdVLNg0hD8/DXmAqNy0H4K2H2Sf91ti8sI=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.16 h1:oHjJHeUy0ImIV0bsrX0X91GkV5nJAyv1l1CC9lnO0TI= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.2 h1:Pg9URiobXy85kgFev3og2CuOZ8JZUBENF+dcgWBaYNk=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.16/go.mod h1:iRSNGgOYmiYwSCXxXaKb9HfOEj40+oTKn8pTxMlYkRM= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.2/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc=
github.com/aws/aws-sdk-go-v2/service/signin v1.0.4 h1:HpI7aMmJ+mm1wkSHIA2t5EaFFv5EFYXePW30p1EIrbQ= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.2 h1:D4oz8/CzT9bAEYtVhSBmFj2dNOtaHOtMKc2vHBwYizA=
github.com/aws/aws-sdk-go-v2/service/signin v1.0.4/go.mod h1:C5RdGMYGlfM0gYq/tifqgn4EbyX99V15P2V3R+VHbQU= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.2/go.mod h1:Za3IHqTQ+yNcRHxu1OFucBh0ACZT4j4VQFF0BqpZcLY=
github.com/aws/aws-sdk-go-v2/service/sso v1.30.8 h1:aM/Q24rIlS3bRAhTyFurowU8A0SMyGDtEOY/l/s/1Uw= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.13 h1:SYVGSFQHlchIcy6e7x12bsrxClCXSP5et8cqVhL8cuw=
github.com/aws/aws-sdk-go-v2/service/sso v1.30.8/go.mod h1:+fWt2UHSb4kS7Pu8y+BMBvJF0EWx+4H0hzNwtDNRTrg= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.13/go.mod h1:kizuDaLX37bG5WZaoxGPQR/LNFXpxp0vsUnqfkWXfNE=
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.12 h1:AHDr0DaHIAo8c9t1emrzAlVDFp+iMMKnPdYy6XO4MCE= github.com/aws/aws-sdk-go-v2/service/sso v1.24.15 h1:/eE3DogBjYlvlbhd2ssWyeuovWunHLxfgw3s/OJa4GQ=
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.12/go.mod h1:GQ73XawFFiWxyWXMHWfhiomvP3tXtdNar/fi8z18sx0= github.com/aws/aws-sdk-go-v2/service/sso v1.24.15/go.mod h1:2PCJYpi7EKeA5SkStAmZlF6fi0uUABuhtF8ILHjGc3Y=
github.com/aws/aws-sdk-go-v2/service/sts v1.41.5 h1:SciGFVNZ4mHdm7gpD1dgZYnCuVdX1s+lFTg4+4DOy70= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.14 h1:M/zwXiL2iXUrHputuXgmO94TVNmcenPHxgLXLutodKE=
github.com/aws/aws-sdk-go-v2/service/sts v1.41.5/go.mod h1:iW40X4QBmUxdP+fZNOpfmkdMZqsovezbAeO+Ubiv2pk= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.14/go.mod h1:RVwIw3y/IqxC2YEXSIkAzRDdEU1iRabDPaYjpGCbCGQ=
github.com/aws/rolesanywhere-credential-helper v1.7.2 h1:DcouWSyzdjpCZNAQh/ajXlHPds2Kz2mM8FovCjzUy6k= github.com/aws/aws-sdk-go-v2/service/sts v1.33.14 h1:TzeR06UCMUq+KA3bDkujxK1GVGy+G8qQN/QVYzGLkQE=
github.com/aws/rolesanywhere-credential-helper v1.7.2/go.mod h1:0WSfaR9Jc/tsAWJUHdZSLxQKpqltdL0SMjmykDTT3G8= github.com/aws/aws-sdk-go-v2/service/sts v1.33.14/go.mod h1:dspXf/oYWGWo6DEvj98wpaTeqt5+DMidZD0A9BYTizc=
github.com/aws/smithy-go v1.24.0 h1:LpilSUItNPFr1eY85RYgTIg5eIEPtvFbskaFcmmIUnk= github.com/aws/rolesanywhere-credential-helper v1.6.0 h1:NX9Qc1jQ85XzF5Ksm5DKLdKXEUj5szdIDbGsglYCBaQ=
github.com/aws/smithy-go v1.24.0/go.mod h1:LEj2LM3rBRQJxPZTB4KuzZkaZYnZPnvgIhb4pu07mx0= github.com/aws/rolesanywhere-credential-helper v1.6.0/go.mod h1:h2qTbudK5O3KD5FtlIPgkmCB16oeebp9g/43pn5TEGU=
github.com/aws/smithy-go v1.22.3 h1:Z//5NuZCSW6R4PhQ93hShNbyBbn8BWCmCVCt+Q8Io5k=
github.com/aws/smithy-go v1.22.3/go.mod h1:t1ufH5HMublsJYulve2RKmHDC15xu1f26kHCp/HgceI=
github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k= github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k=
github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8= github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8=
github.com/charmbracelet/colorprofile v0.4.1 h1:a1lO03qTrSIRaK8c3JRxJDZOvhvIeSco3ej+ngLk1kk= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
github.com/charmbracelet/colorprofile v0.4.1/go.mod h1:U1d9Dljmdf9DLegaJ0nGZNJvoXAhayhmidOdcBwAvKk= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
github.com/charmbracelet/colorprofile v0.3.1 h1:k8dTHMd7fgw4bnFd7jXTLZrSU/CQrKnL3m+AxCzDz40=
github.com/charmbracelet/colorprofile v0.3.1/go.mod h1:/GkGusxNs8VB/RSOh3fu0TJmQ4ICMMPApIIVn0KszZ0=
github.com/charmbracelet/lipgloss v1.1.0 h1:vYXsiLHVkK7fp74RkV7b2kq9+zDLoEU4MZoFqR/noCY= github.com/charmbracelet/lipgloss v1.1.0 h1:vYXsiLHVkK7fp74RkV7b2kq9+zDLoEU4MZoFqR/noCY=
github.com/charmbracelet/lipgloss v1.1.0/go.mod h1:/6Q8FR2o+kj8rz4Dq0zQc3vYf7X+B0binUUBwA0aL30= github.com/charmbracelet/lipgloss v1.1.0/go.mod h1:/6Q8FR2o+kj8rz4Dq0zQc3vYf7X+B0binUUBwA0aL30=
github.com/charmbracelet/log v0.4.2 h1:hYt8Qj6a8yLnvR+h7MwsJv/XvmBJXiueUcI3cIxsyig= github.com/charmbracelet/log v0.4.2 h1:hYt8Qj6a8yLnvR+h7MwsJv/XvmBJXiueUcI3cIxsyig=
github.com/charmbracelet/log v0.4.2/go.mod h1:qifHGX/tc7eluv2R6pWIpyHDDrrb/AG71Pf2ysQu5nw= github.com/charmbracelet/log v0.4.2/go.mod h1:qifHGX/tc7eluv2R6pWIpyHDDrrb/AG71Pf2ysQu5nw=
github.com/charmbracelet/x/ansi v0.11.3 h1:6DcVaqWI82BBVM/atTyq6yBoRLZFBsnoDoX9GCu2YOI= github.com/charmbracelet/x/ansi v0.9.2 h1:92AGsQmNTRMzuzHEYfCdjQeUzTrgE1vfO5/7fEVoXdY=
github.com/charmbracelet/x/ansi v0.11.3/go.mod h1:yI7Zslym9tCJcedxz5+WBq+eUGMJT0bM06Fqy1/Y4dI= github.com/charmbracelet/x/ansi v0.9.2/go.mod h1:3RQDQ6lDnROptfpWuUVIUG64bD2g2BgntdxH0Ya5TeE=
github.com/charmbracelet/x/cellbuf v0.0.14 h1:iUEMryGyFTelKW3THW4+FfPgi4fkmKnnaLOXuc+/Kj4= github.com/charmbracelet/x/cellbuf v0.0.13 h1:/KBBKHuVRbq1lYx5BzEHBAFBP8VcQzJejZ/IA3iR28k=
github.com/charmbracelet/x/cellbuf v0.0.14/go.mod h1:P447lJl49ywBbil/KjCk2HexGh4tEY9LH0/1QrZZ9rA= github.com/charmbracelet/x/cellbuf v0.0.13/go.mod h1:xe0nKWGd3eJgtqZRaN9RjMtK7xUYchjzPr7q6kcvCCs=
github.com/charmbracelet/x/term v0.2.2 h1:xVRT/S2ZcKdhhOuSP4t5cLi5o+JxklsoEObBSgfgZRk= github.com/charmbracelet/x/term v0.2.1 h1:AQeHeLZ1OqSXhrAWpYUtZyX1T3zVxfpZuEQMIQaGIAQ=
github.com/charmbracelet/x/term v0.2.2/go.mod h1:kF8CY5RddLWrsgVwpw4kAa6TESp6EB5y3uxGLeCqzAI= github.com/charmbracelet/x/term v0.2.1/go.mod h1:oQ4enTYFV7QN4m0i9mzHrViD7TQKvNEEkHUMCmsxdUg=
github.com/clipperhouse/displaywidth v0.6.2 h1:ZDpTkFfpHOKte4RG5O/BOyf3ysnvFswpyYrV7z2uAKo= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
github.com/clipperhouse/displaywidth v0.6.2/go.mod h1:R+kHuzaYWFkTm7xoMmK1lFydbci4X2CicfbGstSGg0o= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
github.com/clipperhouse/stringish v0.1.1 h1:+NSqMOr3GR6k1FdRhhnXrLfztGzuG+VuFDfatpWHKCs= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
github.com/clipperhouse/stringish v0.1.1/go.mod h1:v/WhFtE1q0ovMta2+m+UbpZ+2/HEXNWYXQgCt4hdOzA= github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
github.com/clipperhouse/uax29/v2 v2.3.0 h1:SNdx9DVUqMoBuBoW3iLOj4FQv3dN5mDtuqwuhIGpJy4= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
github.com/clipperhouse/uax29/v2 v2.3.0/go.mod h1:Wn1g7MK6OoeDT0vL+Q0SQLDz/KpfsVRgg6W7ihQeh4g= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=
github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/emicklei/go-restful/v3 v3.13.0 h1:C4Bl2xDndpU6nJ4bc1jXd+uTmYPVUwkD6bFY/oTyCes= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
github.com/emicklei/go-restful/v3 v3.13.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sapM= github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
github.com/fxamacker/cbor/v2 v2.9.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ= github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
github.com/go-logfmt/logfmt v0.6.1 h1:4hvbpePJKnIzH1B+8OR/JPbTx37NktoI9LE2QZBBkvE= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/go-logfmt/logfmt v0.6.1/go.mod h1:EV2pOAQoZaT1ZXZbqDl5hrymndi4SY9ED9/z6CO0XAk= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
github.com/go-openapi/jsonpointer v0.22.4 h1:dZtK82WlNpVLDW2jlA1YCiVJFVqkED1MegOUy9kR5T4= github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
github.com/go-openapi/jsonpointer v0.22.4/go.mod h1:elX9+UgznpFhgBuaMQ7iu4lvvX1nvNsesQ3oxmYTw80= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
github.com/go-openapi/jsonreference v0.21.4 h1:24qaE2y9bx/q3uRK/qN+TDwbok1NhbSmGjjySRCHtC8= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-openapi/jsonreference v0.21.4/go.mod h1:rIENPTjDbLpzQmQWCj5kKj3ZlmEh+EFVbz3RTUh30/4= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
github.com/go-openapi/swag v0.25.4 h1:OyUPUFYDPDBMkqyxOTkqDYFnrhuhi9NR6QVUvIochMU= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
github.com/go-openapi/swag v0.25.4/go.mod h1:zNfJ9WZABGHCFg2RnY0S4IOkAcVTzJ6z2Bi+Q4i6qFQ= github.com/go-logfmt/logfmt v0.6.0 h1:wGYYu3uicYdqXVgoYbvnkrPVXkuLM1p1ifugDMEdRi4=
github.com/go-openapi/swag/cmdutils v0.25.4 h1:8rYhB5n6WawR192/BfUu2iVlxqVR9aRgGJP6WaBoW+4= github.com/go-logfmt/logfmt v0.6.0/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
github.com/go-openapi/swag/cmdutils v0.25.4/go.mod h1:pdae/AFo6WxLl5L0rq87eRzVPm/XRHM3MoYgRMvG4A0= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
github.com/go-openapi/swag/conv v0.25.4 h1:/Dd7p0LZXczgUcC/Ikm1+YqVzkEeCc9LnOWjfkpkfe4= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
github.com/go-openapi/swag/conv v0.25.4/go.mod h1:3LXfie/lwoAv0NHoEuY1hjoFAYkvlqI/Bn5EQDD3PPU= github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
github.com/go-openapi/swag/fileutils v0.25.4 h1:2oI0XNW5y6UWZTC7vAxC8hmsK/tOkWXHJQH4lKjqw+Y= github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ=
github.com/go-openapi/swag/fileutils v0.25.4/go.mod h1:cdOT/PKbwcysVQ9Tpr0q20lQKH7MGhOEb6EwmHOirUk= github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY=
github.com/go-openapi/swag/jsonname v0.25.4 h1:bZH0+MsS03MbnwBXYhuTttMOqk+5KcQ9869Vye1bNHI= github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE=
github.com/go-openapi/swag/jsonname v0.25.4/go.mod h1:GPVEk9CWVhNvWhZgrnvRA6utbAltopbKwDu8mXNUMag= github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
github.com/go-openapi/swag/jsonutils v0.25.4 h1:VSchfbGhD4UTf4vCdR2F4TLBdLwHyUDTd1/q4i+jGZA= github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
github.com/go-openapi/swag/jsonutils v0.25.4/go.mod h1:7OYGXpvVFPn4PpaSdPHJBtF0iGnbEaTk8AvBkoWnaAY= github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE=
github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.4 h1:IACsSvBhiNJwlDix7wq39SS2Fh7lUOCJRmx/4SN4sVo= github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.4/go.mod h1:Mt0Ost9l3cUzVv4OEZG+WSeoHwjWLnarzMePNDAOBiM= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
github.com/go-openapi/swag/loading v0.25.4 h1:jN4MvLj0X6yhCDduRsxDDw1aHe+ZWoLjW+9ZQWIKn2s=
github.com/go-openapi/swag/loading v0.25.4/go.mod h1:rpUM1ZiyEP9+mNLIQUdMiD7dCETXvkkC30z53i+ftTE=
github.com/go-openapi/swag/mangling v0.25.4 h1:2b9kBJk9JvPgxr36V23FxJLdwBrpijI26Bx5JH4Hp48=
github.com/go-openapi/swag/mangling v0.25.4/go.mod h1:6dxwu6QyORHpIIApsdZgb6wBk/DPU15MdyYj/ikn0Hg=
github.com/go-openapi/swag/netutils v0.25.4 h1:Gqe6K71bGRb3ZQLusdI8p/y1KLgV4M/k+/HzVSqT8H0=
github.com/go-openapi/swag/netutils v0.25.4/go.mod h1:m2W8dtdaoX7oj9rEttLyTeEFFEBvnAx9qHd5nJEBzYg=
github.com/go-openapi/swag/stringutils v0.25.4 h1:O6dU1Rd8bej4HPA3/CLPciNBBDwZj9HiEpdVsb8B5A8=
github.com/go-openapi/swag/stringutils v0.25.4/go.mod h1:GTsRvhJW5xM5gkgiFe0fV3PUlFm0dr8vki6/VSRaZK0=
github.com/go-openapi/swag/typeutils v0.25.4 h1:1/fbZOUN472NTc39zpa+YGHn3jzHWhv42wAJSN91wRw=
github.com/go-openapi/swag/typeutils v0.25.4/go.mod h1:Ou7g//Wx8tTLS9vG0UmzfCsjZjKhpjxayRKTHXf2pTE=
github.com/go-openapi/swag/yamlutils v0.25.4 h1:6jdaeSItEUb7ioS9lFoCZ65Cne1/RZtPBZ9A56h92Sw=
github.com/go-openapi/swag/yamlutils v0.25.4/go.mod h1:MNzq1ulQu+yd8Kl7wPOut/YHAAU/H6hL91fF+E2RFwc=
github.com/go-openapi/testify/enable/yaml/v2 v2.0.2 h1:0+Y41Pz1NkbTHz8NngxTuAXxEodtNSI1WG1c/m5Akw4=
github.com/go-openapi/testify/enable/yaml/v2 v2.0.2/go.mod h1:kme83333GCtJQHXQ8UKX3IBZu6z8T5Dvy5+CW3NLUUg=
github.com/go-openapi/testify/v2 v2.0.2 h1:X999g3jeLcoY8qctY/c/Z8iBHTbwLz7R2WXd6Ub6wls=
github.com/go-openapi/testify/v2 v2.0.2/go.mod h1:HCPmvFFnheKK2BuwSA0TbbdxJ3I16pjwMkYkP4Ywn54=
github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
github.com/google/gnostic-models v0.7.1 h1:SisTfuFKJSKM5CPZkffwi6coztzzeYUhc3v4yxLWH8c= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
github.com/google/gnostic-models v0.7.1/go.mod h1:whL5G0m6dmc5cPxKc5bdKdEN3UjI7OUGxBlw57miDrQ= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
github.com/google/gnostic-models v0.6.9 h1:MU/8wDLif2qCXZmzncUQ/BOfxWfthHi63KqpoNbWqVw=
github.com/google/gnostic-models v0.6.9/go.mod h1:CiWsm0s6BSQd1hRn8/QmxqB6BesYcbSZxsz9b0KuDBw=
github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
github.com/google/go-tpm v0.9.7 h1:u89J4tUUeDTlH8xxC3CTW7OHZjbjKoHdQ9W7gCUhtxA= github.com/google/go-tpm v0.1.2-0.20190725015402-ae6dd98980d4/go.mod h1:H9HbmUG2YgV/PHITkO7p6wxEEj/v5nlsVWIwumwH2NI=
github.com/google/go-tpm v0.9.7/go.mod h1:h9jEsEECg7gtLis0upRBQU+GhYVH6jMjrFxI8u6bVUY= github.com/google/go-tpm v0.3.0/go.mod h1:iVLWvrPp/bHeEkxTFi9WG6K9w0iy2yIszHwZGHPbzAw=
github.com/google/go-tpm-tools v0.3.13-0.20230620182252-4639ecce2aba h1:qJEJcuLzH5KDR0gKc0zcktin6KSAwL7+jWKBYceddTc= github.com/google/go-tpm v0.3.3 h1:P/ZFNBZYXRxc+z7i5uyd8VP7MaDteuLZInzrH2idRGo=
github.com/google/go-tpm-tools v0.3.13-0.20230620182252-4639ecce2aba/go.mod h1:EFYHy8/1y2KfgTAsx7Luu7NGhoxtuVHnNo8jE7FikKc= github.com/google/go-tpm v0.3.3/go.mod h1:9Hyn3rgnzWF9XBWVk6ml6A6hNkbWjNFlDQL51BeghL4=
github.com/google/go-tpm-tools v0.0.0-20190906225433-1614c142f845/go.mod h1:AVfHadzbdzHo54inR2x1v640jdi1YSi3NauM2DUsxk0=
github.com/google/go-tpm-tools v0.2.0/go.mod h1:npUd03rQ60lxN7tzeBJreG38RvWwme2N1reF/eeiBk4=
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 h1:BHT72Gu3keYf3ZEu2J0b1vyeLSOYI8bm5wbJM/8yDe8= github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo=
github.com/google/pprof v0.0.0-20250403155104-27863c87afa6/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA= github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
github.com/lucasb-eyer/go-colorful v1.3.0 h1:2/yBRLdWBZKrf7gB40FoiKfAWYQ0lqNcbuQwVHXptag= github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY=
github.com/lucasb-eyer/go-colorful v1.3.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0= github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0=
github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
github.com/mattn/go-runewidth v0.0.19 h1:v++JhqYnZuu5jSKrk9RbgF5v4CGUjqRfBm05byFGLdw= github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc=
github.com/mattn/go-runewidth v0.0.19/go.mod h1:XBkDxAl56ILZc9knddidhrOlY5R/pDhgLpndooCuJAs= github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
github.com/miekg/pkcs11 v1.1.1 h1:Ugu9pdy6vAYku5DEpVWVFPYnzV+bxB+iRdbuFSu7TvU= github.com/miekg/pkcs11 v1.1.1 h1:Ugu9pdy6vAYku5DEpVWVFPYnzV+bxB+iRdbuFSu7TvU=
github.com/miekg/pkcs11 v1.1.1/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/miekg/pkcs11 v1.1.1/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee h1:W5t00kpgFdJifH4BDsTlE89Zl93FEloxaWZfGcifgq8=
github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
github.com/muesli/termenv v0.16.0 h1:S5AlUN9dENB57rsbnkPyfdGuWIlkmzJjbFf0Tf5FWUc= github.com/muesli/termenv v0.16.0 h1:S5AlUN9dENB57rsbnkPyfdGuWIlkmzJjbFf0Tf5FWUc=
github.com/muesli/termenv v0.16.0/go.mod h1:ZRfOIKPFDYQoDFF4Olj7/QJbW60Ol/kL1pU3VfY/Cnk= github.com/muesli/termenv v0.16.0/go.mod h1:ZRfOIKPFDYQoDFF4Olj7/QJbW60Ol/kL1pU3VfY/Cnk=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
github.com/onsi/ginkgo/v2 v2.27.2 h1:LzwLj0b89qtIy6SSASkzlNvX6WktqurSHwkk2ipF/Ns= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
github.com/onsi/ginkgo/v2 v2.27.2/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
github.com/onsi/gomega v1.38.2 h1:eZCjf2xjZAqe+LeWvKb5weQ+NcPwX84kqJ0cZNxok2A= github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM=
github.com/onsi/gomega v1.38.2/go.mod h1:W2MJcYxRGV63b418Ai34Ud0hEdTVXq9NW9+Sx6uXf3k= github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo=
github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4=
github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog=
github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc= github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk= github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU=
github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=
github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o=
github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6 h1:pnnLyeX7o/5aX8qUQ69P/mLojDqwda8hFOCBTmP/6hw= github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6 h1:pnnLyeX7o/5aX8qUQ69P/mLojDqwda8hFOCBTmP/6hw=
github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6/go.mod h1:39R/xuhNgVhi+K0/zst4TLrJrVmbm6LVgl4A0+ZFS5M= github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6/go.mod h1:39R/xuhNgVhi+K0/zst4TLrJrVmbm6LVgl4A0+ZFS5M=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no= github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no=
github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM= github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM=
go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
golang.org/x/exp v0.0.0-20251219203646-944ab1f22d93 h1:fQsdNF2N+/YewlRZiricy4P1iimyPKZ/xwniHj8Q2a0= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
golang.org/x/exp v0.0.0-20251219203646-944ab1f22d93/go.mod h1:EPRbTFwzwjXj9NpYyyrvenVh9Y+GFeEvMNh7Xuz7xgU= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/mod v0.31.0 h1:HaW9xtz0+kOcWKwli0ZXy79Ix+UW/vOfmWI5QVd2tgI= golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/mod v0.31.0/go.mod h1:43JraMp9cGx1Rx3AqioxrbrhNsLl2l/iNAvuBkrezpg= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw= golang.org/x/crypto v0.38.0 h1:jt+WWG8IZlBnVbomuhg2Mdq0+BBQaHbtqHEFEigjUV8=
golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= golang.org/x/crypto v0.38.0/go.mod h1:MvrbAqul58NNYPKnOra203SB9vpuZW0e+RRZV+Ggqjw=
golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= golang.org/x/exp v0.0.0-20250506013437-ce4c2cf36ca6 h1:y5zboxd6LQAqYIhHnB48p0ByQ/GnQx2BE33L8BOHQkI=
golang.org/x/exp v0.0.0-20250506013437-ce4c2cf36ca6/go.mod h1:U6Lno4MTRCDY+Ba7aCcauB9T60gsv5s4ralQzP72ZoQ=
golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.40.0 h1:79Xs7wF06Gbdcg4kdCCIQArK11Z1hr5POQ6+fIYHNuY=
golang.org/x/net v0.40.0/go.mod h1:y0hY0exeL2Pku80/zKK7tpntoX23cqL3Oa6njdgRtds=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.27.0 h1:da9Vo7/tDv5RH/7nZDz1eMGS/q1Vv1N/7FCrBhI9I3M=
golang.org/x/oauth2 v0.27.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210629170331-7dc0b73dc9fb/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk= golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
golang.org/x/term v0.38.0 h1:PQ5pkm/rLO6HnxFR7N2lJHOZX6Kez5Y1gDSJla6jo7Q= golang.org/x/term v0.32.0 h1:DR4lr0TjUs3epypdhTOkMmuF5CDFJ/8pOnbzMZPQ7bg=
golang.org/x/term v0.38.0/go.mod h1:bSEAKrOT1W+VSu9TSCMtoGEOUcKxOKgl3LE5QEF/xVg= golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ=
golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI= golang.org/x/text v0.25.0 h1:qVyWApTSYLk/drJRO5mDlNYskwQznZmkpV2c8q9zls4=
golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4= golang.org/x/text v0.25.0/go.mod h1:WEdwpYrmk1qmdHvhkSTNPm3app7v4rsT8F2UD6+VHIA=
golang.org/x/tools v0.40.0 h1:yLkxfA+Qnul4cs9QA3KnlFu0lVmd8JJfoq+E41uSutA= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/tools v0.40.0/go.mod h1:Ik/tzLRlbscWpqqMRjyWYDisX8bG13FrdXp3o4Sr9lc= golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY=
google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE= golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.33.0 h1:4qz2S3zmRxbGIhDIAgjxvFutSvH5EfnsYrRBj0UI0bc=
golang.org/x/tools v0.33.0/go.mod h1:CIJMaWEY88juyUfo7UbgPqbC8rU2OqfAV1h2Qp0oMYI=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM=
google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
gopkg.in/evanphx/json-patch.v4 v4.13.0 h1:czT3CmqEaQ1aanPc5SdlgQrrEIb8w/wwCvWWnfEbYzo= gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4=
gopkg.in/evanphx/json-patch.v4 v4.13.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M=
gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
k8s.io/api v0.35.0 h1:iBAU5LTyBI9vw3L5glmat1njFK34srdLmktWwLTprlY= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
k8s.io/api v0.35.0/go.mod h1:AQ0SNTzm4ZAczM03QH42c7l3bih1TbAXYo0DkF8ktnA= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
k8s.io/apimachinery v0.35.0 h1:Z2L3IHvPVv/MJ7xRxHEtk6GoJElaAqDCCU0S6ncYok8= k8s.io/api v0.33.0 h1:yTgZVn1XEe6opVpP1FylmNrIFWuDqe2H0V8CT5gxfIU=
k8s.io/apimachinery v0.35.0/go.mod h1:jQCgFZFR1F4Ik7hvr2g84RTJSZegBc8yHgFWKn//hns= k8s.io/api v0.33.0/go.mod h1:CTO61ECK/KU7haa3qq8sarQ0biLq2ju405IZAd9zsiM=
k8s.io/client-go v0.35.0 h1:IAW0ifFbfQQwQmga0UdoH0yvdqrbwMdq9vIFEhRpxBE= k8s.io/apimachinery v0.33.0 h1:1a6kHrJxb2hs4t8EE5wuR/WxKDwGN1FKH3JvDtA0CIQ=
k8s.io/client-go v0.35.0/go.mod h1:q2E5AAyqcbeLGPdoRB+Nxe3KYTfPce1Dnu1myQdqz9o= k8s.io/apimachinery v0.33.0/go.mod h1:BHW0YOu7n22fFv/JkYOEfkUYNRN0fj0BlvMFWA7b+SM=
k8s.io/client-go v0.33.0 h1:UASR0sAYVUzs2kYuKn/ZakZlcs2bEHaizrrHUZg0G98=
k8s.io/client-go v0.33.0/go.mod h1:kGkd+l/gNGg8GYWAPr0xF1rRKvVWvzh9vmZAMXtaKOg=
k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
k8s.io/kube-openapi v0.0.0-20251125145642-4e65d59e963e h1:iW9ChlU0cU16w8MpVYjXk12dqQ4BPFBEgif+ap7/hqQ= k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff h1:/usPimJzUKKu+m+TE36gUyGcf03XZEP0ZIKgKj35LS4=
k8s.io/kube-openapi v0.0.0-20251125145642-4e65d59e963e/go.mod h1:kdmbQkyfwUagLfXIad1y2TdrjPFWp2Q89B3qkRwf/pQ= k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff/go.mod h1:5jIi+8yX4RIb8wk3XwBo5Pq2ccx4FP10ohkbSKCZoK8=
k8s.io/utils v0.0.0-20251222233032-718f0e51e6d2 h1:OfgiEo21hGiwx1oJUU5MpEaeOEg6coWndBkZF/lkFuE= k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6JSWYFzOFnYeS6Ro=
k8s.io/utils v0.0.0-20251222233032-718f0e51e6d2/go.mod h1:xDxuJ0whA3d0I4mf/C4ppKHxXynQ+fxnkmQH0vTHnuk= k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8=
sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo=
sigs.k8s.io/randfill v0.0.0-20250304075658-069ef1bbf016/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY=
sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU=
sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY=
sigs.k8s.io/structured-merge-diff/v6 v6.3.1 h1:JrhdFMqOd/+3ByqlP2I45kTOZmTRLBUm5pvRjeheg7E= sigs.k8s.io/structured-merge-diff/v4 v4.6.0 h1:IUA9nvMmnKWcj5jl84xn+T5MnlZKThmUW1TdblaLVAc=
sigs.k8s.io/structured-merge-diff/v6 v6.3.1/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= sigs.k8s.io/structured-merge-diff/v4 v4.6.0/go.mod h1:dDy58f92j70zLsuZVuUX5Wp9vtxXpaZnkPGWeqDfCps=
sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=

56
main.go
View File

@@ -1,14 +1,14 @@
package main package main
import ( import (
"os" "encoding/base64"
"time"
helper "gitea.siteworxpro.com/Siteworxpro/aws-iam-anywhere-refresher/aws_signing_helper" helper "gitea.siteworxpro.com/Siteworxpro/aws-iam-anywhere-refresher/aws_signing_helper"
"gitea.siteworxpro.com/Siteworxpro/aws-iam-anywhere-refresher/cmd" "gitea.siteworxpro.com/Siteworxpro/aws-iam-anywhere-refresher/cmd"
appConfig "gitea.siteworxpro.com/Siteworxpro/aws-iam-anywhere-refresher/config" appConfig "gitea.siteworxpro.com/Siteworxpro/aws-iam-anywhere-refresher/config"
"gitea.siteworxpro.com/Siteworxpro/aws-iam-anywhere-refresher/kube_client" "gitea.siteworxpro.com/Siteworxpro/aws-iam-anywhere-refresher/kube_client"
"github.com/charmbracelet/log" "github.com/charmbracelet/log"
"os"
"time"
) )
func main() { func main() {
@@ -18,25 +18,39 @@ func main() {
ReportTimestamp: true, ReportTimestamp: true,
TimeFormat: time.RFC3339, TimeFormat: time.RFC3339,
}) })
l.Info("Starting credentials refresh") l.Info("Starting credentials refresh")
client, err := kube_client.NewKubeClient()
if err != nil {
l.Error("Failed to create kubernetes client", "error", err)
os.Exit(1)
}
c := appConfig.NewConfig() c := appConfig.NewConfig()
err := c.Valid() privateKey, err := base64.StdEncoding.DecodeString(c.PrivateKey())
if err != nil { if err != nil {
l.Error("Invalid configuration", "error", err) l.Error("Failed to decode private key", "error", err)
os.Exit(1)
}
certificate, err := base64.StdEncoding.DecodeString(c.Certificate())
if err != nil {
l.Error("Failed to decode certificate", "error", err)
os.Exit(1) os.Exit(1)
} }
credentials, err := cmd.Run(&helper.CredentialsOpts{ credentials, err := cmd.Run(&helper.CredentialsOpts{
PrivateKeyId: c.PrivateKey(), PrivateKeyId: string(privateKey),
CertificateId: c.Certificate(), CertificateId: string(certificate),
CertificateBundleId: c.BundleId(), CertIdentifier: helper.CertIdentifier{
RoleArn: c.RoleArn(), SystemStoreName: "MY",
ProfileArnStr: c.ProfileArn(), },
TrustAnchorArnStr: c.TrustedAnchor(), RoleArn: c.RoleArn(),
SessionDuration: int(c.SessionDuration()), ProfileArnStr: c.ProfileArn(),
TrustAnchorArnStr: c.TrustedAnchor(),
SessionDuration: int(c.SessionDuration()),
}) })
if err != nil { if err != nil {
@@ -47,22 +61,6 @@ func main() {
l.Info("Credentials refreshed") l.Info("Credentials refreshed")
if c.FetchOnly() {
l.Info("Fetch only mode, skipping secret update")
l.Info("AccessKeyId", "access-key-id", credentials.AccessKeyId)
l.Info("SecretAccessKey", "secret-access-key", credentials.SecretAccessKey)
l.Info("SessionToken", "session-token", credentials.SessionToken)
os.Exit(0)
}
client, err := kube_client.NewKubeClient()
if err != nil {
l.Error("Failed to create kubernetes client", "error", err)
os.Exit(1)
}
_, err = client.GetSecret(c.Namespace(), c.Secret()) _, err = client.GetSecret(c.Namespace(), c.Secret())
if err != nil { if err != nil {
l.Error("Failed to get secret", "error", err) l.Error("Failed to get secret", "error", err)