diff --git a/.eslintrc.js b/.eslintrc.js index 4d4058440..7be5726b2 100644 --- a/.eslintrc.js +++ b/.eslintrc.js @@ -54,12 +54,12 @@ module.exports = { ecmaVersion: 12, sourceType: 'module', project: [ - 'js/sdks/packages/vue-sdk/tsconfig.json', - 'js/sdks/tsconfig.json', + 'lunadefend/js/sdks/packages/vue-sdk/tsconfig.json', + 'lunadefend/js/sdks/tsconfig.json', 'lunadefend/js/demo-apps/packages/demo-back-end/tsconfig.json', 'lunadefend/js/demo-apps/packages/react-front-end/tsconfig.json', - 'js/internal-infrastructure/metrics-server-backend/tsconfig.json', - 'js/internal-infrastructure/s3-redirect-generator/tsconfig.json', + 'lunadefend/js/internal-infrastructure/metrics-server-backend/tsconfig.json', + 'lunadefend/js/internal-infrastructure/s3-redirect-generator/tsconfig.json', 'lunatrace/bsl/common/tsconfig.json', 'lunatrace/bsl/frontend/tsconfig.json', 'lunatrace/bsl/backend-cdk/tsconfig.json', diff --git a/.gitattributes b/.gitattributes index 4ef3eab87..be8e999e2 100644 --- a/.gitattributes +++ b/.gitattributes @@ -2,7 +2,7 @@ docs/** linguist-documentation .yarn/** linguist-vendored # Inventory of Generated Files. Some may be ignored. -js/sdks/packages/tokenizer-sdk/src/generated/** linguist-generated merge=ours +lunadefend/js/sdks/packages/tokenizer-sdk/src/generated/** linguist-generated merge=ours lunatrace/schema.graphql linguist-generated merge=ours lunatrace/bsl/backend/src/github/api/generated.ts linguist-generated merge=ours lunatrace/bsl/backend/src/graphql-yoga/generated-resolver-types.ts linguist-generated merge=ours diff --git a/.github/workflows/go.yaml b/.github/workflows/check-go-build.yaml similarity index 97% rename from .github/workflows/go.yaml rename to .github/workflows/check-go-build.yaml index 36aae96b4..3084b3df3 100644 --- a/.github/workflows/go.yaml +++ b/.github/workflows/check-go-build.yaml @@ -1,4 +1,4 @@ -name: Go +name: Check Go Build # This workflow posts hasura changes as a comment. on: diff --git a/.github/workflows/check-deps.yaml b/.github/workflows/check-yarn-dependencies.yaml similarity index 97% rename from .github/workflows/check-deps.yaml rename to .github/workflows/check-yarn-dependencies.yaml index a56b5fde3..05e27c230 100644 --- a/.github/workflows/check-deps.yaml +++ b/.github/workflows/check-yarn-dependencies.yaml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # -name: Check Dependencies +name: Check Yarn Dependencies # This workflow checks to make sure that all dependency binaries are valid, to prevent a sneaky commit doing something malicious on: diff --git a/.github/workflows/documentation.yaml b/.github/workflows/documentation-release.yaml similarity index 96% rename from .github/workflows/documentation.yaml rename to .github/workflows/documentation-release.yaml index 323909ce6..58038ff3f 100644 --- a/.github/workflows/documentation.yaml +++ b/.github/workflows/documentation-release.yaml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # -name: documentation +name: Documentation Build and Release on: push: @@ -56,7 +56,7 @@ jobs: yarn compile:dev:infrastructure - name: Build Repo - working-directory: js/sdks + working-directory: lunadefend/js/sdks run: yarn compile:release # - name: Set env.BRANCH # run: echo "BRANCH=$(echo $GITHUB_REF | cut -d'/' -f 3 | cut -d'-' -f 2)" >> $GITHUB_ENV diff --git a/.github/workflows/integration.yaml b/.github/workflows/lunadefend/integration.yaml similarity index 98% rename from .github/workflows/integration.yaml rename to .github/workflows/lunadefend/integration.yaml index a607467b5..79789b37f 100644 --- a/.github/workflows/integration.yaml +++ b/.github/workflows/lunadefend/integration.yaml @@ -21,12 +21,14 @@ on: pull_request: branches: ['**', '**'] paths: - - .disabled + #- '.github/**' + - 'lunadefend/**' push: branches: [master] paths: - - .disabled + #- '.github/**' + - 'lunadefend/**' # Allows you to run this workflow manually from the Actions tab workflow_dispatch: diff --git a/.github/workflows/lint-code.yaml b/.github/workflows/lunadefend/lint-code.yaml similarity index 100% rename from .github/workflows/lint-code.yaml rename to .github/workflows/lunadefend/lint-code.yaml diff --git a/.github/workflows/release.yml b/.github/workflows/lunadefend/release.yml similarity index 99% rename from .github/workflows/release.yml rename to .github/workflows/lunadefend/release.yml index 56f328906..db3873460 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/lunadefend/release.yml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # -name: LunaSec Release +name: LunaDefend Release on: workflow_dispatch: diff --git a/.github/workflows/guides.yaml b/.github/workflows/lunatrace/guides-release.yaml similarity index 98% rename from .github/workflows/guides.yaml rename to .github/workflows/lunatrace/guides-release.yaml index 8c0802690..157d14a18 100644 --- a/.github/workflows/guides.yaml +++ b/.github/workflows/lunatrace/guides-release.yaml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # -name: guides +name: LunaTrace Guides Release on: push: diff --git a/.github/workflows/lunatrace-hasura-semantic-diff.yaml b/.github/workflows/lunatrace/hasura-semantic-diff.yaml similarity index 100% rename from .github/workflows/lunatrace-hasura-semantic-diff.yaml rename to .github/workflows/lunatrace/hasura-semantic-diff.yaml diff --git a/.github/workflows/lunatrace.yaml b/.github/workflows/lunatrace/integration.yaml similarity index 98% rename from .github/workflows/lunatrace.yaml rename to .github/workflows/lunatrace/integration.yaml index 09899ca9a..027813556 100644 --- a/.github/workflows/lunatrace.yaml +++ b/.github/workflows/lunatrace/integration.yaml @@ -1,4 +1,4 @@ -name: LunaTrace +name: LunaTrace Integration Test # This workflow posts hasura changes as a comment. on: diff --git a/.idea/lunasec-monorepo.iml b/.idea/lunasec-monorepo.iml index 80fb00d1f..0c6a41fac 100644 --- a/.idea/lunasec-monorepo.iml +++ b/.idea/lunasec-monorepo.iml @@ -14,8 +14,8 @@ - + @@ -43,20 +43,8 @@ - - - - - - - - - - - - @@ -66,6 +54,20 @@ + + + + + + + + + + + + + + diff --git a/CODEOWNERS b/CODEOWNERS index dc141cbd3..5fa2c0c6c 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -8,10 +8,9 @@ lunatrace/bsl/logger @factoidforrest .github/ @factoidforrest @freeqaz # Chris -lunatrace/bsl/backend-cdk - -# Gabe -docs/ @G00b +lunatrace/bsl/backend-cdk @breadchris +lunatrace/cli @breadchris +docs/blog @breadchris # CODEOWNERS DOCUMENTATION AND EXAMPLES BELOW --------------------------------------------------------------------- diff --git a/docs/blog/2021-11-02-our-ci-setup.md b/docs/blog/2021-11-02-our-ci-setup.md index 9d305d8e8..ab3ada5ca 100644 --- a/docs/blog/2021-11-02-our-ci-setup.md +++ b/docs/blog/2021-11-02-our-ci-setup.md @@ -66,10 +66,10 @@ We looked around at other big projects like ours and saw that some of them use m That's okay, but we wanted more programmatic control over Docker Compose, so we wrote a script that generates the YAML file. We (okay, it was my very smart coworker) even generated -[typescript types](https://github.com/lunasec-io/lunasec/blob/master/js/sdks/packages/cli/src/docker-compose/docker-compose-types.ts) +[typescript types](https://github.com/lunasec-io/lunasec/blob/master/lunadefend/js/sdks/packages/cli/src/docker-compose/docker-compose-types.ts) for the YAML file from the official JSON Schema definition. -[Here's the code](https://github.com/lunasec-io/lunasec/blob/master/js/sdks/packages/cli/src/docker-compose/lunasec-stack.ts) +[Here's the code](https://github.com/lunasec-io/lunasec/blob/master/lunadefend/js/sdks/packages/cli/src/docker-compose/lunasec-stack.ts) that handles generating the `docker-compose.yaml`. As you can see, it's pretty darn clean, with each container represented as a function that returns a config object. I work with some smart folks. Hopefully someday Docker Compose (or something similar) is going to expose a JS SDK we can call to set up the cluster programmatically, diff --git a/docs/docusaurus.config.js b/docs/docusaurus.config.js index f327c488c..107e3bdad 100644 --- a/docs/docusaurus.config.js +++ b/docs/docusaurus.config.js @@ -72,9 +72,9 @@ module.exports = { 'docusaurus-plugin-typedoc', { id: 'typedoc-react-sdk', - entryPoints: ['../js/sdks/packages/react-sdk/src/types/component-types.ts'], + entryPoints: ['../lunadefend/js/sdks/packages/react-sdk/src/types/component-types.ts'], defaultCategory:'Component', - tsconfig: '../js/sdks/packages/react-sdk/tsconfig.json', + tsconfig: '../lunadefend/js/sdks/packages/react-sdk/tsconfig.json', watch: process.env.TYPEDOC_WATCH, // Without this, our URL becomes `lunasec.io/docs/docs`. I prefer `lunasec.io/docs/pages`. docsRoot: 'pages', @@ -91,8 +91,8 @@ module.exports = { 'docusaurus-plugin-typedoc', { id: 'typedoc-node-sdk', - entryPoints: ['../js/sdks/packages/node-sdk/src/index.ts'], - tsconfig: '../js/sdks/packages/node-sdk/tsconfig.json', + entryPoints: ['../lunadefend/js/sdks/packages/node-sdk/src/index.ts'], + tsconfig: '../lunadefend/js/sdks/packages/node-sdk/tsconfig.json', watch: process.env.TYPEDOC_WATCH, // Without this, our URL becomes `lunasec.io/docs/docs`. I prefer `lunasec.io/docs/pages`. docsRoot: 'pages', @@ -109,8 +109,8 @@ module.exports = { 'docusaurus-plugin-typedoc', { id: 'typedoc-tokenizer', - entryPoints: ['../js/sdks/packages/tokenizer-sdk/src/index.ts'], - tsconfig: '../js/sdks/packages/tokenizer-sdk/tsconfig.json', + entryPoints: ['../lunadefend/js/sdks/packages/tokenizer-sdk/src/index.ts'], + tsconfig: '../lunadefend/js/sdks/packages/tokenizer-sdk/tsconfig.json', watch: process.env.TYPEDOC_WATCH, // Without this, our URL becomes `lunasec.io/docs/docs`. I prefer `lunasec.io/docs/pages`. docsRoot: 'pages', @@ -128,8 +128,8 @@ module.exports = { 'docusaurus-plugin-typedoc', { id: 'typedoc-cli', - entryPoints: ['../js/sdks/packages/cli/src/config/types.ts'], - tsconfig: '../js/sdks/packages/cli/tsconfig.json', + entryPoints: ['../lunadefend/js/sdks/packages/cli/src/config/types.ts'], + tsconfig: '../lunadefend/js/sdks/packages/cli/tsconfig.json', watch: process.env.TYPEDOC_WATCH, // Without this, our URL becomes `lunasec.io/docs/docs`. I prefer `lunasec.io/docs/pages`. docsRoot: 'pages', @@ -173,15 +173,15 @@ module.exports = { items: [ { type: 'doc', - docId: 'lunadefend/overview/introduction', + docId: 'lunatrace/overview/introduction', position: 'left', - label: 'LunaDefend' + label: 'LunaTrace' }, - { + { type: 'doc', - docId: 'lunatrace/overview/introduction', + docId: 'lunadefend/overview/introduction', position: 'left', - label: 'LunaTrace' + label: 'LunaDefend' }, { to: '/docs/blog', diff --git a/docs/package.json b/docs/package.json index 64df5a3bd..572d2f2bb 100644 --- a/docs/package.json +++ b/docs/package.json @@ -15,7 +15,7 @@ "clear": "docusaurus clear", "write-translations": "docusaurus write-translations", "write-heading-ids": "docusaurus write-heading-ids", - "openapi:generate": "redoc-cli bundle ../api-spec/schema/full-tokenizer.yaml --output static/tokenizer-api-spec-static/index.html" + "openapi:generate": "redoc-cli bundle ../lunadefend/api-spec/schema/full-tokenizer.yaml --output static/tokenizer-api-spec-static/index.html" }, "dependencies": { "@docusaurus/core": "2.0.0-beta.9", diff --git a/docs/pages/lunadefend/cli/deploy.md b/docs/pages/lunadefend/cli/deploy.md index de1d4d3be..4891b92b8 100644 --- a/docs/pages/lunadefend/cli/deploy.md +++ b/docs/pages/lunadefend/cli/deploy.md @@ -23,7 +23,7 @@ sidebar_position: 3 LunaDefend can be deployed to AWS using the LunaDefend CLI, available in the `@lunasec/cli` npm package. More information on installing and using the CLI can be found in the [Getting Started Guide](/pages/lunadefend/getting-started/dedicated-tokenizer/introduction) -The deploy command configures a deployment by reading the closest `lunasec.js` file to the current directory. The CLI tool will +The deploy command configures a deployment by reading the closest `lunadefend.js` file to the current directory. The CLI tool will recursively search in parent directories for this file until it gets to the root of the file system. For a standard deployment of LunaDefend, you will only need to specify: diff --git a/docs/pages/lunadefend/deployment/analytics.md b/docs/pages/lunadefend/deployment/analytics.md index 9eed63ab2..7187e3dd6 100644 --- a/docs/pages/lunadefend/deployment/analytics.md +++ b/docs/pages/lunadefend/deployment/analytics.md @@ -48,7 +48,7 @@ module.exports = { } } ``` -in your `lunasec.json` config before LunaDefend is deployed. Setting this flag will disable deploying the Lambda that collects metrics every +in your `lunadefend.js` config before LunaDefend is deployed. Setting this flag will disable deploying the Lambda that collects metrics every 24 hours. Regardless, thank you for using LunaDefend and helping to improve the security of software across the world. We really diff --git a/docs/pages/lunadefend/deployment/deploy.md b/docs/pages/lunadefend/deployment/deploy.md index a0451a3f1..22c177796 100644 --- a/docs/pages/lunadefend/deployment/deploy.md +++ b/docs/pages/lunadefend/deployment/deploy.md @@ -29,7 +29,7 @@ In order to deploy LunaDefend into your infrastructure, you are going to need tw The CLI can be installed via NPM, as described in the [getting started guide](/pages/lunadefend/getting-started/dedicated-tokenizer/introduction/#cli). -The LunaDefend CLI tool needs a configuration file which reflects your infrastructure. To do this, create the file (or add to your existing) `lunasec.js` +The LunaDefend CLI tool needs a configuration file which reflects your infrastructure. To do this, create the file (or add to your existing) `lunadefend.js` and put this as its contents: ```js module.exports = { diff --git a/docs/pages/lunadefend/getting-started/dedicated-tokenizer/introduction.md b/docs/pages/lunadefend/getting-started/dedicated-tokenizer/introduction.md index d6862c2fa..162393b87 100644 --- a/docs/pages/lunadefend/getting-started/dedicated-tokenizer/introduction.md +++ b/docs/pages/lunadefend/getting-started/dedicated-tokenizer/introduction.md @@ -54,7 +54,7 @@ lunasec --version ``` and we should see that the CLI is installed. -The LunaDefend CLI needs to be configured to know where your application's front and back end are. To do this, in the root of your repository create the file `lunasec.js` with the contents: +The LunaDefend CLI needs to be configured to know where your application's front and back end are. To do this, in the root of your repository create the file `lunadefend.js` with the contents: ```js module.exports = { development: { diff --git a/docs/pages/lunadefend/how-it-works/grants.md b/docs/pages/lunadefend/how-it-works/grants.md index b0cd322c1..d5281dc75 100644 --- a/docs/pages/lunadefend/how-it-works/grants.md +++ b/docs/pages/lunadefend/how-it-works/grants.md @@ -36,7 +36,7 @@ applications that might need to detokenize a token more than 15 minutes after it [can be customized](/pages/lunadefend/node-sdk/classes/Grants/) during creation if you find that you need a longer duration, up to your configured maximum. -The default duration and maximum duration can be configured in your `lunasec.js` [config file](/pages/lunadefend/cli-config/interfaces/DeploymentConfigOptions/), +The default duration and maximum duration can be configured in your `lunadefend.js` [config file](/pages/lunadefend/cli-config/interfaces/DeploymentConfigOptions/), in the grants options. ### Alternatives diff --git a/docs/pages/lunadefend/overview/demo-app/code-walkthrough.md b/docs/pages/lunadefend/overview/demo-app/code-walkthrough.md index da5bec35b..aa70ded5d 100644 --- a/docs/pages/lunadefend/overview/demo-app/code-walkthrough.md +++ b/docs/pages/lunadefend/overview/demo-app/code-walkthrough.md @@ -24,11 +24,11 @@ is just normal application code, like in any other web app. Only a small part i ### Folder Structure The Demo is separated into two applications, the front-end and back-end in -[the demo apps folder](https://github.com/lunasec-io/lunasec-monorepo/tree/master/lunadefend/js/demo-apps/packages). +[the demo apps folder](https://github.com/lunasec-io/lunasec/tree/master/lunadefend/js/demo-apps/packages). The apps are really multiple apps, one for each of the different modes. We wanted to reuse as much code as possible, which lives in the `common` folders of each app. Only code that needs to be different for each demo is broken into -folders like [/src/dedicated-tokenizer/passport-express](https://github.com/lunasec-io/lunasec-monorepo/tree/demo-app-refactor/js/demo-apps/packages/demo-back-end/src/dedicated-tokenizer/passport-express). +folders like [/src/dedicated-tokenizer/passport-express](https://github.com/lunasec-io/lunasec/tree/master/lunadefend/js/demo-apps/packages/demo-back-end/src/dedicated-tokenizer/passport-express). That's a bit confusing but this needs to be maintainable, and we also wanted use it for integration testing. #### Front-end @@ -37,34 +37,34 @@ All frontend features work the same regardless of whether express, graphql, or s The only difference is how the tokens (and other data) are fetched (which happens inside the `store` file). You can see the Secure Components being used -[here](https://github.com/lunasec-io/lunasec-monorepo/tree/demo-app-refactor/js/demo-apps/packages/react-front-end/src/common/components/secure-components). +[here](https://github.com/lunasec-io/lunasec/tree/master/lunadefend/js/demo-apps/packages/react-front-end/src/common/components/secure-components). To see the LunaDefend Provider wrapping the components, look -[here](https://github.com/lunasec-io/lunasec-monorepo/blob/de384d69d4c78e6b39505561c6c25b6a34a34e23/js/demo-apps/packages/react-front-end/src/common/App.tsx#L37). +[here](https://github.com/lunasec-io/lunasec/tree/master/lunadefend/js/demo-apps/packages/react-front-end/src/common/App.tsx#L37). Note the use of the `SecureInput` element -[natively with MaterialUi](https://github.com/lunasec-io/lunasec-monorepo/blob/de384d69d4c78e6b39505561c6c25b6a34a34e23/js/demo-apps/packages/react-front-end/src/common/components/secure-components/SecureInputDemo.tsx#L118). +[natively with MaterialUi](https://github.com/lunasec-io/lunasec/tree/master/lunadefend/js/demo-apps/packages/react-front-end/src/common/components/secure-components/SecureInputDemo.tsx#L118). ![demo screenshot tokenization](/img/demo-app-tokenization.png) The `simple` tokenizer has a different developer experience because it doesn't use Secure Frames. Getting and storing tokens is done with JavaScript methods, -[like this](https://github.com/lunasec-io/lunasec-monorepo/blob/de384d69d4c78e6b39505561c6c25b6a34a34e23/js/demo-apps/packages/react-front-end/src/simple-tokenizer/components/secure-components/TokenizeDemo.tsx#L23). +[like this](https://github.com/lunasec-io/lunasec/tree/master/lunadefend/js/demo-apps/packages/react-front-end/src/simple-tokenizer/components/secure-components/TokenizeDemo.tsx#L23). It shares no code with the other demos. ![simple screenshot](/img/demo-app-simple.png) #### Back-end The Backend launches each mode as a separate Express server running in parallel on different ports, starting from 3001. -You can see that happening in the [server's entrypoint](https://github.com/lunasec-io/lunasec-monorepo/blob/demo-app-refactor/js/demo-apps/packages/demo-back-end/src/main.ts). +You can see that happening in the [server's entrypoint](https://github.com/lunasec-io/lunasec/blob/demo-app-refactor/js/demo-apps/packages/demo-back-end/src/main.ts). From there you can trace through and see how the different apps are configured. For an example of LunaDefend's [Node SDK](../../node-sdk/index.md) being configured, -[look here](https://github.com/lunasec-io/lunasec-monorepo/blob/de384d69d4c78e6b39505561c6c25b6a34a34e23/js/demo-apps/packages/demo-back-end/src/dedicated-tokenizer/passport-express/config/configure-lunasec.ts). +[look here](https://github.com/lunasec-io/lunasec/tree/master/lunadefend/js/demo-apps/packages/demo-back-end/src/dedicated-tokenizer/passport-express/config/configure-lunasec.ts). To see an Express Route properly creating and checking grants, -[look here](https://github.com/lunasec-io/lunasec-monorepo/blob/de384d69d4c78e6b39505561c6c25b6a34a34e23/js/demo-apps/packages/demo-back-end/src/dedicated-tokenizer/passport-express/routes/user-router.ts#L17). +[look here](https://github.com/lunasec-io/lunasec/tree/master/lunadefend/js/demo-apps/packages/demo-back-end/src/dedicated-tokenizer/passport-express/routes/user-router.ts#L17). :::warning Production Readiness and Library Choices This demo is made to simulate a production application, not be one. Please use concepts or snippets from it in your code, but we do not diff --git a/go.mod b/go.mod index 7a5788051..c4108088b 100644 --- a/go.mod +++ b/go.mod @@ -25,8 +25,6 @@ require ( github.com/google/go-containerregistry v0.8.1-0.20220209165246-a44adc326839 github.com/google/licensecheck v0.3.1 github.com/google/uuid v1.3.0 - github.com/jpillora/backoff v1.0.0 - github.com/likexian/whois-parser v1.22.0 github.com/lor00x/goldap v0.0.0-20180618054307-a546dffdd1a3 github.com/pkg/errors v0.9.1 github.com/prashantv/gostub v1.1.0 @@ -35,7 +33,6 @@ require ( github.com/rs/zerolog v1.26.1 github.com/spf13/viper v1.11.0 github.com/stretchr/testify v1.7.1 - github.com/undiabler/golang-whois v0.0.0-20200529150455-5fb8fbf53359 github.com/urfave/cli/v2 v2.6.0 go.uber.org/config v1.4.0 go.uber.org/fx v1.17.1 @@ -181,7 +178,6 @@ require ( github.com/knqyf263/go-deb-version v0.0.0-20190517075300-09fca494f03d // indirect github.com/leodido/go-urn v1.2.1 // indirect github.com/letsencrypt/boulder v0.0.0-20220331220046-b23ab962616e // indirect - github.com/likexian/gokit v0.25.6 // indirect github.com/magiconair/properties v1.8.6 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/mattn/go-colorable v0.1.12 // indirect diff --git a/go.sum b/go.sum index 669a3e823..5b8f191cc 100644 --- a/go.sum +++ b/go.sum @@ -74,7 +74,6 @@ cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjp cloud.google.com/go/pubsub v1.5.0/go.mod h1:ZEwJccE3z93Z2HWvstpri00jOg7oO4UZDtKhwDwqF0w= cloud.google.com/go/pubsub v1.17.1/go.mod h1:4qDxMr1WsM9+aQAz36ltDwCIM+R0QdlseyFjBuNvnss= cloud.google.com/go/secretmanager v1.0.0/go.mod h1:+Qkm5qxIJ5mk74xxIXA+87fseaY1JLYBcFPQoc/GQxg= -cloud.google.com/go/security v1.1.1/go.mod h1:QZd0wTwNJNKnl0H4/wAFD10TSX8kI4nk8V6ie6fyc9w= cloud.google.com/go/spanner v1.7.0/go.mod h1:sd3K2gZ9Fd0vMPLXzeCrF6fq4i63Q7aTLW/lBIfBkIk= cloud.google.com/go/spanner v1.17.0/go.mod h1:+17t2ixFwRG4lWRwE+5kipDR9Ef07Jkmc8z0IbMDKUs= cloud.google.com/go/spanner v1.18.0/go.mod h1:LvAjUXPeJRGNuGpikMULjhLj/t9cRvdc+fxRoLiugXA= @@ -94,21 +93,15 @@ code.gitea.io/sdk/gitea v0.11.3/go.mod h1:z3uwDV/b9Ls47NGukYM9XhnHtqPh/J+t40lsUr contrib.go.opencensus.io/exporter/aws v0.0.0-20181029163544-2befc13012d0/go.mod h1:uu1P0UCM/6RbsMrgPa98ll8ZcHM858i/AD06a9aLRCA= contrib.go.opencensus.io/exporter/aws v0.0.0-20200617204711-c478e41e60e9/go.mod h1:uu1P0UCM/6RbsMrgPa98ll8ZcHM858i/AD06a9aLRCA= contrib.go.opencensus.io/exporter/ocagent v0.5.0/go.mod h1:ImxhfLRpxoYiSq891pBrLVhN+qmP8BTVvdH2YLs7Gl0= -contrib.go.opencensus.io/exporter/ocagent v0.7.1-0.20200907061046-05415f1de66d/go.mod h1:IshRmMJBhDfFj5Y67nVhMYTTIze91RUeT73ipWKs/GY= -contrib.go.opencensus.io/exporter/prometheus v0.4.0/go.mod h1:o7cosnyfuPVK0tB8q0QmaQNhGnptITnPQB+z1+qeFB0= contrib.go.opencensus.io/exporter/stackdriver v0.12.1/go.mod h1:iwB6wGarfphGGe/e5CWqyUk/cLzKnWsOKPVW3no6OTw= contrib.go.opencensus.io/exporter/stackdriver v0.13.4/go.mod h1:aXENhDJ1Y4lIg4EUaVTwzvYETVNZk10Pu26tevFKLUc= contrib.go.opencensus.io/exporter/stackdriver v0.13.5/go.mod h1:aXENhDJ1Y4lIg4EUaVTwzvYETVNZk10Pu26tevFKLUc= contrib.go.opencensus.io/exporter/stackdriver v0.13.8/go.mod h1:huNtlWx75MwO7qMs0KrMxPZXzNNWebav1Sq/pm02JdQ= contrib.go.opencensus.io/exporter/stackdriver v0.13.10/go.mod h1:I5htMbyta491eUxufwwZPQdcKvvgzMB4O9ni41YnIM8= -contrib.go.opencensus.io/exporter/zipkin v0.1.2/go.mod h1:mP5xM3rrgOjpn79MM8fZbj3gsxcuytSqtH0dxSWW1RE= contrib.go.opencensus.io/integrations/ocsql v0.1.4/go.mod h1:8DsSdjz3F+APR+0z0WkU1aRorQCFfRxvqjUUPMbF3fE= contrib.go.opencensus.io/integrations/ocsql v0.1.7/go.mod h1:8DsSdjz3F+APR+0z0WkU1aRorQCFfRxvqjUUPMbF3fE= contrib.go.opencensus.io/resource v0.1.1/go.mod h1:F361eGI91LCmW1I/Saf+rX0+OFcigGlFvXwEGEnkRLA= -cuelang.org/go v0.4.2/go.mod h1:P09/R4UfAEzLkV9DXxwlxQnIZbkaT4uIhiEgs6Vsz2Q= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -dmitri.shuralyov.com/gpu/mtl v0.0.0-20201218220906-28db891af037/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -filippo.io/edwards25519 v1.0.0-rc.1/go.mod h1:N1IkdkCkiLB6tki+MYJoSx2JTY9NUlxZE7eHn5EwJns= github.com/99designs/gqlgen v0.17.2/go.mod h1:K5fzLKwtph+FFgh9j7nFbRUdBKvTcGnsta51fsMTn3o= github.com/AdaLogics/go-fuzz-headers v0.0.0-20211102141018-f7be0cbad29c/go.mod h1:WpB7kf89yJUETZxQnP1kgYPNwlT2jjdDYUCoxVggM3g= github.com/AndreasBriese/bbloom v0.0.0-20190306092124-e2d15f34fcf9/go.mod h1:bOvUY6CB00SOBii9/FifXqc0awNKxLFCL/+pkDPuyl8= @@ -122,12 +115,9 @@ github.com/Azure/azure-pipeline-go v0.2.3/go.mod h1:x841ezTBIMG6O3lAcl8ATHnsOPVl github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v29.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v30.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/azure-sdk-for-go v46.4.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v51.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v59.3.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v60.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/azure-sdk-for-go v60.3.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/azure-sdk-for-go v62.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v63.0.0+incompatible h1:whPsa+jCHQSo5wGMPNLw4bz8q9Co2+vnXHzXGctoTaQ= github.com/Azure/azure-sdk-for-go v63.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-service-bus-go v0.9.1/go.mod h1:yzBx6/BUGfjfeqbRZny9AQIbIe3AcV9WZbAdpkoXOa0= @@ -137,7 +127,6 @@ github.com/Azure/azure-storage-blob-go v0.14.0/go.mod h1:SMqIBi+SuiQH32bvyjngEew github.com/Azure/go-amqp v0.16.0/go.mod h1:9YJ3RhxRT1gquYnzpZO1vcYMMpAdJT+QEg6fwmw9Zlg= github.com/Azure/go-amqp v0.16.4/go.mod h1:9YJ3RhxRT1gquYnzpZO1vcYMMpAdJT+QEg6fwmw9Zlg= github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= -github.com/Azure/go-ansiterm v0.0.0-20210608223527-2377c96fe795/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/Azure/go-autorest v10.8.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= @@ -145,8 +134,6 @@ github.com/Azure/go-autorest v12.0.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSW github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest/autorest v0.11.1/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw= -github.com/Azure/go-autorest/autorest v0.11.6/go.mod h1:V6p3pKZx1KKkJubbxnDWrzNhEIfOy/pTGasLqzHIPHs= -github.com/Azure/go-autorest/autorest v0.11.8/go.mod h1:V6p3pKZx1KKkJubbxnDWrzNhEIfOy/pTGasLqzHIPHs= github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA= github.com/Azure/go-autorest/autorest v0.11.19/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA= github.com/Azure/go-autorest/autorest v0.11.22/go.mod h1:BAWYUWGPEtKPzjVkp0Q6an0MJcJDsoh5Z1BFAEFs4Xs= @@ -154,18 +141,15 @@ github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsC github.com/Azure/go-autorest/autorest v0.11.25 h1:yp+V8DGur2aIUE87ebP8twPLz6k68jtJTlg61mEoByA= github.com/Azure/go-autorest/autorest v0.11.25/go.mod h1:7l8ybrIdUmGqZMTD0sRtAr8NvbHjfofbf8RSP2q7w7U= github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg= -github.com/Azure/go-autorest/autorest/adal v0.9.4/go.mod h1:/3SMAM86bP6wC9Ev35peQDUeqFZBMH07vvUOmg4z/fE= github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A= github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M= github.com/Azure/go-autorest/autorest/adal v0.9.14/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M= github.com/Azure/go-autorest/autorest/adal v0.9.17/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= github.com/Azure/go-autorest/autorest/adal v0.9.18 h1:kLnPsRjzZZUF3K5REu/Kc+qMQrvuza2bwSnNdhmzLfQ= github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= -github.com/Azure/go-autorest/autorest/azure/auth v0.5.2/go.mod h1:q98IH4qgc3eWM4/WOeR5+YPmBuy8Lq0jNRDwSM0CuFk= github.com/Azure/go-autorest/autorest/azure/auth v0.5.9/go.mod h1:hg3/1yw0Bq87O3KvvnJoAh34/0zbP7SFizX/qN5JvjU= github.com/Azure/go-autorest/autorest/azure/auth v0.5.11 h1:P6bYXFoao05z5uhOQzbC3Qd8JqF3jUoocoTeIxkp2cA= github.com/Azure/go-autorest/autorest/azure/auth v0.5.11/go.mod h1:84w/uV8E37feW2NCJ08uT9VBfjfUHpgLVnG2InYD6cg= -github.com/Azure/go-autorest/autorest/azure/cli v0.4.1/go.mod h1:JfDgiIO1/RPu6z42AdQTyjOoCM2MFhLqSBDvMEkDgcg= github.com/Azure/go-autorest/autorest/azure/cli v0.4.2/go.mod h1:7qkJkT+j6b+hIpzMOwPChJhTqS8VbsqqgULzMNRugoM= github.com/Azure/go-autorest/autorest/azure/cli v0.4.4/go.mod h1:yAQ2b6eP/CmLPnmLvxtT1ALIY3OR1oFcCqVBi8vHiTc= github.com/Azure/go-autorest/autorest/azure/cli v0.4.5 h1:0W/yGmFdTIT77fvdlGZ0LMISoLHFJ7Tx4U0yeB+uFs4= @@ -187,7 +171,6 @@ github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUM github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= -github.com/BurntSushi/toml v1.1.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/CloudyKit/fastprinter v0.0.0-20200109182630-33d98a066a53/go.mod h1:+3IMCy2vIlbG1XG/0ggNQv0SvxCAIpPM5b1nCz56Xno= github.com/CloudyKit/jet/v3 v3.0.0/go.mod h1:HKQPgSJmdK8hdoAbKUUWajkHyHo4RaU5rMdUywE7VMo= @@ -205,15 +188,12 @@ github.com/Joker/jade v1.1.3 h1:Qbeh12Vq6BxURXT1qZBRHsDxeURB8ztcL6f3EXSGeHk= github.com/Joker/jade v1.1.3/go.mod h1:T+2WLyt7VH6Lp0TRxQrUYEs64nRc83wkMQrfeIQKduM= github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= -github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= github.com/Masterminds/semver/v3 v3.0.3/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= github.com/Masterminds/semver/v3 v3.1.0/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= -github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= github.com/Masterminds/sprig v2.15.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= -github.com/Masterminds/sprig/v3 v3.2.2/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk= github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA= github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA= github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw= @@ -236,20 +216,13 @@ github.com/Microsoft/hcsshim v0.8.23/go.mod h1:4zegtUJth7lAvFyc6cH2gGQ5B3OFQim01 github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5hlzMzRKMLyo42nCZ9oml8AdTlq/0cvIaBv6tK1RehU= github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:mw7qgWloBUl75W/gVH3cQszUg1+gUITj7D6NY7ywVnY= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= -github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= -github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q= github.com/OpenPeeDeeP/depguard v1.0.1/go.mod h1:xsIw86fROiiwelg+jB2uM9PiKihMMmUx/1V+TNhjQvM= -github.com/PaesslerAG/gval v1.0.0/go.mod h1:y/nm5yEyTeX6av0OfKJNp9rBNj2XrGhAf5+v24IBN1I= -github.com/PaesslerAG/jsonpath v0.1.0/go.mod h1:4BzmtoM/PI8fPO4aQGIusjGxGir2BzcV0grWtFzq1Y8= -github.com/PaesslerAG/jsonpath v0.1.1/go.mod h1:lVboNxFGal/VwW6d9JzIy56bUsYAP6tH/x80vjnCseY= github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7 h1:YoJbenK9C67SkzkDfmQuVln04ygHj3vjZfd9FL+GmQQ= github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo= -github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/purell v1.1.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tNFfI= github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= -github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/ReneKroon/ttlcache/v2 v2.10.0/go.mod h1:mBxvsNY+BT8qLLd6CuAJubbKo6r0jh3nb5et22bbfGY= @@ -258,19 +231,15 @@ github.com/ReneKroon/ttlcache/v2 v2.11.0/go.mod h1:mBxvsNY+BT8qLLd6CuAJubbKo6r0j github.com/Shopify/goreferrer v0.0.0-20181106222321-ec9c9a553398/go.mod h1:a1uqRtAwp2Xwc6WNPJEufxJ7fx3npB4UV/JOLmbu5I0= github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ= github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= -github.com/Shopify/sarama v1.30.0/go.mod h1:zujlQQx1kzHsh4jfV1USnptCQrHAEZ2Hk8fTKCulPVs= github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= -github.com/Shopify/toxiproxy/v2 v2.1.6-0.20210914104332-15ea381dcdae/go.mod h1:/cvHQkZ1fst0EmZnA5dFtiQdWCNCFYzb+uE2vqVgvx0= github.com/StackExchange/wmi v1.2.1/go.mod h1:rcmrprowKIVzvc+NUiLncP2uuArMWLCbu9SBzvHz7e8= github.com/ThalesIgnite/crypto11 v1.2.5 h1:1IiIIEqYmBvUYFeMnHqRft4bwf/O36jryEUpY+9ef8E= github.com/ThalesIgnite/crypto11 v1.2.5/go.mod h1:ILDKtnCKiQ7zRoNxcp36Y1ZR8LBPmR2E23+wTQe/MlE= github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g= -github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo= github.com/acobaugh/osrelease v0.1.0 h1:Yb59HQDGGNhCj4suHaFQQfBps5wyoKLSSX/J/+UifRE= github.com/acobaugh/osrelease v0.1.0/go.mod h1:4bFEs0MtgHNHBrmHCt67gNisnabCRAlzdVasCEGHTWY= github.com/acomagu/bufpipe v1.0.3 h1:fxAGrHZTgQ9w5QqVItgzwj235/uYZYgbXitB+dLupOk= github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4= -github.com/adrg/xdg v0.2.1/go.mod h1:ZuOshBmzV4Ta+s23hdfFZnBsdzmoR3US0d7ErpqSbTQ= github.com/adrg/xdg v0.4.0 h1:RzRqFcjH4nE5C6oTAxhBtoE2IRyjBSa62SCbyPidvls= github.com/adrg/xdg v0.4.0/go.mod h1:N6ag73EX4wyxeaoeHctc1mas01KZgsj5tYiAIwqJE/E= github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= @@ -282,8 +251,6 @@ github.com/ajg/form v1.5.1/go.mod h1:uL1WgH+h2mgNtvBq0339dVnzXdBETtL2LeUXaIv25UY github.com/ajvpot/genqlient v0.4.1-0.20220601222338-9a6fa43de94e h1:BH26CidysvtVEIhkuPun1gMGuzQnk+w52q0vBAaCKBQ= github.com/ajvpot/genqlient v0.4.1-0.20220601222338-9a6fa43de94e/go.mod h1:zV+Ip2a2/xaPCdLm09qvNyNqKQGLXSqvfQs591IPiJE= github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7/go.mod h1:6zEj6s6u/ghQa61ZWa/C2Aw3RkjiTBOix7dkqa1VLIs= -github.com/alecthomas/jsonschema v0.0.0-20180308105923-f2c93856175a/go.mod h1:qpebaTNSsyUn5rPSJMsfqEtDw71TTggXM6stUDI16HA= -github.com/alecthomas/jsonschema v0.0.0-20210301060011-54c507b6f074/go.mod h1:/n6+1/DWPltRLWL/VKyUxg6tzsl5kHUCcraimt4vr60= github.com/alecthomas/kingpin v2.2.6+incompatible/go.mod h1:59OFYbFVLKQKq+mqrL6Rw5bR0c3ACQaawgXx0QYndlE= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= @@ -296,24 +263,20 @@ github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:C github.com/alexflint/go-scalar v1.0.0 h1:NGupf1XV/Xb04wXskDFzS0KWOLH632W/EO4fAFi+A70= github.com/alexflint/go-scalar v1.0.0/go.mod h1:GpHzbCOZXEKMEcygYQ5n/aa4Aq84zbxjy3MxYW0gjYw= github.com/alexkohler/prealloc v1.0.0/go.mod h1:VetnK3dIgFBBKmg0YnD9F9x6Icjd+9cvfHR56wJVlKE= -github.com/anchore/client-go v0.0.0-20210222170800-9c70f9b80bcf/go.mod h1:FaODhIA06mxO1E6R32JE0TL1JWZZkmjRIAd4ULvHUKk= github.com/anchore/go-macholibre v0.0.0-20220308212642-53e6d0aaf6fb h1:iDMnx6LIjtjZ46C0akqveX83WFzhpTD3eqOthawb5vU= github.com/anchore/go-macholibre v0.0.0-20220308212642-53e6d0aaf6fb/go.mod h1:DmTY2Mfcv38hsHbG78xMiTDdxFtkHpgYNVDPsF2TgHk= github.com/anchore/go-rpmdb v0.0.0-20210914181456-a9c52348da63 h1:C9W/LAydEz/qdUhx1MdjO9l8NEcFKYknkxDVyo9LAoM= github.com/anchore/go-rpmdb v0.0.0-20210914181456-a9c52348da63/go.mod h1:6qH8c6U/3CBVvDDDBZnPSTbTINq3cIdADUYTaVf75EM= github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04 h1:VzprUTpc0vW0nnNKJfJieyH/TZ9UYAnTZs5/gHTdAe8= github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04/go.mod h1:6dK64g27Qi1qGQZ67gFmBFvEHScy0/C8qhQhNe5B5pQ= -github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b/go.mod h1:Bkc+JYWjMCF8OyZ340IMSIi2Ebf3uwByOk6ho4wne1E= github.com/anchore/go-version v1.2.2-0.20210903204242-51efa5b487c4 h1:rmZG77uXgE+o2gozGEBoUMpX27lsku+xrMwlmBZJtbg= github.com/anchore/go-version v1.2.2-0.20210903204242-51efa5b487c4/go.mod h1:Bkc+JYWjMCF8OyZ340IMSIi2Ebf3uwByOk6ho4wne1E= github.com/anchore/grype v0.36.1 h1:PcGfCdqsRsrRqGMG7GqtBS4kfM8NFRb60i3yDCs2oMU= github.com/anchore/grype v0.36.1/go.mod h1:B/pUbRvP1zkeddwrLosGRW/QW9+vDf9i9UJ7ftI9T7Y= -github.com/anchore/packageurl-go v0.1.1-0.20220314153042-1bcd40e5206b/go.mod h1:Blo6OgJNiYF41ufcgHKkbCKF2MDOMlrqhXv/ij6ocR4= github.com/anchore/packageurl-go v0.1.1-0.20220428202044-a072fa3cb6d7 h1:kDrYkTSM9uIxaX/P9s0F4nKYNM+hnSgLJdLpqvsaQ/g= github.com/anchore/packageurl-go v0.1.1-0.20220428202044-a072fa3cb6d7/go.mod h1:Blo6OgJNiYF41ufcgHKkbCKF2MDOMlrqhXv/ij6ocR4= github.com/anchore/stereoscope v0.0.0-20220406160859-c03a18a6b270 h1:NmxPDR6vo3xjwCL6o+tpF1vUad/BVo+WaVSwueB9W9w= github.com/anchore/stereoscope v0.0.0-20220406160859-c03a18a6b270/go.mod h1:yoCLUZY0k/pYLNIy0L80p2Ko0PKVNXm8rHtgxp4OiSc= -github.com/anchore/syft v0.45.1/go.mod h1:/vnLTaFDHPGhizPbIgAyeTPjCY9Mzz255w84vVGGkEE= github.com/anchore/syft v0.46.0 h1:zXgLbCvQgO/ER9dJOUdjvKrZivZQtPd2q+OcXVZuoYM= github.com/anchore/syft v0.46.0/go.mod h1:rRBTv3k0Rlr82R2TRZnfv1YpsMq9OuzU4ARarjqgCbY= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883 h1:bvNMNQO63//z+xNgfBlViaCIJKLlCJ6/fmUseuG0wVQ= @@ -328,7 +291,6 @@ github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 h1:kFOfPq6dUM1hTo github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= -github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20210826220005-b48c857c3a0e/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY= github.com/aokoli/goutils v1.0.1/go.mod h1:SijmP0QR8LtwsmDs8Yii5Z/S4trXFGFC2oO5g9DP+DQ= github.com/apache/beam v2.28.0+incompatible/go.mod h1:/8NX3Qi8vGstDLLaeaU7+lzVEu/ACaQhYjeefzQ0y1o= github.com/apache/beam v2.32.0+incompatible/go.mod h1:/8NX3Qi8vGstDLLaeaU7+lzVEu/ACaQhYjeefzQ0y1o= @@ -340,7 +302,6 @@ github.com/apex/log v1.1.4/go.mod h1:AlpoD9aScyQfJDVHmLMEcx4oU6LqzkWp4Mg9GdAcEvQ github.com/apex/logs v0.0.4/go.mod h1:XzxuLZ5myVHDy9SAmYpamKKRNApGj54PfYLcFrXqDwo= github.com/aphistic/golf v0.0.0-20180712155816-02c07f170c5a/go.mod h1:3NqKYiepwy8kCu4PNA+aP7WUV72eXWJeP9/r3/K9aLE= github.com/aphistic/sweet v0.2.0/go.mod h1:fWDlIh/isSE9n6EPsRmC0det+whmX6dJid3stzu0Xys= -github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q= github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= @@ -383,40 +344,21 @@ github.com/aws/aws-sdk-go v1.36.30/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2z github.com/aws/aws-sdk-go v1.37.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go v1.42.8/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= github.com/aws/aws-sdk-go v1.42.22/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= -github.com/aws/aws-sdk-go v1.42.25/go.mod h1:gyRszuZ/icHmHAVE4gc/r+cfCmhA1AD+vqfWbgI+eHs= github.com/aws/aws-sdk-go v1.43.30/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= github.com/aws/aws-sdk-go v1.44.12 h1:5f7ESFKQv5WHX8m37H2T8G+tc/rggy7sfdZ8ioqXFY8= github.com/aws/aws-sdk-go v1.44.12/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= -github.com/aws/aws-sdk-go-v2 v1.7.1/go.mod h1:L5LuPC1ZgDr2xQS7AmIec/Jlc7O/Y1u2KxJyNVab250= github.com/aws/aws-sdk-go-v2 v1.11.0/go.mod h1:SQfA+m2ltnu1cA0soUkj4dRSsmITiVQUJvBIZjzfPyQ= -github.com/aws/aws-sdk-go-v2 v1.14.0/go.mod h1:ZA3Y8V0LrlWj63MQAnRHgKf/5QB//LSZCPNWlWrNGLU= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.0.0/go.mod h1:Xn6sxgRuIDflLRJFj5Ev7UxABIkNbccFPV/p8itDReM= -github.com/aws/aws-sdk-go-v2/config v1.5.0/go.mod h1:RWlPOAW3E3tbtNAqTwvSW54Of/yP3oiZXMI0xfUdjyA= github.com/aws/aws-sdk-go-v2/config v1.10.1/go.mod h1:auIv5pIIn3jIBHNRcVQcsczn6Pfa6Dyv80Fai0ueoJU= -github.com/aws/aws-sdk-go-v2/config v1.14.0/go.mod h1:GKDRrvsq/PTaOYc9252u8Uah1hsIdtor4oIrFvUNPNM= -github.com/aws/aws-sdk-go-v2/credentials v1.3.1/go.mod h1:r0n73xwsIVagq8RsxmZbGSRQFj9As3je72C2WzUIToc= github.com/aws/aws-sdk-go-v2/credentials v1.6.1/go.mod h1:QyvQk1IYTqBWSi1T6UgT/W8DMxBVa5pVuLFSRLLhGf8= -github.com/aws/aws-sdk-go-v2/credentials v1.9.0/go.mod h1:PyHKqk/+tJuDY7T8R580S1j/AcSD+ODeUZ99CAUKLqQ= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.3.0/go.mod h1:2LAuqPx1I6jNfaGDucWfA2zqQCYCOMCDHiCOciALyNw= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.8.0/go.mod h1:5E1J3/TTYy6z909QNR0QnXGBpfESYGDqd3O0zqONghU= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.11.0/go.mod h1:rwdUKJV5rm+vHu1ncD1iGDqahBEL8O0tBjVqo9eO2N0= github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.7.1/go.mod h1:wN/mvkow08GauDwJ70jnzJ1e+hE+Q3Q7TwpYLXOe9oI= github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.0/go.mod h1:NO3Q5ZTTQtO2xIg2+xTXYDiT7knSejfeDm7WGDaOo0U= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.5/go.mod h1:2hXc8ooJqF2nAznsbJQIn+7h851/bu8GVC80OVTTqf8= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.0.0/go.mod h1:anlUzBoEWglcUxUQwZA7HQOEVEnQALVZsizAapB2hq8= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.3.0/go.mod h1:miRSv9l093jX/t/j+mBCaLqFHo9xKYzJ7DGm1BsGoJM= -github.com/aws/aws-sdk-go-v2/internal/ini v1.1.1/go.mod h1:Zy8smImhTdOETZqfyn01iNOe0CNggVbPjCajyaz6Gvg= github.com/aws/aws-sdk-go-v2/internal/ini v1.3.0/go.mod h1:6oXGy4GLpypD3uCh8wcqztigGgmhLToMfjavgh+VySg= -github.com/aws/aws-sdk-go-v2/internal/ini v1.3.6/go.mod h1:o1ippSg3yJx5EuT4AOGXJCUcmt5vrcxla1cg6K1Q8Iw= -github.com/aws/aws-sdk-go-v2/service/ecr v1.4.1/go.mod h1:FglZcyeiBqcbvyinl+n14aT/EWC7S1MIH+Gan2iizt0= -github.com/aws/aws-sdk-go-v2/service/ecr v1.15.0/go.mod h1:4zYI85WiYDhFaU1jPFVfkD7HlBcdnITDE3QxDwy4Kus= -github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.4.1/go.mod h1:eD5Eo4drVP2FLTw0G+SMIPWNWvQRGGTtIZR2XeAagoA= -github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.12.0/go.mod h1:IArQ3IBR00FkuraKwudKZZU32OxJfdTdwV+W5iZh3Y4= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.5.0/go.mod h1:80NaCIH9YU3rzTTs/J/ECATjXuRqzo/wB6ukO6MZ0XY= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.2.1/go.mod h1:zceowr5Z1Nh2WVP8bf/3ikB41IZW59E4yIYbg+pC6mw= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.5.0/go.mod h1:Mq6AEc+oEjCUlBuLiK5YwW4shSOAKCQ3tXN0sQeYoBA= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.8.0/go.mod h1:rBDLgXDAwHOfxZKLRDl8OGTPzFDC+a2pLqNNj8+QwfI= github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.9.0/go.mod h1:xKCZ4YFSF2s4Hnb/J0TLeOsKuGzICzcElaOKNGrVnx4= github.com/aws/aws-sdk-go-v2/service/kms v1.10.0/go.mod h1:ZkHWL8m5Nw1g9yMXqpCjnIJtSDToAmNbXXZ9gj0bO7s= github.com/aws/aws-sdk-go-v2/service/s3 v1.19.0/go.mod h1:Gwz3aVctJe6mUY9T//bcALArPUaFmNAy2rTB9qN4No8= @@ -424,16 +366,9 @@ github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.10.0/go.mod h1:qAgsrzF3Z2 github.com/aws/aws-sdk-go-v2/service/sns v1.11.0/go.mod h1:LIPf3BTbSY5UeVli+x/1y2Qw1w8T9DYyp7p18Qt8Zc8= github.com/aws/aws-sdk-go-v2/service/sqs v1.12.0/go.mod h1:TDqDmQnsbgL2ZMIGUf3z9xTzCMqFX7FP1geAgIlYqvA= github.com/aws/aws-sdk-go-v2/service/ssm v1.15.0/go.mod h1:kJa2uHklY03rKsNSbEsToeUgWJ1PambXBtRNacorRhg= -github.com/aws/aws-sdk-go-v2/service/sso v1.3.1/go.mod h1:J3A3RGUvuCZjvSuZEcOpHDnzZP/sKbhDWV2T1EOzFIM= github.com/aws/aws-sdk-go-v2/service/sso v1.6.0/go.mod h1:Q/l0ON1annSU+mc0JybDy1Gy6dnJxIcWjphO6qJPzvM= -github.com/aws/aws-sdk-go-v2/service/sso v1.10.0/go.mod h1:m1CRRFX7eH3EE6w0ntdu+lo+Ph9VS7y8qRV/vdym0ZY= -github.com/aws/aws-sdk-go-v2/service/sts v1.6.0/go.mod h1:q7o0j7d7HrJk/vr9uUt3BVRASvcU7gYZB9PUgPiByXg= github.com/aws/aws-sdk-go-v2/service/sts v1.10.0/go.mod h1:jLKCFqS+1T4i7HDqCP9GM4Uk75YW1cS0o82LdxpMyOE= -github.com/aws/aws-sdk-go-v2/service/sts v1.15.0/go.mod h1:E264g2Gl5U9KTGzmd8ypGEAoh75VmqyuA/Ox5O1eRE4= -github.com/aws/smithy-go v1.6.0/go.mod h1:SObp3lf9smib00L/v3U2eAKG8FyQ7iLrJnQiAmR5n+E= github.com/aws/smithy-go v1.9.0/go.mod h1:SObp3lf9smib00L/v3U2eAKG8FyQ7iLrJnQiAmR5n+E= -github.com/aws/smithy-go v1.11.0/go.mod h1:3xHYmszWVx2c0kIwQeEVf9uSm4fYZt67FBJnwub1bgM= -github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20220228164355-396b2034c795/go.mod h1:8vJsEZ4iRqG+Vx6pKhWK6U00qcj0KC37IsfszMkY6UE= github.com/awslabs/aws-lambda-go-api-proxy v0.13.2 h1:Sy8mCKR8GKRRQBU5jt5p6KHD9JPltl5ClfJMwhx35BI= github.com/awslabs/aws-lambda-go-api-proxy v0.13.2/go.mod h1:+c4BkN5CUEoXrdrOmBruhtRIcmwXWQBu6vz6xCFAvdA= github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59/go.mod h1:q/89r3U2H7sSsE2t6Kca0lfwTK8JdoNGS/yzM/4iH5I= @@ -444,7 +379,6 @@ github.com/beevik/etree v1.1.0/go.mod h1:r8Aw8JqVegEf0w2fDnATrX9VpkMcyFeM0FhwO62 github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/benbjohnson/clock v1.3.0 h1:ip6w0uFQkncKQ979AypyG0ER7mqUSBdKLOgAle/AT8A= -github.com/benbjohnson/clock v1.3.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= @@ -464,17 +398,14 @@ github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdn github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= -github.com/blendle/zapdriver v1.3.1/go.mod h1:mdXfREi6u5MArG4j9fewC+FGnXaBR+T4Ox4J2u4eHCc= github.com/blizzy78/varnamelen v0.3.0/go.mod h1:hbwRdBvoBqxk34XyQ6HA0UH3G0/1TKuv5AC4eaBT0Ec= github.com/bmatcuk/doublestar/v2 v2.0.4 h1:6I6oUiT/sU27eE2OFcWqBhL1SwjyvQuOssxT4a1yidI= github.com/bmatcuk/doublestar/v2 v2.0.4/go.mod h1:QMmcs3H2AUQICWhfzLXz+IYln8lRQmTZRptLie8RgRw= github.com/bmatcuk/doublestar/v4 v4.0.2 h1:X0krlUVAVmtr2cRoTqR8aDMrDqnB36ht8wpWTiQ3jsA= github.com/bmatcuk/doublestar/v4 v4.0.2/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc= github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4= -github.com/bmizerany/perks v0.0.0-20141205001514-d9a9656a3a4b/go.mod h1:ac9efd0D1fsDb3EJvhqgXRbFx7bs2wqZ10HQPeU8U/Q= github.com/bombsimon/wsl/v3 v3.3.0/go.mod h1:st10JtZYLE4D5sC7b8xV4zTKZwAQjCH/Hy2Pm1FNZIc= github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b/go.mod h1:H0wQNHz2YrLsuXOZozoeDmnHXkNCRmMW0gwFWDfEZDA= -github.com/bradleyfalzon/ghinstallation/v2 v2.0.3/go.mod h1:tlgi+JWCXnKFx/Y4WtnDbZEINo31N5bcvnCoqieefmk= github.com/bradleyjkemp/cupaloy/v2 v2.6.0/go.mod h1:bm7JXdkRd4BHJk9HpwqAI8BoAY1lps46Enkdqw6aRX0= github.com/bradleyjkemp/cupaloy/v2 v2.7.0 h1:AT0vOjO68RcLyenLCHOGZzSNiuto7ziqzq6Q1/3xzMQ= github.com/bradleyjkemp/cupaloy/v2 v2.7.0/go.mod h1:bm7JXdkRd4BHJk9HpwqAI8BoAY1lps46Enkdqw6aRX0= @@ -487,17 +418,12 @@ github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8n github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0BsqsP2LwDJ9aOkm/6J86V6lyAXCoQWGw3K50= github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE= github.com/butuzov/ireturn v0.1.1/go.mod h1:Wh6Zl3IMtTpaIKbmwzqi6olnM9ptYQxxVacMsOEFPoc= -github.com/bytecodealliance/wasmtime-go v0.31.0/go.mod h1:q320gUxqyI8yB+ZqRuaJOEnGkAnHh6WtJjMaT2CW4wI= -github.com/bytecodealliance/wasmtime-go v0.33.1/go.mod h1:q320gUxqyI8yB+ZqRuaJOEnGkAnHh6WtJjMaT2CW4wI= -github.com/c2h5oh/datasize v0.0.0-20171227191756-4eba002a5eae/go.mod h1:S/7n9copUssQ56c7aAgHqftWO4LTf4xY6CGWt8Bc+3M= github.com/caarlos0/ctrlc v1.0.0/go.mod h1:CdXpj4rmq0q/1Eb44M9zi2nKB0QraNKuRGYGrrHhcQw= github.com/campoy/unique v0.0.0-20180121183637-88950e537e7e/go.mod h1:9IOqJGCPMSc6E5ydlp5NIonxObaeu/Iub/X03EKPVYo= -github.com/carolynvs/magex v0.7.0/go.mod h1:vZB3BkRfkd5ZMtkxJkCGbdFyWGoZiuNPKhx6uEQARmY= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/cavaliercoder/badio v0.0.0-20160213150051-ce5280129e9e/go.mod h1:V284PjgVwSk4ETmz84rpu9ehpGg7swlIH8npP9k2bGw= github.com/cavaliercoder/go-cpio v0.0.0-20180626203310-925f9528c45e/go.mod h1:oDpT4efm8tSYHXV5tHSdRvBet/b/QzxZ+XyyPehvm3A= github.com/cavaliercoder/go-rpm v0.0.0-20200122174316-8cb9fd9c31a8/go.mod h1:AZIh1CCnMrcVm6afFf96PBvE2MRpWFco91z8ObJtgDY= -github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs= github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M= @@ -520,7 +446,6 @@ github.com/chavacava/garif v0.0.0-20210405164556-e8a0a408d6af/go.mod h1:Qjyv4H3/ github.com/checkpoint-restore/go-criu/v4 v4.1.0/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw= github.com/checkpoint-restore/go-criu/v5 v5.0.0/go.mod h1:cfwC0EG7HMUenopBsUf9d89JlCLQIfgVcNsNN0t6T2M= github.com/cheggaaa/pb v1.0.27/go.mod h1:pQciLPpbU0oxA0h+VJYYLxO+XeDQb5pZijXscXHm81s= -github.com/chrismellard/docker-credential-acr-env v0.0.0-20220119192733-fe33c00cee21/go.mod h1:Zlre/PVxuSI9y6/UV4NwGixQ48RHQDSPiUkofr6rbMU= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= @@ -544,7 +469,6 @@ github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWH github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20211130200136-a8f946100490/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ= -github.com/cockroachdb/apd/v2 v2.0.1/go.mod h1:DDxRlzC2lo3/vSlmSoS7JkqbbrARPuFOGr0B9pvN3Gw= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo= github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA= @@ -552,7 +476,6 @@ github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u9 github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI= github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb h1:EDmT6Q9Zs+SbUoc7Ik9EfrFqcylYqgPZ9ANSbTAntnE= github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb/go.mod h1:ZjrT6AXHbDs86ZSdt/osfBi5qfexBrKUdONk989Wnk4= -github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be/go.mod h1:mk5IQ+Y0ZeO87b858TlA645sVcEcbiX6YqP98kt+7+w= github.com/containerd/aufs v0.0.0-20200908144142-dab0cbea06f4/go.mod h1:nukgQABAEopAHvB6j7cnP5zJ+/3aVcE7hCYqvIwAHyE= github.com/containerd/aufs v0.0.0-20201003224125-76a6863f2989/go.mod h1:AkGGQs9NM2vtYHaUen+NljV0/baGCAPELGm2q9ZXpWU= github.com/containerd/aufs v0.0.0-20210316121734-20793ff83c97/go.mod h1:kL5kd6KM5TzQjR79jljyi4olc1Vrx6XBlcyj3gNv2PU= @@ -664,7 +587,6 @@ github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+ github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= -github.com/cpuguy83/go-md2man v1.0.10 h1:BSKMNlYxDvnunlTymqtgONjNnaRV1sTpcovwwjF22jk= github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= @@ -695,15 +617,9 @@ github.com/denisenkom/go-mssqldb v0.11.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27 github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0= github.com/devigned/tab v0.1.1/go.mod h1:XG9mPq0dFghrYvoBF3xdRrJzSTX1b7IQrvaL9mzjeJY= github.com/dgraph-io/badger v1.6.0/go.mod h1:zwt7syl517jmP8s94KqSxTlM6IMsdhYy6psNgSztDR4= -github.com/dgraph-io/badger/v3 v3.2103.2/go.mod h1:RHo4/GmYcKKh5Lxu63wLEMHJ70Pac2JqZRYGhlyAo2M= -github.com/dgraph-io/ristretto v0.1.0/go.mod h1:fux0lOrBhrVCJd3lcTHsIJhq1T2rokOu6v9Vcb3Q9ug= github.com/dgrijalva/jwt-go v0.0.0-20170104182250-a601269ab70c/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= -github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= -github.com/dgryski/go-gk v0.0.0-20140819190930-201884a44051/go.mod h1:qm+vckxRlDt0aOla0RYJJVeqHZlWfOm2UIxHaqPB46E= -github.com/dgryski/go-gk v0.0.0-20200319235926-a69029f61654/go.mod h1:qm+vckxRlDt0aOla0RYJJVeqHZlWfOm2UIxHaqPB46E= -github.com/dgryski/go-lttb v0.0.0-20180810165845-318fcdf10a77/go.mod h1:Va5MyIzkU0rAM92tn3hb3Anb7oz7KcnixF49+2wOMe4= github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48 h1:fRzb/w+pyskVMQ+UbP35JkH8yB7MYb4q/qhBarqZE6g= @@ -727,7 +643,6 @@ github.com/docker/docker v20.10.10+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05 github.com/docker/docker v20.10.11+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.12+incompatible h1:CEeNmFM0QZIsJCZKMkZx0ZcahTiewkrgiwfYD+dfl1U= github.com/docker/docker v20.10.12+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y= github.com/docker/docker-credential-helpers v0.6.4 h1:axCks+yV+2MR3/kZhAmy07yC56WZ2Pwu/fKWtKuZB0o= github.com/docker/docker-credential-helpers v0.6.4/go.mod h1:ofX3UI0Gz1TteYBjtgs07O36Pyasyp66D2uKT7H8W1c= github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ= @@ -742,7 +657,6 @@ github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDD github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE= github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= -github.com/dsnet/compress v0.0.1/go.mod h1:Aw8dCMJ7RioblQeTqt88akK31OvO8Dhf5JflhBbQEHo= github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5 h1:iFaUwBSo5Svw6L7HYpRu/0lE3e0BaElwnNO1qkNQxBY= github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5/go.mod h1:qssHWj60/X5sZFNxpG4HBPDHVqxNm4DfnCKgrbZOT+s= github.com/dsnet/golib v0.0.0-20171103203638-1ea166775780/go.mod h1:Lj+Z9rebOhdfkVLjJ8T6VcRQv3SXugXy999NBtR9aFY= @@ -751,7 +665,6 @@ github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dvyukov/go-fuzz v0.0.0-20210914135545-4980593459a1/go.mod h1:11Gm+ccJnvAhCNLlf5+cS9KjtbaD5I5zaZpFMsTHWTw= github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= -github.com/eapache/go-resiliency v1.2.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M= @@ -760,7 +673,6 @@ github.com/eknkc/amber v0.0.0-20171010120322-cdade1c07385/go.mod h1:0vRUJqYpeSZi github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/emicklei/proto v1.6.15/go.mod h1:rn1FgRS/FANiZdD2djyH7TMA9jdRDcYQ9IEN9yvjX0A= github.com/emirpasic/gods v1.12.0 h1:QAUIPSaCu4G+POclxeqb3F+WPpdKqFGlw36+yOzGlrg= github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o= github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4safvEdbitLhGGK48rN6g= @@ -781,11 +693,9 @@ github.com/esimonov/ifshort v1.0.3/go.mod h1:yZqNJUrNn20K8Q9n2CrjTKYyVEmX209Hgu+ github.com/etcd-io/bbolt v1.3.3/go.mod h1:ZF2nL25h33cCyBtcyWeZ2/I3HQOfTP+0PIEvHjkjCrw= github.com/etcd-io/gofail v0.0.0-20190801230047-ad7f989257ca/go.mod h1:49H/RkXP8pKaZy4h0d+NW16rSLhyVBt4o6VLJbmOqDE= github.com/ettle/strcase v0.1.1/go.mod h1:hzDLsPC7/lwKyBOywSHEP89nt2pDgdy+No1NBA9o9VY= -github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ= github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.5.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= -github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= github.com/facebookgo/clock v0.0.0-20150410010913-600d898af40a h1:yDWHCSQ40h88yih2JAcL6Ls/kVkSE8GFACTGVnMPruw= github.com/facebookgo/clock v0.0.0-20150410010913-600d898af40a/go.mod h1:7Ga40egUymuWXxAe151lTNnCv97MddSOVsjpPPkityA= github.com/facebookgo/ensure v0.0.0-20200202191622-63f1cf65ac4c/go.mod h1:Yg+htXGokKKdzcwhuNDwVvN+uBxDGXJ7G/VN1d8fa64= @@ -813,10 +723,8 @@ github.com/flynn/go-docopt v0.0.0-20140912013429-f6dd2ebbb31e/go.mod h1:HyVoz1Mz github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= -github.com/form3tech-oss/jwt-go v3.2.5+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/fortytw2/leaktest v1.2.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= -github.com/foxcpp/go-mockdns v0.0.0-20210729171921-fb145fc6f897/go.mod h1:lgRN6+KxQBawyIghpnl5CezHFGS9VLzvtVlwxvzXTQ4= github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= github.com/frankban/quicktest v1.10.0/go.mod h1:ui7WezCLWMWxVWr1GETZY3smRy0G4KWq9vcPtJmFl7Y= @@ -842,7 +750,6 @@ github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49P github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI= -github.com/gin-gonic/gin v1.5.0/go.mod h1:Nd6IXA8m5kNZdNEHMBd93KT+mdY3+bewLgRvmCsR2Do= github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwvtwp4M= github.com/gin-gonic/gin v1.7.1/go.mod h1:jD2toBW3GZUr5UMcdrwQA10I7RuaFOl/SGeDjXkfUtY= github.com/gin-gonic/gin v1.7.3/go.mod h1:jD2toBW3GZUr5UMcdrwQA10I7RuaFOl/SGeDjXkfUtY= @@ -890,7 +797,6 @@ github.com/go-logr/logr v1.2.1/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbV github.com/go-logr/logr v1.2.2 h1:ahHml/yUpnlb96Rp8HCvtYVPY8ZYpxq3g7UYchIYwbs= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/stdr v1.2.0/go.mod h1:YkVgnZu1ZjjL7xTxrfm/LLZBfkhTqSR1ydtm6jTKKwI= -github.com/go-logr/zapr v1.2.0/go.mod h1:Qa4Bsj2Vb+FAVeAKsLD8RLQ+YRJB8YDmOAKxaBQf7Ro= github.com/go-ole/go-ole v1.2.5/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= github.com/go-openapi/analysis v0.0.0-20180825180245-b006789cd277/go.mod h1:k70tL6pCuVxPJOHXQ+wIac1FUrvNkHolPie/cLEU6hI= @@ -916,14 +822,12 @@ github.com/go-openapi/errors v0.19.9/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpX github.com/go-openapi/errors v0.20.1/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= github.com/go-openapi/errors v0.20.2 h1:dxy7PGTqEh94zj2E3h1cUmQQWiM1+aeCROfAr02EmK8= github.com/go-openapi/errors v0.20.2/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= -github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0= github.com/go-openapi/jsonpointer v0.17.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M= github.com/go-openapi/jsonpointer v0.18.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M= github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg= github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY= github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= -github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg= github.com/go-openapi/jsonreference v0.17.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I= github.com/go-openapi/jsonreference v0.18.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I= github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc= @@ -953,7 +857,6 @@ github.com/go-openapi/runtime v0.19.24/go.mod h1:Lm9YGCeecBnUUkFTxPC4s1+lwrkJ0pt github.com/go-openapi/runtime v0.21.0/go.mod h1:aQg+kaIQEn+A2CRSY1TxbM8+sT9g2V3aLc1FbIAnbbs= github.com/go-openapi/runtime v0.23.3 h1:/dxjx4KCOQI5ImBMz036F6v/DzZ2NUjSRvbLJs1rgoE= github.com/go-openapi/runtime v0.23.3/go.mod h1:AKurw9fNre+h3ELZfk6ILsfvPN+bvvlaU/M9q/r9hpk= -github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc= github.com/go-openapi/spec v0.17.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI= github.com/go-openapi/spec v0.18.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI= github.com/go-openapi/spec v0.19.2/go.mod h1:sCxk3jxKgioEJikev4fgkNmwS+3kuYdJtcsZsD5zxMY= @@ -980,7 +883,6 @@ github.com/go-openapi/strfmt v0.21.0/go.mod h1:ZRQ409bWMj+SOgXofQAGTIo2Ebu72Gs+W github.com/go-openapi/strfmt v0.21.1/go.mod h1:I/XVKeLc5+MM5oPNN7P6urMOpuLXEcNrCX/rPGuWb0k= github.com/go-openapi/strfmt v0.21.2 h1:5NDNgadiX1Vhemth/TH4gCGopWSTdDjxl60H3B7f+os= github.com/go-openapi/strfmt v0.21.2/go.mod h1:I/XVKeLc5+MM5oPNN7P6urMOpuLXEcNrCX/rPGuWb0k= -github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I= github.com/go-openapi/swag v0.17.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg= github.com/go-openapi/swag v0.18.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg= github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= @@ -1003,14 +905,11 @@ github.com/go-openapi/validate v0.20.1/go.mod h1:b60iJT+xNNLfaQJUqLI7946tYiFEOuE github.com/go-openapi/validate v0.20.3/go.mod h1:goDdqVGiigM3jChcrYJxD2joalke3ZXeftD16byIjA4= github.com/go-openapi/validate v0.21.0 h1:+Wqk39yKOhfpLqNLEC0/eViCkzM5FVXVqrvt526+wcI= github.com/go-openapi/validate v0.21.0/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg= -github.com/go-piv/piv-go v1.9.0/go.mod h1:NZ2zmjVkfFaL/CF8cVQ/pXdXtuj110zEKGdJM6fJZZM= github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A= github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= -github.com/go-playground/locales v0.12.1/go.mod h1:IUMDtCfWo/w/mtMfIE/IG2K+Ey3ygWanZIBtBW0W2TM= github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8= github.com/go-playground/locales v0.14.0 h1:u50s323jtVGugKlcYeyzC0etD1HifMjqmJqb8WugfUU= github.com/go-playground/locales v0.14.0/go.mod h1:sawfccIbzZTqEDETgFXqTho0QybSa7l++s0DH+LDiLs= -github.com/go-playground/universal-translator v0.16.0/go.mod h1:1AnU7NaIRDWWzGEKwgtJRd2xk99HeFyHw3yid4rvQIY= github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA= github.com/go-playground/universal-translator v0.18.0 h1:82dyy6p4OuJq4/CByFNOn/jYrnRPArHwAcmLoJZxyho= github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA= @@ -1064,7 +963,6 @@ github.com/gobuffalo/flect v0.1.3/go.mod h1:8JCgGVbRjJhVgD6399mQr4fx5rRfGKVzFjbj github.com/gobuffalo/flect v0.1.5/go.mod h1:W3K3X9ksuZfir8f/LrfVtWmCDQFfayuylOJ7sz/Fj80= github.com/gobuffalo/flect v0.2.0/go.mod h1:W3K3X9ksuZfir8f/LrfVtWmCDQFfayuylOJ7sz/Fj80= github.com/gobuffalo/flect v0.2.1/go.mod h1:vmkQwuZYhN5Pc4ljYQZzP+1sq+NEkK+lh20jmEmX3jc= -github.com/gobuffalo/flect v0.2.4/go.mod h1:1ZyCLIbg0YD7sDkzvFdPoOydPtD8y9JQnrOROolUcM8= github.com/gobuffalo/genny v0.0.0-20190329151137-27723ad26ef9/go.mod h1:rWs4Z12d1Zbf19rlsn0nurr75KqhYp52EAGGxTbBhNk= github.com/gobuffalo/genny v0.0.0-20190403191548-3ca520ef0d9e/go.mod h1:80lIj3kVJWwOrXWWMRzzdhW3DsrdjILVil/SFKBzF28= github.com/gobuffalo/genny v0.1.0/go.mod h1:XidbUqzak3lHdS//TPu2OgiFB+51Ur5f7CSnXZ/JDvo= @@ -1129,7 +1027,6 @@ github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2V github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/glog v0.0.0-20210429001901-424d2337a529/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/glog v1.0.0 h1:nfP3RFugxnNRyKgeWd4oI1nYvXpxrx8ck8ZrcizshdQ= -github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -1182,27 +1079,14 @@ github.com/golangci/misspell v0.3.5/go.mod h1:dEbvlSfYbMQDtrpRMQU675gSDLDNa8sCPP github.com/golangci/revgrep v0.0.0-20210930125155-c22e5001d4f2/go.mod h1:LK+zW4MpyytAWQRz0M4xnzEk50lSvqDQKfx304apFkY= github.com/golangci/unconvert v0.0.0-20180507085042-28b1c447d1f4/go.mod h1:Izgrg8RkN3rCIMLGE9CyYmU9pY2Jer6DgANEnZ/L/cQ= github.com/gomodule/redigo v1.7.1-0.20190724094224-574c33c3df38/go.mod h1:B4C85qUVwatsJoIUNIfCRsp7qO0iAmpGFZ4EELWSbC4= -github.com/gonum/blas v0.0.0-20181208220705-f22b278b28ac/go.mod h1:P32wAyui1PQ58Oce/KYkOqQv8cVw1zAapXOl+dRFGbc= -github.com/gonum/diff v0.0.0-20181124234638-500114f11e71/go.mod h1:22dM4PLscQl+Nzf64qNBurVJvfyvZELT0iRW2l/NN70= -github.com/gonum/floats v0.0.0-20181209220543-c233463c7e82/go.mod h1:PxC8OnwL11+aosOB5+iEPoV3picfs8tUpkVd0pDo+Kg= -github.com/gonum/integrate v0.0.0-20181209220457-a422b5c0fdf2/go.mod h1:pDgmNM6seYpwvPos3q+zxlXMsbve6mOIPucUnUOrI7Y= -github.com/gonum/internal v0.0.0-20181124074243-f884aa714029/go.mod h1:Pu4dmpkhSyOzRwuXkOgAvijx4o+4YMUJJo9OvPYMkks= -github.com/gonum/lapack v0.0.0-20181123203213-e4cdc5a0bff9/go.mod h1:XA3DeT6rxh2EAE789SSiSJNqxPaC0aE9J8NTOI0Jo/A= -github.com/gonum/mathext v0.0.0-20181121095525-8a4bf007ea55/go.mod h1:fmo8aiSEWkJeiGXUJf+sPvuDgEFgqIoZSs843ePKrGg= -github.com/gonum/matrix v0.0.0-20181209220409-c518dec07be9/go.mod h1:0EXg4mc1CNP0HCqCz+K4ts155PXIlUywf0wqN+GfPZw= -github.com/gonum/stat v0.0.0-20181125101827-41a0da705a5b/go.mod h1:Z4GIJBJO3Wa4gD4vbwQxXXZ+WHmW6E9ixmNrwvs0iZs= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= -github.com/google/cel-go v0.9.0/go.mod h1:U7ayypeSkw23szu4GaQTPJGx66c20mx8JklMSxrmI1w= -github.com/google/cel-spec v0.6.0/go.mod h1:Nwjgxy5CbjlPrtCWjeDjUyKMl8w41YBYGjsyDdqk0xA= github.com/google/certificate-transparency-go v1.0.21/go.mod h1:QeJfpSbVSfYc7RgB3gJFj9cbuQMMchQxrWXz8Ruopmg= github.com/google/certificate-transparency-go v1.0.22-0.20181127102053-c25855a82c75/go.mod h1:QeJfpSbVSfYc7RgB3gJFj9cbuQMMchQxrWXz8Ruopmg= github.com/google/certificate-transparency-go v1.1.1/go.mod h1:FDKqPvSXawb2ecErVRrD+nfy23RCzyl7eqVCEmlT1Zs= github.com/google/certificate-transparency-go v1.1.2-0.20210422104406-9f33727a7a18/go.mod h1:6CKh9dscIRoqc2kC6YUFICHZMT9NrClyPrRVFrdw1QQ= github.com/google/certificate-transparency-go v1.1.2-0.20210512142713-bed466244fa6/go.mod h1:aF2dp7Dh81mY8Y/zpzyXps4fQW5zQbDu2CxfpJB6NkI= -github.com/google/certificate-transparency-go v1.1.2/go.mod h1:3OL+HKDqHPUfdKrHVQxO6T8nDLO0HF7LRTlkIWXaWvQ= -github.com/google/flatbuffers v1.12.1/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= @@ -1220,14 +1104,9 @@ github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8 github.com/google/go-containerregistry v0.7.0/go.mod h1:2zaoelrL0d08gGbpdP3LqyUuBmhWbpD6IOe2s9nLS2k= github.com/google/go-containerregistry v0.7.1-0.20211118220127-abdc633f8305/go.mod h1:6cMIl1RfryEiPzBE67OgtZdEiLWz4myqCQIiBMy3CsM= github.com/google/go-containerregistry v0.8.0/go.mod h1:wW5v71NHGnQyb4k+gSshjxidrC7lN33MdWEn+Mz9TsI= -github.com/google/go-containerregistry v0.8.1-0.20220110151055-a61fd0a8e2bb/go.mod h1:wW5v71NHGnQyb4k+gSshjxidrC7lN33MdWEn+Mz9TsI= github.com/google/go-containerregistry v0.8.1-0.20220209165246-a44adc326839 h1:7PunQZxMao2q43If8gKj1JFRzapmhgny9NWwXY4PGa4= github.com/google/go-containerregistry v0.8.1-0.20220209165246-a44adc326839/go.mod h1:cwx3SjrH84Rh9VFJSIhPh43ovyOp3DCWgY3h8nWmdGQ= -github.com/google/go-containerregistry/pkg/authn/k8schain v0.0.0-20220310143843-f1fa40b162a1/go.mod h1:gm/Zjh0iiPBfwgDIYgHJCRxaGzBZu1njCgwX1EmC1Tw= -github.com/google/go-containerregistry/pkg/authn/kubernetes v0.0.0-20220301182634-bfe2ffc6b6bd/go.mod h1:MO/Ilc3XTxy/Pi8aMXEiRUl6icOqResFyhSFCLlqtR8= -github.com/google/go-github/v27 v27.0.6/go.mod h1:/0Gr8pJ55COkmv+S/yPKCczSkUPIM/LnFyubufRNIS0= github.com/google/go-github/v28 v28.1.1/go.mod h1:bsqJWQX05omyWVmc00nEUql9mhQyv38lDZ8kPZcQVoM= -github.com/google/go-github/v39 v39.0.0/go.mod h1:C1s8C5aCC9L+JXIYpJM5GYytdX52vC1bLvHEF1IhBrE= github.com/google/go-github/v42 v42.0.0 h1:YNT0FwjPrEysRkLIiKuEfSvBPCGKphW5aS5PxwaoLec= github.com/google/go-github/v42 v42.0.0/go.mod h1:jgg/jvyI0YlDOM1/ps6XYh04HNQ3vKf0CVko62/EhRg= github.com/google/go-licenses v0.0.0-20210329231322-ce1d9163b77d/go.mod h1:+TYOmkVoJOpwnS0wfdsJCV9CoD5nJYsHoFk/0CrTK4M= @@ -1245,7 +1124,6 @@ github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/ github.com/google/licensecheck v0.3.1 h1:QoxgoDkaeC4nFrtGN1jV7IPmDCHFNIVh54e5hSt6sPs= github.com/google/licensecheck v0.3.1/go.mod h1:ORkR35t/JjW+emNKtfJDII0zlciG9JgbT7SmsohlHmY= github.com/google/licenseclassifier v0.0.0-20210325184830-bb04aff29e72/go.mod h1:qsqn2hxC+vURpyBRygGUuinTO42MFRLcsmQ/P8v94+M= -github.com/google/mako v0.0.0-20190821191249-122f8dcef9e3/go.mod h1:YzLcVlL+NqWnmUEPuhS1LxDDwGO9WNbVlEXaF4IH35g= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian v2.1.1-0.20190517191504-25dcb96d9e51+incompatible h1:xmapqc1AyLoB+ddYT6r04bD9lIjlOqGaREovi0SzFaE= github.com/google/martian v2.1.1-0.20190517191504-25dcb96d9e51+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= @@ -1274,7 +1152,6 @@ github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLe github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/rpmpack v0.0.0-20191226140753-aa36bfddb3a0/go.mod h1:RaTPr0KUf2K7fnZYLNDrr8rxAamWs3iNywJLtQ2AzBg= github.com/google/rpmpack v0.0.0-20210518075352-dc539ef4f2ea/go.mod h1:+y9lKiqDhR4zkLl+V9h4q0rdyrYVsWWm6LLCQP33DIk= -github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/subcommands v1.0.1/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk= github.com/google/trillian v1.3.11/go.mod h1:0tPraVHrSDkA3BO6vKX67zgLXs6SsOAbHEivX+9mPgw= github.com/google/trillian v1.3.14-0.20210409160123-c5ea3abd4a41/go.mod h1:1dPv0CUjNQVFEDuAUFhZql16pw/VlPgaX8qj+g5pVzQ= @@ -1290,7 +1167,6 @@ github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/wire v0.3.0/go.mod h1:i1DMg/Lu8Sz5yYl25iOdmc5CT5qusaa+zmRWs16741s= github.com/google/wire v0.5.0/go.mod h1:ngWDr9Qvq3yZA10YrxfyGELY/AFWGVpy9c1LTRi1EoU= -github.com/googleapis/gax-go v2.0.2+incompatible h1:silFMLAnr330+NRuag/VjIGF7TLp/LBrV2CJKFLWEww= github.com/googleapis/gax-go v2.0.2+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= @@ -1324,8 +1200,6 @@ github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2z github.com/gorilla/mux v1.7.4/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI= github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= -github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= -github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM= github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= @@ -1399,7 +1273,6 @@ github.com/hashicorp/go-plugin v1.4.3/go.mod h1:5fGEH17QVwTTcR0zV7yhDPLLmFX9YSZ3 github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= github.com/hashicorp/go-retryablehttp v0.6.4/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= github.com/hashicorp/go-retryablehttp v0.6.6/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= -github.com/hashicorp/go-retryablehttp v0.6.8/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= github.com/hashicorp/go-retryablehttp v0.7.0 h1:eu1EI/mbirUgP5C8hVsTNaGZreBDlYiwC1FZWkvQPQ4= github.com/hashicorp/go-retryablehttp v0.7.0/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= @@ -1452,9 +1325,7 @@ github.com/hashicorp/memberlist v0.3.0/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOn github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= github.com/hashicorp/serf v0.9.5/go.mod h1:UWDWwZeL5cuWDJdl0C6wrvrUwEqtQ4ZKBKKENpqIUyk= github.com/hashicorp/serf v0.9.6/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4= -github.com/hashicorp/serf v0.9.7/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4= github.com/hashicorp/vault/api v1.3.0/go.mod h1:EabNQLI0VWbWoGlA+oBLC8PXmR9D60aUVgQGvangFWQ= -github.com/hashicorp/vault/api v1.3.1/go.mod h1:QeJoWxMFt+MsuWcYhmwRLwKEXrjwAFFywzhptMsTIUw= github.com/hashicorp/vault/api v1.5.0 h1:Bp6yc2bn7CWkOrVIzFT/Qurzx528bdavF3nz590eu28= github.com/hashicorp/vault/api v1.5.0/go.mod h1:LkMdrZnWNrFaQyYYazWVn7KshilfDidgVBq6YiTq/bM= github.com/hashicorp/vault/sdk v0.3.0/go.mod h1:aZ3fNuL5VNydQk8GcLJ2TV8YCRVvyaakYkhZRoVuhj0= @@ -1471,10 +1342,7 @@ github.com/howeyc/gopass v0.0.0-20190910152052-7cb4b85ec19c/go.mod h1:lADxMC39cJ github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/huandu/xstrings v1.0.0/go.mod h1:4qWG/gcEcfX4z/mBDHJ++3ReCw9ibxbsNJbcucJdbSo= github.com/huandu/xstrings v1.2.0/go.mod h1:DvyZB1rfVYsBIigL8HwpZgxHwXozlTgGqn63UyNX5k4= -github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= -github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg= -github.com/iancoleman/orderedmap v0.0.0-20190318233801-ac98e3ecb4b0/go.mod h1:N0Wam8K1arqPXNWjMo21EXnBPOPp36vB07FNRdD2geA= github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= @@ -1492,7 +1360,6 @@ github.com/in-toto/in-toto-golang v0.3.4-0.20211211042327-af1f9fb822bf/go.mod h1 github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo= -github.com/influxdata/tdigest v0.0.0-20180711151920-a7d76c6f093a/go.mod h1:9GkyshztGufsdPQWjH+ifgnIr3xNUL5syI70g2dzU1o= github.com/iris-contrib/blackfriday v2.0.0+incompatible/go.mod h1:UzZ2bDEoaSGPbkg6SAB4att1aAwTmVIx/5gCVqeyUdI= github.com/iris-contrib/go.uuid v2.0.0+incompatible/go.mod h1:iz2lgM/1UnEf1kP0L/+fafWORmlnuysV2EMP8MW+qe0= github.com/iris-contrib/jade v1.1.3/go.mod h1:H/geBymxJhShH5kecoiOCSssPX7QWYH7UaeZTSWddIk= @@ -1533,12 +1400,6 @@ github.com/jackc/puddle v1.1.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dv github.com/jarcoal/httpmock v1.0.5/go.mod h1:ATjnClrvW/3tijVmpL/va5Z3aAyGvqU3gCT8nX0Txik= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= -github.com/jcmturner/aescts/v2 v2.0.0/go.mod h1:AiaICIRyfYg35RUkr8yESTqvSy7csK90qZ5xfvvsoNs= -github.com/jcmturner/dnsutils/v2 v2.0.0/go.mod h1:b0TnjGOvI/n42bZa+hmXL+kFJZsFT7G4t3HTlQ184QM= -github.com/jcmturner/gofork v1.0.0/go.mod h1:MK8+TM0La+2rjBD4jE12Kj1pCCxK7d2LK/UM3ncEo0o= -github.com/jcmturner/goidentity/v6 v6.0.1/go.mod h1:X1YW3bgtvwAXju7V3LCIMpY0Gbxyjn/mY9zx4tFonSg= -github.com/jcmturner/gokrb5/v8 v8.4.2/go.mod h1:sb+Xq/fTY5yktf/VxLsE3wlfPqQjp0aWNYyvBVK62bc= -github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc= github.com/jedisct1/go-minisign v0.0.0-20210703085342-c1f07ee84431 h1:zqyV5j9xEuPQw2ma4RzzS9O74UwTq3vcMmpoHyL6xlI= github.com/jedisct1/go-minisign v0.0.0-20210703085342-c1f07ee84431/go.mod h1:3VIJLjlf5Iako82IX/5KOoCzDmogK5mO+bl+DRItnR8= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= @@ -1576,7 +1437,6 @@ github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8Hm github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/josharian/txtarfs v0.0.0-20210218200122-0702f000015a/go.mod h1:izVPOvVRsHiKkeGCT6tYBNWyDVuzj9wAaBb5R9qamfw= github.com/jpillora/backoff v0.0.0-20180909062703-3050d21c67d7/go.mod h1:2iMrUgbbvHEiQClaW2NsSzMyGHqN+rDFqY705q49KG0= -github.com/jpillora/backoff v1.0.0 h1:uvFg412JmmHBHw7iwprIxkPMI+sGQ4kzOWsMeHnm2EA= github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= @@ -1594,7 +1454,6 @@ github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7V github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/julz/importas v0.0.0-20210419104244-841f0c0fe66d/go.mod h1:oSFU2R4XK/P7kNBrnL/FEQlDGN1/6WoxXEjSSXO0DV0= github.com/k0kubun/colorstring v0.0.0-20150214042306-9440f1994b88/go.mod h1:3w7q1U84EfirKl04SVQ/s7nPm1ZPhiXd34z40TNz36k= -github.com/k0kubun/go-ansi v0.0.0-20180517002512-3bf9e2903213/go.mod h1:vNUNkEQ1e29fT/6vq2aBdFsgNPmy8qMdSay1npru+Sw= github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4= github.com/karrick/godirwalk v1.10.3/go.mod h1:RoGL9dQei4vP9ilrpETWE8CLOZ1kiN0LhBygSwrAsHA= github.com/karrick/godirwalk v1.15.3/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk= @@ -1607,7 +1466,6 @@ github.com/kataras/pio v0.0.2/go.mod h1:hAoW0t9UmXi4R5Oyq5Z4irTbaTsOemSrDGUtaTl7 github.com/kataras/pio v0.0.8/go.mod h1:NFfMp2kVP1rmV4N6gH6qgWpuoDKlrOeYi3VrAIWCGsE= github.com/kataras/sitemap v0.0.5/go.mod h1:KY2eugMKiPwsJgx7+U103YZehfvNGOXURubcGyk0Bz8= github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8= -github.com/kelseyhightower/envconfig v1.4.0/go.mod h1:cccZRl6mQpaq41TPp5QxidR+Sa3axMbJDNb//FQX6Gg= github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351 h1:DowS9hvgyYSX4TO5NpyC606/Z4SxnNYbT+WX27or6Ck= github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= @@ -1622,12 +1480,10 @@ github.com/klauspost/compress v1.9.5/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0 github.com/klauspost/compress v1.9.7/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.10.7/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= -github.com/klauspost/compress v1.10.10/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.11.2/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.11.4/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= -github.com/klauspost/compress v1.12.3/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= github.com/klauspost/compress v1.13.4/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= github.com/klauspost/compress v1.13.5/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= @@ -1635,7 +1491,6 @@ github.com/klauspost/compress v1.14.2/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47e github.com/klauspost/compress v1.15.0 h1:xqfchp4whNFxn5A4XFyyYtitiWI8Hy5EW59jEwcyL6U= github.com/klauspost/compress v1.15.0/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= -github.com/klauspost/pgzip v1.2.4/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs= github.com/klauspost/pgzip v1.2.5 h1:qnWYvvKqedOF2ulHpMG72XQol4ILEJ8k2wwRl/Km8oE= github.com/klauspost/pgzip v1.2.5/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs= github.com/knqyf263/go-apk-version v0.0.0-20200609155635-041fdbb8563f h1:GvCU5GXhHq+7LeOzx/haG7HSIZokl3/0GkoUFzsRJjg= @@ -1668,7 +1523,6 @@ github.com/labstack/echo/v4 v4.3.0/go.mod h1:PvmtTvhVqKDzDQy4d3bWzPjZLzom4iQbAZy github.com/labstack/gommon v0.3.0/go.mod h1:MULnywXg0yavhxWKc+lOruYdAhDwPK9wf0OL7NoOu+k= github.com/ldez/gomoddirectives v0.2.2/go.mod h1:cpgBogWITnCfRq2qGoDkKMEVSaarhdBr6g8G04uz6d0= github.com/ldez/tagliatelle v0.2.0/go.mod h1:8s6WJQwEYHbKZDsp/LjArytKOG8qaMrKQQ3mFukHs88= -github.com/leodido/go-urn v1.1.0/go.mod h1:+cyI34gQWZcE1eQU7NVgKkkzdXDQHr1dBMtdAPozLkw= github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII= github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w= github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY= @@ -1687,10 +1541,6 @@ github.com/lib/pq v1.10.3/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/lib/pq v1.10.4/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= -github.com/likexian/gokit v0.25.6 h1:DZuMrmfgXErhdfI9SIS6tVMZ5QbRMP3aruHNq5lGcMI= -github.com/likexian/gokit v0.25.6/go.mod h1:q1LC+z3cBymJuE4oeiWiIPhJceUa0nptg4Id8tSzjZI= -github.com/likexian/whois-parser v1.22.0 h1:YXSNvDNBy+cZG+2JZWJvWbMHrDY35r6Etpu1TNDPYW0= -github.com/likexian/whois-parser v1.22.0/go.mod h1:2bJqtH4tNPanBvOp/3Kj3Sd12S9vxTbsJ0+0zjRc3ow= github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= github.com/logrusorgru/aurora v0.0.0-20200102142835-e9ef32dff381 h1:bqDmpDG49ZRnB5PcgP0RXtQvnMSgIF14M7CBd2shtXs= github.com/logrusorgru/aurora v0.0.0-20200102142835-e9ef32dff381/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= @@ -1701,14 +1551,11 @@ github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2 github.com/luna-duclos/instrumentedsql v1.1.3/go.mod h1:9J1njvFds+zN7y85EDhN9XNQLANWwZt2ULeIC8yMNYs= github.com/lyft/protoc-gen-star v0.5.3/go.mod h1:V0xaHgaf5oCCqmcxYcWiDfTiKsZsRc87/1qhoTACD8w= github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= -github.com/magefile/mage v1.11.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= -github.com/magiconair/properties v1.8.4/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= github.com/magiconair/properties v1.8.6 h1:5ibWZ6iY0NctNGWo87LalDlEZ6R41TqbbDamhfG/Qzo= github.com/magiconair/properties v1.8.6/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= -github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20180823135443-60711f1a8329/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= @@ -1718,7 +1565,6 @@ github.com/mailru/easyjson v0.7.1/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7 github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/manifoldco/promptui v0.9.0/go.mod h1:ka04sppxSGFAtxX0qhlYQjISsg9mR4GWtQEhdbn6Pgg= github.com/maratori/testpackage v1.0.1/go.mod h1:ddKdw+XG0Phzhx8BFDTKgpWP4i7MpApTE5fXSKAqwDU= github.com/markbates/errx v1.1.0/go.mod h1:PLa46Oex9KNbVDZhKel8v1OT7hD5JZ2eI7AHhA0wswc= github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE= @@ -1746,7 +1592,6 @@ github.com/mattn/go-ieproxy v0.0.1/go.mod h1:pYabZ6IHcRpFh7vIaLfK7rdcWgFEb3SFJ6/ github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= -github.com/mattn/go-isatty v0.0.6/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.7/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ= @@ -1774,22 +1619,17 @@ github.com/mattn/goveralls v0.0.2/go.mod h1:8d1ZMHsd7fW6IRPKQh46F2WRpyib5/X4FOpe github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 h1:I0XW9+e1XWDxdcEniV4rQAIOPUGDq67JSCiRCgGCZLI= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= -github.com/maxbrunsfeld/counterfeiter/v6 v6.5.0/go.mod h1:fJ0UAZc1fx3xZhU4eSHQDJ1ApFmTVhp5VTpV9tm2ogg= github.com/mbilski/exhaustivestruct v1.2.0/go.mod h1:OeTBVxQWoEmB2J2JCHmXWPJ0aksxSUOUy+nvtVEfzXc= github.com/mediocregopher/radix/v3 v3.4.2/go.mod h1:8FL3F6UQRXHXIBSPUs5h0RybMF8i4n7wVopoX3x7Bv8= github.com/mediocregopher/radix/v4 v4.0.0/go.mod h1:ajchozX/6ELmydxWeWM6xCFHVpZ4+67LXHOTOVR0nCE= github.com/mgechev/dots v0.0.0-20210922191527-e955255bf517/go.mod h1:KQ7+USdGKfpPjXk4Ga+5XxQM4Lm4e3gAogrreFAYpOg= github.com/mgechev/revive v1.1.2/go.mod h1:bnXsMr+ZTH09V5rssEI+jHAZ4z+ZdyhgO/zsy3EhK+0= github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= -github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= -github.com/mholt/archiver/v3 v3.5.0/go.mod h1:qqTTPUK/HZPFgFQ/TJ3BzvTpF/dPtFVJXdQbCmeMxwc= github.com/mholt/archiver/v3 v3.5.1 h1:rDjOBX9JSF5BvoJGvjqK479aL70qh9DIpZCl+k7Clwo= github.com/mholt/archiver/v3 v3.5.1/go.mod h1:e3dqJ7H78uzsRSEACH1joayhuSyhnonssnDhppzS1L4= github.com/microcosm-cc/bluemonday v1.0.2/go.mod h1:iVP4YcDBq+n/5fb23BhYFvIMq/leAFZyRl6bYmGDlGc= github.com/microcosm-cc/bluemonday v1.0.16/go.mod h1:Z0r70sCuXHig8YpBzCc5eGHAap2K7e/u082ZUpDRRqM= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= -github.com/miekg/dns v1.1.17/go.mod h1:WgzbA6oji13JREwiNsRDNfl7jYdPnmz+VEuLrA+/48M= -github.com/miekg/dns v1.1.25/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= github.com/miekg/dns v1.1.35/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM= github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI= @@ -1841,9 +1681,7 @@ github.com/moby/sys/mountinfo v0.4.1/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2J github.com/moby/sys/symlink v0.1.0/go.mod h1:GGDODQmbFOjFsXvfLVn3+ZRxkch54RkSiGqsZeMYowQ= github.com/moby/term v0.0.0-20200312100748-672ec06f55cd/go.mod h1:DdlQx2hp0Ss5/fLikoLlEeIYiATotOjgB//nb973jeo= github.com/moby/term v0.0.0-20201216013528-df9cb8a40635/go.mod h1:FBS0z0QWA44HXygs7VXDUOGoN/1TV3RuWkLO04am3wc= -github.com/moby/term v0.0.0-20210610120745-9d4ed1856297/go.mod h1:vgPCkQMyxTZ7IDy8SXRufE172gr8+K/JE/7hHFxHW3A= github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 h1:dcztxKSvZ4Id8iPpHERQBbIJfabdt4wUm5qy3wOL2Zc= -github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6/go.mod h1:E2VnQOmVuvZB6UYnnDB0qG5Nq/1tD9acaOpo6xmt0Kw= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -1859,7 +1697,6 @@ github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7P github.com/moul/http2curl v1.0.0/go.mod h1:8UbvGypXm98wA/IqH45anm5Y2Z6ep6O31QGOAZ3H0fQ= github.com/mozilla/scribe v0.0.0-20180711195314-fb71baf557c1/go.mod h1:FIczTrinKo8VaLxe6PWTPEXRXDIHz2QAwiaBaP5/4a8= github.com/mozilla/tls-observatory v0.0.0-20210609171429-7bc42856d2e5/go.mod h1:FUqVoUPHSEdDR0MnFM3Dh8AU0pZHLXUD127SAJGER/s= -github.com/mpvl/unique v0.0.0-20150818121801-cbe035fff7de/go.mod h1:kJun4WP5gFuHZgRjZUWWuH1DTxCtxbHDOIJsudS8jzY= github.com/mreiferson/go-httpclient v0.0.0-20160630210159-31f0106b4474/go.mod h1:OQA4XLvDbMgS8P0CevmM4m9Q3Jq4phKUzcocxuGJ5m8= github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= @@ -1912,7 +1749,6 @@ github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108 github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= -github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= github.com/onsi/ginkgo/v2 v2.0.0/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c= github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= @@ -1927,7 +1763,6 @@ github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAl github.com/onsi/gomega v1.18.1 h1:M1GfJqGRrBrrGGsbxzV5dqM2U2ApXefZCQpkukxYRLE= github.com/onsi/gomega v1.18.1/go.mod h1:0q+aL8jAiMXy9hbwj2mr5GziHiwhAIQpFmmtT5hitRs= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= -github.com/open-policy-agent/opa v0.35.0/go.mod h1:xEmekKlk6/c+so5HF9wtPnGPXDfBuBsrMGhSHOHEF+U= github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= @@ -1967,13 +1802,11 @@ github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5/go.mod h1:/wsWhb9smxS github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw= github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= -github.com/openzipkin/zipkin-go v0.3.0/go.mod h1:4c3sLeE8xjNqehmF5RpAFLPLJxXscc0R4l6Zg0P1tTQ= github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw= github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE= github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs= github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT91xUo= github.com/otiai10/mint v1.3.1/go.mod h1:/yxELlJQ0ufhjUwhshSj+wFjZ78CnZ48/1wtmBH1OTc= -github.com/owenrumney/go-sarif v1.1.1/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U= github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY= @@ -1993,14 +1826,12 @@ github.com/pelletier/go-toml/v2 v2.0.0-beta.8 h1:dy81yyLYJDwMTifq24Oi/IslOslRrDS github.com/pelletier/go-toml/v2 v2.0.0-beta.8/go.mod h1:r9LEWfGN8R5k0VXJ+0BkIe7MYkRdwZOjgMj2KwnJFUo= github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= -github.com/peterh/liner v0.0.0-20170211195444-bf27d3ba8e1d/go.mod h1:xIteQHvHuaLYG9IFj6mSxM0fCKrs34IrEQUhOYuGPHc= github.com/phayes/checkstyle v0.0.0-20170904204023-bfd46e6a821d/go.mod h1:3OzsM7FXDQlpCiw2j81fOmAwQLnZnLGXVKUzeKQXIAw= github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= github.com/pierrec/lz4 v2.5.2+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= github.com/pierrec/lz4 v2.6.1+incompatible h1:9UY3+iC23yxF0UfGaYrGplQ+79Rg+h/q9FV9ix19jjM= github.com/pierrec/lz4 v2.6.1+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= -github.com/pierrec/lz4/v4 v4.0.3/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= github.com/pierrec/lz4/v4 v4.1.2 h1:qvY3YFXRQE/XB8MlLzJH7mSzBs74eA2gg52YTk6jUPM= github.com/pierrec/lz4/v4 v4.1.2/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= @@ -2011,7 +1842,6 @@ github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA= -github.com/pkg/profile v1.6.0/go.mod h1:qBsxPvzyUincmltOk6iyRVxHYg4adc0OFOv72ZdLa18= github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI= github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg= github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -2036,7 +1866,6 @@ github.com/prometheus/client_golang v1.5.1/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3O github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.10.0/go.mod h1:WJM3cc3yu7XKBKa/I8WeZm+V3eltZnBwfENSU7mdogU= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= -github.com/prometheus/client_golang v1.11.1/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= github.com/prometheus/client_golang v1.12.1 h1:ZiaPsmm9uiBeaSMRznKsCDNtPCS0T3JVDGF+06gjBzk= github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= github.com/prometheus/client_model v0.0.0-20171117100541-99fa1f4be8e5/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= @@ -2058,8 +1887,6 @@ github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8b github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.18.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= -github.com/prometheus/common v0.28.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= -github.com/prometheus/common v0.29.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= github.com/prometheus/common v0.30.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= github.com/prometheus/common v0.32.1 h1:hWIdL3N2HoUx3B8j3YN9mWor0qhY/NlEKZEaXxuIRh4= github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= @@ -2075,13 +1902,10 @@ github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+Gx github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= -github.com/prometheus/procfs v0.7.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.7.1/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU= github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= -github.com/prometheus/statsd_exporter v0.21.0/go.mod h1:rbT83sZq2V+p73lHhPZfMc3MLCHmSHelCh9hSGYNLTQ= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= -github.com/protocolbuffers/txtpbfmt v0.0.0-20201118171849-f6a6b3f636fc/go.mod h1:KbKfKPy2I6ecOIGA9apfheFv14+P3RSmmQvshofQyMY= github.com/pseudomuto/protoc-gen-doc v1.3.2/go.mod h1:y5+P6n3iGrbKG+9O04V5ld71in3v/bX88wUwgt+U8EA= github.com/pseudomuto/protoc-gen-doc v1.4.1/go.mod h1:exDTOVwqpp30eV/EDPFLZy3Pwr2sn6hBC1WIYH/UbIg= github.com/pseudomuto/protoc-gen-doc v1.5.0/go.mod h1:exDTOVwqpp30eV/EDPFLZy3Pwr2sn6hBC1WIYH/UbIg= @@ -2095,10 +1919,7 @@ github.com/quasilyte/go-ruleguard/rules v0.0.0-20201231183845-9e62ed36efe1/go.mo github.com/quasilyte/go-ruleguard/rules v0.0.0-20210428214800-545e0d2e0bf7/go.mod h1:4cgAphtvu7Ftv7vOT2ZOYhC6CvBxZixcasr8qIOTA50= github.com/quasilyte/regex/syntax v0.0.0-20200407221936-30656e2c4a95/go.mod h1:rlzQ04UMyJXu/aOvhd8qT+hvDrFpiwqp8MRXDY9szc0= github.com/qur/ar v0.0.0-20130629153254-282534b91770/go.mod h1:SjlYv2m9lpV0UW6K7lDqVJwEIIvSjaHbGk7nIfY8Hxw= -github.com/rabbitmq/amqp091-go v1.1.0/go.mod h1:ogQDLSOACsLPsIq0NpbtiifNZi2YOz0VTJ0kHRghqbM= github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= -github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= -github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0 h1:OdAsTTz6OkFY5QxjkYwrChwuRruF69c169dPK26NUlk= github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo= github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY= @@ -2116,7 +1937,6 @@ github.com/rogpeppe/go-internal v1.6.2/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTE github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8= github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE= github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= -github.com/rs/cors v1.8.0/go.mod h1:EBwu+T5AvHOcXwvZIkQFjUN6s8Czyqw12GL/Y0tUyRM= github.com/rs/cors v1.8.2 h1:KCooALfAYGs415Cwu5ABvv9n9509fSiG5SQJn/AQo4U= github.com/rs/cors v1.8.2/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU= github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ= @@ -2126,7 +1946,6 @@ github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThC github.com/rs/zerolog v1.26.1 h1:/ihwxqH+4z8UxyI70wM1z9yCvkWcfz/a3mj48k/Zngc= github.com/rs/zerolog v1.26.1/go.mod h1:/wSSJWX7lVrsOwlbyTRSOJvqRlc+WjWlfes+CiJ+tmc= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= -github.com/russross/blackfriday v1.6.0 h1:KqfZb0pUVN2lYqZUYRddxF4OR8ZMURnJIG5Y3VRLtww= github.com/russross/blackfriday v1.6.0/go.mod h1:ti0ldHuxg49ri4ksnFxlkCfN+hvslNlmVHqNRXXJNAY= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= @@ -2141,7 +1960,6 @@ github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiB github.com/sagikazarmark/crypt v0.1.0/go.mod h1:B/mN0msZuINBtQ1zZLEQcegFJJf9vnYIR88KRMEuODE= github.com/sagikazarmark/crypt v0.3.0/go.mod h1:uD/D+6UF4SrIR1uGEv7bBNkNqLGqUr43MRiaGWX1Nig= github.com/sagikazarmark/crypt v0.4.0/go.mod h1:ALv2SRj7GxYV4HO9elxH9nS6M9gW+xDNxqmyJ6RfDFM= -github.com/sagikazarmark/crypt v0.5.0/go.mod h1:l+nzl7KWh51rpzp2h7t4MZWyiEWdhNpOAnclKvg+mdA= github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= github.com/sanposhiho/wastedassign/v2 v2.0.6/go.mod h1:KyZ0MWTwxxBmfwn33zh3k1dmsbF2ud9pAAGfoLfjhtI= github.com/sassoftware/go-rpmutils v0.0.0-20190420191620-a8f1baeba37b/go.mod h1:am+Fp8Bt506lA3Rk3QCmSqmYmLMnPDhdDUcosQCAx+I= @@ -2150,7 +1968,6 @@ github.com/sassoftware/relic v0.0.0-20210427151427-dfb082b79b74 h1:sUNzanSKA9z/h github.com/sassoftware/relic v0.0.0-20210427151427-dfb082b79b74/go.mod h1:YlB8wFIZmFLZ1JllNBfSURzz52fBxbliNgYALk1UDmk= github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= github.com/schollz/closestmatch v2.1.0+incompatible/go.mod h1:RtP1ddjLong6gTkbtmuhtR2uUrrJOpYzYRvbcPAid+g= -github.com/sclevine/spec v1.4.0/go.mod h1:LvpgJaFyvQzRvc1kaDs0bulYwzC70PbiYjC4QnFHkOM= github.com/scylladb/go-set v1.0.3-0.20200225121959-cc7b2070d91e h1:7q6NSFZDeGfvvtIRwBrU/aegEYJYmvev0cHAwo17zZQ= github.com/scylladb/go-set v1.0.3-0.20200225121959-cc7b2070d91e/go.mod h1:DkpGd78rljTxKAnTDPFqXSGxvETQnJyuSOQwsHycqfs= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= @@ -2170,17 +1987,14 @@ github.com/shibumi/go-pathspec v1.3.0 h1:QUyMZhFo0Md5B8zV8x2tesohbb5kfbpTi9rBnKh github.com/shibumi/go-pathspec v1.3.0/go.mod h1:Xutfslp817l2I1cZvgcfeMQJG5QnU2lh5tVaaMCl3jE= github.com/shirou/gopsutil/v3 v3.21.10/go.mod h1:t75NhzCZ/dYyPQjyQmrAYP6c8+LCdFANeBMdLPCNnew= github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4= -github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk= github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041/go.mod h1:N5mDOmsrJOB+vfqUK+7DmDyjhSLIIBnXo9lvZJj3MWQ= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sigstore/cosign v1.7.2 h1:kFC0jmPUDfoMOhuL1hHGi+ZdJkeF0qpPYZWmMqKMV+4= github.com/sigstore/cosign v1.7.2/go.mod h1:v7UKVCOvw9HD5WlApAotoVfjwUzddwg6InJTTshkaOg= -github.com/sigstore/fulcio v0.1.2-0.20220114150912-86a2036f9bc7/go.mod h1:ANQivY/lfOp9hN92S813LEthkm/kit96hzeIF3SNoZA= github.com/sigstore/rekor v0.4.1-0.20220114213500-23f583409af3 h1:mbqXrm8YZXN/cJMGeBkgPnswtfrOxDE1f7QZdJ+POQE= github.com/sigstore/rekor v0.4.1-0.20220114213500-23f583409af3/go.mod h1:u9clLqaVjqV9pExVL1XkM37dGyMCOX/LMocS9nsnWDY= github.com/sigstore/sigstore v1.0.2-0.20211210190220-04746d994282/go.mod h1:SuM+QIHtnnR9eGsURRLv5JfxM6KeaU0XKA1O7FmLs4Q= -github.com/sigstore/sigstore v1.1.0/go.mod h1:gDpcHw4VwpoL5C6N1Ud1YtBsc+ikRDwDelDlWRyYoE8= github.com/sigstore/sigstore v1.2.1-0.20220401110139-0e610e39782f h1:JPD9q1718mub78ILVcTqOZ/q4ECKCQ7JQfUX/q+nEJ4= github.com/sigstore/sigstore v1.2.1-0.20220401110139-0e610e39782f/go.mod h1:9wYagRiKz/8KgK/YFPM6FA8WrNjv3Y6rQUQWBLqJXs0= github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= @@ -2196,7 +2010,6 @@ github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sivchari/tenv v1.4.7/go.mod h1:5nF+bITvkebQVanjU6IuMbvIot/7ReNsUV7I5NbprB0= github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966/go.mod h1:sUM3LWHvSMaG192sy56D9F7CNvL7jUJVXoqM1QKLnog= -github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262/go.mod h1:MyOHs9Po2fbM1LHej6sBUT8ozbxmMOFG+E+rx/GSGuc= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/assertions v1.0.0/go.mod h1:kHHU4qYBaI3q23Pp3VPrmWhuIUrLW/7eUrw0BU5VaoM= github.com/smartystreets/go-aws-auth v0.0.0-20180515143844-0c1422d1fdb9/go.mod h1:SnhjPscd9TpLiy1LpzGSKh3bXCfxxXuqd9xmQJy3slM= @@ -2212,16 +2025,13 @@ github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d/go.mod h1:Udh github.com/sourcegraph/go-diff v0.6.1/go.mod h1:iBszgVvyxdc8SFZ7gm69go2KDdt3ag071iBaWPF6cjs= github.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e/go.mod h1:HuIsMU8RRBOtsCgI77wP899iHVBQpCmg4ErYMZB+2IA= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= -github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spdx/gordf v0.0.0-20201111095634-7098f93598fb/go.mod h1:uKWaldnbMnjsSAXRurWqqrdyZen1R7kxl8TkmWk2OyM= github.com/spdx/tools-golang v0.2.0 h1:KBNcw7xvVycRWeCWZK/5xQJA+plymW1+rTCs8ekJDro= github.com/spdx/tools-golang v0.2.0/go.mod h1:RO4Y3IFROJnz+43JKm1YOrbtgQNljW4gAPpA/sY2eqo= github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY520V4= -github.com/spf13/afero v1.4.1/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I= github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I= -github.com/spf13/afero v1.8.0/go.mod h1:CtAatgMJh6bJEIs48Ay/FOnkljP3WeGUG0MC1RfAqwo= github.com/spf13/afero v1.8.2 h1:xehSyVa0YnHWsJ49JFljMpg1HX19V6NDZ1fkm1Xznbo= github.com/spf13/afero v1.8.2/go.mod h1:CtAatgMJh6bJEIs48Ay/FOnkljP3WeGUG0MC1RfAqwo= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= @@ -2251,14 +2061,12 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= -github.com/spf13/viper v1.7.1/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH9Ns= github.com/spf13/viper v1.9.0/go.mod h1:+i6ajR7OX2XaiBkrcZJFK21htRk7eDeLg7+O6bhUPP4= github.com/spf13/viper v1.10.0/go.mod h1:SoyBPwAtKDzypXNDFKN5kzH7ppppbGZtls1UpIy5AsM= github.com/spf13/viper v1.10.1/go.mod h1:IGlFPqhNAPKRxohIzWpI5QEy4kuI7tcl5WvR+8qy1rU= github.com/spf13/viper v1.11.0 h1:7OX/1FS6n7jHD1zGrZTM7WtY13ZELRyosK4k93oPr44= github.com/spf13/viper v1.11.0/go.mod h1:djo0X/bA5+tYVoCn+C7cAYJGcVn/qYLFTG8gdUsX7Zk= -github.com/spiffe/go-spiffe/v2 v2.0.0/go.mod h1:TEfgrEcyFhuSuvqohJt6IxENUNeHfndWCCV1EX7UaVk= github.com/src-d/gcfg v1.4.0/go.mod h1:p/UMsR43ujA89BJY9duynAwIpvqEujIH/jFlfL7jWoI= github.com/ssgreg/nlreturn/v2 v2.2.1/go.mod h1:E/iiPB78hV7Szg2YfRgyIrk1AD6JVMTRkkxBiELzh2I= github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980/go.mod h1:AO3tvPzVZ/ayst6UlUKUv6rcPQInYe3IknH3jYhAKu8= @@ -2267,7 +2075,6 @@ github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3 github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= github.com/streadway/amqp v1.0.0/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI= -github.com/streadway/quantile v0.0.0-20150917103942-b0c588724d25/go.mod h1:lbP8tGiBjZ5YWIc2fzuRpTaz0b/53vT6PEs3QuAWzuU= github.com/stretchr/objx v0.0.0-20180129172003-8a3f7159479f/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -2279,7 +2086,6 @@ github.com/stretchr/testify v0.0.0-20180303142811-b89eecf5ca5d/go.mod h1:a8OnRci github.com/stretchr/testify v1.1.4/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.3.1-0.20190311161405-34c6fa2dc709/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= @@ -2331,8 +2137,6 @@ github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1 github.com/tomarrell/wrapcheck/v2 v2.4.0/go.mod h1:68bQ/eJg55BROaRTbMjC7vuhL2OgfoG8bLp9ZyoBfyY= github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce/go.mod h1:o8v6yHRoik09Xen7gje4m9ERNah1d1PPsVq1VEx9vE4= github.com/tommy-muehle/go-mnd/v2 v2.4.0/go.mod h1:WsUAkMJMYww6l/ufffCD3m+P7LEvr8TnZn9lwVDlgzw= -github.com/tsenart/go-tsz v0.0.0-20180814232043-cdeb9e1e981e/go.mod h1:SWZznP1z5Ki7hDT2ioqiFKEse8K9tU2OUvaRI0NeGQo= -github.com/tsenart/vegeta/v12 v12.8.4/go.mod h1:ZiJtwLn/9M4fTPdMY7bdbIeyNeFVE8/AHbWFqCsUuho= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw= @@ -2346,15 +2150,11 @@ github.com/ulikunitz/xz v0.5.10 h1:t92gobL9l3HE202wg3rlk19F6X+JOxl9BBrCCMYEYd8= github.com/ulikunitz/xz v0.5.10/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/ultraware/funlen v0.0.3/go.mod h1:Dp4UiAus7Wdb9KUZsYWZEWiRzGuM2kXM1lPbfaF6xhA= github.com/ultraware/whitespace v0.0.4/go.mod h1:aVMh/gQve5Maj9hQ/hg+F75lr/X5A89uZnzAmWSineA= -github.com/undiabler/golang-whois v0.0.0-20200529150455-5fb8fbf53359 h1:o472WQs6ovpZXKinQ8j4SDgxFCqeevlBb/FjLbmx4pA= -github.com/undiabler/golang-whois v0.0.0-20200529150455-5fb8fbf53359/go.mod h1:/IG5ynqwNha9/Ad7btFMotLLHffjNlwAZgr5fJCyCpQ= github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= -github.com/urfave/cli v1.22.5 h1:lNq9sAHXK2qfdI8W+GRItjCEkI+2oR4d+MEHy1CKXoU= -github.com/urfave/cli v1.22.5/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli/v2 v2.1.1/go.mod h1:SE9GqnLQmjVa0iPEY0f1w3ygNIYcIJ0OKPMoW2caLfQ= github.com/urfave/cli/v2 v2.2.0/go.mod h1:SE9GqnLQmjVa0iPEY0f1w3ygNIYcIJ0OKPMoW2caLfQ= github.com/urfave/cli/v2 v2.3.0/go.mod h1:LJmUH05zAU44vOAcrfzZQKsZbVcdbOG8rtL3/XcUArI= @@ -2373,7 +2173,6 @@ github.com/valyala/tcplisten v0.0.0-20161114210144-ceec8f93295a/go.mod h1:v3UYOV github.com/valyala/tcplisten v1.0.0/go.mod h1:T0xQ8SeCZGxckz9qRXTfG43PvQ/mcWh7FwZEA7Ioqkc= github.com/vbatts/tar-split v0.11.2 h1:Via6XqJr0hceW4wff3QRzD5gAk/tatMw/4ZA7cTlIME= github.com/vbatts/tar-split v0.11.2/go.mod h1:vV3ZuO2yWSVsz+pfFzDG/upWH1JhjOiEaWq6kXyQ3VI= -github.com/vektah/gqlparser v1.1.2 h1:ZsyLGn7/7jDNI+y4SEhI4yAxRChlv15pUHMjijT+e68= github.com/vektah/gqlparser v1.1.2/go.mod h1:1ycwN7Ij5njmMkPPAOaRFY4rET2Enx7IkVv3vaXspKw= github.com/vektah/gqlparser/v2 v2.4.0/go.mod h1:flJWIR04IMQPGz+BXLrORkrARBxv/rtyIAFvd/MceW0= github.com/vektah/gqlparser/v2 v2.4.1 h1:QOyEn8DAPMUMARGMeshKDkDgNmVoEaEGiDB0uWxcSlQ= @@ -2395,16 +2194,12 @@ github.com/wagoodman/go-partybus v0.0.0-20200526224238-eb215533f07d/go.mod h1:JP github.com/wagoodman/go-partybus v0.0.0-20210627031916-db1f5573bbc5 h1:phTLPgMRDYTizrBSKsNSOa2zthoC2KsJsaY/8sg3rD8= github.com/wagoodman/go-partybus v0.0.0-20210627031916-db1f5573bbc5/go.mod h1:JPirS5jde/CF5qIjcK4WX+eQmKXdPc6vcZkJ/P0hfPw= github.com/wagoodman/go-progress v0.0.0-20200621122631-1a2120f0695a/go.mod h1:jLXFoL31zFaHKAAyZUh+sxiTDFe1L1ZHrcK2T1itVKA= -github.com/wagoodman/go-progress v0.0.0-20200731105512-1020f39e6240/go.mod h1:jLXFoL31zFaHKAAyZUh+sxiTDFe1L1ZHrcK2T1itVKA= github.com/wagoodman/go-progress v0.0.0-20200807221327-51d465df1451 h1:ULknorKcCigmaFEBfB99pzEQmYY2E0F5Yp/bIyaBdEI= github.com/wagoodman/go-progress v0.0.0-20200807221327-51d465df1451/go.mod h1:jLXFoL31zFaHKAAyZUh+sxiTDFe1L1ZHrcK2T1itVKA= -github.com/wagoodman/jotframe v0.0.0-20211129225309-56b0d0a4aebb/go.mod h1:nDi3BAC5nEbVbg+WSJDHLbjHv0ZToq8nMPA97XMxF3E= github.com/weppos/publicsuffix-go v0.15.1-0.20210807195340-dc689ff0bb59/go.mod h1:HYux0V0Zi04bHNwOHy4cXJVz/TQjYonnF6aoYhj+3QE= github.com/weppos/publicsuffix-go v0.15.1-0.20220329081811-9a40b608a236/go.mod h1:HYux0V0Zi04bHNwOHy4cXJVz/TQjYonnF6aoYhj+3QE= github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4= github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr3+MjI= -github.com/withfig/autocomplete-tools/packages/cobra v0.0.0-20220122124547-31d3821a6898/go.mod h1:cKObXQ6PVFO7bHUd5jpApXvMIt55Ewz7UdMiC05ONxI= -github.com/x-cray/logrus-prefixed-formatter v0.5.2/go.mod h1:2duySbKsL6M18s5GU7VPsoEPHyzalCE06qoARUCeBBE= github.com/xanzy/go-gitlab v0.31.0/go.mod h1:sPLojNBn68fMUWSxIJtdVVIP8uSBYqesTfDUseX11Ug= github.com/xanzy/go-gitlab v0.62.0 h1:D3WuIK1UJ7JPSiYI077PQaU5dcPEshpimCSP07Do1aQ= github.com/xanzy/go-gitlab v0.62.0/go.mod h1:F0QEXwmqiBUxCgJm8fE9S+1veX4XC9Z4cfaAbqwk4YM= @@ -2417,7 +2212,6 @@ github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6 github.com/xdg/scram v0.0.0-20180814205039-7eeb5667e42c/go.mod h1:lB8K/P019DLNhemzwFU4jHLhdvlE6uDZjXFejJXr49I= github.com/xdg/stringprep v0.0.0-20180714160509-73f8eece6fdc/go.mod h1:Jhud4/sHMO4oL310DaZAKk9ZaJ08SJfe+sJh0HrGL1Y= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= -github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs= github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= @@ -2428,7 +2222,6 @@ github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778 h1:QldyIu/L63oPpyvQmHg github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778/go.mod h1:2MuV+tbUrU1zIOPMxZ5EncGwgmMJsa+9ucAQZXxsObs= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= github.com/yalp/jsonpath v0.0.0-20180802001716-5cc68e5049a0/go.mod h1:/LWChgwKmvncFJFHJ7Gvn9wZArjbV5/FppcK2fKk/tI= -github.com/yashtewari/glob-intersection v0.0.0-20180916065949-5c77d914dd0b/go.mod h1:HptNXiXVDcJjXe9SqMd0v2FsL9f8dz4GnXgltU6q/co= github.com/yeya24/promlinter v0.1.0/go.mod h1:rs5vtZzeBHqqMwXqFScncpCF6u06lezhZepno9AB1Oc= github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA= github.com/ysmood/goob v0.3.0/go.mod h1:S3lq113Y91y1UBf1wj1pFOxeahvfKkCk6mTWTWbDdWs= @@ -2455,8 +2248,6 @@ github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPS github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg= github.com/zalando/go-keyring v0.1.0/go.mod h1:RaxNwUITJaHVdQ0VC7pELPZ3tOWn13nr0gZMZEhpVU0= github.com/zalando/go-keyring v0.1.1/go.mod h1:OIC+OZ28XbmwFxU/Rp9V7eKzZjamBJwRzC8UFJH9+L8= -github.com/zclconf/go-cty v1.10.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk= -github.com/zeebo/errs v1.2.2/go.mod h1:sgbWHsvVuTPHcqJJGQ1WhI5KbWlHYz+2+2C/LSEtCw4= github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q= github.com/ziutek/mymysql v1.5.4/go.mod h1:LMSpPZ6DbqWFxNCHW77HeMg9I646SAhApZ/wKdgO/C0= github.com/zmap/rc2 v0.0.0-20131011165748-24b9757f5521/go.mod h1:3YZ9o3WnatTIZhuOtot4IcUfzoKVjUHqu6WALIyI0nE= @@ -2474,14 +2265,11 @@ go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489/go.mod h1:yVHk9ub3C go.etcd.io/etcd/api/v3 v3.5.0-alpha.0/go.mod h1:mPcW6aZJukV6Aa81LSKpBjQXTWlXB5r74ymPoSWa3Sw= go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= go.etcd.io/etcd/api/v3 v3.5.1/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= -go.etcd.io/etcd/api/v3 v3.5.2/go.mod h1:5GB2vv4A4AOn3yk7MftYGHkUfGtDHnEraIjym4dYz5A= go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= go.etcd.io/etcd/client/pkg/v3 v3.5.1/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= -go.etcd.io/etcd/client/pkg/v3 v3.5.2/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= go.etcd.io/etcd/client/v2 v2.305.0-alpha.0/go.mod h1:kdV+xzCJ3luEBSIeQyB/OEKkWKd8Zkux4sbDeANrosU= go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ= go.etcd.io/etcd/client/v2 v2.305.1/go.mod h1:pMEacxZW7o8pg4CrFE7pquyCJJzZvkvdD2RibOCCCGs= -go.etcd.io/etcd/client/v2 v2.305.2/go.mod h1:2D7ZejHVMIfog1221iLSYlQRzrtECw3kz4I4VAQm3qI= go.etcd.io/etcd/client/v3 v3.5.0-alpha.0/go.mod h1:wKt7jgDgf/OfKiYmCq5WFGxOFAkVMLxiiXgLDFhECr8= go.etcd.io/etcd/client/v3 v3.5.0/go.mod h1:AIKXXVX/DQXtfTEqBryiLTUXwON+GuvO6Z7lLS/oTh0= go.etcd.io/etcd/etcdctl/v3 v3.5.0-alpha.0/go.mod h1:YPwSaBciV5G6Gpt435AasAG3ROetZsKNUzibRa/++oo= @@ -2525,9 +2313,7 @@ go.opencensus.io v0.23.0 h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opentelemetry.io/contrib v0.20.0/go.mod h1:G/EtFaa6qaN7+LxqfIAT3GiZa7Wv5DTBUzl5H4LY0Kc= go.opentelemetry.io/contrib v1.3.0 h1:p9Gd+3dD7yB+AIph2Ltg11QDX6Y+yWMH0YQVTpTTP2c= -go.opentelemetry.io/contrib v1.3.0/go.mod h1:FlyPNX9s4U6MCsWEc5YAK4KzKNHFDsjrDUZijJiXvy8= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.20.0/go.mod h1:oVGt1LRbBOBq1A5BQLlUg9UaU/54aiHw8cgjV3aWZ/E= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.20.0/go.mod h1:2AboqHi0CiIZU0qwhtUfCYD1GeUzvvIXWNkhDt7ZMG4= go.opentelemetry.io/contrib/propagators v0.19.0 h1:HrixVNZYFjUl/Db+Tr3DhqzLsVW9GeVf/Gye+C5dNUY= go.opentelemetry.io/contrib/propagators v0.19.0/go.mod h1:4QOdZClXISU5S43xZxk5tYaWcpb+lehqfKtE6PK6msE= go.opentelemetry.io/otel v0.19.0/go.mod h1:j9bF567N9EfomkSidSfmMwIwIBuP37AMAIzVW85OxSg= @@ -2547,8 +2333,6 @@ go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16g go.opentelemetry.io/otel/trace v1.3.0 h1:doy8Hzb1RJ+I3yFhtDmwNc7tIyw1tNMOIsyPzp1NOGY= go.opentelemetry.io/otel/trace v1.3.0/go.mod h1:c/VDhno8888bvQYmbYLqe41/Ldmr/KKunbvWM4/fEjk= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= -go.opentelemetry.io/proto/otlp v0.12.0/go.mod h1:TsIjwGWIx5VFYv9KGVlOpxoBl5Dy+63SUguV7GGvlSQ= -go.step.sm/crypto v0.14.0/go.mod h1:3G0yQr5lQqfEG0CMYz8apC/qMtjLRQlzflL2AxkcN+g= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= @@ -2556,7 +2340,6 @@ go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE= go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/automaxprocs v1.4.0/go.mod h1:/mTEdr7LvHhs0v7mjdxDreTz1OG5zdZGqgOnhWiR/+Q= go.uber.org/config v1.4.0 h1:upnMPpMm6WlbZtXoasNkK4f0FhxwS+W4Iqz5oNznehQ= go.uber.org/config v1.4.0/go.mod h1:aCyrMHmUAc/s2h9sv1koP84M9ZF/4K+g2oleyESO/Ig= go.uber.org/dig v1.14.0 h1:VmGvIH45/aapXPQkaOrK5u4B5B7jxZB98HM/utx0eME= @@ -2581,7 +2364,6 @@ go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ= go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= -go.uber.org/zap v1.19.0/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= go.uber.org/zap v1.19.1/go.mod h1:j3DNczoxDZroyBnOT1L/Q79cfUMGZxlv/9dzN7SM1rI= go.uber.org/zap v1.20.0/go.mod h1:wjWOCqI0f2ZZrJF/UufIOkiC8ii6tm1iqIsLo76RfJw= go.uber.org/zap v1.21.0 h1:WefMeulhovoZ2sYXz7st6K0sLj7bBhpiFaud4r4zST8= @@ -2596,7 +2378,6 @@ golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941/go.mod h1:6SG95UA2DQfeDnf golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20190228161510-8dd112bcdc25/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190320223903-b7391e95e576/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= @@ -2610,7 +2391,6 @@ golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20190617133340-57b3e21c3d56/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190829043050-9756ffdc2472/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY= golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= @@ -2619,14 +2399,12 @@ golang.org/x/crypto v0.0.0-20191122220453-ac88ee75c92c/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20191227163750-53104e6ec876/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200930160638-afb6bcd081ae/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20201112155050-0c6587e931a9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= @@ -2637,7 +2415,6 @@ golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5 golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20210920023735-84f357641f63/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211115234514-b4de73f9ece8/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= @@ -2648,14 +2425,11 @@ golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.0.0-20211215165025-cf75a172585e/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= golang.org/x/crypto v0.0.0-20220131195533-30dcbda58838/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220511200225-c6db032c6c88 h1:Tgea0cVUD0ivh5ADBX4WwuI12DUd2to3nCYe2eayMIw= golang.org/x/crypto v0.0.0-20220511200225-c6db032c6c88/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= -golang.org/x/exp v0.0.0-20190731235908-ec7cb31e5a56/go.mod h1:JhuoJpWY28nO4Vef9tZUw9qufEGTyX1+7lmHxV5q5G4= golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= @@ -2664,7 +2438,6 @@ golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= golang.org/x/exp v0.0.0-20200331195152-e8c3332aa8e5/go.mod h1:4M0jN8W1tt0AVLNr8HDosyJCDCDuyL9N9+3m7wDWgKw= -golang.org/x/exp v0.0.0-20210126221216-84987778548c/go.mod h1:I6l2HNBLBZEcrOoCpyKLdY2lHoRZ8lI4x60KMCQDft4= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -2682,15 +2455,12 @@ golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 h1:VLliZ0d+/avPrXXH+OakdXhp golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= -golang.org/x/mobile v0.0.0-20201217150744-e6ae53a27f4f/go.mod h1:skQtrUTUwhdJvXM/2KKJzY8pDgNr9I/FOMqDVRPBUS4= golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= -golang.org/x/mod v0.1.1-0.20191209134235-331c550502dd/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.3.1-0.20200828183125-ce943fd02449/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= @@ -2775,13 +2545,9 @@ golang.org/x/net v0.0.0-20210614182718-04defd469f4e/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20210917221730-978cfadd31cf/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20210928044308-7d9f5e0b762b/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211020060615-d418f374d309/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211029224645-99673261e6eb/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20211111083644-e5c967477495/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211111160137-58aab5ef257a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211118161319-6a13c67c3ce4/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= @@ -2923,7 +2689,6 @@ golang.org/x/sys v0.0.0-20200916030750-2334cc1a136f/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200922070232-aee5d888a860/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201005172224-997123666555/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201009025420-dfb3f7c4e634/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201015000850-e3ed0017c211/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201112073958-5cba982894dd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -2969,7 +2734,6 @@ golang.org/x/sys v0.0.0-20210816183151-1e6c022a8912/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210902050250-f475640dd07b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210903071746-97244b99971b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210915083310-ed5796bab164/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210917161153-d61c044b1678/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -2989,7 +2753,6 @@ golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220315194320-039c03cc5b86/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220412211240-33da011f77ad h1:ntjMns5wyP/fN65tdBD4g8J5w8n015+iIIs9rtjXkY0= @@ -3025,7 +2788,6 @@ golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGm golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181221001348-537d06c36207/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190110163146-51295c7ec13a/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -3080,7 +2842,6 @@ golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapK golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200117012304-6edc0a871e69/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200117220505-0cba7a3a9ee9/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= @@ -3104,7 +2865,6 @@ golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200522201501-cb1345f3a375/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200612220849-54c614fe050c/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200622203043-20e05c1c8ffa/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= @@ -3151,7 +2911,6 @@ golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.6-0.20210820212750-d4cc65f0b2ff/go.mod h1:YD9qOF0M9xpSpdWTBbzEl5e/RnCefISl8E5Noe10jFM= golang.org/x/tools v0.1.6/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo= golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo= golang.org/x/tools v0.1.8/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU= @@ -3166,7 +2925,6 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f h1:GGU+dLjvlC3qDwqYgL6UgRmHXhOOgns0bZu2Ty5mm6U= golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -gomodules.xyz/jsonpatch/v2 v2.2.0/go.mod h1:WXp+iVDkoLQqPudfQ9GBlwB2eZ5DKOnjQZCYdOS8GPY= google.golang.org/api v0.0.0-20160322025152-9bf6e6e569ff/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= @@ -3185,7 +2943,6 @@ google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/ google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.25.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= @@ -3213,7 +2970,6 @@ google.golang.org/api v0.61.0/go.mod h1:xQRti5UdCmoCEqFxcz93fTl338AVqDgyaDRuOZ3h google.golang.org/api v0.62.0/go.mod h1:dKmwPCydfsad4qCH08MSdgWjfHOyfpd4VtDGgRFdavw= google.golang.org/api v0.63.0/go.mod h1:gs4ij2ffTRXwuzzgJl/56BdwJaA194ijkfn++9tDuPo= google.golang.org/api v0.64.0/go.mod h1:931CdxA8Rm4t6zqTFGSsgwbAEZ2+GMYurbndwSimebM= -google.golang.org/api v0.65.0/go.mod h1:ArYhxgGadlWmqO1IqVujw6Cs8IdD33bTmzKo2Sh+cbg= google.golang.org/api v0.67.0/go.mod h1:ShHKP8E60yPsKNw/w8w+VYaj9H6buA5UqDp8dhbQZ6g= google.golang.org/api v0.70.0/go.mod h1:Bs4ZM2HGifEvXwd50TtW70ovgJffJYw2oRCOFU/SkfA= google.golang.org/api v0.71.0/go.mod h1:4PyU6e6JogV1f9eA4voyrTY2batOLdgZ5qZ5HOCc4j8= @@ -3266,17 +3022,14 @@ google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfG google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20200527145253-8367513e4ece/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= google.golang.org/genproto v0.0.0-20200626011028-ee7919e894b5/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200707001353-8e8330bf89df/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200806141610-86f49bd18e98/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201102152239-715cce707fb0/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= @@ -3329,7 +3082,6 @@ google.golang.org/genproto v0.0.0-20211207154714-918901c715cf/go.mod h1:5CzLGKJ6 google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20211221195035-429b39de9b1c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20211223182754-3ac035c7e7cb/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20220111164026-67b88f271998/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20220126215142-9970aeb2e350/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20220207164111-0872dc986b00/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= @@ -3384,7 +3136,6 @@ google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ5 google.golang.org/grpc v1.45.0 h1:NEpgUqV3Z+ZjkqMsxMg11IaDrXY4RY6CQukSGK0uI1M= google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= -google.golang.org/grpc/examples v0.0.0-20201130180447-c456688b1860/go.mod h1:Ly7ZA/ARzg8fnPU9TyZIxoz33sEUuWX7txiqs8lPTgE= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -3419,8 +3170,6 @@ gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o= gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo= -gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE= -gopkg.in/go-playground/validator.v9 v9.29.1/go.mod h1:+c9/zcJMFNgbLvly1L1V+PpxWdVbfP1avr/N00E2vyQ= gopkg.in/inconshreveable/log15.v2 v2.0.0-20180818164646-67afb5ed74ec/go.mod h1:aPpfJ7XW+gOuirDoZ8gHhLh3kZ1B08FtV2bbmy7Jv3s= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= @@ -3466,7 +3215,6 @@ gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gorm.io/gorm v1.23.3 h1:jYh3nm7uLZkrMVfA8WVNjDZryKfr7W+HTlInVgKFJAg= gorm.io/gorm v1.23.3/go.mod h1:l2lP/RyAtc1ynaTjFksBde/O8v9oOGIApu2/xRitmZk= -gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk= gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8= @@ -3480,56 +3228,40 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -honnef.co/go/tools v0.0.1-2020.1.5/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.2.1/go.mod h1:lPVVZ2BS5TfnjLyizF7o7hv7j9/L+8cZY2hLyjP9cGY= k8s.io/api v0.20.1/go.mod h1:KqwcCVogGxQY3nBlRpwt+wpAMF/KjaCc7RpywacvqUo= k8s.io/api v0.20.4/go.mod h1:++lNL1AJMkDymriNniQsWRkMDzRaX2Y/POTUi8yvqYQ= k8s.io/api v0.20.6/go.mod h1:X9e8Qag6JV/bL5G6bU8sdVRltWKmdHsFUGS3eVndqE8= -k8s.io/api v0.23.3/go.mod h1:w258XdGyvCmnBj/vGzQMj6kzdufJZVUwEM1U2fRJwSQ= -k8s.io/api v0.23.4/go.mod h1:i77F4JfyNNrhOjZF7OwwNJS5Y1S9dpwvb9iYRYRczfI= k8s.io/api v0.23.5 h1:zno3LUiMubxD/V1Zw3ijyKO3wxrhbUF1Ck+VjBvfaoA= k8s.io/api v0.23.5/go.mod h1:Na4XuKng8PXJ2JsploYYrivXrINeTaycCGcYgF91Xm8= -k8s.io/apiextensions-apiserver v0.23.4/go.mod h1:TWYAKymJx7nLMxWCgWm2RYGXHrGlVZnxIlGnvtfYu+g= -k8s.io/apimachinery v0.19.7/go.mod h1:6sRbGRAVY5DOCuZwB5XkqguBqpqLU6q/kOaOdk29z6Q= k8s.io/apimachinery v0.20.1/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU= k8s.io/apimachinery v0.20.4/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU= k8s.io/apimachinery v0.20.6/go.mod h1:ejZXtW1Ra6V1O5H8xPBGz+T3+4gfkTCeExAHKU57MAc= -k8s.io/apimachinery v0.23.3/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM= -k8s.io/apimachinery v0.23.4/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM= k8s.io/apimachinery v0.23.5 h1:Va7dwhp8wgkUPWsEXk6XglXWU4IKYLKNlv8VkX7SDM0= k8s.io/apimachinery v0.23.5/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM= k8s.io/apiserver v0.20.1/go.mod h1:ro5QHeQkgMS7ZGpvf4tSMx6bBOgPfE+f52KwvXfScaU= k8s.io/apiserver v0.20.4/go.mod h1:Mc80thBKOyy7tbvFtB4kJv1kbdD0eIH8k8vianJcbFM= k8s.io/apiserver v0.20.6/go.mod h1:QIJXNt6i6JB+0YQRNcS0hdRHJlMhflFmsBDeSgT1r8Q= -k8s.io/apiserver v0.23.4/go.mod h1:A6l/ZcNtxGfPSqbFDoxxOjEjSKBaQmE+UTveOmMkpNc= k8s.io/client-go v0.20.1/go.mod h1:/zcHdt1TeWSd5HoUe6elJmHSQ6uLLgp4bIJHVEuy+/Y= k8s.io/client-go v0.20.4/go.mod h1:LiMv25ND1gLUdBeYxBIwKpkSC5IsozMMmOOeSJboP+k= k8s.io/client-go v0.20.6/go.mod h1:nNQMnOvEUEsOzRRFIIkdmYOjAZrC8bgq0ExboWSU1I0= -k8s.io/client-go v0.23.3/go.mod h1:47oMd+YvAOqZM7pcQ6neJtBiFH7alOyfunYN48VsmwE= -k8s.io/client-go v0.23.4/go.mod h1:PKnIL4pqLuvYUK1WU7RLTMYKPiIh7MYShLshtRY9cj0= k8s.io/client-go v0.23.5 h1:zUXHmEuqx0RY4+CsnkOn5l0GU+skkRXKGJrhmE2SLd8= k8s.io/client-go v0.23.5/go.mod h1:flkeinTO1CirYgzMPRWxUCnV0G4Fbu2vLhYCObnt/r4= -k8s.io/code-generator v0.23.4/go.mod h1:S0Q1JVA+kSzTI1oUvbKAxZY/DYbA/ZUb4Uknog12ETk= -k8s.io/code-generator v0.23.5/go.mod h1:S0Q1JVA+kSzTI1oUvbKAxZY/DYbA/ZUb4Uknog12ETk= k8s.io/component-base v0.20.1/go.mod h1:guxkoJnNoh8LNrbtiQOlyp2Y2XFCZQmrcg2n/DeYNLk= k8s.io/component-base v0.20.4/go.mod h1:t4p9EdiagbVCJKrQ1RsA5/V4rFQNDfRlevJajlGwgjI= k8s.io/component-base v0.20.6/go.mod h1:6f1MPBAeI+mvuts3sIdtpjljHWBQ2cIy38oBIWMYnrM= -k8s.io/component-base v0.23.4/go.mod h1:8o3Gg8i2vnUXGPOwciiYlkSaZT+p+7gA9Scoz8y4W4E= k8s.io/cri-api v0.17.3/go.mod h1:X1sbHmuXhwaHs9xxYffLqJogVsnI+f6cPRcgPel7ywM= k8s.io/cri-api v0.20.1/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI= k8s.io/cri-api v0.20.4/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI= k8s.io/cri-api v0.20.6/go.mod h1:ew44AjNXwyn1s0U4xCKGodU7J1HzBeZ1MpGrpa5r8Yc= k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= -k8s.io/gengo v0.0.0-20220307231824-4627b89bbf1b/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/klog/v2 v2.40.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/klog/v2 v2.60.1-0.20220317184644-43cc75f9ae89 h1:bUNlsw5yb353zbKMj8srOr6V2Ajhz1VkTKonP1L8r2o= k8s.io/klog/v2 v2.60.1-0.20220317184644-43cc75f9ae89/go.mod h1:N3kgBtsFxMb4nQ0eBDgbHEt/dtxBuTkSFQ+7K5OUoz4= -k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6/go.mod h1:UuqjUnNftUyPE5H64/qeyjQoUZhGpeFDVdxjTeEVN2o= k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAGcJo0Tvi+dK12EcqSLqcWsryKMpfM= k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk= k8s.io/kube-openapi v0.0.0-20220124234850-424119656bbf h1:M9XBsiMslw2lb2ZzglC0TOkBPK5NQi0/noUrdnoFwUg= @@ -3538,11 +3270,8 @@ k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk= k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20211116205334-6203023598ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/utils v0.0.0-20220127004650-9b3446523e65/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 h1:HNSDgDCrr/6Ly3WEGKZftiE7IY19Vz2GdbOCyI4qqhc= k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -knative.dev/hack v0.0.0-20220224013837-e1785985d364/go.mod h1:PHt8x8yX5Z9pPquBEfIj0X66f8iWkWfR0S/sarACJrI= -knative.dev/hack/schema v0.0.0-20220224013837-e1785985d364/go.mod h1:ffjwmdcrH5vN3mPhO8RrF2KfNnbHeCE2C60A+2cv3U0= knative.dev/pkg v0.0.0-20220325200448-1f7514acd0c2 h1:dJ1YKQ1IvCfxtYqS1dHm18VT153ntHi5uJsFVv7oxfc= knative.dev/pkg v0.0.0-20220325200448-1f7514acd0c2/go.mod h1:5xt0nzCwxvQ2N4w71smY7pYm5nVrQ8qnRsMinSLVpio= lukechampine.com/uint128 v1.1.1/go.mod h1:c4eWIwlEGaxC/+H1VguhU4PHXNWDCDMUlWdIWl2j1gk= @@ -3682,18 +3411,14 @@ mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b/go.mod h1:2odslEg/xrtNQqCYg2/jC mvdan.cc/unparam v0.0.0-20210104141923-aac4ce9116a7/go.mod h1:hBpJkZE8H/sb+VRFvw2+rBpHNsTBcvSpk61hr8mzXZE= nhooyr.io/websocket v1.8.7/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0= pack.ag/amqp v0.11.2/go.mod h1:4/cbmt4EJXSKlG6LCfWHoqmN0uFdy5i/+YFz+fTfhV4= -pgregory.net/rapid v0.3.3/go.mod h1:UYpPVyjFHzYBGHIxLFoupi8vwk6rXNzRY9OMvVxFIOU= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.15/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.27/go.mod h1:tq2nT0Kx7W+/f2JVE+zxYtUhdjuELJkVpNz+x/QN5R4= sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6/go.mod h1:p4QtZmO4uMYipTQNzagwnNoseA6OxSUutVw05NhYDRs= sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 h1:kDi4JBNAsJWfz1aEXhO8Jg87JJaPNLh5tIzYHgStQ9Y= sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2/go.mod h1:B+TnT182UBxE84DiCz4CVE26eOSDAeYCpfDnC2kdKMY= -sigs.k8s.io/release-utils v0.6.0/go.mod h1:kR1/DuYCJ4covppUasYNcA11OixC9O37B/E0ejRfb+c= -sigs.k8s.io/structured-merge-diff/v4 v4.0.1/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/structured-merge-diff/v4 v4.0.3/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/structured-merge-diff/v4 v4.2.1 h1:bKCqE9GvQ5tiVHn5rfn1r+yao3aLQEaLzkkmAkf+A6Y= diff --git a/go/cmd/containermodifier/main_cli.go b/go/cmd/containermodifier/main_cli.go deleted file mode 100644 index 1f65f720c..000000000 --- a/go/cmd/containermodifier/main_cli.go +++ /dev/null @@ -1,64 +0,0 @@ -// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -//go:build cli - -package main - -import ( - "log" - "os" - - "github.com/lunasec-io/lunasec/go/controller" - "github.com/urfave/cli/v2" -) - -func main() { - log.SetFlags(log.Lshortfile) - - app := &cli.App{ - Name: "lunasec-cli", - Commands: []*cli.Command{ - { - Name: "build", - Aliases: []string{"b"}, - Usage: "Build a secure resolver docker container.", - Flags: []cli.Flag{ - &cli.StringFlag{ - Name: "container-tar", - Usage: "Tar file of container to be modified", - Required: true, - }, - &cli.StringFlag{ - Name: "config", - Usage: "Lunasec config file", - Required: true, - }, - }, - Action: func(c *cli.Context) error { - containerTarFile := c.String("container-tar") - configFile := c.String("config") - containerModifierController := controller.NewContainerModifierController(nil) - containerModifierController.HandleLocalInvoke(containerTarFile, configFile) - return nil - }, - }, - }, - } - - err := app.Run(os.Args) - if err != nil { - log.Fatal(err) - } -} diff --git a/go/cmd/runtime/main.go b/go/cmd/runtime/main.go deleted file mode 100644 index 130e6a1f8..000000000 --- a/go/cmd/runtime/main.go +++ /dev/null @@ -1,147 +0,0 @@ -// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -package main - -import ( - "context" - "encoding/json" - "errors" - "log" - "net/http" - "os" - "sync" - - "github.com/aws/aws-lambda-go/events" - "github.com/aws/aws-lambda-go/lambda" - tokenizer "github.com/lunasec-io/lunasec/go/pkg/tokenizer" - "github.com/lunasec-io/lunasec/go/service/invoker" - "github.com/lunasec-io/lunasec/go/types/event" - "github.com/lunasec-io/lunasec/go/util" - "go.uber.org/zap" -) - -func startHttpServer(wg *sync.WaitGroup) *http.Server { - server := tokenizer.NewHttpServerSidecar() - - go func() { - defer wg.Done() // let main know we are done cleaning up - - // always returns error. ErrServerClosed on graceful close - if err := server.ListenAndServe(); err != http.ErrServerClosed { - // unexpected error. port in use? - log.Fatalf("ListenAndServe(): %v", err) - } - }() - - // returning reference so caller can call Shutdown() - return server -} - -func verifyContainerSecret(sentContainerSecret string) bool { - containerSecret := os.Getenv("CONTAINER_SECRET") - if containerSecret == "" { - // container secret is not set, we treat this as a validated container secret - return true - } - - return sentContainerSecret == containerSecret -} - -func HandleRequestApiGateway(ctx context.Context, request events.APIGatewayProxyRequest) (events.APIGatewayProxyResponse, error) { - var ( - invokeEvent event.ExecuteFunctionRequest - funcResp event.ExecuteFunctionResponse - ) - - containerSecret := request.Headers["X-Container-Secret"] - if !verifyContainerSecret(containerSecret) { - err := errors.New("unauthorized") - return util.ApiGatewayError(err) - } - - err := json.Unmarshal([]byte(request.Body), &invokeEvent) - if err != nil { - return util.ApiGatewayError(err) - } - - funcResp, err = HandleRequest(ctx, invokeEvent) - if err != nil { - return util.ApiGatewayError(err) - } - - headers := map[string]string{} - return util.MarshalApiGatewayResponse(http.StatusOK, headers, funcResp) -} - -func HandleRequest(ctx context.Context, req event.ExecuteFunctionRequest) (event.ExecuteFunctionResponse, error) { - var ( - logger *zap.Logger - result *json.RawMessage - backpack *json.RawMessage - resp event.ExecuteFunctionResponse - err error - ) - - logger, err = util.GetLogger() - if err != nil { - log.Println("unable to create zap logger", err) - return resp, err - } - - logger.Debug( - "starting tokenizer sidecar", - ) - - httpServerExitDone := &sync.WaitGroup{} - - httpServerExitDone.Add(1) - server := startHttpServer(httpServerExitDone) - defer func() { - err = server.Shutdown(ctx) - if err != nil { - log.Println("error while shutting down server", err) - return - } - httpServerExitDone.Wait() - }() - - logger.Debug( - "starting lambda runtime", - zap.String("functionName", req.FunctionName), - ) - lambdaRuntime := invoker.NewLambdaRuntime(logger, req.FunctionName, req.BlockInput, req.Backpack) - result, backpack, err = lambdaRuntime.Run() - if err != nil { - return resp, err - } - - resp.Result = result - resp.Backpack = backpack - return resp, err -} - -func main() { - log.SetFlags(log.Lshortfile) - - log.Println("Starting runtime...") - - lambdaEnv := os.Getenv("LAMBDA_CALLER") - switch lambdaEnv { - case "API_GATEWAY": - lambda.Start(HandleRequestApiGateway) - default: - lambda.Start(HandleRequest) - } -} diff --git a/go/cmd/tokenizer/main_cli.go b/go/cmd/tokenizer/main_cli.go deleted file mode 100644 index 121952c10..000000000 --- a/go/cmd/tokenizer/main_cli.go +++ /dev/null @@ -1,133 +0,0 @@ -// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -//go:build cli - -package main - -import ( - "log" - "os" - - "github.com/lunasec-io/lunasec/go/pkg/tokenizer" - "github.com/urfave/cli/v2" -) - -func main() { - log.SetFlags(log.Lshortfile) - - app := &cli.App{ - Name: "tokenizer-cli", - Flags: []cli.Flag{ - &cli.StringFlag{ - Name: "url", - Usage: "Tokenizer URL", - Required: true, - }, - &cli.StringFlag{ - Name: "auth-private-key", - Usage: "Auth Private Key", - Required: true, - }, - }, - Commands: []*cli.Command{ - { - Name: "auth", - Description: "Manage tokenizer authentication", - Subcommands: []*cli.Command{ - { - Name: "create", - Description: "Create a valid auth token for the tokenizer.", - Category: "auth", - Action: tokenizer.CreateJwtAuthCommand, - }, - }, - }, - { - Name: "tokenize", - Aliases: []string{"t"}, - Usage: "Tokenize a secret value", - Flags: []cli.Flag{ - &cli.StringFlag{ - Name: "plaintext", - Usage: "Plaintext value to tokenize", - }, - &cli.StringFlag{ - Name: "input", - Usage: "Input file", - }, - }, - Action: tokenizer.TokenizeCommand, - }, - { - Name: "detokenize", - Aliases: []string{"d"}, - Usage: "Detokenize a secret value", - Flags: []cli.Flag{ - &cli.StringFlag{ - Name: "token", - Usage: "Tokenizer token", - Required: true, - }, - &cli.StringFlag{ - Name: "output", - Usage: "Output file", - }, - }, - Action: tokenizer.DetokenizeCommand, - }, - { - Name: "metadata", - Subcommands: []*cli.Command{ - { - Name: "set", - Category: "metadata", - Usage: "Set metadata for a token", - Flags: []cli.Flag{ - &cli.StringFlag{ - Name: "token", - Usage: "Tokenizer Token", - Required: true, - }, - &cli.StringFlag{ - Name: "metadata", - Usage: "Token metadata to set", - Required: true, - }, - }, - Action: tokenizer.SetMetadataCommand, - }, - { - Name: "get", - Category: "metadata", - Usage: "Get metadata for a token", - Flags: []cli.Flag{ - &cli.StringFlag{ - Name: "token", - Usage: "Tokenizer Token", - Required: true, - }, - }, - Action: tokenizer.GetMetadataCommand, - }, - }, - }, - }, - } - - err := app.Run(os.Args) - if err != nil { - log.Fatal(err) - } -} diff --git a/go/constants/containermodifier.go b/go/constants/containermodifier.go deleted file mode 100644 index 248847f5c..000000000 --- a/go/constants/containermodifier.go +++ /dev/null @@ -1,77 +0,0 @@ -// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -package constants - -import "github.com/lunasec-io/lunasec/go/types" - -type Runtime string - -const ( - NodeJS10 Runtime = "nodejs10.x" - Python36 Runtime = "python3.6" - Docker Runtime = "docker" -) - -type RuntimeCommand string - -const ( - NodeCommand RuntimeCommand = "node" - PythonCommand RuntimeCommand = "python" -) - -type RuntimeModuleEnvVar string - -const ( - NodeModuleEnvVar RuntimeModuleEnvVar = "NODE_PATH" - PythonModuleEnvVar RuntimeModuleEnvVar = "PYTHONPATH" -) - -type RuntimeHandler string - -const ( - NodeHandler RuntimeHandler = "container_lambda_function.js" - PythonHandler RuntimeHandler = "container_lambda_function.py" -) - -type RuntimeConfig struct { - Command RuntimeCommand - ModuleEnvVar RuntimeModuleEnvVar - Handler RuntimeHandler -} - -var ( - RuntimeToRuntimeConfig = map[Runtime]RuntimeConfig{ - NodeJS10: { - NodeCommand, - NodeModuleEnvVar, - NodeHandler, - }, - Python36: { - PythonCommand, - PythonModuleEnvVar, - PythonHandler, - }, - } -) - -var ( - // TODO (cthompson) will this change between different runtimes? - SingleFunctionContainerConfig = types.FunctionConfig{ - ImportPath: "refinery_main", - FunctionName: "main", - WorkDir: "", - Env: map[string]string{}, - } -) diff --git a/go/controller/containermodifier.go b/go/controller/containermodifier.go deleted file mode 100644 index 5bcd36f8e..000000000 --- a/go/controller/containermodifier.go +++ /dev/null @@ -1,248 +0,0 @@ -// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -package controller - -import ( - "bytes" - "fmt" - "go.uber.org/zap" - "log" - - v1 "github.com/google/go-containerregistry/pkg/v1" - "github.com/google/go-containerregistry/pkg/v1/tarball" - "github.com/lunasec-io/lunasec/go/gateway" - "github.com/lunasec-io/lunasec/go/pkg/containermodifier" - "github.com/lunasec-io/lunasec/go/service" - "github.com/lunasec-io/lunasec/go/types" - "github.com/lunasec-io/lunasec/go/types/event" - "github.com/lunasec-io/lunasec/go/util" -) - -type ContainerModifierController interface { - HandleLambdaInvoke(invokeEvent event.ContainerModifyEvent) (resp event.ContainerModifyResponse, err error) - HandleLocalInvoke(containerTarFile, configFile string) -} - -type containerModifierController struct { - // TODO (cthompson) container modifier should be deployed with a bucket configured for it - ecrGateway gateway.AwsECRGateway -} - -func NewContainerModifierController( - ecrGateway gateway.AwsECRGateway, -) ContainerModifierController { - return &containerModifierController{ - ecrGateway: ecrGateway, - } -} - -func getContainerLayerFromS3(s3 gateway.AwsS3Gateway, key string) (layer v1.Layer, err error) { - tarData, err := s3.GetObject(key) - if err != nil { - log.Println(err) - return - } - tarReader := bytes.NewReader(tarData) - return tarball.LayerFromReader(tarReader) -} - -func (c *containerModifierController) getContainerModifierForLambdaInvoke(invokeEvent event.ContainerModifyEvent) (modifier service.DockerContainerModifier, err error) { - options, err := gateway.LoadCraneOptions(c.ecrGateway) - if err != nil { - log.Println(err) - return - } - - dockerManager := service.NewDockerManager(options) - - modifier = service.NewDockerContainerModifier( - invokeEvent.BaseImage, - invokeEvent.ShouldModifyEntrypoint(), - dockerManager, - ) - return -} - -func (c *containerModifierController) getContainerModifierForLocalInvoke(containerTarFile string) service.DockerContainerModifier { - return service.NewDockerContainerModifier( - containerTarFile, - true, - nil, - ) -} - -func (c *containerModifierController) buildFunctionConfigLayer(base v1.Image, runtime string, functions []types.FunctionConfig) (layer v1.Layer, err error) { - imgConfigFile, err := base.ConfigFile() - if err != nil { - log.Println(err) - return - } - workDir := imgConfigFile.Config.WorkingDir - - return containermodifier.CreateFunctionConfigLayer(workDir, runtime, functions) -} - -func (c *containerModifierController) createFunctionLayers(base v1.Image, invokeEvent event.ContainerModifyEvent) (functionLayers []v1.Layer, err error) { - s3Config := gateway.NewAwsS3GatewayConfig("us-west-2", invokeEvent.ImageFiles.Bucket) - provider, err := util.GetStaticConfigProvider(s3Config) - if err != nil { - log.Println(err) - return - } - - logger, err := zap.NewProduction() - if err != nil { - log.Println(err) - return - } - - sess, err := gateway.NewAwsSession(logger, provider) - if err != nil { - log.Println(err) - return - } - - s3Gateway := gateway.NewAwsS3Gateway(logger, provider, sess) - - functionFilesLayer, err := getContainerLayerFromS3(s3Gateway, invokeEvent.ImageFiles.Key) - if err != nil { - log.Println(err) - return - } - - runtimeLayers, err := util.LoadRuntimeLayers() - if err != nil { - log.Println(err) - return - } - - functionConfigLayer, err := c.buildFunctionConfigLayer(base, invokeEvent.Runtime, invokeEvent.Functions) - if err != nil { - log.Println(err) - return - } - functionLayers = []v1.Layer{ - functionFilesLayer, - functionConfigLayer, - } - functionLayers = append(functionLayers, runtimeLayers...) - return -} - -func (c *containerModifierController) HandleLambdaInvoke(invokeEvent event.ContainerModifyEvent) (resp event.ContainerModifyResponse, err error) { - var ( - appendLayers []v1.Layer - newImg v1.Image - ) - - modifier, err := c.getContainerModifierForLambdaInvoke(invokeEvent) - if err != nil { - log.Println(err) - return - } - - base, err := modifier.LoadImageFromRemote() - if err != nil { - log.Println(err) - return - } - - newTag := fmt.Sprintf("%s/%s", invokeEvent.Registry, invokeEvent.NewImageName) - - log.Println("Creating function files layer...") - if invokeEvent.ShouldModifyEntrypoint() { - appendLayers, err = c.createFunctionLayers(base, invokeEvent) - if err != nil { - log.Println(err) - return - } - - log.Println("Modifying docker image...") - newImg, err = modifier.AppendLayersToBaseImage(base, appendLayers) - if err != nil { - log.Println(err) - return - } - } else { - newImg = base - } - - containerHash, err := newImg.Digest() - if err != nil { - log.Println(err) - return - } - - deploymentID, err := modifier.GetImageDeploymentID(base) - if err != nil { - log.Println(err) - return - } - - modifier.PushImageToRemote(newImg, newTag) - - resp = event.ContainerModifyResponse{ - Tag: containerHash.String(), - DeploymentID: deploymentID, - } - return -} - -func (c *containerModifierController) HandleLocalInvoke(containerTarFile, configFile string) { - functionConfig, err := containermodifier.LoadFunctionConfig(configFile) - if err != nil { - panic(err) - } - - modifier := c.getContainerModifierForLocalInvoke(containerTarFile) - - base, err := modifier.LoadImageFromFile() - if err != nil { - log.Println(err) - return - } - - runtimeLayers, err := util.LoadRuntimeLayersFromTar() - if err != nil { - log.Println(err) - return - } - - functionConfigLayer, err := c.buildFunctionConfigLayer(base, functionConfig.Runtime, functionConfig.Functions) - if err != nil { - log.Println(err) - return - } - - appendLayers := []v1.Layer{ - functionConfigLayer, - } - appendLayers = append(appendLayers, runtimeLayers...) - - img, err := modifier.AppendLayersToBaseImage(base, appendLayers) - if err != nil { - log.Println(err) - return - } - - newTag, newFilename := containermodifier.GetNewContainerNames(containerTarFile) - - log.Printf("saving modified container image to: %s\n", newFilename) - err = modifier.SaveImageToFile(img, newTag, newFilename) - if err != nil { - log.Println(err) - return - } -} diff --git a/go/controller/grant.go b/go/controller/grant.go deleted file mode 100644 index 69c6784a4..000000000 --- a/go/controller/grant.go +++ /dev/null @@ -1,117 +0,0 @@ -// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -package controller - -import ( - "encoding/json" - "github.com/lunasec-io/lunasec/go/constants" - "github.com/lunasec-io/lunasec/go/controller/request" - "io/ioutil" - "log" - "net/http" - - "github.com/lunasec-io/lunasec/go/service" - "github.com/lunasec-io/lunasec/go/types" - "github.com/lunasec-io/lunasec/go/types/event" - "github.com/lunasec-io/lunasec/go/util" -) - -type grantController struct { - grant service.GrantService - jwtVerifier service.JwtVerifier -} - -// GrantController ... -type GrantController interface { - SetGrant(w http.ResponseWriter, req *http.Request) - VerifyGrant(w http.ResponseWriter, req *http.Request) -} - -// NewGrantController ... -func NewGrantController(grant service.GrantService, jwtVerifier service.JwtVerifier) GrantController { - return &grantController{ - grant: grant, - jwtVerifier: jwtVerifier, - } -} - -func (s *grantController) getSessionID(r *http.Request) (sessionID string, err error) { - accessToken, err := request.GetJwtToken(r) - if err != nil { - return - } - - claims, err := s.jwtVerifier.VerifyWithSessionClaims(accessToken) - if err != nil { - return - } - sessionID = claims.SessionID - return -} - -func (s *grantController) SetGrant(w http.ResponseWriter, r *http.Request) { - log.Printf("Received SetGrant request") - - input := event.GrantSetRequest{} - b, err := ioutil.ReadAll(r.Body) - - if err != nil { - util.RespondError(w, http.StatusBadRequest, err) - return - } - - if err := json.Unmarshal(b, &input); err != nil { - util.RespondError(w, http.StatusBadRequest, err) - return - } - - if err := s.grant.SetTokenGrantForSession(types.Token(input.TokenID), input.SessionID, constants.TokenFullAccess, input.CustomDuration); err != nil { - util.RespondError(w, http.StatusInternalServerError, err) - return - } - - resp := event.GrantSetResponse{} - - util.Respond(w, resp) -} - -func (s *grantController) VerifyGrant(w http.ResponseWriter, r *http.Request) { - log.Printf("Received VerifyGrant request") - - input := event.GrantVerifyRequest{} - b, err := ioutil.ReadAll(r.Body) - - if err != nil { - util.RespondError(w, http.StatusBadRequest, err) - return - } - - if err := json.Unmarshal(b, &input); err != nil { - util.RespondError(w, http.StatusBadRequest, err) - return - } - - valid, err := s.grant.ValidTokenGrantExistsForSession(types.Token(input.TokenID), input.SessionID, constants.TokenFullAccess) - if err != nil { - util.RespondError(w, http.StatusInternalServerError, err) - return - } - - resp := event.GrantVerifyResponse{ - Valid: valid, - } - - util.Respond(w, resp) -} diff --git a/go/controller/metadata.go b/go/controller/metadata.go deleted file mode 100644 index b013cbe59..000000000 --- a/go/controller/metadata.go +++ /dev/null @@ -1,117 +0,0 @@ -// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -package controller - -import ( - "encoding/json" - "github.com/lunasec-io/lunasec/go/util/auth" - "github.com/pkg/errors" - "io/ioutil" - "log" - "net/http" - - "github.com/lunasec-io/lunasec/go/service" - "github.com/lunasec-io/lunasec/go/types" - "github.com/lunasec-io/lunasec/go/types/event" - "github.com/lunasec-io/lunasec/go/util" -) - -type metaController struct { - meta service.MetadataService - jwtVerifier service.JwtVerifier - grant service.GrantService -} - -// MetaController ... -type MetaController interface { - GetMetadata(w http.ResponseWriter, req *http.Request) - SetMetadata(w http.ResponseWriter, req *http.Request) -} - -// NewMetaController ... -func NewMetaController(meta service.MetadataService, jwtVerifier service.JwtVerifier, grant service.GrantService) MetaController { - return &metaController{ - meta: meta, - jwtVerifier: jwtVerifier, - grant: grant, - } -} - -// GetMetadata ... -func (s *metaController) GetMetadata(w http.ResponseWriter, r *http.Request) { - log.Printf("Received GetMetadata request") - - input := event.MetadataGetRequest{} - b, err := ioutil.ReadAll(r.Body) - if err != nil { - util.RespondError(w, http.StatusBadRequest, err) - return - } - - if err := json.Unmarshal(b, &input); err != nil { - util.RespondError(w, http.StatusBadRequest, err) - return - } - - meta, err := s.meta.GetMetadata(types.Token(input.TokenID)) - if err != nil { - statusCode := 500 - if err.Error() == "unable to locate metadata for token" { - statusCode = 404 - } - util.RespondError(w, statusCode, err) - return - } - - resp := event.MetadataGetResponse{ - Metadata: meta.CustomMetadata, - } - - util.Respond(w, resp) -} - -// SetMetadata ... -func (s *metaController) SetMetadata(w http.ResponseWriter, r *http.Request) { - log.Printf("Received SetMetadata request") - - input := event.MetadataSetRequest{} - b, err := ioutil.ReadAll(r.Body) - - if err != nil { - util.RespondError(w, http.StatusBadRequest, err) - return - } - - if err := json.Unmarshal(b, &input); err != nil { - util.RespondError(w, http.StatusBadRequest, err) - return - } - - claims, err := auth.GetRequestClaims(s.jwtVerifier, r) - if err != nil { - err = errors.Wrap(err, "unable to verify token jwt with claims") - util.RespondError(w, http.StatusBadRequest, err) - return - } - - if err := s.meta.SetMetadata(types.Token(input.TokenID), claims, input.Metadata); err != nil { - util.RespondError(w, http.StatusInternalServerError, err) - return - } - - resp := event.MetadataSetResponse{} - - util.Respond(w, resp) -} diff --git a/go/controller/middleware.go b/go/controller/middleware.go deleted file mode 100644 index 70c79e2f1..000000000 --- a/go/controller/middleware.go +++ /dev/null @@ -1,67 +0,0 @@ -// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -package controller - -import ( - "fmt" - "github.com/lunasec-io/lunasec/go/constants" - metricsgateway "github.com/lunasec-io/lunasec/go/gateway/metrics" - "github.com/lunasec-io/lunasec/go/types" - "net/http" - "net/http/httputil" - - "github.com/lunasec-io/lunasec/go/service" - "go.uber.org/config" -) - -var WithNoAuth = func( - allowedSubjects []constants.JwtSubject, - handlerFunc http.HandlerFunc, -) http.HandlerFunc { - return handlerFunc -} - -func WithCSP(provider config.Provider) types.Middleware { - csp := service.CreateCSPMiddleware(provider) - return csp.Middleware() -} - -func WithMetrics(cloudwatch metricsgateway.AwsCloudwatchGateway) types.Middleware { - return func(next http.HandlerFunc) http.HandlerFunc { - return func(w http.ResponseWriter, r *http.Request) { - next.ServeHTTP(w, r) - cloudwatch.PushMetrics() - } - } -} - -func WithJSONContentType(next http.HandlerFunc) http.HandlerFunc { - return func(w http.ResponseWriter, r *http.Request) { - w.Header().Set("Content-Type", "application/json") - next.ServeHTTP(w, r) - } -} - -func WithHttpLogging(next http.HandlerFunc) http.HandlerFunc { - return func(w http.ResponseWriter, r *http.Request) { - dump, err := httputil.DumpRequest(r, true) - if err == nil { - fmt.Printf("%s", string(dump)) - } else { - fmt.Printf("error while dumping request: %v", err) - } - next.ServeHTTP(w, r) - } -} diff --git a/go/controller/secureframe.go b/go/controller/secureframe.go deleted file mode 100644 index 27756e4f1..000000000 --- a/go/controller/secureframe.go +++ /dev/null @@ -1,138 +0,0 @@ -// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -package controller - -import ( - "fmt" - "html/template" - "net/http" - "net/url" - "path" - - "github.com/Joker/jade" - "github.com/lunasec-io/lunasec/go/service" - "github.com/lunasec-io/lunasec/go/types" - "github.com/lunasec-io/lunasec/go/util" - "github.com/pkg/errors" - "go.uber.org/config" - "go.uber.org/zap" -) - -type secureFrameController struct { - SecureFrameControllerConfig - logger *zap.Logger - indexTpl *template.Template -} - -type SecureFrameControllerConfig struct { - ViewsPath string `yaml:"views_path"` - CdnConfig types.CDNConfig `yaml:"cdn_config"` - TokenizerURL string `yaml:"tokenizer_url"` -} - -type SecureFrameController interface { - Frame(w http.ResponseWriter, r *http.Request) -} - -func NewSecureFrameController( - logger *zap.Logger, - provider config.Provider, -) (controller SecureFrameController, err error) { - var controllerConfig SecureFrameControllerConfig - err = provider.Get("secure_frame_controller").Populate(&controllerConfig) - if err != nil { - return - } - - jadeTpl, err := jade.ParseFile(getView(controllerConfig.ViewsPath, "index")) - if err != nil { - err = errors.Wrap(err, "unable to parse jade template file") - return - } - - indexTpl, err := template.New("html").Parse(jadeTpl) - if err != nil { - err = errors.Wrap(err, "unable to create html template") - return - } - - controller = &secureFrameController{ - SecureFrameControllerConfig: controllerConfig, - logger: logger, - indexTpl: indexTpl, - } - return -} - -func (s *secureFrameController) Frame(w http.ResponseWriter, r *http.Request) { - var ( - err error - ) - - referer := r.Header.Get("referer") - - if referer == "" { - util.RespondError(w, http.StatusBadRequest, errors.New("missing origin for request")) - return - } - - query := r.URL.Query() - - nonce := query.Get("n") - - if nonce == "" { - util.RespondError(w, http.StatusBadRequest, errors.New("missing unique id for request")) - return - } - - tokenizerURL := s.SecureFrameControllerConfig.TokenizerURL - - apiGatewayTokenizerURL := util.GetAPIGatewayTokenizerURL(r) - if apiGatewayTokenizerURL != "" { - tokenizerURL = apiGatewayTokenizerURL - } - - scriptURL := url.URL{ - Scheme: s.CdnConfig.Protocol, - Host: s.CdnConfig.Host, - Path: s.CdnConfig.MainScript, - } - - styleURL := url.URL{ - Scheme: s.CdnConfig.Protocol, - Host: s.CdnConfig.Host, - Path: s.CdnConfig.MainStyle, - } - - templateVars := types.FrameVars{ - CSPNonce: service.Nonce(r.Context()), - RequestOrigin: referer, - RequestNonce: nonce, - ScriptUrl: scriptURL.String(), - StyleUrl: styleURL.String(), - BackendUrl: tokenizerURL, - } - - w.Header().Set("Content-Type", "text/html") - err = s.indexTpl.Execute(w, templateVars) - if err != nil { - s.logger.Error("error returning website", zap.Error(err)) - util.RespondError(w, http.StatusBadRequest, errors.New("error returning website")) - } -} - -func getView(viewsPath, view string) string { - return path.Join(viewsPath, fmt.Sprintf("%s.pug", view)) -} diff --git a/go/controller/session.go b/go/controller/session.go deleted file mode 100644 index 3c757ad1f..000000000 --- a/go/controller/session.go +++ /dev/null @@ -1,319 +0,0 @@ -// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -package controller - -import ( - "net/http" - "net/url" - "time" - - "github.com/google/uuid" - "github.com/lunasec-io/lunasec/go/constants" - "github.com/lunasec-io/lunasec/go/controller/request" - "github.com/lunasec-io/lunasec/go/gateway" - "github.com/lunasec-io/lunasec/go/service" - "github.com/lunasec-io/lunasec/go/types/event" - "github.com/lunasec-io/lunasec/go/util" - "github.com/pkg/errors" - "go.uber.org/config" - "go.uber.org/zap" -) - -const ( - defaultCallbackPath = "/.lunasec/secure-frame" -) - -type AuthProviderType string - -const ( - BackendApplicationAuthProvider AuthProviderType = "backend_application" -) - -type AuthProviderConfig struct { - Url string `yaml:"url"` - Type AuthProviderType `yaml:"type"` - Default bool `yaml:"default"` -} - -type AuthProviderLookup map[string]AuthProviderConfig - -type SessionControllerConfig struct { - AuthProviders AuthProviderLookup `yaml:"auth_providers"` -} - -type sessionController struct { - SessionControllerConfig - logger *zap.Logger - kv gateway.AwsDynamoGateway - authProviderJwtVerifier service.JwtVerifier - authProviders AuthProviderLookup - defaultAuthProvider AuthProviderConfig -} - -type SessionController interface { - SessionEnsure(w http.ResponseWriter, r *http.Request) - SessionVerify(w http.ResponseWriter, r *http.Request) - SessionCreate(w http.ResponseWriter, r *http.Request) -} - -func getDefaultAuthProviderFromConfig(logger *zap.Logger, controllerConfig SessionControllerConfig) (authProviders AuthProviderLookup, defaultAuthProvider AuthProviderConfig) { - var ( - hasSetDefaultAuthProvider bool - ) - - authProviders = AuthProviderLookup{} - for authProviderName, authProviderConfig := range controllerConfig.AuthProviders { - parsedUrl, err := url.Parse(authProviderConfig.Url) - if err != nil { - err = errors.New("unable to parse auth provider url") - logger.Error( - err.Error(), - zap.String("auth provider url", authProviderConfig.Url), - ) - panic(err) - } - - // if there is no auth provider set, we default to the backend application auth provider type - if authProviderConfig.Type == "" { - authProviderConfig.Type = BackendApplicationAuthProvider - - // adjust the auth provider url to include the default callback path if it is not set - if parsedUrl.Path == "" { - parsedUrl.Path = defaultCallbackPath - authProviderConfig.Url = parsedUrl.String() - } - } - - logger.Debug( - "loading auth provider", - zap.String("authProvider", authProviderName), - zap.String("authProviderType", string(authProviderConfig.Type)), - zap.String("authProviderUrl", authProviderConfig.Url), - ) - - authProviders[authProviderName] = authProviderConfig - - // if there is only one auth provider, make this the default - if len(controllerConfig.AuthProviders) == 1 { - defaultAuthProvider = authProviderConfig - break - } - - // if the auth provider has declare itself as default, make it the default - if authProviderConfig.Default { - if hasSetDefaultAuthProvider { - err = errors.New("attempting to set multiple default auth providers, this is not allowed") - logger.Error( - err.Error(), - zap.String("current default auth provider", defaultAuthProvider.Url), - zap.String("other auth provider", authProviderConfig.Url), - ) - panic(err) - } - defaultAuthProvider = authProviderConfig - hasSetDefaultAuthProvider = true - } - } - return -} - -func NewSessionController( - logger *zap.Logger, - provider config.Provider, - kv gateway.AwsDynamoGateway, - authProviderJwtVerifier service.JwtVerifier, -) (controller SessionController) { - var ( - controllerConfig SessionControllerConfig - ) - err := provider.Get("session_controller").Populate(&controllerConfig) - if err != nil { - logger.Error( - err.Error(), - ) - panic(err) - } - - authProviders, defaultAuthProvider := getDefaultAuthProviderFromConfig(logger, controllerConfig) - - controller = &sessionController{ - SessionControllerConfig: controllerConfig, - logger: logger, - kv: kv, - authProviderJwtVerifier: authProviderJwtVerifier, - authProviders: authProviders, - defaultAuthProvider: defaultAuthProvider, - } - return -} - -func (s *sessionController) SessionVerify(w http.ResponseWriter, r *http.Request) { - dataAccessToken, err := request.GetJwtToken(r) - if err != nil { - s.logger.Info("cookie not set when verifying session", zap.String("reportedError", err.Error())) - err = errors.New("LunaSec is not logged in") - // NOTE we return status ok here because we don't always expect the access_token to be set - util.RespondError(w, http.StatusOK, err) - return - } - - err = s.authProviderJwtVerifier.Verify(dataAccessToken) - if err != nil { - s.logger.Info("unable to verify session", zap.String("reportedError", err.Error())) - err = errors.New("LunaSec session cookie signing check failed") - // NOTE we return status ok here because we don't always expect the session to be valid - util.RespondError(w, http.StatusOK, err) - return - } - util.RespondSuccess(w) -} - -func (s *sessionController) getAuthProviderWithName(authProviderName string) (authProviderConfig AuthProviderConfig, err error) { - var ( - ok bool - ) - - if authProviderName == "" { - authProviderConfig = s.defaultAuthProvider - return - } - - authProviderConfig, ok = s.authProviders[authProviderName] - if !ok { - err = errors.New("unable to find auth provider with provided name") - } - return -} - -func (s *sessionController) SessionEnsure(w http.ResponseWriter, r *http.Request) { - // TODO if state token is already present in cookie, do we remove it? - query := r.URL.Query() - - authProviderName := query.Get(constants.AuthProviderNameQueryParam) - - authProvider, err := s.getAuthProviderWithName(authProviderName) - if err != nil { - s.logger.Error( - err.Error(), - zap.String("authProviderName", authProviderName), - ) - util.RespondError(w, http.StatusBadRequest, err) - return - } - - stateToken := uuid.NewString() - s.logger.Debug("creating an auth session", zap.String("stateToken", stateToken)) - err = s.kv.Set(gateway.SessionStore, stateToken, string(constants.SessionUnused)) - if err != nil { - s.logger.Error( - "unable to set session store state token status", - zap.Error(err), - zap.String("stateToken", stateToken), - ) - util.RespondError(w, http.StatusBadRequest, err) - return - } - - v := url.Values{} - v.Set(constants.AuthStateQueryParam, stateToken) - - redirectUrl, err := url.Parse(authProvider.Url) - if err != nil { - util.RespondError(w, http.StatusBadRequest, err) - return - } - - redirectUrl.RawQuery = v.Encode() - - s.logger.Debug("redirecting session ensure request", zap.String("redirectUrl", redirectUrl.String())) - - // TODO (cthompson) revisit this cookie ttl - util.AddCookie(w, constants.AuthStateCookie, stateToken, "/", time.Minute*15) - http.Redirect(w, r, redirectUrl.String(), http.StatusFound) -} - -func getSessionCreateRequest(r *http.Request) (req event.SessionCreateRequest, err error) { - query := r.URL.Query() - - req.StateToken = query.Get(constants.AuthStateQueryParam) - req.AuthToken = query.Get(constants.AuthProviderTokenQueryParam) - - if req.StateToken == "" { - err = errors.New("missing state in request") - } - - if req.AuthToken == "" { - err = errors.New("missing openid_token in request") - } - - if err != nil { - return - } - - req.StateCookie, err = request.GetStateCookie(r) - if err != nil { - err = errors.Wrap(err, "unable to get state cookie in request") - return - } - return -} - -// It's worth noting that none of the JSON responses here get returned to the client because of the CORS options -// including all of these nice errors. Aside from logging in dev, all this gets lost -func (s *sessionController) SessionCreate(w http.ResponseWriter, r *http.Request) { - req, err := getSessionCreateRequest(r) - if err != nil { - s.logger.Error( - "unable to get session create request arguments", - zap.Error(err), - ) - util.RespondError(w, http.StatusBadRequest, err) - return - } - - if req.StateToken != req.StateCookie.Value { - err = errors.New("state token query parameter and state token cookie do not match") - util.RespondError(w, http.StatusBadRequest, err) - return - } - - sessionState, err := s.kv.Get(gateway.SessionStore, req.StateToken) - if err != nil { - util.RespondError(w, http.StatusBadRequest, err) - return - } - - if constants.SessionState(sessionState) == constants.SessionUsed { - err = errors.New("attempted to complete oauth flow with an already used state") - util.RespondError(w, http.StatusBadRequest, err) - return - } - - claims, err := s.authProviderJwtVerifier.VerifyWithSessionClaims(req.AuthToken) - if err != nil { - util.RespondError(w, http.StatusBadRequest, err) - return - } - - encodedSessionHash := util.CreateSessionHash(claims.SessionID) - - w.Header().Set("SESSION_HASH", encodedSessionHash) - - // TODO (cthompson) revist this cookie ttl - util.AddCookie(w, constants.DataAccessTokenCookie, req.AuthToken, "/", time.Minute*15) - // removes state cookie - util.AddCookie(w, constants.AuthStateCookie, "", "/", 0) - util.RespondSuccess(w) -} diff --git a/go/controller/tokenizer.go b/go/controller/tokenizer.go deleted file mode 100644 index 9fdce26fa..000000000 --- a/go/controller/tokenizer.go +++ /dev/null @@ -1,182 +0,0 @@ -// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -package controller - -import ( - "encoding/json" - "github.com/lunasec-io/lunasec/go/constants" - "github.com/lunasec-io/lunasec/go/util/auth" - "io/ioutil" - "log" - "net/http" - - "go.uber.org/config" - - "github.com/lunasec-io/lunasec/go/service" - "github.com/lunasec-io/lunasec/go/types" - "github.com/lunasec-io/lunasec/go/types/event" - "github.com/lunasec-io/lunasec/go/util" - "github.com/pkg/errors" -) - -type tokenizerController struct { - tokenizerControllerConfig - tokenizer service.TokenizerService - jwtVerifier service.JwtVerifier - meta service.MetadataService - grant service.GrantService -} - -type tokenizerControllerConfig struct { -} - -type TokenizerController interface { - TokenizerGet(w http.ResponseWriter, req *http.Request) - TokenizerSet(w http.ResponseWriter, req *http.Request) -} - -func NewTokenizerController( - provider config.Provider, - tokenizer service.TokenizerService, - jwtVerifier service.JwtVerifier, - meta service.MetadataService, - grant service.GrantService, -) (controller TokenizerController) { - var ( - controllerConfig tokenizerControllerConfig - ) - - err := provider.Get("tokenizer_controller").Populate(&controllerConfig) - if err != nil { - panic(err) - } - - controller = &tokenizerController{ - tokenizerControllerConfig: controllerConfig, - tokenizer: tokenizer, - jwtVerifier: jwtVerifier, - meta: meta, - grant: grant, - } - return -} - -func (s *tokenizerController) requestHasValidGrantForToken(r *http.Request, tokenID types.Token) (valid bool, err error) { - claims, err := auth.GetRequestClaims(s.jwtVerifier, r) - if err != nil { - err = errors.Wrap(err, "unable to verify token jwt with claims") - return - } - - return s.grant.ValidTokenGrantExistsForSession(tokenID, claims.SessionID, constants.TokenFullAccess) -} - -func (s *tokenizerController) TokenizerGet(w http.ResponseWriter, r *http.Request) { - log.Printf("Received TokenizerGet request") - - input := event.TokenizerGetRequest{} - b, err := ioutil.ReadAll(r.Body) - - if err != nil { - util.RespondError(w, http.StatusBadRequest, err) - return - } - - if err := json.Unmarshal(b, &input); err != nil { - util.RespondError(w, http.StatusBadRequest, err) - return - } - - valid, err := s.requestHasValidGrantForToken(r, types.Token(input.TokenID)) - if err != nil { - log.Println(err) - util.RespondError(w, http.StatusBadRequest, err) - return - } - - if !valid { - err = errors.New("session does not have valid token grant available to detokenize") - util.RespondError(w, http.StatusBadRequest, err) - return - } - - url, headers, err := s.tokenizer.TokenizerGet(types.Token(input.TokenID)) - if err != nil { - statusCode := 500 - // TODO: Make this error message a constant - if err.Error() == "unable to locate data for token" { - statusCode = 404 - } - util.RespondError(w, statusCode, err) - return - } - - resp := event.TokenizerGetResponse{ - DownloadURL: url, - Headers: headers, - } - - util.Respond(w, resp) -} - -func (s *tokenizerController) TokenizerSet(w http.ResponseWriter, r *http.Request) { - log.Printf("Received TokenizerSet request") - - input := event.TokenizerSetRequest{} - b, err := ioutil.ReadAll(r.Body) - - if err != nil { - util.RespondError(w, http.StatusBadRequest, err) - return - } - - if err := json.Unmarshal(b, &input); err != nil { - util.RespondError(w, http.StatusBadRequest, err) - return - } - - claims, err := auth.GetRequestClaims(s.jwtVerifier, r) - if err != nil { - err = errors.Wrap(err, "unable to verify token jwt with claims") - util.RespondError(w, http.StatusBadRequest, err) - return - } - - tokenID, url, headers, err := s.tokenizer.TokenizerSet() - if err != nil { - util.RespondError(w, http.StatusInternalServerError, err) - return - } - - if len(input.Metadata) > 0 { - if err := s.meta.SetMetadata(tokenID, claims, input.Metadata); err != nil { - util.RespondError(w, http.StatusInternalServerError, err) - return - } - } - //We automatically create grants for new tokens so that they can be set in the DB, and detokenized elsewhere in the same browser session - if err := s.grant.SetTokenGrantForSession(tokenID, claims.SessionID, constants.TokenFullAccess, ""); err != nil { - util.RespondError(w, http.StatusInternalServerError, err) - return - } - - resp := event.TokenizerSetResponse{ - TokenID: string(tokenID), - UploadURL: url, - Headers: headers, - } - - util.Respond(w, resp) -} diff --git a/go/gateway/dynamo.go b/go/gateway/dynamo.go deleted file mode 100644 index 79d8f3725..000000000 --- a/go/gateway/dynamo.go +++ /dev/null @@ -1,177 +0,0 @@ -// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -package gateway - -import ( - "fmt" - "log" - "time" - - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/session" - "github.com/aws/aws-sdk-go/service/dynamodb" - "github.com/aws/aws-sdk-go/service/dynamodb/dynamodbattribute" - "github.com/lunasec-io/lunasec/go/types" - "go.uber.org/config" - "go.uber.org/zap" -) - -var primaryKey = "Key" - -const ( - MetaStore = types.KVStore("metadata") - KeyStore = types.KVStore("keys") - SessionStore = types.KVStore("sessions") - GrantStore = types.KVStore("grants") -) - -func validateTableConfig(tableConfig map[types.KVStore]string) { - tableNames := []types.KVStore{ - MetaStore, - KeyStore, - SessionStore, - GrantStore, - } - - var errs []error - for _, tableName := range tableNames { - if _, ok := tableConfig[tableName]; !ok { - err := fmt.Errorf("unable to find ARN for table: %s", tableName) - errs = append(errs, err) - } - } - - if len(errs) != 0 { - errMsg := "" - for _, err := range errs { - errMsg = errMsg + ", " + err.Error() - } - panic(errMsg) - } -} - -type dynamoGateway struct { - DynamoKvGatewayConfig - logger *zap.Logger - db *dynamodb.DynamoDB -} - -type DynamoKvGatewayConfig struct { - TableNames map[types.KVStore]string `yaml:"table_names"` -} - -// AwsDynamoGateway ... -type AwsDynamoGateway interface { - Get(store types.KVStore, key string) (string, error) - Set(store types.KVStore, key string, value string) error -} - -// NewDynamoGateway... -func NewDynamoGateway(logger *zap.Logger, provider config.Provider, sess *session.Session) AwsDynamoGateway { - var ( - gatewayConfig DynamoKvGatewayConfig - ) - - err := provider.Get("aws_gateway").Populate(&gatewayConfig) - if err != nil { - log.Println(err) - panic(err) - } - - validateTableConfig(gatewayConfig.TableNames) - - logger.Debug("creating new dynamodb session") - db := dynamodb.New(sess) - - return &dynamoGateway{ - DynamoKvGatewayConfig: gatewayConfig, - logger: logger, - db: db, - } -} - -func (s *dynamoGateway) getTableName(store types.KVStore) (tableName string, err error) { - var ( - ok bool - ) - tableName, ok = s.TableNames[store] - if !ok { - err = fmt.Errorf("unable to find table name for store: %s", store) - return - } - if tableName == "" { - err = fmt.Errorf("table name found, but was assigned to empty string for store: %s", store) - return - } - return -} - -func (s *dynamoGateway) Get(store types.KVStore, key string) (string, error) { - tableName, err := s.getTableName(store) - if err != nil { - return "", err - } - - dbResult, err := s.db.GetItem(&dynamodb.GetItemInput{ - TableName: aws.String(tableName), - Key: map[string]*dynamodb.AttributeValue{ - primaryKey: { - S: aws.String(key), - }, - }, - }) - - if err != nil || dbResult.Item == nil { - return "", err - } - - metadata := types.Metadata{} - - if err = dynamodbattribute.UnmarshalMap(dbResult.Item, &metadata); err != nil { - return "", err - } - - return metadata.Value, nil -} - -func (s *dynamoGateway) Set(store types.KVStore, key string, value string) error { - tableName, err := s.getTableName(store) - if err != nil { - return err - } - - metadata := types.Metadata{ - Key: key, - Value: value, - Timestamp: time.Now().Unix(), - } - - av, err := dynamodbattribute.MarshalMap(metadata) - - if err != nil { - return err - } - - input := &dynamodb.PutItemInput{ - Item: av, - TableName: aws.String(tableName), - } - - if _, err := s.db.PutItem(input); err != nil { - return err - } - - return nil -} diff --git a/go/gateway/ecr.go b/go/gateway/ecr.go deleted file mode 100644 index e7c913473..000000000 --- a/go/gateway/ecr.go +++ /dev/null @@ -1,147 +0,0 @@ -// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -// go:generate mockgen - -package gateway - -import ( - "encoding/base64" - "errors" - "fmt" - "log" - "strings" - - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/session" - "github.com/aws/aws-sdk-go/service/ecr" - "github.com/aws/aws-sdk-go/service/ecrpublic" - "github.com/google/go-containerregistry/pkg/authn" - "github.com/lunasec-io/lunasec/go/util" -) - -type awsECRGateway struct { - session *session.Session -} - -type AwsECRGateway interface { - GetCredentials() (authConfig authn.AuthConfig, err error) - GetPublicCredentials() (authConfig authn.AuthConfig, err error) - CreateRepository(repoName string) error - GetLatestImageTag(repoName string) (tag string, err error) -} - -func NewAwsECRGateway() AwsECRGateway { - sess, err := session.NewSessionWithOptions(session.Options{ - SharedConfigState: session.SharedConfigEnable, - }) - - if err != nil { - util.Panicf("Failed to instantiate ecr session %s", err) - } - return &awsECRGateway{ - session: sess, - } -} - -func (s *awsECRGateway) CreateRepository(repoName string) error { - ecrClient := ecr.New(s.session) - req := &ecr.CreateRepositoryInput{ - RepositoryName: aws.String(repoName), - } - _, err := ecrClient.CreateRepository(req) - if err != nil { - return err - } - return nil -} - -func (s *awsECRGateway) GetPublicCredentials() (authConfig authn.AuthConfig, err error) { - log.Println("Getting authorization token from ecr public...") - ecrClient := ecrpublic.New(s.session, aws.NewConfig().WithRegion("us-east-1")) - input := &ecrpublic.GetAuthorizationTokenInput{} - ecrAuthToken, err := ecrClient.GetAuthorizationToken(input) - if err != nil { - log.Println(err) - return - } - - authData := ecrAuthToken.AuthorizationData - authToken := *authData.AuthorizationToken - return s.getAuthConfig(authToken) -} - -func (s *awsECRGateway) GetCredentials() (authConfig authn.AuthConfig, err error) { - log.Println("Getting authorization token from ecr...") - ecrClient := ecr.New(s.session) - ecrAuthToken, err := ecrClient.GetAuthorizationToken(nil) - if err != nil { - log.Println(err) - return - } - - authData := ecrAuthToken.AuthorizationData - if len(authData) == 0 { - err = errors.New("no auth data for ecr") - log.Println(err) - return - } - - authToken := *authData[0].AuthorizationToken - return s.getAuthConfig(authToken) -} - -func (s *awsECRGateway) getAuthConfig(authToken string) (authConfig authn.AuthConfig, err error) { - auth, err := base64.StdEncoding.DecodeString(authToken) - if err != nil { - log.Println(err) - return - } - - authParts := strings.Split(string(auth), ":") - - authConfig = authn.AuthConfig{ - Username: authParts[0], - Password: authParts[1], - } - return -} - -func (s *awsECRGateway) GetLatestImageTag(repoName string) (tag string, err error) { - ecrClient := ecr.New(s.session) - - listImagesInput := &ecr.ListImagesInput{ - Filter: &ecr.ListImagesFilter{ - TagStatus: aws.String(ecr.TagStatusTagged), - }, - RepositoryName: aws.String(repoName), - } - listImagesOutput, err := ecrClient.ListImages(listImagesInput) - if err != nil { - log.Println(err) - return - } - - if len(listImagesOutput.ImageIds) == 0 { - err = fmt.Errorf("unable to find images for the provided repository: %s", repoName) - return - } - - for _, imageId := range listImagesOutput.ImageIds { - if *imageId.ImageTag == "latest" { - tag = *imageId.ImageDigest - } - } - return -} diff --git a/go/gateway/metrics/cloudwatch.go b/go/gateway/metrics/cloudwatch.go deleted file mode 100644 index 961508039..000000000 --- a/go/gateway/metrics/cloudwatch.go +++ /dev/null @@ -1,194 +0,0 @@ -// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -package metrics - -import ( - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/client" - "github.com/aws/aws-sdk-go/service/cloudwatch" - "github.com/lunasec-io/lunasec/go/constants" - "github.com/lunasec-io/lunasec/go/constants/metrics" - "github.com/lunasec-io/lunasec/go/gateway/configs" - "github.com/lunasec-io/lunasec/go/types" - "go.uber.org/config" - "go.uber.org/zap" - "log" - "sync" - "time" -) - -type cloudwatchGateway struct { - logger *zap.Logger - cw *cloudwatch.CloudWatch - namespace string - stackID string - rwMutex sync.RWMutex - metricsCache map[string]int64 -} - -// AwsCloudwatchGateway ... -type AwsCloudwatchGateway interface { - Metric(name metrics.ApplicationMetric, value int) - PushMetrics() - GetMetricSumFromPastDay(name metrics.ApplicationMetric) (sum int64, err error) -} - -// NewAwsCloudwatchGateway... -func NewAwsCloudwatchGateway(logger *zap.Logger, provider config.Provider, sess client.ConfigProvider) AwsCloudwatchGateway { - var ( - appConfig types.AppConfig - gatewayConfig configs.AwsGatewayConfig - ) - - err := provider.Get("aws_gateway").Populate(&gatewayConfig) - if err != nil { - log.Println(err) - panic(err) - } - - err = provider.Get("app").Populate(&appConfig) - if err != nil { - log.Println(err) - panic(err) - } - - cw := cloudwatch.New(sess) - - return &cloudwatchGateway{ - logger: logger, - cw: cw, - namespace: gatewayConfig.CloudwatchNamespace, - stackID: appConfig.StackID, - metricsCache: map[string]int64{}, - } -} - -func (c *cloudwatchGateway) Metric(name metrics.ApplicationMetric, value int) { - c.rwMutex.Lock() - defer c.rwMutex.Unlock() - - c.metricsCache[string(name)] += int64(value) - - return -} - -func (c *cloudwatchGateway) cloneMetricsCache() map[string]int64 { - c.rwMutex.Lock() - defer c.rwMutex.Unlock() - - metricsCache := map[string]int64{} - for k, v := range c.metricsCache { - metricsCache[k] = v - } - - // clear metrics cache for next set of metrics - c.metricsCache = map[string]int64{} - - return metricsCache -} - -func (c *cloudwatchGateway) pushMetricsData(metricsData []*cloudwatch.MetricDatum) { - input := &cloudwatch.PutMetricDataInput{ - Namespace: aws.String(c.namespace), - MetricData: metricsData, - } - - c.logger.Debug("pushing metrics data to cloudwatch: ", zap.Any("input", input)) - - _, err := c.cw.PutMetricData(input) - - if err != nil { - c.logger.Error( - "failed to push metrics", - zap.Error(err), - ) - } -} - -func (c *cloudwatchGateway) PushMetrics() { - var ( - metricsData []*cloudwatch.MetricDatum - ) - - if len(c.metricsCache) == 0 { - return - } - - c.logger.Debug( - "pushing metric data", - zap.Any("metrics", c.metricsCache), - ) - - // clone map to avoid blocking - metricsCache := c.cloneMetricsCache() - - for name, value := range metricsCache { - metric := &cloudwatch.MetricDatum{ - MetricName: aws.String(name), - Dimensions: []*cloudwatch.Dimension{ - { - Name: aws.String("stackID"), - Value: aws.String(c.stackID), - }, - { - Name: aws.String("version"), - Value: aws.String(constants.Version), - }, - }, - Value: aws.Float64(float64(value)), - } - metricsData = append(metricsData, metric) - - if len(metricsData) == 20 { - c.pushMetricsData(metricsData) - metricsData = []*cloudwatch.MetricDatum{} - } - } - - // push any remaining metrics - c.pushMetricsData(metricsData) -} - -func (c *cloudwatchGateway) GetMetricSumFromPastDay(name metrics.ApplicationMetric) (sum int64, err error) { - pastDay := -1 * time.Hour * 24 - startTime := time.Now().Add(pastDay) - endTime := time.Now() - - // get metrics in 12 hour periods - period := int64(60 * 60 * 12) - - stats := []string{ - "Sum", - } - - input := cloudwatch.GetMetricStatisticsInput{ - Namespace: aws.String(c.namespace), - MetricName: aws.String(string(name)), - StartTime: &startTime, - EndTime: &endTime, - Period: aws.Int64(period), - Statistics: aws.StringSlice(stats), - } - - output, err := c.cw.GetMetricStatistics(&input) - if err != nil { - return - } - - for _, dataPoint := range output.Datapoints { - sum += int64(*dataPoint.Sum) - } - return -} diff --git a/go/gateway/metrics/provide.go b/go/gateway/metrics/provide.go deleted file mode 100644 index 94f6289c3..000000000 --- a/go/gateway/metrics/provide.go +++ /dev/null @@ -1,63 +0,0 @@ -// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -package metrics - -import ( - "github.com/aws/aws-sdk-go/aws/client" - "github.com/lunasec-io/lunasec/go/constants" - "github.com/lunasec-io/lunasec/go/constants/metrics" - "go.uber.org/config" - "go.uber.org/zap" - "log" -) - -type MetricProviderConfig struct { - Disabled bool `yaml:"disabled"` - Provider constants.MetricsProvider `yaml:"provider"` - DisableUsageStatisticsMetrics bool `yaml:"disable_usage_statistics"` -} - -// LunaSecMetricsGateway ... -type LunaSecMetricsGateway interface { - Metric(name metrics.ApplicationMetric, value int) -} - -func NewMetricsConfig( - provider config.Provider, -) (metricsConfig MetricProviderConfig, err error) { - err = provider.Get("metrics").Populate(&metricsConfig) - return -} - -func SetupMetricsGateway(logger *zap.Logger, provider config.Provider, sess client.ConfigProvider) LunaSecMetricsGateway { - metricsConfig, err := NewMetricsConfig(provider) - - if err != nil { - log.Println("Metrics config missing but is required") - log.Println(err) - panic(err) - } - - if metricsConfig.Disabled == true || metricsConfig.Provider == constants.MetricsProviderNone { - return NewNopMetricsGateway() - } - - if metricsConfig.Provider == constants.MetricsProviderAwsCloudwatch { - return NewAwsCloudwatchGateway(logger, provider, sess) - } - - log.Printf("Unsupported metrics provider specified: %s", metricsConfig.Provider) - panic("Unsupported metrics provider specified") -} diff --git a/go/gateway/provide.go b/go/gateway/provide.go deleted file mode 100644 index f867b3eca..000000000 --- a/go/gateway/provide.go +++ /dev/null @@ -1,138 +0,0 @@ -// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -package gateway - -import ( - "crypto/tls" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/credentials" - "github.com/aws/aws-sdk-go/aws/session" - "github.com/lunasec-io/lunasec/go/gateway/configs" - "github.com/lunasec-io/lunasec/go/gateway/metrics" - "github.com/lunasec-io/lunasec/go/util" - "go.uber.org/config" - "go.uber.org/zap" - "net/http" -) - -type Gateways struct { - KV AwsDynamoGateway - SM AwsSecretsManagerGateway - S3 AwsS3Gateway - CW metrics.AwsCloudwatchGateway -} - -func NewGatewayConfig(logger *zap.Logger, provider config.Provider) (gatewayConfig configs.AwsGatewayConfig, err error) { - err = provider.Get("aws_gateway").Populate(&gatewayConfig) - if err != nil { - logger.Error("unable to load aws gateway config", zap.Error(err)) - return - } - return -} - -func newAwsSessionOptions(logger *zap.Logger, provider config.Provider) (options session.Options, err error) { - var ( - gatewayConfig configs.AwsGatewayConfig - creds *credentials.Credentials - endpointUrl *string - httpClient *http.Client - s3ForcePathStyle bool - ) - - gatewayConfig, err = NewGatewayConfig(logger, provider) - if err != nil { - logger.Error("unable to create gateway config", zap.Error(err)) - return - } - - if gatewayConfig.S3Region == "" { - gatewayConfig.S3Region = "us-west-2" - } - - sharedConfigEnable := session.SharedConfigEnable - if !util.IsRunningInLambda() && gatewayConfig.AccessKeyID != "" && gatewayConfig.SecretAccessKey != "" { - logger.Debug( - "using configured credentials for aws session", - zap.String("accessKeyID", gatewayConfig.AccessKeyID), - zap.String("secretAccessKey", gatewayConfig.SecretAccessKey), - ) - creds = credentials.NewStaticCredentials(gatewayConfig.AccessKeyID, gatewayConfig.SecretAccessKey, "") - sharedConfigEnable = session.SharedConfigDisable - } - - if gatewayConfig.LocalstackURL != "" || gatewayConfig.LocalHTTPSProxy != "" { - s3ForcePathStyle = true - if gatewayConfig.LocalHTTPSProxy != "" { - logger.Debug( - "using configured localstack url (https proxy) for aws session", - zap.String("localstackURL", gatewayConfig.LocalHTTPSProxy), - ) - endpointUrl = aws.String(gatewayConfig.LocalHTTPSProxy) - tr := &http.Transport{ - TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, - } - httpClient = &http.Client{Transport: tr} - } else { - logger.Debug( - "using configured localstack url for aws session", - zap.String("localstackURL", gatewayConfig.LocalstackURL), - ) - endpointUrl = aws.String(gatewayConfig.LocalstackURL) - } - } - - options = session.Options{ - SharedConfigState: sharedConfigEnable, - Config: aws.Config{ - Credentials: creds, - Region: aws.String(gatewayConfig.S3Region), - Endpoint: endpointUrl, - S3ForcePathStyle: aws.Bool(s3ForcePathStyle), - HTTPClient: httpClient, - }, - } - return -} - -func NewAwsSession(logger *zap.Logger, provider config.Provider) (sess *session.Session, err error) { - options, err := newAwsSessionOptions(logger, provider) - if err != nil { - return - } - - sess = session.Must(session.NewSessionWithOptions(options)) - return -} - -func GetAwsGateways(logger *zap.Logger, provider config.Provider) (gateways Gateways) { - sess, err := NewAwsSession(logger, provider) - if err != nil { - panic(err) - } - - logger.Debug("loading secrets manager AWS gateway...") - gateways.SM = NewAwsSecretsManagerGateway(logger, provider, sess) - - logger.Debug("loading dynamodb AWS gateway...") - gateways.KV = NewDynamoGateway(logger, provider, sess) - - logger.Debug("loading s3 AWS gateway...") - gateways.S3 = NewAwsS3Gateway(logger, provider, sess) - - logger.Debug("loading cloudwatch AWS gateway...") - gateways.CW = metrics.NewAwsCloudwatchGateway(logger, provider, sess) - return -} diff --git a/go/gateway/s3.go b/go/gateway/s3.go deleted file mode 100644 index 5144eb320..000000000 --- a/go/gateway/s3.go +++ /dev/null @@ -1,198 +0,0 @@ -// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -package gateway - -import ( - "crypto/md5" - "encoding/base64" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/session" - "github.com/aws/aws-sdk-go/service/s3" - "github.com/lunasec-io/lunasec/go/constants" - "github.com/lunasec-io/lunasec/go/gateway/configs" - "go.uber.org/config" - "go.uber.org/zap" - "io/ioutil" - "log" - "strings" -) - -const s3EncryptionAlgo = "AES256" - -type awsS3Gateway struct { - configs.AwsGatewayConfig - logger *zap.Logger - s3 *session.Session - s3Host string -} - -type AwsS3GatewayConfig struct { - S3Region string `yaml:"region"` - CiphertextBucket string `yaml:"ciphertext_bucket"` - AccessKeyID string `yaml:"access_key_id"` - SecretAccessKey string `yaml:"secret_access_key"` - LocalHTTPSProxy string `yaml:"local_https_proxy"` - LocalstackURL string `yaml:"localstack_url"` -} - -type AwsS3GatewayConfigWrapper struct { - AwsGateway configs.AwsGatewayConfig `yaml:"aws_gateway"` -} - -// AwsS3Gateway ... -type AwsS3Gateway interface { - GetObject(key string) (content []byte, err error) - GeneratePresignedGetUrl(key string, encryptionKey []byte) (string, map[string]string, error) - GeneratePresignedPutUrl(key string, encryptionKey []byte) (string, map[string]string, error) -} - -func NewAwsS3GatewayConfig(region, bucket string) AwsS3GatewayConfigWrapper { - return AwsS3GatewayConfigWrapper{ - AwsGateway: configs.AwsGatewayConfig{ - S3Region: region, - CiphertextBucket: bucket, - }, - } -} - -// TODO (cthompson) this should just be a presigning service since local dev presigns urls with an endpoint URL -// that would not work if attempting to contact s3 directly from this service. Another S3 gateway for calls -// directly to s3 from this service should be created. - -// NewAwsS3Gateway... -func NewAwsS3Gateway(logger *zap.Logger, provider config.Provider, sess *session.Session) (s3Gateway AwsS3Gateway) { - var ( - gatewayConfig configs.AwsGatewayConfig - ) - - err := provider.Get("aws_gateway").Populate(&gatewayConfig) - if err != nil { - logger.Error("unable to populate s3 config", zap.Error(err)) - panic(err) - } - - s3Host := gatewayConfig.CiphertextBucket + ".s3." + gatewayConfig.S3Region + ".amazonaws.com" - - s3Gateway = &awsS3Gateway{ - logger: logger, - AwsGatewayConfig: gatewayConfig, - s3: sess, - s3Host: s3Host, - } - return -} - -func (s *awsS3Gateway) GetObject(key string) (content []byte, err error) { - s3Client := s3.New(s.s3) - input := s3.GetObjectInput{ - Bucket: aws.String(s.CiphertextBucket), - Key: aws.String(key), - } - resp, err := s3Client.GetObject(&input) - if err != nil { - log.Println(err) - return - } - defer resp.Body.Close() - - return ioutil.ReadAll(resp.Body) -} - -type createPresignedUrlParams struct { - svc *s3.S3 - bucket, key string - encryptionKey []byte - encodedKeyChecksum string -} - -type createPresignedUrlFunc func(params createPresignedUrlParams) (url string, err error) - -// adjustUrlFromLocalDev will re-write the URL so that they can be accessed without an https cert in a browser when testing locally. -func (s *awsS3Gateway) adjustUrlFromLocalDev(url string) string { - s.logger.Debug( - "adjusting url for local dev", - zap.String("https proxy", s.LocalHTTPSProxy), - zap.String("localstack url", s.LocalstackURL), - ) - - return strings.ReplaceAll(url, s.LocalHTTPSProxy, s.LocalstackURL) -} - -func (s *awsS3Gateway) GeneratePresignedPutUrl(key string, encryptionKey []byte) (string, map[string]string, error) { - return s.generatePresignedUrl(key, encryptionKey, createPutObjectPresignedUrl) -} - -func (s *awsS3Gateway) GeneratePresignedGetUrl(key string, encryptionKey []byte) (string, map[string]string, error) { - return s.generatePresignedUrl(key, encryptionKey, createGetObjectPresignedUrl) -} - -func (s *awsS3Gateway) generatePresignedUrl(key string, encryptionKey []byte, createPresignedUrl createPresignedUrlFunc) (string, map[string]string, error) { - svc := s3.New(s.s3) - b64EncryptionKey := base64.StdEncoding.EncodeToString(encryptionKey) - keyChecksum := md5.Sum(encryptionKey) - keyChecksumBase64 := base64.StdEncoding.EncodeToString(keyChecksum[:]) - - params := createPresignedUrlParams{ - svc, s.CiphertextBucket, key, encryptionKey, keyChecksumBase64, - } - - url, err := createPresignedUrl(params) - - if err != nil { - return "", nil, err - } - - headers := map[string]string{ - "host": s.s3Host, - "x-amz-server-side-encryption-customer-key": b64EncryptionKey, - "x-amz-server-side-encryption-customer-key-md5": keyChecksumBase64, - "x-amz-server-side-encryption-customer-algorithm": s3EncryptionAlgo, - } - - if s.LocalHTTPSProxy != "" { - oldUrl := url - url = s.adjustUrlFromLocalDev(url) - s.logger.Debug( - "adjusting presigned url from https to http", - zap.String("old url", oldUrl), - zap.String("new url", url), - ) - } - - return url, headers, err -} - -func createGetObjectPresignedUrl(params createPresignedUrlParams) (url string, err error) { - req, _ := params.svc.GetObjectRequest(&s3.GetObjectInput{ - Bucket: aws.String(params.bucket), - Key: aws.String(params.key), - SSECustomerAlgorithm: aws.String(s3EncryptionAlgo), - SSECustomerKey: aws.String(string(params.encryptionKey)), - SSECustomerKeyMD5: aws.String(params.encodedKeyChecksum), - }) - return req.Presign(constants.S3Timeout) -} - -func createPutObjectPresignedUrl(params createPresignedUrlParams) (url string, err error) { - req, _ := params.svc.PutObjectRequest(&s3.PutObjectInput{ - Bucket: aws.String(params.bucket), - Key: aws.String(params.key), - SSECustomerAlgorithm: aws.String(s3EncryptionAlgo), - SSECustomerKey: aws.String(string(params.encryptionKey)), - SSECustomerKeyMD5: aws.String(params.encodedKeyChecksum), - }) - - return req.Presign(constants.S3Timeout) -} diff --git a/go/pkg/analyticscollector/handler.go b/go/pkg/analyticscollector/handler.go deleted file mode 100644 index fab692f1e..000000000 --- a/go/pkg/analyticscollector/handler.go +++ /dev/null @@ -1,113 +0,0 @@ -// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -package analyticscollector - -import ( - "bytes" - "encoding/json" - "github.com/lunasec-io/lunasec/go/constants" - "github.com/lunasec-io/lunasec/go/types" - "go.uber.org/zap" - "log" - "net/http" -) - -func Handler() { - var ( - analyticsCollectorConfig types.AnalyticsCollectorConfig - appConfig types.AppConfig - ) - - logger, provider, cloudwatch := analyticsCollectorDependencies() - - if err := provider.Get("analyticscollector").Populate(&analyticsCollectorConfig); err != nil { - logger.Error("unable to load config", zap.Error(err)) - return - } - - err := provider.Get("app").Populate(&appConfig) - if err != nil { - log.Println(err) - panic(err) - } - - // collect all configured metrics from Cloudwatch - collectedMetrics := types.CollectedMetrics{} - for _, metric := range analyticsCollectorConfig.Metrics { - sum, err := cloudwatch.GetMetricSumFromPastDay(metric) - if err != nil { - logger.Error( - "unable to get sum for metric", - zap.String("metric", string(metric)), - zap.Error(err), - ) - continue - } - collectedMetrics[metric] = sum - } - - logger.Info( - "collected metrics", - zap.Any("metrics", collectedMetrics), - ) - - reportedMetrics := types.ReportedMetrics{ - Version: constants.Version, - StackID: appConfig.StackID, - CollectedMetrics: collectedMetrics, - } - - logger.Info( - "sending collected metrics to analytics server", - zap.String("analytics server", analyticsCollectorConfig.AnalyticsServer), - zap.Any("reported metrics", reportedMetrics), - ) - - body, err := json.Marshal(reportedMetrics) - if err != nil { - logger.Error( - "unable to marshal metrics", - zap.Error(err), - zap.Any("metrics", collectedMetrics), - ) - return - } - - req, err := http.NewRequest(http.MethodPost, analyticsCollectorConfig.AnalyticsServer, bytes.NewBuffer(body)) - if err != nil { - logger.Error( - "failure sending metrics to reporting url", - zap.Error(err), - zap.String("reporting url", analyticsCollectorConfig.AnalyticsServer), - zap.Any("metrics", collectedMetrics), - ) - return - } - - client := http.Client{} - - // we aren't checking the status since we can see any issues within the context of the - // analytics collector server - _, err = client.Do(req) - if err != nil { - logger.Error( - "failure sending metrics to reporting url", - zap.Error(err), - zap.String("reporting url", analyticsCollectorConfig.AnalyticsServer), - zap.Any("metrics", collectedMetrics), - ) - return - } -} diff --git a/go/pkg/containermodifier/functionconfig.go b/go/pkg/containermodifier/functionconfig.go deleted file mode 100644 index 040e6e99a..000000000 --- a/go/pkg/containermodifier/functionconfig.go +++ /dev/null @@ -1,123 +0,0 @@ -// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -package containermodifier - -import ( - "encoding/json" - "fmt" - "io/ioutil" - "log" - "path" - "path/filepath" - "strings" - - v1 "github.com/google/go-containerregistry/pkg/v1" - "github.com/google/go-containerregistry/pkg/v1/tarball" - "github.com/lunasec-io/lunasec/go/constants" - "github.com/lunasec-io/lunasec/go/types" - "github.com/lunasec-io/lunasec/go/util" -) - -func LoadFunctionConfig(functionsConfigFile string) (configFile types.FunctionConfigFile, err error) { - data, err := ioutil.ReadFile(functionsConfigFile) - if err != nil { - log.Println(err) - return - } - - err = json.Unmarshal(data, &configFile) - if err != nil { - log.Println(err) - return - } - return -} - -func buildFunctionLookup(runtimeConfig constants.RuntimeConfig, workDir, handlerPath string, configuredFunctions []types.FunctionConfig) ([]byte, error) { - functionLookup := types.FunctionLookup{} - for _, f := range configuredFunctions { - // override workdir if explicitly set by the function config - if f.WorkDir != "" { - workDir = f.WorkDir - } - // TODO (cthompson) hardcoded for testing, most of the logic for building the function config is in python - // we should move the logic into this code since it makes more sense to have it here for testing locally. - refineryFunction := types.RefineryFunction{ - Command: "node", - Handler: handlerPath, - ImportPath: f.ImportPath, - FunctionName: f.FunctionName, - WorkDir: workDir, - // TODO (cthompson) we need to get env variables into this function from the user - Env: map[string]string{ - string(runtimeConfig.ModuleEnvVar): workDir, - }, - } - // TODO (cthompson) make utility functions for getting and setting a function config since - // we might run into collisions - functionLookup[f.FunctionName] = refineryFunction - } - - return json.Marshal(functionLookup) -} - -func CreateFunctionConfigLayer(workDir, runtime string, functions []types.FunctionConfig) (layer v1.Layer, err error) { - runtimeConfig, ok := constants.RuntimeToRuntimeConfig[constants.Runtime(runtime)] - if !ok { - err = fmt.Errorf("unsupported runtime: %s", runtime) - return - } - - handlerName := string(runtimeConfig.Handler) - handlerPath := path.Join(constants.RuntimePath, handlerName) - - if len(functions) == 0 { - functions = append(functions, constants.SingleFunctionContainerConfig) - } - - functionData, err := buildFunctionLookup(runtimeConfig, workDir, handlerPath, functions) - if err != nil { - log.Println(err) - return - } - - handlerContent, err := util.LoadRuntimeHandler(handlerName) - if err != nil { - log.Println(err) - return - } - - files := []util.InMemoryFile{ - {Name: constants.FunctionsPath, Body: string(functionData)}, - {Name: handlerPath, Body: handlerContent}, - } - - tarData, err := util.BuildInMemoryTarFile(files) - if err != nil { - log.Println(err) - return - } - return tarball.LayerFromReader(&tarData) -} - -func GetNewContainerNames(containerTarFile string) (newTag, newFilename string) { - basename := path.Base(containerTarFile) - basenameExt := filepath.Ext(basename) - tag := strings.TrimSuffix(basename, basenameExt) - - newTag = fmt.Sprintf("lunasec-%s", tag) - newFilename = newTag + basenameExt - return -} diff --git a/go/pkg/tokenizer/cli.go b/go/pkg/tokenizer/cli.go deleted file mode 100644 index 00d2a096b..000000000 --- a/go/pkg/tokenizer/cli.go +++ /dev/null @@ -1,372 +0,0 @@ -// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -package tokenizer - -import ( - "bytes" - "encoding/json" - "errors" - "fmt" - "github.com/lunasec-io/lunasec/go/types" - "gopkg.in/square/go-jose.v2/jwt" - "io/ioutil" - "log" - "net/http" - - "github.com/lunasec-io/lunasec/go/constants" - "github.com/lunasec-io/lunasec/go/service" - "github.com/lunasec-io/lunasec/go/types/event" - "github.com/urfave/cli/v2" - "go.uber.org/zap" -) - -type CliOptions struct { - URL string - Secret string - Token string - Plaintext string - Input string - Output string - Metadata string - AuthPrivateKey string -} - -func cliOptionsStruct(c *cli.Context) CliOptions { - return CliOptions{ - URL: c.String("url"), - AuthPrivateKey: c.String("auth-private-key"), - Secret: c.String("secret"), - Token: c.String("token"), - Plaintext: c.String("plaintext"), - Input: c.String("input"), - Output: c.String("output"), - Metadata: c.String("metadata"), - } -} - -func newJwtSigner(authPrivateKey string) service.JwtSigner { - logger, err := zap.NewDevelopment() - if err != nil { - panic(err) - } - decodedPrivateKey, err := ioutil.ReadFile(authPrivateKey) - if err != nil { - panic(err) - } - jwtSigner, err := service.NewJwtSignerFromPrivateKey(logger, decodedPrivateKey) - if err != nil { - panic(err) - } - return jwtSigner -} - -func newAuthJwt(sessionID string, authPrivateKey string) string { - jwtSigner := newJwtSigner(authPrivateKey) - claims := types.SessionJwtClaims{ - Claims: jwt.Claims{ - Subject: string(constants.DeveloperSubject), - }, - SessionID: sessionID, - } - token, err := jwtSigner.CreateWithSessionClaims(claims) - if err != nil { - panic(err) - } - return token -} - -func tokenizerRequest(sessionID string, url, customerPrivateKey string, input interface{}) (data []byte, err error) { - reqBody, err := json.Marshal(input) - if err != nil { - log.Println(err) - return - } - - req, err := http.NewRequest(http.MethodPost, url, bytes.NewBuffer(reqBody)) - if err != nil { - log.Println(err) - return - } - - auth := newAuthJwt(sessionID, customerPrivateKey) - - req.Header.Add(constants.JwtAuthHeader, auth) - req.Header.Add("Content-Type", "application/json") - - client := &http.Client{} - resp, err := client.Do(req) - if err != nil { - log.Println(err) - return - } - defer resp.Body.Close() - - return ioutil.ReadAll(resp.Body) -} - -func s3Upload(url string, headers map[string]string, body []byte) (data []byte, err error) { - return s3Request(http.MethodPut, url, headers, bytes.NewBuffer(body)) -} - -func s3Download(url string, headers map[string]string) (data []byte, err error) { - return s3Request(http.MethodGet, url, headers, bytes.NewBuffer([]byte{})) -} - -func s3Request(method, url string, headers map[string]string, body *bytes.Buffer) (data []byte, err error) { - req, err := http.NewRequest(method, url, body) - if err != nil { - log.Println(err) - return - } - - for k, v := range headers { - req.Header.Add(k, v) - } - - client := &http.Client{} - resp, err := client.Do(req) - if err != nil { - log.Println(err) - return - } - defer resp.Body.Close() - - return ioutil.ReadAll(resp.Body) -} - -func newSessionID() string { - return "cli-tool" -} - -func setGrantForToken(cliOptions CliOptions, sessionID string, tokenID string) (err error) { - input := event.GrantSetRequest{ - TokenID: tokenID, - } - tokenizeURL := fmt.Sprintf("%s/grant/set", cliOptions.URL) - _, err = tokenizerRequest(sessionID, tokenizeURL, cliOptions.AuthPrivateKey, input) - if err != nil { - log.Println(err) - return - } - return -} - -func CreateJwtAuthCommand(c *cli.Context) (err error) { - cliOptions := cliOptionsStruct(c) - - jwtAuth := newAuthJwt(newSessionID(), cliOptions.AuthPrivateKey) - log.Printf("jwt: %s", jwtAuth) - return -} - -func TokenizeCommand(c *cli.Context) (err error) { - var ( - content []byte - resp struct { - Success bool - Data event.TokenizerSetResponse - } - ) - cliOptions := cliOptionsStruct(c) - - if cliOptions.Plaintext != "" { - content = []byte(cliOptions.Plaintext) - } else if cliOptions.Input != "" { - content, err = ioutil.ReadFile(cliOptions.Input) - if err != nil { - return - } - } else { - err = errors.New("neither option '--plaintext' or '--input' was provided") - return - } - - sessionID := newSessionID() - - input := event.TokenizerSetRequest{} - tokenizeURL := fmt.Sprintf("%s/tokenize", cliOptions.URL) - data, err := tokenizerRequest(sessionID, tokenizeURL, cliOptions.AuthPrivateKey, input) - if err != nil { - log.Println(err) - return - } - - err = json.Unmarshal(data, &resp) - if err != nil { - log.Println(err) - return - } - - if !resp.Success { - err = errors.New("server was unable to tokenize token") - return - } - - s3Resp, err := s3Upload(resp.Data.UploadURL, resp.Data.Headers, content) - if err != nil { - log.Println(err) - return - } - log.Printf("s3 response: %s", string(s3Resp)) - log.Printf("token: %s", resp.Data.TokenID) - return -} - -func DetokenizeCommand(c *cli.Context) (err error) { - var ( - resp struct { - Success bool - Data event.TokenizerGetResponse - } - ) - cliOptions := cliOptionsStruct(c) - - input := event.TokenizerGetRequest{} - tokenID := cliOptions.Token - - input.TokenID = tokenID - - sessionID := newSessionID() - - err = setGrantForToken(cliOptions, sessionID, tokenID) - if err != nil { - log.Println(err) - return - } - - detokenizeURL := fmt.Sprintf("%s/detokenize", cliOptions.URL) - data, err := tokenizerRequest(sessionID, detokenizeURL, cliOptions.AuthPrivateKey, input) - if err != nil { - log.Println(err) - return - } - - err = json.Unmarshal(data, &resp) - if err != nil { - log.Println(err) - return - } - - if !resp.Success { - err = errors.New("server was unable to detokenize token") - return - } - - s3Resp, err := s3Download(resp.Data.DownloadURL, resp.Data.Headers) - if err != nil { - log.Println(err) - return - } - if cliOptions.Output != "" { - err = ioutil.WriteFile(cliOptions.Output, s3Resp, 0755) - if err != nil { - return - } - } else { - log.Printf("s3 response: %s", s3Resp) - } - return -} - -func SetMetadataCommand(c *cli.Context) (err error) { - var ( - resp struct { - Success bool - Data event.MetadataSetResponse - } - - metadata map[string]interface{} - ) - cliOptions := cliOptionsStruct(c) - - err = json.Unmarshal([]byte(cliOptions.Metadata), &metadata) - if err != nil { - log.Println(err) - return err - } - - tokenID := cliOptions.Token - - sessionID := newSessionID() - - err = setGrantForToken(cliOptions, sessionID, tokenID) - if err != nil { - log.Println(err) - return - } - - input := event.MetadataSetRequest{ - TokenID: tokenID, - Metadata: metadata, - } - metadataSetURL := fmt.Sprintf("%s/metadata/set", cliOptions.URL) - data, err := tokenizerRequest(sessionID, metadataSetURL, cliOptions.AuthPrivateKey, input) - if err != nil { - log.Println(err) - return - } - err = json.Unmarshal(data, &resp) - if err != nil { - log.Println(err) - return - } - if !resp.Success { - err = errors.New("server was unable to set metadata for token") - return - } - log.Printf("setting metdata for %s was successful", cliOptions.Token) - return -} - -func GetMetadataCommand(c *cli.Context) (err error) { - var ( - resp struct { - Success bool - Data event.MetadataGetResponse - } - ) - cliOptions := cliOptionsStruct(c) - - tokenID := cliOptions.Token - - sessionID := newSessionID() - - err = setGrantForToken(cliOptions, sessionID, tokenID) - if err != nil { - log.Println(err) - return - } - - input := event.MetadataGetRequest{ - TokenID: tokenID, - } - metadataGetURL := fmt.Sprintf("%s/metadata/get", cliOptions.URL) - data, err := tokenizerRequest(sessionID, metadataGetURL, cliOptions.AuthPrivateKey, input) - if err != nil { - log.Println(err) - return - } - err = json.Unmarshal(data, &resp) - if err != nil { - log.Println(err) - return - } - if !resp.Success { - err = errors.New("server was unable to get metadata for token") - return - } - log.Printf("metdata for %s: %v", cliOptions.Token, resp.Data.Metadata) - return -} diff --git a/go/pkg/tokenizer/httpserver.go b/go/pkg/tokenizer/httpserver.go deleted file mode 100644 index cd02879fe..000000000 --- a/go/pkg/tokenizer/httpserver.go +++ /dev/null @@ -1,80 +0,0 @@ -// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -package tokenizer - -import ( - "fmt" - "log" - "net/http" - - apigateway "github.com/apex/gateway" - "github.com/rs/cors" - "github.com/lunasec-io/lunasec/go/constants" - "github.com/lunasec-io/lunasec/go/gateway" - "github.com/lunasec-io/lunasec/go/service" - "github.com/lunasec-io/lunasec/go/util" -) - -func newServer(configPath string, authType constants.AuthType) http.Handler { - sm := http.NewServeMux() - - logger, err := util.GetLogger() - if err != nil { - fmt.Println(err) - panic(err) - } - - util.ApplyHealthCheck(sm, logger) - - provider := util.GetConfigProviderFromDir(configPath) - - logger.Debug("loading AWS gateways") - gateways := gateway.GetAwsGateways(logger, provider) - - authProviderJwtVerifier := service.NewJwtVerifier(constants.AuthJwtVerifier, logger, provider) - - GetTokenizerRoutes(authType, sm, logger, provider, gateways, authProviderJwtVerifier) - - c := cors.New(cors.Options{}) - return c.Handler(sm) -} - -func newHttpServer(sm http.Handler) *http.Server { - addr := util.GetEnvWithFallback("TOKENIZER_HTTP_ADDR", "0.0.0.0:37767") - server := &http.Server{ - Addr: addr, - Handler: sm, - MaxHeaderBytes: 2 << 20, // 2 MB - } - log.Printf("HTTP server listening at %s\n", addr) - return server -} - -func NewLocalDevServer() *http.Server { - sm := newServer(constants.TokenizerConfigPath, constants.JwtAuthType) - return newHttpServer(sm) -} - -func NewApiGatewayServer() *apigateway.Gateway { - sm := newServer(constants.TokenizerConfigPath, constants.JwtAuthType) - return apigateway.NewGateway(sm) -} - -// NewHttpServerSidecar creates a new server with no authentication, and is meant to run as a sidecar in a container. -// NOTE: auth is assumed to have already been performed when invoking this service. -func NewHttpServerSidecar() *http.Server { - sm := newServer(constants.TokenizerConfigPath, constants.NoAuthType) - return newHttpServer(sm) -} diff --git a/go/pkg/tokenizer/tokenizer.go b/go/pkg/tokenizer/tokenizer.go deleted file mode 100644 index 3d2506d53..000000000 --- a/go/pkg/tokenizer/tokenizer.go +++ /dev/null @@ -1,110 +0,0 @@ -// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -package tokenizer - -import ( - "fmt" - "github.com/lunasec-io/lunasec/go/constants" - "github.com/lunasec-io/lunasec/go/controller" - "github.com/lunasec-io/lunasec/go/gateway" - "github.com/lunasec-io/lunasec/go/service" - "github.com/lunasec-io/lunasec/go/types" - "github.com/lunasec-io/lunasec/go/types/handler" - "github.com/lunasec-io/lunasec/go/util" - "go.uber.org/config" - "go.uber.org/zap" - "net/http" -) - -func getRoutes( - logger *zap.Logger, - provider config.Provider, - gateways gateway.Gateways, - authProviderJwtVerifier service.JwtVerifier, -) map[string]handler.Config { - meta := service.NewMetadataService(logger, gateways.CW, gateways.KV) - grant := service.NewGrantService(logger, provider, gateways.CW, gateways.KV) - tokenizer := service.NewTokenizerService(logger, provider, gateways.CW, gateways.KV, gateways.S3) - - metadataController := controller.NewMetaController(meta, authProviderJwtVerifier, grant) - grantController := controller.NewGrantController(grant, authProviderJwtVerifier) - tokenizerController := controller.NewTokenizerController(provider, tokenizer, authProviderJwtVerifier, meta, grant) - - return map[string]handler.Config{ - "/grant/set": { - grantController.SetGrant, - constants.OnlyApplicationSubject, - }, - "/grant/verify": { - grantController.VerifyGrant, - constants.OnlyApplicationSubject, - }, - "/metadata/get": { - metadataController.GetMetadata, - constants.AnySubject, - }, - "/metadata/set": { - metadataController.SetMetadata, - constants.OnlyDeveloperSubject, - }, - "/tokenize": { - tokenizerController.TokenizerSet, - constants.AnySubject, - }, - "/detokenize": { - tokenizerController.TokenizerGet, - constants.AnySubject, - }, - } -} - -func GetTokenizerRoutes( - authType constants.AuthType, - sm *http.ServeMux, - logger *zap.Logger, - provider config.Provider, - gateways gateway.Gateways, - authProviderJwtVerifier service.JwtVerifier, -) { - var ( - authFunc func(allowedSubjects []constants.JwtSubject, handlerFunc http.HandlerFunc) http.HandlerFunc - ) - - switch authType { - case constants.NoAuthType: - logger.Debug("!!! creating tokenizer with no authentication !!!") - authFunc = controller.WithNoAuth - case constants.JwtAuthType: - logger.Debug("creating tokenizer with jwt authentication") - authFunc = service.NewJwtHttpAuth(logger, authProviderJwtVerifier).WithJwtAuth - default: - err := fmt.Errorf("invalid auth type: %s", authType) - logger.Error("unable to determine auth type", zap.Error(err)) - panic(err) - } - - metricsMiddlware := controller.WithMetrics(gateways.CW) - - middleware := []types.Middleware{ - controller.WithJSONContentType, - metricsMiddlware, - } - - tokenizerRoutes := getRoutes(logger, provider, gateways, authProviderJwtVerifier) - for url, handlerConfig := range tokenizerRoutes { - routeHandler := util.ApplyMiddlewareToHandler(middleware, handlerConfig.Handler) - sm.HandleFunc(url, authFunc(handlerConfig.AllowedSubjects, routeHandler)) - } -} diff --git a/go/pkg/tokenizerbackend/httpserver.go b/go/pkg/tokenizerbackend/httpserver.go deleted file mode 100644 index 0801f5293..000000000 --- a/go/pkg/tokenizerbackend/httpserver.go +++ /dev/null @@ -1,121 +0,0 @@ -// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -package tokenizerbackend - -import ( - "fmt" - "github.com/lunasec-io/lunasec/go/constants" - "github.com/lunasec-io/lunasec/go/pkg/tokenizer" - "github.com/lunasec-io/lunasec/go/types" - "go.uber.org/config" - "go.uber.org/zap" - "log" - "net/http" - - "github.com/awslabs/aws-lambda-go-api-proxy/handlerfunc" - "github.com/lunasec-io/lunasec/go/controller" - "github.com/lunasec-io/lunasec/go/gateway" - "github.com/lunasec-io/lunasec/go/service" - "github.com/lunasec-io/lunasec/go/util" - "github.com/rs/cors" -) - -func newServer(logger *zap.Logger, provider config.Provider, gateways gateway.Gateways) http.Handler { - var ( - appConfig types.AppConfig - ) - - sm := http.NewServeMux() - - cspMiddleware := controller.WithCSP(provider) - - middleware := []types.Middleware{ - controller.WithJSONContentType, - cspMiddleware, - } - - if util.IsDevEnv() { - middleware = append(middleware, controller.WithHttpLogging) - } - - err := provider.Get("app").Populate(&appConfig) - if err != nil { - log.Println(err) - panic(err) - } - - authProviderJwtVerifier := service.NewJwtVerifier(constants.AuthJwtVerifier, logger, provider) - - secureFrameRoutes := getSecureFrameRoutes(logger, provider) - - sessionManagementRoutes := getSessionManagementRoutes(logger, provider, gateways, authProviderJwtVerifier) - - sm.HandleFunc("/health", func(w http.ResponseWriter, r *http.Request) { - util.RespondSuccess(w) - }) - - util.AddRoutesToServer(sm, middleware, secureFrameRoutes) - util.AddRoutesToServer(sm, middleware, sessionManagementRoutes) - - tokenizer.GetTokenizerRoutes( - constants.JwtAuthType, - sm, - logger, - provider, - gateways, - authProviderJwtVerifier, - ) - - c := cors.New(cors.Options{ - AllowedHeaders: appConfig.Cors.AllowedHeaders, - AllowOriginRequestFunc: func(r *http.Request, origin string) bool { - tokenizerURL := util.GetAPIGatewayTokenizerURL(r) - - allowedOrigins := appConfig.Cors.AllowedOrigins - if tokenizerURL != "" { - allowedOrigins = append(allowedOrigins, tokenizerURL) - } - - logger.Debug("CORS allowed origins", zap.Strings("allowedOrigins", allowedOrigins)) - - for _, allowedOrigin := range allowedOrigins { - if origin == allowedOrigin { - return true - } - } - return false - }, - AllowCredentials: true, - }) - return c.Handler(sm) -} - -func NewDevServer(logger *zap.Logger, provider config.Provider, gateways gateway.Gateways) *http.Server { - sm := newServer(logger, provider, gateways) - - addr := util.GetEnvWithFallback("SECUREFRAME_HTTP_ADDR", "0.0.0.0:37766") - server := &http.Server{ - Addr: addr, - Handler: sm, - MaxHeaderBytes: 2 << 20, // 2 MB - } - fmt.Printf("HTTP server listening at %s\n", addr) - return server -} - -func NewApiGatewayServer(logger *zap.Logger, provider config.Provider, gateways gateway.Gateways) *handlerfunc.HandlerFuncAdapter { - sm := newServer(logger, provider, gateways) - return handlerfunc.New(sm.ServeHTTP) -} diff --git a/go/service/deps.go b/go/service/deps.go deleted file mode 100644 index b9024d19c..000000000 --- a/go/service/deps.go +++ /dev/null @@ -1,114 +0,0 @@ -// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -package service - -import ( - "net/url" - "strings" - "go.uber.org/config" - "github.com/lunasec-io/lunasec/go/types" -) - -type authCallbackConfig struct { - AuthCallbackHost string `yaml:"auth_callback_host"` -} - -type AwsGatewayConfig struct { - Region string `yaml:"region"` - CiphertextBucket string `yaml:"ciphertext_bucket"` - LocalHTTPSProxy string `yaml:"local_https_proxy"` - LocalstackURL string `yaml:"localstack_url"` -} - - -func getS3HostURL(gatewayConfig AwsGatewayConfig) string { - if gatewayConfig.LocalHTTPSProxy != "" { - return gatewayConfig.LocalstackURL - } - - s3Host := gatewayConfig.CiphertextBucket + ".s3." + gatewayConfig.Region + ".amazonaws.com" - - s3URL := url.URL{ - Scheme: "https", - Host: s3Host, - } - return s3URL.String() -} - -func CreateCSPMiddleware(provider config.Provider) CSPMiddlware { - var ( - authConfig authCallbackConfig - gatewayConfig AwsGatewayConfig - appConfig types.AppConfig - ) - // TODO report this to someplace - reportUri := "http://localhost:5004" - - // TODO (cthompson) these config values are taken from another place in the config - // we should figure out how to consolidate them - err := provider.Get("session_controller").Populate(&authConfig) - if err != nil { - panic(err) - } - - err = provider.Get("aws_gateway").Populate(&gatewayConfig) - if err != nil { - panic(err) - } - - err = provider.Get("app").Populate(&appConfig) - if err != nil { - panic(err) - } - - allowedOriginsArr := appConfig.Cors.AllowedOrigins - frameAncestors := strings.Join(allowedOriginsArr, " ") - - s3HostURL := getS3HostURL(gatewayConfig) - - connectSrcUrls := []string{ - "'self'", - authConfig.AuthCallbackHost, - s3HostURL, - } - - if gatewayConfig.LocalstackURL != "" { - connectSrcUrls = append(connectSrcUrls, gatewayConfig.LocalstackURL) - } - - if gatewayConfig.LocalHTTPSProxy != "" { - connectSrcUrls = append(connectSrcUrls, gatewayConfig.LocalHTTPSProxy) - } - - - cspPolicy := map[string][]string{ - "connect-src": connectSrcUrls, - "script-src": { - "{{nonce}}", - }, - "object-src": {"none"}, - "default-src": {"none"}, - "frame-ancestors": {frameAncestors}, - "base-uri": {"none"}, - "require-trusted-types-for": {"script"}, - "report-uri": {reportUri}, - "style-src": { - "unsafe-inline", - "{{nonce}}", - }, - } - - return NewCSPMiddleware(cspPolicy, 16, false) -} diff --git a/go/service/grants.go b/go/service/grants.go deleted file mode 100644 index c14ae1afa..000000000 --- a/go/service/grants.go +++ /dev/null @@ -1,186 +0,0 @@ -// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -package service - -import ( - "encoding/json" - "errors" - "github.com/lunasec-io/lunasec/go/constants" - "github.com/lunasec-io/lunasec/go/constants/metrics" - "github.com/lunasec-io/lunasec/go/gateway" - metricsgateway "github.com/lunasec-io/lunasec/go/gateway/metrics" - "github.com/lunasec-io/lunasec/go/types" - "github.com/lunasec-io/lunasec/go/util" - "go.uber.org/config" - "go.uber.org/zap" - "log" - "time" -) - -type TokenGrant struct { - GrantExpiry int64 -} - -type grantServiceConfig struct { - GrantTTL string `yaml:"grant_default_duration"` - GrantMaxTTL string `yaml:"grant_maximum_duration"` -} - -type grantService struct { - logger *zap.Logger - cw metricsgateway.AwsCloudwatchGateway - kv gateway.AwsDynamoGateway - grantDefaultDuration time.Duration - grantMaxDuration time.Duration -} - -// GrantService manages grants for tokens -type GrantService interface { - SetTokenGrantForSession(token types.Token, sessionID string, grantType constants.GrantType, customGrantDuration string) error - ValidTokenGrantExistsForSession(token types.Token, sessionID string, grantType constants.GrantType) (valid bool, err error) -} - -// NewGrantService ... -func NewGrantService( - logger *zap.Logger, - provider config.Provider, - cw metricsgateway.AwsCloudwatchGateway, - kv gateway.AwsDynamoGateway, -) (service GrantService) { - var ( - serviceConfig grantServiceConfig - ) - - err := provider.Get("grant_service").Populate(&serviceConfig) - if err != nil { - panic(err) - } - - grantDefaultDuration, err := time.ParseDuration(serviceConfig.GrantTTL) - if err != nil { - panic(err) - } - grantMaxDuration, err := time.ParseDuration(serviceConfig.GrantMaxTTL) - if err != nil { - panic(err) - } - - service = &grantService{ - logger: logger, - cw: cw, - kv: kv, - grantDefaultDuration: grantDefaultDuration, - grantMaxDuration: grantMaxDuration, - } - return service -} - -func getGrantKey(sessionID string, token types.Token, grantType constants.GrantType) string { - return util.Sha512Sum(sessionID + string(token) + string(grantType)) -} - -func (s *grantService) getGrantDuration(customDurationString string) (int64, error) { - s.logger.Debug( - "read custom grant duration from request:", - zap.String("durationString", customDurationString)) - - if customDurationString == "" { - return time.Now().Add(s.grantDefaultDuration).Unix(), nil - } - - customDuration, err := time.ParseDuration(customDurationString) - if err != nil { - return 0, errors.New("Grant duration parse failed, please use a supported duration format like 30m or 1h20m10s") - } - - if customDuration > s.grantMaxDuration { - return 0, errors.New("Grant duration set longer than configured maximum time") - } - return time.Now().Add(customDuration).Unix(), nil -} - -func (s *grantService) SetTokenGrantForSession(token types.Token, sessionID string, grantType constants.GrantType, customGrantDuration string) (err error) { - defer func() { - if err != nil { - s.cw.Metric(metrics.CreateGrantFailureMetric, 1) - } - }() - - grantExpiry, err := s.getGrantDuration(customGrantDuration) - if err != nil { - return err - } - tokenGrant := TokenGrant{ - GrantExpiry: grantExpiry, - } - - serializedGrant, err := json.Marshal(tokenGrant) - if err != nil { - return - } - - grantKey := getGrantKey(sessionID, token, grantType) - - s.logger.Debug( - "setting grant for token", - zap.String("token", string(token)), - zap.String("sessionID", sessionID), - zap.String("grantType", string(grantType)), - zap.String("grantKey", grantKey), - ) - - s.cw.Metric(metrics.CreateGrantSuccessMetric, 1) - return s.kv.Set(gateway.GrantStore, grantKey, string(serializedGrant)) -} - -func (s *grantService) ValidTokenGrantExistsForSession(token types.Token, sessionID string, grantType constants.GrantType) (valid bool, err error) { - var ( - tokenGrant TokenGrant - ) - - grantKey := getGrantKey(sessionID, token, grantType) - - s.logger.Debug( - "getting grant for token", - zap.String("token", string(token)), - zap.String("sessionID", sessionID), - zap.String("grantType", string(grantType)), - zap.String("grantKey", grantKey), - ) - - grantString, err := s.kv.Get(gateway.GrantStore, grantKey) - if err != nil { - return - } - - if len(grantString) == 0 { - log.Printf("unable to find grant for token: %s", token) - return - } - - err = json.Unmarshal([]byte(grantString), &tokenGrant) - if err != nil { - return - } - - expiryTime := time.Unix(tokenGrant.GrantExpiry, 0) - now := time.Now() - if now.After(expiryTime) { - log.Printf("grant has expired: expiry: %s, now: %s", expiryTime.String(), now) - return - } - valid = true - return -} diff --git a/go/service/invoker/function.go b/go/service/invoker/function.go deleted file mode 100644 index 52c7d2e2f..000000000 --- a/go/service/invoker/function.go +++ /dev/null @@ -1,199 +0,0 @@ -// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -package invoker - -import ( - "encoding/json" - "errors" - "fmt" - "github.com/lunasec-io/lunasec/go/constants" - "github.com/lunasec-io/lunasec/go/service" - "github.com/lunasec-io/lunasec/go/types" - "github.com/lunasec-io/lunasec/go/types/event" - "github.com/lunasec-io/lunasec/go/util" - "go.uber.org/zap" - "regexp" - "strings" -) - -var ( - outputRegex = regexp.MustCompile(constants.OutputRegexStr) -) - -type FunctionRuntimeInvoker struct { - logger *zap.Logger - functionName string - blockInput *json.RawMessage - backpack *json.RawMessage -} - -func NewLambdaRuntime( - logger *zap.Logger, - functionName string, - blockInput *json.RawMessage, - backpack *json.RawMessage, -) types.RuntimeInvoker { - return &FunctionRuntimeInvoker{ - logger: logger, - functionName: functionName, - blockInput: blockInput, - backpack: backpack, - } -} - -func (r *FunctionRuntimeInvoker) Initialize() error { - return nil -} - -func (r *FunctionRuntimeInvoker) Run() ( - result *json.RawMessage, - outBackpack *json.RawMessage, - err error, -) { - var ( - funcConfig types.RefineryFunction - functionExecutor service.Executor - handlerResponse event.InvokeHandlerResponse - ) - - r.logger.Debug( - "handling request", - zap.String("functionName", r.functionName), - ) - - funcConfig, err = util.GetFunctionConfig(constants.FunctionsPath, r.functionName) - if err != nil { - r.logger.Error( - "unable to get function config", - zap.Error(err), - ) - return - } - - functionExecutor, err = r.getFunctionExecutor(funcConfig) - if err != nil { - return - } - - handlerResponse, err = r.runFunctionExecutor(functionExecutor) - if err != nil { - return - } - - r.logger.Debug( - "handler response", - zap.String( - "handlerResponse", - fmt.Sprintf("%v", handlerResponse), - ), - ) - - if handlerResponse.Error != "" { - err = errors.New(handlerResponse.Error) - r.logger.Error("handler error", zap.Error(err)) - return - } - - result = handlerResponse.Result - outBackpack = handlerResponse.Backpack - return -} - -func parseStdout(stdout string) (responseData event.InvokeHandlerResponse, err error) { - output := outputRegex.FindStringSubmatch(stdout) - if len(output) == 0 { - err = fmt.Errorf("unable to find output from handler") - return - } - returnedData := output[1] - err = json.Unmarshal([]byte(returnedData), &responseData) - return -} - -func (r *FunctionRuntimeInvoker) getFunctionExecutor(funcConfig types.RefineryFunction) (e service.Executor, err error) { - var ( - functionInput []byte - ) - - funcReq := event.InvokeHandlerRequest{ - BlockInput: r.blockInput, - Backpack: r.backpack, - ImportPath: funcConfig.ImportPath, - FunctionName: funcConfig.FunctionName, - } - - functionInput, err = json.Marshal(funcReq) - if err != nil { - r.logger.Error( - "unable to marshal function request", - zap.Error(err), - ) - return - } - - envVars := util.EnvMapToArray(funcConfig.Env) - - handlerStdin := strings.NewReader(string(functionInput)) - - args := []string{ - funcConfig.Handler, - } - - r.logger.Debug( - "created executor", - zap.String("command", funcConfig.Command), - zap.Strings("args", args), - zap.Strings("envVars", envVars), - zap.String("workdir", funcConfig.WorkDir), - zap.ByteString("functionInput", functionInput), - ) - - return service.NewExecutorWithoutStreaming( - funcConfig.Command, - args, - funcConfig.Env, - funcConfig.WorkDir, - handlerStdin, - ), nil - -} - -func (r *FunctionRuntimeInvoker) runFunctionExecutor(functionExecutor service.Executor) (handlerResponse event.InvokeHandlerResponse, err error) { - var ( - res service.ExecutorResult - ) - - res, err = functionExecutor.Execute() - if err != nil { - r.logger.Error( - "error when executing handler command", - zap.Error(err), - ) - return - } - - r.logger.Debug("handler stdout", zap.String("stdout", res.Stdout)) - r.logger.Debug("handler stderr", zap.String("stderr", res.Stderr)) - - /* - TODO should we use protobuf to communicate between the processes? - */ - handlerResponse, err = parseStdout(res.Stdout) - if err != nil { - r.logger.Error("error while parsing stdout from handler", zap.Error(err)) - return - } - return -} diff --git a/go/service/jwtauth.go b/go/service/jwtauth.go deleted file mode 100644 index 56cc7cd69..000000000 --- a/go/service/jwtauth.go +++ /dev/null @@ -1,137 +0,0 @@ -// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -package service - -import ( - "github.com/lunasec-io/lunasec/go/constants" - "github.com/lunasec-io/lunasec/go/util" - "net/http" - "net/http/httputil" - - "github.com/lunasec-io/lunasec/go/controller/request" - "go.uber.org/zap" -) - -type jwtHttpAuth struct { - logger *zap.Logger - jwtVerifier JwtVerifier -} - -type JwtHttpAuth interface { - WithJwtAuth(allowedSubjects []constants.JwtSubject, next http.HandlerFunc) http.HandlerFunc -} - -func NewJwtHttpAuth(logger *zap.Logger, jwtVerifier JwtVerifier) JwtHttpAuth { - return &jwtHttpAuth{ - logger: logger, - jwtVerifier: jwtVerifier, - } -} - -func (j *jwtHttpAuth) defaultUnauthorizedHandler(w http.ResponseWriter, r *http.Request) { - serializedReq, _ := httputil.DumpRequest(r, false) - j.logger.Info( - "unauthorized request received", - zap.String("request", string(serializedReq)), - ) - - http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) -} - -func subjectIsAllowed(subject constants.JwtSubject, allowedSubjects []constants.JwtSubject) bool { - for _, s := range allowedSubjects { - if s == subject { - return true - } - } - return false -} - -func (j *jwtHttpAuth) sessionHashMatchesProvidedIdentity(sessionID string, w http.ResponseWriter, r *http.Request) bool { - sessionHash := util.CreateSessionHash(sessionID) - - requestSessionHash := r.Header.Get(constants.SessionHashHeader) - if requestSessionHash == "" { - j.logger.Debug( - "session hash header not set, setting it now", - zap.String("sessionHash", sessionHash), - ) - w.Header().Set(constants.SessionHashHeader, sessionHash) - return true - } - - if requestSessionHash == sessionHash { - return true - } - return false -} - -func (j *jwtHttpAuth) WithJwtAuth(allowedSubjects []constants.JwtSubject, next http.HandlerFunc) http.HandlerFunc { - unauthHandler := http.HandlerFunc(j.defaultUnauthorizedHandler) - return func(w http.ResponseWriter, r *http.Request) { - j.logger.Debug( - "validating auth for request", - zap.String("method", r.Method), - zap.String("path", r.URL.Path), - ) - - jwtToken, err := request.GetJwtToken(r) - if err != nil { - j.logger.Error( - "unable to get jwt token from request", - zap.Error(err), - ) - unauthHandler.ServeHTTP(w, r) - return - } - - claims, err := j.jwtVerifier.VerifyWithSessionClaims(jwtToken) - if err != nil { - j.logger.Error( - "invalid jwt token", - zap.String("jwt", jwtToken), - zap.Error(err), - ) - unauthHandler.ServeHTTP(w, r) - return - } - - if !j.sessionHashMatchesProvidedIdentity(claims.SessionID, w, r) { - j.logger.Error( - "provided identity does not match the pre-existing session", - zap.String("jwt", jwtToken), - zap.String("sessionHash", ""), - zap.Error(err), - ) - unauthHandler.ServeHTTP(w, r) - return - } - - subject := constants.JwtSubject(claims.Subject) - if !subjectIsAllowed(subject, allowedSubjects) { - j.logger.Error( - "subject is not allowed", - zap.String("jwt", jwtToken), - zap.String("subject", claims.Subject), - zap.Strings("allowedSubjects", constants.SubjectsToStringSlice(allowedSubjects)), - zap.Error(err), - ) - unauthHandler.ServeHTTP(w, r) - return - } - - next.ServeHTTP(w, r) - } -} diff --git a/go/service/jwtsigner.go b/go/service/jwtsigner.go deleted file mode 100644 index aa62a29b2..000000000 --- a/go/service/jwtsigner.go +++ /dev/null @@ -1,76 +0,0 @@ -// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -package service - -import ( - "crypto/rsa" - "crypto/x509" - "github.com/lunasec-io/lunasec/go/types" - "gopkg.in/square/go-jose.v2" - "gopkg.in/square/go-jose.v2/jwt" - - "github.com/pkg/errors" - "go.uber.org/zap" -) - -type jwtSigner struct { - logger *zap.Logger - privateKey *rsa.PrivateKey -} - -type JwtSignerAwsConfig struct { - SigningKeysArn string `yaml:"signing_keys_arn"` -} - -type JwtSigner interface { - CreateWithSessionClaims(claims types.SessionJwtClaims) (token string, err error) -} - -func NewJwtSignerFromPrivateKey( - logger *zap.Logger, - privateKey []byte, -) (signer JwtSigner, err error) { - var ( - rsaPrivateKey *rsa.PrivateKey - ) - - rsaPrivateKey, err = x509.ParsePKCS1PrivateKey(privateKey) - if err != nil { - err = errors.Wrap(err, "unable to parse rsa private key from pem") - return - } - - signer = &jwtSigner{ - logger: logger, - privateKey: rsaPrivateKey, - } - return -} - -func (j *jwtSigner) CreateWithSessionClaims(claims types.SessionJwtClaims) (token string, err error) { - key := jose.SigningKey{Algorithm: jose.RS256, Key: j.privateKey} - - var signerOpts = jose.SignerOptions{} - - signer, err := jose.NewSigner(key, signerOpts.WithType("JWT")) - if err != nil { - err = errors.Wrap(err, "unable to create jwt signiner") - return - } - - builder := jwt.Signed(signer).Claims(claims) - - return builder.CompactSerialize() -} diff --git a/go/service/jwtverifier.go b/go/service/jwtverifier.go deleted file mode 100644 index d5ecea8c1..000000000 --- a/go/service/jwtverifier.go +++ /dev/null @@ -1,145 +0,0 @@ -// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -package service - -import ( - "crypto/rsa" - "crypto/x509" - "encoding/base64" - "fmt" - "github.com/lunasec-io/lunasec/go/constants" - "github.com/lunasec-io/lunasec/go/types" - "github.com/pkg/errors" - "go.uber.org/config" - "go.uber.org/zap" - "gopkg.in/square/go-jose.v2/jwt" -) - -type jwtVerifier struct { - logger *zap.Logger - publicKey *rsa.PublicKey -} - -type JwtVerifierConfig struct { - PublicKey string `yaml:"public_key"` - JwksURL string `yaml:"jwks_url"` - JwksKID string `yaml:"jwks_kid"` -} - -type JwtVerifier interface { - Verify(token string) (err error) - VerifyWithSessionClaims(token string) (claims types.SessionJwtClaims, err error) -} - -func NewJwtVerifier( - configKey constants.JwtVerifierType, - logger *zap.Logger, - provider config.Provider, -) (verifier JwtVerifier) { - var ( - publicKey []byte - serviceConfig JwtVerifierConfig - rsaPublicKey *rsa.PublicKey - jwksManager *JwksManager - jwkKey interface{} - ) - - err := provider.Get(string(configKey)).Populate(&serviceConfig) - if err != nil { - panic(err) - } - - if serviceConfig.PublicKey != "" { - publicKey, err = base64.StdEncoding.DecodeString(serviceConfig.PublicKey) - if err != nil { - panic(errors.Wrap(err, "unable to decode auth provider public key")) - } - - rsaPublicKey, err = x509.ParsePKCS1PublicKey(publicKey) - if err != nil { - panic(errors.Wrap(err, "unable to parse public key from pem")) - } - logger.Debug("loaded public key from config file") - } else if serviceConfig.JwksURL != "" { - jwksManager, err = NewJwksManager(logger, serviceConfig.JwksURL, true) - if err != nil { - logger.Error( - "Error fetching JSON Web Key(JWKS) from application backend. Is your application backend running? Env var is ", - zap.String("SESSION_JWKS_URL", serviceConfig.JwksURL), - zap.Error(err), - ) - panic(err) - } - - jwkKey, err = jwksManager.GetKey("lunasec-signing-key") - if err != nil { - panic(err) - } - - rsaPublicKey = jwkKey.(*rsa.PublicKey) - logger.Debug( - "loaded public key from jwks endpoint", - zap.String("jwksURL", serviceConfig.JwksURL), - zap.String("kid", serviceConfig.JwksKID), - ) - - fmt.Println(base64.StdEncoding.EncodeToString(x509.MarshalPKCS1PublicKey(rsaPublicKey))) - } else { - panic(errors.New("neither public_key or jwks_url were provided in jwt verifier config")) - } - - verifier = &jwtVerifier{ - logger: logger, - publicKey: rsaPublicKey, - } - return -} - -func (j *jwtVerifier) Verify(token string) (err error) { - var ( - claims jwt.Claims - ) - parsedToken, err := jwt.ParseSigned(token) - if err != nil { - err = errors.Wrap(err, "error while parsing token") - j.logger.Error("unable to parse token", zap.Error(err)) - return - } - - err = parsedToken.Claims(j.publicKey, &claims) - if err != nil { - err = errors.Wrap(err, "unable to verify signature and get claims") - j.logger.Error("unable to verify signature and get claims", zap.Error(err)) - return - } - return -} - -func (j *jwtVerifier) VerifyWithSessionClaims(token string) (claims types.SessionJwtClaims, err error) { - parsedToken, err := jwt.ParseSigned(token) - if err != nil { - err = errors.Wrap(err, "error while parsing token") - j.logger.Error("unable to parse token", zap.Error(err)) - return - } - - err = parsedToken.Claims(j.publicKey, &claims) - if err != nil { - err = errors.Wrap(err, "unable to verify signature and get claims") - j.logger.Error("unable to verify signature and get claims", zap.Error(err)) - return - } - return -} diff --git a/go/service/metadata.go b/go/service/metadata.go deleted file mode 100644 index 6115e8299..000000000 --- a/go/service/metadata.go +++ /dev/null @@ -1,93 +0,0 @@ -// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -package service - -import ( - "encoding/json" - "errors" - "github.com/lunasec-io/lunasec/go/gateway/metrics" - "go.uber.org/zap" - "time" - - "github.com/lunasec-io/lunasec/go/gateway" - "github.com/lunasec-io/lunasec/go/types" - "github.com/lunasec-io/lunasec/go/util" -) - -type metadataService struct { - logger *zap.Logger - kv gateway.AwsDynamoGateway - cw metrics.AwsCloudwatchGateway -} - -// MetadataService manages metadata for secrets -type MetadataService interface { - SetMetadata(token types.Token, authorInfo interface{}, customMetadata interface{}) (err error) - GetMetadata(token types.Token) (metadata TokenMetadata, err error) -} - -// NewMetadataService ... -func NewMetadataService( - logger *zap.Logger, - cw metrics.AwsCloudwatchGateway, - kv gateway.AwsDynamoGateway, -) MetadataService { - return &metadataService{ - logger: logger, - cw: cw, - kv: kv, - } -} - -const TokenMetadataSchemaVersion = 1 - -type TokenMetadata struct { - SchemaVersion int64 `json:"schema_version"` - CreatedAt int64 `json:"created_at"` - AuthorInfo interface{} `json:"author_info"` - CustomMetadata interface{} `json:"custom_metadata"` -} - -// SetMetadata ... -func (s *metadataService) SetMetadata(token types.Token, authorInfo interface{}, customMetadata interface{}) (err error) { - metadata := TokenMetadata{ - SchemaVersion: TokenMetadataSchemaVersion, - CreatedAt: time.Now().Unix(), - AuthorInfo: authorInfo, - CustomMetadata: customMetadata, - } - - serializedMetadata, err := json.Marshal(metadata) - if err != nil { - return - } - return s.kv.Set(gateway.MetaStore, util.Sha512Sum(string(token)), string(serializedMetadata)) -} - -// GetMetadata ... -func (s *metadataService) GetMetadata(token types.Token) (metadata TokenMetadata, err error) { - meta, err := s.kv.Get(gateway.MetaStore, util.Sha512Sum(string(token))) - if err != nil { - return - } - - if len(meta) == 0 { - err = errors.New("unable to locate metadata for token") - return - } - - err = json.Unmarshal([]byte(meta), &metadata) - return -} diff --git a/go/service/tokenizer.go b/go/service/tokenizer.go deleted file mode 100644 index ba98c7cc7..000000000 --- a/go/service/tokenizer.go +++ /dev/null @@ -1,156 +0,0 @@ -// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -package service - -import ( - "encoding/hex" - "errors" - "github.com/lunasec-io/lunasec/go/constants/metrics" - metricservice "github.com/lunasec-io/lunasec/go/gateway/metrics" - "go.uber.org/config" - "go.uber.org/zap" - - "github.com/lunasec-io/lunasec/go/gateway" - "github.com/lunasec-io/lunasec/go/types" - "github.com/lunasec-io/lunasec/go/util" -) - -type tokenizerService struct { - logger *zap.Logger - config TokenizerConfig - cw metricservice.AwsCloudwatchGateway - kv gateway.AwsDynamoGateway - s3 gateway.AwsS3Gateway - secret string -} - -type TokenizerConfig struct { - SecretArn string `yaml:"secret_arn"` -} - -// TokenizerService ... -type TokenizerService interface { - TokenizerSet() (types.Token, string, map[string]string, error) - TokenizerGet(token types.Token) (string, map[string]string, error) - TokenizerDelete(token types.Token) error -} - -// NewTokenizerService ... -func NewTokenizerService( - logger *zap.Logger, - config config.Provider, - cw metricservice.AwsCloudwatchGateway, - kv gateway.AwsDynamoGateway, - s3 gateway.AwsS3Gateway, -) TokenizerService { - var ( - tokenizerConfig TokenizerConfig - ) - - err := config.Get("tokenizer").Populate(&tokenizerConfig) - if err != nil { - panic(err) - } - - return &tokenizerService{ - logger: logger, - config: tokenizerConfig, - cw: cw, - kv: kv, - s3: s3, - } -} - -// SetTokenizer ... -func (s *tokenizerService) TokenizerSet() (token types.Token, url string, key map[string]string, err error) { - defer func() { - if err != nil { - s.cw.Metric(metrics.TokenizeFailureMetric, 1) - } - }() - - token = util.GenToken() - Kp := util.Keygen() - snk := util.GenerateSaltsAndKey(token, s.secret) - - // E(Kt, Kp) - encryptedEncryptionKeyBytes, err := util.Encrypt(snk.Kt, Kp) - - if err != nil { - return "", "", nil, err - } - - // H(T + Sk) - ciphertextLookupHash := util.GetCompositeHash(token, snk.Sp) - encryptionKeyLookupHash := util.GetCompositeHash(token, snk.Sk) - encryptedEncryptionKey := hex.EncodeToString(encryptedEncryptionKeyBytes) - - if err := s.kv.Set(gateway.KeyStore, encryptionKeyLookupHash, encryptedEncryptionKey); err != nil { - return "", "", nil, err - } - - url, key, err = s.s3.GeneratePresignedPutUrl(ciphertextLookupHash, Kp) - if err != nil { - return token, url, key, err - } - s.cw.Metric(metrics.TokenizeSuccessMetric, 1) - return token, url, key, err -} - -// GetTokenizer -func (s *tokenizerService) TokenizerGet(token types.Token) (url string, key map[string]string, err error) { - defer func() { - if err != nil { - s.cw.Metric(metrics.DetokenizeFailureMetric, 1) - } - }() - - snk := util.GenerateSaltsAndKey(token, s.secret) - encryptionKeyLookupHash := util.GetCompositeHash(token, snk.Sk) - encryptedEncryptionKey, err := s.kv.Get(gateway.KeyStore, encryptionKeyLookupHash) - - if err != nil { - return "", nil, err - } - - if len(encryptedEncryptionKey) == 0 { - return "", nil, errors.New("unable to locate data for token") - } - - encryptedEncryptionKeyBytes, err := hex.DecodeString(encryptedEncryptionKey) - - if err != nil { - return "", nil, err - } - - Kp, err := util.Decrypt(snk.Kt, encryptedEncryptionKeyBytes) - - if err != nil { - return "", nil, err - } - - ciphertextLookupHash := util.GetCompositeHash(token, snk.Sp) - - url, key, err = s.s3.GeneratePresignedPutUrl(ciphertextLookupHash, Kp) - if err != nil { - return url, key, err - } - s.cw.Metric(metrics.DetokenizeSuccessMetric, 1) - return url, key, err -} - -func (s *tokenizerService) TokenizerDelete(token types.Token) error { - return nil -} diff --git a/go/util/crypto.go b/go/util/crypto.go deleted file mode 100644 index 951147e45..000000000 --- a/go/util/crypto.go +++ /dev/null @@ -1,149 +0,0 @@ -// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -package util - -import ( - "crypto/aes" - "crypto/cipher" - "crypto/sha1" - "crypto/rand" - "encoding/binary" - "encoding/hex" - "fmt" - mathrand "math/rand" - - "github.com/google/uuid" - "github.com/lunasec-io/lunasec/go/constants" - "github.com/lunasec-io/lunasec/go/types" - "golang.org/x/crypto/sha3" -) - -const keySize = 32 - -var randRead = rand.Read -var hexDecodeString = hex.DecodeString -var aesNewCipher = aes.NewCipher - -// Encrypt encrypts a string given a key -func Encrypt(key string, plaintext []byte) (result []byte, err error) { - c, err := getCipher(key) - - if err != nil { - return result, err - } - - //Create a nonce. Nonce should be from GCM - nonce := make([]byte, c.NonceSize()) - - if _, err = randRead(nonce); err != nil { - panic(fmt.Errorf("Unable to generate random numbers: %v", err)) - } - - return c.Seal(nonce, nonce, plaintext, nil), nil -} - -// Decrypt decrypts a string given a key -func Decrypt(key string, encrypted []byte) (plaintext []byte, err error) { - c, err := getCipher(key) - - if err != nil { - return plaintext, err - } - - nonceSize := c.NonceSize() - nonce, ciphertext := encrypted[:nonceSize], encrypted[nonceSize:] - - return c.Open(nil, nonce, ciphertext, nil) -} - -// Keygen generates an encryption key -func Keygen() []byte { - bytes := make([]byte, keySize) - - // There are bigger problems if random numbers can't be generated. - if _, err := randRead(bytes); err != nil { - panic(err.Error()) - } - - return bytes -} - -// GenToken generates a token -func GenToken() types.Token { - return constants.TokenPrefix + types.Token(uuid.NewString()) -} - -// GetRandomStringOfLength ... -func GetRandomStringOfLength(length int, random *mathrand.Rand) string { - bytes := make([]byte, length) - // There are bigger problems if random numbers can't be generated. - if _, err := random.Read(bytes); err != nil { - panic(err.Error()) - } - - return hex.EncodeToString(bytes) -} - -// GenerateSaltsAndKey ... -func GenerateSaltsAndKey(token types.Token, secret string) types.SaltsAndKey { - tokenStr := string(token) + secret - hashable := sha3.Sum512([]byte(tokenStr)) - seed := append([]byte(tokenStr), hashable[:]...) - seedInt := binary.BigEndian.Uint64(seed) - random := mathrand.New(mathrand.NewSource(int64(seedInt))) - - return types.SaltsAndKey{ - Sp: GetRandomStringOfLength(keySize, random), - Sk: GetRandomStringOfLength(keySize, random), - Kt: GetRandomStringOfLength(keySize, random), - } -} - -// GetCompositeHash ... -func GetCompositeHash(strings ...interface{}) string { - composite := fmt.Sprint(strings...) - hashBytes := sha3.Sum256([]byte(composite)) - - return hex.EncodeToString(hashBytes[:]) -} - -// Sha512Sum ... -func Sha512Sum(input string) string { - hashBytes := sha3.Sum512([]byte(input)) - - return hex.EncodeToString(hashBytes[:]) -} - -func getCipher(keyStr string) (cipher.AEAD, error) { - key, err := hexDecodeString(keyStr) - - if err != nil { - return nil, err - } - - block, err := aesNewCipher(key) - - if err != nil { - return nil, err - } - - return cipher.NewGCM(block) -} - -func CreateSessionHash(sessionID string) string { - shaHash := sha1.New() - shaHash.Write([]byte(sessionID)) - return hex.EncodeToString(shaHash.Sum(nil)) -} diff --git a/go/util/crypto_test.go b/go/util/crypto_test.go deleted file mode 100644 index 8a197debb..000000000 --- a/go/util/crypto_test.go +++ /dev/null @@ -1,183 +0,0 @@ -// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -package util - -import ( - "encoding/hex" - "errors" - "math/rand" - "testing" - "time" - - "github.com/lunasec-io/lunasec/go/types" - "github.com/prashantv/gostub" - "github.com/stretchr/testify/assert" -) - -func TestKeygen(t *testing.T) { - for i := 0; i < 10; i++ { - key := Keygen() - - // Key size is halfed due to hex encoding - assert.Equal(t, keySize, len(key)) - } -} - -func TestGenToken(t *testing.T) { - token := GenToken() - - assert.Len(t, token, 44) -} - -func TestKeygenRandReadFails(t *testing.T) { - err := errors.New("Test error") - stubs := gostub.StubFunc(&randRead, nil, err) - defer stubs.Reset() - - assert.PanicsWithValue(t, err.Error(), func() { Keygen() }) -} - -func TestGetRandomStringofLength(t *testing.T) { - rand := rand.New(rand.NewSource(time.Now().Unix())) - - for i := 0; i < 10; i++ { - size := i * 2 - assert.Equal(t, size, len(GetRandomStringOfLength(size, rand))/2) - } -} - -func TestGenerateSaltsAndKey(t *testing.T) { - token := types.Token("f3bf249e-c526-430a-941c-7119d7caf105") - secret := "this is a secret" - sp := "e80b87268f1b8e06933a4a68ff3d53fb684bf41f7a3943764e0e489621a5ce9f" - sk := "35750752275a9d8a29cba945937bcd08a138fe892f42d7be1dfc9289f6e04fe8" - kt := "79255d7e6cf8a6b560bcbeffd63488b223cd0ad68067bf96ffd75d86acc4daa3" - snk := GenerateSaltsAndKey(token, secret) - - assert.Equal(t, sp, snk.Sp) - assert.Equal(t, sk, snk.Sk) - assert.Equal(t, kt, snk.Kt) -} - -func TestGetCompositeHash(t *testing.T) { - expected := "eef431520c0f93456d05330deba77b42359724549e304b80ac12f5f56865fbef" - actual := GetCompositeHash("string1", "string2", "string3", "string4") - - assert.Equal(t, expected, actual) -} - -func TestGetCipher(t *testing.T) { - key := hex.EncodeToString(Keygen()) - cipher, err := getCipher(key) - - assert.NoError(t, err) - assert.NotNil(t, cipher) -} - -func TestGetCipherHexDecodeFails(t *testing.T) { - expectedErr := errors.New("Test error") - stubs := gostub.StubFunc(&hexDecodeString, nil, expectedErr) - - defer stubs.Reset() - - key := hex.EncodeToString(Keygen()) - cipher, err := getCipher(key) - - assert.Nil(t, cipher) - assert.Equal(t, expectedErr, err) -} - -func TestGetCipherGetCipherFails(t *testing.T) { - expectedErr := errors.New("Test error") - stubs := gostub.StubFunc(&aesNewCipher, nil, expectedErr) - - defer stubs.Reset() - - key := hex.EncodeToString(Keygen()) - cipher, err := getCipher(key) - - assert.Nil(t, cipher) - assert.Equal(t, expectedErr, err) -} - -func TestEncryptDecrypt(t *testing.T) { - key := hex.EncodeToString(Keygen()) - expectedPlaintext := make([]byte, 5*1000000) // 5 mb - - if _, err := rand.Read(expectedPlaintext); err != nil { - panic(err.Error()) - } - - ciphertext, err := Encrypt(key, expectedPlaintext) - - assert.NoError(t, err) - assert.NotNil(t, ciphertext) - - plaintext, err := Decrypt(key, ciphertext) - - assert.NoError(t, err) - assert.Equal(t, expectedPlaintext, plaintext) -} - -func TestEncryptGetCipherFails(t *testing.T) { - expectedErr := errors.New("Test error") - key := hex.EncodeToString(Keygen()) - stubs := gostub.StubFunc(&aesNewCipher, nil, expectedErr) - - defer stubs.Reset() - - result, err := Encrypt(key, nil) - - assert.Nil(t, result) - assert.EqualError(t, expectedErr, err.Error()) -} - -func TestEncryptRandReadFails(t *testing.T) { - err := errors.New("Test error") - key := hex.EncodeToString(Keygen()) - stubs := gostub.StubFunc(&randRead, nil, err) - fn := func() { Encrypt(key, nil) } - - defer stubs.Reset() - - assert.Panicsf(t, fn, "Unable to generate random numbers: %v", err.Error()) -} - -func TestDecryptGetCipherFails(t *testing.T) { - expectedErr := errors.New("Test error") - key := hex.EncodeToString(Keygen()) - stubs := gostub.StubFunc(&aesNewCipher, nil, expectedErr) - - defer stubs.Reset() - - result, err := Decrypt(key, nil) - - assert.Nil(t, result) - assert.EqualError(t, expectedErr, err.Error()) -} - -func TestSha512Sum(t *testing.T) { - scenarios := map[string]string{ - "test1": "d2d8cc4f369b340130bd2b29b8b54e918b7c260c3279176da9ccaa37c96eb71735fc97568e892dc6220bf4ae0d748edb46bd75622751556393be3f482e6f794e", - "test2": "e35970edaa1e0d8af7d948491b2da0450a49fd9cc1e83c5db4c6f175f9550cf341f642f6be8cfb0bfa476e4258e5088c5ad549087bf02811132ac2fa22b734c6", - "test3": "05697d8f12c7ffdb85064a7f9ddacfc7fc0e5d32642dcd25c3a613917d00607c7bed242deea2e44a256b7e4c189557395c1a9ea1ce5c6b2b0f5285b514fb3cb2", - "test4": "9e210b354332cefcd8c603ffc9e3c36f272a2dcdd697141867832842b9a70b2022b0611cc425085adaf0e14a84112ca47ba7b75e56756688da684f7a163d9706", - "test5": "984f9e5531da22fbf5eef2374187be60e53508f3e158118b46b657104965870ac67571d269b8198af5bf527e6e0f50c21b915fb60977b81f429adcad81f13ab6", - } - - for input, expected := range scenarios { - assert.Equal(t, expected, Sha512Sum(input)) - } -} diff --git a/go/util/web.go b/go/util/web.go deleted file mode 100644 index d0282030c..000000000 --- a/go/util/web.go +++ /dev/null @@ -1,81 +0,0 @@ -// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -package util - -import ( - "encoding/json" - "log" - "net/http" - - "github.com/lunasec-io/lunasec/go/types" -) - -// Respond jsonifies a model and sends it to the client. -func Respond(w http.ResponseWriter, data interface{}) { - resp := types.HTTPResponse{ - Success: true, - Data: &data, - } - - body, err := json.Marshal(resp) - - // TODO standardize outputs into json strings - if err != nil { - RespondError(w, http.StatusInternalServerError, err) - } - - w.Write(body) -} - -// RespondSuccess jsonifies a model and sends it to the client. -func RespondSuccess(w http.ResponseWriter) { - resp := types.HTTPResponse{ - Success: true, - } - - body, err := json.Marshal(resp) - - // TODO standardize outputs into json strings - if err != nil { - RespondError(w, http.StatusInternalServerError, err) - } - - w.Write(body) -} - -// RespondError ... -func RespondError(w http.ResponseWriter, status int, err error) { - log.Printf("Error while processing request: \"%s\"", err) - - // TODO send error code when responding - errorStr := err.Error() - resp := types.HTTPResponse{ - Success: false, - Error: types.ErrorResponse{ - Message: errorStr, - Name: "TokenizerError", // Eventually it would be nice to wrap errors with more info like this name field so the frontend can display more meaningful errors - }, - } - - body, err := json.Marshal(resp) - - if err != nil { - panic(err) - } - - w.WriteHeader(status) - w.Header().Set("Content-Type", "application/json") - w.Write(body) -} diff --git a/lunasec.js b/lunadefend.js similarity index 100% rename from lunasec.js rename to lunadefend.js diff --git a/lunadefend/README.md b/lunadefend/README.md index 483a8d8cc..6d98c69dd 100644 --- a/lunadefend/README.md +++ b/lunadefend/README.md @@ -152,14 +152,12 @@ Currently, the root folder contains all public LunaDefend code: the LunaDefend S applications, documentation, and supporting scripts. -Eventually everything will move to `/lunadefend`. - # MonoRepo Folder Structure We have split LunaDefend's code first by language, and then by purpose. -Our backend services and CLI tools are all written in Golang and live in `/go`. +Our backend services and CLI tools are all written in Golang and live in `/lunadefend/go`. -Our web components and NPM modules are all written in TypeScript and live in `/js/sdks/packages`. +Our web components and NPM modules are all written in TypeScript and live in `/lunadefend/js/sdks/packages`. Our Demo Apps are also written in typescript and live in `/lunadefend/js/demo-apps/packages`. @@ -172,7 +170,7 @@ Demo apps that use our toolkit for testing and demonstration. The react-app and These are our only SDK supported frameworks currently. ### TypeScript/JavaScript SDKs -Path: `/js/sdks/packages` +Path: `/lunadefend/js/sdks/packages` Contains front and backend SDKs. @@ -182,14 +180,14 @@ They're all written in Typescript and outputs to a few different formats: - Browser build (concatenated into one file that's loaded into browser global namespace) ### Secure Frame Front-End -Path: `/js/sdks/packages/secure-frame-iframe` +Path: `/lunadefend/js/sdks/packages/secure-frame-iframe` This holds the SDK frontend components which load into the iframe. The React SDK uses this to isolate sensitive data from front-end apps by using the iframe as an isolated "sandbox". We've hardened this iFrame by adding a very strict Content Security Policy (CSP) that limits the impact of any security issues by heavily restricting network access. ### Tokenizer, Secure Frame Back-End, and CLI -Path: `/go` +Path: `/lunadefend/go` These are the back-end components of the LunaSec stack. They share a common codebase and are built into separate binaries by the entrypoints defined in the `/go/cmd` folder, the most important being the `tokenizerbackend`. diff --git a/api-spec/Dockerfile b/lunadefend/api-spec/Dockerfile similarity index 100% rename from api-spec/Dockerfile rename to lunadefend/api-spec/Dockerfile diff --git a/api-spec/README.md b/lunadefend/api-spec/README.md similarity index 100% rename from api-spec/README.md rename to lunadefend/api-spec/README.md diff --git a/api-spec/schema/full-tokenizer.yaml b/lunadefend/api-spec/schema/full-tokenizer.yaml similarity index 100% rename from api-spec/schema/full-tokenizer.yaml rename to lunadefend/api-spec/schema/full-tokenizer.yaml diff --git a/api-spec/schema/routes/bodies.yaml b/lunadefend/api-spec/schema/routes/bodies.yaml similarity index 100% rename from api-spec/schema/routes/bodies.yaml rename to lunadefend/api-spec/schema/routes/bodies.yaml diff --git a/api-spec/schema/routes/grant-routes.yaml b/lunadefend/api-spec/schema/routes/grant-routes.yaml similarity index 100% rename from api-spec/schema/routes/grant-routes.yaml rename to lunadefend/api-spec/schema/routes/grant-routes.yaml diff --git a/api-spec/schema/routes/metadata-routes.yaml b/lunadefend/api-spec/schema/routes/metadata-routes.yaml similarity index 100% rename from api-spec/schema/routes/metadata-routes.yaml rename to lunadefend/api-spec/schema/routes/metadata-routes.yaml diff --git a/api-spec/schema/routes/tokenize-routes.yaml b/lunadefend/api-spec/schema/routes/tokenize-routes.yaml similarity index 100% rename from api-spec/schema/routes/tokenize-routes.yaml rename to lunadefend/api-spec/schema/routes/tokenize-routes.yaml diff --git a/api-spec/schema/simple-tokenizer.yaml b/lunadefend/api-spec/schema/simple-tokenizer.yaml similarity index 100% rename from api-spec/schema/simple-tokenizer.yaml rename to lunadefend/api-spec/schema/simple-tokenizer.yaml diff --git a/go/.air.toml b/lunadefend/go/.air.toml similarity index 100% rename from go/.air.toml rename to lunadefend/go/.air.toml diff --git a/go/.dockerignore b/lunadefend/go/.dockerignore similarity index 100% rename from go/.dockerignore rename to lunadefend/go/.dockerignore diff --git a/.env.host b/lunadefend/go/.env.host similarity index 93% rename from .env.host rename to lunadefend/go/.env.host index ccb9ac24b..f9ded2c63 100644 --- a/.env.host +++ b/lunadefend/go/.env.host @@ -1,7 +1,7 @@ STAGE=DEV TOKENIZER_URL=http://localhost:37766 ANALYTICS_SERVER=http://localhost:37767 -AUTH_PROVIDERS='{"express-back-end":{"url":"http://localhost:3001"},"graphql-back-end":{"url":"http://localhost:3002"}}' +AUTH_PROVIDERS={"express-back-end":{"url":"http://localhost:3001"},"graphql-back-end":{"url":"http://localhost:3002"}} APPLICATION_FRONT_END=http://localhost:3000 APPLICATION_BACK_END=http://localhost:3001 CDN_HOST=localhost:8000 @@ -11,4 +11,4 @@ AWS_ACCESS_KEY_ID=test AWS_SECRET_ACCESS_KEY=test LOCALSTACK_URL=http://localhost:4566 LOCAL_HTTPS_PROXY=https://localhost:4568 -SESSION_JWKS_URL=http://localhost:3001/.lunasec/jwks.json \ No newline at end of file +SESSION_JWKS_URL=http://localhost:3001/.lunasec/jwks.json diff --git a/go/.gitignore b/lunadefend/go/.gitignore similarity index 100% rename from go/.gitignore rename to lunadefend/go/.gitignore diff --git a/go/.idea/.gitignore b/lunadefend/go/.idea/.gitignore similarity index 100% rename from go/.idea/.gitignore rename to lunadefend/go/.idea/.gitignore diff --git a/go/.idea/encodings.xml b/lunadefend/go/.idea/encodings.xml similarity index 100% rename from go/.idea/encodings.xml rename to lunadefend/go/.idea/encodings.xml diff --git a/go/.idea/modules.xml b/lunadefend/go/.idea/modules.xml similarity index 100% rename from go/.idea/modules.xml rename to lunadefend/go/.idea/modules.xml diff --git a/go/.idea/vcs.xml b/lunadefend/go/.idea/vcs.xml similarity index 100% rename from go/.idea/vcs.xml rename to lunadefend/go/.idea/vcs.xml diff --git a/go/Makefile b/lunadefend/go/Makefile similarity index 100% rename from go/Makefile rename to lunadefend/go/Makefile diff --git a/go/README.md b/lunadefend/go/README.md similarity index 100% rename from go/README.md rename to lunadefend/go/README.md diff --git a/go/cmd/analyticscollector/main_dev.go b/lunadefend/go/cmd/analyticscollector/main_dev.go similarity index 50% rename from go/cmd/analyticscollector/main_dev.go rename to lunadefend/go/cmd/analyticscollector/main_dev.go index ae59ce09e..0326bf909 100644 --- a/go/cmd/analyticscollector/main_dev.go +++ b/lunadefend/go/cmd/analyticscollector/main_dev.go @@ -1,4 +1,4 @@ -// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) +// Copyright 2022 by LunaSec (owned by Refinery Labs, Inc) // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -12,12 +12,23 @@ // See the License for the specific language governing permissions and // limitations under the License. // +// Copyright by LunaSec (owned by Refinery Labs, Inc) +// +// Licensed under the Business Source License v1.1 +// (the "License"); you may not use this file except in compliance with the +// License. You may obtain a copy of the License at +// +// https://github.com/lunasec-io/lunasec/blob/master/licenses/BSL-LunaTrace.txt +// +// See the License for the specific language governing permissions and +// limitations under the License. +// //go:build dev package main -import "github.com/lunasec-io/lunasec/go/pkg/analyticscollector" +import "github.com/lunasec-io/lunasec/lunadefend/go/pkg/analyticscollector" func main() { - analyticscollector.Handler() + analyticscollector.Handler() } diff --git a/go/cmd/analyticscollector/main_lambda.go b/lunadefend/go/cmd/analyticscollector/main_lambda.go similarity index 81% rename from go/cmd/analyticscollector/main_lambda.go rename to lunadefend/go/cmd/analyticscollector/main_lambda.go index ce5625264..87c704bd9 100644 --- a/go/cmd/analyticscollector/main_lambda.go +++ b/lunadefend/go/cmd/analyticscollector/main_lambda.go @@ -17,10 +17,10 @@ package main import ( - "github.com/aws/aws-lambda-go/lambda" - "github.com/lunasec-io/lunasec/go/pkg/analyticscollector" + "github.com/aws/aws-lambda-go/lambda" + "github.com/lunasec-io/lunasec/lunadefend/go/pkg/analyticscollector" ) func main() { - lambda.Start(analyticscollector.Handler) + lambda.Start(analyticscollector.Handler) } diff --git a/lunadefend/go/cmd/containermodifier/main_cli.go b/lunadefend/go/cmd/containermodifier/main_cli.go new file mode 100644 index 000000000..10bd30531 --- /dev/null +++ b/lunadefend/go/cmd/containermodifier/main_cli.go @@ -0,0 +1,64 @@ +// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +//go:build cli + +package main + +import ( + "log" + "os" + + "github.com/lunasec-io/lunasec/lunadefend/go/controller" + "github.com/urfave/cli/v2" +) + +func main() { + log.SetFlags(log.Lshortfile) + + app := &cli.App{ + Name: "lunasec-cli", + Commands: []*cli.Command{ + { + Name: "build", + Aliases: []string{"b"}, + Usage: "Build a secure resolver docker container.", + Flags: []cli.Flag{ + &cli.StringFlag{ + Name: "container-tar", + Usage: "Tar file of container to be modified", + Required: true, + }, + &cli.StringFlag{ + Name: "config", + Usage: "Lunasec config file", + Required: true, + }, + }, + Action: func(c *cli.Context) error { + containerTarFile := c.String("container-tar") + configFile := c.String("config") + containerModifierController := controller.NewContainerModifierController(nil) + containerModifierController.HandleLocalInvoke(containerTarFile, configFile) + return nil + }, + }, + }, + } + + err := app.Run(os.Args) + if err != nil { + log.Fatal(err) + } +} diff --git a/go/cmd/containermodifier/main_lambda.go b/lunadefend/go/cmd/containermodifier/main_lambda.go similarity index 63% rename from go/cmd/containermodifier/main_lambda.go rename to lunadefend/go/cmd/containermodifier/main_lambda.go index 72496582a..20d34fec6 100644 --- a/go/cmd/containermodifier/main_lambda.go +++ b/lunadefend/go/cmd/containermodifier/main_lambda.go @@ -17,17 +17,17 @@ package main import ( - "log" + "log" - "github.com/aws/aws-lambda-go/lambda" - "github.com/lunasec-io/lunasec/go/controller" - "github.com/lunasec-io/lunasec/go/gateway" + "github.com/aws/aws-lambda-go/lambda" + "github.com/lunasec-io/lunasec/lunadefend/go/controller" + "github.com/lunasec-io/lunasec/lunadefend/go/gateway" ) func main() { - log.SetFlags(log.Lshortfile) + log.SetFlags(log.Lshortfile) - ecrGateway := gateway.NewAwsECRGateway() - containerModifierController := controller.NewContainerModifierController(ecrGateway) - lambda.Start(containerModifierController.HandleLambdaInvoke) + ecrGateway := gateway.NewAwsECRGateway() + containerModifierController := controller.NewContainerModifierController(ecrGateway) + lambda.Start(containerModifierController.HandleLambdaInvoke) } diff --git a/lunadefend/go/cmd/runtime/main.go b/lunadefend/go/cmd/runtime/main.go new file mode 100644 index 000000000..e07a25502 --- /dev/null +++ b/lunadefend/go/cmd/runtime/main.go @@ -0,0 +1,147 @@ +// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +package main + +import ( + "context" + "encoding/json" + "errors" + "log" + "net/http" + "os" + "sync" + + "github.com/aws/aws-lambda-go/events" + "github.com/aws/aws-lambda-go/lambda" + tokenizer "github.com/lunasec-io/lunasec/lunadefend/go/pkg/tokenizer" + "github.com/lunasec-io/lunasec/lunadefend/go/service/invoker" + "github.com/lunasec-io/lunasec/lunadefend/go/types/event" + "github.com/lunasec-io/lunasec/lunadefend/go/util" + "go.uber.org/zap" +) + +func startHttpServer(wg *sync.WaitGroup) *http.Server { + server := tokenizer.NewHttpServerSidecar() + + go func() { + defer wg.Done() // let main know we are done cleaning up + + // always returns error. ErrServerClosed on graceful close + if err := server.ListenAndServe(); err != http.ErrServerClosed { + // unexpected error. port in use? + log.Fatalf("ListenAndServe(): %v", err) + } + }() + + // returning reference so caller can call Shutdown() + return server +} + +func verifyContainerSecret(sentContainerSecret string) bool { + containerSecret := os.Getenv("CONTAINER_SECRET") + if containerSecret == "" { + // container secret is not set, we treat this as a validated container secret + return true + } + + return sentContainerSecret == containerSecret +} + +func HandleRequestApiGateway(ctx context.Context, request events.APIGatewayProxyRequest) (events.APIGatewayProxyResponse, error) { + var ( + invokeEvent event.ExecuteFunctionRequest + funcResp event.ExecuteFunctionResponse + ) + + containerSecret := request.Headers["X-Container-Secret"] + if !verifyContainerSecret(containerSecret) { + err := errors.New("unauthorized") + return util.ApiGatewayError(err) + } + + err := json.Unmarshal([]byte(request.Body), &invokeEvent) + if err != nil { + return util.ApiGatewayError(err) + } + + funcResp, err = HandleRequest(ctx, invokeEvent) + if err != nil { + return util.ApiGatewayError(err) + } + + headers := map[string]string{} + return util.MarshalApiGatewayResponse(http.StatusOK, headers, funcResp) +} + +func HandleRequest(ctx context.Context, req event.ExecuteFunctionRequest) (event.ExecuteFunctionResponse, error) { + var ( + logger *zap.Logger + result *json.RawMessage + backpack *json.RawMessage + resp event.ExecuteFunctionResponse + err error + ) + + logger, err = util.GetLogger() + if err != nil { + log.Println("unable to create zap logger", err) + return resp, err + } + + logger.Debug( + "starting tokenizer sidecar", + ) + + httpServerExitDone := &sync.WaitGroup{} + + httpServerExitDone.Add(1) + server := startHttpServer(httpServerExitDone) + defer func() { + err = server.Shutdown(ctx) + if err != nil { + log.Println("error while shutting down server", err) + return + } + httpServerExitDone.Wait() + }() + + logger.Debug( + "starting lambda runtime", + zap.String("functionName", req.FunctionName), + ) + lambdaRuntime := invoker.NewLambdaRuntime(logger, req.FunctionName, req.BlockInput, req.Backpack) + result, backpack, err = lambdaRuntime.Run() + if err != nil { + return resp, err + } + + resp.Result = result + resp.Backpack = backpack + return resp, err +} + +func main() { + log.SetFlags(log.Lshortfile) + + log.Println("Starting runtime...") + + lambdaEnv := os.Getenv("LAMBDA_CALLER") + switch lambdaEnv { + case "API_GATEWAY": + lambda.Start(HandleRequestApiGateway) + default: + lambda.Start(HandleRequest) + } +} diff --git a/lunadefend/go/cmd/tokenizer/main_cli.go b/lunadefend/go/cmd/tokenizer/main_cli.go new file mode 100644 index 000000000..db725c7b6 --- /dev/null +++ b/lunadefend/go/cmd/tokenizer/main_cli.go @@ -0,0 +1,133 @@ +// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +//go:build cli + +package main + +import ( + "log" + "os" + + "github.com/lunasec-io/lunasec/lunadefend/go/pkg/tokenizer" + "github.com/urfave/cli/v2" +) + +func main() { + log.SetFlags(log.Lshortfile) + + app := &cli.App{ + Name: "tokenizer-cli", + Flags: []cli.Flag{ + &cli.StringFlag{ + Name: "url", + Usage: "Tokenizer URL", + Required: true, + }, + &cli.StringFlag{ + Name: "auth-private-key", + Usage: "Auth Private Key", + Required: true, + }, + }, + Commands: []*cli.Command{ + { + Name: "auth", + Description: "Manage tokenizer authentication", + Subcommands: []*cli.Command{ + { + Name: "create", + Description: "Create a valid auth token for the tokenizer.", + Category: "auth", + Action: tokenizer.CreateJwtAuthCommand, + }, + }, + }, + { + Name: "tokenize", + Aliases: []string{"t"}, + Usage: "Tokenize a secret value", + Flags: []cli.Flag{ + &cli.StringFlag{ + Name: "plaintext", + Usage: "Plaintext value to tokenize", + }, + &cli.StringFlag{ + Name: "input", + Usage: "Input file", + }, + }, + Action: tokenizer.TokenizeCommand, + }, + { + Name: "detokenize", + Aliases: []string{"d"}, + Usage: "Detokenize a secret value", + Flags: []cli.Flag{ + &cli.StringFlag{ + Name: "token", + Usage: "Tokenizer token", + Required: true, + }, + &cli.StringFlag{ + Name: "output", + Usage: "Output file", + }, + }, + Action: tokenizer.DetokenizeCommand, + }, + { + Name: "metadata", + Subcommands: []*cli.Command{ + { + Name: "set", + Category: "metadata", + Usage: "Set metadata for a token", + Flags: []cli.Flag{ + &cli.StringFlag{ + Name: "token", + Usage: "Tokenizer Token", + Required: true, + }, + &cli.StringFlag{ + Name: "metadata", + Usage: "Token metadata to set", + Required: true, + }, + }, + Action: tokenizer.SetMetadataCommand, + }, + { + Name: "get", + Category: "metadata", + Usage: "Get metadata for a token", + Flags: []cli.Flag{ + &cli.StringFlag{ + Name: "token", + Usage: "Tokenizer Token", + Required: true, + }, + }, + Action: tokenizer.GetMetadataCommand, + }, + }, + }, + }, + } + + err := app.Run(os.Args) + if err != nil { + log.Fatal(err) + } +} diff --git a/go/cmd/tokenizer/main_dev.go b/lunadefend/go/cmd/tokenizer/main_dev.go similarity index 81% rename from go/cmd/tokenizer/main_dev.go rename to lunadefend/go/cmd/tokenizer/main_dev.go index 81927a50d..08c02f184 100644 --- a/go/cmd/tokenizer/main_dev.go +++ b/lunadefend/go/cmd/tokenizer/main_dev.go @@ -17,12 +17,12 @@ package main import ( - "log" + "log" - "github.com/lunasec-io/lunasec/go/pkg/tokenizer" + "github.com/lunasec-io/lunasec/lunadefend/go/pkg/tokenizer" ) func main() { - server := tokenizer.NewLocalDevServer() - log.Fatal(server.ListenAndServe()) + server := tokenizer.NewLocalDevServer() + log.Fatal(server.ListenAndServe()) } diff --git a/go/cmd/tokenizer/main_lambda.go b/lunadefend/go/cmd/tokenizer/main_lambda.go similarity index 78% rename from go/cmd/tokenizer/main_lambda.go rename to lunadefend/go/cmd/tokenizer/main_lambda.go index 935240a0f..be45ade26 100644 --- a/go/cmd/tokenizer/main_lambda.go +++ b/lunadefend/go/cmd/tokenizer/main_lambda.go @@ -17,11 +17,11 @@ package main import ( - "github.com/aws/aws-lambda-go/lambda" - "github.com/lunasec-io/lunasec/go/pkg/tokenizer" + "github.com/aws/aws-lambda-go/lambda" + "github.com/lunasec-io/lunasec/lunadefend/go/pkg/tokenizer" ) func main() { - gatewayServer := tokenizer.NewApiGatewayServer() - lambda.StartHandler(gatewayServer) + gatewayServer := tokenizer.NewApiGatewayServer() + lambda.StartHandler(gatewayServer) } diff --git a/go/cmd/tokenizerbackend/main_dev.go b/lunadefend/go/cmd/tokenizerbackend/main_dev.go similarity index 70% rename from go/cmd/tokenizerbackend/main_dev.go rename to lunadefend/go/cmd/tokenizerbackend/main_dev.go index 061bd94fc..ff55a1485 100644 --- a/go/cmd/tokenizerbackend/main_dev.go +++ b/lunadefend/go/cmd/tokenizerbackend/main_dev.go @@ -17,16 +17,16 @@ package main import ( - "log" + "log" - "github.com/lunasec-io/lunasec/go/pkg/tokenizerbackend" + "github.com/lunasec-io/lunasec/lunadefend/go/pkg/tokenizerbackend" ) func main() { - logger, provider, gateways := tokenizerBackendDependencies() + logger, provider, gateways := tokenizerBackendDependencies() - log.SetFlags(log.Lshortfile) - server := tokenizerbackend.NewDevServer(logger, provider, gateways) - log.Fatal(server.ListenAndServe()) + log.SetFlags(log.Lshortfile) + server := tokenizerbackend.NewDevServer(logger, provider, gateways) + log.Fatal(server.ListenAndServe()) } diff --git a/go/cmd/tokenizerbackend/main_dummy.go b/lunadefend/go/cmd/tokenizerbackend/main_dummy.go similarity index 100% rename from go/cmd/tokenizerbackend/main_dummy.go rename to lunadefend/go/cmd/tokenizerbackend/main_dummy.go diff --git a/go/cmd/tokenizerbackend/main_lambda.go b/lunadefend/go/cmd/tokenizerbackend/main_lambda.go similarity index 50% rename from go/cmd/tokenizerbackend/main_lambda.go rename to lunadefend/go/cmd/tokenizerbackend/main_lambda.go index b5f07c3c7..ef3d7da02 100644 --- a/go/cmd/tokenizerbackend/main_lambda.go +++ b/lunadefend/go/cmd/tokenizerbackend/main_lambda.go @@ -17,43 +17,43 @@ package main import ( - "context" - "errors" - "github.com/aws/aws-lambda-go/events" - "github.com/aws/aws-lambda-go/lambda" - "github.com/lunasec-io/lunasec/go/pkg/tokenizerbackend" + "context" + "errors" + "github.com/aws/aws-lambda-go/events" + "github.com/aws/aws-lambda-go/lambda" + "github.com/lunasec-io/lunasec/lunadefend/go/pkg/tokenizerbackend" ) var ( - logger, provider, gateways = tokenizerBackendDependencies() - gatewayServer = tokenizerbackend.NewApiGatewayServer(logger, provider, gateways) + logger, provider, gateways = tokenizerBackendDependencies() + gatewayServer = tokenizerbackend.NewApiGatewayServer(logger, provider, gateways) ) func Handler(ctx context.Context, req events.APIGatewayProxyRequest) (events.APIGatewayProxyResponse, error) { - defer func() { - var err error - if r := recover(); r != nil { - switch x := r.(type) { - case string: - err = errors.New(x) - case error: - err = x - default: - err = errors.New("unknown panic") - } - } - - gateways.CW.PushMetrics() - - if err != nil { - panic(err) - } - }() - - // If no name is provided in the HTTP request body, throw an error - return gatewayServer.ProxyWithContext(ctx, req) + defer func() { + var err error + if r := recover(); r != nil { + switch x := r.(type) { + case string: + err = errors.New(x) + case error: + err = x + default: + err = errors.New("unknown panic") + } + } + + gateways.CW.PushMetrics() + + if err != nil { + panic(err) + } + }() + + // If no name is provided in the HTTP request body, throw an error + return gatewayServer.ProxyWithContext(ctx, req) } func main() { - lambda.Start(Handler) + lambda.Start(Handler) } diff --git a/go/cmd/tokenizerbackend/provide.go b/lunadefend/go/cmd/tokenizerbackend/provide.go similarity index 68% rename from go/cmd/tokenizerbackend/provide.go rename to lunadefend/go/cmd/tokenizerbackend/provide.go index 8d113ac97..90b81405e 100644 --- a/go/cmd/tokenizerbackend/provide.go +++ b/lunadefend/go/cmd/tokenizerbackend/provide.go @@ -15,23 +15,23 @@ package main import ( + "github.com/lunasec-io/lunasec/lunadefend/go/gateway" + "github.com/lunasec-io/lunasec/lunadefend/go/util" "go.uber.org/config" "go.uber.org/zap" "log" - "github.com/lunasec-io/lunasec/go/gateway" - "github.com/lunasec-io/lunasec/go/util" ) func tokenizerBackendDependencies() (*zap.Logger, config.Provider, gateway.Gateways) { - logger, err := util.GetLogger() - if err != nil { - log.Println(err) - panic(err) - } + logger, err := util.GetLogger() + if err != nil { + log.Println(err) + panic(err) + } - provider := util.GetConfigProviderFromDir("config/tokenizerbackend") + provider := util.GetConfigProviderFromDir("config/tokenizerbackend") - gateways := gateway.GetAwsGateways(logger, provider) + gateways := gateway.GetAwsGateways(logger, provider) - return logger, provider, gateways + return logger, provider, gateways } diff --git a/go/config/analyticscollector/config.yaml b/lunadefend/go/config/analyticscollector/config.yaml similarity index 100% rename from go/config/analyticscollector/config.yaml rename to lunadefend/go/config/analyticscollector/config.yaml diff --git a/go/config/tokenizer/config.yaml b/lunadefend/go/config/tokenizer/config.yaml similarity index 100% rename from go/config/tokenizer/config.yaml rename to lunadefend/go/config/tokenizer/config.yaml diff --git a/go/config/tokenizerbackend/config.yaml b/lunadefend/go/config/tokenizerbackend/config.yaml similarity index 79% rename from go/config/tokenizerbackend/config.yaml rename to lunadefend/go/config/tokenizerbackend/config.yaml index 9876dbed2..0e028b9fc 100644 --- a/go/config/tokenizerbackend/config.yaml +++ b/lunadefend/go/config/tokenizerbackend/config.yaml @@ -21,9 +21,10 @@ aws_gateway: session_controller: auth_providers: ${AUTH_PROVIDERS} secure_frame_controller: - views_path: ${SECURE_FRAME_VIEWS_PATH:views/tokenizerbackend} + views_path: ${SECURE_FRAME_VIEWS_PATH:"views/tokenizerbackend"} cdn_config: ${SECURE_FRAME_CDN_CONFIG} - tokenizer_url: ${TOKENIZER_URL:""} # the url that the iframe will use to call back into the tokenizer, defaults to window.location if left empty + # the url that the iframe will use to call back into the tokenizer, defaults to window.location if left empty + tokenizer_url: ${TOKENIZER_URL:""} tokenizer: secret_arn: ${TOKENIZER_SECRET_ARN:""} auth_jwt_verifier: @@ -35,6 +36,6 @@ grant_service: grant_default_duration: ${GRANT_DEFAULT_DURATION:"15m"} grant_maximum_duration: ${GRANT_MAXIMUM_DURATION:"1h"} metrics: - disable: ${METRICS_DISABLED:false} + disable: ${METRICS_DISABLED:"false"} provider: ${METRICS_PROVIDER:"aws_cloudwatch"} - disable_usage_statistics: ${METRICS_DISABLE_USAGE_STATISTICS:false} + disable_usage_statistics: ${METRICS_DISABLE_USAGE_STATISTICS:"false"} diff --git a/go/config/tokenizerbackend/dev.yaml b/lunadefend/go/config/tokenizerbackend/dev.yaml similarity index 83% rename from go/config/tokenizerbackend/dev.yaml rename to lunadefend/go/config/tokenizerbackend/dev.yaml index 3d36a5f14..d4fdfbb55 100644 --- a/go/config/tokenizerbackend/dev.yaml +++ b/lunadefend/go/config/tokenizerbackend/dev.yaml @@ -1,7 +1,7 @@ secure_frame_controller: cdn_config: protocol: ${CDN_PROTOCOL:http} - host: ${CDN_HOST} + host: ${CDN_HOST:"localhost:8000"} main_script: js/main-dev.js main_style: main.css tokenizer_url: ${REACT_APP_TOKENIZER_URL:"http://localhost:37766"} diff --git a/go/constants/application.go b/lunadefend/go/constants/application.go similarity index 100% rename from go/constants/application.go rename to lunadefend/go/constants/application.go diff --git a/go/constants/auth.go b/lunadefend/go/constants/auth.go similarity index 100% rename from go/constants/auth.go rename to lunadefend/go/constants/auth.go diff --git a/go/constants/aws.go b/lunadefend/go/constants/aws.go similarity index 100% rename from go/constants/aws.go rename to lunadefend/go/constants/aws.go diff --git a/go/constants/buildmeta.go b/lunadefend/go/constants/buildmeta.go similarity index 100% rename from go/constants/buildmeta.go rename to lunadefend/go/constants/buildmeta.go diff --git a/go/constants/config.go b/lunadefend/go/constants/config.go similarity index 100% rename from go/constants/config.go rename to lunadefend/go/constants/config.go diff --git a/lunadefend/go/constants/containermodifier.go b/lunadefend/go/constants/containermodifier.go new file mode 100644 index 000000000..71b5ca758 --- /dev/null +++ b/lunadefend/go/constants/containermodifier.go @@ -0,0 +1,77 @@ +// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +package constants + +import "github.com/lunasec-io/lunasec/lunadefend/go/types" + +type Runtime string + +const ( + NodeJS10 Runtime = "nodejs10.x" + Python36 Runtime = "python3.6" + Docker Runtime = "docker" +) + +type RuntimeCommand string + +const ( + NodeCommand RuntimeCommand = "node" + PythonCommand RuntimeCommand = "python" +) + +type RuntimeModuleEnvVar string + +const ( + NodeModuleEnvVar RuntimeModuleEnvVar = "NODE_PATH" + PythonModuleEnvVar RuntimeModuleEnvVar = "PYTHONPATH" +) + +type RuntimeHandler string + +const ( + NodeHandler RuntimeHandler = "container_lambda_function.js" + PythonHandler RuntimeHandler = "container_lambda_function.py" +) + +type RuntimeConfig struct { + Command RuntimeCommand + ModuleEnvVar RuntimeModuleEnvVar + Handler RuntimeHandler +} + +var ( + RuntimeToRuntimeConfig = map[Runtime]RuntimeConfig{ + NodeJS10: { + NodeCommand, + NodeModuleEnvVar, + NodeHandler, + }, + Python36: { + PythonCommand, + PythonModuleEnvVar, + PythonHandler, + }, + } +) + +var ( + // TODO (cthompson) will this change between different runtimes? + SingleFunctionContainerConfig = types.FunctionConfig{ + ImportPath: "refinery_main", + FunctionName: "main", + WorkDir: "", + Env: map[string]string{}, + } +) diff --git a/go/constants/grant.go b/lunadefend/go/constants/grant.go similarity index 100% rename from go/constants/grant.go rename to lunadefend/go/constants/grant.go diff --git a/go/constants/http.go b/lunadefend/go/constants/http.go similarity index 100% rename from go/constants/http.go rename to lunadefend/go/constants/http.go diff --git a/go/constants/lunasecservices.go b/lunadefend/go/constants/lunasecservices.go similarity index 100% rename from go/constants/lunasecservices.go rename to lunadefend/go/constants/lunasecservices.go diff --git a/go/constants/metrics/tokenizerbackend.go b/lunadefend/go/constants/metrics/tokenizerbackend.go similarity index 100% rename from go/constants/metrics/tokenizerbackend.go rename to lunadefend/go/constants/metrics/tokenizerbackend.go diff --git a/go/constants/metricsproviders.go b/lunadefend/go/constants/metricsproviders.go similarity index 100% rename from go/constants/metricsproviders.go rename to lunadefend/go/constants/metricsproviders.go diff --git a/go/constants/runtime.go b/lunadefend/go/constants/runtime.go similarity index 100% rename from go/constants/runtime.go rename to lunadefend/go/constants/runtime.go diff --git a/go/constants/tokenizer.go b/lunadefend/go/constants/tokenizer.go similarity index 100% rename from go/constants/tokenizer.go rename to lunadefend/go/constants/tokenizer.go diff --git a/lunadefend/go/controller/containermodifier.go b/lunadefend/go/controller/containermodifier.go new file mode 100644 index 000000000..bd000125a --- /dev/null +++ b/lunadefend/go/controller/containermodifier.go @@ -0,0 +1,248 @@ +// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +package controller + +import ( + "bytes" + "fmt" + "go.uber.org/zap" + "log" + + v1 "github.com/google/go-containerregistry/pkg/v1" + "github.com/google/go-containerregistry/pkg/v1/tarball" + "github.com/lunasec-io/lunasec/lunadefend/go/gateway" + "github.com/lunasec-io/lunasec/lunadefend/go/pkg/containermodifier" + "github.com/lunasec-io/lunasec/lunadefend/go/service" + "github.com/lunasec-io/lunasec/lunadefend/go/types" + "github.com/lunasec-io/lunasec/lunadefend/go/types/event" + "github.com/lunasec-io/lunasec/lunadefend/go/util" +) + +type ContainerModifierController interface { + HandleLambdaInvoke(invokeEvent event.ContainerModifyEvent) (resp event.ContainerModifyResponse, err error) + HandleLocalInvoke(containerTarFile, configFile string) +} + +type containerModifierController struct { + // TODO (cthompson) container modifier should be deployed with a bucket configured for it + ecrGateway gateway.AwsECRGateway +} + +func NewContainerModifierController( + ecrGateway gateway.AwsECRGateway, +) ContainerModifierController { + return &containerModifierController{ + ecrGateway: ecrGateway, + } +} + +func getContainerLayerFromS3(s3 gateway.AwsS3Gateway, key string) (layer v1.Layer, err error) { + tarData, err := s3.GetObject(key) + if err != nil { + log.Println(err) + return + } + tarReader := bytes.NewReader(tarData) + return tarball.LayerFromReader(tarReader) +} + +func (c *containerModifierController) getContainerModifierForLambdaInvoke(invokeEvent event.ContainerModifyEvent) (modifier service.DockerContainerModifier, err error) { + options, err := gateway.LoadCraneOptions(c.ecrGateway) + if err != nil { + log.Println(err) + return + } + + dockerManager := service.NewDockerManager(options) + + modifier = service.NewDockerContainerModifier( + invokeEvent.BaseImage, + invokeEvent.ShouldModifyEntrypoint(), + dockerManager, + ) + return +} + +func (c *containerModifierController) getContainerModifierForLocalInvoke(containerTarFile string) service.DockerContainerModifier { + return service.NewDockerContainerModifier( + containerTarFile, + true, + nil, + ) +} + +func (c *containerModifierController) buildFunctionConfigLayer(base v1.Image, runtime string, functions []types.FunctionConfig) (layer v1.Layer, err error) { + imgConfigFile, err := base.ConfigFile() + if err != nil { + log.Println(err) + return + } + workDir := imgConfigFile.Config.WorkingDir + + return containermodifier.CreateFunctionConfigLayer(workDir, runtime, functions) +} + +func (c *containerModifierController) createFunctionLayers(base v1.Image, invokeEvent event.ContainerModifyEvent) (functionLayers []v1.Layer, err error) { + s3Config := gateway.NewAwsS3GatewayConfig("us-west-2", invokeEvent.ImageFiles.Bucket) + provider, err := util.GetStaticConfigProvider(s3Config) + if err != nil { + log.Println(err) + return + } + + logger, err := zap.NewProduction() + if err != nil { + log.Println(err) + return + } + + sess, err := gateway.NewAwsSession(logger, provider) + if err != nil { + log.Println(err) + return + } + + s3Gateway := gateway.NewAwsS3Gateway(logger, provider, sess) + + functionFilesLayer, err := getContainerLayerFromS3(s3Gateway, invokeEvent.ImageFiles.Key) + if err != nil { + log.Println(err) + return + } + + runtimeLayers, err := util.LoadRuntimeLayers() + if err != nil { + log.Println(err) + return + } + + functionConfigLayer, err := c.buildFunctionConfigLayer(base, invokeEvent.Runtime, invokeEvent.Functions) + if err != nil { + log.Println(err) + return + } + functionLayers = []v1.Layer{ + functionFilesLayer, + functionConfigLayer, + } + functionLayers = append(functionLayers, runtimeLayers...) + return +} + +func (c *containerModifierController) HandleLambdaInvoke(invokeEvent event.ContainerModifyEvent) (resp event.ContainerModifyResponse, err error) { + var ( + appendLayers []v1.Layer + newImg v1.Image + ) + + modifier, err := c.getContainerModifierForLambdaInvoke(invokeEvent) + if err != nil { + log.Println(err) + return + } + + base, err := modifier.LoadImageFromRemote() + if err != nil { + log.Println(err) + return + } + + newTag := fmt.Sprintf("%s/%s", invokeEvent.Registry, invokeEvent.NewImageName) + + log.Println("Creating function files layer...") + if invokeEvent.ShouldModifyEntrypoint() { + appendLayers, err = c.createFunctionLayers(base, invokeEvent) + if err != nil { + log.Println(err) + return + } + + log.Println("Modifying docker image...") + newImg, err = modifier.AppendLayersToBaseImage(base, appendLayers) + if err != nil { + log.Println(err) + return + } + } else { + newImg = base + } + + containerHash, err := newImg.Digest() + if err != nil { + log.Println(err) + return + } + + deploymentID, err := modifier.GetImageDeploymentID(base) + if err != nil { + log.Println(err) + return + } + + modifier.PushImageToRemote(newImg, newTag) + + resp = event.ContainerModifyResponse{ + Tag: containerHash.String(), + DeploymentID: deploymentID, + } + return +} + +func (c *containerModifierController) HandleLocalInvoke(containerTarFile, configFile string) { + functionConfig, err := containermodifier.LoadFunctionConfig(configFile) + if err != nil { + panic(err) + } + + modifier := c.getContainerModifierForLocalInvoke(containerTarFile) + + base, err := modifier.LoadImageFromFile() + if err != nil { + log.Println(err) + return + } + + runtimeLayers, err := util.LoadRuntimeLayersFromTar() + if err != nil { + log.Println(err) + return + } + + functionConfigLayer, err := c.buildFunctionConfigLayer(base, functionConfig.Runtime, functionConfig.Functions) + if err != nil { + log.Println(err) + return + } + + appendLayers := []v1.Layer{ + functionConfigLayer, + } + appendLayers = append(appendLayers, runtimeLayers...) + + img, err := modifier.AppendLayersToBaseImage(base, appendLayers) + if err != nil { + log.Println(err) + return + } + + newTag, newFilename := containermodifier.GetNewContainerNames(containerTarFile) + + log.Printf("saving modified container image to: %s\n", newFilename) + err = modifier.SaveImageToFile(img, newTag, newFilename) + if err != nil { + log.Println(err) + return + } +} diff --git a/lunadefend/go/controller/grant.go b/lunadefend/go/controller/grant.go new file mode 100644 index 000000000..8aaa945b2 --- /dev/null +++ b/lunadefend/go/controller/grant.go @@ -0,0 +1,117 @@ +// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +package controller + +import ( + "encoding/json" + "github.com/lunasec-io/lunasec/lunadefend/go/constants" + "github.com/lunasec-io/lunasec/lunadefend/go/controller/request" + "io/ioutil" + "log" + "net/http" + + "github.com/lunasec-io/lunasec/lunadefend/go/service" + "github.com/lunasec-io/lunasec/lunadefend/go/types" + "github.com/lunasec-io/lunasec/lunadefend/go/types/event" + "github.com/lunasec-io/lunasec/lunadefend/go/util" +) + +type grantController struct { + grant service.GrantService + jwtVerifier service.JwtVerifier +} + +// GrantController ... +type GrantController interface { + SetGrant(w http.ResponseWriter, req *http.Request) + VerifyGrant(w http.ResponseWriter, req *http.Request) +} + +// NewGrantController ... +func NewGrantController(grant service.GrantService, jwtVerifier service.JwtVerifier) GrantController { + return &grantController{ + grant: grant, + jwtVerifier: jwtVerifier, + } +} + +func (s *grantController) getSessionID(r *http.Request) (sessionID string, err error) { + accessToken, err := request.GetJwtToken(r) + if err != nil { + return + } + + claims, err := s.jwtVerifier.VerifyWithSessionClaims(accessToken) + if err != nil { + return + } + sessionID = claims.SessionID + return +} + +func (s *grantController) SetGrant(w http.ResponseWriter, r *http.Request) { + log.Printf("Received SetGrant request") + + input := event.GrantSetRequest{} + b, err := ioutil.ReadAll(r.Body) + + if err != nil { + util.RespondError(w, http.StatusBadRequest, err) + return + } + + if err := json.Unmarshal(b, &input); err != nil { + util.RespondError(w, http.StatusBadRequest, err) + return + } + + if err := s.grant.SetTokenGrantForSession(types.Token(input.TokenID), input.SessionID, constants.TokenFullAccess, input.CustomDuration); err != nil { + util.RespondError(w, http.StatusInternalServerError, err) + return + } + + resp := event.GrantSetResponse{} + + util.Respond(w, resp) +} + +func (s *grantController) VerifyGrant(w http.ResponseWriter, r *http.Request) { + log.Printf("Received VerifyGrant request") + + input := event.GrantVerifyRequest{} + b, err := ioutil.ReadAll(r.Body) + + if err != nil { + util.RespondError(w, http.StatusBadRequest, err) + return + } + + if err := json.Unmarshal(b, &input); err != nil { + util.RespondError(w, http.StatusBadRequest, err) + return + } + + valid, err := s.grant.ValidTokenGrantExistsForSession(types.Token(input.TokenID), input.SessionID, constants.TokenFullAccess) + if err != nil { + util.RespondError(w, http.StatusInternalServerError, err) + return + } + + resp := event.GrantVerifyResponse{ + Valid: valid, + } + + util.Respond(w, resp) +} diff --git a/lunadefend/go/controller/metadata.go b/lunadefend/go/controller/metadata.go new file mode 100644 index 000000000..e9852144f --- /dev/null +++ b/lunadefend/go/controller/metadata.go @@ -0,0 +1,117 @@ +// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +package controller + +import ( + "encoding/json" + "github.com/lunasec-io/lunasec/lunadefend/go/util/auth" + "github.com/pkg/errors" + "io/ioutil" + "log" + "net/http" + + "github.com/lunasec-io/lunasec/lunadefend/go/service" + "github.com/lunasec-io/lunasec/lunadefend/go/types" + "github.com/lunasec-io/lunasec/lunadefend/go/types/event" + "github.com/lunasec-io/lunasec/lunadefend/go/util" +) + +type metaController struct { + meta service.MetadataService + jwtVerifier service.JwtVerifier + grant service.GrantService +} + +// MetaController ... +type MetaController interface { + GetMetadata(w http.ResponseWriter, req *http.Request) + SetMetadata(w http.ResponseWriter, req *http.Request) +} + +// NewMetaController ... +func NewMetaController(meta service.MetadataService, jwtVerifier service.JwtVerifier, grant service.GrantService) MetaController { + return &metaController{ + meta: meta, + jwtVerifier: jwtVerifier, + grant: grant, + } +} + +// GetMetadata ... +func (s *metaController) GetMetadata(w http.ResponseWriter, r *http.Request) { + log.Printf("Received GetMetadata request") + + input := event.MetadataGetRequest{} + b, err := ioutil.ReadAll(r.Body) + if err != nil { + util.RespondError(w, http.StatusBadRequest, err) + return + } + + if err := json.Unmarshal(b, &input); err != nil { + util.RespondError(w, http.StatusBadRequest, err) + return + } + + meta, err := s.meta.GetMetadata(types.Token(input.TokenID)) + if err != nil { + statusCode := 500 + if err.Error() == "unable to locate metadata for token" { + statusCode = 404 + } + util.RespondError(w, statusCode, err) + return + } + + resp := event.MetadataGetResponse{ + Metadata: meta.CustomMetadata, + } + + util.Respond(w, resp) +} + +// SetMetadata ... +func (s *metaController) SetMetadata(w http.ResponseWriter, r *http.Request) { + log.Printf("Received SetMetadata request") + + input := event.MetadataSetRequest{} + b, err := ioutil.ReadAll(r.Body) + + if err != nil { + util.RespondError(w, http.StatusBadRequest, err) + return + } + + if err := json.Unmarshal(b, &input); err != nil { + util.RespondError(w, http.StatusBadRequest, err) + return + } + + claims, err := auth.GetRequestClaims(s.jwtVerifier, r) + if err != nil { + err = errors.Wrap(err, "unable to verify token jwt with claims") + util.RespondError(w, http.StatusBadRequest, err) + return + } + + if err := s.meta.SetMetadata(types.Token(input.TokenID), claims, input.Metadata); err != nil { + util.RespondError(w, http.StatusInternalServerError, err) + return + } + + resp := event.MetadataSetResponse{} + + util.Respond(w, resp) +} diff --git a/lunadefend/go/controller/middleware.go b/lunadefend/go/controller/middleware.go new file mode 100644 index 000000000..df13504a0 --- /dev/null +++ b/lunadefend/go/controller/middleware.go @@ -0,0 +1,67 @@ +// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +package controller + +import ( + "fmt" + "github.com/lunasec-io/lunasec/lunadefend/go/constants" + metricsgateway "github.com/lunasec-io/lunasec/lunadefend/go/gateway/metrics" + "github.com/lunasec-io/lunasec/lunadefend/go/types" + "net/http" + "net/http/httputil" + + "github.com/lunasec-io/lunasec/lunadefend/go/service" + "go.uber.org/config" +) + +var WithNoAuth = func( + allowedSubjects []constants.JwtSubject, + handlerFunc http.HandlerFunc, +) http.HandlerFunc { + return handlerFunc +} + +func WithCSP(provider config.Provider) types.Middleware { + csp := service.CreateCSPMiddleware(provider) + return csp.Middleware() +} + +func WithMetrics(cloudwatch metricsgateway.AwsCloudwatchGateway) types.Middleware { + return func(next http.HandlerFunc) http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + next.ServeHTTP(w, r) + cloudwatch.PushMetrics() + } + } +} + +func WithJSONContentType(next http.HandlerFunc) http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + w.Header().Set("Content-Type", "application/json") + next.ServeHTTP(w, r) + } +} + +func WithHttpLogging(next http.HandlerFunc) http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + dump, err := httputil.DumpRequest(r, true) + if err == nil { + fmt.Printf("%s", string(dump)) + } else { + fmt.Printf("error while dumping request: %v", err) + } + next.ServeHTTP(w, r) + } +} diff --git a/go/controller/request/session.go b/lunadefend/go/controller/request/session.go similarity index 52% rename from go/controller/request/session.go rename to lunadefend/go/controller/request/session.go index dfe7e593f..45e57b525 100644 --- a/go/controller/request/session.go +++ b/lunadefend/go/controller/request/session.go @@ -15,41 +15,41 @@ package request import ( - "fmt" - "net/http" + "fmt" + "net/http" - "github.com/lunasec-io/lunasec/go/constants" - "github.com/pkg/errors" + "github.com/lunasec-io/lunasec/lunadefend/go/constants" + "github.com/pkg/errors" ) func GetJwtToken(r *http.Request) (token string, err error) { - token = r.Header.Get(constants.JwtAuthHeader) - if token != "" { - return - } + token = r.Header.Get(constants.JwtAuthHeader) + if token != "" { + return + } - token, _ = GetDataAccessToken(r) - if token != "" { - return - } - err = errors.New("jwt token not present in request") - return + token, _ = GetDataAccessToken(r) + if token != "" { + return + } + err = errors.New("jwt token not present in request") + return } func GetDataAccessToken(r *http.Request) (dataAccessToken string, err error) { - dataAccessTokenCookie, err := r.Cookie(constants.DataAccessTokenCookie) - if err != nil { - err = errors.Wrap(err, fmt.Sprintf("expected cookie header: %s", constants.DataAccessTokenCookie)) - return - } - return dataAccessTokenCookie.Value, err + dataAccessTokenCookie, err := r.Cookie(constants.DataAccessTokenCookie) + if err != nil { + err = errors.Wrap(err, fmt.Sprintf("expected cookie header: %s", constants.DataAccessTokenCookie)) + return + } + return dataAccessTokenCookie.Value, err } func GetStateCookie(r *http.Request) (stateCookie *http.Cookie, err error) { - stateCookie, err = r.Cookie(constants.AuthStateCookie) - if err != nil { - err = errors.Wrap(err, fmt.Sprintf("expected cookie header: %s", constants.AuthStateCookie)) - return - } - return stateCookie, err + stateCookie, err = r.Cookie(constants.AuthStateCookie) + if err != nil { + err = errors.Wrap(err, fmt.Sprintf("expected cookie header: %s", constants.AuthStateCookie)) + return + } + return stateCookie, err } diff --git a/lunadefend/go/controller/secureframe.go b/lunadefend/go/controller/secureframe.go new file mode 100644 index 000000000..2b150c602 --- /dev/null +++ b/lunadefend/go/controller/secureframe.go @@ -0,0 +1,138 @@ +// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +package controller + +import ( + "fmt" + "html/template" + "net/http" + "net/url" + "path" + + "github.com/Joker/jade" + "github.com/lunasec-io/lunasec/lunadefend/go/service" + "github.com/lunasec-io/lunasec/lunadefend/go/types" + "github.com/lunasec-io/lunasec/lunadefend/go/util" + "github.com/pkg/errors" + "go.uber.org/config" + "go.uber.org/zap" +) + +type secureFrameController struct { + SecureFrameControllerConfig + logger *zap.Logger + indexTpl *template.Template +} + +type SecureFrameControllerConfig struct { + ViewsPath string `yaml:"views_path"` + CdnConfig types.CDNConfig `yaml:"cdn_config"` + TokenizerURL string `yaml:"tokenizer_url"` +} + +type SecureFrameController interface { + Frame(w http.ResponseWriter, r *http.Request) +} + +func NewSecureFrameController( + logger *zap.Logger, + provider config.Provider, +) (controller SecureFrameController, err error) { + var controllerConfig SecureFrameControllerConfig + err = provider.Get("secure_frame_controller").Populate(&controllerConfig) + if err != nil { + return + } + + jadeTpl, err := jade.ParseFile(getView(controllerConfig.ViewsPath, "index")) + if err != nil { + err = errors.Wrap(err, "unable to parse jade template file") + return + } + + indexTpl, err := template.New("html").Parse(jadeTpl) + if err != nil { + err = errors.Wrap(err, "unable to create html template") + return + } + + controller = &secureFrameController{ + SecureFrameControllerConfig: controllerConfig, + logger: logger, + indexTpl: indexTpl, + } + return +} + +func (s *secureFrameController) Frame(w http.ResponseWriter, r *http.Request) { + var ( + err error + ) + + referer := r.Header.Get("referer") + + if referer == "" { + util.RespondError(w, http.StatusBadRequest, errors.New("missing origin for request")) + return + } + + query := r.URL.Query() + + nonce := query.Get("n") + + if nonce == "" { + util.RespondError(w, http.StatusBadRequest, errors.New("missing unique id for request")) + return + } + + tokenizerURL := s.SecureFrameControllerConfig.TokenizerURL + + apiGatewayTokenizerURL := util.GetAPIGatewayTokenizerURL(r) + if apiGatewayTokenizerURL != "" { + tokenizerURL = apiGatewayTokenizerURL + } + + scriptURL := url.URL{ + Scheme: s.CdnConfig.Protocol, + Host: s.CdnConfig.Host, + Path: s.CdnConfig.MainScript, + } + + styleURL := url.URL{ + Scheme: s.CdnConfig.Protocol, + Host: s.CdnConfig.Host, + Path: s.CdnConfig.MainStyle, + } + + templateVars := types.FrameVars{ + CSPNonce: service.Nonce(r.Context()), + RequestOrigin: referer, + RequestNonce: nonce, + ScriptUrl: scriptURL.String(), + StyleUrl: styleURL.String(), + BackendUrl: tokenizerURL, + } + + w.Header().Set("Content-Type", "text/html") + err = s.indexTpl.Execute(w, templateVars) + if err != nil { + s.logger.Error("error returning website", zap.Error(err)) + util.RespondError(w, http.StatusBadRequest, errors.New("error returning website")) + } +} + +func getView(viewsPath, view string) string { + return path.Join(viewsPath, fmt.Sprintf("%s.pug", view)) +} diff --git a/lunadefend/go/controller/session.go b/lunadefend/go/controller/session.go new file mode 100644 index 000000000..1571140e4 --- /dev/null +++ b/lunadefend/go/controller/session.go @@ -0,0 +1,319 @@ +// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +package controller + +import ( + "net/http" + "net/url" + "time" + + "github.com/google/uuid" + "github.com/lunasec-io/lunasec/lunadefend/go/constants" + "github.com/lunasec-io/lunasec/lunadefend/go/controller/request" + "github.com/lunasec-io/lunasec/lunadefend/go/gateway" + "github.com/lunasec-io/lunasec/lunadefend/go/service" + "github.com/lunasec-io/lunasec/lunadefend/go/types/event" + "github.com/lunasec-io/lunasec/lunadefend/go/util" + "github.com/pkg/errors" + "go.uber.org/config" + "go.uber.org/zap" +) + +const ( + defaultCallbackPath = "/.lunasec/secure-frame" +) + +type AuthProviderType string + +const ( + BackendApplicationAuthProvider AuthProviderType = "backend_application" +) + +type AuthProviderConfig struct { + Url string `yaml:"url"` + Type AuthProviderType `yaml:"type"` + Default bool `yaml:"default"` +} + +type AuthProviderLookup map[string]AuthProviderConfig + +type SessionControllerConfig struct { + AuthProviders AuthProviderLookup `yaml:"auth_providers"` +} + +type sessionController struct { + SessionControllerConfig + logger *zap.Logger + kv gateway.AwsDynamoGateway + authProviderJwtVerifier service.JwtVerifier + authProviders AuthProviderLookup + defaultAuthProvider AuthProviderConfig +} + +type SessionController interface { + SessionEnsure(w http.ResponseWriter, r *http.Request) + SessionVerify(w http.ResponseWriter, r *http.Request) + SessionCreate(w http.ResponseWriter, r *http.Request) +} + +func getDefaultAuthProviderFromConfig(logger *zap.Logger, controllerConfig SessionControllerConfig) (authProviders AuthProviderLookup, defaultAuthProvider AuthProviderConfig) { + var ( + hasSetDefaultAuthProvider bool + ) + + authProviders = AuthProviderLookup{} + for authProviderName, authProviderConfig := range controllerConfig.AuthProviders { + parsedUrl, err := url.Parse(authProviderConfig.Url) + if err != nil { + err = errors.New("unable to parse auth provider url") + logger.Error( + err.Error(), + zap.String("auth provider url", authProviderConfig.Url), + ) + panic(err) + } + + // if there is no auth provider set, we default to the backend application auth provider type + if authProviderConfig.Type == "" { + authProviderConfig.Type = BackendApplicationAuthProvider + + // adjust the auth provider url to include the default callback path if it is not set + if parsedUrl.Path == "" { + parsedUrl.Path = defaultCallbackPath + authProviderConfig.Url = parsedUrl.String() + } + } + + logger.Debug( + "loading auth provider", + zap.String("authProvider", authProviderName), + zap.String("authProviderType", string(authProviderConfig.Type)), + zap.String("authProviderUrl", authProviderConfig.Url), + ) + + authProviders[authProviderName] = authProviderConfig + + // if there is only one auth provider, make this the default + if len(controllerConfig.AuthProviders) == 1 { + defaultAuthProvider = authProviderConfig + break + } + + // if the auth provider has declare itself as default, make it the default + if authProviderConfig.Default { + if hasSetDefaultAuthProvider { + err = errors.New("attempting to set multiple default auth providers, this is not allowed") + logger.Error( + err.Error(), + zap.String("current default auth provider", defaultAuthProvider.Url), + zap.String("other auth provider", authProviderConfig.Url), + ) + panic(err) + } + defaultAuthProvider = authProviderConfig + hasSetDefaultAuthProvider = true + } + } + return +} + +func NewSessionController( + logger *zap.Logger, + provider config.Provider, + kv gateway.AwsDynamoGateway, + authProviderJwtVerifier service.JwtVerifier, +) (controller SessionController) { + var ( + controllerConfig SessionControllerConfig + ) + err := provider.Get("session_controller").Populate(&controllerConfig) + if err != nil { + logger.Error( + err.Error(), + ) + panic(err) + } + + authProviders, defaultAuthProvider := getDefaultAuthProviderFromConfig(logger, controllerConfig) + + controller = &sessionController{ + SessionControllerConfig: controllerConfig, + logger: logger, + kv: kv, + authProviderJwtVerifier: authProviderJwtVerifier, + authProviders: authProviders, + defaultAuthProvider: defaultAuthProvider, + } + return +} + +func (s *sessionController) SessionVerify(w http.ResponseWriter, r *http.Request) { + dataAccessToken, err := request.GetJwtToken(r) + if err != nil { + s.logger.Info("cookie not set when verifying session", zap.String("reportedError", err.Error())) + err = errors.New("LunaSec is not logged in") + // NOTE we return status ok here because we don't always expect the access_token to be set + util.RespondError(w, http.StatusOK, err) + return + } + + err = s.authProviderJwtVerifier.Verify(dataAccessToken) + if err != nil { + s.logger.Info("unable to verify session", zap.String("reportedError", err.Error())) + err = errors.New("LunaSec session cookie signing check failed") + // NOTE we return status ok here because we don't always expect the session to be valid + util.RespondError(w, http.StatusOK, err) + return + } + util.RespondSuccess(w) +} + +func (s *sessionController) getAuthProviderWithName(authProviderName string) (authProviderConfig AuthProviderConfig, err error) { + var ( + ok bool + ) + + if authProviderName == "" { + authProviderConfig = s.defaultAuthProvider + return + } + + authProviderConfig, ok = s.authProviders[authProviderName] + if !ok { + err = errors.New("unable to find auth provider with provided name") + } + return +} + +func (s *sessionController) SessionEnsure(w http.ResponseWriter, r *http.Request) { + // TODO if state token is already present in cookie, do we remove it? + query := r.URL.Query() + + authProviderName := query.Get(constants.AuthProviderNameQueryParam) + + authProvider, err := s.getAuthProviderWithName(authProviderName) + if err != nil { + s.logger.Error( + err.Error(), + zap.String("authProviderName", authProviderName), + ) + util.RespondError(w, http.StatusBadRequest, err) + return + } + + stateToken := uuid.NewString() + s.logger.Debug("creating an auth session", zap.String("stateToken", stateToken)) + err = s.kv.Set(gateway.SessionStore, stateToken, string(constants.SessionUnused)) + if err != nil { + s.logger.Error( + "unable to set session store state token status", + zap.Error(err), + zap.String("stateToken", stateToken), + ) + util.RespondError(w, http.StatusBadRequest, err) + return + } + + v := url.Values{} + v.Set(constants.AuthStateQueryParam, stateToken) + + redirectUrl, err := url.Parse(authProvider.Url) + if err != nil { + util.RespondError(w, http.StatusBadRequest, err) + return + } + + redirectUrl.RawQuery = v.Encode() + + s.logger.Debug("redirecting session ensure request", zap.String("redirectUrl", redirectUrl.String())) + + // TODO (cthompson) revisit this cookie ttl + util.AddCookie(w, constants.AuthStateCookie, stateToken, "/", time.Minute*15) + http.Redirect(w, r, redirectUrl.String(), http.StatusFound) +} + +func getSessionCreateRequest(r *http.Request) (req event.SessionCreateRequest, err error) { + query := r.URL.Query() + + req.StateToken = query.Get(constants.AuthStateQueryParam) + req.AuthToken = query.Get(constants.AuthProviderTokenQueryParam) + + if req.StateToken == "" { + err = errors.New("missing state in request") + } + + if req.AuthToken == "" { + err = errors.New("missing openid_token in request") + } + + if err != nil { + return + } + + req.StateCookie, err = request.GetStateCookie(r) + if err != nil { + err = errors.Wrap(err, "unable to get state cookie in request") + return + } + return +} + +// It's worth noting that none of the JSON responses here get returned to the client because of the CORS options +// including all of these nice errors. Aside from logging in dev, all this gets lost +func (s *sessionController) SessionCreate(w http.ResponseWriter, r *http.Request) { + req, err := getSessionCreateRequest(r) + if err != nil { + s.logger.Error( + "unable to get session create request arguments", + zap.Error(err), + ) + util.RespondError(w, http.StatusBadRequest, err) + return + } + + if req.StateToken != req.StateCookie.Value { + err = errors.New("state token query parameter and state token cookie do not match") + util.RespondError(w, http.StatusBadRequest, err) + return + } + + sessionState, err := s.kv.Get(gateway.SessionStore, req.StateToken) + if err != nil { + util.RespondError(w, http.StatusBadRequest, err) + return + } + + if constants.SessionState(sessionState) == constants.SessionUsed { + err = errors.New("attempted to complete oauth flow with an already used state") + util.RespondError(w, http.StatusBadRequest, err) + return + } + + claims, err := s.authProviderJwtVerifier.VerifyWithSessionClaims(req.AuthToken) + if err != nil { + util.RespondError(w, http.StatusBadRequest, err) + return + } + + encodedSessionHash := util.CreateSessionHash(claims.SessionID) + + w.Header().Set("SESSION_HASH", encodedSessionHash) + + // TODO (cthompson) revist this cookie ttl + util.AddCookie(w, constants.DataAccessTokenCookie, req.AuthToken, "/", time.Minute*15) + // removes state cookie + util.AddCookie(w, constants.AuthStateCookie, "", "/", 0) + util.RespondSuccess(w) +} diff --git a/lunadefend/go/controller/tokenizer.go b/lunadefend/go/controller/tokenizer.go new file mode 100644 index 000000000..a2421da89 --- /dev/null +++ b/lunadefend/go/controller/tokenizer.go @@ -0,0 +1,182 @@ +// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +package controller + +import ( + "encoding/json" + "github.com/lunasec-io/lunasec/lunadefend/go/constants" + "github.com/lunasec-io/lunasec/lunadefend/go/util/auth" + "io/ioutil" + "log" + "net/http" + + "go.uber.org/config" + + "github.com/lunasec-io/lunasec/lunadefend/go/service" + "github.com/lunasec-io/lunasec/lunadefend/go/types" + "github.com/lunasec-io/lunasec/lunadefend/go/types/event" + "github.com/lunasec-io/lunasec/lunadefend/go/util" + "github.com/pkg/errors" +) + +type tokenizerController struct { + tokenizerControllerConfig + tokenizer service.TokenizerService + jwtVerifier service.JwtVerifier + meta service.MetadataService + grant service.GrantService +} + +type tokenizerControllerConfig struct { +} + +type TokenizerController interface { + TokenizerGet(w http.ResponseWriter, req *http.Request) + TokenizerSet(w http.ResponseWriter, req *http.Request) +} + +func NewTokenizerController( + provider config.Provider, + tokenizer service.TokenizerService, + jwtVerifier service.JwtVerifier, + meta service.MetadataService, + grant service.GrantService, +) (controller TokenizerController) { + var ( + controllerConfig tokenizerControllerConfig + ) + + err := provider.Get("tokenizer_controller").Populate(&controllerConfig) + if err != nil { + panic(err) + } + + controller = &tokenizerController{ + tokenizerControllerConfig: controllerConfig, + tokenizer: tokenizer, + jwtVerifier: jwtVerifier, + meta: meta, + grant: grant, + } + return +} + +func (s *tokenizerController) requestHasValidGrantForToken(r *http.Request, tokenID types.Token) (valid bool, err error) { + claims, err := auth.GetRequestClaims(s.jwtVerifier, r) + if err != nil { + err = errors.Wrap(err, "unable to verify token jwt with claims") + return + } + + return s.grant.ValidTokenGrantExistsForSession(tokenID, claims.SessionID, constants.TokenFullAccess) +} + +func (s *tokenizerController) TokenizerGet(w http.ResponseWriter, r *http.Request) { + log.Printf("Received TokenizerGet request") + + input := event.TokenizerGetRequest{} + b, err := ioutil.ReadAll(r.Body) + + if err != nil { + util.RespondError(w, http.StatusBadRequest, err) + return + } + + if err := json.Unmarshal(b, &input); err != nil { + util.RespondError(w, http.StatusBadRequest, err) + return + } + + valid, err := s.requestHasValidGrantForToken(r, types.Token(input.TokenID)) + if err != nil { + log.Println(err) + util.RespondError(w, http.StatusBadRequest, err) + return + } + + if !valid { + err = errors.New("session does not have valid token grant available to detokenize") + util.RespondError(w, http.StatusBadRequest, err) + return + } + + url, headers, err := s.tokenizer.TokenizerGet(types.Token(input.TokenID)) + if err != nil { + statusCode := 500 + // TODO: Make this error message a constant + if err.Error() == "unable to locate data for token" { + statusCode = 404 + } + util.RespondError(w, statusCode, err) + return + } + + resp := event.TokenizerGetResponse{ + DownloadURL: url, + Headers: headers, + } + + util.Respond(w, resp) +} + +func (s *tokenizerController) TokenizerSet(w http.ResponseWriter, r *http.Request) { + log.Printf("Received TokenizerSet request") + + input := event.TokenizerSetRequest{} + b, err := ioutil.ReadAll(r.Body) + + if err != nil { + util.RespondError(w, http.StatusBadRequest, err) + return + } + + if err := json.Unmarshal(b, &input); err != nil { + util.RespondError(w, http.StatusBadRequest, err) + return + } + + claims, err := auth.GetRequestClaims(s.jwtVerifier, r) + if err != nil { + err = errors.Wrap(err, "unable to verify token jwt with claims") + util.RespondError(w, http.StatusBadRequest, err) + return + } + + tokenID, url, headers, err := s.tokenizer.TokenizerSet() + if err != nil { + util.RespondError(w, http.StatusInternalServerError, err) + return + } + + if len(input.Metadata) > 0 { + if err := s.meta.SetMetadata(tokenID, claims, input.Metadata); err != nil { + util.RespondError(w, http.StatusInternalServerError, err) + return + } + } + //We automatically create grants for new tokens so that they can be set in the DB, and detokenized elsewhere in the same browser session + if err := s.grant.SetTokenGrantForSession(tokenID, claims.SessionID, constants.TokenFullAccess, ""); err != nil { + util.RespondError(w, http.StatusInternalServerError, err) + return + } + + resp := event.TokenizerSetResponse{ + TokenID: string(tokenID), + UploadURL: url, + Headers: headers, + } + + util.Respond(w, resp) +} diff --git a/go/docker/analyticscollector.dockerfile b/lunadefend/go/docker/analyticscollector.dockerfile similarity index 100% rename from go/docker/analyticscollector.dockerfile rename to lunadefend/go/docker/analyticscollector.dockerfile diff --git a/go/docker/containermodifier.dockerfile b/lunadefend/go/docker/containermodifier.dockerfile similarity index 100% rename from go/docker/containermodifier.dockerfile rename to lunadefend/go/docker/containermodifier.dockerfile diff --git a/go/docker/runtime.dockerfile b/lunadefend/go/docker/runtime.dockerfile similarity index 100% rename from go/docker/runtime.dockerfile rename to lunadefend/go/docker/runtime.dockerfile diff --git a/go/docker/tokenizerbackend.dockerfile b/lunadefend/go/docker/tokenizerbackend.dockerfile similarity index 69% rename from go/docker/tokenizerbackend.dockerfile rename to lunadefend/go/docker/tokenizerbackend.dockerfile index 69cda33e4..92ab33be5 100644 --- a/go/docker/tokenizerbackend.dockerfile +++ b/lunadefend/go/docker/tokenizerbackend.dockerfile @@ -16,7 +16,7 @@ ARG version RUN --mount=target=repo \ --mount=type=cache,target=/go/pkg/mod \ --mount=type=cache,target=/root/.cache/go-build \ - cd repo/go && OUTPUT_DIR=/out make tokenizerbackend tag=$tag version=$version + cd repo/lunadefend/go && OUTPUT_DIR=/out make tokenizerbackend tag=$tag version=$version FROM alpine @@ -25,22 +25,22 @@ RUN apk add curl ARG tag -COPY go/config/tokenizerbackend/config.yaml /config/tokenizerbackend/config.yaml -COPY go/views/tokenizerbackend/ /views/tokenizerbackend/ +COPY lunadefend/go/config/tokenizerbackend/config.yaml /config/tokenizerbackend/config.yaml +COPY lunadefend/go/views/tokenizerbackend/ /views/tokenizerbackend/ # base config only for demo app, otherwise remove it -COPY go/config/tokenizerbackend/dev.yaml /config/tokenizerbackend/dev.yaml +COPY lunadefend/go/config/tokenizerbackend/dev.yaml /config/tokenizerbackend/dev.yaml RUN if [ "$tag" != "dev" ] ; then rm /config/tokenizerbackend/dev.yaml ; fi COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ COPY --from=builder /out/tokenizerbackend_$tag /tokenizerbackend COPY --from=builder /tmp /tmp -COPY go/fixtures/tokenizerbackend/cert.pem /usr/local/share/ca-certificates/proxy.crt +COPY lunadefend/go/fixtures/tokenizerbackend/cert.pem /usr/local/share/ca-certificates/proxy.crt RUN cat /usr/local/share/ca-certificates/proxy.crt >> /etc/ssl/certs/ca-certificates.crt # Sets up the script to wait for the resource config to be available. -COPY go/scripts/wait-for-file.sh /tmp/wait-for-file.sh +COPY lunadefend/go/scripts/wait-for-file.sh /tmp/wait-for-file.sh RUN chmod +x /tmp/wait-for-file.sh WORKDIR / diff --git a/go/fixtures/containermodifier/container_lambda_function.js b/lunadefend/go/fixtures/containermodifier/container_lambda_function.js similarity index 81% rename from go/fixtures/containermodifier/container_lambda_function.js rename to lunadefend/go/fixtures/containermodifier/container_lambda_function.js index f75da1ad5..6f7fc67db 100644 --- a/go/fixtures/containermodifier/container_lambda_function.js +++ b/lunadefend/go/fixtures/containermodifier/container_lambda_function.js @@ -1,3 +1,19 @@ +/* + * Copyright 2022 by LunaSec (owned by Refinery Labs, Inc) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ backpack = {}; __input_data = ""; diff --git a/go/fixtures/containermodifier/container_lambda_function.py b/lunadefend/go/fixtures/containermodifier/container_lambda_function.py similarity index 100% rename from go/fixtures/containermodifier/container_lambda_function.py rename to lunadefend/go/fixtures/containermodifier/container_lambda_function.py diff --git a/go/fixtures/tokenizerbackend/cert.pem b/lunadefend/go/fixtures/tokenizerbackend/cert.pem similarity index 100% rename from go/fixtures/tokenizerbackend/cert.pem rename to lunadefend/go/fixtures/tokenizerbackend/cert.pem diff --git a/go/fixtures/tokenizerbackend/secure_frame_keyset.pub b/lunadefend/go/fixtures/tokenizerbackend/secure_frame_keyset.pub similarity index 100% rename from go/fixtures/tokenizerbackend/secure_frame_keyset.pub rename to lunadefend/go/fixtures/tokenizerbackend/secure_frame_keyset.pub diff --git a/go/fixtures/tokenizerbackend/secureframe_keys b/lunadefend/go/fixtures/tokenizerbackend/secureframe_keys similarity index 100% rename from go/fixtures/tokenizerbackend/secureframe_keys rename to lunadefend/go/fixtures/tokenizerbackend/secureframe_keys diff --git a/go/fixtures/tokenizerbackend/test_prad_secure_jwt b/lunadefend/go/fixtures/tokenizerbackend/test_prad_secure_jwt similarity index 100% rename from go/fixtures/tokenizerbackend/test_prad_secure_jwt rename to lunadefend/go/fixtures/tokenizerbackend/test_prad_secure_jwt diff --git a/go/fixtures/tokenizerbackend/test_secure_jwt b/lunadefend/go/fixtures/tokenizerbackend/test_secure_jwt similarity index 100% rename from go/fixtures/tokenizerbackend/test_secure_jwt rename to lunadefend/go/fixtures/tokenizerbackend/test_secure_jwt diff --git a/go/gateway/configs/awsgatewayconfigs.go b/lunadefend/go/gateway/configs/awsgatewayconfigs.go similarity index 100% rename from go/gateway/configs/awsgatewayconfigs.go rename to lunadefend/go/gateway/configs/awsgatewayconfigs.go diff --git a/lunadefend/go/gateway/dynamo.go b/lunadefend/go/gateway/dynamo.go new file mode 100644 index 000000000..37873676c --- /dev/null +++ b/lunadefend/go/gateway/dynamo.go @@ -0,0 +1,177 @@ +// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +package gateway + +import ( + "fmt" + "log" + "time" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/session" + "github.com/aws/aws-sdk-go/service/dynamodb" + "github.com/aws/aws-sdk-go/service/dynamodb/dynamodbattribute" + "github.com/lunasec-io/lunasec/lunadefend/go/types" + "go.uber.org/config" + "go.uber.org/zap" +) + +var primaryKey = "Key" + +const ( + MetaStore = types.KVStore("metadata") + KeyStore = types.KVStore("keys") + SessionStore = types.KVStore("sessions") + GrantStore = types.KVStore("grants") +) + +func validateTableConfig(tableConfig map[types.KVStore]string) { + tableNames := []types.KVStore{ + MetaStore, + KeyStore, + SessionStore, + GrantStore, + } + + var errs []error + for _, tableName := range tableNames { + if _, ok := tableConfig[tableName]; !ok { + err := fmt.Errorf("unable to find ARN for table: %s", tableName) + errs = append(errs, err) + } + } + + if len(errs) != 0 { + errMsg := "" + for _, err := range errs { + errMsg = errMsg + ", " + err.Error() + } + panic(errMsg) + } +} + +type dynamoGateway struct { + DynamoKvGatewayConfig + logger *zap.Logger + db *dynamodb.DynamoDB +} + +type DynamoKvGatewayConfig struct { + TableNames map[types.KVStore]string `yaml:"table_names"` +} + +// AwsDynamoGateway ... +type AwsDynamoGateway interface { + Get(store types.KVStore, key string) (string, error) + Set(store types.KVStore, key string, value string) error +} + +// NewDynamoGateway... +func NewDynamoGateway(logger *zap.Logger, provider config.Provider, sess *session.Session) AwsDynamoGateway { + var ( + gatewayConfig DynamoKvGatewayConfig + ) + + err := provider.Get("aws_gateway").Populate(&gatewayConfig) + if err != nil { + log.Println(err) + panic(err) + } + + validateTableConfig(gatewayConfig.TableNames) + + logger.Debug("creating new dynamodb session") + db := dynamodb.New(sess) + + return &dynamoGateway{ + DynamoKvGatewayConfig: gatewayConfig, + logger: logger, + db: db, + } +} + +func (s *dynamoGateway) getTableName(store types.KVStore) (tableName string, err error) { + var ( + ok bool + ) + tableName, ok = s.TableNames[store] + if !ok { + err = fmt.Errorf("unable to find table name for store: %s", store) + return + } + if tableName == "" { + err = fmt.Errorf("table name found, but was assigned to empty string for store: %s", store) + return + } + return +} + +func (s *dynamoGateway) Get(store types.KVStore, key string) (string, error) { + tableName, err := s.getTableName(store) + if err != nil { + return "", err + } + + dbResult, err := s.db.GetItem(&dynamodb.GetItemInput{ + TableName: aws.String(tableName), + Key: map[string]*dynamodb.AttributeValue{ + primaryKey: { + S: aws.String(key), + }, + }, + }) + + if err != nil || dbResult.Item == nil { + return "", err + } + + metadata := types.Metadata{} + + if err = dynamodbattribute.UnmarshalMap(dbResult.Item, &metadata); err != nil { + return "", err + } + + return metadata.Value, nil +} + +func (s *dynamoGateway) Set(store types.KVStore, key string, value string) error { + tableName, err := s.getTableName(store) + if err != nil { + return err + } + + metadata := types.Metadata{ + Key: key, + Value: value, + Timestamp: time.Now().Unix(), + } + + av, err := dynamodbattribute.MarshalMap(metadata) + + if err != nil { + return err + } + + input := &dynamodb.PutItemInput{ + Item: av, + TableName: aws.String(tableName), + } + + if _, err := s.db.PutItem(input); err != nil { + return err + } + + return nil +} diff --git a/lunadefend/go/gateway/ecr.go b/lunadefend/go/gateway/ecr.go new file mode 100644 index 000000000..260499650 --- /dev/null +++ b/lunadefend/go/gateway/ecr.go @@ -0,0 +1,147 @@ +// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// go:generate mockgen + +package gateway + +import ( + "encoding/base64" + "errors" + "fmt" + "log" + "strings" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/session" + "github.com/aws/aws-sdk-go/service/ecr" + "github.com/aws/aws-sdk-go/service/ecrpublic" + "github.com/google/go-containerregistry/pkg/authn" + "github.com/lunasec-io/lunasec/lunadefend/go/util" +) + +type awsECRGateway struct { + session *session.Session +} + +type AwsECRGateway interface { + GetCredentials() (authConfig authn.AuthConfig, err error) + GetPublicCredentials() (authConfig authn.AuthConfig, err error) + CreateRepository(repoName string) error + GetLatestImageTag(repoName string) (tag string, err error) +} + +func NewAwsECRGateway() AwsECRGateway { + sess, err := session.NewSessionWithOptions(session.Options{ + SharedConfigState: session.SharedConfigEnable, + }) + + if err != nil { + util.Panicf("Failed to instantiate ecr session %s", err) + } + return &awsECRGateway{ + session: sess, + } +} + +func (s *awsECRGateway) CreateRepository(repoName string) error { + ecrClient := ecr.New(s.session) + req := &ecr.CreateRepositoryInput{ + RepositoryName: aws.String(repoName), + } + _, err := ecrClient.CreateRepository(req) + if err != nil { + return err + } + return nil +} + +func (s *awsECRGateway) GetPublicCredentials() (authConfig authn.AuthConfig, err error) { + log.Println("Getting authorization token from ecr public...") + ecrClient := ecrpublic.New(s.session, aws.NewConfig().WithRegion("us-east-1")) + input := &ecrpublic.GetAuthorizationTokenInput{} + ecrAuthToken, err := ecrClient.GetAuthorizationToken(input) + if err != nil { + log.Println(err) + return + } + + authData := ecrAuthToken.AuthorizationData + authToken := *authData.AuthorizationToken + return s.getAuthConfig(authToken) +} + +func (s *awsECRGateway) GetCredentials() (authConfig authn.AuthConfig, err error) { + log.Println("Getting authorization token from ecr...") + ecrClient := ecr.New(s.session) + ecrAuthToken, err := ecrClient.GetAuthorizationToken(nil) + if err != nil { + log.Println(err) + return + } + + authData := ecrAuthToken.AuthorizationData + if len(authData) == 0 { + err = errors.New("no auth data for ecr") + log.Println(err) + return + } + + authToken := *authData[0].AuthorizationToken + return s.getAuthConfig(authToken) +} + +func (s *awsECRGateway) getAuthConfig(authToken string) (authConfig authn.AuthConfig, err error) { + auth, err := base64.StdEncoding.DecodeString(authToken) + if err != nil { + log.Println(err) + return + } + + authParts := strings.Split(string(auth), ":") + + authConfig = authn.AuthConfig{ + Username: authParts[0], + Password: authParts[1], + } + return +} + +func (s *awsECRGateway) GetLatestImageTag(repoName string) (tag string, err error) { + ecrClient := ecr.New(s.session) + + listImagesInput := &ecr.ListImagesInput{ + Filter: &ecr.ListImagesFilter{ + TagStatus: aws.String(ecr.TagStatusTagged), + }, + RepositoryName: aws.String(repoName), + } + listImagesOutput, err := ecrClient.ListImages(listImagesInput) + if err != nil { + log.Println(err) + return + } + + if len(listImagesOutput.ImageIds) == 0 { + err = fmt.Errorf("unable to find images for the provided repository: %s", repoName) + return + } + + for _, imageId := range listImagesOutput.ImageIds { + if *imageId.ImageTag == "latest" { + tag = *imageId.ImageDigest + } + } + return +} diff --git a/go/gateway/ecrutils.go b/lunadefend/go/gateway/ecrutils.go similarity index 100% rename from go/gateway/ecrutils.go rename to lunadefend/go/gateway/ecrutils.go diff --git a/lunadefend/go/gateway/metrics/cloudwatch.go b/lunadefend/go/gateway/metrics/cloudwatch.go new file mode 100644 index 000000000..e678ac96d --- /dev/null +++ b/lunadefend/go/gateway/metrics/cloudwatch.go @@ -0,0 +1,194 @@ +// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +package metrics + +import ( + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/client" + "github.com/aws/aws-sdk-go/service/cloudwatch" + "github.com/lunasec-io/lunasec/lunadefend/go/constants" + "github.com/lunasec-io/lunasec/lunadefend/go/constants/metrics" + "github.com/lunasec-io/lunasec/lunadefend/go/gateway/configs" + "github.com/lunasec-io/lunasec/lunadefend/go/types" + "go.uber.org/config" + "go.uber.org/zap" + "log" + "sync" + "time" +) + +type cloudwatchGateway struct { + logger *zap.Logger + cw *cloudwatch.CloudWatch + namespace string + stackID string + rwMutex sync.RWMutex + metricsCache map[string]int64 +} + +// AwsCloudwatchGateway ... +type AwsCloudwatchGateway interface { + Metric(name metrics.ApplicationMetric, value int) + PushMetrics() + GetMetricSumFromPastDay(name metrics.ApplicationMetric) (sum int64, err error) +} + +// NewAwsCloudwatchGateway... +func NewAwsCloudwatchGateway(logger *zap.Logger, provider config.Provider, sess client.ConfigProvider) AwsCloudwatchGateway { + var ( + appConfig types.AppConfig + gatewayConfig configs.AwsGatewayConfig + ) + + err := provider.Get("aws_gateway").Populate(&gatewayConfig) + if err != nil { + log.Println(err) + panic(err) + } + + err = provider.Get("app").Populate(&appConfig) + if err != nil { + log.Println(err) + panic(err) + } + + cw := cloudwatch.New(sess) + + return &cloudwatchGateway{ + logger: logger, + cw: cw, + namespace: gatewayConfig.CloudwatchNamespace, + stackID: appConfig.StackID, + metricsCache: map[string]int64{}, + } +} + +func (c *cloudwatchGateway) Metric(name metrics.ApplicationMetric, value int) { + c.rwMutex.Lock() + defer c.rwMutex.Unlock() + + c.metricsCache[string(name)] += int64(value) + + return +} + +func (c *cloudwatchGateway) cloneMetricsCache() map[string]int64 { + c.rwMutex.Lock() + defer c.rwMutex.Unlock() + + metricsCache := map[string]int64{} + for k, v := range c.metricsCache { + metricsCache[k] = v + } + + // clear metrics cache for next set of metrics + c.metricsCache = map[string]int64{} + + return metricsCache +} + +func (c *cloudwatchGateway) pushMetricsData(metricsData []*cloudwatch.MetricDatum) { + input := &cloudwatch.PutMetricDataInput{ + Namespace: aws.String(c.namespace), + MetricData: metricsData, + } + + c.logger.Debug("pushing metrics data to cloudwatch: ", zap.Any("input", input)) + + _, err := c.cw.PutMetricData(input) + + if err != nil { + c.logger.Error( + "failed to push metrics", + zap.Error(err), + ) + } +} + +func (c *cloudwatchGateway) PushMetrics() { + var ( + metricsData []*cloudwatch.MetricDatum + ) + + if len(c.metricsCache) == 0 { + return + } + + c.logger.Debug( + "pushing metric data", + zap.Any("metrics", c.metricsCache), + ) + + // clone map to avoid blocking + metricsCache := c.cloneMetricsCache() + + for name, value := range metricsCache { + metric := &cloudwatch.MetricDatum{ + MetricName: aws.String(name), + Dimensions: []*cloudwatch.Dimension{ + { + Name: aws.String("stackID"), + Value: aws.String(c.stackID), + }, + { + Name: aws.String("version"), + Value: aws.String(constants.Version), + }, + }, + Value: aws.Float64(float64(value)), + } + metricsData = append(metricsData, metric) + + if len(metricsData) == 20 { + c.pushMetricsData(metricsData) + metricsData = []*cloudwatch.MetricDatum{} + } + } + + // push any remaining metrics + c.pushMetricsData(metricsData) +} + +func (c *cloudwatchGateway) GetMetricSumFromPastDay(name metrics.ApplicationMetric) (sum int64, err error) { + pastDay := -1 * time.Hour * 24 + startTime := time.Now().Add(pastDay) + endTime := time.Now() + + // get metrics in 12 hour periods + period := int64(60 * 60 * 12) + + stats := []string{ + "Sum", + } + + input := cloudwatch.GetMetricStatisticsInput{ + Namespace: aws.String(c.namespace), + MetricName: aws.String(string(name)), + StartTime: &startTime, + EndTime: &endTime, + Period: aws.Int64(period), + Statistics: aws.StringSlice(stats), + } + + output, err := c.cw.GetMetricStatistics(&input) + if err != nil { + return + } + + for _, dataPoint := range output.Datapoints { + sum += int64(*dataPoint.Sum) + } + return +} diff --git a/go/gateway/metrics/nop.go b/lunadefend/go/gateway/metrics/nop.go similarity index 86% rename from go/gateway/metrics/nop.go rename to lunadefend/go/gateway/metrics/nop.go index e3a8a712c..6707d17cd 100644 --- a/go/gateway/metrics/nop.go +++ b/lunadefend/go/gateway/metrics/nop.go @@ -14,23 +14,23 @@ // package metrics -import "github.com/lunasec-io/lunasec/go/constants/metrics" +import "github.com/lunasec-io/lunasec/lunadefend/go/constants/metrics" type nopMetricsGateway struct { } type NopMetricsGateway interface { - Metric(name metrics.ApplicationMetric, value int) + Metric(name metrics.ApplicationMetric, value int) } // NewNopMetricsGateway // This class disables metrics by performing an empty return whenever metrics are emitted. func NewNopMetricsGateway() NopMetricsGateway { - return &nopMetricsGateway{} + return &nopMetricsGateway{} } // PutMetric // This intentionally does nothing in order to allow "disabling" metrics. func (c *nopMetricsGateway) Metric(name metrics.ApplicationMetric, value int) { - return + return } diff --git a/lunadefend/go/gateway/metrics/provide.go b/lunadefend/go/gateway/metrics/provide.go new file mode 100644 index 000000000..87c1a1e1d --- /dev/null +++ b/lunadefend/go/gateway/metrics/provide.go @@ -0,0 +1,63 @@ +// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +package metrics + +import ( + "github.com/aws/aws-sdk-go/aws/client" + "github.com/lunasec-io/lunasec/lunadefend/go/constants" + "github.com/lunasec-io/lunasec/lunadefend/go/constants/metrics" + "go.uber.org/config" + "go.uber.org/zap" + "log" +) + +type MetricProviderConfig struct { + Disabled bool `yaml:"disabled"` + Provider constants.MetricsProvider `yaml:"provider"` + DisableUsageStatisticsMetrics bool `yaml:"disable_usage_statistics"` +} + +// LunaSecMetricsGateway ... +type LunaSecMetricsGateway interface { + Metric(name metrics.ApplicationMetric, value int) +} + +func NewMetricsConfig( + provider config.Provider, +) (metricsConfig MetricProviderConfig, err error) { + err = provider.Get("metrics").Populate(&metricsConfig) + return +} + +func SetupMetricsGateway(logger *zap.Logger, provider config.Provider, sess client.ConfigProvider) LunaSecMetricsGateway { + metricsConfig, err := NewMetricsConfig(provider) + + if err != nil { + log.Println("Metrics config missing but is required") + log.Println(err) + panic(err) + } + + if metricsConfig.Disabled == true || metricsConfig.Provider == constants.MetricsProviderNone { + return NewNopMetricsGateway() + } + + if metricsConfig.Provider == constants.MetricsProviderAwsCloudwatch { + return NewAwsCloudwatchGateway(logger, provider, sess) + } + + log.Printf("Unsupported metrics provider specified: %s", metricsConfig.Provider) + panic("Unsupported metrics provider specified") +} diff --git a/go/gateway/metrics/provide_test.go b/lunadefend/go/gateway/metrics/provide_test.go similarity index 98% rename from go/gateway/metrics/provide_test.go rename to lunadefend/go/gateway/metrics/provide_test.go index 2ef37eae7..5ae2dae59 100644 --- a/go/gateway/metrics/provide_test.go +++ b/lunadefend/go/gateway/metrics/provide_test.go @@ -17,7 +17,7 @@ package metrics import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/client" - "github.com/lunasec-io/lunasec/go/constants" + "github.com/lunasec-io/lunasec/lunadefend/go/constants" "go.uber.org/config" "go.uber.org/zap" "gopkg.in/yaml.v3" diff --git a/lunadefend/go/gateway/provide.go b/lunadefend/go/gateway/provide.go new file mode 100644 index 000000000..37f173d70 --- /dev/null +++ b/lunadefend/go/gateway/provide.go @@ -0,0 +1,138 @@ +// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +package gateway + +import ( + "crypto/tls" + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/credentials" + "github.com/aws/aws-sdk-go/aws/session" + "github.com/lunasec-io/lunasec/lunadefend/go/gateway/configs" + "github.com/lunasec-io/lunasec/lunadefend/go/gateway/metrics" + "github.com/lunasec-io/lunasec/lunadefend/go/util" + "go.uber.org/config" + "go.uber.org/zap" + "net/http" +) + +type Gateways struct { + KV AwsDynamoGateway + SM AwsSecretsManagerGateway + S3 AwsS3Gateway + CW metrics.AwsCloudwatchGateway +} + +func NewGatewayConfig(logger *zap.Logger, provider config.Provider) (gatewayConfig configs.AwsGatewayConfig, err error) { + err = provider.Get("aws_gateway").Populate(&gatewayConfig) + if err != nil { + logger.Error("unable to load aws gateway config", zap.Error(err)) + return + } + return +} + +func newAwsSessionOptions(logger *zap.Logger, provider config.Provider) (options session.Options, err error) { + var ( + gatewayConfig configs.AwsGatewayConfig + creds *credentials.Credentials + endpointUrl *string + httpClient *http.Client + s3ForcePathStyle bool + ) + + gatewayConfig, err = NewGatewayConfig(logger, provider) + if err != nil { + logger.Error("unable to create gateway config", zap.Error(err)) + return + } + + if gatewayConfig.S3Region == "" { + gatewayConfig.S3Region = "us-west-2" + } + + sharedConfigEnable := session.SharedConfigEnable + if !util.IsRunningInLambda() && gatewayConfig.AccessKeyID != "" && gatewayConfig.SecretAccessKey != "" { + logger.Debug( + "using configured credentials for aws session", + zap.String("accessKeyID", gatewayConfig.AccessKeyID), + zap.String("secretAccessKey", gatewayConfig.SecretAccessKey), + ) + creds = credentials.NewStaticCredentials(gatewayConfig.AccessKeyID, gatewayConfig.SecretAccessKey, "") + sharedConfigEnable = session.SharedConfigDisable + } + + if gatewayConfig.LocalstackURL != "" || gatewayConfig.LocalHTTPSProxy != "" { + s3ForcePathStyle = true + if gatewayConfig.LocalHTTPSProxy != "" { + logger.Debug( + "using configured localstack url (https proxy) for aws session", + zap.String("localstackURL", gatewayConfig.LocalHTTPSProxy), + ) + endpointUrl = aws.String(gatewayConfig.LocalHTTPSProxy) + tr := &http.Transport{ + TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, + } + httpClient = &http.Client{Transport: tr} + } else { + logger.Debug( + "using configured localstack url for aws session", + zap.String("localstackURL", gatewayConfig.LocalstackURL), + ) + endpointUrl = aws.String(gatewayConfig.LocalstackURL) + } + } + + options = session.Options{ + SharedConfigState: sharedConfigEnable, + Config: aws.Config{ + Credentials: creds, + Region: aws.String(gatewayConfig.S3Region), + Endpoint: endpointUrl, + S3ForcePathStyle: aws.Bool(s3ForcePathStyle), + HTTPClient: httpClient, + }, + } + return +} + +func NewAwsSession(logger *zap.Logger, provider config.Provider) (sess *session.Session, err error) { + options, err := newAwsSessionOptions(logger, provider) + if err != nil { + return + } + + sess = session.Must(session.NewSessionWithOptions(options)) + return +} + +func GetAwsGateways(logger *zap.Logger, provider config.Provider) (gateways Gateways) { + sess, err := NewAwsSession(logger, provider) + if err != nil { + panic(err) + } + + logger.Debug("loading secrets manager AWS gateway...") + gateways.SM = NewAwsSecretsManagerGateway(logger, provider, sess) + + logger.Debug("loading dynamodb AWS gateway...") + gateways.KV = NewDynamoGateway(logger, provider, sess) + + logger.Debug("loading s3 AWS gateway...") + gateways.S3 = NewAwsS3Gateway(logger, provider, sess) + + logger.Debug("loading cloudwatch AWS gateway...") + gateways.CW = metrics.NewAwsCloudwatchGateway(logger, provider, sess) + return +} diff --git a/lunadefend/go/gateway/s3.go b/lunadefend/go/gateway/s3.go new file mode 100644 index 000000000..545a99d0a --- /dev/null +++ b/lunadefend/go/gateway/s3.go @@ -0,0 +1,198 @@ +// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +package gateway + +import ( + "crypto/md5" + "encoding/base64" + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/session" + "github.com/aws/aws-sdk-go/service/s3" + "github.com/lunasec-io/lunasec/lunadefend/go/constants" + "github.com/lunasec-io/lunasec/lunadefend/go/gateway/configs" + "go.uber.org/config" + "go.uber.org/zap" + "io/ioutil" + "log" + "strings" +) + +const s3EncryptionAlgo = "AES256" + +type awsS3Gateway struct { + configs.AwsGatewayConfig + logger *zap.Logger + s3 *session.Session + s3Host string +} + +type AwsS3GatewayConfig struct { + S3Region string `yaml:"region"` + CiphertextBucket string `yaml:"ciphertext_bucket"` + AccessKeyID string `yaml:"access_key_id"` + SecretAccessKey string `yaml:"secret_access_key"` + LocalHTTPSProxy string `yaml:"local_https_proxy"` + LocalstackURL string `yaml:"localstack_url"` +} + +type AwsS3GatewayConfigWrapper struct { + AwsGateway configs.AwsGatewayConfig `yaml:"aws_gateway"` +} + +// AwsS3Gateway ... +type AwsS3Gateway interface { + GetObject(key string) (content []byte, err error) + GeneratePresignedGetUrl(key string, encryptionKey []byte) (string, map[string]string, error) + GeneratePresignedPutUrl(key string, encryptionKey []byte) (string, map[string]string, error) +} + +func NewAwsS3GatewayConfig(region, bucket string) AwsS3GatewayConfigWrapper { + return AwsS3GatewayConfigWrapper{ + AwsGateway: configs.AwsGatewayConfig{ + S3Region: region, + CiphertextBucket: bucket, + }, + } +} + +// TODO (cthompson) this should just be a presigning service since local dev presigns urls with an endpoint URL +// that would not work if attempting to contact s3 directly from this service. Another S3 gateway for calls +// directly to s3 from this service should be created. + +// NewAwsS3Gateway... +func NewAwsS3Gateway(logger *zap.Logger, provider config.Provider, sess *session.Session) (s3Gateway AwsS3Gateway) { + var ( + gatewayConfig configs.AwsGatewayConfig + ) + + err := provider.Get("aws_gateway").Populate(&gatewayConfig) + if err != nil { + logger.Error("unable to populate s3 config", zap.Error(err)) + panic(err) + } + + s3Host := gatewayConfig.CiphertextBucket + ".s3." + gatewayConfig.S3Region + ".amazonaws.com" + + s3Gateway = &awsS3Gateway{ + logger: logger, + AwsGatewayConfig: gatewayConfig, + s3: sess, + s3Host: s3Host, + } + return +} + +func (s *awsS3Gateway) GetObject(key string) (content []byte, err error) { + s3Client := s3.New(s.s3) + input := s3.GetObjectInput{ + Bucket: aws.String(s.CiphertextBucket), + Key: aws.String(key), + } + resp, err := s3Client.GetObject(&input) + if err != nil { + log.Println(err) + return + } + defer resp.Body.Close() + + return ioutil.ReadAll(resp.Body) +} + +type createPresignedUrlParams struct { + svc *s3.S3 + bucket, key string + encryptionKey []byte + encodedKeyChecksum string +} + +type createPresignedUrlFunc func(params createPresignedUrlParams) (url string, err error) + +// adjustUrlFromLocalDev will re-write the URL so that they can be accessed without an https cert in a browser when testing locally. +func (s *awsS3Gateway) adjustUrlFromLocalDev(url string) string { + s.logger.Debug( + "adjusting url for local dev", + zap.String("https proxy", s.LocalHTTPSProxy), + zap.String("localstack url", s.LocalstackURL), + ) + + return strings.ReplaceAll(url, s.LocalHTTPSProxy, s.LocalstackURL) +} + +func (s *awsS3Gateway) GeneratePresignedPutUrl(key string, encryptionKey []byte) (string, map[string]string, error) { + return s.generatePresignedUrl(key, encryptionKey, createPutObjectPresignedUrl) +} + +func (s *awsS3Gateway) GeneratePresignedGetUrl(key string, encryptionKey []byte) (string, map[string]string, error) { + return s.generatePresignedUrl(key, encryptionKey, createGetObjectPresignedUrl) +} + +func (s *awsS3Gateway) generatePresignedUrl(key string, encryptionKey []byte, createPresignedUrl createPresignedUrlFunc) (string, map[string]string, error) { + svc := s3.New(s.s3) + b64EncryptionKey := base64.StdEncoding.EncodeToString(encryptionKey) + keyChecksum := md5.Sum(encryptionKey) + keyChecksumBase64 := base64.StdEncoding.EncodeToString(keyChecksum[:]) + + params := createPresignedUrlParams{ + svc, s.CiphertextBucket, key, encryptionKey, keyChecksumBase64, + } + + url, err := createPresignedUrl(params) + + if err != nil { + return "", nil, err + } + + headers := map[string]string{ + "host": s.s3Host, + "x-amz-server-side-encryption-customer-key": b64EncryptionKey, + "x-amz-server-side-encryption-customer-key-md5": keyChecksumBase64, + "x-amz-server-side-encryption-customer-algorithm": s3EncryptionAlgo, + } + + if s.LocalHTTPSProxy != "" { + oldUrl := url + url = s.adjustUrlFromLocalDev(url) + s.logger.Debug( + "adjusting presigned url from https to http", + zap.String("old url", oldUrl), + zap.String("new url", url), + ) + } + + return url, headers, err +} + +func createGetObjectPresignedUrl(params createPresignedUrlParams) (url string, err error) { + req, _ := params.svc.GetObjectRequest(&s3.GetObjectInput{ + Bucket: aws.String(params.bucket), + Key: aws.String(params.key), + SSECustomerAlgorithm: aws.String(s3EncryptionAlgo), + SSECustomerKey: aws.String(string(params.encryptionKey)), + SSECustomerKeyMD5: aws.String(params.encodedKeyChecksum), + }) + return req.Presign(constants.S3Timeout) +} + +func createPutObjectPresignedUrl(params createPresignedUrlParams) (url string, err error) { + req, _ := params.svc.PutObjectRequest(&s3.PutObjectInput{ + Bucket: aws.String(params.bucket), + Key: aws.String(params.key), + SSECustomerAlgorithm: aws.String(s3EncryptionAlgo), + SSECustomerKey: aws.String(string(params.encryptionKey)), + SSECustomerKeyMD5: aws.String(params.encodedKeyChecksum), + }) + + return req.Presign(constants.S3Timeout) +} diff --git a/go/gateway/secretsmanager.go b/lunadefend/go/gateway/secretsmanager.go similarity index 53% rename from go/gateway/secretsmanager.go rename to lunadefend/go/gateway/secretsmanager.go index c0ed2e376..adb776e4a 100644 --- a/go/gateway/secretsmanager.go +++ b/lunadefend/go/gateway/secretsmanager.go @@ -15,18 +15,18 @@ package gateway import ( - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/session" - "github.com/aws/aws-sdk-go/service/secretsmanager" - "github.com/lunasec-io/lunasec/go/gateway/configs" - "go.uber.org/config" - "go.uber.org/zap" + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/session" + "github.com/aws/aws-sdk-go/service/secretsmanager" + "github.com/lunasec-io/lunasec/lunadefend/go/gateway/configs" + "go.uber.org/config" + "go.uber.org/zap" ) type awsSecretsManagerGateway struct { - logger *zap.Logger - awsSecretsManagerGatewayConfig - session *session.Session + logger *zap.Logger + awsSecretsManagerGatewayConfig + session *session.Session } type awsSecretsManagerGatewayConfig struct { @@ -35,38 +35,38 @@ type awsSecretsManagerGatewayConfig struct { // AwsSecretsManagerGateway ... type AwsSecretsManagerGateway interface { - GetSecret(secretId string) ([]byte, error) + GetSecret(secretId string) ([]byte, error) } // NewAwsSecretsManagerGateway... func NewAwsSecretsManagerGateway(logger *zap.Logger, provider config.Provider, sess *session.Session) AwsSecretsManagerGateway { - var ( - gatewayConfig awsSecretsManagerGatewayConfig - ) + var ( + gatewayConfig awsSecretsManagerGatewayConfig + ) - err := provider.Get("aws_gateway").Populate(&gatewayConfig) - if err != nil { - panic(err) - } + err := provider.Get("aws_gateway").Populate(&gatewayConfig) + if err != nil { + panic(err) + } - return &awsSecretsManagerGateway{ - logger: logger, - awsSecretsManagerGatewayConfig: gatewayConfig, - session: sess, - } + return &awsSecretsManagerGateway{ + logger: logger, + awsSecretsManagerGatewayConfig: gatewayConfig, + session: sess, + } } // TODO merge both functions func (s *awsSecretsManagerGateway) GetSecret(secretId string) ([]byte, error) { - svc := secretsmanager.New(s.session) + svc := secretsmanager.New(s.session) - secretValueInput := &secretsmanager.GetSecretValueInput{ - SecretId: aws.String(secretId), - } + secretValueInput := &secretsmanager.GetSecretValueInput{ + SecretId: aws.String(secretId), + } - resp, err := svc.GetSecretValue(secretValueInput) - if err != nil { - return nil, err - } - return resp.SecretBinary, nil + resp, err := svc.GetSecretValue(secretValueInput) + if err != nil { + return nil, err + } + return resp.SecretBinary, nil } diff --git a/go/gateway/sts.go b/lunadefend/go/gateway/sts.go similarity index 100% rename from go/gateway/sts.go rename to lunadefend/go/gateway/sts.go diff --git a/go/package.json b/lunadefend/go/package.json similarity index 94% rename from go/package.json rename to lunadefend/go/package.json index 5f211c724..1ab078590 100644 --- a/go/package.json +++ b/lunadefend/go/package.json @@ -5,7 +5,7 @@ "description": "LunaSec Go Monorepo", "scripts": { "lint": "golangci-lint run", - "format": "gofmt -w .", + "format": "gofmt -w ", "compile:release": "make release version=\"$(yarn run --silent version)\"", "publish:release": "make publish version=\"$(yarn run --silent version)\"", "version": "node -p 'require(\"./package.json\").version'" diff --git a/lunadefend/go/pkg/analyticscollector/handler.go b/lunadefend/go/pkg/analyticscollector/handler.go new file mode 100644 index 000000000..7f08a537b --- /dev/null +++ b/lunadefend/go/pkg/analyticscollector/handler.go @@ -0,0 +1,113 @@ +// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +package analyticscollector + +import ( + "bytes" + "encoding/json" + "github.com/lunasec-io/lunasec/lunadefend/go/constants" + "github.com/lunasec-io/lunasec/lunadefend/go/types" + "go.uber.org/zap" + "log" + "net/http" +) + +func Handler() { + var ( + analyticsCollectorConfig types.AnalyticsCollectorConfig + appConfig types.AppConfig + ) + + logger, provider, cloudwatch := analyticsCollectorDependencies() + + if err := provider.Get("analyticscollector").Populate(&analyticsCollectorConfig); err != nil { + logger.Error("unable to load config", zap.Error(err)) + return + } + + err := provider.Get("app").Populate(&appConfig) + if err != nil { + log.Println(err) + panic(err) + } + + // collect all configured metrics from Cloudwatch + collectedMetrics := types.CollectedMetrics{} + for _, metric := range analyticsCollectorConfig.Metrics { + sum, err := cloudwatch.GetMetricSumFromPastDay(metric) + if err != nil { + logger.Error( + "unable to get sum for metric", + zap.String("metric", string(metric)), + zap.Error(err), + ) + continue + } + collectedMetrics[metric] = sum + } + + logger.Info( + "collected metrics", + zap.Any("metrics", collectedMetrics), + ) + + reportedMetrics := types.ReportedMetrics{ + Version: constants.Version, + StackID: appConfig.StackID, + CollectedMetrics: collectedMetrics, + } + + logger.Info( + "sending collected metrics to analytics server", + zap.String("analytics server", analyticsCollectorConfig.AnalyticsServer), + zap.Any("reported metrics", reportedMetrics), + ) + + body, err := json.Marshal(reportedMetrics) + if err != nil { + logger.Error( + "unable to marshal metrics", + zap.Error(err), + zap.Any("metrics", collectedMetrics), + ) + return + } + + req, err := http.NewRequest(http.MethodPost, analyticsCollectorConfig.AnalyticsServer, bytes.NewBuffer(body)) + if err != nil { + logger.Error( + "failure sending metrics to reporting url", + zap.Error(err), + zap.String("reporting url", analyticsCollectorConfig.AnalyticsServer), + zap.Any("metrics", collectedMetrics), + ) + return + } + + client := http.Client{} + + // we aren't checking the status since we can see any issues within the context of the + // analytics collector server + _, err = client.Do(req) + if err != nil { + logger.Error( + "failure sending metrics to reporting url", + zap.Error(err), + zap.String("reporting url", analyticsCollectorConfig.AnalyticsServer), + zap.Any("metrics", collectedMetrics), + ) + return + } +} diff --git a/go/pkg/analyticscollector/provide.go b/lunadefend/go/pkg/analyticscollector/provide.go similarity index 56% rename from go/pkg/analyticscollector/provide.go rename to lunadefend/go/pkg/analyticscollector/provide.go index 9ffffd315..0f4e9f426 100644 --- a/go/pkg/analyticscollector/provide.go +++ b/lunadefend/go/pkg/analyticscollector/provide.go @@ -15,29 +15,29 @@ package analyticscollector import ( - "github.com/lunasec-io/lunasec/go/gateway" - "github.com/lunasec-io/lunasec/go/gateway/metrics" - "github.com/lunasec-io/lunasec/go/util" - "go.uber.org/config" - "go.uber.org/zap" - "log" + "github.com/lunasec-io/lunasec/lunadefend/go/gateway" + "github.com/lunasec-io/lunasec/lunadefend/go/gateway/metrics" + "github.com/lunasec-io/lunasec/lunadefend/go/util" + "go.uber.org/config" + "go.uber.org/zap" + "log" ) func analyticsCollectorDependencies() (*zap.Logger, config.Provider, metrics.AwsCloudwatchGateway) { - logger, err := util.GetLogger() - if err != nil { - log.Println(err) - panic(err) - } + logger, err := util.GetLogger() + if err != nil { + log.Println(err) + panic(err) + } - provider := util.GetConfigProviderFromDir("config/analyticscollector") + provider := util.GetConfigProviderFromDir("config/analyticscollector") - sess, err := gateway.NewAwsSession(logger, provider) - if err != nil { - panic(err) - } + sess, err := gateway.NewAwsSession(logger, provider) + if err != nil { + panic(err) + } - cloudwatch := metrics.NewAwsCloudwatchGateway(logger, provider, sess) + cloudwatch := metrics.NewAwsCloudwatchGateway(logger, provider, sess) - return logger, provider, cloudwatch + return logger, provider, cloudwatch } diff --git a/lunadefend/go/pkg/containermodifier/functionconfig.go b/lunadefend/go/pkg/containermodifier/functionconfig.go new file mode 100644 index 000000000..5fc575b3e --- /dev/null +++ b/lunadefend/go/pkg/containermodifier/functionconfig.go @@ -0,0 +1,123 @@ +// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +package containermodifier + +import ( + "encoding/json" + "fmt" + "io/ioutil" + "log" + "path" + "path/filepath" + "strings" + + v1 "github.com/google/go-containerregistry/pkg/v1" + "github.com/google/go-containerregistry/pkg/v1/tarball" + "github.com/lunasec-io/lunasec/lunadefend/go/constants" + "github.com/lunasec-io/lunasec/lunadefend/go/types" + "github.com/lunasec-io/lunasec/lunadefend/go/util" +) + +func LoadFunctionConfig(functionsConfigFile string) (configFile types.FunctionConfigFile, err error) { + data, err := ioutil.ReadFile(functionsConfigFile) + if err != nil { + log.Println(err) + return + } + + err = json.Unmarshal(data, &configFile) + if err != nil { + log.Println(err) + return + } + return +} + +func buildFunctionLookup(runtimeConfig constants.RuntimeConfig, workDir, handlerPath string, configuredFunctions []types.FunctionConfig) ([]byte, error) { + functionLookup := types.FunctionLookup{} + for _, f := range configuredFunctions { + // override workdir if explicitly set by the function config + if f.WorkDir != "" { + workDir = f.WorkDir + } + // TODO (cthompson) hardcoded for testing, most of the logic for building the function config is in python + // we should move the logic into this code since it makes more sense to have it here for testing locally. + refineryFunction := types.RefineryFunction{ + Command: "node", + Handler: handlerPath, + ImportPath: f.ImportPath, + FunctionName: f.FunctionName, + WorkDir: workDir, + // TODO (cthompson) we need to get env variables into this function from the user + Env: map[string]string{ + string(runtimeConfig.ModuleEnvVar): workDir, + }, + } + // TODO (cthompson) make utility functions for getting and setting a function config since + // we might run into collisions + functionLookup[f.FunctionName] = refineryFunction + } + + return json.Marshal(functionLookup) +} + +func CreateFunctionConfigLayer(workDir, runtime string, functions []types.FunctionConfig) (layer v1.Layer, err error) { + runtimeConfig, ok := constants.RuntimeToRuntimeConfig[constants.Runtime(runtime)] + if !ok { + err = fmt.Errorf("unsupported runtime: %s", runtime) + return + } + + handlerName := string(runtimeConfig.Handler) + handlerPath := path.Join(constants.RuntimePath, handlerName) + + if len(functions) == 0 { + functions = append(functions, constants.SingleFunctionContainerConfig) + } + + functionData, err := buildFunctionLookup(runtimeConfig, workDir, handlerPath, functions) + if err != nil { + log.Println(err) + return + } + + handlerContent, err := util.LoadRuntimeHandler(handlerName) + if err != nil { + log.Println(err) + return + } + + files := []util.InMemoryFile{ + {Name: constants.FunctionsPath, Body: string(functionData)}, + {Name: handlerPath, Body: handlerContent}, + } + + tarData, err := util.BuildInMemoryTarFile(files) + if err != nil { + log.Println(err) + return + } + return tarball.LayerFromReader(&tarData) +} + +func GetNewContainerNames(containerTarFile string) (newTag, newFilename string) { + basename := path.Base(containerTarFile) + basenameExt := filepath.Ext(basename) + tag := strings.TrimSuffix(basename, basenameExt) + + newTag = fmt.Sprintf("lunasec-%s", tag) + newFilename = newTag + basenameExt + return +} diff --git a/lunadefend/go/pkg/tokenizer/cli.go b/lunadefend/go/pkg/tokenizer/cli.go new file mode 100644 index 000000000..ca52b4921 --- /dev/null +++ b/lunadefend/go/pkg/tokenizer/cli.go @@ -0,0 +1,372 @@ +// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +package tokenizer + +import ( + "bytes" + "encoding/json" + "errors" + "fmt" + "github.com/lunasec-io/lunasec/lunadefend/go/types" + "gopkg.in/square/go-jose.v2/jwt" + "io/ioutil" + "log" + "net/http" + + "github.com/lunasec-io/lunasec/lunadefend/go/constants" + "github.com/lunasec-io/lunasec/lunadefend/go/service" + "github.com/lunasec-io/lunasec/lunadefend/go/types/event" + "github.com/urfave/cli/v2" + "go.uber.org/zap" +) + +type CliOptions struct { + URL string + Secret string + Token string + Plaintext string + Input string + Output string + Metadata string + AuthPrivateKey string +} + +func cliOptionsStruct(c *cli.Context) CliOptions { + return CliOptions{ + URL: c.String("url"), + AuthPrivateKey: c.String("auth-private-key"), + Secret: c.String("secret"), + Token: c.String("token"), + Plaintext: c.String("plaintext"), + Input: c.String("input"), + Output: c.String("output"), + Metadata: c.String("metadata"), + } +} + +func newJwtSigner(authPrivateKey string) service.JwtSigner { + logger, err := zap.NewDevelopment() + if err != nil { + panic(err) + } + decodedPrivateKey, err := ioutil.ReadFile(authPrivateKey) + if err != nil { + panic(err) + } + jwtSigner, err := service.NewJwtSignerFromPrivateKey(logger, decodedPrivateKey) + if err != nil { + panic(err) + } + return jwtSigner +} + +func newAuthJwt(sessionID string, authPrivateKey string) string { + jwtSigner := newJwtSigner(authPrivateKey) + claims := types.SessionJwtClaims{ + Claims: jwt.Claims{ + Subject: string(constants.DeveloperSubject), + }, + SessionID: sessionID, + } + token, err := jwtSigner.CreateWithSessionClaims(claims) + if err != nil { + panic(err) + } + return token +} + +func tokenizerRequest(sessionID string, url, customerPrivateKey string, input interface{}) (data []byte, err error) { + reqBody, err := json.Marshal(input) + if err != nil { + log.Println(err) + return + } + + req, err := http.NewRequest(http.MethodPost, url, bytes.NewBuffer(reqBody)) + if err != nil { + log.Println(err) + return + } + + auth := newAuthJwt(sessionID, customerPrivateKey) + + req.Header.Add(constants.JwtAuthHeader, auth) + req.Header.Add("Content-Type", "application/json") + + client := &http.Client{} + resp, err := client.Do(req) + if err != nil { + log.Println(err) + return + } + defer resp.Body.Close() + + return ioutil.ReadAll(resp.Body) +} + +func s3Upload(url string, headers map[string]string, body []byte) (data []byte, err error) { + return s3Request(http.MethodPut, url, headers, bytes.NewBuffer(body)) +} + +func s3Download(url string, headers map[string]string) (data []byte, err error) { + return s3Request(http.MethodGet, url, headers, bytes.NewBuffer([]byte{})) +} + +func s3Request(method, url string, headers map[string]string, body *bytes.Buffer) (data []byte, err error) { + req, err := http.NewRequest(method, url, body) + if err != nil { + log.Println(err) + return + } + + for k, v := range headers { + req.Header.Add(k, v) + } + + client := &http.Client{} + resp, err := client.Do(req) + if err != nil { + log.Println(err) + return + } + defer resp.Body.Close() + + return ioutil.ReadAll(resp.Body) +} + +func newSessionID() string { + return "cli-tool" +} + +func setGrantForToken(cliOptions CliOptions, sessionID string, tokenID string) (err error) { + input := event.GrantSetRequest{ + TokenID: tokenID, + } + tokenizeURL := fmt.Sprintf("%s/grant/set", cliOptions.URL) + _, err = tokenizerRequest(sessionID, tokenizeURL, cliOptions.AuthPrivateKey, input) + if err != nil { + log.Println(err) + return + } + return +} + +func CreateJwtAuthCommand(c *cli.Context) (err error) { + cliOptions := cliOptionsStruct(c) + + jwtAuth := newAuthJwt(newSessionID(), cliOptions.AuthPrivateKey) + log.Printf("jwt: %s", jwtAuth) + return +} + +func TokenizeCommand(c *cli.Context) (err error) { + var ( + content []byte + resp struct { + Success bool + Data event.TokenizerSetResponse + } + ) + cliOptions := cliOptionsStruct(c) + + if cliOptions.Plaintext != "" { + content = []byte(cliOptions.Plaintext) + } else if cliOptions.Input != "" { + content, err = ioutil.ReadFile(cliOptions.Input) + if err != nil { + return + } + } else { + err = errors.New("neither option '--plaintext' or '--input' was provided") + return + } + + sessionID := newSessionID() + + input := event.TokenizerSetRequest{} + tokenizeURL := fmt.Sprintf("%s/tokenize", cliOptions.URL) + data, err := tokenizerRequest(sessionID, tokenizeURL, cliOptions.AuthPrivateKey, input) + if err != nil { + log.Println(err) + return + } + + err = json.Unmarshal(data, &resp) + if err != nil { + log.Println(err) + return + } + + if !resp.Success { + err = errors.New("server was unable to tokenize token") + return + } + + s3Resp, err := s3Upload(resp.Data.UploadURL, resp.Data.Headers, content) + if err != nil { + log.Println(err) + return + } + log.Printf("s3 response: %s", string(s3Resp)) + log.Printf("token: %s", resp.Data.TokenID) + return +} + +func DetokenizeCommand(c *cli.Context) (err error) { + var ( + resp struct { + Success bool + Data event.TokenizerGetResponse + } + ) + cliOptions := cliOptionsStruct(c) + + input := event.TokenizerGetRequest{} + tokenID := cliOptions.Token + + input.TokenID = tokenID + + sessionID := newSessionID() + + err = setGrantForToken(cliOptions, sessionID, tokenID) + if err != nil { + log.Println(err) + return + } + + detokenizeURL := fmt.Sprintf("%s/detokenize", cliOptions.URL) + data, err := tokenizerRequest(sessionID, detokenizeURL, cliOptions.AuthPrivateKey, input) + if err != nil { + log.Println(err) + return + } + + err = json.Unmarshal(data, &resp) + if err != nil { + log.Println(err) + return + } + + if !resp.Success { + err = errors.New("server was unable to detokenize token") + return + } + + s3Resp, err := s3Download(resp.Data.DownloadURL, resp.Data.Headers) + if err != nil { + log.Println(err) + return + } + if cliOptions.Output != "" { + err = ioutil.WriteFile(cliOptions.Output, s3Resp, 0755) + if err != nil { + return + } + } else { + log.Printf("s3 response: %s", s3Resp) + } + return +} + +func SetMetadataCommand(c *cli.Context) (err error) { + var ( + resp struct { + Success bool + Data event.MetadataSetResponse + } + + metadata map[string]interface{} + ) + cliOptions := cliOptionsStruct(c) + + err = json.Unmarshal([]byte(cliOptions.Metadata), &metadata) + if err != nil { + log.Println(err) + return err + } + + tokenID := cliOptions.Token + + sessionID := newSessionID() + + err = setGrantForToken(cliOptions, sessionID, tokenID) + if err != nil { + log.Println(err) + return + } + + input := event.MetadataSetRequest{ + TokenID: tokenID, + Metadata: metadata, + } + metadataSetURL := fmt.Sprintf("%s/metadata/set", cliOptions.URL) + data, err := tokenizerRequest(sessionID, metadataSetURL, cliOptions.AuthPrivateKey, input) + if err != nil { + log.Println(err) + return + } + err = json.Unmarshal(data, &resp) + if err != nil { + log.Println(err) + return + } + if !resp.Success { + err = errors.New("server was unable to set metadata for token") + return + } + log.Printf("setting metdata for %s was successful", cliOptions.Token) + return +} + +func GetMetadataCommand(c *cli.Context) (err error) { + var ( + resp struct { + Success bool + Data event.MetadataGetResponse + } + ) + cliOptions := cliOptionsStruct(c) + + tokenID := cliOptions.Token + + sessionID := newSessionID() + + err = setGrantForToken(cliOptions, sessionID, tokenID) + if err != nil { + log.Println(err) + return + } + + input := event.MetadataGetRequest{ + TokenID: tokenID, + } + metadataGetURL := fmt.Sprintf("%s/metadata/get", cliOptions.URL) + data, err := tokenizerRequest(sessionID, metadataGetURL, cliOptions.AuthPrivateKey, input) + if err != nil { + log.Println(err) + return + } + err = json.Unmarshal(data, &resp) + if err != nil { + log.Println(err) + return + } + if !resp.Success { + err = errors.New("server was unable to get metadata for token") + return + } + log.Printf("metdata for %s: %v", cliOptions.Token, resp.Data.Metadata) + return +} diff --git a/lunadefend/go/pkg/tokenizer/httpserver.go b/lunadefend/go/pkg/tokenizer/httpserver.go new file mode 100644 index 000000000..205b9a1fa --- /dev/null +++ b/lunadefend/go/pkg/tokenizer/httpserver.go @@ -0,0 +1,80 @@ +// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +package tokenizer + +import ( + "fmt" + "log" + "net/http" + + apigateway "github.com/apex/gateway" + "github.com/lunasec-io/lunasec/lunadefend/go/constants" + "github.com/lunasec-io/lunasec/lunadefend/go/gateway" + "github.com/lunasec-io/lunasec/lunadefend/go/service" + "github.com/lunasec-io/lunasec/lunadefend/go/util" + "github.com/rs/cors" +) + +func newServer(configPath string, authType constants.AuthType) http.Handler { + sm := http.NewServeMux() + + logger, err := util.GetLogger() + if err != nil { + fmt.Println(err) + panic(err) + } + + util.ApplyHealthCheck(sm, logger) + + provider := util.GetConfigProviderFromDir(configPath) + + logger.Debug("loading AWS gateways") + gateways := gateway.GetAwsGateways(logger, provider) + + authProviderJwtVerifier := service.NewJwtVerifier(constants.AuthJwtVerifier, logger, provider) + + GetTokenizerRoutes(authType, sm, logger, provider, gateways, authProviderJwtVerifier) + + c := cors.New(cors.Options{}) + return c.Handler(sm) +} + +func newHttpServer(sm http.Handler) *http.Server { + addr := util.GetEnvWithFallback("TOKENIZER_HTTP_ADDR", "0.0.0.0:37767") + server := &http.Server{ + Addr: addr, + Handler: sm, + MaxHeaderBytes: 2 << 20, // 2 MB + } + log.Printf("HTTP server listening at %s\n", addr) + return server +} + +func NewLocalDevServer() *http.Server { + sm := newServer(constants.TokenizerConfigPath, constants.JwtAuthType) + return newHttpServer(sm) +} + +func NewApiGatewayServer() *apigateway.Gateway { + sm := newServer(constants.TokenizerConfigPath, constants.JwtAuthType) + return apigateway.NewGateway(sm) +} + +// NewHttpServerSidecar creates a new server with no authentication, and is meant to run as a sidecar in a container. +// NOTE: auth is assumed to have already been performed when invoking this service. +func NewHttpServerSidecar() *http.Server { + sm := newServer(constants.TokenizerConfigPath, constants.NoAuthType) + return newHttpServer(sm) +} diff --git a/lunadefend/go/pkg/tokenizer/tokenizer.go b/lunadefend/go/pkg/tokenizer/tokenizer.go new file mode 100644 index 000000000..dcce199c9 --- /dev/null +++ b/lunadefend/go/pkg/tokenizer/tokenizer.go @@ -0,0 +1,110 @@ +// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +package tokenizer + +import ( + "fmt" + "github.com/lunasec-io/lunasec/lunadefend/go/constants" + "github.com/lunasec-io/lunasec/lunadefend/go/controller" + "github.com/lunasec-io/lunasec/lunadefend/go/gateway" + "github.com/lunasec-io/lunasec/lunadefend/go/service" + "github.com/lunasec-io/lunasec/lunadefend/go/types" + "github.com/lunasec-io/lunasec/lunadefend/go/types/handler" + "github.com/lunasec-io/lunasec/lunadefend/go/util" + "go.uber.org/config" + "go.uber.org/zap" + "net/http" +) + +func getRoutes( + logger *zap.Logger, + provider config.Provider, + gateways gateway.Gateways, + authProviderJwtVerifier service.JwtVerifier, +) map[string]handler.Config { + meta := service.NewMetadataService(logger, gateways.CW, gateways.KV) + grant := service.NewGrantService(logger, provider, gateways.CW, gateways.KV) + tokenizer := service.NewTokenizerService(logger, provider, gateways.CW, gateways.KV, gateways.S3) + + metadataController := controller.NewMetaController(meta, authProviderJwtVerifier, grant) + grantController := controller.NewGrantController(grant, authProviderJwtVerifier) + tokenizerController := controller.NewTokenizerController(provider, tokenizer, authProviderJwtVerifier, meta, grant) + + return map[string]handler.Config{ + "/grant/set": { + grantController.SetGrant, + constants.OnlyApplicationSubject, + }, + "/grant/verify": { + grantController.VerifyGrant, + constants.OnlyApplicationSubject, + }, + "/metadata/get": { + metadataController.GetMetadata, + constants.AnySubject, + }, + "/metadata/set": { + metadataController.SetMetadata, + constants.OnlyDeveloperSubject, + }, + "/tokenize": { + tokenizerController.TokenizerSet, + constants.AnySubject, + }, + "/detokenize": { + tokenizerController.TokenizerGet, + constants.AnySubject, + }, + } +} + +func GetTokenizerRoutes( + authType constants.AuthType, + sm *http.ServeMux, + logger *zap.Logger, + provider config.Provider, + gateways gateway.Gateways, + authProviderJwtVerifier service.JwtVerifier, +) { + var ( + authFunc func(allowedSubjects []constants.JwtSubject, handlerFunc http.HandlerFunc) http.HandlerFunc + ) + + switch authType { + case constants.NoAuthType: + logger.Debug("!!! creating tokenizer with no authentication !!!") + authFunc = controller.WithNoAuth + case constants.JwtAuthType: + logger.Debug("creating tokenizer with jwt authentication") + authFunc = service.NewJwtHttpAuth(logger, authProviderJwtVerifier).WithJwtAuth + default: + err := fmt.Errorf("invalid auth type: %s", authType) + logger.Error("unable to determine auth type", zap.Error(err)) + panic(err) + } + + metricsMiddlware := controller.WithMetrics(gateways.CW) + + middleware := []types.Middleware{ + controller.WithJSONContentType, + metricsMiddlware, + } + + tokenizerRoutes := getRoutes(logger, provider, gateways, authProviderJwtVerifier) + for url, handlerConfig := range tokenizerRoutes { + routeHandler := util.ApplyMiddlewareToHandler(middleware, handlerConfig.Handler) + sm.HandleFunc(url, authFunc(handlerConfig.AllowedSubjects, routeHandler)) + } +} diff --git a/lunadefend/go/pkg/tokenizerbackend/httpserver.go b/lunadefend/go/pkg/tokenizerbackend/httpserver.go new file mode 100644 index 000000000..a3f2f4b1d --- /dev/null +++ b/lunadefend/go/pkg/tokenizerbackend/httpserver.go @@ -0,0 +1,121 @@ +// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +package tokenizerbackend + +import ( + "fmt" + "github.com/lunasec-io/lunasec/lunadefend/go/constants" + "github.com/lunasec-io/lunasec/lunadefend/go/pkg/tokenizer" + "github.com/lunasec-io/lunasec/lunadefend/go/types" + "go.uber.org/config" + "go.uber.org/zap" + "log" + "net/http" + + "github.com/awslabs/aws-lambda-go-api-proxy/handlerfunc" + "github.com/lunasec-io/lunasec/lunadefend/go/controller" + "github.com/lunasec-io/lunasec/lunadefend/go/gateway" + "github.com/lunasec-io/lunasec/lunadefend/go/service" + "github.com/lunasec-io/lunasec/lunadefend/go/util" + "github.com/rs/cors" +) + +func newServer(logger *zap.Logger, provider config.Provider, gateways gateway.Gateways) http.Handler { + var ( + appConfig types.AppConfig + ) + + sm := http.NewServeMux() + + cspMiddleware := controller.WithCSP(provider) + + middleware := []types.Middleware{ + controller.WithJSONContentType, + cspMiddleware, + } + + if util.IsDevEnv() { + middleware = append(middleware, controller.WithHttpLogging) + } + + err := provider.Get("app").Populate(&appConfig) + if err != nil { + log.Println(err) + panic(err) + } + + authProviderJwtVerifier := service.NewJwtVerifier(constants.AuthJwtVerifier, logger, provider) + + secureFrameRoutes := getSecureFrameRoutes(logger, provider) + + sessionManagementRoutes := getSessionManagementRoutes(logger, provider, gateways, authProviderJwtVerifier) + + sm.HandleFunc("/health", func(w http.ResponseWriter, r *http.Request) { + util.RespondSuccess(w) + }) + + util.AddRoutesToServer(sm, middleware, secureFrameRoutes) + util.AddRoutesToServer(sm, middleware, sessionManagementRoutes) + + tokenizer.GetTokenizerRoutes( + constants.JwtAuthType, + sm, + logger, + provider, + gateways, + authProviderJwtVerifier, + ) + + c := cors.New(cors.Options{ + AllowedHeaders: appConfig.Cors.AllowedHeaders, + AllowOriginRequestFunc: func(r *http.Request, origin string) bool { + tokenizerURL := util.GetAPIGatewayTokenizerURL(r) + + allowedOrigins := appConfig.Cors.AllowedOrigins + if tokenizerURL != "" { + allowedOrigins = append(allowedOrigins, tokenizerURL) + } + + logger.Debug("CORS allowed origins", zap.Strings("allowedOrigins", allowedOrigins)) + + for _, allowedOrigin := range allowedOrigins { + if origin == allowedOrigin { + return true + } + } + return false + }, + AllowCredentials: true, + }) + return c.Handler(sm) +} + +func NewDevServer(logger *zap.Logger, provider config.Provider, gateways gateway.Gateways) *http.Server { + sm := newServer(logger, provider, gateways) + + addr := util.GetEnvWithFallback("SECUREFRAME_HTTP_ADDR", "0.0.0.0:37766") + server := &http.Server{ + Addr: addr, + Handler: sm, + MaxHeaderBytes: 2 << 20, // 2 MB + } + fmt.Printf("HTTP server listening at %s\n", addr) + return server +} + +func NewApiGatewayServer(logger *zap.Logger, provider config.Provider, gateways gateway.Gateways) *handlerfunc.HandlerFuncAdapter { + sm := newServer(logger, provider, gateways) + return handlerfunc.New(sm.ServeHTTP) +} diff --git a/go/pkg/tokenizerbackend/secureframe.go b/lunadefend/go/pkg/tokenizerbackend/secureframe.go similarity index 65% rename from go/pkg/tokenizerbackend/secureframe.go rename to lunadefend/go/pkg/tokenizerbackend/secureframe.go index 627c6ff20..57eea7f7a 100644 --- a/go/pkg/tokenizerbackend/secureframe.go +++ b/lunadefend/go/pkg/tokenizerbackend/secureframe.go @@ -15,23 +15,23 @@ package tokenizerbackend import ( - "github.com/lunasec-io/lunasec/go/controller" - "go.uber.org/config" - "go.uber.org/zap" - "net/http" + "github.com/lunasec-io/lunasec/lunadefend/go/controller" + "go.uber.org/config" + "go.uber.org/zap" + "net/http" ) func getSecureFrameRoutes( - logger *zap.Logger, - provider config.Provider, + logger *zap.Logger, + provider config.Provider, ) (routes map[string]http.HandlerFunc) { - secureFrameController, err := controller.NewSecureFrameController(logger, provider) - if err != nil { - panic(err) - } + secureFrameController, err := controller.NewSecureFrameController(logger, provider) + if err != nil { + panic(err) + } - routes = map[string]http.HandlerFunc{ - "/frame": secureFrameController.Frame, - } - return + routes = map[string]http.HandlerFunc{ + "/frame": secureFrameController.Frame, + } + return } diff --git a/go/pkg/tokenizerbackend/sessionmanagement.go b/lunadefend/go/pkg/tokenizerbackend/sessionmanagement.go similarity index 51% rename from go/pkg/tokenizerbackend/sessionmanagement.go rename to lunadefend/go/pkg/tokenizerbackend/sessionmanagement.go index cdf57515f..69e4cb3d7 100644 --- a/go/pkg/tokenizerbackend/sessionmanagement.go +++ b/lunadefend/go/pkg/tokenizerbackend/sessionmanagement.go @@ -15,28 +15,28 @@ package tokenizerbackend import ( - "github.com/lunasec-io/lunasec/go/controller" - "github.com/lunasec-io/lunasec/go/gateway" - "github.com/lunasec-io/lunasec/go/service" - "go.uber.org/config" - "go.uber.org/zap" - "net/http" + "github.com/lunasec-io/lunasec/lunadefend/go/controller" + "github.com/lunasec-io/lunasec/lunadefend/go/gateway" + "github.com/lunasec-io/lunasec/lunadefend/go/service" + "go.uber.org/config" + "go.uber.org/zap" + "net/http" ) func getSessionManagementRoutes( - logger *zap.Logger, - provider config.Provider, - gateways gateway.Gateways, - authProviderJwtVerifier service.JwtVerifier, + logger *zap.Logger, + provider config.Provider, + gateways gateway.Gateways, + authProviderJwtVerifier service.JwtVerifier, ) (routes map[string]http.HandlerFunc) { - sessionController := controller.NewSessionController( - logger, provider, gateways.KV, authProviderJwtVerifier, - ) + sessionController := controller.NewSessionController( + logger, provider, gateways.KV, authProviderJwtVerifier, + ) - routes = map[string]http.HandlerFunc{ - "/session/ensure": sessionController.SessionEnsure, - "/session/verify": sessionController.SessionVerify, - "/session/create": sessionController.SessionCreate, - } - return + routes = map[string]http.HandlerFunc{ + "/session/ensure": sessionController.SessionEnsure, + "/session/verify": sessionController.SessionVerify, + "/session/create": sessionController.SessionCreate, + } + return } diff --git a/go/scripts/start-tokenizerbackend.sh b/lunadefend/go/scripts/start-tokenizerbackend.sh similarity index 85% rename from go/scripts/start-tokenizerbackend.sh rename to lunadefend/go/scripts/start-tokenizerbackend.sh index c4c6397b1..aeed2690c 100755 --- a/go/scripts/start-tokenizerbackend.sh +++ b/lunadefend/go/scripts/start-tokenizerbackend.sh @@ -16,4 +16,4 @@ done mkdir -p config/tokenizerbackend/outputs cp ../outputs/aws_resources.json config/tokenizerbackend/outputs -env $(cat < ../.env.host | xargs) ./build/tokenizerbackend_dev +env $(cat < .env.host | xargs -0) ./build/tokenizerbackend_dev diff --git a/go/scripts/wait-for-file.sh b/lunadefend/go/scripts/wait-for-file.sh similarity index 100% rename from go/scripts/wait-for-file.sh rename to lunadefend/go/scripts/wait-for-file.sh diff --git a/go/service/containermodifier.go b/lunadefend/go/service/containermodifier.go similarity index 100% rename from go/service/containermodifier.go rename to lunadefend/go/service/containermodifier.go diff --git a/go/service/csp.go b/lunadefend/go/service/csp.go similarity index 100% rename from go/service/csp.go rename to lunadefend/go/service/csp.go diff --git a/lunadefend/go/service/deps.go b/lunadefend/go/service/deps.go new file mode 100644 index 000000000..12f00dbe9 --- /dev/null +++ b/lunadefend/go/service/deps.go @@ -0,0 +1,112 @@ +// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +package service + +import ( + "github.com/lunasec-io/lunasec/lunadefend/go/types" + "go.uber.org/config" + "net/url" + "strings" +) + +type authCallbackConfig struct { + AuthCallbackHost string `yaml:"auth_callback_host"` +} + +type AwsGatewayConfig struct { + Region string `yaml:"region"` + CiphertextBucket string `yaml:"ciphertext_bucket"` + LocalHTTPSProxy string `yaml:"local_https_proxy"` + LocalstackURL string `yaml:"localstack_url"` +} + +func getS3HostURL(gatewayConfig AwsGatewayConfig) string { + if gatewayConfig.LocalHTTPSProxy != "" { + return gatewayConfig.LocalstackURL + } + + s3Host := gatewayConfig.CiphertextBucket + ".s3." + gatewayConfig.Region + ".amazonaws.com" + + s3URL := url.URL{ + Scheme: "https", + Host: s3Host, + } + return s3URL.String() +} + +func CreateCSPMiddleware(provider config.Provider) CSPMiddlware { + var ( + authConfig authCallbackConfig + gatewayConfig AwsGatewayConfig + appConfig types.AppConfig + ) + // TODO report this to someplace + reportUri := "http://localhost:5004" + + // TODO (cthompson) these config values are taken from another place in the config + // we should figure out how to consolidate them + err := provider.Get("session_controller").Populate(&authConfig) + if err != nil { + panic(err) + } + + err = provider.Get("aws_gateway").Populate(&gatewayConfig) + if err != nil { + panic(err) + } + + err = provider.Get("app").Populate(&appConfig) + if err != nil { + panic(err) + } + + allowedOriginsArr := appConfig.Cors.AllowedOrigins + frameAncestors := strings.Join(allowedOriginsArr, " ") + + s3HostURL := getS3HostURL(gatewayConfig) + + connectSrcUrls := []string{ + "'self'", + authConfig.AuthCallbackHost, + s3HostURL, + } + + if gatewayConfig.LocalstackURL != "" { + connectSrcUrls = append(connectSrcUrls, gatewayConfig.LocalstackURL) + } + + if gatewayConfig.LocalHTTPSProxy != "" { + connectSrcUrls = append(connectSrcUrls, gatewayConfig.LocalHTTPSProxy) + } + + cspPolicy := map[string][]string{ + "connect-src": connectSrcUrls, + "script-src": { + "{{nonce}}", + }, + "object-src": {"none"}, + "default-src": {"none"}, + "frame-ancestors": {frameAncestors}, + "base-uri": {"none"}, + "require-trusted-types-for": {"script"}, + "report-uri": {reportUri}, + "style-src": { + "unsafe-inline", + "{{nonce}}", + }, + } + + return NewCSPMiddleware(cspPolicy, 16, false) +} diff --git a/go/service/dockermanager.go b/lunadefend/go/service/dockermanager.go similarity index 100% rename from go/service/dockermanager.go rename to lunadefend/go/service/dockermanager.go diff --git a/go/service/executor.go b/lunadefend/go/service/executor.go similarity index 100% rename from go/service/executor.go rename to lunadefend/go/service/executor.go diff --git a/lunadefend/go/service/grants.go b/lunadefend/go/service/grants.go new file mode 100644 index 000000000..4e11aad33 --- /dev/null +++ b/lunadefend/go/service/grants.go @@ -0,0 +1,186 @@ +// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +package service + +import ( + "encoding/json" + "errors" + "github.com/lunasec-io/lunasec/lunadefend/go/constants" + "github.com/lunasec-io/lunasec/lunadefend/go/constants/metrics" + "github.com/lunasec-io/lunasec/lunadefend/go/gateway" + metricsgateway "github.com/lunasec-io/lunasec/lunadefend/go/gateway/metrics" + "github.com/lunasec-io/lunasec/lunadefend/go/types" + "github.com/lunasec-io/lunasec/lunadefend/go/util" + "go.uber.org/config" + "go.uber.org/zap" + "log" + "time" +) + +type TokenGrant struct { + GrantExpiry int64 +} + +type grantServiceConfig struct { + GrantTTL string `yaml:"grant_default_duration"` + GrantMaxTTL string `yaml:"grant_maximum_duration"` +} + +type grantService struct { + logger *zap.Logger + cw metricsgateway.AwsCloudwatchGateway + kv gateway.AwsDynamoGateway + grantDefaultDuration time.Duration + grantMaxDuration time.Duration +} + +// GrantService manages grants for tokens +type GrantService interface { + SetTokenGrantForSession(token types.Token, sessionID string, grantType constants.GrantType, customGrantDuration string) error + ValidTokenGrantExistsForSession(token types.Token, sessionID string, grantType constants.GrantType) (valid bool, err error) +} + +// NewGrantService ... +func NewGrantService( + logger *zap.Logger, + provider config.Provider, + cw metricsgateway.AwsCloudwatchGateway, + kv gateway.AwsDynamoGateway, +) (service GrantService) { + var ( + serviceConfig grantServiceConfig + ) + + err := provider.Get("grant_service").Populate(&serviceConfig) + if err != nil { + panic(err) + } + + grantDefaultDuration, err := time.ParseDuration(serviceConfig.GrantTTL) + if err != nil { + panic(err) + } + grantMaxDuration, err := time.ParseDuration(serviceConfig.GrantMaxTTL) + if err != nil { + panic(err) + } + + service = &grantService{ + logger: logger, + cw: cw, + kv: kv, + grantDefaultDuration: grantDefaultDuration, + grantMaxDuration: grantMaxDuration, + } + return service +} + +func getGrantKey(sessionID string, token types.Token, grantType constants.GrantType) string { + return util.Sha512Sum(sessionID + string(token) + string(grantType)) +} + +func (s *grantService) getGrantDuration(customDurationString string) (int64, error) { + s.logger.Debug( + "read custom grant duration from request:", + zap.String("durationString", customDurationString)) + + if customDurationString == "" { + return time.Now().Add(s.grantDefaultDuration).Unix(), nil + } + + customDuration, err := time.ParseDuration(customDurationString) + if err != nil { + return 0, errors.New("Grant duration parse failed, please use a supported duration format like 30m or 1h20m10s") + } + + if customDuration > s.grantMaxDuration { + return 0, errors.New("Grant duration set longer than configured maximum time") + } + return time.Now().Add(customDuration).Unix(), nil +} + +func (s *grantService) SetTokenGrantForSession(token types.Token, sessionID string, grantType constants.GrantType, customGrantDuration string) (err error) { + defer func() { + if err != nil { + s.cw.Metric(metrics.CreateGrantFailureMetric, 1) + } + }() + + grantExpiry, err := s.getGrantDuration(customGrantDuration) + if err != nil { + return err + } + tokenGrant := TokenGrant{ + GrantExpiry: grantExpiry, + } + + serializedGrant, err := json.Marshal(tokenGrant) + if err != nil { + return + } + + grantKey := getGrantKey(sessionID, token, grantType) + + s.logger.Debug( + "setting grant for token", + zap.String("token", string(token)), + zap.String("sessionID", sessionID), + zap.String("grantType", string(grantType)), + zap.String("grantKey", grantKey), + ) + + s.cw.Metric(metrics.CreateGrantSuccessMetric, 1) + return s.kv.Set(gateway.GrantStore, grantKey, string(serializedGrant)) +} + +func (s *grantService) ValidTokenGrantExistsForSession(token types.Token, sessionID string, grantType constants.GrantType) (valid bool, err error) { + var ( + tokenGrant TokenGrant + ) + + grantKey := getGrantKey(sessionID, token, grantType) + + s.logger.Debug( + "getting grant for token", + zap.String("token", string(token)), + zap.String("sessionID", sessionID), + zap.String("grantType", string(grantType)), + zap.String("grantKey", grantKey), + ) + + grantString, err := s.kv.Get(gateway.GrantStore, grantKey) + if err != nil { + return + } + + if len(grantString) == 0 { + log.Printf("unable to find grant for token: %s", token) + return + } + + err = json.Unmarshal([]byte(grantString), &tokenGrant) + if err != nil { + return + } + + expiryTime := time.Unix(tokenGrant.GrantExpiry, 0) + now := time.Now() + if now.After(expiryTime) { + log.Printf("grant has expired: expiry: %s, now: %s", expiryTime.String(), now) + return + } + valid = true + return +} diff --git a/lunadefend/go/service/invoker/function.go b/lunadefend/go/service/invoker/function.go new file mode 100644 index 000000000..e3988f414 --- /dev/null +++ b/lunadefend/go/service/invoker/function.go @@ -0,0 +1,199 @@ +// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +package invoker + +import ( + "encoding/json" + "errors" + "fmt" + "github.com/lunasec-io/lunasec/lunadefend/go/constants" + "github.com/lunasec-io/lunasec/lunadefend/go/service" + "github.com/lunasec-io/lunasec/lunadefend/go/types" + "github.com/lunasec-io/lunasec/lunadefend/go/types/event" + "github.com/lunasec-io/lunasec/lunadefend/go/util" + "go.uber.org/zap" + "regexp" + "strings" +) + +var ( + outputRegex = regexp.MustCompile(constants.OutputRegexStr) +) + +type FunctionRuntimeInvoker struct { + logger *zap.Logger + functionName string + blockInput *json.RawMessage + backpack *json.RawMessage +} + +func NewLambdaRuntime( + logger *zap.Logger, + functionName string, + blockInput *json.RawMessage, + backpack *json.RawMessage, +) types.RuntimeInvoker { + return &FunctionRuntimeInvoker{ + logger: logger, + functionName: functionName, + blockInput: blockInput, + backpack: backpack, + } +} + +func (r *FunctionRuntimeInvoker) Initialize() error { + return nil +} + +func (r *FunctionRuntimeInvoker) Run() ( + result *json.RawMessage, + outBackpack *json.RawMessage, + err error, +) { + var ( + funcConfig types.RefineryFunction + functionExecutor service.Executor + handlerResponse event.InvokeHandlerResponse + ) + + r.logger.Debug( + "handling request", + zap.String("functionName", r.functionName), + ) + + funcConfig, err = util.GetFunctionConfig(constants.FunctionsPath, r.functionName) + if err != nil { + r.logger.Error( + "unable to get function config", + zap.Error(err), + ) + return + } + + functionExecutor, err = r.getFunctionExecutor(funcConfig) + if err != nil { + return + } + + handlerResponse, err = r.runFunctionExecutor(functionExecutor) + if err != nil { + return + } + + r.logger.Debug( + "handler response", + zap.String( + "handlerResponse", + fmt.Sprintf("%v", handlerResponse), + ), + ) + + if handlerResponse.Error != "" { + err = errors.New(handlerResponse.Error) + r.logger.Error("handler error", zap.Error(err)) + return + } + + result = handlerResponse.Result + outBackpack = handlerResponse.Backpack + return +} + +func parseStdout(stdout string) (responseData event.InvokeHandlerResponse, err error) { + output := outputRegex.FindStringSubmatch(stdout) + if len(output) == 0 { + err = fmt.Errorf("unable to find output from handler") + return + } + returnedData := output[1] + err = json.Unmarshal([]byte(returnedData), &responseData) + return +} + +func (r *FunctionRuntimeInvoker) getFunctionExecutor(funcConfig types.RefineryFunction) (e service.Executor, err error) { + var ( + functionInput []byte + ) + + funcReq := event.InvokeHandlerRequest{ + BlockInput: r.blockInput, + Backpack: r.backpack, + ImportPath: funcConfig.ImportPath, + FunctionName: funcConfig.FunctionName, + } + + functionInput, err = json.Marshal(funcReq) + if err != nil { + r.logger.Error( + "unable to marshal function request", + zap.Error(err), + ) + return + } + + envVars := util.EnvMapToArray(funcConfig.Env) + + handlerStdin := strings.NewReader(string(functionInput)) + + args := []string{ + funcConfig.Handler, + } + + r.logger.Debug( + "created executor", + zap.String("command", funcConfig.Command), + zap.Strings("args", args), + zap.Strings("envVars", envVars), + zap.String("workdir", funcConfig.WorkDir), + zap.ByteString("functionInput", functionInput), + ) + + return service.NewExecutorWithoutStreaming( + funcConfig.Command, + args, + funcConfig.Env, + funcConfig.WorkDir, + handlerStdin, + ), nil + +} + +func (r *FunctionRuntimeInvoker) runFunctionExecutor(functionExecutor service.Executor) (handlerResponse event.InvokeHandlerResponse, err error) { + var ( + res service.ExecutorResult + ) + + res, err = functionExecutor.Execute() + if err != nil { + r.logger.Error( + "error when executing handler command", + zap.Error(err), + ) + return + } + + r.logger.Debug("handler stdout", zap.String("stdout", res.Stdout)) + r.logger.Debug("handler stderr", zap.String("stderr", res.Stderr)) + + /* + TODO should we use protobuf to communicate between the processes? + */ + handlerResponse, err = parseStdout(res.Stdout) + if err != nil { + r.logger.Error("error while parsing stdout from handler", zap.Error(err)) + return + } + return +} diff --git a/go/service/invoker/grpc.go b/lunadefend/go/service/invoker/grpc.go similarity index 100% rename from go/service/invoker/grpc.go rename to lunadefend/go/service/invoker/grpc.go diff --git a/go/service/jwksmanager.go b/lunadefend/go/service/jwksmanager.go similarity index 100% rename from go/service/jwksmanager.go rename to lunadefend/go/service/jwksmanager.go diff --git a/lunadefend/go/service/jwtauth.go b/lunadefend/go/service/jwtauth.go new file mode 100644 index 000000000..c288dbb93 --- /dev/null +++ b/lunadefend/go/service/jwtauth.go @@ -0,0 +1,137 @@ +// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +package service + +import ( + "github.com/lunasec-io/lunasec/lunadefend/go/constants" + "github.com/lunasec-io/lunasec/lunadefend/go/util" + "net/http" + "net/http/httputil" + + "github.com/lunasec-io/lunasec/lunadefend/go/controller/request" + "go.uber.org/zap" +) + +type jwtHttpAuth struct { + logger *zap.Logger + jwtVerifier JwtVerifier +} + +type JwtHttpAuth interface { + WithJwtAuth(allowedSubjects []constants.JwtSubject, next http.HandlerFunc) http.HandlerFunc +} + +func NewJwtHttpAuth(logger *zap.Logger, jwtVerifier JwtVerifier) JwtHttpAuth { + return &jwtHttpAuth{ + logger: logger, + jwtVerifier: jwtVerifier, + } +} + +func (j *jwtHttpAuth) defaultUnauthorizedHandler(w http.ResponseWriter, r *http.Request) { + serializedReq, _ := httputil.DumpRequest(r, false) + j.logger.Info( + "unauthorized request received", + zap.String("request", string(serializedReq)), + ) + + http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) +} + +func subjectIsAllowed(subject constants.JwtSubject, allowedSubjects []constants.JwtSubject) bool { + for _, s := range allowedSubjects { + if s == subject { + return true + } + } + return false +} + +func (j *jwtHttpAuth) sessionHashMatchesProvidedIdentity(sessionID string, w http.ResponseWriter, r *http.Request) bool { + sessionHash := util.CreateSessionHash(sessionID) + + requestSessionHash := r.Header.Get(constants.SessionHashHeader) + if requestSessionHash == "" { + j.logger.Debug( + "session hash header not set, setting it now", + zap.String("sessionHash", sessionHash), + ) + w.Header().Set(constants.SessionHashHeader, sessionHash) + return true + } + + if requestSessionHash == sessionHash { + return true + } + return false +} + +func (j *jwtHttpAuth) WithJwtAuth(allowedSubjects []constants.JwtSubject, next http.HandlerFunc) http.HandlerFunc { + unauthHandler := http.HandlerFunc(j.defaultUnauthorizedHandler) + return func(w http.ResponseWriter, r *http.Request) { + j.logger.Debug( + "validating auth for request", + zap.String("method", r.Method), + zap.String("path", r.URL.Path), + ) + + jwtToken, err := request.GetJwtToken(r) + if err != nil { + j.logger.Error( + "unable to get jwt token from request", + zap.Error(err), + ) + unauthHandler.ServeHTTP(w, r) + return + } + + claims, err := j.jwtVerifier.VerifyWithSessionClaims(jwtToken) + if err != nil { + j.logger.Error( + "invalid jwt token", + zap.String("jwt", jwtToken), + zap.Error(err), + ) + unauthHandler.ServeHTTP(w, r) + return + } + + if !j.sessionHashMatchesProvidedIdentity(claims.SessionID, w, r) { + j.logger.Error( + "provided identity does not match the pre-existing session", + zap.String("jwt", jwtToken), + zap.String("sessionHash", ""), + zap.Error(err), + ) + unauthHandler.ServeHTTP(w, r) + return + } + + subject := constants.JwtSubject(claims.Subject) + if !subjectIsAllowed(subject, allowedSubjects) { + j.logger.Error( + "subject is not allowed", + zap.String("jwt", jwtToken), + zap.String("subject", claims.Subject), + zap.Strings("allowedSubjects", constants.SubjectsToStringSlice(allowedSubjects)), + zap.Error(err), + ) + unauthHandler.ServeHTTP(w, r) + return + } + + next.ServeHTTP(w, r) + } +} diff --git a/lunadefend/go/service/jwtsigner.go b/lunadefend/go/service/jwtsigner.go new file mode 100644 index 000000000..32a30f831 --- /dev/null +++ b/lunadefend/go/service/jwtsigner.go @@ -0,0 +1,76 @@ +// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +package service + +import ( + "crypto/rsa" + "crypto/x509" + "github.com/lunasec-io/lunasec/lunadefend/go/types" + "gopkg.in/square/go-jose.v2" + "gopkg.in/square/go-jose.v2/jwt" + + "github.com/pkg/errors" + "go.uber.org/zap" +) + +type jwtSigner struct { + logger *zap.Logger + privateKey *rsa.PrivateKey +} + +type JwtSignerAwsConfig struct { + SigningKeysArn string `yaml:"signing_keys_arn"` +} + +type JwtSigner interface { + CreateWithSessionClaims(claims types.SessionJwtClaims) (token string, err error) +} + +func NewJwtSignerFromPrivateKey( + logger *zap.Logger, + privateKey []byte, +) (signer JwtSigner, err error) { + var ( + rsaPrivateKey *rsa.PrivateKey + ) + + rsaPrivateKey, err = x509.ParsePKCS1PrivateKey(privateKey) + if err != nil { + err = errors.Wrap(err, "unable to parse rsa private key from pem") + return + } + + signer = &jwtSigner{ + logger: logger, + privateKey: rsaPrivateKey, + } + return +} + +func (j *jwtSigner) CreateWithSessionClaims(claims types.SessionJwtClaims) (token string, err error) { + key := jose.SigningKey{Algorithm: jose.RS256, Key: j.privateKey} + + var signerOpts = jose.SignerOptions{} + + signer, err := jose.NewSigner(key, signerOpts.WithType("JWT")) + if err != nil { + err = errors.Wrap(err, "unable to create jwt signiner") + return + } + + builder := jwt.Signed(signer).Claims(claims) + + return builder.CompactSerialize() +} diff --git a/lunadefend/go/service/jwtverifier.go b/lunadefend/go/service/jwtverifier.go new file mode 100644 index 000000000..6ba995bbf --- /dev/null +++ b/lunadefend/go/service/jwtverifier.go @@ -0,0 +1,145 @@ +// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +package service + +import ( + "crypto/rsa" + "crypto/x509" + "encoding/base64" + "fmt" + "github.com/lunasec-io/lunasec/lunadefend/go/constants" + "github.com/lunasec-io/lunasec/lunadefend/go/types" + "github.com/pkg/errors" + "go.uber.org/config" + "go.uber.org/zap" + "gopkg.in/square/go-jose.v2/jwt" +) + +type jwtVerifier struct { + logger *zap.Logger + publicKey *rsa.PublicKey +} + +type JwtVerifierConfig struct { + PublicKey string `yaml:"public_key"` + JwksURL string `yaml:"jwks_url"` + JwksKID string `yaml:"jwks_kid"` +} + +type JwtVerifier interface { + Verify(token string) (err error) + VerifyWithSessionClaims(token string) (claims types.SessionJwtClaims, err error) +} + +func NewJwtVerifier( + configKey constants.JwtVerifierType, + logger *zap.Logger, + provider config.Provider, +) (verifier JwtVerifier) { + var ( + publicKey []byte + serviceConfig JwtVerifierConfig + rsaPublicKey *rsa.PublicKey + jwksManager *JwksManager + jwkKey interface{} + ) + + err := provider.Get(string(configKey)).Populate(&serviceConfig) + if err != nil { + panic(err) + } + + if serviceConfig.PublicKey != "" { + publicKey, err = base64.StdEncoding.DecodeString(serviceConfig.PublicKey) + if err != nil { + panic(errors.Wrap(err, "unable to decode auth provider public key")) + } + + rsaPublicKey, err = x509.ParsePKCS1PublicKey(publicKey) + if err != nil { + panic(errors.Wrap(err, "unable to parse public key from pem")) + } + logger.Debug("loaded public key from config file") + } else if serviceConfig.JwksURL != "" { + jwksManager, err = NewJwksManager(logger, serviceConfig.JwksURL, true) + if err != nil { + logger.Error( + "Error fetching JSON Web Key(JWKS) from application backend. Is your application backend running? Env var is ", + zap.String("SESSION_JWKS_URL", serviceConfig.JwksURL), + zap.Error(err), + ) + panic(err) + } + + jwkKey, err = jwksManager.GetKey("lunasec-signing-key") + if err != nil { + panic(err) + } + + rsaPublicKey = jwkKey.(*rsa.PublicKey) + logger.Debug( + "loaded public key from jwks endpoint", + zap.String("jwksURL", serviceConfig.JwksURL), + zap.String("kid", serviceConfig.JwksKID), + ) + + fmt.Println(base64.StdEncoding.EncodeToString(x509.MarshalPKCS1PublicKey(rsaPublicKey))) + } else { + panic(errors.New("neither public_key or jwks_url were provided in jwt verifier config")) + } + + verifier = &jwtVerifier{ + logger: logger, + publicKey: rsaPublicKey, + } + return +} + +func (j *jwtVerifier) Verify(token string) (err error) { + var ( + claims jwt.Claims + ) + parsedToken, err := jwt.ParseSigned(token) + if err != nil { + err = errors.Wrap(err, "error while parsing token") + j.logger.Error("unable to parse token", zap.Error(err)) + return + } + + err = parsedToken.Claims(j.publicKey, &claims) + if err != nil { + err = errors.Wrap(err, "unable to verify signature and get claims") + j.logger.Error("unable to verify signature and get claims", zap.Error(err)) + return + } + return +} + +func (j *jwtVerifier) VerifyWithSessionClaims(token string) (claims types.SessionJwtClaims, err error) { + parsedToken, err := jwt.ParseSigned(token) + if err != nil { + err = errors.Wrap(err, "error while parsing token") + j.logger.Error("unable to parse token", zap.Error(err)) + return + } + + err = parsedToken.Claims(j.publicKey, &claims) + if err != nil { + err = errors.Wrap(err, "unable to verify signature and get claims") + j.logger.Error("unable to verify signature and get claims", zap.Error(err)) + return + } + return +} diff --git a/lunadefend/go/service/metadata.go b/lunadefend/go/service/metadata.go new file mode 100644 index 000000000..255390a34 --- /dev/null +++ b/lunadefend/go/service/metadata.go @@ -0,0 +1,93 @@ +// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +package service + +import ( + "encoding/json" + "errors" + "github.com/lunasec-io/lunasec/lunadefend/go/gateway/metrics" + "go.uber.org/zap" + "time" + + "github.com/lunasec-io/lunasec/lunadefend/go/gateway" + "github.com/lunasec-io/lunasec/lunadefend/go/types" + "github.com/lunasec-io/lunasec/lunadefend/go/util" +) + +type metadataService struct { + logger *zap.Logger + kv gateway.AwsDynamoGateway + cw metrics.AwsCloudwatchGateway +} + +// MetadataService manages metadata for secrets +type MetadataService interface { + SetMetadata(token types.Token, authorInfo interface{}, customMetadata interface{}) (err error) + GetMetadata(token types.Token) (metadata TokenMetadata, err error) +} + +// NewMetadataService ... +func NewMetadataService( + logger *zap.Logger, + cw metrics.AwsCloudwatchGateway, + kv gateway.AwsDynamoGateway, +) MetadataService { + return &metadataService{ + logger: logger, + cw: cw, + kv: kv, + } +} + +const TokenMetadataSchemaVersion = 1 + +type TokenMetadata struct { + SchemaVersion int64 `json:"schema_version"` + CreatedAt int64 `json:"created_at"` + AuthorInfo interface{} `json:"author_info"` + CustomMetadata interface{} `json:"custom_metadata"` +} + +// SetMetadata ... +func (s *metadataService) SetMetadata(token types.Token, authorInfo interface{}, customMetadata interface{}) (err error) { + metadata := TokenMetadata{ + SchemaVersion: TokenMetadataSchemaVersion, + CreatedAt: time.Now().Unix(), + AuthorInfo: authorInfo, + CustomMetadata: customMetadata, + } + + serializedMetadata, err := json.Marshal(metadata) + if err != nil { + return + } + return s.kv.Set(gateway.MetaStore, util.Sha512Sum(string(token)), string(serializedMetadata)) +} + +// GetMetadata ... +func (s *metadataService) GetMetadata(token types.Token) (metadata TokenMetadata, err error) { + meta, err := s.kv.Get(gateway.MetaStore, util.Sha512Sum(string(token))) + if err != nil { + return + } + + if len(meta) == 0 { + err = errors.New("unable to locate metadata for token") + return + } + + err = json.Unmarshal([]byte(meta), &metadata) + return +} diff --git a/lunadefend/go/service/tokenizer.go b/lunadefend/go/service/tokenizer.go new file mode 100644 index 000000000..09685ad23 --- /dev/null +++ b/lunadefend/go/service/tokenizer.go @@ -0,0 +1,156 @@ +// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +package service + +import ( + "encoding/hex" + "errors" + "github.com/lunasec-io/lunasec/lunadefend/go/constants/metrics" + metricservice "github.com/lunasec-io/lunasec/lunadefend/go/gateway/metrics" + "go.uber.org/config" + "go.uber.org/zap" + + "github.com/lunasec-io/lunasec/lunadefend/go/gateway" + "github.com/lunasec-io/lunasec/lunadefend/go/types" + "github.com/lunasec-io/lunasec/lunadefend/go/util" +) + +type tokenizerService struct { + logger *zap.Logger + config TokenizerConfig + cw metricservice.AwsCloudwatchGateway + kv gateway.AwsDynamoGateway + s3 gateway.AwsS3Gateway + secret string +} + +type TokenizerConfig struct { + SecretArn string `yaml:"secret_arn"` +} + +// TokenizerService ... +type TokenizerService interface { + TokenizerSet() (types.Token, string, map[string]string, error) + TokenizerGet(token types.Token) (string, map[string]string, error) + TokenizerDelete(token types.Token) error +} + +// NewTokenizerService ... +func NewTokenizerService( + logger *zap.Logger, + config config.Provider, + cw metricservice.AwsCloudwatchGateway, + kv gateway.AwsDynamoGateway, + s3 gateway.AwsS3Gateway, +) TokenizerService { + var ( + tokenizerConfig TokenizerConfig + ) + + err := config.Get("tokenizer").Populate(&tokenizerConfig) + if err != nil { + panic(err) + } + + return &tokenizerService{ + logger: logger, + config: tokenizerConfig, + cw: cw, + kv: kv, + s3: s3, + } +} + +// SetTokenizer ... +func (s *tokenizerService) TokenizerSet() (token types.Token, url string, key map[string]string, err error) { + defer func() { + if err != nil { + s.cw.Metric(metrics.TokenizeFailureMetric, 1) + } + }() + + token = util.GenToken() + Kp := util.Keygen() + snk := util.GenerateSaltsAndKey(token, s.secret) + + // E(Kt, Kp) + encryptedEncryptionKeyBytes, err := util.Encrypt(snk.Kt, Kp) + + if err != nil { + return "", "", nil, err + } + + // H(T + Sk) + ciphertextLookupHash := util.GetCompositeHash(token, snk.Sp) + encryptionKeyLookupHash := util.GetCompositeHash(token, snk.Sk) + encryptedEncryptionKey := hex.EncodeToString(encryptedEncryptionKeyBytes) + + if err := s.kv.Set(gateway.KeyStore, encryptionKeyLookupHash, encryptedEncryptionKey); err != nil { + return "", "", nil, err + } + + url, key, err = s.s3.GeneratePresignedPutUrl(ciphertextLookupHash, Kp) + if err != nil { + return token, url, key, err + } + s.cw.Metric(metrics.TokenizeSuccessMetric, 1) + return token, url, key, err +} + +// GetTokenizer +func (s *tokenizerService) TokenizerGet(token types.Token) (url string, key map[string]string, err error) { + defer func() { + if err != nil { + s.cw.Metric(metrics.DetokenizeFailureMetric, 1) + } + }() + + snk := util.GenerateSaltsAndKey(token, s.secret) + encryptionKeyLookupHash := util.GetCompositeHash(token, snk.Sk) + encryptedEncryptionKey, err := s.kv.Get(gateway.KeyStore, encryptionKeyLookupHash) + + if err != nil { + return "", nil, err + } + + if len(encryptedEncryptionKey) == 0 { + return "", nil, errors.New("unable to locate data for token") + } + + encryptedEncryptionKeyBytes, err := hex.DecodeString(encryptedEncryptionKey) + + if err != nil { + return "", nil, err + } + + Kp, err := util.Decrypt(snk.Kt, encryptedEncryptionKeyBytes) + + if err != nil { + return "", nil, err + } + + ciphertextLookupHash := util.GetCompositeHash(token, snk.Sp) + + url, key, err = s.s3.GeneratePresignedPutUrl(ciphertextLookupHash, Kp) + if err != nil { + return url, key, err + } + s.cw.Metric(metrics.DetokenizeSuccessMetric, 1) + return url, key, err +} + +func (s *tokenizerService) TokenizerDelete(token types.Token) error { + return nil +} diff --git a/go/service/tokenizer_test.go b/lunadefend/go/service/tokenizer_test.go similarity index 100% rename from go/service/tokenizer_test.go rename to lunadefend/go/service/tokenizer_test.go diff --git a/go/types/apigateway.go b/lunadefend/go/types/apigateway.go similarity index 100% rename from go/types/apigateway.go rename to lunadefend/go/types/apigateway.go diff --git a/go/types/config.go b/lunadefend/go/types/config.go similarity index 66% rename from go/types/config.go rename to lunadefend/go/types/config.go index 4f4a34a00..0ad1fa3df 100644 --- a/go/types/config.go +++ b/lunadefend/go/types/config.go @@ -15,20 +15,20 @@ package types import ( - "github.com/lunasec-io/lunasec/go/constants/metrics" + "github.com/lunasec-io/lunasec/lunadefend/go/constants/metrics" ) type CorsConfig struct { - AllowedOrigins []string `yaml:"allowed_origins"` - AllowedHeaders []string `yaml:"allowed_headers"` + AllowedOrigins []string `yaml:"allowed_origins"` + AllowedHeaders []string `yaml:"allowed_headers"` } type AppConfig struct { - StackID string `yaml:"stack_id"` - Cors CorsConfig `yaml:"cors"` + StackID string `yaml:"stack_id"` + Cors CorsConfig `yaml:"cors"` } type AnalyticsCollectorConfig struct { - AnalyticsServer string `yaml:"analytics_server"` - Metrics []metrics.ApplicationMetric `yaml:"metrics"` + AnalyticsServer string `yaml:"analytics_server"` + Metrics []metrics.ApplicationMetric `yaml:"metrics"` } diff --git a/go/types/containermodifier.go b/lunadefend/go/types/containermodifier.go similarity index 100% rename from go/types/containermodifier.go rename to lunadefend/go/types/containermodifier.go diff --git a/go/types/event/container_modify.go b/lunadefend/go/types/event/container_modify.go similarity index 55% rename from go/types/event/container_modify.go rename to lunadefend/go/types/event/container_modify.go index 09efee5aa..11a800073 100644 --- a/go/types/event/container_modify.go +++ b/lunadefend/go/types/event/container_modify.go @@ -15,29 +15,29 @@ package event import ( - "github.com/lunasec-io/lunasec/go/constants" - "github.com/lunasec-io/lunasec/go/types" + "github.com/lunasec-io/lunasec/lunadefend/go/constants" + "github.com/lunasec-io/lunasec/lunadefend/go/types" ) type ImageFile struct { - Bucket string `json:"bucket"` - Key string `json:"key"` + Bucket string `json:"bucket"` + Key string `json:"key"` } type ContainerModifyEvent struct { - Registry string `json:"registry"` - BaseImage string `json:"base_image"` - NewImageName string `json:"new_image_name"` - ImageFiles ImageFile `json:"image_files"` - Runtime string `json:"runtime"` - Functions []types.FunctionConfig `json:"functions"` + Registry string `json:"registry"` + BaseImage string `json:"base_image"` + NewImageName string `json:"new_image_name"` + ImageFiles ImageFile `json:"image_files"` + Runtime string `json:"runtime"` + Functions []types.FunctionConfig `json:"functions"` } func (c ContainerModifyEvent) ShouldModifyEntrypoint() bool { - return c.Runtime == string(constants.Docker) + return c.Runtime == string(constants.Docker) } type ContainerModifyResponse struct { - Tag string `json:"tag"` - DeploymentID string `json:"deployment_id"` + Tag string `json:"tag"` + DeploymentID string `json:"deployment_id"` } diff --git a/go/types/event/create_function.go b/lunadefend/go/types/event/create_function.go similarity index 100% rename from go/types/event/create_function.go rename to lunadefend/go/types/event/create_function.go diff --git a/go/types/event/execute.go b/lunadefend/go/types/event/execute.go similarity index 100% rename from go/types/event/execute.go rename to lunadefend/go/types/event/execute.go diff --git a/go/types/event/grant_set.go b/lunadefend/go/types/event/grant_set.go similarity index 100% rename from go/types/event/grant_set.go rename to lunadefend/go/types/event/grant_set.go diff --git a/go/types/event/grant_verify.go b/lunadefend/go/types/event/grant_verify.go similarity index 100% rename from go/types/event/grant_verify.go rename to lunadefend/go/types/event/grant_verify.go diff --git a/go/types/event/invokefunction.go b/lunadefend/go/types/event/invokefunction.go similarity index 100% rename from go/types/event/invokefunction.go rename to lunadefend/go/types/event/invokefunction.go diff --git a/go/types/event/metadata_get.go b/lunadefend/go/types/event/metadata_get.go similarity index 100% rename from go/types/event/metadata_get.go rename to lunadefend/go/types/event/metadata_get.go diff --git a/go/types/event/metadata_set.go b/lunadefend/go/types/event/metadata_set.go similarity index 100% rename from go/types/event/metadata_set.go rename to lunadefend/go/types/event/metadata_set.go diff --git a/go/types/event/session_create.go b/lunadefend/go/types/event/session_create.go similarity index 100% rename from go/types/event/session_create.go rename to lunadefend/go/types/event/session_create.go diff --git a/go/types/event/tokenizer_get.go b/lunadefend/go/types/event/tokenizer_get.go similarity index 100% rename from go/types/event/tokenizer_get.go rename to lunadefend/go/types/event/tokenizer_get.go diff --git a/go/types/event/tokenizer_set.go b/lunadefend/go/types/event/tokenizer_set.go similarity index 100% rename from go/types/event/tokenizer_set.go rename to lunadefend/go/types/event/tokenizer_set.go diff --git a/go/types/handler/config.go b/lunadefend/go/types/handler/config.go similarity index 81% rename from go/types/handler/config.go rename to lunadefend/go/types/handler/config.go index 434ff9bda..c68e93b4e 100644 --- a/go/types/handler/config.go +++ b/lunadefend/go/types/handler/config.go @@ -15,11 +15,11 @@ package handler import ( - "github.com/lunasec-io/lunasec/go/constants" - "net/http" + "github.com/lunasec-io/lunasec/lunadefend/go/constants" + "net/http" ) type Config struct { - Handler http.HandlerFunc - AllowedSubjects []constants.JwtSubject + Handler http.HandlerFunc + AllowedSubjects []constants.JwtSubject } diff --git a/go/types/http.go b/lunadefend/go/types/http.go similarity index 100% rename from go/types/http.go rename to lunadefend/go/types/http.go diff --git a/go/types/keygen.go b/lunadefend/go/types/keygen.go similarity index 100% rename from go/types/keygen.go rename to lunadefend/go/types/keygen.go diff --git a/go/types/metadata.go b/lunadefend/go/types/metadata.go similarity index 100% rename from go/types/metadata.go rename to lunadefend/go/types/metadata.go diff --git a/go/types/metrics.go b/lunadefend/go/types/metrics.go similarity index 75% rename from go/types/metrics.go rename to lunadefend/go/types/metrics.go index ef69f90f4..769e6ce67 100644 --- a/go/types/metrics.go +++ b/lunadefend/go/types/metrics.go @@ -15,13 +15,13 @@ package types import ( - "github.com/lunasec-io/lunasec/go/constants/metrics" + "github.com/lunasec-io/lunasec/lunadefend/go/constants/metrics" ) type CollectedMetrics map[metrics.ApplicationMetric]int64 type ReportedMetrics struct { - Version string `json:"version"` - StackID string `json:"stack_id"` - CollectedMetrics CollectedMetrics `json:"collected_metrics"` + Version string `json:"version"` + StackID string `json:"stack_id"` + CollectedMetrics CollectedMetrics `json:"collected_metrics"` } diff --git a/go/types/runtime.go b/lunadefend/go/types/runtime.go similarity index 100% rename from go/types/runtime.go rename to lunadefend/go/types/runtime.go diff --git a/go/types/secureframe.go b/lunadefend/go/types/secureframe.go similarity index 100% rename from go/types/secureframe.go rename to lunadefend/go/types/secureframe.go diff --git a/go/types/session.go b/lunadefend/go/types/session.go similarity index 100% rename from go/types/session.go rename to lunadefend/go/types/session.go diff --git a/go/types/types.go b/lunadefend/go/types/types.go similarity index 100% rename from go/types/types.go rename to lunadefend/go/types/types.go diff --git a/go/util/apigateway.go b/lunadefend/go/util/apigateway.go similarity index 55% rename from go/util/apigateway.go rename to lunadefend/go/util/apigateway.go index 8c2f5ae22..7e75ad0bc 100644 --- a/go/util/apigateway.go +++ b/lunadefend/go/util/apigateway.go @@ -15,13 +15,13 @@ package util import ( - "encoding/json" - "fmt" - "github.com/awslabs/aws-lambda-go-api-proxy/core" - "github.com/lunasec-io/lunasec/go/types" - "net/http" + "encoding/json" + "fmt" + "github.com/awslabs/aws-lambda-go-api-proxy/core" + "github.com/lunasec-io/lunasec/lunadefend/go/types" + "net/http" - "github.com/aws/aws-lambda-go/events" + "github.com/aws/aws-lambda-go/events" ) // from: https://github.com/aquasecurity/lmdrouter/blob/master/encoder.go @@ -32,46 +32,46 @@ import ( // and a value (probably a struct) representing the response body. This value // will be marshaled to JSON (currently without base 64 encoding). func MarshalApiGatewayResponse(status int, headers map[string]string, data interface{}) ( - events.APIGatewayProxyResponse, - error, + events.APIGatewayProxyResponse, + error, ) { - b, err := json.Marshal(data) - if err != nil { - status = http.StatusInternalServerError - b = []byte(`{"code":500,"message":"the server has encountered an unexpected error"}`) - } + b, err := json.Marshal(data) + if err != nil { + status = http.StatusInternalServerError + b = []byte(`{"code":500,"message":"the server has encountered an unexpected error"}`) + } - if headers == nil { - headers = make(map[string]string) - } - headers["Content-Type"] = "application/json; charset=UTF-8" + if headers == nil { + headers = make(map[string]string) + } + headers["Content-Type"] = "application/json; charset=UTF-8" - return events.APIGatewayProxyResponse{ - StatusCode: status, - IsBase64Encoded: false, - Headers: headers, - Body: string(b), - }, nil + return events.APIGatewayProxyResponse{ + StatusCode: status, + IsBase64Encoded: false, + Headers: headers, + Body: string(b), + }, nil } // ApiGatewayError generates an events.APIGatewayProxyResponse from an error value. func ApiGatewayError(err error) (events.APIGatewayProxyResponse, error) { - httpErr := types.HTTPError{ - Error: err.Error(), - } + httpErr := types.HTTPError{ + Error: err.Error(), + } - return MarshalApiGatewayResponse( - http.StatusInternalServerError, - nil, - httpErr, - ) + return MarshalApiGatewayResponse( + http.StatusInternalServerError, + nil, + httpErr, + ) } func GetAPIGatewayTokenizerURL(r *http.Request) (tokenizerURL string) { - requestContext, ok := core.GetAPIGatewayContextFromContext(r.Context()) - if ok { - // the request came from API gateway, build the backend url - tokenizerURL = fmt.Sprintf("%s://%s/%s", r.URL.Scheme, requestContext.DomainName, requestContext.Stage) - } - return + requestContext, ok := core.GetAPIGatewayContextFromContext(r.Context()) + if ok { + // the request came from API gateway, build the backend url + tokenizerURL = fmt.Sprintf("%s://%s/%s", r.URL.Scheme, requestContext.DomainName, requestContext.Stage) + } + return } diff --git a/go/util/application.go b/lunadefend/go/util/application.go similarity index 72% rename from go/util/application.go rename to lunadefend/go/util/application.go index 4dd1c4011..ed7147511 100644 --- a/go/util/application.go +++ b/lunadefend/go/util/application.go @@ -15,16 +15,16 @@ package util import ( - "github.com/lunasec-io/lunasec/go/constants" - "os" + "github.com/lunasec-io/lunasec/lunadefend/go/constants" + "os" ) func IsDevEnv() bool { - stage := os.Getenv(constants.StageEnvVar) - return constants.AppEnv(stage) == constants.Development + stage := os.Getenv(constants.StageEnvVar) + return constants.AppEnv(stage) == constants.Development } func IsProdEnv() bool { - stage := os.Getenv(constants.StageEnvVar) - return constants.AppEnv(stage) == constants.Production + stage := os.Getenv(constants.StageEnvVar) + return constants.AppEnv(stage) == constants.Production } diff --git a/go/util/auth/auth.go b/lunadefend/go/util/auth/auth.go similarity index 70% rename from go/util/auth/auth.go rename to lunadefend/go/util/auth/auth.go index 97f1c16bf..c387839a8 100644 --- a/go/util/auth/auth.go +++ b/lunadefend/go/util/auth/auth.go @@ -15,17 +15,17 @@ package auth import ( - "github.com/lunasec-io/lunasec/go/controller/request" - "github.com/lunasec-io/lunasec/go/service" - "github.com/lunasec-io/lunasec/go/types" - "net/http" + "github.com/lunasec-io/lunasec/lunadefend/go/controller/request" + "github.com/lunasec-io/lunasec/lunadefend/go/service" + "github.com/lunasec-io/lunasec/lunadefend/go/types" + "net/http" ) func GetRequestClaims(jwtVerifier service.JwtVerifier, r *http.Request) (claims types.SessionJwtClaims, err error) { - accessToken, err := request.GetJwtToken(r) - if err != nil { - return - } + accessToken, err := request.GetJwtToken(r) + if err != nil { + return + } - return jwtVerifier.VerifyWithSessionClaims(accessToken) + return jwtVerifier.VerifyWithSessionClaims(accessToken) } diff --git a/go/util/config.go b/lunadefend/go/util/config.go similarity index 100% rename from go/util/config.go rename to lunadefend/go/util/config.go diff --git a/go/util/craneutil.go b/lunadefend/go/util/craneutil.go similarity index 100% rename from go/util/craneutil.go rename to lunadefend/go/util/craneutil.go diff --git a/lunadefend/go/util/crypto.go b/lunadefend/go/util/crypto.go new file mode 100644 index 000000000..4dff9faaa --- /dev/null +++ b/lunadefend/go/util/crypto.go @@ -0,0 +1,149 @@ +// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +package util + +import ( + "crypto/aes" + "crypto/cipher" + "crypto/rand" + "crypto/sha1" + "encoding/binary" + "encoding/hex" + "fmt" + mathrand "math/rand" + + "github.com/google/uuid" + "github.com/lunasec-io/lunasec/lunadefend/go/constants" + "github.com/lunasec-io/lunasec/lunadefend/go/types" + "golang.org/x/crypto/sha3" +) + +const keySize = 32 + +var randRead = rand.Read +var hexDecodeString = hex.DecodeString +var aesNewCipher = aes.NewCipher + +// Encrypt encrypts a string given a key +func Encrypt(key string, plaintext []byte) (result []byte, err error) { + c, err := getCipher(key) + + if err != nil { + return result, err + } + + //Create a nonce. Nonce should be from GCM + nonce := make([]byte, c.NonceSize()) + + if _, err = randRead(nonce); err != nil { + panic(fmt.Errorf("Unable to generate random numbers: %v", err)) + } + + return c.Seal(nonce, nonce, plaintext, nil), nil +} + +// Decrypt decrypts a string given a key +func Decrypt(key string, encrypted []byte) (plaintext []byte, err error) { + c, err := getCipher(key) + + if err != nil { + return plaintext, err + } + + nonceSize := c.NonceSize() + nonce, ciphertext := encrypted[:nonceSize], encrypted[nonceSize:] + + return c.Open(nil, nonce, ciphertext, nil) +} + +// Keygen generates an encryption key +func Keygen() []byte { + bytes := make([]byte, keySize) + + // There are bigger problems if random numbers can't be generated. + if _, err := randRead(bytes); err != nil { + panic(err.Error()) + } + + return bytes +} + +// GenToken generates a token +func GenToken() types.Token { + return constants.TokenPrefix + types.Token(uuid.NewString()) +} + +// GetRandomStringOfLength ... +func GetRandomStringOfLength(length int, random *mathrand.Rand) string { + bytes := make([]byte, length) + // There are bigger problems if random numbers can't be generated. + if _, err := random.Read(bytes); err != nil { + panic(err.Error()) + } + + return hex.EncodeToString(bytes) +} + +// GenerateSaltsAndKey ... +func GenerateSaltsAndKey(token types.Token, secret string) types.SaltsAndKey { + tokenStr := string(token) + secret + hashable := sha3.Sum512([]byte(tokenStr)) + seed := append([]byte(tokenStr), hashable[:]...) + seedInt := binary.BigEndian.Uint64(seed) + random := mathrand.New(mathrand.NewSource(int64(seedInt))) + + return types.SaltsAndKey{ + Sp: GetRandomStringOfLength(keySize, random), + Sk: GetRandomStringOfLength(keySize, random), + Kt: GetRandomStringOfLength(keySize, random), + } +} + +// GetCompositeHash ... +func GetCompositeHash(strings ...interface{}) string { + composite := fmt.Sprint(strings...) + hashBytes := sha3.Sum256([]byte(composite)) + + return hex.EncodeToString(hashBytes[:]) +} + +// Sha512Sum ... +func Sha512Sum(input string) string { + hashBytes := sha3.Sum512([]byte(input)) + + return hex.EncodeToString(hashBytes[:]) +} + +func getCipher(keyStr string) (cipher.AEAD, error) { + key, err := hexDecodeString(keyStr) + + if err != nil { + return nil, err + } + + block, err := aesNewCipher(key) + + if err != nil { + return nil, err + } + + return cipher.NewGCM(block) +} + +func CreateSessionHash(sessionID string) string { + shaHash := sha1.New() + shaHash.Write([]byte(sessionID)) + return hex.EncodeToString(shaHash.Sum(nil)) +} diff --git a/lunadefend/go/util/crypto_test.go b/lunadefend/go/util/crypto_test.go new file mode 100644 index 000000000..062c649ee --- /dev/null +++ b/lunadefend/go/util/crypto_test.go @@ -0,0 +1,183 @@ +// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +package util + +import ( + "encoding/hex" + "errors" + "math/rand" + "testing" + "time" + + "github.com/lunasec-io/lunasec/lunadefend/go/types" + "github.com/prashantv/gostub" + "github.com/stretchr/testify/assert" +) + +func TestKeygen(t *testing.T) { + for i := 0; i < 10; i++ { + key := Keygen() + + // Key size is halfed due to hex encoding + assert.Equal(t, keySize, len(key)) + } +} + +func TestGenToken(t *testing.T) { + token := GenToken() + + assert.Len(t, token, 44) +} + +func TestKeygenRandReadFails(t *testing.T) { + err := errors.New("Test error") + stubs := gostub.StubFunc(&randRead, nil, err) + defer stubs.Reset() + + assert.PanicsWithValue(t, err.Error(), func() { Keygen() }) +} + +func TestGetRandomStringofLength(t *testing.T) { + rand := rand.New(rand.NewSource(time.Now().Unix())) + + for i := 0; i < 10; i++ { + size := i * 2 + assert.Equal(t, size, len(GetRandomStringOfLength(size, rand))/2) + } +} + +func TestGenerateSaltsAndKey(t *testing.T) { + token := types.Token("f3bf249e-c526-430a-941c-7119d7caf105") + secret := "this is a secret" + sp := "e80b87268f1b8e06933a4a68ff3d53fb684bf41f7a3943764e0e489621a5ce9f" + sk := "35750752275a9d8a29cba945937bcd08a138fe892f42d7be1dfc9289f6e04fe8" + kt := "79255d7e6cf8a6b560bcbeffd63488b223cd0ad68067bf96ffd75d86acc4daa3" + snk := GenerateSaltsAndKey(token, secret) + + assert.Equal(t, sp, snk.Sp) + assert.Equal(t, sk, snk.Sk) + assert.Equal(t, kt, snk.Kt) +} + +func TestGetCompositeHash(t *testing.T) { + expected := "eef431520c0f93456d05330deba77b42359724549e304b80ac12f5f56865fbef" + actual := GetCompositeHash("string1", "string2", "string3", "string4") + + assert.Equal(t, expected, actual) +} + +func TestGetCipher(t *testing.T) { + key := hex.EncodeToString(Keygen()) + cipher, err := getCipher(key) + + assert.NoError(t, err) + assert.NotNil(t, cipher) +} + +func TestGetCipherHexDecodeFails(t *testing.T) { + expectedErr := errors.New("Test error") + stubs := gostub.StubFunc(&hexDecodeString, nil, expectedErr) + + defer stubs.Reset() + + key := hex.EncodeToString(Keygen()) + cipher, err := getCipher(key) + + assert.Nil(t, cipher) + assert.Equal(t, expectedErr, err) +} + +func TestGetCipherGetCipherFails(t *testing.T) { + expectedErr := errors.New("Test error") + stubs := gostub.StubFunc(&aesNewCipher, nil, expectedErr) + + defer stubs.Reset() + + key := hex.EncodeToString(Keygen()) + cipher, err := getCipher(key) + + assert.Nil(t, cipher) + assert.Equal(t, expectedErr, err) +} + +func TestEncryptDecrypt(t *testing.T) { + key := hex.EncodeToString(Keygen()) + expectedPlaintext := make([]byte, 5*1000000) // 5 mb + + if _, err := rand.Read(expectedPlaintext); err != nil { + panic(err.Error()) + } + + ciphertext, err := Encrypt(key, expectedPlaintext) + + assert.NoError(t, err) + assert.NotNil(t, ciphertext) + + plaintext, err := Decrypt(key, ciphertext) + + assert.NoError(t, err) + assert.Equal(t, expectedPlaintext, plaintext) +} + +func TestEncryptGetCipherFails(t *testing.T) { + expectedErr := errors.New("Test error") + key := hex.EncodeToString(Keygen()) + stubs := gostub.StubFunc(&aesNewCipher, nil, expectedErr) + + defer stubs.Reset() + + result, err := Encrypt(key, nil) + + assert.Nil(t, result) + assert.EqualError(t, expectedErr, err.Error()) +} + +func TestEncryptRandReadFails(t *testing.T) { + err := errors.New("Test error") + key := hex.EncodeToString(Keygen()) + stubs := gostub.StubFunc(&randRead, nil, err) + fn := func() { Encrypt(key, nil) } + + defer stubs.Reset() + + assert.Panicsf(t, fn, "Unable to generate random numbers: %v", err.Error()) +} + +func TestDecryptGetCipherFails(t *testing.T) { + expectedErr := errors.New("Test error") + key := hex.EncodeToString(Keygen()) + stubs := gostub.StubFunc(&aesNewCipher, nil, expectedErr) + + defer stubs.Reset() + + result, err := Decrypt(key, nil) + + assert.Nil(t, result) + assert.EqualError(t, expectedErr, err.Error()) +} + +func TestSha512Sum(t *testing.T) { + scenarios := map[string]string{ + "test1": "d2d8cc4f369b340130bd2b29b8b54e918b7c260c3279176da9ccaa37c96eb71735fc97568e892dc6220bf4ae0d748edb46bd75622751556393be3f482e6f794e", + "test2": "e35970edaa1e0d8af7d948491b2da0450a49fd9cc1e83c5db4c6f175f9550cf341f642f6be8cfb0bfa476e4258e5088c5ad549087bf02811132ac2fa22b734c6", + "test3": "05697d8f12c7ffdb85064a7f9ddacfc7fc0e5d32642dcd25c3a613917d00607c7bed242deea2e44a256b7e4c189557395c1a9ea1ce5c6b2b0f5285b514fb3cb2", + "test4": "9e210b354332cefcd8c603ffc9e3c36f272a2dcdd697141867832842b9a70b2022b0611cc425085adaf0e14a84112ca47ba7b75e56756688da684f7a163d9706", + "test5": "984f9e5531da22fbf5eef2374187be60e53508f3e158118b46b657104965870ac67571d269b8198af5bf527e6e0f50c21b915fb60977b81f429adcad81f13ab6", + } + + for input, expected := range scenarios { + assert.Equal(t, expected, Sha512Sum(input)) + } +} diff --git a/go/util/env.go b/lunadefend/go/util/env.go similarity index 100% rename from go/util/env.go rename to lunadefend/go/util/env.go diff --git a/go/util/fs.go b/lunadefend/go/util/fs.go similarity index 100% rename from go/util/fs.go rename to lunadefend/go/util/fs.go diff --git a/go/util/functions.go b/lunadefend/go/util/functions.go similarity index 55% rename from go/util/functions.go rename to lunadefend/go/util/functions.go index b427e0267..7791b190f 100644 --- a/go/util/functions.go +++ b/lunadefend/go/util/functions.go @@ -15,50 +15,50 @@ package util import ( - "encoding/json" - "fmt" - "github.com/lunasec-io/lunasec/go/types" - "io/ioutil" - "os" + "encoding/json" + "fmt" + "github.com/lunasec-io/lunasec/lunadefend/go/types" + "io/ioutil" + "os" ) func loadFunctionLookup(functionsPath string) (functionLookup types.FunctionLookup, err error) { - var data []byte + var data []byte - data, err = ioutil.ReadFile(functionsPath) - if err != nil { - fmt.Println("File reading error", err) - return - } + data, err = ioutil.ReadFile(functionsPath) + if err != nil { + fmt.Println("File reading error", err) + return + } - err = json.Unmarshal(data, &functionLookup) - if err != nil { - fmt.Println("Error parsing rpc function lookup", err) - return - } - return functionLookup, err + err = json.Unmarshal(data, &functionLookup) + if err != nil { + fmt.Println("Error parsing rpc function lookup", err) + return + } + return functionLookup, err } // GetFunctionConfig loads the function configuration for a given function name or a function name defined // in an environment variable. func GetFunctionConfig(functionsPath string, functionName string) (funcConfig types.RefineryFunction, err error) { - var ( - ok bool - functionLookup types.FunctionLookup - ) + var ( + ok bool + functionLookup types.FunctionLookup + ) - functionLookup, err = loadFunctionLookup(functionsPath) - if err != nil { - return - } + functionLookup, err = loadFunctionLookup(functionsPath) + if err != nil { + return + } - if functionName == "" { - functionName = os.Getenv("REFINERY_FUNCTION_NAME") - } + if functionName == "" { + functionName = os.Getenv("REFINERY_FUNCTION_NAME") + } - funcConfig, ok = functionLookup[functionName] - if !ok { - err = fmt.Errorf("unable to find function with name: %s", functionName) - } - return + funcConfig, ok = functionLookup[functionName] + if !ok { + err = fmt.Errorf("unable to find function with name: %s", functionName) + } + return } diff --git a/go/util/http.go b/lunadefend/go/util/http.go similarity index 58% rename from go/util/http.go rename to lunadefend/go/util/http.go index 2067758ff..934587873 100644 --- a/go/util/http.go +++ b/lunadefend/go/util/http.go @@ -15,50 +15,50 @@ package util import ( - "github.com/lunasec-io/lunasec/go/types" - "go.uber.org/zap" - "net/http" - "time" + "github.com/lunasec-io/lunasec/lunadefend/go/types" + "go.uber.org/zap" + "net/http" + "time" ) func ApplyHealthCheck(sm *http.ServeMux, logger *zap.Logger) { - sm.HandleFunc("/health", func(writer http.ResponseWriter, request *http.Request) { - Respond(writer, map[string]string{}) - }) + sm.HandleFunc("/health", func(writer http.ResponseWriter, request *http.Request) { + Respond(writer, map[string]string{}) + }) } func ApplyMiddlewareToHandler(middleware []types.Middleware, handler http.HandlerFunc) http.HandlerFunc { - for _, middlewareHandler := range middleware { - handler = middlewareHandler(handler) - } - return handler + for _, middlewareHandler := range middleware { + handler = middlewareHandler(handler) + } + return handler } func AddRoutesToServer(sm *http.ServeMux, middleware []types.Middleware, routes map[string]http.HandlerFunc) { - for path, handler := range routes { - handler = ApplyMiddlewareToHandler(middleware, handler) - sm.Handle(path, handler) - } + for path, handler := range routes { + handler = ApplyMiddlewareToHandler(middleware, handler) + sm.Handle(path, handler) + } } // AddCookie will apply a new cookie to the response of a http request // with the key/value specified. func AddCookie(w http.ResponseWriter, name, value, path string, ttl time.Duration) { - var ( - expire time.Time - ) - if ttl != -1 { - expire = time.Now().Add(ttl) - } + var ( + expire time.Time + ) + if ttl != -1 { + expire = time.Now().Add(ttl) + } - cookie := http.Cookie{ - Name: name, - Value: value, - //TODO add expire, should be == the expire of the jwt - Expires: expire, - Path: path, - SameSite: http.SameSiteNoneMode, - Secure: true, - } - http.SetCookie(w, &cookie) + cookie := http.Cookie{ + Name: name, + Value: value, + //TODO add expire, should be == the expire of the jwt + Expires: expire, + Path: path, + SameSite: http.SameSiteNoneMode, + Secure: true, + } + http.SetCookie(w, &cookie) } diff --git a/go/util/logging.go b/lunadefend/go/util/logging.go similarity index 100% rename from go/util/logging.go rename to lunadefend/go/util/logging.go diff --git a/go/util/misc.go b/lunadefend/go/util/misc.go similarity index 79% rename from go/util/misc.go rename to lunadefend/go/util/misc.go index 47d4e031e..41153363e 100644 --- a/go/util/misc.go +++ b/lunadefend/go/util/misc.go @@ -15,42 +15,42 @@ package util import ( - "log" - "os" - "regexp" + "log" + "os" + "regexp" - "github.com/lunasec-io/lunasec/go/constants" + "github.com/lunasec-io/lunasec/lunadefend/go/constants" ) var uuidPattern = regexp.MustCompile("^" + constants.TokenPrefix + "[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-4[a-fA-F0-9]{3}-[8|9|aA|bB][a-fA-F0-9]{3}-[a-fA-F0-9]{12}$") // GetEnvWithFallback gets an environment variable, if one is not set, the fallback value is returned func GetEnvWithFallback(key string, fallback string) string { - val := os.Getenv(key) + val := os.Getenv(key) - if val == "" { - return fallback - } + if val == "" { + return fallback + } - return val + return val } // EnvMapToArray transforms a map of environment variables to an array of formatted environment variables. func EnvMapToArray(envMap map[string]string) []string { - var envArray []string + var envArray []string - for k, v := range envMap { - envArray = append(envArray, k+"="+v) - } - return envArray + for k, v := range envMap { + envArray = append(envArray, k+"="+v) + } + return envArray } // Panicf panics with string formatting func Panicf(msg string, args ...interface{}) { - log.Fatalf(msg, args...) + log.Fatalf(msg, args...) } // IsValidUUID checks if input string matches uuid func IsValidUUID(uuid string) bool { - return uuidPattern.MatchString(uuid) + return uuidPattern.MatchString(uuid) } diff --git a/go/util/tarbuilder.go b/lunadefend/go/util/tarbuilder.go similarity index 100% rename from go/util/tarbuilder.go rename to lunadefend/go/util/tarbuilder.go diff --git a/go/util/versions.go b/lunadefend/go/util/versions.go similarity index 100% rename from go/util/versions.go rename to lunadefend/go/util/versions.go diff --git a/lunadefend/go/util/web.go b/lunadefend/go/util/web.go new file mode 100644 index 000000000..4c186c7cb --- /dev/null +++ b/lunadefend/go/util/web.go @@ -0,0 +1,81 @@ +// Copyright 2021 by LunaSec (owned by Refinery Labs, Inc) +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +package util + +import ( + "encoding/json" + "log" + "net/http" + + "github.com/lunasec-io/lunasec/lunadefend/go/types" +) + +// Respond jsonifies a model and sends it to the client. +func Respond(w http.ResponseWriter, data interface{}) { + resp := types.HTTPResponse{ + Success: true, + Data: &data, + } + + body, err := json.Marshal(resp) + + // TODO standardize outputs into json strings + if err != nil { + RespondError(w, http.StatusInternalServerError, err) + } + + w.Write(body) +} + +// RespondSuccess jsonifies a model and sends it to the client. +func RespondSuccess(w http.ResponseWriter) { + resp := types.HTTPResponse{ + Success: true, + } + + body, err := json.Marshal(resp) + + // TODO standardize outputs into json strings + if err != nil { + RespondError(w, http.StatusInternalServerError, err) + } + + w.Write(body) +} + +// RespondError ... +func RespondError(w http.ResponseWriter, status int, err error) { + log.Printf("Error while processing request: \"%s\"", err) + + // TODO send error code when responding + errorStr := err.Error() + resp := types.HTTPResponse{ + Success: false, + Error: types.ErrorResponse{ + Message: errorStr, + Name: "TokenizerError", // Eventually it would be nice to wrap errors with more info like this name field so the frontend can display more meaningful errors + }, + } + + body, err := json.Marshal(resp) + + if err != nil { + panic(err) + } + + w.WriteHeader(status) + w.Header().Set("Content-Type", "application/json") + w.Write(body) +} diff --git a/go/views/tokenizerbackend/index.pug b/lunadefend/go/views/tokenizerbackend/index.pug similarity index 100% rename from go/views/tokenizerbackend/index.pug rename to lunadefend/go/views/tokenizerbackend/index.pug diff --git a/lunadefend/js/demo-apps/packages/react-front-end/package.json b/lunadefend/js/demo-apps/packages/react-front-end/package.json index bcf7fd800..8fcbcae79 100644 --- a/lunadefend/js/demo-apps/packages/react-front-end/package.json +++ b/lunadefend/js/demo-apps/packages/react-front-end/package.json @@ -66,10 +66,11 @@ "cypress": "9.1.0", "cypress-file-upload": "^5.0.8", "cypress-iframe": "^1.0.1", - "jest": "27.4.3", + "jest": "~28.1.0", "lerna": "^3.22.1", "lint-staged": "^10.5.4", "serve": "^11.3.0", + "ts-jest": "~28.0.3", "tslint-config-prettier": "^1.18.0", "typescript": "~4.5.3" }, diff --git a/lunadefend/js/docker/demo.dockerfile b/lunadefend/js/docker/demo.dockerfile index c82768c4d..f4562da1b 100644 --- a/lunadefend/js/docker/demo.dockerfile +++ b/lunadefend/js/docker/demo.dockerfile @@ -21,7 +21,7 @@ FROM lerna-bootstrap as application-back-end WORKDIR /repo/lunadefend/js/demo-apps/packages/demo-back-end -ENTRYPOINT ["sh", "/repo/go/scripts/wait-for-file.sh", "/outputs/aws_resources.json", "yarn", "start:prod"] +ENTRYPOINT ["sh", "/repo/lunadefend/go/scripts/wait-for-file.sh", "/outputs/aws_resources.json", "yarn", "start:prod"] FROM lerna-bootstrap as application-front-end @@ -50,7 +50,7 @@ WORKDIR /repo # This is required because we aren't able to pass additional command arguments via Docker-Compose unless we are invoking # via the "exec" Entrypoint syntax. This lets us then expand environment variables at runtime. # This gives a better explanation: https://stackoverflow.com/questions/49133234/docker-entrypoint-with-env-variable-and-optional-arguments -ENTRYPOINT ["sh", "/repo/js/sdks/packages/cli/scripts/docker-entrypoint.sh"] +ENTRYPOINT ["sh", "/repo/lunadefend/js/sdks/packages/cli/scripts/docker-entrypoint.sh"] FROM cypress/included:9.1.0 as integration-test @@ -66,7 +66,7 @@ ENTRYPOINT /repo/tools/service-scripts/wait-for-services.sh "$DEPENDENCIES__INTE FROM lerna-bootstrap as secure-frame-iframe -WORKDIR /repo/js/sdks/packages/secure-frame-iframe +WORKDIR /repo/lunadefend/js/sdks/packages/secure-frame-iframe RUN yarn run compile diff --git a/js/internal-infrastructure/README.md b/lunadefend/js/internal-infrastructure/README.md similarity index 100% rename from js/internal-infrastructure/README.md rename to lunadefend/js/internal-infrastructure/README.md diff --git a/js/internal-infrastructure/metrics-server-backend/.gitignore b/lunadefend/js/internal-infrastructure/metrics-server-backend/.gitignore similarity index 100% rename from js/internal-infrastructure/metrics-server-backend/.gitignore rename to lunadefend/js/internal-infrastructure/metrics-server-backend/.gitignore diff --git a/js/internal-infrastructure/metrics-server-backend/.npmignore b/lunadefend/js/internal-infrastructure/metrics-server-backend/.npmignore similarity index 100% rename from js/internal-infrastructure/metrics-server-backend/.npmignore rename to lunadefend/js/internal-infrastructure/metrics-server-backend/.npmignore diff --git a/js/internal-infrastructure/metrics-server-backend/.pnp.loader.mjs b/lunadefend/js/internal-infrastructure/metrics-server-backend/.pnp.loader.mjs similarity index 100% rename from js/internal-infrastructure/metrics-server-backend/.pnp.loader.mjs rename to lunadefend/js/internal-infrastructure/metrics-server-backend/.pnp.loader.mjs diff --git a/js/internal-infrastructure/metrics-server-backend/.yarn/install-state.gz b/lunadefend/js/internal-infrastructure/metrics-server-backend/.yarn/install-state.gz similarity index 100% rename from js/internal-infrastructure/metrics-server-backend/.yarn/install-state.gz rename to lunadefend/js/internal-infrastructure/metrics-server-backend/.yarn/install-state.gz diff --git a/js/internal-infrastructure/metrics-server-backend/README.md b/lunadefend/js/internal-infrastructure/metrics-server-backend/README.md similarity index 100% rename from js/internal-infrastructure/metrics-server-backend/README.md rename to lunadefend/js/internal-infrastructure/metrics-server-backend/README.md diff --git a/js/internal-infrastructure/metrics-server-backend/bin/deploy-cdk.ts b/lunadefend/js/internal-infrastructure/metrics-server-backend/bin/deploy-cdk.ts similarity index 100% rename from js/internal-infrastructure/metrics-server-backend/bin/deploy-cdk.ts rename to lunadefend/js/internal-infrastructure/metrics-server-backend/bin/deploy-cdk.ts diff --git a/js/internal-infrastructure/metrics-server-backend/cdk.json b/lunadefend/js/internal-infrastructure/metrics-server-backend/cdk.json similarity index 100% rename from js/internal-infrastructure/metrics-server-backend/cdk.json rename to lunadefend/js/internal-infrastructure/metrics-server-backend/cdk.json diff --git a/js/internal-infrastructure/metrics-server-backend/fixtures/record-cli.json b/lunadefend/js/internal-infrastructure/metrics-server-backend/fixtures/record-cli.json similarity index 100% rename from js/internal-infrastructure/metrics-server-backend/fixtures/record-cli.json rename to lunadefend/js/internal-infrastructure/metrics-server-backend/fixtures/record-cli.json diff --git a/js/internal-infrastructure/metrics-server-backend/fixtures/record-deployment.json b/lunadefend/js/internal-infrastructure/metrics-server-backend/fixtures/record-deployment.json similarity index 100% rename from js/internal-infrastructure/metrics-server-backend/fixtures/record-deployment.json rename to lunadefend/js/internal-infrastructure/metrics-server-backend/fixtures/record-deployment.json diff --git a/js/internal-infrastructure/metrics-server-backend/jest.config.js b/lunadefend/js/internal-infrastructure/metrics-server-backend/jest.config.js similarity index 100% rename from js/internal-infrastructure/metrics-server-backend/jest.config.js rename to lunadefend/js/internal-infrastructure/metrics-server-backend/jest.config.js diff --git a/js/internal-infrastructure/metrics-server-backend/lib/apigateway-request-models.ts b/lunadefend/js/internal-infrastructure/metrics-server-backend/lib/apigateway-request-models.ts similarity index 100% rename from js/internal-infrastructure/metrics-server-backend/lib/apigateway-request-models.ts rename to lunadefend/js/internal-infrastructure/metrics-server-backend/lib/apigateway-request-models.ts diff --git a/js/internal-infrastructure/metrics-server-backend/lib/deploy-apigateway-to-firehose.ts b/lunadefend/js/internal-infrastructure/metrics-server-backend/lib/deploy-apigateway-to-firehose.ts similarity index 100% rename from js/internal-infrastructure/metrics-server-backend/lib/deploy-apigateway-to-firehose.ts rename to lunadefend/js/internal-infrastructure/metrics-server-backend/lib/deploy-apigateway-to-firehose.ts diff --git a/js/internal-infrastructure/metrics-server-backend/package.json b/lunadefend/js/internal-infrastructure/metrics-server-backend/package.json similarity index 100% rename from js/internal-infrastructure/metrics-server-backend/package.json rename to lunadefend/js/internal-infrastructure/metrics-server-backend/package.json diff --git a/js/internal-infrastructure/metrics-server-backend/test/deploy-cdk.test.ts b/lunadefend/js/internal-infrastructure/metrics-server-backend/test/deploy-cdk.test.ts similarity index 100% rename from js/internal-infrastructure/metrics-server-backend/test/deploy-cdk.test.ts rename to lunadefend/js/internal-infrastructure/metrics-server-backend/test/deploy-cdk.test.ts diff --git a/js/internal-infrastructure/metrics-server-backend/tsconfig.json b/lunadefend/js/internal-infrastructure/metrics-server-backend/tsconfig.json similarity index 100% rename from js/internal-infrastructure/metrics-server-backend/tsconfig.json rename to lunadefend/js/internal-infrastructure/metrics-server-backend/tsconfig.json diff --git a/js/internal-infrastructure/metrics-server-backend/yarn.lock b/lunadefend/js/internal-infrastructure/metrics-server-backend/yarn.lock similarity index 100% rename from js/internal-infrastructure/metrics-server-backend/yarn.lock rename to lunadefend/js/internal-infrastructure/metrics-server-backend/yarn.lock diff --git a/js/internal-infrastructure/public-live-demo/demo-nginx.conf b/lunadefend/js/internal-infrastructure/public-live-demo/demo-nginx.conf similarity index 100% rename from js/internal-infrastructure/public-live-demo/demo-nginx.conf rename to lunadefend/js/internal-infrastructure/public-live-demo/demo-nginx.conf diff --git a/js/internal-infrastructure/s3-redirect-generator/.gitignore b/lunadefend/js/internal-infrastructure/s3-redirect-generator/.gitignore similarity index 100% rename from js/internal-infrastructure/s3-redirect-generator/.gitignore rename to lunadefend/js/internal-infrastructure/s3-redirect-generator/.gitignore diff --git a/js/internal-infrastructure/s3-redirect-generator/blank-file.txt b/lunadefend/js/internal-infrastructure/s3-redirect-generator/blank-file.txt similarity index 100% rename from js/internal-infrastructure/s3-redirect-generator/blank-file.txt rename to lunadefend/js/internal-infrastructure/s3-redirect-generator/blank-file.txt diff --git a/js/internal-infrastructure/s3-redirect-generator/package.json b/lunadefend/js/internal-infrastructure/s3-redirect-generator/package.json similarity index 100% rename from js/internal-infrastructure/s3-redirect-generator/package.json rename to lunadefend/js/internal-infrastructure/s3-redirect-generator/package.json diff --git a/js/internal-infrastructure/s3-redirect-generator/src/cli.ts b/lunadefend/js/internal-infrastructure/s3-redirect-generator/src/cli.ts similarity index 100% rename from js/internal-infrastructure/s3-redirect-generator/src/cli.ts rename to lunadefend/js/internal-infrastructure/s3-redirect-generator/src/cli.ts diff --git a/js/internal-infrastructure/s3-redirect-generator/src/index.ts b/lunadefend/js/internal-infrastructure/s3-redirect-generator/src/index.ts similarity index 100% rename from js/internal-infrastructure/s3-redirect-generator/src/index.ts rename to lunadefend/js/internal-infrastructure/s3-redirect-generator/src/index.ts diff --git a/js/internal-infrastructure/s3-redirect-generator/src/process-cli.ts b/lunadefend/js/internal-infrastructure/s3-redirect-generator/src/process-cli.ts similarity index 100% rename from js/internal-infrastructure/s3-redirect-generator/src/process-cli.ts rename to lunadefend/js/internal-infrastructure/s3-redirect-generator/src/process-cli.ts diff --git a/js/internal-infrastructure/s3-redirect-generator/src/put-s3-object.ts b/lunadefend/js/internal-infrastructure/s3-redirect-generator/src/put-s3-object.ts similarity index 100% rename from js/internal-infrastructure/s3-redirect-generator/src/put-s3-object.ts rename to lunadefend/js/internal-infrastructure/s3-redirect-generator/src/put-s3-object.ts diff --git a/js/internal-infrastructure/s3-redirect-generator/src/types.ts b/lunadefend/js/internal-infrastructure/s3-redirect-generator/src/types.ts similarity index 100% rename from js/internal-infrastructure/s3-redirect-generator/src/types.ts rename to lunadefend/js/internal-infrastructure/s3-redirect-generator/src/types.ts diff --git a/js/internal-infrastructure/s3-redirect-generator/tsconfig.json b/lunadefend/js/internal-infrastructure/s3-redirect-generator/tsconfig.json similarity index 100% rename from js/internal-infrastructure/s3-redirect-generator/tsconfig.json rename to lunadefend/js/internal-infrastructure/s3-redirect-generator/tsconfig.json diff --git a/js/sdks/.circleci/config.yml b/lunadefend/js/sdks/.circleci/config.yml similarity index 100% rename from js/sdks/.circleci/config.yml rename to lunadefend/js/sdks/.circleci/config.yml diff --git a/js/sdks/.cspell.json b/lunadefend/js/sdks/.cspell.json similarity index 100% rename from js/sdks/.cspell.json rename to lunadefend/js/sdks/.cspell.json diff --git a/js/sdks/.dockerignore b/lunadefend/js/sdks/.dockerignore similarity index 100% rename from js/sdks/.dockerignore rename to lunadefend/js/sdks/.dockerignore diff --git a/js/sdks/.editorconfig b/lunadefend/js/sdks/.editorconfig similarity index 100% rename from js/sdks/.editorconfig rename to lunadefend/js/sdks/.editorconfig diff --git a/js/sdks/.github/CONTRIBUTING.md b/lunadefend/js/sdks/.github/CONTRIBUTING.md similarity index 100% rename from js/sdks/.github/CONTRIBUTING.md rename to lunadefend/js/sdks/.github/CONTRIBUTING.md diff --git a/js/sdks/.github/ISSUE_TEMPLATE.md b/lunadefend/js/sdks/.github/ISSUE_TEMPLATE.md similarity index 100% rename from js/sdks/.github/ISSUE_TEMPLATE.md rename to lunadefend/js/sdks/.github/ISSUE_TEMPLATE.md diff --git a/js/sdks/.github/PULL_REQUEST_TEMPLATE.md b/lunadefend/js/sdks/.github/PULL_REQUEST_TEMPLATE.md similarity index 100% rename from js/sdks/.github/PULL_REQUEST_TEMPLATE.md rename to lunadefend/js/sdks/.github/PULL_REQUEST_TEMPLATE.md diff --git a/js/sdks/.gitignore b/lunadefend/js/sdks/.gitignore similarity index 100% rename from js/sdks/.gitignore rename to lunadefend/js/sdks/.gitignore diff --git a/js/sdks/.prettierignore b/lunadefend/js/sdks/.prettierignore similarity index 100% rename from js/sdks/.prettierignore rename to lunadefend/js/sdks/.prettierignore diff --git a/js/sdks/.vscode/extensions.json b/lunadefend/js/sdks/.vscode/extensions.json similarity index 100% rename from js/sdks/.vscode/extensions.json rename to lunadefend/js/sdks/.vscode/extensions.json diff --git a/js/sdks/.vscode/launch.json b/lunadefend/js/sdks/.vscode/launch.json similarity index 100% rename from js/sdks/.vscode/launch.json rename to lunadefend/js/sdks/.vscode/launch.json diff --git a/js/sdks/.vscode/settings.json b/lunadefend/js/sdks/.vscode/settings.json similarity index 100% rename from js/sdks/.vscode/settings.json rename to lunadefend/js/sdks/.vscode/settings.json diff --git a/js/sdks/Dockerfile b/lunadefend/js/sdks/Dockerfile similarity index 100% rename from js/sdks/Dockerfile rename to lunadefend/js/sdks/Dockerfile diff --git a/js/sdks/package.json b/lunadefend/js/sdks/package.json similarity index 100% rename from js/sdks/package.json rename to lunadefend/js/sdks/package.json diff --git a/js/sdks/packages/browser-common/.gitignore b/lunadefend/js/sdks/packages/browser-common/.gitignore similarity index 100% rename from js/sdks/packages/browser-common/.gitignore rename to lunadefend/js/sdks/packages/browser-common/.gitignore diff --git a/js/sdks/packages/browser-common/jest.config.js b/lunadefend/js/sdks/packages/browser-common/jest.config.js similarity index 100% rename from js/sdks/packages/browser-common/jest.config.js rename to lunadefend/js/sdks/packages/browser-common/jest.config.js diff --git a/js/sdks/packages/browser-common/package.json b/lunadefend/js/sdks/packages/browser-common/package.json similarity index 100% rename from js/sdks/packages/browser-common/package.json rename to lunadefend/js/sdks/packages/browser-common/package.json diff --git a/js/sdks/packages/browser-common/src/auth/auth-client.ts b/lunadefend/js/sdks/packages/browser-common/src/auth/auth-client.ts similarity index 100% rename from js/sdks/packages/browser-common/src/auth/auth-client.ts rename to lunadefend/js/sdks/packages/browser-common/src/auth/auth-client.ts diff --git a/js/sdks/packages/browser-common/src/auth/authentication.ts b/lunadefend/js/sdks/packages/browser-common/src/auth/authentication.ts similarity index 100% rename from js/sdks/packages/browser-common/src/auth/authentication.ts rename to lunadefend/js/sdks/packages/browser-common/src/auth/authentication.ts diff --git a/js/sdks/packages/browser-common/src/environment.d.ts b/lunadefend/js/sdks/packages/browser-common/src/environment.d.ts similarity index 100% rename from js/sdks/packages/browser-common/src/environment.d.ts rename to lunadefend/js/sdks/packages/browser-common/src/environment.d.ts diff --git a/js/sdks/packages/browser-common/src/index.ts b/lunadefend/js/sdks/packages/browser-common/src/index.ts similarity index 100% rename from js/sdks/packages/browser-common/src/index.ts rename to lunadefend/js/sdks/packages/browser-common/src/index.ts diff --git a/js/sdks/packages/browser-common/src/rpc/frame-message-creator.ts b/lunadefend/js/sdks/packages/browser-common/src/rpc/frame-message-creator.ts similarity index 100% rename from js/sdks/packages/browser-common/src/rpc/frame-message-creator.ts rename to lunadefend/js/sdks/packages/browser-common/src/rpc/frame-message-creator.ts diff --git a/js/sdks/packages/browser-common/src/rpc/index.ts b/lunadefend/js/sdks/packages/browser-common/src/rpc/index.ts similarity index 100% rename from js/sdks/packages/browser-common/src/rpc/index.ts rename to lunadefend/js/sdks/packages/browser-common/src/rpc/index.ts diff --git a/js/sdks/packages/browser-common/src/rpc/listener.ts b/lunadefend/js/sdks/packages/browser-common/src/rpc/listener.ts similarity index 100% rename from js/sdks/packages/browser-common/src/rpc/listener.ts rename to lunadefend/js/sdks/packages/browser-common/src/rpc/listener.ts diff --git a/js/sdks/packages/browser-common/src/rpc/types.ts b/lunadefend/js/sdks/packages/browser-common/src/rpc/types.ts similarity index 100% rename from js/sdks/packages/browser-common/src/rpc/types.ts rename to lunadefend/js/sdks/packages/browser-common/src/rpc/types.ts diff --git a/js/sdks/packages/browser-common/src/style-patcher/README.md b/lunadefend/js/sdks/packages/browser-common/src/style-patcher/README.md similarity index 100% rename from js/sdks/packages/browser-common/src/style-patcher/README.md rename to lunadefend/js/sdks/packages/browser-common/src/style-patcher/README.md diff --git a/js/sdks/packages/browser-common/src/style-patcher/constants.ts b/lunadefend/js/sdks/packages/browser-common/src/style-patcher/constants.ts similarity index 100% rename from js/sdks/packages/browser-common/src/style-patcher/constants.ts rename to lunadefend/js/sdks/packages/browser-common/src/style-patcher/constants.ts diff --git a/js/sdks/packages/browser-common/src/style-patcher/dom-utils.ts b/lunadefend/js/sdks/packages/browser-common/src/style-patcher/dom-utils.ts similarity index 100% rename from js/sdks/packages/browser-common/src/style-patcher/dom-utils.ts rename to lunadefend/js/sdks/packages/browser-common/src/style-patcher/dom-utils.ts diff --git a/js/sdks/packages/browser-common/src/style-patcher/index.ts b/lunadefend/js/sdks/packages/browser-common/src/style-patcher/index.ts similarity index 100% rename from js/sdks/packages/browser-common/src/style-patcher/index.ts rename to lunadefend/js/sdks/packages/browser-common/src/style-patcher/index.ts diff --git a/js/sdks/packages/browser-common/src/style-patcher/read.ts b/lunadefend/js/sdks/packages/browser-common/src/style-patcher/read.ts similarity index 100% rename from js/sdks/packages/browser-common/src/style-patcher/read.ts rename to lunadefend/js/sdks/packages/browser-common/src/style-patcher/read.ts diff --git a/js/sdks/packages/browser-common/src/style-patcher/types.ts b/lunadefend/js/sdks/packages/browser-common/src/style-patcher/types.ts similarity index 100% rename from js/sdks/packages/browser-common/src/style-patcher/types.ts rename to lunadefend/js/sdks/packages/browser-common/src/style-patcher/types.ts diff --git a/js/sdks/packages/browser-common/src/style-patcher/write.ts b/lunadefend/js/sdks/packages/browser-common/src/style-patcher/write.ts similarity index 100% rename from js/sdks/packages/browser-common/src/style-patcher/write.ts rename to lunadefend/js/sdks/packages/browser-common/src/style-patcher/write.ts diff --git a/js/sdks/packages/browser-common/src/types.ts b/lunadefend/js/sdks/packages/browser-common/src/types.ts similarity index 100% rename from js/sdks/packages/browser-common/src/types.ts rename to lunadefend/js/sdks/packages/browser-common/src/types.ts diff --git a/js/sdks/packages/browser-common/src/utils/async.ts b/lunadefend/js/sdks/packages/browser-common/src/utils/async.ts similarity index 100% rename from js/sdks/packages/browser-common/src/utils/async.ts rename to lunadefend/js/sdks/packages/browser-common/src/utils/async.ts diff --git a/js/sdks/packages/browser-common/src/utils/element-event-triggers.ts b/lunadefend/js/sdks/packages/browser-common/src/utils/element-event-triggers.ts similarity index 100% rename from js/sdks/packages/browser-common/src/utils/element-event-triggers.ts rename to lunadefend/js/sdks/packages/browser-common/src/utils/element-event-triggers.ts diff --git a/js/sdks/packages/browser-common/src/utils/index.ts b/lunadefend/js/sdks/packages/browser-common/src/utils/index.ts similarity index 100% rename from js/sdks/packages/browser-common/src/utils/index.ts rename to lunadefend/js/sdks/packages/browser-common/src/utils/index.ts diff --git a/js/sdks/packages/browser-common/src/utils/json.ts b/lunadefend/js/sdks/packages/browser-common/src/utils/json.ts similarity index 100% rename from js/sdks/packages/browser-common/src/utils/json.ts rename to lunadefend/js/sdks/packages/browser-common/src/utils/json.ts diff --git a/js/sdks/packages/browser-common/src/utils/random.ts b/lunadefend/js/sdks/packages/browser-common/src/utils/random.ts similarity index 100% rename from js/sdks/packages/browser-common/src/utils/random.ts rename to lunadefend/js/sdks/packages/browser-common/src/utils/random.ts diff --git a/js/sdks/packages/browser-common/src/utils/to-camel-case.ts b/lunadefend/js/sdks/packages/browser-common/src/utils/to-camel-case.ts similarity index 100% rename from js/sdks/packages/browser-common/src/utils/to-camel-case.ts rename to lunadefend/js/sdks/packages/browser-common/src/utils/to-camel-case.ts diff --git a/js/sdks/packages/browser-common/tests/auth/authentication.test.ts b/lunadefend/js/sdks/packages/browser-common/tests/auth/authentication.test.ts similarity index 100% rename from js/sdks/packages/browser-common/tests/auth/authentication.test.ts rename to lunadefend/js/sdks/packages/browser-common/tests/auth/authentication.test.ts diff --git a/js/sdks/packages/browser-common/tsconfig.json b/lunadefend/js/sdks/packages/browser-common/tsconfig.json similarity index 100% rename from js/sdks/packages/browser-common/tsconfig.json rename to lunadefend/js/sdks/packages/browser-common/tsconfig.json diff --git a/js/sdks/packages/browser-common/tsconfig.module.json b/lunadefend/js/sdks/packages/browser-common/tsconfig.module.json similarity index 100% rename from js/sdks/packages/browser-common/tsconfig.module.json rename to lunadefend/js/sdks/packages/browser-common/tsconfig.module.json diff --git a/js/sdks/packages/cli/.gitignore b/lunadefend/js/sdks/packages/cli/.gitignore similarity index 100% rename from js/sdks/packages/cli/.gitignore rename to lunadefend/js/sdks/packages/cli/.gitignore diff --git a/js/sdks/packages/cli/README.md b/lunadefend/js/sdks/packages/cli/README.md similarity index 100% rename from js/sdks/packages/cli/README.md rename to lunadefend/js/sdks/packages/cli/README.md diff --git a/js/sdks/packages/cli/package.json b/lunadefend/js/sdks/packages/cli/package.json similarity index 97% rename from js/sdks/packages/cli/package.json rename to lunadefend/js/sdks/packages/cli/package.json index b3787c631..1b681c481 100644 --- a/js/sdks/packages/cli/package.json +++ b/lunadefend/js/sdks/packages/cli/package.json @@ -61,6 +61,7 @@ "import-local": "^3.0.3", "js-yaml": "^4.1.0", "progress": "^2.0.3", - "source-map-support": "^0.5.20" + "source-map-support": "^0.5.20", + "yargs": "~17.5.1" } } diff --git a/js/sdks/packages/cli/scripts/docker-entrypoint.sh b/lunadefend/js/sdks/packages/cli/scripts/docker-entrypoint.sh similarity index 100% rename from js/sdks/packages/cli/scripts/docker-entrypoint.sh rename to lunadefend/js/sdks/packages/cli/scripts/docker-entrypoint.sh diff --git a/js/sdks/packages/cli/src/analytics/metrics.ts b/lunadefend/js/sdks/packages/cli/src/analytics/metrics.ts similarity index 100% rename from js/sdks/packages/cli/src/analytics/metrics.ts rename to lunadefend/js/sdks/packages/cli/src/analytics/metrics.ts diff --git a/js/sdks/packages/cli/src/analytics/types.ts b/lunadefend/js/sdks/packages/cli/src/analytics/types.ts similarity index 100% rename from js/sdks/packages/cli/src/analytics/types.ts rename to lunadefend/js/sdks/packages/cli/src/analytics/types.ts diff --git a/js/sdks/packages/cli/src/cdk-stack/analytics-collector-lambda.ts b/lunadefend/js/sdks/packages/cli/src/cdk-stack/analytics-collector-lambda.ts similarity index 100% rename from js/sdks/packages/cli/src/cdk-stack/analytics-collector-lambda.ts rename to lunadefend/js/sdks/packages/cli/src/cdk-stack/analytics-collector-lambda.ts diff --git a/js/sdks/packages/cli/src/cdk-stack/ciphertext-bucket.ts b/lunadefend/js/sdks/packages/cli/src/cdk-stack/ciphertext-bucket.ts similarity index 100% rename from js/sdks/packages/cli/src/cdk-stack/ciphertext-bucket.ts rename to lunadefend/js/sdks/packages/cli/src/cdk-stack/ciphertext-bucket.ts diff --git a/js/sdks/packages/cli/src/cdk-stack/mirror-service-repos.ts b/lunadefend/js/sdks/packages/cli/src/cdk-stack/mirror-service-repos.ts similarity index 100% rename from js/sdks/packages/cli/src/cdk-stack/mirror-service-repos.ts rename to lunadefend/js/sdks/packages/cli/src/cdk-stack/mirror-service-repos.ts diff --git a/js/sdks/packages/cli/src/cdk-stack/s3-assets.ts b/lunadefend/js/sdks/packages/cli/src/cdk-stack/s3-assets.ts similarity index 100% rename from js/sdks/packages/cli/src/cdk-stack/s3-assets.ts rename to lunadefend/js/sdks/packages/cli/src/cdk-stack/s3-assets.ts diff --git a/js/sdks/packages/cli/src/cdk-stack/stack.ts b/lunadefend/js/sdks/packages/cli/src/cdk-stack/stack.ts similarity index 100% rename from js/sdks/packages/cli/src/cdk-stack/stack.ts rename to lunadefend/js/sdks/packages/cli/src/cdk-stack/stack.ts diff --git a/js/sdks/packages/cli/src/cdk-stack/tokenizer-backend-cloudfront.ts b/lunadefend/js/sdks/packages/cli/src/cdk-stack/tokenizer-backend-cloudfront.ts similarity index 100% rename from js/sdks/packages/cli/src/cdk-stack/tokenizer-backend-cloudfront.ts rename to lunadefend/js/sdks/packages/cli/src/cdk-stack/tokenizer-backend-cloudfront.ts diff --git a/js/sdks/packages/cli/src/cdk-stack/tokenizer-backend-lambda.ts b/lunadefend/js/sdks/packages/cli/src/cdk-stack/tokenizer-backend-lambda.ts similarity index 100% rename from js/sdks/packages/cli/src/cdk-stack/tokenizer-backend-lambda.ts rename to lunadefend/js/sdks/packages/cli/src/cdk-stack/tokenizer-backend-lambda.ts diff --git a/js/sdks/packages/cli/src/cdk-stack/types.ts b/lunadefend/js/sdks/packages/cli/src/cdk-stack/types.ts similarity index 100% rename from js/sdks/packages/cli/src/cdk-stack/types.ts rename to lunadefend/js/sdks/packages/cli/src/cdk-stack/types.ts diff --git a/js/sdks/packages/cli/src/cli.ts b/lunadefend/js/sdks/packages/cli/src/cli.ts similarity index 100% rename from js/sdks/packages/cli/src/cli.ts rename to lunadefend/js/sdks/packages/cli/src/cli.ts diff --git a/js/sdks/packages/cli/src/cmds/deploy.ts b/lunadefend/js/sdks/packages/cli/src/cmds/deploy.ts similarity index 97% rename from js/sdks/packages/cli/src/cmds/deploy.ts rename to lunadefend/js/sdks/packages/cli/src/cmds/deploy.ts index 383c499a8..67cc238ab 100644 --- a/js/sdks/packages/cli/src/cmds/deploy.ts +++ b/lunadefend/js/sdks/packages/cli/src/cmds/deploy.ts @@ -96,7 +96,7 @@ function getCdkCommand(options: DeployCmdOptions) { if (options.local) { const envVars = options.localStackHostname ? `LOCALSTACK_HOSTNAME=${options.localStackHostname} ` : ''; - return `${envVars}cd /repo/js/sdks/packages/cli/ && yarn run cdklocal -v`; + return `${envVars}cd /repo/lunadefend/js/sdks/packages/cli/ && yarn run cdklocal -v`; } return 'cdk'; @@ -139,7 +139,7 @@ export async function deployCmd(metrics: LunaSecMetrics, options: DeployCmdOptio const lunasecConfig = loadLunaSecStackConfig(); if (lunasecConfig === undefined) { throw new Error( - 'unable to load lunasec config. Is the file "lunasec.js" accessible in the current directory tree?' + 'unable to load lunasec config. Is the file "lunadefend.js" accessible in the current directory tree?' ); } diff --git a/js/sdks/packages/cli/src/cmds/eject.ts b/lunadefend/js/sdks/packages/cli/src/cmds/eject.ts similarity index 100% rename from js/sdks/packages/cli/src/cmds/eject.ts rename to lunadefend/js/sdks/packages/cli/src/cmds/eject.ts diff --git a/js/sdks/packages/cli/src/cmds/options.ts b/lunadefend/js/sdks/packages/cli/src/cmds/options.ts similarity index 100% rename from js/sdks/packages/cli/src/cmds/options.ts rename to lunadefend/js/sdks/packages/cli/src/cmds/options.ts diff --git a/js/sdks/packages/cli/src/cmds/resources.ts b/lunadefend/js/sdks/packages/cli/src/cmds/resources.ts similarity index 100% rename from js/sdks/packages/cli/src/cmds/resources.ts rename to lunadefend/js/sdks/packages/cli/src/cmds/resources.ts diff --git a/js/sdks/packages/cli/src/cmds/start.ts b/lunadefend/js/sdks/packages/cli/src/cmds/start.ts similarity index 96% rename from js/sdks/packages/cli/src/cmds/start.ts rename to lunadefend/js/sdks/packages/cli/src/cmds/start.ts index cf5d94504..b36487669 100644 --- a/js/sdks/packages/cli/src/cmds/start.ts +++ b/lunadefend/js/sdks/packages/cli/src/cmds/start.ts @@ -18,10 +18,11 @@ import fs from 'fs'; import { get, IncomingMessage } from 'http'; import os from 'os'; import path from 'path'; +import * as process from 'process'; import { LunaSecMetrics } from '../analytics/metrics'; import { loadLunaSecStackConfig } from '../config/load-config'; -import { awsResourcesOutputFile } from '../constants/cli'; +import { awsResourcesOutputFile, outputDir } from '../constants/cli'; import { LunaSecStackEnvironment } from '../docker-compose/constants'; import { LunaSecStackDockerCompose } from '../docker-compose/lunasec-stack'; import { validateEnv } from '../utils/cli'; @@ -31,7 +32,7 @@ import { runCommand, runCommandWithHealthcheck, RunCommandWithHealthcheckOptions const { version } = require('../../package.json'); function ensureEmptyOutputsDirectoryExists(composePath: string) { - const outputsDir = path.join(composePath, './outputs'); + const outputsDir = path.join(composePath, outputDir); if (!fs.existsSync(outputsDir)) { // if the outputs directory doesn't exist, just create the directory and return fs.mkdirSync(outputsDir); @@ -187,7 +188,7 @@ export async function startCmd(metrics: LunaSecMetrics, options: StartCmdOptions console.log('Starting the LunaSec Stack demo...'); } else if (env === 'dev') { console.log('Starting the LunaSec Stack in dev mode...'); - console.log('Make sure your application backend is running and configured in the lunasec.js config.'); + console.log('Make sure your application backend is running and configured in the lunadefend.js config.'); } await runCommandWithHealthcheck(dockerComposeUpCmd, stackOptions); diff --git a/js/sdks/packages/cli/src/config/load-config.ts b/lunadefend/js/sdks/packages/cli/src/config/load-config.ts similarity index 97% rename from js/sdks/packages/cli/src/config/load-config.ts rename to lunadefend/js/sdks/packages/cli/src/config/load-config.ts index 7458d986d..c4f9b0e49 100644 --- a/js/sdks/packages/cli/src/config/load-config.ts +++ b/lunadefend/js/sdks/packages/cli/src/config/load-config.ts @@ -29,7 +29,7 @@ import { export function loadLunaSecStackConfig(env?: LunaSecStackEnvironment): LunaSecStackConfigOptions | undefined { const onlyUseDefaults = env ? env === 'demo' || env === 'tests' : false; - const configPath = findConfig('lunasec.js'); + const configPath = findConfig('lunadefend.js'); if (configPath === null) { return undefined; diff --git a/js/sdks/packages/cli/src/config/types.ts b/lunadefend/js/sdks/packages/cli/src/config/types.ts similarity index 100% rename from js/sdks/packages/cli/src/config/types.ts rename to lunadefend/js/sdks/packages/cli/src/config/types.ts diff --git a/js/sdks/packages/cli/src/constants/cli.ts b/lunadefend/js/sdks/packages/cli/src/constants/cli.ts similarity index 96% rename from js/sdks/packages/cli/src/constants/cli.ts rename to lunadefend/js/sdks/packages/cli/src/constants/cli.ts index 50711474a..6cc3630c6 100644 --- a/js/sdks/packages/cli/src/constants/cli.ts +++ b/lunadefend/js/sdks/packages/cli/src/constants/cli.ts @@ -32,3 +32,5 @@ export const cliMetricTag = 'cli'; export const metadataFile = path.join(os.homedir(), lunaSecDir, 'metadata.json'); export const buildsFolder = path.join(os.homedir(), lunaSecDir, 'builds'); + +export const outputDir = './lunadefend/outputs'; diff --git a/js/sdks/packages/cli/src/docker-compose/constants.ts b/lunadefend/js/sdks/packages/cli/src/docker-compose/constants.ts similarity index 100% rename from js/sdks/packages/cli/src/docker-compose/constants.ts rename to lunadefend/js/sdks/packages/cli/src/docker-compose/constants.ts diff --git a/js/sdks/packages/cli/src/docker-compose/lib/docker-compose-types.ts b/lunadefend/js/sdks/packages/cli/src/docker-compose/lib/docker-compose-types.ts similarity index 100% rename from js/sdks/packages/cli/src/docker-compose/lib/docker-compose-types.ts rename to lunadefend/js/sdks/packages/cli/src/docker-compose/lib/docker-compose-types.ts diff --git a/js/sdks/packages/cli/src/docker-compose/lunasec-common.ts b/lunadefend/js/sdks/packages/cli/src/docker-compose/lunasec-common.ts similarity index 97% rename from js/sdks/packages/cli/src/docker-compose/lunasec-common.ts rename to lunadefend/js/sdks/packages/cli/src/docker-compose/lunasec-common.ts index 6814fe489..398f5a41c 100644 --- a/js/sdks/packages/cli/src/docker-compose/lunasec-common.ts +++ b/lunadefend/js/sdks/packages/cli/src/docker-compose/lunasec-common.ts @@ -33,10 +33,10 @@ export function dockerImageConfigFn(base: string, versionTag: string) { }; } -export function dockerfileTarget(dockerfile: string, target: string): DefinitionsService { +export function dockerfileTarget(dockerfile: string, target: string, context?: string): DefinitionsService { return { build: { - context: '.', + context: context || '.', dockerfile, target, }, diff --git a/js/sdks/packages/cli/src/docker-compose/lunasec-stack.ts b/lunadefend/js/sdks/packages/cli/src/docker-compose/lunasec-stack.ts similarity index 96% rename from js/sdks/packages/cli/src/docker-compose/lunasec-stack.ts rename to lunadefend/js/sdks/packages/cli/src/docker-compose/lunasec-stack.ts index 304fbe043..f3c816ac8 100644 --- a/js/sdks/packages/cli/src/docker-compose/lunasec-stack.ts +++ b/lunadefend/js/sdks/packages/cli/src/docker-compose/lunasec-stack.ts @@ -20,7 +20,7 @@ import path from 'path'; import { dump } from 'js-yaml'; import { AuthProviderConfig, LunaSecStackConfigOptions } from '../config/types'; -import { awsResourcesOutputFile, debug } from '../constants/cli'; +import { awsResourcesOutputFile, debug, outputDir } from '../constants/cli'; import { formatAuthenticationProviders } from '../utils/auth-providers'; import { demoDockerFile, localstackImage, LunaSecStackEnvironment, version } from './constants'; @@ -188,7 +188,7 @@ export class LunaSecStackDockerCompose { applicationBackEnd(): ComposeService { const name: LunaSecService = 'application-back-end'; - const awsResourcesPath = this.buildMountPath('outputs/'); + const awsResourcesPath = this.buildMountPath(outputDir); const outputMount = `${awsResourcesPath}:/outputs/`; @@ -228,7 +228,7 @@ export class LunaSecStackDockerCompose { lunasecCli(): ComposeService { const name: LunaSecService = 'lunasec-cli'; - const awsResourcesPath = this.buildMountPath('outputs/'); + const awsResourcesPath = this.buildMountPath(outputDir); const outputMount = `${awsResourcesPath}:/outputs/`; @@ -263,7 +263,7 @@ export class LunaSecStackDockerCompose { const localBuildConfig = { build: { context: '.', - dockerfile: 'go/docker/tokenizerbackend.dockerfile', + dockerfile: 'lunadefend/go/docker/tokenizerbackend.dockerfile', args: { tag: 'dev', version: version, @@ -273,7 +273,7 @@ export class LunaSecStackDockerCompose { const tokenizerPort = 37766; - const awsResourcesPath = this.buildMountPath('outputs/'); + const awsResourcesPath = this.buildMountPath(outputDir); const dependsOnServices = [this.lunasecCli().name]; @@ -447,7 +447,7 @@ export class LunaSecStackDockerCompose { const port = 3001; - if (this.serviceCreationConfig.env === 'demo') { + if (this.serviceCreationConfig.env === 'demo' || this.serviceCreationConfig.env === 'local-dependencies') { return generateAuthProviderConfig(`http://localhost:${port}`, `http://localhost:${port}`); } @@ -458,7 +458,7 @@ export class LunaSecStackDockerCompose { return this.serviceCreationConfig.environmentConfig.authProviders; } - getFrontEndReactEnv(env: 'hosted-live-demo' | 'demo' | 'tests'): LunaSecReactEnv { + getFrontEndReactEnv(env: LunaSecStackEnvironment): LunaSecReactEnv { if (env === 'hosted-live-demo') { return { REACT_APP_EXPRESS_URL: `https://express.lunasec.dev`, @@ -472,7 +472,7 @@ export class LunaSecStackDockerCompose { const graphqlPort = 3002; const simpleTokenizerPort = 3003; - if (env === 'demo') { + if (env === 'demo' || env === 'local-dependencies') { return { REACT_APP_EXPRESS_URL: `http://localhost:${expressPort}`, REACT_APP_GRAPHQL_URL: `http://localhost:${graphqlPort}`, diff --git a/js/sdks/packages/cli/src/docker-compose/services/application-front-end.ts b/lunadefend/js/sdks/packages/cli/src/docker-compose/services/application-front-end.ts similarity index 100% rename from js/sdks/packages/cli/src/docker-compose/services/application-front-end.ts rename to lunadefend/js/sdks/packages/cli/src/docker-compose/services/application-front-end.ts diff --git a/js/sdks/packages/cli/src/docker-compose/services/nginx-demo.ts b/lunadefend/js/sdks/packages/cli/src/docker-compose/services/nginx-demo.ts similarity index 100% rename from js/sdks/packages/cli/src/docker-compose/services/nginx-demo.ts rename to lunadefend/js/sdks/packages/cli/src/docker-compose/services/nginx-demo.ts diff --git a/js/sdks/packages/cli/src/docker-compose/types.ts b/lunadefend/js/sdks/packages/cli/src/docker-compose/types.ts similarity index 96% rename from js/sdks/packages/cli/src/docker-compose/types.ts rename to lunadefend/js/sdks/packages/cli/src/docker-compose/types.ts index 1d9d6c7fc..5aaea6421 100644 --- a/js/sdks/packages/cli/src/docker-compose/types.ts +++ b/lunadefend/js/sdks/packages/cli/src/docker-compose/types.ts @@ -56,7 +56,7 @@ export interface LunaSecServiceCreationConfig { localBuild: boolean; getBaseServiceConfig(name: string, excludeEnv?: boolean): DefinitionsService; getDockerImageName(tag: string): DockerComposeImageConfig; - getDockerfileTarget(dockerfile: string, target: string): DefinitionsService; + getDockerfileTarget(dockerfile: string, target: string, context?: string): DefinitionsService; } export interface LunaSecReactEnv { diff --git a/js/sdks/packages/cli/src/docker/index.ts b/lunadefend/js/sdks/packages/cli/src/docker/index.ts similarity index 100% rename from js/sdks/packages/cli/src/docker/index.ts rename to lunadefend/js/sdks/packages/cli/src/docker/index.ts diff --git a/js/sdks/packages/cli/src/docker/mirror.ts b/lunadefend/js/sdks/packages/cli/src/docker/mirror.ts similarity index 100% rename from js/sdks/packages/cli/src/docker/mirror.ts rename to lunadefend/js/sdks/packages/cli/src/docker/mirror.ts diff --git a/js/sdks/packages/cli/src/utils/auth-providers.ts b/lunadefend/js/sdks/packages/cli/src/utils/auth-providers.ts similarity index 100% rename from js/sdks/packages/cli/src/utils/auth-providers.ts rename to lunadefend/js/sdks/packages/cli/src/utils/auth-providers.ts diff --git a/js/sdks/packages/cli/src/utils/cli.ts b/lunadefend/js/sdks/packages/cli/src/utils/cli.ts similarity index 100% rename from js/sdks/packages/cli/src/utils/cli.ts rename to lunadefend/js/sdks/packages/cli/src/utils/cli.ts diff --git a/js/sdks/packages/cli/src/utils/exec.ts b/lunadefend/js/sdks/packages/cli/src/utils/exec.ts similarity index 100% rename from js/sdks/packages/cli/src/utils/exec.ts rename to lunadefend/js/sdks/packages/cli/src/utils/exec.ts diff --git a/js/sdks/packages/cli/src/utils/filesystem.ts b/lunadefend/js/sdks/packages/cli/src/utils/filesystem.ts similarity index 100% rename from js/sdks/packages/cli/src/utils/filesystem.ts rename to lunadefend/js/sdks/packages/cli/src/utils/filesystem.ts diff --git a/js/sdks/packages/cli/src/utils/http.ts b/lunadefend/js/sdks/packages/cli/src/utils/http.ts similarity index 100% rename from js/sdks/packages/cli/src/utils/http.ts rename to lunadefend/js/sdks/packages/cli/src/utils/http.ts diff --git a/js/sdks/packages/cli/src/utils/json-schema-gen.ts b/lunadefend/js/sdks/packages/cli/src/utils/json-schema-gen.ts similarity index 100% rename from js/sdks/packages/cli/src/utils/json-schema-gen.ts rename to lunadefend/js/sdks/packages/cli/src/utils/json-schema-gen.ts diff --git a/js/sdks/packages/cli/tsconfig.json b/lunadefend/js/sdks/packages/cli/tsconfig.json similarity index 100% rename from js/sdks/packages/cli/tsconfig.json rename to lunadefend/js/sdks/packages/cli/tsconfig.json diff --git a/js/sdks/packages/isomorphic-common/package.json b/lunadefend/js/sdks/packages/isomorphic-common/package.json similarity index 100% rename from js/sdks/packages/isomorphic-common/package.json rename to lunadefend/js/sdks/packages/isomorphic-common/package.json diff --git a/js/sdks/packages/isomorphic-common/src/index.ts b/lunadefend/js/sdks/packages/isomorphic-common/src/index.ts similarity index 100% rename from js/sdks/packages/isomorphic-common/src/index.ts rename to lunadefend/js/sdks/packages/isomorphic-common/src/index.ts diff --git a/js/sdks/packages/isomorphic-common/src/lunasec-error.ts b/lunadefend/js/sdks/packages/isomorphic-common/src/lunasec-error.ts similarity index 100% rename from js/sdks/packages/isomorphic-common/src/lunasec-error.ts rename to lunadefend/js/sdks/packages/isomorphic-common/src/lunasec-error.ts diff --git a/js/sdks/packages/isomorphic-common/src/scrub-properties.ts b/lunadefend/js/sdks/packages/isomorphic-common/src/scrub-properties.ts similarity index 100% rename from js/sdks/packages/isomorphic-common/src/scrub-properties.ts rename to lunadefend/js/sdks/packages/isomorphic-common/src/scrub-properties.ts diff --git a/js/sdks/packages/isomorphic-common/tsconfig.json b/lunadefend/js/sdks/packages/isomorphic-common/tsconfig.json similarity index 100% rename from js/sdks/packages/isomorphic-common/tsconfig.json rename to lunadefend/js/sdks/packages/isomorphic-common/tsconfig.json diff --git a/js/sdks/packages/isomorphic-common/tsconfig.module.json b/lunadefend/js/sdks/packages/isomorphic-common/tsconfig.module.json similarity index 100% rename from js/sdks/packages/isomorphic-common/tsconfig.module.json rename to lunadefend/js/sdks/packages/isomorphic-common/tsconfig.module.json diff --git a/js/sdks/packages/node-sdk/.gitignore b/lunadefend/js/sdks/packages/node-sdk/.gitignore similarity index 100% rename from js/sdks/packages/node-sdk/.gitignore rename to lunadefend/js/sdks/packages/node-sdk/.gitignore diff --git a/js/sdks/packages/node-sdk/README.md b/lunadefend/js/sdks/packages/node-sdk/README.md similarity index 100% rename from js/sdks/packages/node-sdk/README.md rename to lunadefend/js/sdks/packages/node-sdk/README.md diff --git a/js/sdks/packages/node-sdk/package.json b/lunadefend/js/sdks/packages/node-sdk/package.json similarity index 100% rename from js/sdks/packages/node-sdk/package.json rename to lunadefend/js/sdks/packages/node-sdk/package.json diff --git a/js/sdks/packages/node-sdk/src/api/client.ts b/lunadefend/js/sdks/packages/node-sdk/src/api/client.ts similarity index 100% rename from js/sdks/packages/node-sdk/src/api/client.ts rename to lunadefend/js/sdks/packages/node-sdk/src/api/client.ts diff --git a/js/sdks/packages/node-sdk/src/api/types.ts b/lunadefend/js/sdks/packages/node-sdk/src/api/types.ts similarity index 100% rename from js/sdks/packages/node-sdk/src/api/types.ts rename to lunadefend/js/sdks/packages/node-sdk/src/api/types.ts diff --git a/js/sdks/packages/node-sdk/src/authentication/authentication-jwt.ts b/lunadefend/js/sdks/packages/node-sdk/src/authentication/authentication-jwt.ts similarity index 100% rename from js/sdks/packages/node-sdk/src/authentication/authentication-jwt.ts rename to lunadefend/js/sdks/packages/node-sdk/src/authentication/authentication-jwt.ts diff --git a/js/sdks/packages/node-sdk/src/authentication/aws-secret-provider.ts b/lunadefend/js/sdks/packages/node-sdk/src/authentication/aws-secret-provider.ts similarity index 100% rename from js/sdks/packages/node-sdk/src/authentication/aws-secret-provider.ts rename to lunadefend/js/sdks/packages/node-sdk/src/authentication/aws-secret-provider.ts diff --git a/js/sdks/packages/node-sdk/src/authentication/environment-secret-provider.ts b/lunadefend/js/sdks/packages/node-sdk/src/authentication/environment-secret-provider.ts similarity index 100% rename from js/sdks/packages/node-sdk/src/authentication/environment-secret-provider.ts rename to lunadefend/js/sdks/packages/node-sdk/src/authentication/environment-secret-provider.ts diff --git a/js/sdks/packages/node-sdk/src/authentication/index.ts b/lunadefend/js/sdks/packages/node-sdk/src/authentication/index.ts similarity index 100% rename from js/sdks/packages/node-sdk/src/authentication/index.ts rename to lunadefend/js/sdks/packages/node-sdk/src/authentication/index.ts diff --git a/js/sdks/packages/node-sdk/src/authentication/types.ts b/lunadefend/js/sdks/packages/node-sdk/src/authentication/types.ts similarity index 100% rename from js/sdks/packages/node-sdk/src/authentication/types.ts rename to lunadefend/js/sdks/packages/node-sdk/src/authentication/types.ts diff --git a/js/sdks/packages/node-sdk/src/environment.d.ts b/lunadefend/js/sdks/packages/node-sdk/src/environment.d.ts similarity index 100% rename from js/sdks/packages/node-sdk/src/environment.d.ts rename to lunadefend/js/sdks/packages/node-sdk/src/environment.d.ts diff --git a/js/sdks/packages/node-sdk/src/express-auth-plugin/index.ts b/lunadefend/js/sdks/packages/node-sdk/src/express-auth-plugin/index.ts similarity index 100% rename from js/sdks/packages/node-sdk/src/express-auth-plugin/index.ts rename to lunadefend/js/sdks/packages/node-sdk/src/express-auth-plugin/index.ts diff --git a/js/sdks/packages/node-sdk/src/express-simple-tokenizer-backend/express-middleware.ts b/lunadefend/js/sdks/packages/node-sdk/src/express-simple-tokenizer-backend/express-middleware.ts similarity index 100% rename from js/sdks/packages/node-sdk/src/express-simple-tokenizer-backend/express-middleware.ts rename to lunadefend/js/sdks/packages/node-sdk/src/express-simple-tokenizer-backend/express-middleware.ts diff --git a/js/sdks/packages/node-sdk/src/express-simple-tokenizer-backend/index.ts b/lunadefend/js/sdks/packages/node-sdk/src/express-simple-tokenizer-backend/index.ts similarity index 100% rename from js/sdks/packages/node-sdk/src/express-simple-tokenizer-backend/index.ts rename to lunadefend/js/sdks/packages/node-sdk/src/express-simple-tokenizer-backend/index.ts diff --git a/js/sdks/packages/node-sdk/src/express-simple-tokenizer-backend/simple-tokenizer-backend.ts b/lunadefend/js/sdks/packages/node-sdk/src/express-simple-tokenizer-backend/simple-tokenizer-backend.ts similarity index 100% rename from js/sdks/packages/node-sdk/src/express-simple-tokenizer-backend/simple-tokenizer-backend.ts rename to lunadefend/js/sdks/packages/node-sdk/src/express-simple-tokenizer-backend/simple-tokenizer-backend.ts diff --git a/js/sdks/packages/node-sdk/src/fetch.ts b/lunadefend/js/sdks/packages/node-sdk/src/fetch.ts similarity index 100% rename from js/sdks/packages/node-sdk/src/fetch.ts rename to lunadefend/js/sdks/packages/node-sdk/src/fetch.ts diff --git a/js/sdks/packages/node-sdk/src/grant-service/index.ts b/lunadefend/js/sdks/packages/node-sdk/src/grant-service/index.ts similarity index 100% rename from js/sdks/packages/node-sdk/src/grant-service/index.ts rename to lunadefend/js/sdks/packages/node-sdk/src/grant-service/index.ts diff --git a/js/sdks/packages/node-sdk/src/graphql/index.ts b/lunadefend/js/sdks/packages/node-sdk/src/graphql/index.ts similarity index 100% rename from js/sdks/packages/node-sdk/src/graphql/index.ts rename to lunadefend/js/sdks/packages/node-sdk/src/graphql/index.ts diff --git a/js/sdks/packages/node-sdk/src/graphql/lunasec-token-directive.ts b/lunadefend/js/sdks/packages/node-sdk/src/graphql/lunasec-token-directive.ts similarity index 100% rename from js/sdks/packages/node-sdk/src/graphql/lunasec-token-directive.ts rename to lunadefend/js/sdks/packages/node-sdk/src/graphql/lunasec-token-directive.ts diff --git a/js/sdks/packages/node-sdk/src/index.ts b/lunadefend/js/sdks/packages/node-sdk/src/index.ts similarity index 100% rename from js/sdks/packages/node-sdk/src/index.ts rename to lunadefend/js/sdks/packages/node-sdk/src/index.ts diff --git a/js/sdks/packages/node-sdk/src/keys/decode-secret-key-pair-bundle.ts b/lunadefend/js/sdks/packages/node-sdk/src/keys/decode-secret-key-pair-bundle.ts similarity index 100% rename from js/sdks/packages/node-sdk/src/keys/decode-secret-key-pair-bundle.ts rename to lunadefend/js/sdks/packages/node-sdk/src/keys/decode-secret-key-pair-bundle.ts diff --git a/js/sdks/packages/node-sdk/src/main/index.ts b/lunadefend/js/sdks/packages/node-sdk/src/main/index.ts similarity index 100% rename from js/sdks/packages/node-sdk/src/main/index.ts rename to lunadefend/js/sdks/packages/node-sdk/src/main/index.ts diff --git a/js/sdks/packages/node-sdk/src/secure-resolver/constants.ts b/lunadefend/js/sdks/packages/node-sdk/src/secure-resolver/constants.ts similarity index 100% rename from js/sdks/packages/node-sdk/src/secure-resolver/constants.ts rename to lunadefend/js/sdks/packages/node-sdk/src/secure-resolver/constants.ts diff --git a/js/sdks/packages/node-sdk/src/secure-resolver/index.ts b/lunadefend/js/sdks/packages/node-sdk/src/secure-resolver/index.ts similarity index 100% rename from js/sdks/packages/node-sdk/src/secure-resolver/index.ts rename to lunadefend/js/sdks/packages/node-sdk/src/secure-resolver/index.ts diff --git a/js/sdks/packages/node-sdk/src/secure-resolver/types.ts b/lunadefend/js/sdks/packages/node-sdk/src/secure-resolver/types.ts similarity index 100% rename from js/sdks/packages/node-sdk/src/secure-resolver/types.ts rename to lunadefend/js/sdks/packages/node-sdk/src/secure-resolver/types.ts diff --git a/js/sdks/packages/node-sdk/tsconfig.json b/lunadefend/js/sdks/packages/node-sdk/tsconfig.json similarity index 100% rename from js/sdks/packages/node-sdk/tsconfig.json rename to lunadefend/js/sdks/packages/node-sdk/tsconfig.json diff --git a/js/sdks/packages/node-sdk/tsconfig.module.json b/lunadefend/js/sdks/packages/node-sdk/tsconfig.module.json similarity index 100% rename from js/sdks/packages/node-sdk/tsconfig.module.json rename to lunadefend/js/sdks/packages/node-sdk/tsconfig.module.json diff --git a/js/sdks/packages/react-sdk/.gitignore b/lunadefend/js/sdks/packages/react-sdk/.gitignore similarity index 100% rename from js/sdks/packages/react-sdk/.gitignore rename to lunadefend/js/sdks/packages/react-sdk/.gitignore diff --git a/js/sdks/packages/react-sdk/README.md b/lunadefend/js/sdks/packages/react-sdk/README.md similarity index 100% rename from js/sdks/packages/react-sdk/README.md rename to lunadefend/js/sdks/packages/react-sdk/README.md diff --git a/js/sdks/packages/react-sdk/package.json b/lunadefend/js/sdks/packages/react-sdk/package.json similarity index 100% rename from js/sdks/packages/react-sdk/package.json rename to lunadefend/js/sdks/packages/react-sdk/package.json diff --git a/js/sdks/packages/react-sdk/src/components/App.tsx b/lunadefend/js/sdks/packages/react-sdk/src/components/App.tsx similarity index 100% rename from js/sdks/packages/react-sdk/src/components/App.tsx rename to lunadefend/js/sdks/packages/react-sdk/src/components/App.tsx diff --git a/js/sdks/packages/react-sdk/src/components/SecureForm.tsx b/lunadefend/js/sdks/packages/react-sdk/src/components/SecureForm.tsx similarity index 100% rename from js/sdks/packages/react-sdk/src/components/SecureForm.tsx rename to lunadefend/js/sdks/packages/react-sdk/src/components/SecureForm.tsx diff --git a/js/sdks/packages/react-sdk/src/components/elements/downloader.tsx b/lunadefend/js/sdks/packages/react-sdk/src/components/elements/downloader.tsx similarity index 100% rename from js/sdks/packages/react-sdk/src/components/elements/downloader.tsx rename to lunadefend/js/sdks/packages/react-sdk/src/components/elements/downloader.tsx diff --git a/js/sdks/packages/react-sdk/src/components/elements/input.tsx b/lunadefend/js/sdks/packages/react-sdk/src/components/elements/input.tsx similarity index 100% rename from js/sdks/packages/react-sdk/src/components/elements/input.tsx rename to lunadefend/js/sdks/packages/react-sdk/src/components/elements/input.tsx diff --git a/js/sdks/packages/react-sdk/src/components/elements/paragraph.tsx b/lunadefend/js/sdks/packages/react-sdk/src/components/elements/paragraph.tsx similarity index 100% rename from js/sdks/packages/react-sdk/src/components/elements/paragraph.tsx rename to lunadefend/js/sdks/packages/react-sdk/src/components/elements/paragraph.tsx diff --git a/js/sdks/packages/react-sdk/src/components/elements/textarea.tsx b/lunadefend/js/sdks/packages/react-sdk/src/components/elements/textarea.tsx similarity index 100% rename from js/sdks/packages/react-sdk/src/components/elements/textarea.tsx rename to lunadefend/js/sdks/packages/react-sdk/src/components/elements/textarea.tsx diff --git a/js/sdks/packages/react-sdk/src/components/elements/uploader.tsx b/lunadefend/js/sdks/packages/react-sdk/src/components/elements/uploader.tsx similarity index 100% rename from js/sdks/packages/react-sdk/src/components/elements/uploader.tsx rename to lunadefend/js/sdks/packages/react-sdk/src/components/elements/uploader.tsx diff --git a/js/sdks/packages/react-sdk/src/components/wrapComponent.tsx b/lunadefend/js/sdks/packages/react-sdk/src/components/wrapComponent.tsx similarity index 100% rename from js/sdks/packages/react-sdk/src/components/wrapComponent.tsx rename to lunadefend/js/sdks/packages/react-sdk/src/components/wrapComponent.tsx diff --git a/js/sdks/packages/react-sdk/src/event-bus.ts b/lunadefend/js/sdks/packages/react-sdk/src/event-bus.ts similarity index 100% rename from js/sdks/packages/react-sdk/src/event-bus.ts rename to lunadefend/js/sdks/packages/react-sdk/src/event-bus.ts diff --git a/js/sdks/packages/react-sdk/src/index.ts b/lunadefend/js/sdks/packages/react-sdk/src/index.ts similarity index 100% rename from js/sdks/packages/react-sdk/src/index.ts rename to lunadefend/js/sdks/packages/react-sdk/src/index.ts diff --git a/js/sdks/packages/react-sdk/src/providers/LunaSecConfigContext.ts b/lunadefend/js/sdks/packages/react-sdk/src/providers/LunaSecConfigContext.ts similarity index 100% rename from js/sdks/packages/react-sdk/src/providers/LunaSecConfigContext.ts rename to lunadefend/js/sdks/packages/react-sdk/src/providers/LunaSecConfigContext.ts diff --git a/js/sdks/packages/react-sdk/src/providers/SecureFormContext.ts b/lunadefend/js/sdks/packages/react-sdk/src/providers/SecureFormContext.ts similarity index 100% rename from js/sdks/packages/react-sdk/src/providers/SecureFormContext.ts rename to lunadefend/js/sdks/packages/react-sdk/src/providers/SecureFormContext.ts diff --git a/js/sdks/packages/react-sdk/src/types/component-types.ts b/lunadefend/js/sdks/packages/react-sdk/src/types/component-types.ts similarity index 100% rename from js/sdks/packages/react-sdk/src/types/component-types.ts rename to lunadefend/js/sdks/packages/react-sdk/src/types/component-types.ts diff --git a/js/sdks/packages/react-sdk/src/types/internal-types.ts b/lunadefend/js/sdks/packages/react-sdk/src/types/internal-types.ts similarity index 100% rename from js/sdks/packages/react-sdk/src/types/internal-types.ts rename to lunadefend/js/sdks/packages/react-sdk/src/types/internal-types.ts diff --git a/js/sdks/packages/react-sdk/src/utils/set-native-value.ts b/lunadefend/js/sdks/packages/react-sdk/src/utils/set-native-value.ts similarity index 100% rename from js/sdks/packages/react-sdk/src/utils/set-native-value.ts rename to lunadefend/js/sdks/packages/react-sdk/src/utils/set-native-value.ts diff --git a/js/sdks/packages/react-sdk/tsconfig.json b/lunadefend/js/sdks/packages/react-sdk/tsconfig.json similarity index 100% rename from js/sdks/packages/react-sdk/tsconfig.json rename to lunadefend/js/sdks/packages/react-sdk/tsconfig.json diff --git a/js/sdks/packages/react-sdk/tsconfig.module.json b/lunadefend/js/sdks/packages/react-sdk/tsconfig.module.json similarity index 100% rename from js/sdks/packages/react-sdk/tsconfig.module.json rename to lunadefend/js/sdks/packages/react-sdk/tsconfig.module.json diff --git a/js/sdks/packages/secure-frame-iframe/.env b/lunadefend/js/sdks/packages/secure-frame-iframe/.env similarity index 100% rename from js/sdks/packages/secure-frame-iframe/.env rename to lunadefend/js/sdks/packages/secure-frame-iframe/.env diff --git a/js/sdks/packages/secure-frame-iframe/.env-prod b/lunadefend/js/sdks/packages/secure-frame-iframe/.env-prod similarity index 100% rename from js/sdks/packages/secure-frame-iframe/.env-prod rename to lunadefend/js/sdks/packages/secure-frame-iframe/.env-prod diff --git a/js/sdks/packages/secure-frame-iframe/.gitignore b/lunadefend/js/sdks/packages/secure-frame-iframe/.gitignore similarity index 100% rename from js/sdks/packages/secure-frame-iframe/.gitignore rename to lunadefend/js/sdks/packages/secure-frame-iframe/.gitignore diff --git a/js/sdks/packages/secure-frame-iframe/README.md b/lunadefend/js/sdks/packages/secure-frame-iframe/README.md similarity index 100% rename from js/sdks/packages/secure-frame-iframe/README.md rename to lunadefend/js/sdks/packages/secure-frame-iframe/README.md diff --git a/js/sdks/packages/secure-frame-iframe/package.json b/lunadefend/js/sdks/packages/secure-frame-iframe/package.json similarity index 100% rename from js/sdks/packages/secure-frame-iframe/package.json rename to lunadefend/js/sdks/packages/secure-frame-iframe/package.json diff --git a/js/sdks/packages/secure-frame-iframe/src/initialize-uploader.tsx b/lunadefend/js/sdks/packages/secure-frame-iframe/src/initialize-uploader.tsx similarity index 100% rename from js/sdks/packages/secure-frame-iframe/src/initialize-uploader.tsx rename to lunadefend/js/sdks/packages/secure-frame-iframe/src/initialize-uploader.tsx diff --git a/js/sdks/packages/secure-frame-iframe/src/main.ts b/lunadefend/js/sdks/packages/secure-frame-iframe/src/main.ts similarity index 100% rename from js/sdks/packages/secure-frame-iframe/src/main.ts rename to lunadefend/js/sdks/packages/secure-frame-iframe/src/main.ts diff --git a/js/sdks/packages/secure-frame-iframe/src/rpc/index.ts b/lunadefend/js/sdks/packages/secure-frame-iframe/src/rpc/index.ts similarity index 100% rename from js/sdks/packages/secure-frame-iframe/src/rpc/index.ts rename to lunadefend/js/sdks/packages/secure-frame-iframe/src/rpc/index.ts diff --git a/js/sdks/packages/secure-frame-iframe/src/secure-download.ts b/lunadefend/js/sdks/packages/secure-frame-iframe/src/secure-download.ts similarity index 100% rename from js/sdks/packages/secure-frame-iframe/src/secure-download.ts rename to lunadefend/js/sdks/packages/secure-frame-iframe/src/secure-download.ts diff --git a/js/sdks/packages/secure-frame-iframe/src/secure-frame.ts b/lunadefend/js/sdks/packages/secure-frame-iframe/src/secure-frame.ts similarity index 100% rename from js/sdks/packages/secure-frame-iframe/src/secure-frame.ts rename to lunadefend/js/sdks/packages/secure-frame-iframe/src/secure-frame.ts diff --git a/js/sdks/packages/secure-frame-iframe/src/static/main.css b/lunadefend/js/sdks/packages/secure-frame-iframe/src/static/main.css similarity index 100% rename from js/sdks/packages/secure-frame-iframe/src/static/main.css rename to lunadefend/js/sdks/packages/secure-frame-iframe/src/static/main.css diff --git a/js/sdks/packages/secure-frame-iframe/src/uploader-component.tsx b/lunadefend/js/sdks/packages/secure-frame-iframe/src/uploader-component.tsx similarity index 100% rename from js/sdks/packages/secure-frame-iframe/src/uploader-component.tsx rename to lunadefend/js/sdks/packages/secure-frame-iframe/src/uploader-component.tsx diff --git a/js/sdks/packages/secure-frame-iframe/src/validators.ts b/lunadefend/js/sdks/packages/secure-frame-iframe/src/validators.ts similarity index 100% rename from js/sdks/packages/secure-frame-iframe/src/validators.ts rename to lunadefend/js/sdks/packages/secure-frame-iframe/src/validators.ts diff --git a/js/sdks/packages/secure-frame-iframe/tsconfig.json b/lunadefend/js/sdks/packages/secure-frame-iframe/tsconfig.json similarity index 100% rename from js/sdks/packages/secure-frame-iframe/tsconfig.json rename to lunadefend/js/sdks/packages/secure-frame-iframe/tsconfig.json diff --git a/js/sdks/packages/secure-frame-iframe/webpack.config.cjs b/lunadefend/js/sdks/packages/secure-frame-iframe/webpack.config.cjs similarity index 100% rename from js/sdks/packages/secure-frame-iframe/webpack.config.cjs rename to lunadefend/js/sdks/packages/secure-frame-iframe/webpack.config.cjs diff --git a/js/sdks/packages/server-common/.gitignore b/lunadefend/js/sdks/packages/server-common/.gitignore similarity index 100% rename from js/sdks/packages/server-common/.gitignore rename to lunadefend/js/sdks/packages/server-common/.gitignore diff --git a/js/sdks/packages/server-common/package.json b/lunadefend/js/sdks/packages/server-common/package.json similarity index 100% rename from js/sdks/packages/server-common/package.json rename to lunadefend/js/sdks/packages/server-common/package.json diff --git a/js/sdks/packages/server-common/src/index.ts b/lunadefend/js/sdks/packages/server-common/src/index.ts similarity index 100% rename from js/sdks/packages/server-common/src/index.ts rename to lunadefend/js/sdks/packages/server-common/src/index.ts diff --git a/js/sdks/packages/server-common/src/lib/api.ts b/lunadefend/js/sdks/packages/server-common/src/lib/api.ts similarity index 100% rename from js/sdks/packages/server-common/src/lib/api.ts rename to lunadefend/js/sdks/packages/server-common/src/lib/api.ts diff --git a/js/sdks/packages/server-common/src/lib/http.ts b/lunadefend/js/sdks/packages/server-common/src/lib/http.ts similarity index 100% rename from js/sdks/packages/server-common/src/lib/http.ts rename to lunadefend/js/sdks/packages/server-common/src/lib/http.ts diff --git a/js/sdks/packages/server-common/tsconfig.json b/lunadefend/js/sdks/packages/server-common/tsconfig.json similarity index 100% rename from js/sdks/packages/server-common/tsconfig.json rename to lunadefend/js/sdks/packages/server-common/tsconfig.json diff --git a/js/sdks/packages/server-common/tsconfig.module.json b/lunadefend/js/sdks/packages/server-common/tsconfig.module.json similarity index 100% rename from js/sdks/packages/server-common/tsconfig.module.json rename to lunadefend/js/sdks/packages/server-common/tsconfig.module.json diff --git a/js/sdks/packages/tokenizer-sdk/.gitignore b/lunadefend/js/sdks/packages/tokenizer-sdk/.gitignore similarity index 100% rename from js/sdks/packages/tokenizer-sdk/.gitignore rename to lunadefend/js/sdks/packages/tokenizer-sdk/.gitignore diff --git a/js/sdks/packages/tokenizer-sdk/README.md b/lunadefend/js/sdks/packages/tokenizer-sdk/README.md similarity index 100% rename from js/sdks/packages/tokenizer-sdk/README.md rename to lunadefend/js/sdks/packages/tokenizer-sdk/README.md diff --git a/js/sdks/packages/tokenizer-sdk/jest.config.js b/lunadefend/js/sdks/packages/tokenizer-sdk/jest.config.js similarity index 100% rename from js/sdks/packages/tokenizer-sdk/jest.config.js rename to lunadefend/js/sdks/packages/tokenizer-sdk/jest.config.js diff --git a/js/sdks/packages/tokenizer-sdk/openapitools.json b/lunadefend/js/sdks/packages/tokenizer-sdk/openapitools.json similarity index 100% rename from js/sdks/packages/tokenizer-sdk/openapitools.json rename to lunadefend/js/sdks/packages/tokenizer-sdk/openapitools.json diff --git a/js/sdks/packages/tokenizer-sdk/package.json b/lunadefend/js/sdks/packages/tokenizer-sdk/package.json similarity index 100% rename from js/sdks/packages/tokenizer-sdk/package.json rename to lunadefend/js/sdks/packages/tokenizer-sdk/package.json diff --git a/js/sdks/packages/tokenizer-sdk/src/aws.ts b/lunadefend/js/sdks/packages/tokenizer-sdk/src/aws.ts similarity index 100% rename from js/sdks/packages/tokenizer-sdk/src/aws.ts rename to lunadefend/js/sdks/packages/tokenizer-sdk/src/aws.ts diff --git a/js/sdks/packages/tokenizer-sdk/src/constants.ts b/lunadefend/js/sdks/packages/tokenizer-sdk/src/constants.ts similarity index 100% rename from js/sdks/packages/tokenizer-sdk/src/constants.ts rename to lunadefend/js/sdks/packages/tokenizer-sdk/src/constants.ts diff --git a/js/sdks/packages/tokenizer-sdk/src/environment.d.ts b/lunadefend/js/sdks/packages/tokenizer-sdk/src/environment.d.ts similarity index 100% rename from js/sdks/packages/tokenizer-sdk/src/environment.d.ts rename to lunadefend/js/sdks/packages/tokenizer-sdk/src/environment.d.ts diff --git a/js/sdks/packages/tokenizer-sdk/src/generated/.gitignore b/lunadefend/js/sdks/packages/tokenizer-sdk/src/generated/.gitignore similarity index 100% rename from js/sdks/packages/tokenizer-sdk/src/generated/.gitignore rename to lunadefend/js/sdks/packages/tokenizer-sdk/src/generated/.gitignore diff --git a/js/sdks/packages/tokenizer-sdk/src/generated/.npmignore b/lunadefend/js/sdks/packages/tokenizer-sdk/src/generated/.npmignore similarity index 100% rename from js/sdks/packages/tokenizer-sdk/src/generated/.npmignore rename to lunadefend/js/sdks/packages/tokenizer-sdk/src/generated/.npmignore diff --git a/js/sdks/packages/tokenizer-sdk/src/generated/.openapi-generator-ignore b/lunadefend/js/sdks/packages/tokenizer-sdk/src/generated/.openapi-generator-ignore similarity index 100% rename from js/sdks/packages/tokenizer-sdk/src/generated/.openapi-generator-ignore rename to lunadefend/js/sdks/packages/tokenizer-sdk/src/generated/.openapi-generator-ignore diff --git a/js/sdks/packages/tokenizer-sdk/src/generated/.openapi-generator/FILES b/lunadefend/js/sdks/packages/tokenizer-sdk/src/generated/.openapi-generator/FILES similarity index 100% rename from js/sdks/packages/tokenizer-sdk/src/generated/.openapi-generator/FILES rename to lunadefend/js/sdks/packages/tokenizer-sdk/src/generated/.openapi-generator/FILES diff --git a/js/sdks/packages/tokenizer-sdk/src/generated/.openapi-generator/VERSION b/lunadefend/js/sdks/packages/tokenizer-sdk/src/generated/.openapi-generator/VERSION similarity index 100% rename from js/sdks/packages/tokenizer-sdk/src/generated/.openapi-generator/VERSION rename to lunadefend/js/sdks/packages/tokenizer-sdk/src/generated/.openapi-generator/VERSION diff --git a/js/sdks/packages/tokenizer-sdk/src/generated/api.ts b/lunadefend/js/sdks/packages/tokenizer-sdk/src/generated/api.ts similarity index 100% rename from js/sdks/packages/tokenizer-sdk/src/generated/api.ts rename to lunadefend/js/sdks/packages/tokenizer-sdk/src/generated/api.ts diff --git a/js/sdks/packages/tokenizer-sdk/src/generated/base.ts b/lunadefend/js/sdks/packages/tokenizer-sdk/src/generated/base.ts similarity index 100% rename from js/sdks/packages/tokenizer-sdk/src/generated/base.ts rename to lunadefend/js/sdks/packages/tokenizer-sdk/src/generated/base.ts diff --git a/js/sdks/packages/tokenizer-sdk/src/generated/common.ts b/lunadefend/js/sdks/packages/tokenizer-sdk/src/generated/common.ts similarity index 100% rename from js/sdks/packages/tokenizer-sdk/src/generated/common.ts rename to lunadefend/js/sdks/packages/tokenizer-sdk/src/generated/common.ts diff --git a/js/sdks/packages/tokenizer-sdk/src/generated/configuration.ts b/lunadefend/js/sdks/packages/tokenizer-sdk/src/generated/configuration.ts similarity index 100% rename from js/sdks/packages/tokenizer-sdk/src/generated/configuration.ts rename to lunadefend/js/sdks/packages/tokenizer-sdk/src/generated/configuration.ts diff --git a/js/sdks/packages/tokenizer-sdk/src/generated/git_push.sh b/lunadefend/js/sdks/packages/tokenizer-sdk/src/generated/git_push.sh similarity index 100% rename from js/sdks/packages/tokenizer-sdk/src/generated/git_push.sh rename to lunadefend/js/sdks/packages/tokenizer-sdk/src/generated/git_push.sh diff --git a/js/sdks/packages/tokenizer-sdk/src/generated/index.ts b/lunadefend/js/sdks/packages/tokenizer-sdk/src/generated/index.ts similarity index 100% rename from js/sdks/packages/tokenizer-sdk/src/generated/index.ts rename to lunadefend/js/sdks/packages/tokenizer-sdk/src/generated/index.ts diff --git a/js/sdks/packages/tokenizer-sdk/src/index.ts b/lunadefend/js/sdks/packages/tokenizer-sdk/src/index.ts similarity index 100% rename from js/sdks/packages/tokenizer-sdk/src/index.ts rename to lunadefend/js/sdks/packages/tokenizer-sdk/src/index.ts diff --git a/js/sdks/packages/tokenizer-sdk/src/simple-tokenizer.ts b/lunadefend/js/sdks/packages/tokenizer-sdk/src/simple-tokenizer.ts similarity index 100% rename from js/sdks/packages/tokenizer-sdk/src/simple-tokenizer.ts rename to lunadefend/js/sdks/packages/tokenizer-sdk/src/simple-tokenizer.ts diff --git a/js/sdks/packages/tokenizer-sdk/src/tests/tokenizer.test.ts b/lunadefend/js/sdks/packages/tokenizer-sdk/src/tests/tokenizer.test.ts similarity index 100% rename from js/sdks/packages/tokenizer-sdk/src/tests/tokenizer.test.ts rename to lunadefend/js/sdks/packages/tokenizer-sdk/src/tests/tokenizer.test.ts diff --git a/js/sdks/packages/tokenizer-sdk/src/tokenizer.ts b/lunadefend/js/sdks/packages/tokenizer-sdk/src/tokenizer.ts similarity index 100% rename from js/sdks/packages/tokenizer-sdk/src/tokenizer.ts rename to lunadefend/js/sdks/packages/tokenizer-sdk/src/tokenizer.ts diff --git a/js/sdks/packages/tokenizer-sdk/src/types.ts b/lunadefend/js/sdks/packages/tokenizer-sdk/src/types.ts similarity index 100% rename from js/sdks/packages/tokenizer-sdk/src/types.ts rename to lunadefend/js/sdks/packages/tokenizer-sdk/src/types.ts diff --git a/js/sdks/packages/tokenizer-sdk/src/utils/is-token.ts b/lunadefend/js/sdks/packages/tokenizer-sdk/src/utils/is-token.ts similarity index 100% rename from js/sdks/packages/tokenizer-sdk/src/utils/is-token.ts rename to lunadefend/js/sdks/packages/tokenizer-sdk/src/utils/is-token.ts diff --git a/js/sdks/packages/tokenizer-sdk/tsconfig.json b/lunadefend/js/sdks/packages/tokenizer-sdk/tsconfig.json similarity index 100% rename from js/sdks/packages/tokenizer-sdk/tsconfig.json rename to lunadefend/js/sdks/packages/tokenizer-sdk/tsconfig.json diff --git a/js/sdks/packages/tokenizer-sdk/tsconfig.module.json b/lunadefend/js/sdks/packages/tokenizer-sdk/tsconfig.module.json similarity index 100% rename from js/sdks/packages/tokenizer-sdk/tsconfig.module.json rename to lunadefend/js/sdks/packages/tokenizer-sdk/tsconfig.module.json diff --git a/js/sdks/packages/vue-sdk/.browserslistrc b/lunadefend/js/sdks/packages/vue-sdk/.browserslistrc similarity index 100% rename from js/sdks/packages/vue-sdk/.browserslistrc rename to lunadefend/js/sdks/packages/vue-sdk/.browserslistrc diff --git a/js/sdks/packages/vue-sdk/.eslintrc.js.old b/lunadefend/js/sdks/packages/vue-sdk/.eslintrc.js.old similarity index 100% rename from js/sdks/packages/vue-sdk/.eslintrc.js.old rename to lunadefend/js/sdks/packages/vue-sdk/.eslintrc.js.old diff --git a/js/sdks/packages/vue-sdk/.gitignore b/lunadefend/js/sdks/packages/vue-sdk/.gitignore similarity index 100% rename from js/sdks/packages/vue-sdk/.gitignore rename to lunadefend/js/sdks/packages/vue-sdk/.gitignore diff --git a/js/sdks/packages/vue-sdk/README.md b/lunadefend/js/sdks/packages/vue-sdk/README.md similarity index 100% rename from js/sdks/packages/vue-sdk/README.md rename to lunadefend/js/sdks/packages/vue-sdk/README.md diff --git a/js/sdks/packages/vue-sdk/babel.config.js b/lunadefend/js/sdks/packages/vue-sdk/babel.config.js similarity index 100% rename from js/sdks/packages/vue-sdk/babel.config.js rename to lunadefend/js/sdks/packages/vue-sdk/babel.config.js diff --git a/js/sdks/packages/vue-sdk/cypress.json b/lunadefend/js/sdks/packages/vue-sdk/cypress.json similarity index 100% rename from js/sdks/packages/vue-sdk/cypress.json rename to lunadefend/js/sdks/packages/vue-sdk/cypress.json diff --git a/js/sdks/packages/vue-sdk/jest.config.js b/lunadefend/js/sdks/packages/vue-sdk/jest.config.js similarity index 100% rename from js/sdks/packages/vue-sdk/jest.config.js rename to lunadefend/js/sdks/packages/vue-sdk/jest.config.js diff --git a/js/sdks/packages/vue-sdk/package.json b/lunadefend/js/sdks/packages/vue-sdk/package.json similarity index 100% rename from js/sdks/packages/vue-sdk/package.json rename to lunadefend/js/sdks/packages/vue-sdk/package.json diff --git a/js/sdks/packages/vue-sdk/public/favicon.ico b/lunadefend/js/sdks/packages/vue-sdk/public/favicon.ico similarity index 100% rename from js/sdks/packages/vue-sdk/public/favicon.ico rename to lunadefend/js/sdks/packages/vue-sdk/public/favicon.ico diff --git a/js/sdks/packages/vue-sdk/public/index.html b/lunadefend/js/sdks/packages/vue-sdk/public/index.html similarity index 100% rename from js/sdks/packages/vue-sdk/public/index.html rename to lunadefend/js/sdks/packages/vue-sdk/public/index.html diff --git a/js/sdks/packages/vue-sdk/src/App.vue b/lunadefend/js/sdks/packages/vue-sdk/src/App.vue similarity index 100% rename from js/sdks/packages/vue-sdk/src/App.vue rename to lunadefend/js/sdks/packages/vue-sdk/src/App.vue diff --git a/js/sdks/packages/vue-sdk/src/components/DemoComponent.vue b/lunadefend/js/sdks/packages/vue-sdk/src/components/DemoComponent.vue similarity index 100% rename from js/sdks/packages/vue-sdk/src/components/DemoComponent.vue rename to lunadefend/js/sdks/packages/vue-sdk/src/components/DemoComponent.vue diff --git a/js/sdks/packages/vue-sdk/src/main.ts b/lunadefend/js/sdks/packages/vue-sdk/src/main.ts similarity index 100% rename from js/sdks/packages/vue-sdk/src/main.ts rename to lunadefend/js/sdks/packages/vue-sdk/src/main.ts diff --git a/js/sdks/packages/vue-sdk/src/secure-components/LunaSec-Config-Provider.ts b/lunadefend/js/sdks/packages/vue-sdk/src/secure-components/LunaSec-Config-Provider.ts similarity index 100% rename from js/sdks/packages/vue-sdk/src/secure-components/LunaSec-Config-Provider.ts rename to lunadefend/js/sdks/packages/vue-sdk/src/secure-components/LunaSec-Config-Provider.ts diff --git a/js/sdks/packages/vue-sdk/src/secure-components/Secure-Input.vue b/lunadefend/js/sdks/packages/vue-sdk/src/secure-components/Secure-Input.vue similarity index 100% rename from js/sdks/packages/vue-sdk/src/secure-components/Secure-Input.vue rename to lunadefend/js/sdks/packages/vue-sdk/src/secure-components/Secure-Input.vue diff --git a/js/sdks/packages/vue-sdk/src/secure-tools.ts b/lunadefend/js/sdks/packages/vue-sdk/src/secure-tools.ts similarity index 100% rename from js/sdks/packages/vue-sdk/src/secure-tools.ts rename to lunadefend/js/sdks/packages/vue-sdk/src/secure-tools.ts diff --git a/js/sdks/packages/vue-sdk/src/shims-vue.d.ts b/lunadefend/js/sdks/packages/vue-sdk/src/shims-vue.d.ts similarity index 100% rename from js/sdks/packages/vue-sdk/src/shims-vue.d.ts rename to lunadefend/js/sdks/packages/vue-sdk/src/shims-vue.d.ts diff --git a/js/sdks/packages/vue-sdk/tests/e2e/.eslintrc.js.OLD b/lunadefend/js/sdks/packages/vue-sdk/tests/e2e/.eslintrc.js.OLD similarity index 100% rename from js/sdks/packages/vue-sdk/tests/e2e/.eslintrc.js.OLD rename to lunadefend/js/sdks/packages/vue-sdk/tests/e2e/.eslintrc.js.OLD diff --git a/js/sdks/packages/vue-sdk/tests/e2e/plugins/index.js b/lunadefend/js/sdks/packages/vue-sdk/tests/e2e/plugins/index.js similarity index 100% rename from js/sdks/packages/vue-sdk/tests/e2e/plugins/index.js rename to lunadefend/js/sdks/packages/vue-sdk/tests/e2e/plugins/index.js diff --git a/js/sdks/packages/vue-sdk/tests/e2e/specs/test.js b/lunadefend/js/sdks/packages/vue-sdk/tests/e2e/specs/test.js similarity index 100% rename from js/sdks/packages/vue-sdk/tests/e2e/specs/test.js rename to lunadefend/js/sdks/packages/vue-sdk/tests/e2e/specs/test.js diff --git a/js/sdks/packages/vue-sdk/tests/e2e/support/commands.js b/lunadefend/js/sdks/packages/vue-sdk/tests/e2e/support/commands.js similarity index 100% rename from js/sdks/packages/vue-sdk/tests/e2e/support/commands.js rename to lunadefend/js/sdks/packages/vue-sdk/tests/e2e/support/commands.js diff --git a/js/sdks/packages/vue-sdk/tests/e2e/support/index.js b/lunadefend/js/sdks/packages/vue-sdk/tests/e2e/support/index.js similarity index 100% rename from js/sdks/packages/vue-sdk/tests/e2e/support/index.js rename to lunadefend/js/sdks/packages/vue-sdk/tests/e2e/support/index.js diff --git a/js/sdks/packages/vue-sdk/tests/unit/example.spec.ts b/lunadefend/js/sdks/packages/vue-sdk/tests/unit/example.spec.ts similarity index 100% rename from js/sdks/packages/vue-sdk/tests/unit/example.spec.ts rename to lunadefend/js/sdks/packages/vue-sdk/tests/unit/example.spec.ts diff --git a/js/sdks/packages/vue-sdk/tsconfig.json b/lunadefend/js/sdks/packages/vue-sdk/tsconfig.json similarity index 100% rename from js/sdks/packages/vue-sdk/tsconfig.json rename to lunadefend/js/sdks/packages/vue-sdk/tsconfig.json diff --git a/js/sdks/renovate.json b/lunadefend/js/sdks/renovate.json similarity index 100% rename from js/sdks/renovate.json rename to lunadefend/js/sdks/renovate.json diff --git a/js/sdks/tsconfig.build.json b/lunadefend/js/sdks/tsconfig.build.json similarity index 100% rename from js/sdks/tsconfig.build.json rename to lunadefend/js/sdks/tsconfig.build.json diff --git a/js/sdks/tsconfig.json b/lunadefend/js/sdks/tsconfig.json similarity index 100% rename from js/sdks/tsconfig.json rename to lunadefend/js/sdks/tsconfig.json diff --git a/js/sdks/vue.config.js b/lunadefend/js/sdks/vue.config.js similarity index 100% rename from js/sdks/vue.config.js rename to lunadefend/js/sdks/vue.config.js diff --git a/go/scripts/start-tokenizerbackend-dependencies.sh b/lunadefend/scripts/start-tokenizerbackend-dependencies.sh similarity index 100% rename from go/scripts/start-tokenizerbackend-dependencies.sh rename to lunadefend/scripts/start-tokenizerbackend-dependencies.sh diff --git a/start-with-tmuxp.yaml b/lunadefend/start-with-tmuxp.yaml similarity index 86% rename from start-with-tmuxp.yaml rename to lunadefend/start-with-tmuxp.yaml index e8699f443..b415b9a45 100644 --- a/start-with-tmuxp.yaml +++ b/lunadefend/start-with-tmuxp.yaml @@ -18,12 +18,12 @@ windows: # Demo React App Front End # Available REACT_APP_DEMO_NAMES are 'dedicated-passport-express', 'dedicated-passport-graphql', and 'simple' - shell_command: - - cd lunadefend/js/demo-apps/packages/react-front-end + - cd js/demo-apps/packages/react-front-end - REACT_APP_DEMO_NAME="dedicated-passport-graphql" yarn run start # Demo Application Backend, comes up on 3001, 3002, and 3003 in the various modes - shell_command: - - cd lunadefend/js/demo-apps/packages/demo-back-end + - cd js/demo-apps/packages/demo-back-end - sleep 1 # wait for outputs to get deleted from previous run...really need a better way than this - LUNASEC_LOCAL_DEV=true LUNASEC_SIGNING_KEY=$(cat ./fixtures/auth_provider_key | base64 -w0) yarn start:dev @@ -33,4 +33,4 @@ windows: # Tokenizer Back End. Command uses docker compose to start localstack and run CDK deployment scripts against it before starting server - shell_command: - - ./go/scripts/start-tokenizerbackend-dependencies.sh + - ./scripts/start-tokenizerbackend-dependencies.sh diff --git a/lunatrace/cli/pkg/util/ptr.go b/lunatrace/cli/pkg/util/ptr.go index 53d4c1f96..cc198f922 100644 --- a/lunatrace/cli/pkg/util/ptr.go +++ b/lunatrace/cli/pkg/util/ptr.go @@ -15,5 +15,5 @@ package util func Ptr[T any](t T) *T { - return &t + return &t } diff --git a/tools.go b/lunatrace/cli/tools.go similarity index 100% rename from tools.go rename to lunatrace/cli/tools.go diff --git a/package.json b/package.json index a11882c7f..84db2d1af 100644 --- a/package.json +++ b/package.json @@ -59,16 +59,16 @@ }, "scripts": { "compile:bsl": "cd lunatrace/bsl && yarn run tsc -b tsconfig.build.json", - "lunasec": "node js/sdks/packages/cli/build/cli.js", + "lunasec": "node lunadefend/js/sdks/packages/cli/build/cli.js", "license:check": "./tools/license-checker/run-license-check.sh check", "license:fix": "./tools/license-checker/run-license-check.sh fix", "license:install": "cd tools/license-checker && ./install-skywalking-eyes.sh", "test:e2e:local": "cd lunadefend/js/demo-apps/packages/react-front-end && yarn run test:e2e", "test:e2e:docker": "cd lunadefend/js/demo-apps/packages/react-front-end && yarn run test:e2e:docker", - "test:unit:tokenizer": "cd js/sdks/packages/tokenizer-sdk && yarn run test", - "test:unit:auth": "cd js/sdks/packages/browser-common && yarn run test", + "test:unit:tokenizer": "cd lunadefend/js/sdks/packages/tokenizer-sdk && yarn run test", + "test:unit:auth": "cd lunadefend/js/sdks/packages/browser-common && yarn run test", "test:unit:js": "yarn test:unit:auth && yarn test:unit:tokenizer", - "test:unit:go": "cd go && go test -cover ./...", + "test:unit:go": "cd lunadefend/go && go test -cover ./...", "test:unit": "yarn test:unit:js && yarn test:unit:go", "test:all": "yarn test:unit && yarn run test:e2e:local", "lint:fix": "yarn run lint --fix", @@ -76,10 +76,10 @@ "lint:basecommand": "yarn run eslint --ext .js,.jsx,.ts,.tsx,.vue --quiet ./lunatrace", "lint:lunatrace": "yarn run lint:basecommand ./lunatrace", "version:release": "./tools/version-release.sh", - "compile:dev:infrastructure": "cd js/internal-infrastructure/s3-redirect-generator && yarn run compile", - "compile:dev:sdks": "cd js/sdks && yarn run compile:dev", - "compile:release:sdks": "cd js/sdks && yarn run compile:release", - "compile:release:services": "cd go && yarn run compile:release", + "compile:dev:infrastructure": "cd lunadefend/js/internal-infrastructure/s3-redirect-generator && yarn run compile", + "compile:dev:sdks": "cd lunadefend/js/sdks && yarn run compile:dev", + "compile:release:sdks": "cd lunadefend/js/sdks && yarn run compile:release", + "compile:release:services": "cd lunadefend/go && yarn run compile:release", "compile:release:demos": "VERSION=$(yarn run --silent monorepo:version) lunadefend/js/docker/release.sh build", "compile:release": "yarn run compile:release:sdks && yarn run compile:release:services && yarn run compile:release:demos", "postinstall": "sh ./tools/postinstall.sh", @@ -97,14 +97,14 @@ "workspaces": { "packages": [ "./go", - "./js/sdks/packages/*", - "./js/service/packages/*", + "./lunadefend/js/sdks/packages/*", + "./lunadefend/js/service/packages/*", "./lunadefend/js/demo-apps/packages/*", "./docs", - "./js/sdks", + "./lunadefend/js/sdks", "./lunatrace/bsl/backend", - "./js/internal-infrastructure/s3-redirect-generator", - "./js/internal-infrastructure/metrics-server-backend", + "./lunadefend/js/internal-infrastructure/s3-redirect-generator", + "./lunadefend/js/internal-infrastructure/metrics-server-backend", "./lunatrace/bsl/backend", "./lunatrace/bsl/backend-cdk", "./lunatrace/bsl/common", diff --git a/tools/license-checker/configs/apache2.yaml b/tools/license-checker/configs/apache2.yaml index 39932190d..e74c96aff 100644 --- a/tools/license-checker/configs/apache2.yaml +++ b/tools/license-checker/configs/apache2.yaml @@ -19,11 +19,11 @@ header: - 'docs' - 'docs/**' - '**/dist/**' - - 'js/**/build/**' - - 'js/sdks/packages/secure-frame-iframe/public/**' - - 'js/sdks/packages/tokenizer-sdk/src/generated/**' - - 'js/sdks/packages/cli/src/cli.ts' - - 'go/build/**' + - 'lunadefend/js/**/build/**' + - 'lunadefend/js/sdks/packages/secure-frame-iframe/public/**' + - 'lunadefend/js/sdks/packages/tokenizer-sdk/src/generated/**' + - 'lunadefend/js/sdks/packages/cli/src/cli.ts' + - 'lunadefend/go/build/**' - '**/node_modules/**' comment: on-failure license-location-threshold: 3000 diff --git a/tools/ngrok/README.md b/tools/ngrok/README.md index f4629f8be..827cf1c62 100644 --- a/tools/ngrok/README.md +++ b/tools/ngrok/README.md @@ -39,7 +39,7 @@ To start ngrok, run: ngrok start --all ``` -Take the generated domain names and set then in your `lunasec.json`: +Take the generated domain names and set then in your `lunadefend.js`: ```js module.exports = { // ... @@ -54,4 +54,4 @@ module.exports = { Redeploy the LunaSec stack so the tokenizer knows how to access your now accessible backend. ```shell lunasec deploy -``` \ No newline at end of file +``` diff --git a/yarn.lock b/yarn.lock index 840579fa3..487efe7af 100644 --- a/yarn.lock +++ b/yarn.lock @@ -7884,6 +7884,13 @@ __metadata: languageName: node linkType: hard +"@babel/compat-data@npm:^7.17.10": + version: 7.17.10 + resolution: "@babel/compat-data@npm:7.17.10" + checksum: e85051087cd4690de5061909a2dd2d7f8b6434a3c2e30be6c119758db2027ae1845bcd75a81127423dd568b706ac6994a1a3d7d701069a23bf5cfe900728290b + languageName: node + linkType: hard + "@babel/core@npm:7.12.3": version: 7.12.3 resolution: "@babel/core@npm:7.12.3" @@ -7955,6 +7962,29 @@ __metadata: languageName: node linkType: hard +"@babel/core@npm:^7.11.6": + version: 7.18.2 + resolution: "@babel/core@npm:7.18.2" + dependencies: + "@ampproject/remapping": ^2.1.0 + "@babel/code-frame": ^7.16.7 + "@babel/generator": ^7.18.2 + "@babel/helper-compilation-targets": ^7.18.2 + "@babel/helper-module-transforms": ^7.18.0 + "@babel/helpers": ^7.18.2 + "@babel/parser": ^7.18.0 + "@babel/template": ^7.16.7 + "@babel/traverse": ^7.18.2 + "@babel/types": ^7.18.2 + convert-source-map: ^1.7.0 + debug: ^4.1.0 + gensync: ^1.0.0-beta.2 + json5: ^2.2.1 + semver: ^6.3.0 + checksum: 14a4142c12e004cd2477b7610408d5788ee5dd821ee9e4de204cbb72d9c399d858d9deabc3d49914d5d7c2927548160c19bdc7524b1a9f6acc1ec96a8d9848dd + languageName: node + linkType: hard + "@babel/eslint-parser@npm:^7.16.3": version: 7.17.0 resolution: "@babel/eslint-parser@npm:7.17.0" @@ -7991,6 +8021,17 @@ __metadata: languageName: node linkType: hard +"@babel/generator@npm:^7.18.2": + version: 7.18.2 + resolution: "@babel/generator@npm:7.18.2" + dependencies: + "@babel/types": ^7.18.2 + "@jridgewell/gen-mapping": ^0.3.0 + jsesc: ^2.5.1 + checksum: d0661e95532ddd97566d41fec26355a7b28d1cbc4df95fe80cc084c413342935911b48db20910708db39714844ddd614f61c2ec4cca3fb10181418bdcaa2e7a3 + languageName: node + linkType: hard + "@babel/helper-annotate-as-pure@npm:^7.16.0, @babel/helper-annotate-as-pure@npm:^7.16.7": version: 7.16.7 resolution: "@babel/helper-annotate-as-pure@npm:7.16.7" @@ -8024,6 +8065,20 @@ __metadata: languageName: node linkType: hard +"@babel/helper-compilation-targets@npm:^7.18.2": + version: 7.18.2 + resolution: "@babel/helper-compilation-targets@npm:7.18.2" + dependencies: + "@babel/compat-data": ^7.17.10 + "@babel/helper-validator-option": ^7.16.7 + browserslist: ^4.20.2 + semver: ^6.3.0 + peerDependencies: + "@babel/core": ^7.0.0 + checksum: 4f02e79f20c0b3f8db5049ba8c35027c41ccb3fc7884835d04e49886538e0f55702959db1bb75213c94a5708fec2dc81a443047559a4f184abb884c72c0059b4 + languageName: node + linkType: hard + "@babel/helper-create-class-features-plugin@npm:^7.16.10, @babel/helper-create-class-features-plugin@npm:^7.16.7, @babel/helper-create-class-features-plugin@npm:^7.17.1, @babel/helper-create-class-features-plugin@npm:^7.17.6": version: 7.17.6 resolution: "@babel/helper-create-class-features-plugin@npm:7.17.6" @@ -8097,6 +8152,13 @@ __metadata: languageName: node linkType: hard +"@babel/helper-environment-visitor@npm:^7.18.2": + version: 7.18.2 + resolution: "@babel/helper-environment-visitor@npm:7.18.2" + checksum: 1a9c8726fad454a082d077952a90f17188e92eabb3de236cb4782c49b39e3f69c327e272b965e9a20ff8abf37d30d03ffa6fd7974625a6c23946f70f7527f5e9 + languageName: node + linkType: hard + "@babel/helper-explode-assignable-expression@npm:^7.16.7": version: 7.16.7 resolution: "@babel/helper-explode-assignable-expression@npm:7.16.7" @@ -8188,6 +8250,22 @@ __metadata: languageName: node linkType: hard +"@babel/helper-module-transforms@npm:^7.18.0": + version: 7.18.0 + resolution: "@babel/helper-module-transforms@npm:7.18.0" + dependencies: + "@babel/helper-environment-visitor": ^7.16.7 + "@babel/helper-module-imports": ^7.16.7 + "@babel/helper-simple-access": ^7.17.7 + "@babel/helper-split-export-declaration": ^7.16.7 + "@babel/helper-validator-identifier": ^7.16.7 + "@babel/template": ^7.16.7 + "@babel/traverse": ^7.18.0 + "@babel/types": ^7.18.0 + checksum: 824c3967c08d75bb36adc18c31dcafebcd495b75b723e2e17c6185e88daf5c6db62a6a75d9f791b5f38618a349e7cb32503e715a1b9a4e8bad4d0f43e3e6b523 + languageName: node + linkType: hard + "@babel/helper-optimise-call-expression@npm:^7.16.7": version: 7.16.7 resolution: "@babel/helper-optimise-call-expression@npm:7.16.7" @@ -8251,6 +8329,15 @@ __metadata: languageName: node linkType: hard +"@babel/helper-simple-access@npm:^7.17.7": + version: 7.18.2 + resolution: "@babel/helper-simple-access@npm:7.18.2" + dependencies: + "@babel/types": ^7.18.2 + checksum: c0862b56db7e120754d89273a039b128c27517389f6a4425ff24e49779791e8fe10061579171fb986be81fa076778acb847c709f6f5e396278d9c5e01360c375 + languageName: node + linkType: hard + "@babel/helper-skip-transparent-expression-wrappers@npm:^7.16.0": version: 7.16.0 resolution: "@babel/helper-skip-transparent-expression-wrappers@npm:7.16.0" @@ -8306,6 +8393,17 @@ __metadata: languageName: node linkType: hard +"@babel/helpers@npm:^7.18.2": + version: 7.18.2 + resolution: "@babel/helpers@npm:7.18.2" + dependencies: + "@babel/template": ^7.16.7 + "@babel/traverse": ^7.18.2 + "@babel/types": ^7.18.2 + checksum: 94620242f23f6d5f9b83a02b1aa1632ffb05b0815e1bb53d3b46d64aa8e771066bba1db8bd267d9091fb00134cfaeda6a8d69d1d4cc2c89658631adfa077ae70 + languageName: node + linkType: hard + "@babel/highlight@npm:^7.10.4, @babel/highlight@npm:^7.16.7": version: 7.16.10 resolution: "@babel/highlight@npm:7.16.10" @@ -8326,6 +8424,15 @@ __metadata: languageName: node linkType: hard +"@babel/parser@npm:^7.18.0": + version: 7.18.4 + resolution: "@babel/parser@npm:7.18.4" + bin: + parser: ./bin/babel-parser.js + checksum: e05b2dc720c4b200e088258f3c2a2de5041c140444edc38181d1217b10074e881a7133162c5b62356061f26279f08df5a06ec14c5842996ee8601ad03c57a44f + languageName: node + linkType: hard + "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression@npm:^7.16.7": version: 7.16.7 resolution: "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression@npm:7.16.7" @@ -9466,6 +9573,24 @@ __metadata: languageName: node linkType: hard +"@babel/traverse@npm:^7.18.0, @babel/traverse@npm:^7.18.2": + version: 7.18.2 + resolution: "@babel/traverse@npm:7.18.2" + dependencies: + "@babel/code-frame": ^7.16.7 + "@babel/generator": ^7.18.2 + "@babel/helper-environment-visitor": ^7.18.2 + "@babel/helper-function-name": ^7.17.9 + "@babel/helper-hoist-variables": ^7.16.7 + "@babel/helper-split-export-declaration": ^7.16.7 + "@babel/parser": ^7.18.0 + "@babel/types": ^7.18.2 + debug: ^4.1.0 + globals: ^11.1.0 + checksum: e21c2d550bf610406cf21ef6fbec525cb1d80b9d6d71af67552478a24ee371203cb4025b23b110ae7288a62a874ad5898daad19ad23daa95dfc8ab47a47a092f + languageName: node + linkType: hard + "@babel/types@npm:7.16.0": version: 7.16.0 resolution: "@babel/types@npm:7.16.0" @@ -9486,6 +9611,16 @@ __metadata: languageName: node linkType: hard +"@babel/types@npm:^7.18.0, @babel/types@npm:^7.18.2": + version: 7.18.4 + resolution: "@babel/types@npm:7.18.4" + dependencies: + "@babel/helper-validator-identifier": ^7.16.7 + to-fast-properties: ^2.0.0 + checksum: 85df59beb99c1b95e9e41590442f2ffa1e5b1b558d025489db40c9f7c906bd03a17da26c3ec486e5800e80af27c42ca7eee9506d9212ab17766d2d68d30fbf52 + languageName: node + linkType: hard + "@balena/dockerignore@npm:^1.0.2": version: 1.0.2 resolution: "@balena/dockerignore@npm:1.0.2" @@ -11481,6 +11616,20 @@ __metadata: languageName: node linkType: hard +"@jest/console@npm:^28.1.0": + version: 28.1.0 + resolution: "@jest/console@npm:28.1.0" + dependencies: + "@jest/types": ^28.1.0 + "@types/node": "*" + chalk: ^4.0.0 + jest-message-util: ^28.1.0 + jest-util: ^28.1.0 + slash: ^3.0.0 + checksum: 6ce8ed8159517c28d413fbebf806c8ed53e958f5069b45731b21add626bdea799bc6944d9cfcc5d350047e7198185515b58877e09da52801df64cfc21c4060df + languageName: node + linkType: hard + "@jest/core@npm:^24.9.0": version: 24.9.0 resolution: "@jest/core@npm:24.9.0" @@ -11553,7 +11702,7 @@ __metadata: languageName: node linkType: hard -"@jest/core@npm:^27.4.3, @jest/core@npm:^27.5.1": +"@jest/core@npm:^27.5.1": version: 27.5.1 resolution: "@jest/core@npm:27.5.1" dependencies: @@ -11594,6 +11743,48 @@ __metadata: languageName: node linkType: hard +"@jest/core@npm:^28.1.0": + version: 28.1.0 + resolution: "@jest/core@npm:28.1.0" + dependencies: + "@jest/console": ^28.1.0 + "@jest/reporters": ^28.1.0 + "@jest/test-result": ^28.1.0 + "@jest/transform": ^28.1.0 + "@jest/types": ^28.1.0 + "@types/node": "*" + ansi-escapes: ^4.2.1 + chalk: ^4.0.0 + ci-info: ^3.2.0 + exit: ^0.1.2 + graceful-fs: ^4.2.9 + jest-changed-files: ^28.0.2 + jest-config: ^28.1.0 + jest-haste-map: ^28.1.0 + jest-message-util: ^28.1.0 + jest-regex-util: ^28.0.2 + jest-resolve: ^28.1.0 + jest-resolve-dependencies: ^28.1.0 + jest-runner: ^28.1.0 + jest-runtime: ^28.1.0 + jest-snapshot: ^28.1.0 + jest-util: ^28.1.0 + jest-validate: ^28.1.0 + jest-watcher: ^28.1.0 + micromatch: ^4.0.4 + pretty-format: ^28.1.0 + rimraf: ^3.0.0 + slash: ^3.0.0 + strip-ansi: ^6.0.0 + peerDependencies: + node-notifier: ^8.0.1 || ^9.0.0 || ^10.0.0 + peerDependenciesMeta: + node-notifier: + optional: true + checksum: fb955cc5c8d7f294fd9bb85793e0633707fdbce9c10d4e3222b62d36564b17214abc9ab0e93397d1a6d224cd43681f8e54d570327a92a40d7ac3e47b5de3af1f + languageName: node + linkType: hard + "@jest/environment@npm:^24.3.0, @jest/environment@npm:^24.9.0": version: 24.9.0 resolution: "@jest/environment@npm:24.9.0" @@ -11642,6 +11833,37 @@ __metadata: languageName: node linkType: hard +"@jest/environment@npm:^28.1.0": + version: 28.1.0 + resolution: "@jest/environment@npm:28.1.0" + dependencies: + "@jest/fake-timers": ^28.1.0 + "@jest/types": ^28.1.0 + "@types/node": "*" + jest-mock: ^28.1.0 + checksum: 376904d6626bb439f96a56ca9d400e1b6b4a5bafb751820fec649238e35cb7d0b9619223ade86c2906e97fae8da03a7b9561c55c1f5850afe9856db89185d754 + languageName: node + linkType: hard + +"@jest/expect-utils@npm:^28.1.0": + version: 28.1.0 + resolution: "@jest/expect-utils@npm:28.1.0" + dependencies: + jest-get-type: ^28.0.2 + checksum: 5b8b463682bd35ae71868020c87dc654ebed65ded4e74ea3c24bd9e1ab4637a7790c8b78c26cdcb832dd227b9981e8dd24eb3b742891637c24c2a3e38ba153e8 + languageName: node + linkType: hard + +"@jest/expect@npm:^28.1.0": + version: 28.1.0 + resolution: "@jest/expect@npm:28.1.0" + dependencies: + expect: ^28.1.0 + jest-snapshot: ^28.1.0 + checksum: e596bc2a2d02d66cb3e23982c6a48cfe24aa31932f594db7de6966db6c0b58f7aad3836a71debb8aeda6178116c35160e11ded42a355a94457f6402cbb2186e3 + languageName: node + linkType: hard + "@jest/fake-timers@npm:^24.3.0, @jest/fake-timers@npm:^24.9.0": version: 24.9.0 resolution: "@jest/fake-timers@npm:24.9.0" @@ -11695,6 +11917,20 @@ __metadata: languageName: node linkType: hard +"@jest/fake-timers@npm:^28.1.0": + version: 28.1.0 + resolution: "@jest/fake-timers@npm:28.1.0" + dependencies: + "@jest/types": ^28.1.0 + "@sinonjs/fake-timers": ^9.1.1 + "@types/node": "*" + jest-message-util: ^28.1.0 + jest-mock: ^28.1.0 + jest-util: ^28.1.0 + checksum: d24375bcd52873f1e602ff02ffe57c6866570b95ec0be167a4734d051047b2c6b3dab69b2a301a390a0ca2de2ad89fd2b23e991c09a1a3b70b1dd4763c8681c7 + languageName: node + linkType: hard + "@jest/globals@npm:^26.6.2": version: 26.6.2 resolution: "@jest/globals@npm:26.6.2" @@ -11717,6 +11953,17 @@ __metadata: languageName: node linkType: hard +"@jest/globals@npm:^28.1.0": + version: 28.1.0 + resolution: "@jest/globals@npm:28.1.0" + dependencies: + "@jest/environment": ^28.1.0 + "@jest/expect": ^28.1.0 + "@jest/types": ^28.1.0 + checksum: dce822edd1810430ce381235f714be705a9c774c00bf109d9d5df0dc4868371da62520832df99e83635ee1fc1fa4241cf617821b4e3b1a8bcd3fcd91aa8a75a7 + languageName: node + linkType: hard + "@jest/reporters@npm:^24.9.0": version: 24.9.0 resolution: "@jest/reporters@npm:24.9.0" @@ -11820,6 +12067,43 @@ __metadata: languageName: node linkType: hard +"@jest/reporters@npm:^28.1.0": + version: 28.1.0 + resolution: "@jest/reporters@npm:28.1.0" + dependencies: + "@bcoe/v8-coverage": ^0.2.3 + "@jest/console": ^28.1.0 + "@jest/test-result": ^28.1.0 + "@jest/transform": ^28.1.0 + "@jest/types": ^28.1.0 + "@jridgewell/trace-mapping": ^0.3.7 + "@types/node": "*" + chalk: ^4.0.0 + collect-v8-coverage: ^1.0.0 + exit: ^0.1.2 + glob: ^7.1.3 + graceful-fs: ^4.2.9 + istanbul-lib-coverage: ^3.0.0 + istanbul-lib-instrument: ^5.1.0 + istanbul-lib-report: ^3.0.0 + istanbul-lib-source-maps: ^4.0.0 + istanbul-reports: ^3.1.3 + jest-util: ^28.1.0 + jest-worker: ^28.1.0 + slash: ^3.0.0 + string-length: ^4.0.1 + strip-ansi: ^6.0.0 + terminal-link: ^2.0.0 + v8-to-istanbul: ^9.0.0 + peerDependencies: + node-notifier: ^8.0.1 || ^9.0.0 || ^10.0.0 + peerDependenciesMeta: + node-notifier: + optional: true + checksum: 19ec066ba219508ce6f5e0f0b29f26f906367372b1ddcc2d615cd842e53a10bdd02b87c8b04653e103a2e22b56d96e9af99573d9a84c6adab606158e5383d09f + languageName: node + linkType: hard + "@jest/schemas@npm:^28.0.2": version: 28.0.2 resolution: "@jest/schemas@npm:28.0.2" @@ -11862,6 +12146,17 @@ __metadata: languageName: node linkType: hard +"@jest/source-map@npm:^28.0.2": + version: 28.0.2 + resolution: "@jest/source-map@npm:28.0.2" + dependencies: + "@jridgewell/trace-mapping": ^0.3.7 + callsites: ^3.0.0 + graceful-fs: ^4.2.9 + checksum: 427195be85c28517e7e6b29fb38448a371750a1e4f4003e4c33ee0b35bbb72229c80482d444a827aa230f688a0b72c0c858ebd11425a686103c13d6cc61c8da1 + languageName: node + linkType: hard + "@jest/test-result@npm:^24.9.0": version: 24.9.0 resolution: "@jest/test-result@npm:24.9.0" @@ -11897,6 +12192,18 @@ __metadata: languageName: node linkType: hard +"@jest/test-result@npm:^28.1.0": + version: 28.1.0 + resolution: "@jest/test-result@npm:28.1.0" + dependencies: + "@jest/console": ^28.1.0 + "@jest/types": ^28.1.0 + "@types/istanbul-lib-coverage": ^2.0.0 + collect-v8-coverage: ^1.0.0 + checksum: 7f0cf04b8c27a2dbe2eb1b7ac53635e0112fa2000b80b016992a0ca8b495980c11e758b902606f3bb24fb96aa4d5a24730c1fcdacb82d105cd782e210ae412d2 + languageName: node + linkType: hard + "@jest/test-sequencer@npm:^24.9.0": version: 24.9.0 resolution: "@jest/test-sequencer@npm:24.9.0" @@ -11934,6 +12241,18 @@ __metadata: languageName: node linkType: hard +"@jest/test-sequencer@npm:^28.1.0": + version: 28.1.0 + resolution: "@jest/test-sequencer@npm:28.1.0" + dependencies: + "@jest/test-result": ^28.1.0 + graceful-fs: ^4.2.9 + jest-haste-map: ^28.1.0 + slash: ^3.0.0 + checksum: ecd87ca73d1e58ebc6a4de46176c49a0e92c2dc4b41fbd09945b7bd1379ec09ae37804cab3f41c452eea8d1ca71d31a32b602c4e3147ad74c0b0e3a50184cedd + languageName: node + linkType: hard + "@jest/transform@npm:^24.9.0": version: 24.9.0 resolution: "@jest/transform@npm:24.9.0" @@ -12004,6 +12323,29 @@ __metadata: languageName: node linkType: hard +"@jest/transform@npm:^28.1.0": + version: 28.1.0 + resolution: "@jest/transform@npm:28.1.0" + dependencies: + "@babel/core": ^7.11.6 + "@jest/types": ^28.1.0 + "@jridgewell/trace-mapping": ^0.3.7 + babel-plugin-istanbul: ^6.1.1 + chalk: ^4.0.0 + convert-source-map: ^1.4.0 + fast-json-stable-stringify: ^2.0.0 + graceful-fs: ^4.2.9 + jest-haste-map: ^28.1.0 + jest-regex-util: ^28.0.2 + jest-util: ^28.1.0 + micromatch: ^4.0.4 + pirates: ^4.0.4 + slash: ^3.0.0 + write-file-atomic: ^4.0.1 + checksum: f7417409c466fa1b4d8f9f7d365c8c1ed07e709e8712279180a87e9da8520ab06518de270b290148034d93f666d7826449b5e40cac34cc5f7225980e8991f2ba + languageName: node + linkType: hard + "@jest/types@npm:^24.3.0, @jest/types@npm:^24.9.0": version: 24.9.0 resolution: "@jest/types@npm:24.9.0" @@ -12067,6 +12409,20 @@ __metadata: languageName: node linkType: hard +"@jest/types@npm:^28.1.0": + version: 28.1.0 + resolution: "@jest/types@npm:28.1.0" + dependencies: + "@jest/schemas": ^28.0.2 + "@types/istanbul-lib-coverage": ^2.0.0 + "@types/istanbul-reports": ^3.0.0 + "@types/node": "*" + "@types/yargs": ^17.0.8 + chalk: ^4.0.0 + checksum: 22705aed92a76d45465a6c51147bc71c1fbd300b912ebad2769e3ff7fd51c1938017e29fcea52e00c00dab7130697359b2a2c2be6ee601e37c8b1042a2c4040e + languageName: node + linkType: hard + "@josephg/resolvable@npm:^1.0.0": version: 1.0.1 resolution: "@josephg/resolvable@npm:1.0.1" @@ -12074,6 +12430,17 @@ __metadata: languageName: node linkType: hard +"@jridgewell/gen-mapping@npm:^0.3.0": + version: 0.3.1 + resolution: "@jridgewell/gen-mapping@npm:0.3.1" + dependencies: + "@jridgewell/set-array": ^1.0.0 + "@jridgewell/sourcemap-codec": ^1.4.10 + "@jridgewell/trace-mapping": ^0.3.9 + checksum: e9e7bb3335dea9e60872089761d4e8e089597360cdb1af90370e9d53b7d67232c1e0a3ab65fbfef4fc785745193fbc56bff9f3a6cab6c6ce3f15e12b4191f86b + languageName: node + linkType: hard + "@jridgewell/resolve-uri@npm:^3.0.3": version: 3.0.5 resolution: "@jridgewell/resolve-uri@npm:3.0.5" @@ -12081,6 +12448,13 @@ __metadata: languageName: node linkType: hard +"@jridgewell/set-array@npm:^1.0.0": + version: 1.1.1 + resolution: "@jridgewell/set-array@npm:1.1.1" + checksum: cc5d91e0381c347e3edee4ca90b3c292df9e6e55f29acbe0dd97de8651b4730e9ab761406fd572effa79972a0edc55647b627f8c72315e276d959508853d9bf2 + languageName: node + linkType: hard + "@jridgewell/sourcemap-codec@npm:^1.4.10": version: 1.4.11 resolution: "@jridgewell/sourcemap-codec@npm:1.4.11" @@ -12098,6 +12472,16 @@ __metadata: languageName: node linkType: hard +"@jridgewell/trace-mapping@npm:^0.3.7, @jridgewell/trace-mapping@npm:^0.3.9": + version: 0.3.13 + resolution: "@jridgewell/trace-mapping@npm:0.3.13" + dependencies: + "@jridgewell/resolve-uri": ^3.0.3 + "@jridgewell/sourcemap-codec": ^1.4.10 + checksum: e38254e830472248ca10a6ed1ae75af5e8514f0680245a5e7b53bc3c030fd8691d4d3115d80595b45d3badead68269769ed47ecbbdd67db1343a11f05700e75a + languageName: node + linkType: hard + "@jsdevtools/ono@npm:7.1.3, @jsdevtools/ono@npm:^7.1.3": version: 7.1.3 resolution: "@jsdevtools/ono@npm:7.1.3" @@ -13707,9 +14091,9 @@ __metadata: languageName: node linkType: hard -"@lunasec/browser-common@^1.0.7, @lunasec/browser-common@workspace:js/sdks/packages/browser-common": +"@lunasec/browser-common@^1.0.7, @lunasec/browser-common@workspace:lunadefend/js/sdks/packages/browser-common": version: 0.0.0-use.local - resolution: "@lunasec/browser-common@workspace:js/sdks/packages/browser-common" + resolution: "@lunasec/browser-common@workspace:lunadefend/js/sdks/packages/browser-common" dependencies: "@lunasec/isomorphic-common": ^1.0.7 "@types/jest": ^27.0.3 @@ -13722,9 +14106,9 @@ __metadata: languageName: unknown linkType: soft -"@lunasec/cli@workspace:js/sdks/packages/cli": +"@lunasec/cli@workspace:lunadefend/js/sdks/packages/cli": version: 0.0.0-use.local - resolution: "@lunasec/cli@workspace:js/sdks/packages/cli" + resolution: "@lunasec/cli@workspace:lunadefend/js/sdks/packages/cli" dependencies: "@aws-cdk/aws-apigateway": 1.145.0 "@aws-cdk/aws-cloudfront": 1.145.0 @@ -13767,6 +14151,7 @@ __metadata: source-map-support: ^0.5.20 ts-node: ^10.3.0 typescript: ~4.5.2 + yargs: ~17.5.1 bin: lunasec: ./build/cli.js languageName: unknown @@ -13831,18 +14216,18 @@ __metadata: languageName: unknown linkType: soft -"@lunasec/isomorphic-common@^1.0.7, @lunasec/isomorphic-common@workspace:js/sdks/packages/isomorphic-common": +"@lunasec/isomorphic-common@^1.0.7, @lunasec/isomorphic-common@workspace:lunadefend/js/sdks/packages/isomorphic-common": version: 0.0.0-use.local - resolution: "@lunasec/isomorphic-common@workspace:js/sdks/packages/isomorphic-common" + resolution: "@lunasec/isomorphic-common@workspace:lunadefend/js/sdks/packages/isomorphic-common" dependencies: "@types/node": ^14.0.0 typescript: ~4.5.0 languageName: unknown linkType: soft -"@lunasec/node-sdk@^1.0.7, @lunasec/node-sdk@workspace:js/sdks/packages/node-sdk": +"@lunasec/node-sdk@^1.0.7, @lunasec/node-sdk@workspace:lunadefend/js/sdks/packages/node-sdk": version: 0.0.0-use.local - resolution: "@lunasec/node-sdk@workspace:js/sdks/packages/node-sdk" + resolution: "@lunasec/node-sdk@workspace:lunadefend/js/sdks/packages/node-sdk" dependencies: "@aws-sdk/client-secrets-manager": ^3.22.0 "@aws-sdk/hash-node": ^3.22.0 @@ -13922,7 +14307,7 @@ __metadata: graphql: ^15.0.0 graphql-tag: ^2.12.5 husky: ^6.0.0 - jest: 27.4.3 + jest: ~28.1.0 lerna: ^3.22.1 lint-staged: ^10.5.4 prettier: ^2.2.1 @@ -13932,15 +14317,16 @@ __metadata: react-scripts: 4.0.3 rimraf: ^3.0.2 serve: ^11.3.0 + ts-jest: ~28.0.3 tslint-config-prettier: ^1.18.0 typescript: ~4.5.3 web-vitals: ^1.0.1 languageName: unknown linkType: soft -"@lunasec/react-sdk@^1.0.7, @lunasec/react-sdk@workspace:js/sdks/packages/react-sdk": +"@lunasec/react-sdk@^1.0.7, @lunasec/react-sdk@workspace:lunadefend/js/sdks/packages/react-sdk": version: 0.0.0-use.local - resolution: "@lunasec/react-sdk@workspace:js/sdks/packages/react-sdk" + resolution: "@lunasec/react-sdk@workspace:lunadefend/js/sdks/packages/react-sdk" dependencies: "@lunasec/browser-common": ^1.0.7 "@lunasec/isomorphic-common": ^1.0.7 @@ -13972,9 +14358,9 @@ __metadata: languageName: unknown linkType: soft -"@lunasec/s3-redirect-generator@^1.0.7, @lunasec/s3-redirect-generator@workspace:js/internal-infrastructure/s3-redirect-generator": +"@lunasec/s3-redirect-generator@^1.0.7, @lunasec/s3-redirect-generator@workspace:lunadefend/js/internal-infrastructure/s3-redirect-generator": version: 0.0.0-use.local - resolution: "@lunasec/s3-redirect-generator@workspace:js/internal-infrastructure/s3-redirect-generator" + resolution: "@lunasec/s3-redirect-generator@workspace:lunadefend/js/internal-infrastructure/s3-redirect-generator" dependencies: "@types/node": ^14.0.0 "@types/ramda": ^0.27.56 @@ -13985,9 +14371,9 @@ __metadata: languageName: unknown linkType: soft -"@lunasec/secure-frame-front-end@^1.0.7, @lunasec/secure-frame-front-end@workspace:js/sdks/packages/secure-frame-iframe": +"@lunasec/secure-frame-front-end@^1.0.7, @lunasec/secure-frame-front-end@workspace:lunadefend/js/sdks/packages/secure-frame-iframe": version: 0.0.0-use.local - resolution: "@lunasec/secure-frame-front-end@workspace:js/sdks/packages/secure-frame-iframe" + resolution: "@lunasec/secure-frame-front-end@workspace:lunadefend/js/sdks/packages/secure-frame-iframe" dependencies: "@lunasec/browser-common": ^1.0.7 "@lunasec/isomorphic-common": ^1.0.7 @@ -14022,9 +14408,9 @@ __metadata: languageName: unknown linkType: soft -"@lunasec/server-common@^1.0.7, @lunasec/server-common@workspace:js/sdks/packages/server-common": +"@lunasec/server-common@^1.0.7, @lunasec/server-common@workspace:lunadefend/js/sdks/packages/server-common": version: 0.0.0-use.local - resolution: "@lunasec/server-common@workspace:js/sdks/packages/server-common" + resolution: "@lunasec/server-common@workspace:lunadefend/js/sdks/packages/server-common" dependencies: "@types/node": ^14.0.0 react: ^17.0.2 @@ -14033,9 +14419,9 @@ __metadata: languageName: unknown linkType: soft -"@lunasec/tokenizer-sdk@^1.0.7, @lunasec/tokenizer-sdk@workspace:js/sdks/packages/tokenizer-sdk": +"@lunasec/tokenizer-sdk@^1.0.7, @lunasec/tokenizer-sdk@workspace:lunadefend/js/sdks/packages/tokenizer-sdk": version: 0.0.0-use.local - resolution: "@lunasec/tokenizer-sdk@workspace:js/sdks/packages/tokenizer-sdk" + resolution: "@lunasec/tokenizer-sdk@workspace:lunadefend/js/sdks/packages/tokenizer-sdk" dependencies: "@lunasec/browser-common": ^1.0.7 "@lunasec/isomorphic-common": ^1.0.7 @@ -16753,7 +17139,7 @@ __metadata: languageName: node linkType: hard -"@types/graceful-fs@npm:^4.1.2": +"@types/graceful-fs@npm:^4.1.2, @types/graceful-fs@npm:^4.1.3": version: 4.1.5 resolution: "@types/graceful-fs@npm:4.1.5" dependencies: @@ -20971,6 +21357,23 @@ __metadata: languageName: node linkType: hard +"babel-jest@npm:^28.1.0": + version: 28.1.0 + resolution: "babel-jest@npm:28.1.0" + dependencies: + "@jest/transform": ^28.1.0 + "@types/babel__core": ^7.1.14 + babel-plugin-istanbul: ^6.1.1 + babel-preset-jest: ^28.0.2 + chalk: ^4.0.0 + graceful-fs: ^4.2.9 + slash: ^3.0.0 + peerDependencies: + "@babel/core": ^7.8.0 + checksum: b09195e04d58a763aa06423ffd6f3c4d1be0b40626fbbc65ca7c5668562d23624f36aee0821d9fef7496eb6a6df45c9215025451f1a64d064bfd4b0279cbe4c8 + languageName: node + linkType: hard + "babel-loader@npm:8.1.0": version: 8.1.0 resolution: "babel-loader@npm:8.1.0" @@ -21108,6 +21511,18 @@ __metadata: languageName: node linkType: hard +"babel-plugin-jest-hoist@npm:^28.0.2": + version: 28.0.2 + resolution: "babel-plugin-jest-hoist@npm:28.0.2" + dependencies: + "@babel/template": ^7.3.3 + "@babel/types": ^7.3.3 + "@types/babel__core": ^7.1.14 + "@types/babel__traverse": ^7.0.6 + checksum: 713c0279fd38bdac5683c4447ebf5bce09fabd64ecb2f3963b8e08b89705195023ff93ce9a9fd01b142e6b51443736ca0a6b21e051844510f319066859c79e1f + languageName: node + linkType: hard + "babel-plugin-macros@npm:^2.6.1": version: 2.8.0 resolution: "babel-plugin-macros@npm:2.8.0" @@ -21345,6 +21760,18 @@ __metadata: languageName: node linkType: hard +"babel-preset-jest@npm:^28.0.2": + version: 28.0.2 + resolution: "babel-preset-jest@npm:28.0.2" + dependencies: + babel-plugin-jest-hoist: ^28.0.2 + babel-preset-current-node-syntax: ^1.0.0 + peerDependencies: + "@babel/core": ^7.0.0 + checksum: 1e17c5a2fcbfa231838ea9338dabc7e9c4a214410d121c46fcc2d5bb53576152cd99356467d7821a7694e1d5765e27e43bd145c18e035d7c4bf95dc9ed1ad1ba + languageName: node + linkType: hard + "babel-preset-react-app@npm:^10.0.0, babel-preset-react-app@npm:^10.0.1": version: 10.0.1 resolution: "babel-preset-react-app@npm:10.0.1" @@ -22067,6 +22494,21 @@ __metadata: languageName: node linkType: hard +"browserslist@npm:^4.20.2": + version: 4.20.3 + resolution: "browserslist@npm:4.20.3" + dependencies: + caniuse-lite: ^1.0.30001332 + electron-to-chromium: ^1.4.118 + escalade: ^3.1.1 + node-releases: ^2.0.3 + picocolors: ^1.0.0 + bin: + browserslist: cli.js + checksum: 1e4b719ac2ca0fe235218a606e8b8ef16b8809e0973b924158c39fbc435a0b0fe43437ea52dd6ef5ad2efcb83fcb07431244e472270177814217f7c563651f7d + languageName: node + linkType: hard + "bs-logger@npm:0.x": version: 0.2.6 resolution: "bs-logger@npm:0.2.6" @@ -22604,6 +23046,13 @@ __metadata: languageName: node linkType: hard +"caniuse-lite@npm:^1.0.30001332": + version: 1.0.30001344 + resolution: "caniuse-lite@npm:1.0.30001344" + checksum: 9dba66f796dc98632dced4c5d487d0fad219e137a27c634eec68520f2e598a613e3371b9207e15a078689a629128eca898793e37fc98841821ab481bddad51b9 + languageName: node + linkType: hard + "capital-case@npm:^1.0.4": version: 1.0.4 resolution: "capital-case@npm:1.0.4" @@ -26202,9 +26651,9 @@ __metadata: languageName: node linkType: hard -"deploy-cdk@workspace:js/internal-infrastructure/metrics-server-backend": +"deploy-cdk@workspace:lunadefend/js/internal-infrastructure/metrics-server-backend": version: 0.0.0-use.local - resolution: "deploy-cdk@workspace:js/internal-infrastructure/metrics-server-backend" + resolution: "deploy-cdk@workspace:lunadefend/js/internal-infrastructure/metrics-server-backend" dependencies: "@aws-cdk/assert": 1.147.0 "@aws-cdk/aws-apigateway": 1.147.0 @@ -26438,6 +26887,13 @@ __metadata: languageName: node linkType: hard +"diff-sequences@npm:^28.0.2": + version: 28.0.2 + resolution: "diff-sequences@npm:28.0.2" + checksum: 482360a8ec93333ea61bc93a800a1bee37c943b94a48fa1597825076adcad24620b44a0d3aa8f3d190584a4156c4b3315028453ca33e1174001fae3cdaa7f8f8 + languageName: node + linkType: hard + "diff@npm:^4.0.1": version: 4.0.2 resolution: "diff@npm:4.0.2" @@ -27008,6 +27464,13 @@ __metadata: languageName: node linkType: hard +"electron-to-chromium@npm:^1.4.118": + version: 1.4.143 + resolution: "electron-to-chromium@npm:1.4.143" + checksum: ce7f140b23ddee0127440c24357edfdd4683948cbf25d5f91ca9069a673b12c0da61cd05c3ae5b7f4b22e5a390a2f24e02d79d2011e6cc2fd5f05ba75870d920 + languageName: node + linkType: hard + "elegant-spinner@npm:^1.0.1": version: 1.0.1 resolution: "elegant-spinner@npm:1.0.1" @@ -27039,6 +27502,13 @@ __metadata: languageName: node linkType: hard +"emittery@npm:^0.10.2": + version: 0.10.2 + resolution: "emittery@npm:0.10.2" + checksum: ee3e21788b043b90885b18ea756ec3105c1cedc50b29709c92b01e239c7e55345d4bb6d3aef4ddbaf528eef448a40b3bb831bad9ee0fc9c25cbf1367ab1ab5ac + languageName: node + linkType: hard + "emittery@npm:^0.7.1": version: 0.7.2 resolution: "emittery@npm:0.7.2" @@ -28587,6 +29057,19 @@ __metadata: languageName: node linkType: hard +"expect@npm:^28.1.0": + version: 28.1.0 + resolution: "expect@npm:28.1.0" + dependencies: + "@jest/expect-utils": ^28.1.0 + jest-get-type: ^28.0.2 + jest-matcher-utils: ^28.1.0 + jest-message-util: ^28.1.0 + jest-util: ^28.1.0 + checksum: 53bfa2e094a7d5b270ce9a8dafc5432d51bb369287502acd373b66fe01072260bacd1f83bf741d5de49b008406781ab879a0247f5f6fc10d3f32fbe5a3ccfbdf + languageName: node + linkType: hard + "express-jwt@npm:^6.1.1": version: 6.1.1 resolution: "express-jwt@npm:6.1.1" @@ -33841,6 +34324,16 @@ __metadata: languageName: node linkType: hard +"jest-changed-files@npm:^28.0.2": + version: 28.0.2 + resolution: "jest-changed-files@npm:28.0.2" + dependencies: + execa: ^5.0.0 + throat: ^6.0.1 + checksum: 389d4de4b26de3d2c6e23783ef4e23f827a9a79cfebd2db7c6ff74727198814469ee1e1a89f0e6d28a94e3c632ec45b044c2400a0793b8591e18d07b4b421784 + languageName: node + linkType: hard + "jest-circus@npm:26.6.0": version: 26.6.0 resolution: "jest-circus@npm:26.6.0" @@ -33897,6 +34390,33 @@ __metadata: languageName: node linkType: hard +"jest-circus@npm:^28.1.0": + version: 28.1.0 + resolution: "jest-circus@npm:28.1.0" + dependencies: + "@jest/environment": ^28.1.0 + "@jest/expect": ^28.1.0 + "@jest/test-result": ^28.1.0 + "@jest/types": ^28.1.0 + "@types/node": "*" + chalk: ^4.0.0 + co: ^4.6.0 + dedent: ^0.7.0 + is-generator-fn: ^2.0.0 + jest-each: ^28.1.0 + jest-matcher-utils: ^28.1.0 + jest-message-util: ^28.1.0 + jest-runtime: ^28.1.0 + jest-snapshot: ^28.1.0 + jest-util: ^28.1.0 + pretty-format: ^28.1.0 + slash: ^3.0.0 + stack-utils: ^2.0.3 + throat: ^6.0.1 + checksum: 29b3f6936671947b81c507132f2afeadf1789cefa1a3849d7ba6a2a32c532016c8df9a647cea6e286050b7d97f1244746175fe9fe768dd38f5bba329aa6c5bc7 + languageName: node + linkType: hard + "jest-cli@npm:^24.9.0": version: 24.9.0 resolution: "jest-cli@npm:24.9.0" @@ -33943,7 +34463,7 @@ __metadata: languageName: node linkType: hard -"jest-cli@npm:^27.4.3, jest-cli@npm:^27.5.1": +"jest-cli@npm:^27.5.1": version: 27.5.1 resolution: "jest-cli@npm:27.5.1" dependencies: @@ -33970,6 +34490,33 @@ __metadata: languageName: node linkType: hard +"jest-cli@npm:^28.1.0": + version: 28.1.0 + resolution: "jest-cli@npm:28.1.0" + dependencies: + "@jest/core": ^28.1.0 + "@jest/test-result": ^28.1.0 + "@jest/types": ^28.1.0 + chalk: ^4.0.0 + exit: ^0.1.2 + graceful-fs: ^4.2.9 + import-local: ^3.0.2 + jest-config: ^28.1.0 + jest-util: ^28.1.0 + jest-validate: ^28.1.0 + prompts: ^2.0.1 + yargs: ^17.3.1 + peerDependencies: + node-notifier: ^8.0.1 || ^9.0.0 || ^10.0.0 + peerDependenciesMeta: + node-notifier: + optional: true + bin: + jest: bin/jest.js + checksum: 9da98d9a7a0b670f610943be708205988030fd094029f8a64b258a5a5ef18c0b527ec7019e6b95802f2baa2241bb2d6caf31ef4fd530bcf176737e4ede1d9d79 + languageName: node + linkType: hard + "jest-config@npm:^24.9.0": version: 24.9.0 resolution: "jest-config@npm:24.9.0" @@ -34063,6 +34610,44 @@ __metadata: languageName: node linkType: hard +"jest-config@npm:^28.1.0": + version: 28.1.0 + resolution: "jest-config@npm:28.1.0" + dependencies: + "@babel/core": ^7.11.6 + "@jest/test-sequencer": ^28.1.0 + "@jest/types": ^28.1.0 + babel-jest: ^28.1.0 + chalk: ^4.0.0 + ci-info: ^3.2.0 + deepmerge: ^4.2.2 + glob: ^7.1.3 + graceful-fs: ^4.2.9 + jest-circus: ^28.1.0 + jest-environment-node: ^28.1.0 + jest-get-type: ^28.0.2 + jest-regex-util: ^28.0.2 + jest-resolve: ^28.1.0 + jest-runner: ^28.1.0 + jest-util: ^28.1.0 + jest-validate: ^28.1.0 + micromatch: ^4.0.4 + parse-json: ^5.2.0 + pretty-format: ^28.1.0 + slash: ^3.0.0 + strip-json-comments: ^3.1.1 + peerDependencies: + "@types/node": "*" + ts-node: ">=9.0.0" + peerDependenciesMeta: + "@types/node": + optional: true + ts-node: + optional: true + checksum: 48bfbef4334a187ce6873fd515230e521f500fe2ae57e43ec5747abee95a80583e784cfb99dd1b11664774f33da63758cc63d4a2b2ecf95c8984f2a880cd773e + languageName: node + linkType: hard + "jest-diff@npm:^24.0.0, jest-diff@npm:^24.3.0, jest-diff@npm:^24.9.0": version: 24.9.0 resolution: "jest-diff@npm:24.9.0" @@ -34099,6 +34684,18 @@ __metadata: languageName: node linkType: hard +"jest-diff@npm:^28.1.0": + version: 28.1.0 + resolution: "jest-diff@npm:28.1.0" + dependencies: + chalk: ^4.0.0 + diff-sequences: ^28.0.2 + jest-get-type: ^28.0.2 + pretty-format: ^28.1.0 + checksum: 4d90d9d18ba1d28f5520fa206831e9e8199facf28c6d2b4967c7e4cd1ee78e7e826187babdeb02073f79a1d2c186520d73f77fa29877c6547b0a79392d08a513 + languageName: node + linkType: hard + "jest-docblock@npm:^24.3.0": version: 24.9.0 resolution: "jest-docblock@npm:24.9.0" @@ -34126,6 +34723,15 @@ __metadata: languageName: node linkType: hard +"jest-docblock@npm:^28.0.2": + version: 28.0.2 + resolution: "jest-docblock@npm:28.0.2" + dependencies: + detect-newline: ^3.0.0 + checksum: 97aa9707127d5bfc4589485374711bbbb7d9049067fd562132592102f0b841682357eca9b95e35496f78538a2ae400b0b0a8b03f477d6773fc093be9f4716f1f + languageName: node + linkType: hard + "jest-each@npm:^24.9.0": version: 24.9.0 resolution: "jest-each@npm:24.9.0" @@ -34165,6 +34771,19 @@ __metadata: languageName: node linkType: hard +"jest-each@npm:^28.1.0": + version: 28.1.0 + resolution: "jest-each@npm:28.1.0" + dependencies: + "@jest/types": ^28.1.0 + chalk: ^4.0.0 + jest-get-type: ^28.0.2 + jest-util: ^28.1.0 + pretty-format: ^28.1.0 + checksum: a3d650c0c12a4bf4d4497b9de8aceb0dd96a6183dd8016ae1e4a16b11a81e0e29a58e23b0a1f5a6ca6135156041fd6bf2a4557b9d1ecd33dd417d3cb0e8005a0 + languageName: node + linkType: hard + "jest-environment-jsdom-fifteen@npm:^1.0.2": version: 1.0.2 resolution: "jest-environment-jsdom-fifteen@npm:1.0.2" @@ -34280,6 +34899,20 @@ __metadata: languageName: node linkType: hard +"jest-environment-node@npm:^28.1.0": + version: 28.1.0 + resolution: "jest-environment-node@npm:28.1.0" + dependencies: + "@jest/environment": ^28.1.0 + "@jest/fake-timers": ^28.1.0 + "@jest/types": ^28.1.0 + "@types/node": "*" + jest-mock: ^28.1.0 + jest-util: ^28.1.0 + checksum: e65e83962b6d6d8879611e230d878cd2690acd20d1295071f67de7b02dfc4194438961be2a73acf005fc022fb2f73f9dafd50c23088d4e6b70156f8998b19beb + languageName: node + linkType: hard + "jest-get-type@npm:^24.9.0": version: 24.9.0 resolution: "jest-get-type@npm:24.9.0" @@ -34301,6 +34934,13 @@ __metadata: languageName: node linkType: hard +"jest-get-type@npm:^28.0.2": + version: 28.0.2 + resolution: "jest-get-type@npm:28.0.2" + checksum: 5281d7c89bc8156605f6d15784f45074f4548501195c26e9b188742768f72d40948252d13230ea905b5349038865a1a8eeff0e614cc530ff289dfc41fe843abd + languageName: node + linkType: hard + "jest-haste-map@npm:^24.9.0": version: 24.9.0 resolution: "jest-haste-map@npm:24.9.0" @@ -34373,6 +35013,29 @@ __metadata: languageName: node linkType: hard +"jest-haste-map@npm:^28.1.0": + version: 28.1.0 + resolution: "jest-haste-map@npm:28.1.0" + dependencies: + "@jest/types": ^28.1.0 + "@types/graceful-fs": ^4.1.3 + "@types/node": "*" + anymatch: ^3.0.3 + fb-watchman: ^2.0.0 + fsevents: ^2.3.2 + graceful-fs: ^4.2.9 + jest-regex-util: ^28.0.2 + jest-util: ^28.1.0 + jest-worker: ^28.1.0 + micromatch: ^4.0.4 + walker: ^1.0.7 + dependenciesMeta: + fsevents: + optional: true + checksum: 128c2d1aa39610febfc9fe66bbc40bb847d89da3e1646ed1bbe63e90bd4c930d1798d20aef8d928fda8e5b0570f05f1cbb263030ebe776c01bb86dd5174434da + languageName: node + linkType: hard + "jest-jasmine2@npm:^24.9.0": version: 24.9.0 resolution: "jest-jasmine2@npm:24.9.0" @@ -34487,6 +35150,16 @@ __metadata: languageName: node linkType: hard +"jest-leak-detector@npm:^28.1.0": + version: 28.1.0 + resolution: "jest-leak-detector@npm:28.1.0" + dependencies: + jest-get-type: ^28.0.2 + pretty-format: ^28.1.0 + checksum: 911eec6b96d389c1e7741c8df85e030a9618e38105c7e71f6f2c1284a02d033fec4e6a8916385f17fd5ed0ffffb8491ac887f5b3de11d0265d8415598e9c0ae6 + languageName: node + linkType: hard + "jest-matcher-utils@npm:^24.0.0, jest-matcher-utils@npm:^24.9.0": version: 24.9.0 resolution: "jest-matcher-utils@npm:24.9.0" @@ -34523,6 +35196,18 @@ __metadata: languageName: node linkType: hard +"jest-matcher-utils@npm:^28.1.0": + version: 28.1.0 + resolution: "jest-matcher-utils@npm:28.1.0" + dependencies: + chalk: ^4.0.0 + jest-diff: ^28.1.0 + jest-get-type: ^28.0.2 + pretty-format: ^28.1.0 + checksum: 60e3e83fff67402972b101135d44443981d6519008e435b567f197220f330ec38356f905b6872348d082f0a2a4089612f63d2c72f55ee3c718de6b0ef03f4d6d + languageName: node + linkType: hard + "jest-message-util@npm:^24.9.0": version: 24.9.0 resolution: "jest-message-util@npm:24.9.0" @@ -34590,6 +35275,23 @@ __metadata: languageName: node linkType: hard +"jest-message-util@npm:^28.1.0": + version: 28.1.0 + resolution: "jest-message-util@npm:28.1.0" + dependencies: + "@babel/code-frame": ^7.12.13 + "@jest/types": ^28.1.0 + "@types/stack-utils": ^2.0.0 + chalk: ^4.0.0 + graceful-fs: ^4.2.9 + micromatch: ^4.0.4 + pretty-format: ^28.1.0 + slash: ^3.0.0 + stack-utils: ^2.0.3 + checksum: a224f9dbb53b5ad857918938f94c6e5d9c64ccdd42e0780b3b485d66bd93c82cff7dd91fbe274273efb69533d79808f9c98622b23d70ec027e8619a20e283773 + languageName: node + linkType: hard + "jest-mock@npm:^24.0.0, jest-mock@npm:^24.9.0": version: 24.9.0 resolution: "jest-mock@npm:24.9.0" @@ -34629,6 +35331,16 @@ __metadata: languageName: node linkType: hard +"jest-mock@npm:^28.1.0": + version: 28.1.0 + resolution: "jest-mock@npm:28.1.0" + dependencies: + "@jest/types": ^28.1.0 + "@types/node": "*" + checksum: 013428db82f418059314588e5d02a2a8f6697940ffeb1b1a23f61e9b94b1dca3ea0061d91f284e217bf0ce0e5251ff8f2f182a393cecd1ec6788d766cc18ded4 + languageName: node + linkType: hard + "jest-pnp-resolver@npm:^1.2.1, jest-pnp-resolver@npm:^1.2.2": version: 1.2.2 resolution: "jest-pnp-resolver@npm:1.2.2" @@ -34662,6 +35374,13 @@ __metadata: languageName: node linkType: hard +"jest-regex-util@npm:^28.0.2": + version: 28.0.2 + resolution: "jest-regex-util@npm:28.0.2" + checksum: 0ea8c5c82ec88bc85e273c0ec82e0c0f35f7a1e2d055070e50f0cc2a2177f848eec55f73e37ae0d045c3db5014c42b2f90ac62c1ab3fdb354d2abd66a9e08add + languageName: node + linkType: hard + "jest-resolve-dependencies@npm:^24.9.0": version: 24.9.0 resolution: "jest-resolve-dependencies@npm:24.9.0" @@ -34695,6 +35414,16 @@ __metadata: languageName: node linkType: hard +"jest-resolve-dependencies@npm:^28.1.0": + version: 28.1.0 + resolution: "jest-resolve-dependencies@npm:28.1.0" + dependencies: + jest-regex-util: ^28.0.2 + jest-snapshot: ^28.1.0 + checksum: 0720ab19285ee64b7dad65c2feff08323660e9ff9c09380011a45d4af58dcf6a6710f10bbe80986ffe2452e11d09be0974d42163c31e832be4fab6c348b4dea5 + languageName: node + linkType: hard + "jest-resolve@npm:26.6.0": version: 26.6.0 resolution: "jest-resolve@npm:26.6.0" @@ -34758,6 +35487,23 @@ __metadata: languageName: node linkType: hard +"jest-resolve@npm:^28.1.0": + version: 28.1.0 + resolution: "jest-resolve@npm:28.1.0" + dependencies: + chalk: ^4.0.0 + graceful-fs: ^4.2.9 + jest-haste-map: ^28.1.0 + jest-pnp-resolver: ^1.2.2 + jest-util: ^28.1.0 + jest-validate: ^28.1.0 + resolve: ^1.20.0 + resolve.exports: ^1.1.0 + slash: ^3.0.0 + checksum: 1a37e3a8a1b49a148c4611f85cb27dbb6b0b2d1b76b8a52ddfeb340a74f6d2a7851ba8ba2374948a21024d56592f32b48e3142e9fd813a0fcea4d1db3602ec77 + languageName: node + linkType: hard + "jest-runner@npm:^24.9.0": version: 24.9.0 resolution: "jest-runner@npm:24.9.0" @@ -34842,6 +35588,35 @@ __metadata: languageName: node linkType: hard +"jest-runner@npm:^28.1.0": + version: 28.1.0 + resolution: "jest-runner@npm:28.1.0" + dependencies: + "@jest/console": ^28.1.0 + "@jest/environment": ^28.1.0 + "@jest/test-result": ^28.1.0 + "@jest/transform": ^28.1.0 + "@jest/types": ^28.1.0 + "@types/node": "*" + chalk: ^4.0.0 + emittery: ^0.10.2 + graceful-fs: ^4.2.9 + jest-docblock: ^28.0.2 + jest-environment-node: ^28.1.0 + jest-haste-map: ^28.1.0 + jest-leak-detector: ^28.1.0 + jest-message-util: ^28.1.0 + jest-resolve: ^28.1.0 + jest-runtime: ^28.1.0 + jest-util: ^28.1.0 + jest-watcher: ^28.1.0 + jest-worker: ^28.1.0 + source-map-support: 0.5.13 + throat: ^6.0.1 + checksum: 79f622a06e7b4f065b6ad14633ddb3ebabdacc479d4059a17bad4470570f941623957701cf08a3efe49c0cf04f78830fc07270ad8ad759b623a9de1bcb93c45f + languageName: node + linkType: hard + "jest-runtime@npm:^24.9.0": version: 24.9.0 resolution: "jest-runtime@npm:24.9.0" @@ -34942,6 +35717,36 @@ __metadata: languageName: node linkType: hard +"jest-runtime@npm:^28.1.0": + version: 28.1.0 + resolution: "jest-runtime@npm:28.1.0" + dependencies: + "@jest/environment": ^28.1.0 + "@jest/fake-timers": ^28.1.0 + "@jest/globals": ^28.1.0 + "@jest/source-map": ^28.0.2 + "@jest/test-result": ^28.1.0 + "@jest/transform": ^28.1.0 + "@jest/types": ^28.1.0 + chalk: ^4.0.0 + cjs-module-lexer: ^1.0.0 + collect-v8-coverage: ^1.0.0 + execa: ^5.0.0 + glob: ^7.1.3 + graceful-fs: ^4.2.9 + jest-haste-map: ^28.1.0 + jest-message-util: ^28.1.0 + jest-mock: ^28.1.0 + jest-regex-util: ^28.0.2 + jest-resolve: ^28.1.0 + jest-snapshot: ^28.1.0 + jest-util: ^28.1.0 + slash: ^3.0.0 + strip-bom: ^4.0.0 + checksum: e3a01bbbf6ffb28174303e2d2c043fb766b178a6354186dcbe8e8cc8e706162ecfb2b6f49d71ec7b2459dc6701979ffeee003fdf153492b9e74a846cf11af5d8 + languageName: node + linkType: hard + "jest-serializer-vue@npm:^2.0.2": version: 2.0.2 resolution: "jest-serializer-vue@npm:2.0.2" @@ -35053,6 +35858,37 @@ __metadata: languageName: node linkType: hard +"jest-snapshot@npm:^28.1.0": + version: 28.1.0 + resolution: "jest-snapshot@npm:28.1.0" + dependencies: + "@babel/core": ^7.11.6 + "@babel/generator": ^7.7.2 + "@babel/plugin-syntax-typescript": ^7.7.2 + "@babel/traverse": ^7.7.2 + "@babel/types": ^7.3.3 + "@jest/expect-utils": ^28.1.0 + "@jest/transform": ^28.1.0 + "@jest/types": ^28.1.0 + "@types/babel__traverse": ^7.0.6 + "@types/prettier": ^2.1.5 + babel-preset-current-node-syntax: ^1.0.0 + chalk: ^4.0.0 + expect: ^28.1.0 + graceful-fs: ^4.2.9 + jest-diff: ^28.1.0 + jest-get-type: ^28.0.2 + jest-haste-map: ^28.1.0 + jest-matcher-utils: ^28.1.0 + jest-message-util: ^28.1.0 + jest-util: ^28.1.0 + natural-compare: ^1.4.0 + pretty-format: ^28.1.0 + semver: ^7.3.5 + checksum: 73695484cf4e2af9d0dbb8bc1e851f6d6217cc740aa93b521012c253fbbd9dc1ce11b147ac3e18cac8358b4b64fe36a1b8a6d1a3083c9d275dd937281faad818 + languageName: node + linkType: hard + "jest-transform-stub@npm:^2.0.0": version: 2.0.0 resolution: "jest-transform-stub@npm:2.0.0" @@ -35108,6 +35944,20 @@ __metadata: languageName: node linkType: hard +"jest-util@npm:^28.0.0, jest-util@npm:^28.1.0": + version: 28.1.0 + resolution: "jest-util@npm:28.1.0" + dependencies: + "@jest/types": ^28.1.0 + "@types/node": "*" + chalk: ^4.0.0 + ci-info: ^3.2.0 + graceful-fs: ^4.2.9 + picomatch: ^2.2.3 + checksum: 14c2ee1c24c6efa2d7adfe81ece8b9bbda78fa871f40bed80db72726166e96f7fb22bf1d9fb1689fb433b9bcd748027eb1ee5f0851a12f1aa1c49ee0bd4d7508 + languageName: node + linkType: hard + "jest-util@npm:^28.0.2": version: 28.0.2 resolution: "jest-util@npm:28.0.2" @@ -35164,6 +36014,20 @@ __metadata: languageName: node linkType: hard +"jest-validate@npm:^28.1.0": + version: 28.1.0 + resolution: "jest-validate@npm:28.1.0" + dependencies: + "@jest/types": ^28.1.0 + camelcase: ^6.2.0 + chalk: ^4.0.0 + jest-get-type: ^28.0.2 + leven: ^3.1.0 + pretty-format: ^28.1.0 + checksum: 79f9fe39f15bb47b15da39e19a1b2ba948830b6da53ccf359857cdeaca62cd87721585b0137576e7d1d2b2d7e5b79fdfb57d5b80e6ce3c8a93865d6032b20e4a + languageName: node + linkType: hard + "jest-watch-typeahead@npm:0.6.1": version: 0.6.1 resolution: "jest-watch-typeahead@npm:0.6.1" @@ -35258,6 +36122,22 @@ __metadata: languageName: node linkType: hard +"jest-watcher@npm:^28.1.0": + version: 28.1.0 + resolution: "jest-watcher@npm:28.1.0" + dependencies: + "@jest/test-result": ^28.1.0 + "@jest/types": ^28.1.0 + "@types/node": "*" + ansi-escapes: ^4.2.1 + chalk: ^4.0.0 + emittery: ^0.10.2 + jest-util: ^28.1.0 + string-length: ^4.0.1 + checksum: 4a1ae2e1adf933cfa963b0f82cb4fecd863f1b980b7db05dfd856e83637b9380a4476a73dcbe50a70cb49d028999fae0d1bb60d75b410a682d8b3f344a073dda + languageName: node + linkType: hard + "jest-worker@npm:^24.6.0, jest-worker@npm:^24.9.0": version: 24.9.0 resolution: "jest-worker@npm:24.9.0" @@ -35290,6 +36170,17 @@ __metadata: languageName: node linkType: hard +"jest-worker@npm:^28.1.0": + version: 28.1.0 + resolution: "jest-worker@npm:28.1.0" + dependencies: + "@types/node": "*" + merge-stream: ^2.0.0 + supports-color: ^8.0.0 + checksum: 44b6cfb03752543e2462f143ca5c9642206f20813068ef0461e793bb8feda85f643ee906d96a0a57728e1a2fb5b89386fd34e44289568b1cee5815c115e7ee02 + languageName: node + linkType: hard + "jest@npm:26.6.0": version: 26.6.0 resolution: "jest@npm:26.6.0" @@ -35303,24 +36194,6 @@ __metadata: languageName: node linkType: hard -"jest@npm:27.4.3": - version: 27.4.3 - resolution: "jest@npm:27.4.3" - dependencies: - "@jest/core": ^27.4.3 - import-local: ^3.0.2 - jest-cli: ^27.4.3 - peerDependencies: - node-notifier: ^8.0.1 || ^9.0.0 || ^10.0.0 - peerDependenciesMeta: - node-notifier: - optional: true - bin: - jest: bin/jest.js - checksum: 0c76bbc996e496f11d7daa2e01b5c90ebf9e2587a1d1fa7e0cb8afc7c50abda24874766e107f9080103795af9ac80a06c83d61d9fc50762bd6d915db40a1f1df - languageName: node - linkType: hard - "jest@npm:^24.9.0": version: 24.9.0 resolution: "jest@npm:24.9.0" @@ -35364,6 +36237,24 @@ __metadata: languageName: node linkType: hard +"jest@npm:~28.1.0": + version: 28.1.0 + resolution: "jest@npm:28.1.0" + dependencies: + "@jest/core": ^28.1.0 + import-local: ^3.0.2 + jest-cli: ^28.1.0 + peerDependencies: + node-notifier: ^8.0.1 || ^9.0.0 || ^10.0.0 + peerDependenciesMeta: + node-notifier: + optional: true + bin: + jest: bin/jest.js + checksum: f025164c408cf5ddb6e74dac1e8cbaf94c1c31dd1c67aba4ceee5989b2d8a77886db8ed1fb88853b45cf194b14cd802b454bbbe6b278a1e2140250297dc100d3 + languageName: node + linkType: hard + "jmespath@npm:0.16.0": version: 0.16.0 resolution: "jmespath@npm:0.16.0" @@ -35861,6 +36752,15 @@ __metadata: languageName: node linkType: hard +"json5@npm:^2.2.1": + version: 2.2.1 + resolution: "json5@npm:2.2.1" + bin: + json5: lib/cli.js + checksum: 74b8a23b102a6f2bf2d224797ae553a75488b5adbaee9c9b6e5ab8b510a2fc6e38f876d4c77dea672d4014a44b2399e15f2051ac2b37b87f74c0c7602003543b + languageName: node + linkType: hard + "jsonc-parser@npm:^3.0.0": version: 3.0.0 resolution: "jsonc-parser@npm:3.0.0" @@ -37380,15 +38280,9 @@ __metadata: languageName: node linkType: hard -"lunasec-go-monorepo@workspace:go": - version: 0.0.0-use.local - resolution: "lunasec-go-monorepo@workspace:go" - languageName: unknown - linkType: soft - -"lunasec-sdks@workspace:js/sdks": +"lunasec-sdks@workspace:lunadefend/js/sdks": version: 0.0.0-use.local - resolution: "lunasec-sdks@workspace:js/sdks" + resolution: "lunasec-sdks@workspace:lunadefend/js/sdks" dependencies: "@types/node": ^14.0.0 typescript: ~4.5.4 @@ -39921,6 +40815,13 @@ __metadata: languageName: node linkType: hard +"node-releases@npm:^2.0.3": + version: 2.0.5 + resolution: "node-releases@npm:2.0.5" + checksum: e85d949addd19f8827f32569d2be5751e7812ccf6cc47879d49f79b5234ff4982225e39a3929315f96370823b070640fb04d79fc0ddec8b515a969a03493a42f + languageName: node + linkType: hard + "nodeify-ts@npm:1.0.6": version: 1.0.6 resolution: "nodeify-ts@npm:1.0.6" @@ -44187,6 +45088,18 @@ __metadata: languageName: node linkType: hard +"pretty-format@npm:^28.1.0": + version: 28.1.0 + resolution: "pretty-format@npm:28.1.0" + dependencies: + "@jest/schemas": ^28.0.2 + ansi-regex: ^5.0.1 + ansi-styles: ^5.0.0 + react-is: ^18.0.0 + checksum: c1018099f8f800693449df96c05c243d94e01f7429b6617e1064a1a69b4d715637fc3c579061fbc31548b87d92af74a7933c6eb3856da6f30b29c0ff67004ce0 + languageName: node + linkType: hard + "pretty-time@npm:^1.1.0": version: 1.1.0 resolution: "pretty-time@npm:1.1.0" @@ -48580,6 +49493,16 @@ __metadata: languageName: node linkType: hard +"source-map-support@npm:0.5.13": + version: 0.5.13 + resolution: "source-map-support@npm:0.5.13" + dependencies: + buffer-from: ^1.0.0 + source-map: ^0.6.0 + checksum: 933550047b6c1a2328599a21d8b7666507427c0f5ef5eaadd56b5da0fd9505e239053c66fe181bf1df469a3b7af9d775778eee283cbb7ae16b902ddc09e93a97 + languageName: node + linkType: hard + "source-map-support@npm:0.5.19": version: 0.5.19 resolution: "source-map-support@npm:0.5.19" @@ -50850,6 +51773,39 @@ __metadata: languageName: node linkType: hard +"ts-jest@npm:~28.0.3": + version: 28.0.3 + resolution: "ts-jest@npm:28.0.3" + dependencies: + bs-logger: 0.x + fast-json-stable-stringify: 2.x + jest-util: ^28.0.0 + json5: ^2.2.1 + lodash.memoize: 4.x + make-error: 1.x + semver: 7.x + yargs-parser: ^20.x + peerDependencies: + "@babel/core": ">=7.0.0-beta.0 <8" + "@types/jest": ^27.0.0 + babel-jest: ^28.0.0 + jest: ^28.0.0 + typescript: ">=4.3" + peerDependenciesMeta: + "@babel/core": + optional: true + "@types/jest": + optional: true + babel-jest: + optional: true + esbuild: + optional: true + bin: + ts-jest: cli.js + checksum: dc6f49507cef996abb75d5870f6ce09c9f191d135a5bb2c38c46adac890f10fd4610b7697a0045b9b37315ce4e075f39d5578da8034d6791952eebc7951475c2 + languageName: node + linkType: hard + "ts-json-schema-generator@npm:^0.95.0": version: 0.95.0 resolution: "ts-json-schema-generator@npm:0.95.0" @@ -52481,6 +53437,17 @@ __metadata: languageName: node linkType: hard +"v8-to-istanbul@npm:^9.0.0": + version: 9.0.0 + resolution: "v8-to-istanbul@npm:9.0.0" + dependencies: + "@jridgewell/trace-mapping": ^0.3.7 + "@types/istanbul-lib-coverage": ^2.0.1 + convert-source-map: ^1.6.0 + checksum: d8ed2c39ba657dfd851a3c7b3f2b87e5b96c9face806ecfe5b627abe53b0c86f264f51425c591e451405b739e3f8a6728da59670f081790990710e813d8d3440 + languageName: node + linkType: hard + "valid-url@npm:^1.0.9": version: 1.0.9 resolution: "valid-url@npm:1.0.9" @@ -52830,9 +53797,9 @@ __metadata: languageName: node linkType: hard -"vue-sdk@workspace:js/sdks/packages/vue-sdk": +"vue-sdk@workspace:lunadefend/js/sdks/packages/vue-sdk": version: 0.0.0-use.local - resolution: "vue-sdk@workspace:js/sdks/packages/vue-sdk" + resolution: "vue-sdk@workspace:lunadefend/js/sdks/packages/vue-sdk" dependencies: "@lunasec/browser-common": ^1.0.7 "@lunasec/isomorphic-common": ^1.0.7 @@ -54364,6 +55331,16 @@ __metadata: languageName: node linkType: hard +"write-file-atomic@npm:^4.0.1": + version: 4.0.1 + resolution: "write-file-atomic@npm:4.0.1" + dependencies: + imurmurhash: ^0.1.4 + signal-exit: ^3.0.7 + checksum: 8f780232533ca6223c63c9b9c01c4386ca8c625ebe5017a9ed17d037aec19462ae17109e0aa155bff5966ee4ae7a27b67a99f55caf3f32ffd84155e9da3929fc + languageName: node + linkType: hard + "write-json-file@npm:^2.2.0": version: 2.3.0 resolution: "write-json-file@npm:2.3.0" @@ -54696,7 +55673,7 @@ __metadata: languageName: node linkType: hard -"yargs-parser@npm:20.x, yargs-parser@npm:^20.2.2, yargs-parser@npm:^20.2.3": +"yargs-parser@npm:20.x, yargs-parser@npm:^20.2.2, yargs-parser@npm:^20.2.3, yargs-parser@npm:^20.x": version: 20.2.9 resolution: "yargs-parser@npm:20.2.9" checksum: 8bb69015f2b0ff9e17b2c8e6bfe224ab463dd00ca211eece72a4cd8a906224d2703fb8a326d36fdd0e68701e201b2a60ed7cf81ce0fd9b3799f9fe7745977ae3 @@ -54826,6 +55803,21 @@ __metadata: languageName: node linkType: hard +"yargs@npm:^17.3.1, yargs@npm:~17.5.1": + version: 17.5.1 + resolution: "yargs@npm:17.5.1" + dependencies: + cliui: ^7.0.2 + escalade: ^3.1.1 + get-caller-file: ^2.0.5 + require-directory: ^2.1.1 + string-width: ^4.2.3 + y18n: ^5.0.5 + yargs-parser: ^21.0.0 + checksum: 00d58a2c052937fa044834313f07910fd0a115dec5ee35919e857eeee3736b21a4eafa8264535800ba8bac312991ce785ecb8a51f4d2cc8c4676d865af1cfbde + languageName: node + linkType: hard + "yarn@npm:^1.21.1": version: 1.22.17 resolution: "yarn@npm:1.22.17"