From 17a3f59be97e8573a555779f6df209706d6750b9 Mon Sep 17 00:00:00 2001 From: Connor Gorman Date: Fri, 1 Jul 2022 12:15:35 -0700 Subject: [PATCH 1/5] Clean up autogenerated image integrations --- central/image/service/service_impl.go | 19 +- .../datastore/datastore_impl.go | 4 +- .../pipeline/imageintegrations/pipeline.go | 144 +++-- .../api/v1/compliance_service.swagger.json | 44 +- .../v1/image_integration_service.swagger.json | 19 +- generated/api/v1/image_service.pb.go | 327 ++++++++--- generated/storage/image_integration.pb.go | 532 +++++++++++++++--- pkg/centralsensor/caps_list.go | 3 + pkg/images/enricher/enricher.go | 10 + pkg/images/enricher/enricher_impl.go | 57 +- pkg/images/enricher/enricher_impl_test.go | 8 + pkg/protoconv/resources/resources.go | 6 +- pkg/registries/factory_impl.go | 11 +- pkg/registries/set_impl_test.go | 2 +- pkg/registries/types/types.go | 2 +- proto/api/v1/image_service.proto | 9 +- proto/storage/image_integration.proto | 9 +- .../src/test/groovy/ImageScanningTest.groovy | 4 +- sensor/common/detector/detector.go | 6 +- sensor/common/detector/enricher.go | 81 ++- sensor/common/store/mocks/types.go | 61 ++ sensor/common/store/types.go | 8 + .../listener/resources/dispatcher.go | 3 +- .../kubernetes/listener/resources/secrets.go | 109 +++- .../listener/resources/serviceaccount.go | 19 +- .../resources/serviceaccount_store.go | 50 ++ .../listener/resources/singleton.go | 11 + sensor/kubernetes/sensor/sensor.go | 2 +- 28 files changed, 1242 insertions(+), 318 deletions(-) create mode 100644 sensor/kubernetes/listener/resources/serviceaccount_store.go diff --git a/central/image/service/service_impl.go b/central/image/service/service_impl.go index 7b7495af9c6a5..92852eabc612b 100644 --- a/central/image/service/service_impl.go +++ b/central/image/service/service_impl.go @@ -31,6 +31,7 @@ import ( "github.com/stackrox/rox/pkg/images/utils" "github.com/stackrox/rox/pkg/search" "github.com/stackrox/rox/pkg/search/paginated" + "github.com/stackrox/rox/pkg/set" "github.com/stackrox/rox/pkg/timestamp" pkgUtils "github.com/stackrox/rox/pkg/utils" "golang.org/x/sync/semaphore" @@ -228,7 +229,23 @@ func (s *serviceImpl) ScanImageInternal(ctx context.Context, request *v1.ScanIma } img := types.ToImage(request.GetImage()) - if _, err := s.enricher.EnrichImage(ctx, enricher.EnrichmentContext{FetchOpt: fetchOpt, Internal: true}, img); err != nil { + + var source *enricher.RequestSource + if request.GetClusterId() != "" { + source = &enricher.RequestSource{ + ClusterID: request.GetClusterId(), + Namespace: request.GetNamespace(), + ImagePullSecrets: set.NewStringSet(request.GetImagePullSecrets()...), + } + } + + enrichmentContext := enricher.EnrichmentContext{ + FetchOpt: fetchOpt, + Internal: true, + Source: source, + } + + if _, err := s.enricher.EnrichImage(ctx, enrichmentContext, img); err != nil { log.Errorf("error enriching image %q: %v", request.GetImage().GetName().GetFullName(), err) // purposefully, don't return here because we still need to save it into the DB so there is a reference // even if we weren't able to enrich it diff --git a/central/imageintegration/datastore/datastore_impl.go b/central/imageintegration/datastore/datastore_impl.go index 764af0ccf1644..ffd4242dd5a99 100644 --- a/central/imageintegration/datastore/datastore_impl.go +++ b/central/imageintegration/datastore/datastore_impl.go @@ -78,7 +78,9 @@ func (ds *datastoreImpl) AddImageIntegration(ctx context.Context, integration *s return "", sac.ErrResourceAccessDenied } - integration.Id = uuid.NewV4().String() + if integration.GetId() == "" { + integration.Id = uuid.NewV4().String() + } err := ds.storage.Upsert(ctx, integration) if err != nil { return "", err diff --git a/central/sensor/service/pipeline/imageintegrations/pipeline.go b/central/sensor/service/pipeline/imageintegrations/pipeline.go index 31b8ed09294e1..f22414ef48170 100644 --- a/central/sensor/service/pipeline/imageintegrations/pipeline.go +++ b/central/sensor/service/pipeline/imageintegrations/pipeline.go @@ -12,14 +12,18 @@ import ( countMetrics "github.com/stackrox/rox/central/metrics" "github.com/stackrox/rox/central/reprocessor" "github.com/stackrox/rox/central/sensor/service/common" + "github.com/stackrox/rox/central/sensor/service/connection" "github.com/stackrox/rox/central/sensor/service/pipeline" "github.com/stackrox/rox/central/sensor/service/pipeline/reconciliation" v1 "github.com/stackrox/rox/generated/api/v1" "github.com/stackrox/rox/generated/internalapi/central" "github.com/stackrox/rox/generated/storage" + "github.com/stackrox/rox/pkg/centralsensor" "github.com/stackrox/rox/pkg/env" + "github.com/stackrox/rox/pkg/errox" "github.com/stackrox/rox/pkg/logging" "github.com/stackrox/rox/pkg/metrics" + "github.com/stackrox/rox/pkg/set" "github.com/stackrox/rox/pkg/tlscheck" "github.com/stackrox/rox/pkg/urlfmt" ) @@ -35,16 +39,19 @@ func GetPipeline() pipeline.Fragment { return NewPipeline(enrichment.ManagerSingleton(), datastore.Singleton(), clusterDatastore.Singleton(), - reprocessor.Singleton()) + reprocessor.Singleton(), + connection.ManagerSingleton(), + ) } // NewPipeline returns a new instance of Pipeline. func NewPipeline(integrationManager enrichment.Manager, datastore datastore.DataStore, clusterDatastore clusterDatastore.DataStore, - enrichAndDetectLoop reprocessor.Loop) pipeline.Fragment { + enrichAndDetectLoop reprocessor.Loop, connManager connection.Manager) pipeline.Fragment { return &pipelineImpl{ integrationManager: integrationManager, + connManager: connManager, datastore: datastore, clusterDatastore: clusterDatastore, enrichAndDetectLoop: enrichAndDetectLoop, @@ -54,14 +61,42 @@ func NewPipeline(integrationManager enrichment.Manager, type pipelineImpl struct { integrationManager enrichment.Manager + connManager connection.Manager datastore datastore.DataStore clusterDatastore clusterDatastore.DataStore enrichAndDetectLoop reprocessor.Loop } -func (s *pipelineImpl) Reconcile(_ context.Context, _ string, _ *reconciliation.StoreMap) error { - // Nothing to reconcile for image integrations - return nil +func (s *pipelineImpl) Reconcile(ctx context.Context, clusterID string, storeMap *reconciliation.StoreMap) error { + existingIDs := set.NewStringSet() + + conn := s.connManager.GetConnection(clusterID) + if conn == nil { + return nil + } + // We should not reconcile image integrations unless the Sensor is on a version that can provide scoped integrations + // with consistent uuids + if !conn.HasCapability(centralsensor.ScopedImageIntegrations) { + return nil + } + + integrations, err := s.datastore.GetImageIntegrations(ctx, &v1.GetImageIntegrationsRequest{}) + if err != nil { + return errors.Wrap(err, "getting image integrations for reconciliation") + } + for _, integration := range integrations { + if integration.GetEcr() != nil { + continue + } + if integration.GetClusterId() != clusterID { + continue + } + existingIDs.Add(integration.GetId()) + } + store := storeMap.Get((*central.SensorEvent_ImageIntegration)(nil)) + return reconciliation.Perform(store, existingIDs, "imageintegrations", func(id string) error { + return s.datastore.RemoveImageIntegration(ctx, id) + }) } func (s *pipelineImpl) Match(msg *central.MsgFromSensor) bool { @@ -139,11 +174,11 @@ func setUpIntegrationParams(ctx context.Context, imageIntegration *storage.Image switch config := imageIntegration.GetIntegrationConfig().(type) { case *storage.ImageIntegration_Docker: dockerCfg := config.Docker - var validTLS bool - validTLS, err = tlscheck.CheckTLS(ctx, dockerCfg.GetEndpoint()) - if err != nil { - err = errors.Wrapf(err, "reaching out for TLS check to %s", dockerCfg.GetEndpoint()) - return + validTLS, tlsErr := tlscheck.CheckTLS(ctx, dockerCfg.GetEndpoint()) + if tlsErr != nil { + log.Debugf("reaching out for TLS check to %s: %v", dockerCfg.GetEndpoint(), err) + // Assume TLS is true + validTLS = true } dockerCfg.Insecure = !validTLS dockerCfg.Endpoint = parseEndpointForURL(dockerCfg.GetEndpoint()) @@ -161,34 +196,7 @@ func setUpIntegrationParams(ctx context.Context, imageIntegration *storage.Image return } -// Run runs the pipeline template on the input and returns the output. -// Action is currently always update. -func (s *pipelineImpl) Run(ctx context.Context, clusterID string, msg *central.MsgFromSensor, _ common.MessageInjector) error { - // Ignore autogenerated registries if they are disabled - if autogeneratedRegistriesDisabled { - return nil - } - - defer countMetrics.IncrementResourceProcessedCounter(pipeline.ActionToOperation(msg.GetEvent().GetAction()), metrics.ImageIntegration) - - // Extract the cluster name. - clusterName, exists, err := s.clusterDatastore.GetClusterName(ctx, clusterID) - if err != nil { - return errors.Wrapf(err, "error getting cluster name for cluster ID: %s", clusterID) - } - if !exists { - return fmt.Errorf("cluster with id %q does not exist", clusterID) - } - - // Set up the integration and update its parameters. - imageIntegration := msg.GetEvent().GetImageIntegration() - description, matches, err := setUpIntegrationParams(ctx, imageIntegration) - if err != nil { - return err - } - imageIntegration.Name = fmt.Sprintf("Autogenerated %s for cluster %s", description, clusterName) - imageIntegration.ClusterId = clusterID - +func (s *pipelineImpl) legacyRun(ctx context.Context, imageIntegration *storage.ImageIntegration, matches matchingFunc) error { // Fetch existing integration and determine if we should update by matching its configuration type. existingIntegrations, err := s.datastore.GetImageIntegrations(ctx, &v1.GetImageIntegrationsRequest{}) if err != nil { @@ -226,4 +234,64 @@ func (s *pipelineImpl) Run(ctx context.Context, clusterID string, msg *central.M return nil } +func (s *pipelineImpl) runRemove(ctx context.Context, id string) error { + if err := s.integrationManager.Remove(id); err != nil { + return errors.Wrap(err, "removing integration from manager") + } + return s.datastore.RemoveImageIntegration(ctx, id) +} + +// Run runs the pipeline template on the input and returns the output. +// Action is currently always update. +func (s *pipelineImpl) Run(ctx context.Context, clusterID string, msg *central.MsgFromSensor, _ common.MessageInjector) error { + // Ignore autogenerated registries if they are disabled + if autogeneratedRegistriesDisabled { + return nil + } + defer countMetrics.IncrementResourceProcessedCounter(pipeline.ActionToOperation(msg.GetEvent().GetAction()), metrics.ImageIntegration) + + if msg.GetEvent().GetAction() == central.ResourceAction_REMOVE_RESOURCE { + return s.runRemove(ctx, msg.GetEvent().GetImageIntegration().GetId()) + } + + // Extract the cluster name. + clusterName, exists, err := s.clusterDatastore.GetClusterName(ctx, clusterID) + if err != nil { + return errors.Wrapf(err, "error getting cluster name for cluster ID: %s", clusterID) + } + if !exists { + return errox.NotFound.Newf("cluster with id %q does not exist", clusterID) + } + + // Set up the integration and update its parameters. + imageIntegration := msg.GetEvent().GetImageIntegration() + imageIntegration.ClusterId = clusterID + + description, matches, err := setUpIntegrationParams(ctx, imageIntegration) + if err != nil { + return errors.Wrapf(err, "setting up integration params for %q", imageIntegration.GetId()) + } + source := imageIntegration.GetSource() + if source == nil { + return s.legacyRun(ctx, imageIntegration, matches) + } + imageIntegration.Name = fmt.Sprintf("Autogenerated %s for cluster %s from %s/%s", description, clusterName, source.GetNamespace(), source.GetName()) + + _, exists, err = s.datastore.GetImageIntegration(ctx, imageIntegration.GetId()) + if err != nil { + return errors.Wrapf(err, "retrieving image integration %q", imageIntegration.GetId()) + } + + if _, err := s.datastore.AddImageIntegration(ctx, imageIntegration); err != nil { + return errors.Wrapf(err, "adding image integration %q", imageIntegration.GetId()) + } + if err := s.integrationManager.Upsert(imageIntegration); err != nil { + return errors.Wrapf(err, "notifying of update for image integration %q", imageIntegration.GetId()) + } + if !exists { + s.enrichAndDetectLoop.ShortCircuit() + } + return nil +} + func (s *pipelineImpl) OnFinish(_ string) {} diff --git a/generated/api/v1/compliance_service.swagger.json b/generated/api/v1/compliance_service.swagger.json index 4e771f8736849..29266fa317fd5 100644 --- a/generated/api/v1/compliance_service.swagger.json +++ b/generated/api/v1/compliance_service.swagger.json @@ -215,27 +215,6 @@ }, "title": "Next available tag: 3" }, - "ComplianceAggregationSource": { - "type": "object", - "properties": { - "clusterId": { - "type": "string" - }, - "standardId": { - "type": "string" - }, - "successfulRun": { - "$ref": "#/definitions/storageComplianceRunMetadata" - }, - "failedRuns": { - "type": "array", - "items": { - "$ref": "#/definitions/storageComplianceRunMetadata" - } - } - }, - "title": "Next available tag: 5" - }, "ComplianceResultValueEvidence": { "type": "object", "properties": { @@ -310,7 +289,7 @@ "sources": { "type": "array", "items": { - "$ref": "#/definitions/ComplianceAggregationSource" + "$ref": "#/definitions/storageComplianceAggregationSource" } }, "errorMessage": { @@ -361,6 +340,27 @@ ], "default": "UNKNOWN" }, + "storageComplianceAggregationSource": { + "type": "object", + "properties": { + "clusterId": { + "type": "string" + }, + "standardId": { + "type": "string" + }, + "successfulRun": { + "$ref": "#/definitions/storageComplianceRunMetadata" + }, + "failedRuns": { + "type": "array", + "items": { + "$ref": "#/definitions/storageComplianceRunMetadata" + } + } + }, + "title": "Next available tag: 5" + }, "storageComplianceDomain": { "type": "object", "properties": { diff --git a/generated/api/v1/image_integration_service.swagger.json b/generated/api/v1/image_integration_service.swagger.json index b55d6cfd03564..494d95ce4f7fc 100644 --- a/generated/api/v1/image_integration_service.swagger.json +++ b/generated/api/v1/image_integration_service.swagger.json @@ -503,9 +503,12 @@ }, "skipTestIntegration": { "type": "boolean" + }, + "source": { + "$ref": "#/definitions/storageImageIntegrationSource" } }, - "title": "Next Tag: 21" + "title": "Next Tag: 22" }, "storageImageIntegrationCategory": { "type": "string", @@ -517,6 +520,20 @@ "default": "REGISTRY", "description": " - NODE_SCANNER: Image and Node integrations are currently done on the same form in the UI\nso the image integration is also currently used for node integrations.\nThis decision was made because we currently only support one node scanner (our scanner)." }, + "storageImageIntegrationSource": { + "type": "object", + "properties": { + "clusterId": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "name": { + "type": "string" + } + } + }, "storageQuayConfig": { "type": "object", "properties": { diff --git a/generated/api/v1/image_service.pb.go b/generated/api/v1/image_service.pb.go index 39516994b7b5f..e693eaa8b206d 100644 --- a/generated/api/v1/image_service.pb.go +++ b/generated/api/v1/image_service.pb.go @@ -340,6 +340,9 @@ func (m *ScanImageRequest) Clone() *ScanImageRequest { type ScanImageInternalRequest struct { Image *storage.ContainerImage `protobuf:"bytes,1,opt,name=image,proto3" json:"image,omitempty"` CachedOnly bool `protobuf:"varint,3,opt,name=cached_only,json=cachedOnly,proto3" json:"cached_only,omitempty"` + ClusterId string `protobuf:"bytes,4,opt,name=cluster_id,json=clusterId,proto3" json:"cluster_id,omitempty"` + Namespace string `protobuf:"bytes,5,opt,name=namespace,proto3" json:"namespace,omitempty"` + ImagePullSecrets []string `protobuf:"bytes,6,rep,name=image_pull_secrets,json=imagePullSecrets,proto3" json:"image_pull_secrets,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -392,6 +395,27 @@ func (m *ScanImageInternalRequest) GetCachedOnly() bool { return false } +func (m *ScanImageInternalRequest) GetClusterId() string { + if m != nil { + return m.ClusterId + } + return "" +} + +func (m *ScanImageInternalRequest) GetNamespace() string { + if m != nil { + return m.Namespace + } + return "" +} + +func (m *ScanImageInternalRequest) GetImagePullSecrets() []string { + if m != nil { + return m.ImagePullSecrets + } + return nil +} + func (m *ScanImageInternalRequest) MessageClone() proto.Message { return m.Clone() } @@ -403,6 +427,10 @@ func (m *ScanImageInternalRequest) Clone() *ScanImageInternalRequest { *cloned = *m cloned.Image = m.Image.Clone() + if m.ImagePullSecrets != nil { + cloned.ImagePullSecrets = make([]string, len(m.ImagePullSecrets)) + copy(cloned.ImagePullSecrets, m.ImagePullSecrets) + } return cloned } @@ -1227,87 +1255,91 @@ func init() { func init() { proto.RegisterFile("api/v1/image_service.proto", fileDescriptor_b4306cfe43028263) } var fileDescriptor_b4306cfe43028263 = []byte{ - // 1276 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xc4, 0x56, 0x4d, 0x6f, 0x1b, 0xc5, - 0x1b, 0xaf, 0xed, 0x3a, 0x75, 0x1e, 0xbb, 0xb6, 0x33, 0x49, 0x93, 0x8d, 0x9b, 0x26, 0xd1, 0xf6, - 0xff, 0xa7, 0x21, 0x15, 0x8e, 0x6c, 0xc4, 0xa5, 0x42, 0xa2, 0x26, 0x71, 0x83, 0x51, 0xec, 0x94, - 0x4d, 0x1a, 0x0a, 0xaa, 0x58, 0x4d, 0x77, 0xa7, 0xc9, 0x88, 0xf5, 0xcc, 0x76, 0x67, 0xed, 0xe0, - 0x22, 0x0e, 0x70, 0xe2, 0xce, 0x05, 0xf1, 0x31, 0xf8, 0x0a, 0x5c, 0x38, 0x22, 0xf1, 0x05, 0x50, - 0xe1, 0x83, 0xa0, 0x9d, 0x19, 0x6f, 0x76, 0x6d, 0xa7, 0x81, 0x13, 0xb7, 0x9d, 0xe7, 0xe5, 0xf7, - 0xcc, 0xf3, 0x9b, 0xe7, 0x65, 0xa1, 0x86, 0x7d, 0xba, 0x33, 0x6c, 0xec, 0xd0, 0x3e, 0x3e, 0x25, - 0xb6, 0x20, 0xc1, 0x90, 0x3a, 0xa4, 0xee, 0x07, 0x3c, 0xe4, 0x28, 0x3b, 0x6c, 0xd4, 0xd6, 0x4e, - 0x39, 0x3f, 0xf5, 0xc8, 0x4e, 0x64, 0x86, 0x19, 0xe3, 0x21, 0x0e, 0x29, 0x67, 0x42, 0x59, 0xd4, - 0x6e, 0x6b, 0x6f, 0x41, 0x70, 0xe0, 0x9c, 0xa5, 0xdd, 0x6b, 0x48, 0x2b, 0x49, 0xdf, 0x0f, 0x47, - 0x5a, 0xb6, 0x2e, 0x1c, 0xcc, 0x18, 0x09, 0x76, 0xb4, 0xce, 0xe1, 0x7d, 0x9f, 0x33, 0xc2, 0x42, - 0xad, 0x5f, 0x9d, 0xd0, 0x33, 0x1e, 0x8e, 0xe1, 0x16, 0x45, 0xc8, 0x03, 0x7c, 0x4a, 0xd4, 0x55, - 0xb5, 0xd0, 0x18, 0x0b, 0x5d, 0xe2, 0x7b, 0x7c, 0xd4, 0x8f, 0x91, 0xcc, 0x73, 0xa8, 0xec, 0x93, - 0xb0, 0x13, 0xd9, 0x5a, 0xe4, 0xe5, 0x80, 0x88, 0x10, 0x95, 0x21, 0x4b, 0x5d, 0x23, 0xb3, 0x99, - 0xd9, 0x9a, 0xb7, 0xb2, 0xd4, 0x45, 0xf7, 0xa0, 0x42, 0x99, 0xe3, 0x0d, 0x5c, 0x62, 0x0b, 0xc6, - 0xf9, 0x2b, 0xe2, 0x1a, 0xd9, 0xcd, 0xcc, 0x56, 0xc1, 0x2a, 0x6b, 0xf1, 0x91, 0x92, 0xa2, 0xfb, - 0xb0, 0x20, 0xc2, 0x80, 0xfa, 0xb6, 0x4b, 0x84, 0x13, 0x50, 0x3f, 0xa2, 0xc0, 0xc8, 0x49, 0xd3, - 0xaa, 0x54, 0xec, 0x5d, 0xc8, 0xcd, 0x87, 0x80, 0x0e, 0xa8, 0x50, 0x91, 0x85, 0x45, 0x84, 0xcf, - 0x99, 0x20, 0x68, 0x1b, 0xe6, 0xe4, 0xbd, 0x85, 0x91, 0xd9, 0xcc, 0x6d, 0x15, 0x9b, 0xa8, 0xae, - 0x6f, 0x5e, 0x8f, 0x8d, 0x2d, 0x6d, 0x61, 0xde, 0x87, 0xc5, 0x5d, 0x3e, 0x60, 0x93, 0x10, 0x4b, - 0x90, 0x77, 0x22, 0xb1, 0xcc, 0x20, 0x6f, 0xa9, 0x83, 0xe9, 0x43, 0xf5, 0xc8, 0xc1, 0x2c, 0x95, - 0xe8, 0x1d, 0x00, 0xf5, 0x9e, 0x0c, 0xf7, 0x89, 0x4e, 0x78, 0x5e, 0x4a, 0x7a, 0xb8, 0x2f, 0x81, - 0x5e, 0xf0, 0xc0, 0x21, 0x3a, 0x5b, 0x75, 0x98, 0xc5, 0x46, 0x6e, 0x16, 0x1b, 0xa6, 0x0f, 0x46, - 0x1c, 0xb1, 0xc3, 0x42, 0x12, 0x30, 0xec, 0x8d, 0x23, 0xbf, 0x03, 0x79, 0x19, 0x47, 0x06, 0x2d, - 0x36, 0x57, 0xe2, 0x2c, 0x77, 0x39, 0x0b, 0x31, 0x65, 0x24, 0x50, 0x17, 0x55, 0x56, 0x68, 0x03, - 0x8a, 0x0e, 0x76, 0xce, 0x88, 0x6b, 0x73, 0xe6, 0x8d, 0x74, 0x3c, 0x50, 0xa2, 0x43, 0xe6, 0x8d, - 0x3e, 0xbe, 0x5e, 0xc8, 0x56, 0x73, 0x66, 0x0b, 0x56, 0x67, 0x44, 0xd4, 0xb4, 0xfc, 0x2f, 0x1d, - 0xb2, 0x1c, 0x87, 0x4c, 0x46, 0x32, 0x7f, 0xce, 0xc2, 0x5b, 0xe3, 0x7a, 0x38, 0x19, 0x78, 0x8c, - 0x04, 0xf8, 0x39, 0xf5, 0x68, 0x48, 0x89, 0x98, 0xcc, 0x61, 0x15, 0x0a, 0x8a, 0xbd, 0xb8, 0x58, - 0x6e, 0xc8, 0x73, 0xc7, 0x45, 0x8d, 0x14, 0xb1, 0x59, 0x19, 0x10, 0xa5, 0x03, 0x46, 0x0c, 0x27, - 0xc9, 0x6e, 0x42, 0xa1, 0x4f, 0x42, 0xec, 0xe2, 0x10, 0xcb, 0xfc, 0x8a, 0xcd, 0xe5, 0xb4, 0x43, - 0x57, 0x6b, 0xad, 0xd8, 0x0e, 0x6d, 0x41, 0x95, 0x0a, 0xdb, 0xf1, 0x06, 0x22, 0x24, 0x81, 0xed, - 0x71, 0x07, 0x7b, 0xc6, 0x9c, 0x7e, 0x0b, 0xb1, 0xab, 0xc4, 0x07, 0x91, 0x14, 0xbd, 0x07, 0x10, - 0xb7, 0x90, 0x30, 0xae, 0x4b, 0xfc, 0x5b, 0x75, 0xdd, 0x44, 0x27, 0x8d, 0xfa, 0x6e, 0xac, 0xb4, - 0x12, 0x86, 0xe8, 0xff, 0x90, 0x8f, 0x3a, 0x4b, 0x18, 0xf9, 0xcd, 0xdc, 0x56, 0xb9, 0x59, 0x49, - 0x78, 0xf4, 0x78, 0x48, 0x2c, 0xa5, 0x35, 0x7f, 0xc9, 0xc2, 0x46, 0x9b, 0x05, 0xd4, 0x39, 0x93, - 0xd1, 0x66, 0xbe, 0xf8, 0x7f, 0xcf, 0xd6, 0x43, 0xa8, 0xe8, 0xe9, 0x45, 0x4f, 0x19, 0x0e, 0x07, - 0x01, 0xd1, 0x44, 0xac, 0xa4, 0x5d, 0x8f, 0xc6, 0x6a, 0xab, 0x4c, 0x53, 0xe7, 0x09, 0x16, 0xf3, - 0xff, 0x9a, 0xc5, 0xb9, 0x37, 0xb2, 0x78, 0x04, 0x8b, 0x7b, 0xc4, 0x23, 0x21, 0x19, 0xf7, 0xb3, - 0x22, 0xce, 0x84, 0xfc, 0xcb, 0x01, 0x09, 0x46, 0xba, 0x6e, 0x4b, 0xf5, 0x61, 0xa3, 0x6e, 0xe1, - 0xf3, 0x4f, 0x22, 0x99, 0xa5, 0x54, 0xc8, 0x80, 0x1b, 0x0e, 0x67, 0x2f, 0x68, 0xd0, 0xd7, 0xbd, - 0x3a, 0x3e, 0x9a, 0x8f, 0x61, 0x29, 0x0d, 0xaa, 0xbb, 0x61, 0x03, 0x8a, 0x6c, 0xd0, 0xb7, 0x5d, - 0xa9, 0x53, 0x2f, 0x72, 0xd3, 0x02, 0x36, 0xe8, 0x2b, 0x6b, 0x17, 0xad, 0xc0, 0x0d, 0x37, 0x18, - 0xd9, 0xc1, 0x80, 0x69, 0xc8, 0x39, 0x37, 0x18, 0x59, 0x03, 0x66, 0xde, 0x83, 0x85, 0x4f, 0x71, - 0xe8, 0x9c, 0xa5, 0x26, 0x09, 0x82, 0xeb, 0x89, 0x19, 0x22, 0xbf, 0xcd, 0x6f, 0xb3, 0x80, 0x92, - 0x96, 0x3a, 0xf2, 0x3d, 0xa8, 0x30, 0x1e, 0xf4, 0xb1, 0x47, 0x5f, 0x11, 0x37, 0x39, 0x79, 0xca, - 0x17, 0x62, 0xf9, 0xc6, 0x1f, 0x00, 0x90, 0x20, 0xe0, 0x81, 0x1d, 0x8e, 0x7c, 0x55, 0x16, 0xe5, - 0xe6, 0x66, 0x94, 0xfd, 0x34, 0x68, 0xbd, 0x1d, 0x19, 0x1e, 0x8f, 0x7c, 0x62, 0xcd, 0x93, 0xf1, - 0x27, 0xba, 0x0b, 0x37, 0x15, 0x40, 0x9f, 0x08, 0x11, 0x75, 0x7e, 0x4e, 0xc6, 0x29, 0x49, 0x61, - 0x57, 0xc9, 0xcc, 0x67, 0x30, 0x1f, 0x3b, 0xa3, 0x12, 0x14, 0x7a, 0x87, 0x76, 0xdb, 0xb2, 0x0e, - 0xad, 0xea, 0x35, 0xb4, 0x0c, 0xa8, 0xd3, 0x3b, 0x69, 0x1d, 0x74, 0xf6, 0xec, 0x4e, 0xb7, 0xb5, - 0xdf, 0xb6, 0x7b, 0xad, 0x6e, 0xbb, 0x9a, 0x41, 0x06, 0x2c, 0xf5, 0x0e, 0x6d, 0xad, 0xe8, 0x1d, - 0xb7, 0xf7, 0xad, 0xd6, 0x71, 0xe7, 0xb0, 0x57, 0xcd, 0xa2, 0x0a, 0x14, 0x8f, 0x76, 0x5b, 0x3d, - 0xfb, 0x51, 0xab, 0x73, 0xd0, 0xde, 0xab, 0xe6, 0xcc, 0xb7, 0x61, 0xf1, 0x09, 0x3b, 0xff, 0x47, - 0x74, 0x3d, 0x05, 0x63, 0x9f, 0x84, 0x32, 0x37, 0xe2, 0x4e, 0xbc, 0xd6, 0xfb, 0x50, 0x3e, 0x57, - 0x0a, 0x3b, 0xb5, 0x1d, 0x6e, 0xc5, 0x95, 0x9b, 0xf4, 0xb3, 0x6e, 0x9e, 0x27, 0x51, 0xcc, 0x07, - 0xb0, 0x79, 0xe9, 0x58, 0xdc, 0x23, 0x21, 0xa6, 0x9e, 0xa8, 0x2d, 0xc3, 0xd2, 0x31, 0xe7, 0x5d, - 0xcc, 0x46, 0x8f, 0x71, 0x80, 0x3d, 0x8f, 0x78, 0x91, 0x8b, 0x68, 0xfe, 0x54, 0x80, 0x92, 0xea, - 0x0a, 0xb5, 0xb3, 0xd1, 0x47, 0x50, 0x18, 0xcf, 0x47, 0xb4, 0x18, 0xbd, 0xc6, 0xc4, 0xf6, 0xac, - 0x4d, 0x0c, 0x56, 0x73, 0xe5, 0xbb, 0xdf, 0xff, 0xfa, 0x21, 0xbb, 0x80, 0x2a, 0xf1, 0xef, 0x83, - 0xd8, 0xf9, 0x9a, 0xba, 0xdf, 0xa0, 0x2e, 0x14, 0x13, 0xeb, 0x0b, 0xa5, 0x0a, 0xbb, 0xb6, 0x12, - 0x9d, 0x66, 0x6c, 0xb7, 0x59, 0x70, 0x72, 0xc1, 0xa1, 0x47, 0x00, 0x17, 0xfb, 0x74, 0x02, 0x6d, - 0x39, 0x3a, 0x4d, 0x6f, 0x5b, 0x13, 0x49, 0xb0, 0x12, 0x82, 0x0b, 0x30, 0xd4, 0x85, 0xf9, 0x98, - 0x2d, 0xb4, 0x14, 0x39, 0x4e, 0xee, 0xcd, 0xa9, 0x14, 0x6b, 0x12, 0x66, 0xc9, 0x4c, 0xa6, 0x18, - 0xf5, 0xf8, 0x83, 0xcc, 0x36, 0x7a, 0x0c, 0x0b, 0x53, 0xe4, 0xa3, 0xb5, 0x14, 0xec, 0xc4, 0xa8, - 0xac, 0xdd, 0xb9, 0x44, 0xab, 0x8b, 0xe1, 0x25, 0x6c, 0x5c, 0xb1, 0xa1, 0xd0, 0x76, 0xf2, 0x61, - 0xde, 0xbc, 0xc6, 0xae, 0x88, 0x66, 0xe6, 0xbe, 0xcf, 0x66, 0xd0, 0x17, 0x60, 0x5c, 0x36, 0xdf, - 0xd1, 0xdd, 0xc8, 0xff, 0x8a, 0xe9, 0x7f, 0x55, 0x4a, 0xcf, 0x60, 0xa3, 0xc3, 0x86, 0xd8, 0xa3, - 0x2e, 0x0e, 0x49, 0x64, 0xd6, 0x62, 0xae, 0x45, 0x4e, 0xa9, 0x08, 0x83, 0xd1, 0x6e, 0xb4, 0xe5, - 0x05, 0x9a, 0x97, 0x61, 0xa2, 0x5f, 0xc4, 0xda, 0xc5, 0xa7, 0x79, 0x57, 0x32, 0x7f, 0x07, 0xdd, - 0x4e, 0x30, 0x2f, 0x7f, 0x0b, 0x76, 0x68, 0x8c, 0x87, 0x9e, 0x40, 0x29, 0x39, 0x03, 0x91, 0xac, - 0xad, 0x19, 0xa3, 0xb6, 0x66, 0x4c, 0x2b, 0xd2, 0x85, 0xb2, 0x9d, 0x2c, 0x94, 0xcf, 0x00, 0x2e, - 0x26, 0x11, 0xba, 0x35, 0x39, 0x99, 0x14, 0xe4, 0xf2, 0xec, 0x81, 0x65, 0xae, 0x49, 0xc0, 0x65, - 0x73, 0x21, 0x02, 0xd4, 0xed, 0xaa, 0x70, 0xa3, 0xa2, 0xe9, 0x42, 0x29, 0x39, 0x36, 0xd4, 0x8d, - 0x67, 0x0c, 0x92, 0x24, 0x15, 0xab, 0x12, 0x71, 0x71, 0x7b, 0x1a, 0x11, 0x9d, 0x40, 0x75, 0x72, - 0xb4, 0x24, 0xf9, 0x5c, 0xd3, 0xd5, 0x32, 0x73, 0xf6, 0x8c, 0x71, 0xd1, 0x34, 0xee, 0x87, 0xf5, - 0x5f, 0x5f, 0xaf, 0x67, 0x7e, 0x7b, 0xbd, 0x9e, 0xf9, 0xe3, 0xf5, 0x7a, 0xe6, 0xc7, 0x3f, 0xd7, - 0xaf, 0x81, 0x41, 0x79, 0x5d, 0x84, 0xd8, 0xf9, 0x32, 0xe0, 0x5f, 0xa9, 0x1f, 0xec, 0x3a, 0xf6, - 0x69, 0x7d, 0xd8, 0xf8, 0x3c, 0x3b, 0x6c, 0x3c, 0xbd, 0xf6, 0x7c, 0x4e, 0xca, 0xde, 0xfd, 0x3b, - 0x00, 0x00, 0xff, 0xff, 0xcd, 0x39, 0x74, 0xf7, 0x4f, 0x0c, 0x00, 0x00, + // 1337 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xc4, 0x56, 0x41, 0x73, 0x1b, 0xc5, + 0x12, 0x8e, 0xa4, 0xc8, 0xb1, 0x5a, 0x8e, 0x24, 0x8f, 0x1d, 0x7b, 0xad, 0x38, 0xb6, 0x6a, 0xf3, + 0xde, 0x8b, 0x9f, 0xf3, 0x9e, 0x5c, 0x12, 0xc5, 0x25, 0x45, 0x15, 0x11, 0xb6, 0x62, 0x44, 0x59, + 0xb2, 0x59, 0x3b, 0x26, 0x50, 0x29, 0xb6, 0x26, 0xbb, 0x13, 0x7b, 0x8a, 0xd5, 0xec, 0x66, 0x67, + 0x24, 0xa3, 0x50, 0x1c, 0xe0, 0xc4, 0x9d, 0x0b, 0xc5, 0xcf, 0xe0, 0x2f, 0x70, 0xe1, 0x48, 0x15, + 0x47, 0x2e, 0x54, 0xe0, 0x87, 0x50, 0x3b, 0x33, 0x5a, 0xef, 0x4a, 0x4a, 0x0c, 0x27, 0x6e, 0x3b, + 0xdd, 0x3d, 0x5f, 0x6f, 0x7f, 0xdd, 0xf3, 0xcd, 0x40, 0x15, 0x07, 0x74, 0x67, 0xd8, 0xd8, 0xa1, + 0x7d, 0x7c, 0x46, 0x6c, 0x4e, 0xc2, 0x21, 0x75, 0x48, 0x3d, 0x08, 0x7d, 0xe1, 0xa3, 0xec, 0xb0, + 0x51, 0x5d, 0x3f, 0xf3, 0xfd, 0x33, 0x8f, 0xec, 0x44, 0x61, 0x98, 0x31, 0x5f, 0x60, 0x41, 0x7d, + 0xc6, 0x55, 0x44, 0xf5, 0xb6, 0xde, 0xcd, 0x09, 0x0e, 0x9d, 0xf3, 0xf4, 0xf6, 0x2a, 0xd2, 0x4e, + 0xd2, 0x0f, 0xc4, 0x48, 0xdb, 0x36, 0xb8, 0x83, 0x19, 0x23, 0xe1, 0x8e, 0xf6, 0x39, 0x7e, 0x3f, + 0xf0, 0x19, 0x61, 0x42, 0xfb, 0xd7, 0x26, 0xfc, 0xcc, 0x17, 0x63, 0xb8, 0x25, 0x2e, 0xfc, 0x10, + 0x9f, 0x11, 0xf5, 0xab, 0xda, 0x68, 0x8c, 0x8d, 0x2e, 0x09, 0x3c, 0x7f, 0xd4, 0x8f, 0x91, 0xcc, + 0x0b, 0x28, 0xef, 0x13, 0xd1, 0x89, 0x62, 0x2d, 0xf2, 0x62, 0x40, 0xb8, 0x40, 0x25, 0xc8, 0x52, + 0xd7, 0xc8, 0xd4, 0x32, 0x5b, 0x05, 0x2b, 0x4b, 0x5d, 0x74, 0x0f, 0xca, 0x94, 0x39, 0xde, 0xc0, + 0x25, 0x36, 0x67, 0xbe, 0xff, 0x92, 0xb8, 0x46, 0xb6, 0x96, 0xd9, 0x9a, 0xb7, 0x4a, 0xda, 0x7c, + 0xac, 0xac, 0xe8, 0x3e, 0x2c, 0x72, 0x11, 0xd2, 0xc0, 0x76, 0x09, 0x77, 0x42, 0x1a, 0x44, 0x14, + 0x18, 0x39, 0x19, 0x5a, 0x91, 0x8e, 0xbd, 0x4b, 0xbb, 0xf9, 0x10, 0xd0, 0x01, 0xe5, 0x2a, 0x33, + 0xb7, 0x08, 0x0f, 0x7c, 0xc6, 0x09, 0xda, 0x86, 0x39, 0xf9, 0xdf, 0xdc, 0xc8, 0xd4, 0x72, 0x5b, + 0xc5, 0x26, 0xaa, 0xeb, 0x3f, 0xaf, 0xc7, 0xc1, 0x96, 0x8e, 0x30, 0xef, 0xc3, 0xd2, 0xae, 0x3f, + 0x60, 0x93, 0x10, 0xcb, 0x90, 0x77, 0x22, 0xb3, 0xac, 0x20, 0x6f, 0xa9, 0x85, 0x19, 0x40, 0xe5, + 0xd8, 0xc1, 0x2c, 0x55, 0xe8, 0x1d, 0x00, 0xd5, 0x4f, 0x86, 0xfb, 0x44, 0x17, 0x5c, 0x90, 0x96, + 0x1e, 0xee, 0x4b, 0xa0, 0xe7, 0x7e, 0xe8, 0x10, 0x5d, 0xad, 0x5a, 0xcc, 0x62, 0x23, 0x37, 0x8b, + 0x0d, 0xf3, 0xd7, 0x0c, 0x18, 0x71, 0xca, 0x0e, 0x13, 0x24, 0x64, 0xd8, 0x1b, 0xa7, 0xfe, 0x3f, + 0xe4, 0x65, 0x22, 0x99, 0xb5, 0xd8, 0x5c, 0x8d, 0xcb, 0xdc, 0xf5, 0x99, 0xc0, 0x94, 0x91, 0x50, + 0xfd, 0xa9, 0x8a, 0x42, 0x9b, 0x50, 0x74, 0xb0, 0x73, 0x4e, 0x5c, 0xdb, 0x67, 0xde, 0x48, 0x27, + 0x04, 0x65, 0x3a, 0x64, 0xde, 0x28, 0x2a, 0xc5, 0xf1, 0x06, 0x5c, 0x90, 0xd0, 0xa6, 0xae, 0x71, + 0x5d, 0x95, 0xa2, 0x2d, 0x1d, 0x17, 0xad, 0x43, 0x21, 0xaa, 0x91, 0x07, 0xd8, 0x21, 0x46, 0x5e, + 0x79, 0x63, 0x03, 0xfa, 0x1f, 0x20, 0xc5, 0x43, 0x30, 0xf0, 0x3c, 0x9b, 0x13, 0x27, 0x24, 0x82, + 0x1b, 0x73, 0xb5, 0xdc, 0x56, 0xc1, 0xaa, 0x48, 0xcf, 0xd1, 0xc0, 0xf3, 0x8e, 0x95, 0xfd, 0x83, + 0xeb, 0xf3, 0xd9, 0x4a, 0xce, 0x6c, 0xc1, 0xda, 0x8c, 0xe2, 0x74, 0x0b, 0xfe, 0x95, 0xae, 0xae, + 0x14, 0x57, 0x97, 0x2c, 0xca, 0xfc, 0x21, 0x0b, 0xff, 0x19, 0xcf, 0xde, 0xe9, 0xc0, 0x63, 0x24, + 0xc4, 0xcf, 0xa8, 0x47, 0x05, 0x25, 0x7c, 0x92, 0xae, 0x35, 0x98, 0x57, 0x7f, 0x18, 0x0f, 0xe6, + 0x0d, 0xb9, 0xee, 0xb8, 0xa8, 0x91, 0x6a, 0x62, 0x56, 0x26, 0x44, 0xe9, 0x84, 0x51, 0x37, 0x93, + 0x8d, 0x6d, 0xc2, 0x7c, 0x9f, 0x08, 0xec, 0x62, 0x81, 0x25, 0x95, 0xc5, 0xe6, 0x4a, 0x7a, 0x43, + 0x57, 0x7b, 0xad, 0x38, 0x0e, 0x6d, 0x41, 0x85, 0x72, 0x7b, 0xcc, 0xb1, 0xe7, 0x3b, 0xd8, 0x33, + 0xe6, 0x74, 0xdf, 0xf9, 0xae, 0x32, 0x1f, 0x44, 0x56, 0xf4, 0x36, 0x40, 0x7c, 0x5c, 0xb9, 0x6c, + 0x45, 0xb1, 0x79, 0xab, 0xae, 0x0f, 0xec, 0x69, 0xa3, 0xbe, 0x1b, 0x3b, 0xad, 0x44, 0x20, 0xfa, + 0x37, 0xe4, 0xa3, 0x53, 0xcc, 0x8d, 0x7c, 0x2d, 0xb7, 0x55, 0x6a, 0x96, 0x13, 0x3b, 0x7a, 0xbe, + 0x20, 0x96, 0xf2, 0x9a, 0x3f, 0x66, 0x61, 0xb3, 0xcd, 0x42, 0xea, 0x9c, 0xcb, 0x6c, 0x33, 0x87, + 0xeb, 0x9f, 0x67, 0xeb, 0x21, 0x94, 0xb5, 0x52, 0xd2, 0x33, 0x86, 0xc5, 0x20, 0x24, 0x9a, 0x88, + 0xd5, 0xf4, 0xd6, 0xe3, 0xb1, 0xdb, 0x2a, 0xd1, 0xd4, 0x7a, 0x82, 0xc5, 0xfc, 0xdf, 0x66, 0x71, + 0xee, 0x8d, 0x2c, 0x1e, 0xc3, 0xd2, 0x1e, 0xf1, 0x88, 0x20, 0x63, 0xed, 0x50, 0xc4, 0x99, 0x90, + 0x7f, 0x31, 0x20, 0xe1, 0x48, 0xcf, 0xed, 0x42, 0x7d, 0xd8, 0xa8, 0x5b, 0xf8, 0xe2, 0xc3, 0xc8, + 0x66, 0x29, 0x17, 0x32, 0xe0, 0x86, 0xe3, 0xb3, 0xe7, 0x34, 0xec, 0x6b, 0x5d, 0x18, 0x2f, 0xcd, + 0x23, 0x58, 0x4e, 0x83, 0xea, 0xd3, 0xb0, 0x09, 0x45, 0x36, 0xe8, 0xdb, 0xae, 0xf4, 0xa9, 0x8e, + 0xdc, 0xb4, 0x80, 0x0d, 0xfa, 0x2a, 0xda, 0x45, 0xab, 0x70, 0xc3, 0x0d, 0x47, 0x76, 0x38, 0x60, + 0x1a, 0x72, 0xce, 0x0d, 0x47, 0xd6, 0x80, 0x99, 0xf7, 0x60, 0xf1, 0x23, 0x2c, 0x9c, 0xf3, 0x94, + 0x6a, 0x21, 0xb8, 0x9e, 0xd0, 0x2b, 0xf9, 0x6d, 0x7e, 0x95, 0x05, 0x94, 0x8c, 0xd4, 0x99, 0xef, + 0x41, 0x99, 0xf9, 0x61, 0x1f, 0x7b, 0xf4, 0x25, 0x71, 0x93, 0x2a, 0x57, 0xba, 0x34, 0xcb, 0x1e, + 0xbf, 0x0b, 0x40, 0xc2, 0xd0, 0x0f, 0x6d, 0x31, 0x0a, 0xd4, 0x58, 0x94, 0x9a, 0xb5, 0xa8, 0xfa, + 0x69, 0xd0, 0x7a, 0x3b, 0x0a, 0x3c, 0x19, 0x05, 0xc4, 0x2a, 0x90, 0xf1, 0x27, 0xba, 0x0b, 0x37, + 0x15, 0x40, 0x9f, 0x70, 0x1e, 0x9d, 0xfc, 0x9c, 0xcc, 0xb3, 0x20, 0x8d, 0x5d, 0x65, 0x33, 0x9f, + 0x42, 0x21, 0xde, 0x8c, 0x16, 0x60, 0xbe, 0x77, 0x68, 0xb7, 0x2d, 0xeb, 0xd0, 0xaa, 0x5c, 0x43, + 0x2b, 0x80, 0x3a, 0xbd, 0xd3, 0xd6, 0x41, 0x67, 0xcf, 0xee, 0x74, 0x5b, 0xfb, 0x6d, 0xbb, 0xd7, + 0xea, 0xb6, 0x2b, 0x19, 0x64, 0xc0, 0x72, 0xef, 0xd0, 0xd6, 0x8e, 0xde, 0x49, 0x7b, 0xdf, 0x6a, + 0x9d, 0x74, 0x0e, 0x7b, 0x95, 0x2c, 0x2a, 0x43, 0xf1, 0x78, 0xb7, 0xd5, 0xb3, 0x1f, 0xb5, 0x3a, + 0x07, 0xed, 0xbd, 0x4a, 0xce, 0xfc, 0x2f, 0x2c, 0x3d, 0x66, 0x17, 0x7f, 0x89, 0xae, 0x27, 0x60, + 0xec, 0x13, 0x21, 0x6b, 0x23, 0xee, 0x44, 0xb7, 0xde, 0x81, 0xd2, 0x85, 0x72, 0xd8, 0xa9, 0x9b, + 0xe8, 0x56, 0x3c, 0xb9, 0xc9, 0x7d, 0xd6, 0xcd, 0x8b, 0x24, 0x8a, 0xf9, 0x00, 0x6a, 0xaf, 0x95, + 0xc5, 0x3d, 0x22, 0x30, 0xf5, 0x78, 0x75, 0x05, 0x96, 0x4f, 0x7c, 0xbf, 0x8b, 0xd9, 0xe8, 0x08, + 0x87, 0xd8, 0xf3, 0x88, 0x17, 0x6d, 0xe1, 0xcd, 0xef, 0xe7, 0x61, 0x41, 0x9d, 0x0a, 0xf5, 0x3e, + 0x40, 0xef, 0xc3, 0xfc, 0x58, 0x1f, 0xd1, 0x52, 0xd4, 0x8d, 0x89, 0x9b, 0xba, 0x3a, 0x21, 0xac, + 0xe6, 0xea, 0xd7, 0xbf, 0xfc, 0xf1, 0x6d, 0x76, 0x11, 0x95, 0xe3, 0xa7, 0x0a, 0xdf, 0xf9, 0x82, + 0xba, 0x5f, 0xa2, 0x2e, 0x14, 0x13, 0x57, 0x25, 0x4a, 0x0d, 0x76, 0x75, 0x35, 0x5a, 0xcd, 0xb8, + 0x49, 0x67, 0xc1, 0xc9, 0xcb, 0x14, 0x3d, 0x02, 0xb8, 0xbc, 0xbb, 0x27, 0xd0, 0x56, 0xa2, 0xd5, + 0xf4, 0xcd, 0x6e, 0x22, 0x09, 0xb6, 0x80, 0xe0, 0x12, 0x0c, 0x75, 0xa1, 0x10, 0xb3, 0x85, 0x96, + 0xa3, 0x8d, 0x93, 0x77, 0xf4, 0x54, 0x89, 0x55, 0x09, 0xb3, 0x6c, 0x26, 0x4b, 0x8c, 0xce, 0xf8, + 0x83, 0xcc, 0x36, 0x3a, 0x82, 0xc5, 0x29, 0xf2, 0xd1, 0x7a, 0x0a, 0x76, 0x42, 0x2a, 0xab, 0x77, + 0x5e, 0xe3, 0xd5, 0xc3, 0xf0, 0x02, 0x36, 0xaf, 0xb8, 0xa1, 0xd0, 0x76, 0xb2, 0x31, 0x6f, 0xbe, + 0xc6, 0xae, 0xc8, 0x66, 0xe6, 0xbe, 0xc9, 0x66, 0xd0, 0xa7, 0x60, 0xbc, 0x4e, 0xdf, 0xd1, 0xdd, + 0x68, 0xff, 0x15, 0xea, 0x7f, 0x55, 0x49, 0x4f, 0x61, 0xb3, 0xc3, 0x86, 0xd8, 0xa3, 0x2e, 0x16, + 0x24, 0x0a, 0x6b, 0x31, 0xd7, 0x22, 0x67, 0x94, 0x8b, 0x70, 0xb4, 0x1b, 0x3d, 0x28, 0x38, 0x2a, + 0xc8, 0x34, 0xd1, 0x73, 0xb4, 0x7a, 0xf9, 0x69, 0xde, 0x95, 0xcc, 0xdf, 0x41, 0xb7, 0x13, 0xcc, + 0xcb, 0x17, 0xc8, 0x0e, 0x8d, 0xf1, 0xd0, 0x63, 0x58, 0x48, 0x6a, 0x20, 0x92, 0xb3, 0x35, 0x43, + 0x6a, 0xab, 0xc6, 0xb4, 0x23, 0x3d, 0x28, 0xdb, 0xc9, 0x41, 0xf9, 0x18, 0xe0, 0x52, 0x89, 0xd0, + 0xad, 0x49, 0x65, 0x52, 0x90, 0x2b, 0xb3, 0x05, 0xcb, 0x5c, 0x97, 0x80, 0x2b, 0xe6, 0x62, 0x04, + 0xa8, 0x8f, 0xab, 0xc2, 0x8d, 0x86, 0xa6, 0x0b, 0x0b, 0x49, 0xd9, 0x50, 0x7f, 0x3c, 0x43, 0x48, + 0x92, 0x54, 0xac, 0x49, 0xc4, 0xa5, 0xed, 0x69, 0x44, 0x74, 0x0a, 0x95, 0x49, 0x69, 0x49, 0xf2, + 0xb9, 0xae, 0xa7, 0x65, 0xa6, 0xf6, 0x8c, 0x71, 0xd1, 0x34, 0xee, 0x7b, 0xf5, 0x9f, 0x5e, 0x6d, + 0x64, 0x7e, 0x7e, 0xb5, 0x91, 0xf9, 0xed, 0xd5, 0x46, 0xe6, 0xbb, 0xdf, 0x37, 0xae, 0x81, 0x41, + 0xfd, 0x3a, 0x17, 0xd8, 0xf9, 0x2c, 0xf4, 0x3f, 0x57, 0x8f, 0xf9, 0x3a, 0x0e, 0x68, 0x7d, 0xd8, + 0xf8, 0x24, 0x3b, 0x6c, 0x3c, 0xb9, 0xf6, 0x6c, 0x4e, 0xda, 0xde, 0xfa, 0x33, 0x00, 0x00, 0xff, + 0xff, 0x0d, 0x73, 0xfa, 0x16, 0xbb, 0x0c, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -2024,6 +2056,29 @@ func (m *ScanImageInternalRequest) MarshalToSizedBuffer(dAtA []byte) (int, error i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if len(m.ImagePullSecrets) > 0 { + for iNdEx := len(m.ImagePullSecrets) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.ImagePullSecrets[iNdEx]) + copy(dAtA[i:], m.ImagePullSecrets[iNdEx]) + i = encodeVarintImageService(dAtA, i, uint64(len(m.ImagePullSecrets[iNdEx]))) + i-- + dAtA[i] = 0x32 + } + } + if len(m.Namespace) > 0 { + i -= len(m.Namespace) + copy(dAtA[i:], m.Namespace) + i = encodeVarintImageService(dAtA, i, uint64(len(m.Namespace))) + i-- + dAtA[i] = 0x2a + } + if len(m.ClusterId) > 0 { + i -= len(m.ClusterId) + copy(dAtA[i:], m.ClusterId) + i = encodeVarintImageService(dAtA, i, uint64(len(m.ClusterId))) + i-- + dAtA[i] = 0x22 + } if m.CachedOnly { i-- if m.CachedOnly { @@ -2687,6 +2742,20 @@ func (m *ScanImageInternalRequest) Size() (n int) { if m.CachedOnly { n += 2 } + l = len(m.ClusterId) + if l > 0 { + n += 1 + l + sovImageService(uint64(l)) + } + l = len(m.Namespace) + if l > 0 { + n += 1 + l + sovImageService(uint64(l)) + } + if len(m.ImagePullSecrets) > 0 { + for _, s := range m.ImagePullSecrets { + l = len(s) + n += 1 + l + sovImageService(uint64(l)) + } + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -3412,6 +3481,102 @@ func (m *ScanImageInternalRequest) Unmarshal(dAtA []byte) error { } } m.CachedOnly = bool(v != 0) + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ClusterId", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowImageService + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthImageService + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthImageService + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ClusterId = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowImageService + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthImageService + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthImageService + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Namespace = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 6: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ImagePullSecrets", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowImageService + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthImageService + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthImageService + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ImagePullSecrets = append(m.ImagePullSecrets, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipImageService(dAtA[iNdEx:]) diff --git a/generated/storage/image_integration.pb.go b/generated/storage/image_integration.pb.go index afb5e55f47ead..d9b3be9a34801 100644 --- a/generated/storage/image_integration.pb.go +++ b/generated/storage/image_integration.pb.go @@ -55,7 +55,7 @@ func (ImageIntegrationCategory) EnumDescriptor() ([]byte, []int) { return fileDescriptor_9e3766be4a43c581, []int{0} } -// Next Tag: 21 +// Next Tag: 22 type ImageIntegration struct { Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty" sql:"pk"` Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty" sql:"unique"` @@ -73,6 +73,7 @@ type ImageIntegration struct { Autogenerated bool `protobuf:"varint,15,opt,name=autogenerated,proto3" json:"autogenerated,omitempty"` ClusterId string `protobuf:"bytes,16,opt,name=cluster_id,json=clusterId,proto3" json:"cluster_id,omitempty" search:"Cluster ID,hidden,store"` SkipTestIntegration bool `protobuf:"varint,18,opt,name=skip_test_integration,json=skipTestIntegration,proto3" json:"skip_test_integration,omitempty"` + Source *ImageIntegration_Source `protobuf:"bytes,21,opt,name=source,proto3" json:"source,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -323,6 +324,13 @@ func (m *ImageIntegration) GetSkipTestIntegration() bool { return false } +func (m *ImageIntegration) GetSource() *ImageIntegration_Source { + if m != nil { + return m.Source + } + return nil +} + // XXX_OneofWrappers is for the internal use of the proto package. func (*ImageIntegration) XXX_OneofWrappers() []interface{} { return []interface{}{ @@ -353,6 +361,83 @@ func (m *ImageIntegration) Clone() *ImageIntegration { if m.IntegrationConfig != nil { cloned.IntegrationConfig = m.IntegrationConfig.Clone() } + cloned.Source = m.Source.Clone() + return cloned +} + +type ImageIntegration_Source struct { + ClusterId string `protobuf:"bytes,1,opt,name=cluster_id,json=clusterId,proto3" json:"cluster_id,omitempty"` + Namespace string `protobuf:"bytes,2,opt,name=namespace,proto3" json:"namespace,omitempty"` + Name string `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *ImageIntegration_Source) Reset() { *m = ImageIntegration_Source{} } +func (m *ImageIntegration_Source) String() string { return proto.CompactTextString(m) } +func (*ImageIntegration_Source) ProtoMessage() {} +func (*ImageIntegration_Source) Descriptor() ([]byte, []int) { + return fileDescriptor_9e3766be4a43c581, []int{0, 0} +} +func (m *ImageIntegration_Source) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *ImageIntegration_Source) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_ImageIntegration_Source.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *ImageIntegration_Source) XXX_Merge(src proto.Message) { + xxx_messageInfo_ImageIntegration_Source.Merge(m, src) +} +func (m *ImageIntegration_Source) XXX_Size() int { + return m.Size() +} +func (m *ImageIntegration_Source) XXX_DiscardUnknown() { + xxx_messageInfo_ImageIntegration_Source.DiscardUnknown(m) +} + +var xxx_messageInfo_ImageIntegration_Source proto.InternalMessageInfo + +func (m *ImageIntegration_Source) GetClusterId() string { + if m != nil { + return m.ClusterId + } + return "" +} + +func (m *ImageIntegration_Source) GetNamespace() string { + if m != nil { + return m.Namespace + } + return "" +} + +func (m *ImageIntegration_Source) GetName() string { + if m != nil { + return m.Name + } + return "" +} + +func (m *ImageIntegration_Source) MessageClone() proto.Message { + return m.Clone() +} +func (m *ImageIntegration_Source) Clone() *ImageIntegration_Source { + if m == nil { + return nil + } + cloned := new(ImageIntegration_Source) + *cloned = *m + return cloned } @@ -1107,6 +1192,7 @@ func (m *GoogleConfig) Clone() *GoogleConfig { func init() { proto.RegisterEnum("storage.ImageIntegrationCategory", ImageIntegrationCategory_name, ImageIntegrationCategory_value) proto.RegisterType((*ImageIntegration)(nil), "storage.ImageIntegration") + proto.RegisterType((*ImageIntegration_Source)(nil), "storage.ImageIntegration.Source") proto.RegisterType((*IBMRegistryConfig)(nil), "storage.IBMRegistryConfig") proto.RegisterType((*QuayConfig)(nil), "storage.QuayConfig") proto.RegisterType((*QuayConfig_RobotAccount)(nil), "storage.QuayConfig.RobotAccount") @@ -1121,81 +1207,84 @@ func init() { func init() { proto.RegisterFile("storage/image_integration.proto", fileDescriptor_9e3766be4a43c581) } var fileDescriptor_9e3766be4a43c581 = []byte{ - // 1171 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x96, 0xdd, 0x6e, 0x1b, 0xc5, - 0x17, 0xc0, 0xeb, 0xc4, 0x1f, 0xeb, 0x13, 0x27, 0xb1, 0x27, 0xe9, 0xbf, 0xfb, 0xb7, 0x50, 0x6c, - 0x56, 0x51, 0x15, 0x20, 0x72, 0x4a, 0xa0, 0x48, 0x04, 0x09, 0xc9, 0x71, 0xa2, 0xe2, 0x14, 0x8a, - 0xd8, 0xe4, 0x86, 0x5e, 0xb0, 0x9a, 0xec, 0x9e, 0xba, 0x43, 0xec, 0x1d, 0x77, 0x66, 0xb6, 0xad, - 0x79, 0x08, 0xae, 0x11, 0x6f, 0x81, 0x78, 0x04, 0x6e, 0xb8, 0x83, 0x7b, 0x24, 0x0b, 0x15, 0x89, - 0x07, 0xf0, 0x13, 0xa0, 0x99, 0xfd, 0xf0, 0x26, 0x21, 0xa1, 0x52, 0x73, 0xb7, 0x73, 0xce, 0x6f, - 0xce, 0x9e, 0xaf, 0x39, 0x33, 0xd0, 0x92, 0x8a, 0x0b, 0x3a, 0xc0, 0x1d, 0x36, 0xa2, 0x03, 0xf4, - 0x58, 0xa8, 0x70, 0x20, 0xa8, 0x62, 0x3c, 0xec, 0x8c, 0x05, 0x57, 0x9c, 0x54, 0x12, 0xa0, 0xb9, - 0x3e, 0xe0, 0x03, 0x6e, 0x64, 0x3b, 0xfa, 0x2b, 0x56, 0x37, 0x5b, 0x03, 0xce, 0x07, 0x43, 0xdc, - 0x31, 0xab, 0xd3, 0xe8, 0xc9, 0x8e, 0x62, 0x23, 0x94, 0x8a, 0x8e, 0xc6, 0x31, 0xe0, 0xfc, 0x56, - 0x82, 0x7a, 0x5f, 0xdb, 0xee, 0xcf, 0x4d, 0x93, 0xb7, 0x60, 0x81, 0x05, 0x76, 0xa1, 0x5d, 0xd8, - 0xaa, 0xee, 0xd7, 0x66, 0xd3, 0x96, 0x25, 0x9f, 0x0d, 0xf7, 0x9c, 0xf1, 0x99, 0xe3, 0x2e, 0xb0, - 0x80, 0x6c, 0x42, 0x31, 0xa4, 0x23, 0xb4, 0x17, 0x8c, 0xbe, 0x3e, 0x9b, 0xb6, 0x6a, 0x46, 0x1f, - 0x85, 0xec, 0x59, 0x84, 0x8e, 0x6b, 0xb4, 0x84, 0x40, 0x51, 0x4d, 0xc6, 0x68, 0x2f, 0x6a, 0xca, - 0x35, 0xdf, 0xa4, 0x0b, 0xe0, 0x53, 0x85, 0x03, 0x2e, 0x18, 0x4a, 0xbb, 0xdc, 0x5e, 0xdc, 0x5a, - 0xd9, 0x7d, 0xbb, 0x93, 0x44, 0xd0, 0xb9, 0xe8, 0x46, 0x2f, 0x46, 0x27, 0x6e, 0x6e, 0x13, 0xb9, - 0x0f, 0x96, 0x3f, 0xa4, 0x4c, 0xb0, 0x27, 0x13, 0xdb, 0x6a, 0x17, 0xb6, 0x96, 0x76, 0xef, 0x64, - 0x06, 0x7a, 0x89, 0xa2, 0xc7, 0xc3, 0x27, 0x6c, 0xf0, 0xd9, 0x2d, 0x37, 0x43, 0xc9, 0x0e, 0x94, - 0x03, 0xee, 0x9f, 0xa1, 0xb0, 0xab, 0x66, 0xd3, 0xed, 0x6c, 0xd3, 0x81, 0x11, 0x67, 0x5b, 0x12, - 0x8c, 0xbc, 0x03, 0xc5, 0x67, 0x11, 0x9d, 0xd8, 0x60, 0xf0, 0xb5, 0x0c, 0xff, 0x2a, 0xa2, 0x73, - 0xfb, 0x06, 0x21, 0x77, 0x61, 0x11, 0x7d, 0x61, 0x2f, 0x19, 0x92, 0x64, 0xe4, 0x61, 0xcf, 0xcd, - 0x40, 0x0d, 0x68, 0x1f, 0xe2, 0x6a, 0xd8, 0xcb, 0x17, 0x7c, 0x78, 0x60, 0xc4, 0x73, 0x1f, 0x62, - 0x8c, 0x6c, 0x43, 0xc9, 0x04, 0x60, 0xaf, 0x18, 0x7e, 0xfd, 0x7c, 0xa0, 0x19, 0x1e, 0x43, 0xa4, - 0x03, 0x8b, 0xec, 0x74, 0x64, 0xaf, 0x1b, 0xb6, 0x39, 0xcf, 0xea, 0xfe, 0x17, 0x2e, 0x0e, 0x98, - 0x54, 0x62, 0xee, 0xb7, 0x06, 0xc9, 0x26, 0x2c, 0xd3, 0x48, 0xf1, 0x01, 0x86, 0x28, 0xa8, 0xc2, - 0xc0, 0x5e, 0x6d, 0x17, 0xb6, 0x2c, 0xf7, 0xbc, 0x90, 0xf4, 0x00, 0xfc, 0x61, 0x24, 0x15, 0x0a, - 0x8f, 0x05, 0x76, 0xdd, 0x94, 0x7c, 0x73, 0x36, 0x6d, 0xb5, 0x25, 0x52, 0xe1, 0x3f, 0xdd, 0x73, - 0x7a, 0xb1, 0xb6, 0xdd, 0x3f, 0xd8, 0x7e, 0xca, 0x82, 0x00, 0xc3, 0x6d, 0xfd, 0x67, 0x74, 0xdc, - 0x6a, 0xb2, 0xaf, 0x1f, 0x90, 0x5d, 0xb8, 0x2d, 0xcf, 0xd8, 0xd8, 0x53, 0x28, 0x55, 0xbe, 0x87, - 0x6d, 0x62, 0x7e, 0xb9, 0xa6, 0x95, 0x27, 0x28, 0x55, 0xae, 0xf8, 0xfb, 0x6b, 0xd0, 0xc8, 0xf7, - 0x82, 0x71, 0xfd, 0xa8, 0x68, 0x15, 0xeb, 0xa5, 0xa3, 0xa2, 0x55, 0xaa, 0x97, 0x8f, 0x8a, 0x56, - 0xa5, 0x6e, 0x1d, 0x15, 0xad, 0x5a, 0x7d, 0xf9, 0xa8, 0x68, 0x35, 0xea, 0xe4, 0xa8, 0x68, 0xad, - 0xd5, 0xd7, 0x9d, 0xef, 0x0b, 0xd0, 0xb8, 0x14, 0x34, 0xf9, 0x1c, 0x2c, 0x0c, 0x83, 0x31, 0x67, - 0xa1, 0x4a, 0x1a, 0xfb, 0xde, 0x6c, 0xda, 0xda, 0x96, 0xbe, 0x88, 0x4e, 0xf7, 0x9c, 0x00, 0xc7, - 0x18, 0x06, 0x18, 0x2a, 0xa7, 0xfd, 0x9c, 0x0e, 0x59, 0x40, 0x15, 0xee, 0x39, 0x21, 0x1f, 0x72, - 0x9f, 0x0e, 0xd3, 0x6d, 0x8e, 0x9b, 0x59, 0x20, 0xef, 0x41, 0x85, 0x8e, 0x99, 0x77, 0x86, 0x93, - 0xe4, 0x14, 0x90, 0xd9, 0xb4, 0xb5, 0x92, 0x18, 0xa3, 0xc3, 0x17, 0x74, 0x22, 0x1d, 0xb7, 0x4c, - 0xc7, 0xec, 0x21, 0x4e, 0x9c, 0xbf, 0x17, 0x00, 0xe6, 0x6d, 0x73, 0xc3, 0x9e, 0xec, 0x02, 0x70, - 0x1a, 0xa9, 0xa7, 0x27, 0xfc, 0x0c, 0xc3, 0x6b, 0x9c, 0xc9, 0x51, 0xa4, 0x09, 0x16, 0x0b, 0x25, - 0xfa, 0x91, 0x88, 0x8f, 0xa7, 0xe5, 0x66, 0x6b, 0xf2, 0x0d, 0x34, 0x45, 0x92, 0x39, 0x4f, 0xf0, - 0x53, 0xae, 0x3c, 0x5f, 0xa0, 0xf6, 0x87, 0xd1, 0xa1, 0xb4, 0x8b, 0xa6, 0xb9, 0xda, 0xff, 0x72, - 0x1a, 0x3a, 0xae, 0x86, 0xbb, 0xbe, 0xcf, 0xa3, 0x50, 0xb9, 0x76, 0x6a, 0xc3, 0x48, 0x7b, 0x73, - 0x0b, 0xcd, 0xc7, 0x50, 0xcb, 0x93, 0xda, 0x97, 0x48, 0xa2, 0x30, 0x03, 0xc5, 0x64, 0xc3, 0xcd, - 0xd6, 0xa4, 0x03, 0xd6, 0x98, 0x4a, 0xf9, 0x82, 0x8b, 0xe0, 0x9a, 0xc8, 0x32, 0xc6, 0x41, 0x58, - 0xca, 0x9d, 0x0c, 0xb2, 0x77, 0x29, 0xd1, 0x1b, 0xb3, 0x69, 0xab, 0xf9, 0x5a, 0x69, 0xcd, 0xa7, - 0x68, 0xe1, 0x7c, 0x8a, 0x9c, 0x5f, 0x0a, 0xb0, 0x72, 0x7e, 0xd4, 0xbc, 0xd1, 0xaf, 0x7a, 0xb0, - 0x3c, 0x10, 0x63, 0xdf, 0xcb, 0x0c, 0x2c, 0xbe, 0x96, 0x81, 0x9a, 0xde, 0x74, 0x98, 0x1a, 0xb9, - 0x07, 0xeb, 0x61, 0x34, 0xf2, 0x7c, 0x1e, 0xfa, 0x91, 0x10, 0x18, 0x2a, 0x4f, 0xfa, 0x34, 0x94, - 0xc6, 0xf7, 0x92, 0x4b, 0xc2, 0x68, 0xd4, 0xcb, 0x54, 0xc7, 0x5a, 0xe3, 0xfc, 0x51, 0x80, 0x5a, - 0x7e, 0xf6, 0xdd, 0x70, 0x5f, 0xbe, 0x9f, 0xab, 0x6b, 0x5c, 0xbb, 0xdb, 0xb3, 0x69, 0xab, 0x71, - 0xc9, 0xda, 0x15, 0xe5, 0x5e, 0xfc, 0xef, 0x72, 0x9f, 0xab, 0x51, 0xf1, 0x42, 0x8d, 0x7e, 0x2a, - 0x41, 0x35, 0x1b, 0xc0, 0xa4, 0x05, 0x4b, 0x59, 0x53, 0xa7, 0x17, 0x9b, 0x0b, 0xa9, 0xa8, 0x1f, - 0x90, 0x8f, 0x60, 0x99, 0xfa, 0x3e, 0x4a, 0xa9, 0x8f, 0xb4, 0x46, 0xae, 0x6e, 0xb7, 0xa5, 0x18, - 0x7c, 0x88, 0x7a, 0xdf, 0xa7, 0xd0, 0x90, 0xe8, 0x0b, 0x54, 0xde, 0x7c, 0xfb, 0x35, 0xbe, 0xaf, - 0xc6, 0x70, 0x37, 0xb5, 0x40, 0xfe, 0x07, 0x65, 0xed, 0x05, 0x0f, 0x4d, 0x00, 0x55, 0x37, 0x59, - 0x91, 0x0e, 0x54, 0x22, 0x89, 0x1e, 0xa3, 0x23, 0xbb, 0xa4, 0x23, 0xbb, 0x2a, 0x79, 0xe5, 0x48, - 0x62, 0x9f, 0x8e, 0xce, 0xd5, 0xae, 0xfc, 0xc6, 0xb5, 0xbb, 0x0b, 0xab, 0xfa, 0xef, 0x54, 0xca, - 0x68, 0x84, 0x9e, 0xe0, 0x43, 0xb4, 0x2b, 0xf1, 0xdd, 0x10, 0x49, 0xec, 0x1a, 0xa9, 0xcb, 0x87, - 0x48, 0x36, 0x61, 0x25, 0xc7, 0xe8, 0xb4, 0x59, 0x26, 0x8a, 0x1a, 0xcd, 0x98, 0x7e, 0x40, 0xee, - 0xc3, 0x9d, 0x3c, 0x85, 0x2f, 0x95, 0xae, 0xf7, 0x50, 0xe3, 0x55, 0x83, 0xaf, 0xcf, 0xf1, 0xc3, - 0x44, 0xd9, 0x0f, 0xc8, 0x31, 0x10, 0x3d, 0xb1, 0xb8, 0x60, 0xdf, 0x99, 0x1b, 0xc0, 0x0b, 0xa8, - 0xa2, 0xc9, 0x75, 0xbc, 0x79, 0xf9, 0x92, 0xed, 0x74, 0xf3, 0xf0, 0x01, 0x55, 0xd4, 0x6d, 0xd0, - 0x8b, 0xa2, 0xe6, 0x8f, 0x05, 0x68, 0x5c, 0x02, 0x6f, 0x72, 0x06, 0x91, 0x8f, 0x01, 0xf0, 0xe5, - 0x98, 0x09, 0x94, 0x1e, 0x8d, 0x8f, 0xb2, 0xbe, 0x8c, 0xe3, 0x0b, 0xbd, 0x93, 0xbe, 0xc2, 0x3a, - 0x27, 0xe9, 0x2b, 0xcc, 0xad, 0x26, 0x74, 0x57, 0x39, 0x3f, 0x17, 0xa0, 0x96, 0x7f, 0x09, 0xdc, - 0xf0, 0x89, 0xfc, 0x04, 0x56, 0x25, 0x8a, 0xe7, 0xcc, 0x47, 0xdd, 0xac, 0x7a, 0xf8, 0x5e, 0x13, - 0xd0, 0x4a, 0x82, 0xa6, 0x63, 0xda, 0x86, 0xca, 0x58, 0xf0, 0x6f, 0xd1, 0x4f, 0xc6, 0x93, 0x9b, - 0x2e, 0xdf, 0x7d, 0x00, 0xf6, 0x55, 0x0f, 0x37, 0x52, 0x03, 0xcb, 0x3d, 0x7c, 0xd0, 0x3f, 0x3e, - 0x71, 0xbf, 0xae, 0xdf, 0x22, 0x4b, 0x50, 0x39, 0xee, 0x75, 0x1f, 0x3d, 0x3a, 0x74, 0xeb, 0x05, - 0x52, 0x87, 0xda, 0xa3, 0x2f, 0x0f, 0x0e, 0xbd, 0x54, 0xb2, 0xb0, 0xff, 0xe1, 0xaf, 0xaf, 0x36, - 0x0a, 0xbf, 0xbf, 0xda, 0x28, 0xfc, 0xf9, 0x6a, 0xa3, 0xf0, 0xc3, 0x5f, 0x1b, 0xb7, 0xe0, 0xff, - 0x8c, 0x77, 0xa4, 0xa2, 0xfe, 0x99, 0xe0, 0x2f, 0xe3, 0xdc, 0xa5, 0x75, 0x7f, 0x9c, 0x3e, 0x7b, - 0x4f, 0xcb, 0x46, 0xfe, 0xc1, 0x3f, 0x01, 0x00, 0x00, 0xff, 0xff, 0x83, 0x59, 0x63, 0x99, 0x29, - 0x0b, 0x00, 0x00, + // 1223 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x96, 0xdf, 0x6e, 0x1b, 0x45, + 0x17, 0xc0, 0xeb, 0xc4, 0x71, 0xd6, 0x27, 0x4e, 0x62, 0x4f, 0x92, 0xaf, 0xfb, 0x59, 0xfd, 0x62, + 0x7f, 0xab, 0xa8, 0x0a, 0x10, 0x39, 0x25, 0x50, 0x04, 0x41, 0x42, 0x72, 0x9c, 0xa8, 0x38, 0x85, + 0x22, 0x36, 0xb9, 0x69, 0x2f, 0x58, 0x4d, 0x76, 0x4f, 0xdd, 0x21, 0xf6, 0xce, 0x76, 0x66, 0xb6, + 0xad, 0x79, 0x08, 0xae, 0x11, 0x6f, 0x81, 0x78, 0x04, 0x6e, 0xb8, 0xe4, 0x1e, 0xc9, 0x42, 0x05, + 0xf1, 0x00, 0x7e, 0x02, 0x34, 0xb3, 0xeb, 0xf5, 0x3a, 0x51, 0x42, 0xa5, 0xe6, 0x6e, 0xe7, 0x9c, + 0xdf, 0x39, 0x7b, 0xfe, 0xcd, 0x1f, 0x68, 0x48, 0xc5, 0x05, 0xed, 0xe1, 0x2e, 0x1b, 0xd0, 0x1e, + 0x7a, 0x2c, 0x54, 0xd8, 0x13, 0x54, 0x31, 0x1e, 0xb6, 0x22, 0xc1, 0x15, 0x27, 0x8b, 0x29, 0x50, + 0x5f, 0xef, 0xf1, 0x1e, 0x37, 0xb2, 0x5d, 0xfd, 0x95, 0xa8, 0xeb, 0x8d, 0x1e, 0xe7, 0xbd, 0x3e, + 0xee, 0x9a, 0xd5, 0x59, 0xfc, 0x74, 0x57, 0xb1, 0x01, 0x4a, 0x45, 0x07, 0x51, 0x02, 0x38, 0x7f, + 0x95, 0xa0, 0xda, 0xd5, 0xbe, 0xbb, 0x53, 0xd7, 0xe4, 0x0e, 0xcc, 0xb1, 0xc0, 0x2e, 0x34, 0x0b, + 0xdb, 0xe5, 0x83, 0xca, 0x78, 0xd4, 0xb0, 0xe4, 0xf3, 0xfe, 0xbe, 0x13, 0x9d, 0x3b, 0xee, 0x1c, + 0x0b, 0xc8, 0x16, 0x14, 0x43, 0x3a, 0x40, 0x7b, 0xce, 0xe8, 0xab, 0xe3, 0x51, 0xa3, 0x62, 0xf4, + 0x71, 0xc8, 0x9e, 0xc7, 0xe8, 0xb8, 0x46, 0x4b, 0x08, 0x14, 0xd5, 0x30, 0x42, 0x7b, 0x5e, 0x53, + 0xae, 0xf9, 0x26, 0x6d, 0x00, 0x9f, 0x2a, 0xec, 0x71, 0xc1, 0x50, 0xda, 0xa5, 0xe6, 0xfc, 0xf6, + 0xca, 0xde, 0xff, 0x5b, 0x69, 0x06, 0xad, 0x8b, 0x61, 0x74, 0x12, 0x74, 0xe8, 0xe6, 0x8c, 0xc8, + 0x7d, 0xb0, 0xfc, 0x3e, 0x65, 0x82, 0x3d, 0x1d, 0xda, 0x56, 0xb3, 0xb0, 0xbd, 0xb4, 0x77, 0x3b, + 0x73, 0xd0, 0x49, 0x15, 0x1d, 0x1e, 0x3e, 0x65, 0xbd, 0xcf, 0x6f, 0xb9, 0x19, 0x4a, 0x76, 0xa1, + 0x14, 0x70, 0xff, 0x1c, 0x85, 0x5d, 0x36, 0x46, 0x1b, 0x99, 0xd1, 0xa1, 0x11, 0x67, 0x26, 0x29, + 0x46, 0xde, 0x81, 0xe2, 0xf3, 0x98, 0x0e, 0x6d, 0x30, 0xf8, 0x5a, 0x86, 0x7f, 0x1d, 0xd3, 0xa9, + 0x7f, 0x83, 0x90, 0xbb, 0x30, 0x8f, 0xbe, 0xb0, 0x97, 0x0c, 0x49, 0x32, 0xf2, 0xa8, 0xe3, 0x66, + 0xa0, 0x06, 0x74, 0x0c, 0x49, 0x37, 0xec, 0xe5, 0x0b, 0x31, 0x3c, 0x30, 0xe2, 0x69, 0x0c, 0x09, + 0x46, 0x76, 0x60, 0xc1, 0x24, 0x60, 0xaf, 0x18, 0x7e, 0x7d, 0x36, 0xd1, 0x0c, 0x4f, 0x20, 0xd2, + 0x82, 0x79, 0x76, 0x36, 0xb0, 0xd7, 0x0d, 0x5b, 0x9f, 0x56, 0xf5, 0xe0, 0x4b, 0x17, 0x7b, 0x4c, + 0x2a, 0x31, 0x8d, 0x5b, 0x83, 0x64, 0x0b, 0x96, 0x69, 0xac, 0x78, 0x0f, 0x43, 0x14, 0x54, 0x61, + 0x60, 0xaf, 0x36, 0x0b, 0xdb, 0x96, 0x3b, 0x2b, 0x24, 0x1d, 0x00, 0xbf, 0x1f, 0x4b, 0x85, 0xc2, + 0x63, 0x81, 0x5d, 0x35, 0x2d, 0xdf, 0x1a, 0x8f, 0x1a, 0x4d, 0x89, 0x54, 0xf8, 0xcf, 0xf6, 0x9d, + 0x4e, 0xa2, 0x6d, 0x76, 0x0f, 0x77, 0x9e, 0xb1, 0x20, 0xc0, 0x70, 0x47, 0xff, 0x19, 0x1d, 0xb7, + 0x9c, 0xda, 0x75, 0x03, 0xb2, 0x07, 0x1b, 0xf2, 0x9c, 0x45, 0x9e, 0x42, 0xa9, 0xf2, 0x33, 0x6c, + 0x13, 0xf3, 0xcb, 0x35, 0xad, 0x3c, 0x45, 0xa9, 0xf2, 0x33, 0xf8, 0x31, 0x94, 0x24, 0x8f, 0x85, + 0x8f, 0xf6, 0x86, 0xc9, 0xa8, 0x79, 0xe5, 0x9c, 0xb4, 0x4e, 0x0c, 0xe7, 0xa6, 0x7c, 0xfd, 0x31, + 0x94, 0x12, 0x09, 0xf9, 0xdf, 0x4c, 0xf0, 0x66, 0x9e, 0xf3, 0x61, 0xdd, 0x81, 0xb2, 0x1e, 0x55, + 0x19, 0x51, 0x3f, 0x9d, 0x66, 0x77, 0x2a, 0xd0, 0x03, 0x6c, 0xc6, 0x3c, 0x1d, 0x60, 0xfd, 0x7d, + 0xb0, 0x06, 0xb5, 0xfc, 0x80, 0x9a, 0x7a, 0x1e, 0x17, 0xad, 0x62, 0x75, 0xe1, 0xb8, 0x68, 0x2d, + 0x54, 0x4b, 0xc7, 0x45, 0x6b, 0xb1, 0x6a, 0x1d, 0x17, 0xad, 0x4a, 0x75, 0xf9, 0xb8, 0x68, 0xd5, + 0xaa, 0xe4, 0xb8, 0x68, 0xad, 0x55, 0xd7, 0x9d, 0xef, 0x0b, 0x50, 0xbb, 0xd4, 0x09, 0xf2, 0x05, + 0x58, 0x18, 0x06, 0x11, 0x67, 0xa1, 0x4a, 0x77, 0xdb, 0xbd, 0xf1, 0xa8, 0xb1, 0x23, 0x7d, 0x11, + 0x9f, 0xed, 0x3b, 0x01, 0x46, 0x18, 0x06, 0x18, 0x2a, 0xa7, 0xf9, 0x82, 0xf6, 0x59, 0x40, 0x15, + 0xee, 0x3b, 0x21, 0xef, 0x73, 0x9f, 0xf6, 0x27, 0x66, 0x8e, 0x9b, 0x79, 0x20, 0xef, 0xc1, 0x22, + 0x8d, 0x98, 0x77, 0x8e, 0xc3, 0x74, 0x6b, 0x92, 0xf1, 0xa8, 0xb1, 0x92, 0x3a, 0xa3, 0xfd, 0x97, + 0x74, 0x28, 0x1d, 0xb7, 0x44, 0x23, 0xf6, 0x10, 0x87, 0xce, 0xdf, 0x73, 0x00, 0xd3, 0x59, 0xbe, + 0xe1, 0x48, 0xf6, 0x00, 0x38, 0x8d, 0xd5, 0xb3, 0x53, 0x7e, 0x8e, 0xe1, 0x35, 0xc1, 0xe4, 0x28, + 0x52, 0x07, 0x8b, 0x85, 0x12, 0xfd, 0x58, 0x24, 0x25, 0xb7, 0xdc, 0x6c, 0x4d, 0xbe, 0x81, 0xba, + 0x48, 0x2b, 0xe7, 0x09, 0x7e, 0xc6, 0x95, 0xe7, 0x0b, 0xd4, 0xf1, 0x30, 0xda, 0x97, 0x76, 0xf1, + 0xc2, 0x7c, 0x4c, 0xd3, 0x6a, 0xb9, 0x1a, 0x6e, 0xfb, 0x3e, 0x8f, 0x43, 0xe5, 0xda, 0x13, 0x1f, + 0x46, 0xda, 0x99, 0x7a, 0xa8, 0x3f, 0x81, 0x4a, 0x9e, 0xd4, 0xb1, 0xc4, 0x12, 0x85, 0x69, 0x7f, + 0x32, 0x35, 0xd9, 0x9a, 0xb4, 0xc0, 0x8a, 0xa8, 0x94, 0x2f, 0xb9, 0x08, 0xae, 0xc9, 0x2c, 0x63, + 0x1c, 0x84, 0xa5, 0xdc, 0x76, 0x25, 0xfb, 0x97, 0x0a, 0xbd, 0x39, 0x1e, 0x35, 0xea, 0x6f, 0x54, + 0xd6, 0x7c, 0x89, 0xe6, 0x66, 0x4b, 0xe4, 0xfc, 0x52, 0x80, 0x95, 0xd9, 0xf3, 0xef, 0xad, 0x7e, + 0xd5, 0x81, 0xe5, 0x9e, 0x88, 0x7c, 0x2f, 0x73, 0x30, 0xff, 0x46, 0x0e, 0x2a, 0xda, 0xe8, 0x68, + 0xe2, 0xe4, 0x1e, 0xac, 0x87, 0xf1, 0xc0, 0xf3, 0x79, 0xe8, 0xc7, 0x42, 0x60, 0xa8, 0x3c, 0xe9, + 0xd3, 0x50, 0x9a, 0xd8, 0x17, 0x5c, 0x12, 0xc6, 0x83, 0x4e, 0xa6, 0x3a, 0xd1, 0x1a, 0xe7, 0xf7, + 0x02, 0x54, 0xf2, 0x07, 0xf2, 0x0d, 0xcf, 0xe5, 0xfb, 0xb9, 0xbe, 0x26, 0xbd, 0xdb, 0x18, 0x8f, + 0x1a, 0xb5, 0x4b, 0xde, 0xae, 0x68, 0xf7, 0xfc, 0xbf, 0xb7, 0x7b, 0xa6, 0x47, 0xc5, 0x0b, 0x3d, + 0xfa, 0x69, 0x01, 0xca, 0xd9, 0xad, 0x40, 0x1a, 0xb0, 0x94, 0x0d, 0x75, 0x76, 0x3a, 0xc1, 0x44, + 0xd4, 0x0d, 0xc8, 0x47, 0xb0, 0x4c, 0x7d, 0x1f, 0xa5, 0xd4, 0x5b, 0x5a, 0x23, 0x57, 0x8f, 0xdb, + 0x52, 0x02, 0x3e, 0x44, 0x6d, 0xf7, 0x19, 0xd4, 0x24, 0xfa, 0x02, 0x95, 0x37, 0x35, 0xbf, 0x26, + 0xf6, 0xd5, 0x04, 0x6e, 0x4f, 0x3c, 0x90, 0xff, 0x40, 0x49, 0x47, 0xc1, 0x43, 0x93, 0x40, 0xd9, + 0x4d, 0x57, 0xa4, 0x05, 0x8b, 0xb1, 0x44, 0x8f, 0xd1, 0x81, 0xbd, 0xa0, 0x33, 0xbb, 0xaa, 0x78, + 0xa5, 0x58, 0x62, 0x97, 0x0e, 0x66, 0x7a, 0x57, 0x7a, 0xeb, 0xde, 0xdd, 0x85, 0x55, 0xfd, 0x77, + 0x2a, 0x65, 0x3c, 0x40, 0x4f, 0xf0, 0x3e, 0xda, 0x8b, 0xc9, 0x85, 0x15, 0x4b, 0x6c, 0x1b, 0xa9, + 0xcb, 0xfb, 0x48, 0xb6, 0x60, 0x25, 0xc7, 0xe8, 0xb2, 0x59, 0x26, 0x8b, 0x0a, 0xcd, 0x98, 0x6e, + 0x40, 0xee, 0xc3, 0xed, 0x3c, 0x85, 0xaf, 0x94, 0xee, 0x77, 0x5f, 0xe3, 0x65, 0x83, 0xaf, 0x4f, + 0xf1, 0xa3, 0x54, 0xd9, 0x0d, 0xc8, 0x09, 0x10, 0x7d, 0x62, 0x71, 0xc1, 0xbe, 0x33, 0x37, 0x80, + 0x17, 0x50, 0x45, 0xd3, 0x37, 0xc2, 0xd6, 0xe5, 0x9b, 0xbf, 0xd5, 0xce, 0xc3, 0x87, 0x54, 0x51, + 0xb7, 0x46, 0x2f, 0x8a, 0xea, 0x3f, 0x16, 0xa0, 0x76, 0x09, 0xbc, 0xc9, 0x33, 0x88, 0x7c, 0x02, + 0x80, 0xaf, 0x22, 0x26, 0x50, 0x7a, 0x34, 0xd9, 0xca, 0xfa, 0x85, 0x90, 0xbc, 0x32, 0x5a, 0x93, + 0xa7, 0x61, 0xeb, 0x74, 0xf2, 0x34, 0x74, 0xcb, 0x29, 0xdd, 0x56, 0xce, 0xcf, 0x05, 0xa8, 0xe4, + 0x9f, 0x27, 0x37, 0xbc, 0x23, 0x3f, 0x85, 0x55, 0x89, 0xe2, 0x05, 0xf3, 0x51, 0x0f, 0xab, 0x3e, + 0x7c, 0xaf, 0x49, 0x68, 0x25, 0x45, 0x27, 0xc7, 0xb4, 0x0d, 0x8b, 0x91, 0xe0, 0xdf, 0xa2, 0x9f, + 0x1e, 0x4f, 0xee, 0x64, 0xf9, 0xee, 0x03, 0xb0, 0xaf, 0x7a, 0x4d, 0x92, 0x0a, 0x58, 0xee, 0xd1, + 0x83, 0xee, 0xc9, 0xa9, 0xfb, 0xb8, 0x7a, 0x8b, 0x2c, 0xc1, 0xe2, 0x49, 0xa7, 0xfd, 0xe8, 0xd1, + 0x91, 0x5b, 0x2d, 0x90, 0x2a, 0x54, 0x1e, 0x7d, 0x75, 0x78, 0xe4, 0x4d, 0x24, 0x73, 0x07, 0x1f, + 0xfe, 0xfa, 0x7a, 0xb3, 0xf0, 0xdb, 0xeb, 0xcd, 0xc2, 0x1f, 0xaf, 0x37, 0x0b, 0x3f, 0xfc, 0xb9, + 0x79, 0x0b, 0xfe, 0xcb, 0x78, 0x4b, 0x2a, 0xea, 0x9f, 0x0b, 0xfe, 0x2a, 0xa9, 0xdd, 0xa4, 0xef, + 0x4f, 0x26, 0x6f, 0xf1, 0xb3, 0x92, 0x91, 0x7f, 0xf0, 0x4f, 0x00, 0x00, 0x00, 0xff, 0xff, 0xcb, + 0x3d, 0xb5, 0x49, 0xbe, 0x0b, 0x00, 0x00, } func (m *ImageIntegration) Marshal() (dAtA []byte, err error) { @@ -1222,6 +1311,20 @@ func (m *ImageIntegration) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.Source != nil { + { + size, err := m.Source.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintImageIntegration(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x1 + i-- + dAtA[i] = 0xaa + } if m.IntegrationConfig != nil { { size := m.IntegrationConfig.Size() @@ -1263,20 +1366,20 @@ func (m *ImageIntegration) MarshalToSizedBuffer(dAtA []byte) (int, error) { dAtA[i] = 0x78 } if len(m.Categories) > 0 { - dAtA2 := make([]byte, len(m.Categories)*10) - var j1 int + dAtA3 := make([]byte, len(m.Categories)*10) + var j2 int for _, num := range m.Categories { for num >= 1<<7 { - dAtA2[j1] = uint8(uint64(num)&0x7f | 0x80) + dAtA3[j2] = uint8(uint64(num)&0x7f | 0x80) num >>= 7 - j1++ + j2++ } - dAtA2[j1] = uint8(num) - j1++ + dAtA3[j2] = uint8(num) + j2++ } - i -= j1 - copy(dAtA[i:], dAtA2[:j1]) - i = encodeVarintImageIntegration(dAtA, i, uint64(j1)) + i -= j2 + copy(dAtA[i:], dAtA3[:j2]) + i = encodeVarintImageIntegration(dAtA, i, uint64(j2)) i-- dAtA[i] = 0x32 } @@ -1453,6 +1556,54 @@ func (m *ImageIntegration_Ibm) MarshalToSizedBuffer(dAtA []byte) (int, error) { } return len(dAtA) - i, nil } +func (m *ImageIntegration_Source) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *ImageIntegration_Source) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *ImageIntegration_Source) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.Name) > 0 { + i -= len(m.Name) + copy(dAtA[i:], m.Name) + i = encodeVarintImageIntegration(dAtA, i, uint64(len(m.Name))) + i-- + dAtA[i] = 0x1a + } + if len(m.Namespace) > 0 { + i -= len(m.Namespace) + copy(dAtA[i:], m.Namespace) + i = encodeVarintImageIntegration(dAtA, i, uint64(len(m.Namespace))) + i-- + dAtA[i] = 0x12 + } + if len(m.ClusterId) > 0 { + i -= len(m.ClusterId) + copy(dAtA[i:], m.ClusterId) + i = encodeVarintImageIntegration(dAtA, i, uint64(len(m.ClusterId))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + func (m *IBMRegistryConfig) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -2004,6 +2155,10 @@ func (m *ImageIntegration) Size() (n int) { if m.SkipTestIntegration { n += 3 } + if m.Source != nil { + l = m.Source.Size() + n += 2 + l + sovImageIntegration(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -2094,6 +2249,30 @@ func (m *ImageIntegration_Ibm) Size() (n int) { } return n } +func (m *ImageIntegration_Source) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.ClusterId) + if l > 0 { + n += 1 + l + sovImageIntegration(uint64(l)) + } + l = len(m.Namespace) + if l > 0 { + n += 1 + l + sovImageIntegration(uint64(l)) + } + l = len(m.Name) + if l > 0 { + n += 1 + l + sovImageIntegration(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + func (m *IBMRegistryConfig) Size() (n int) { if m == nil { return 0 @@ -2845,6 +3024,189 @@ func (m *ImageIntegration) Unmarshal(dAtA []byte) error { } m.IntegrationConfig = &ImageIntegration_Ibm{v} iNdEx = postIndex + case 21: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Source", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowImageIntegration + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthImageIntegration + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthImageIntegration + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Source == nil { + m.Source = &ImageIntegration_Source{} + } + if err := m.Source.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipImageIntegration(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthImageIntegration + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *ImageIntegration_Source) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowImageIntegration + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: Source: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: Source: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ClusterId", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowImageIntegration + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthImageIntegration + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthImageIntegration + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ClusterId = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowImageIntegration + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthImageIntegration + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthImageIntegration + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Namespace = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowImageIntegration + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthImageIntegration + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthImageIntegration + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Name = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipImageIntegration(dAtA[iNdEx:]) diff --git a/pkg/centralsensor/caps_list.go b/pkg/centralsensor/caps_list.go index e0b85406eee2b..9840078177416 100644 --- a/pkg/centralsensor/caps_list.go +++ b/pkg/centralsensor/caps_list.go @@ -27,4 +27,7 @@ const ( // LocalScannerCredentialsRefresh identifies the capability to maintain the Local scanner TLS credentials refreshed. LocalScannerCredentialsRefresh SensorCapability = "LocalScannerCredentialsRefresh" + + // ScopedImageIntegrations identifies the capability to have image integrations with sources from image pull secrets + ScopedImageIntegrations SensorCapability = "ScopedImageIntegrations" ) diff --git a/pkg/images/enricher/enricher.go b/pkg/images/enricher/enricher.go index 1f0a2639c1b31..231434fdebc18 100644 --- a/pkg/images/enricher/enricher.go +++ b/pkg/images/enricher/enricher.go @@ -12,6 +12,7 @@ import ( pkgMetrics "github.com/stackrox/rox/pkg/metrics" registryTypes "github.com/stackrox/rox/pkg/registries/types" scannerTypes "github.com/stackrox/rox/pkg/scanners/types" + "github.com/stackrox/rox/pkg/set" "github.com/stackrox/rox/pkg/signatures" scannerV1 "github.com/stackrox/scanner/generated/scanner/api/v1" "golang.org/x/time/rate" @@ -42,6 +43,13 @@ func (f FetchOption) forceRefetchCachedValues() bool { return f == ForceRefetch || f == ForceRefetchCachedValuesOnly } +// RequestSource describes where the enrichment request is coming from and allows for better scoping of image pull secrets +type RequestSource struct { + ClusterID string + Namespace string + ImagePullSecrets set.StringSet +} + // EnrichmentContext is used to pass options through the enricher without exploding the number of function arguments type EnrichmentContext struct { // FetchOpt define constraints about using external data @@ -53,6 +61,8 @@ type EnrichmentContext struct { // Internal is used to indicate when the caller is internal. // This is used to indicate that we do not want to fail upon failing to find integrations. Internal bool + + Source *RequestSource } // FetchOnlyIfMetadataEmpty checks the fetch opts and return whether or not we can used a cached or saved diff --git a/pkg/images/enricher/enricher_impl.go b/pkg/images/enricher/enricher_impl.go index e7cd5c065e9e2..c3cb1e2a20fb5 100644 --- a/pkg/images/enricher/enricher_impl.go +++ b/pkg/images/enricher/enricher_impl.go @@ -18,7 +18,6 @@ import ( "github.com/stackrox/rox/pkg/images/utils" "github.com/stackrox/rox/pkg/integrationhealth" "github.com/stackrox/rox/pkg/protoconv" - "github.com/stackrox/rox/pkg/registries" registryTypes "github.com/stackrox/rox/pkg/registries/types" "github.com/stackrox/rox/pkg/sac" "github.com/stackrox/rox/pkg/scanners/clairify" @@ -252,14 +251,14 @@ func (e *enricherImpl) enrichWithMetadata(ctx context.Context, enrichmentContext return false, errorList.ToError() } - registrySet, err := e.getRegistriesForContext(enrichmentContext) + registries, err := e.getRegistriesForContext(enrichmentContext) if err != nil { errorList.AddError(err) return false, errorList.ToError() } log.Infof("Getting metadata for image %s", image.GetName().GetFullName()) - for _, registry := range registrySet.GetAll() { + for _, registry := range registries { updated, err := e.enrichImageWithRegistry(ctx, image, registry) if err != nil { var currentRegistryErrors int32 @@ -270,8 +269,8 @@ func (e *enricherImpl) enrichWithMetadata(ctx context.Context, enrichmentContext if currentRegistryErrors >= consecutiveErrorThreshold { // update health e.integrationHealthReporter.UpdateIntegrationHealthAsync(&storage.IntegrationHealth{ - Id: registry.DataSource().Id, - Name: registry.DataSource().Name, + Id: registry.Source().GetId(), + Name: registry.Source().GetName(), Type: storage.IntegrationHealth_IMAGE_INTEGRATION, Status: storage.IntegrationHealth_UNHEALTHY, LastTimestamp: timestamp.TimestampNow(), @@ -295,8 +294,8 @@ func (e *enricherImpl) enrichWithMetadata(ctx context.Context, enrichmentContext }) } e.integrationHealthReporter.UpdateIntegrationHealthAsync(&storage.IntegrationHealth{ - Id: registry.DataSource().Id, - Name: registry.DataSource().Name, + Id: registry.Source().GetId(), + Name: registry.Source().GetName(), Type: storage.IntegrationHealth_IMAGE_INTEGRATION, Status: storage.IntegrationHealth_HEALTHY, LastTimestamp: timestamp.TimestampNow(), @@ -320,6 +319,13 @@ func getRef(image *storage.Image) string { return image.GetName().GetFullName() } +func imageIntegrationToDataSource(i *storage.ImageIntegration) *storage.DataSource { + return &storage.DataSource{ + Id: i.GetId(), + Name: i.GetName(), + } +} + func (e *enricherImpl) enrichImageWithRegistry(ctx context.Context, image *storage.Image, registry registryTypes.ImageRegistry) (bool, error) { if !registry.Match(image.GetName()) { return false, nil @@ -334,7 +340,7 @@ func (e *enricherImpl) enrichImageWithRegistry(ctx context.Context, image *stora if err != nil { return false, errors.Wrapf(err, "getting metadata from registry: %q", registry.Name()) } - metadata.DataSource = registry.DataSource() + metadata.DataSource = imageIntegrationToDataSource(registry.Source()) metadata.Version = metadataVersion image.Metadata = metadata @@ -581,12 +587,12 @@ func (e *enricherImpl) enrichWithSignature(ctx context.Context, enrichmentContex return false, errors.Wrapf(err, "checking registry for image %q", imgName) } - registrySet, err := e.getRegistriesForContext(enrichmentContext) + registries, err := e.getRegistriesForContext(enrichmentContext) if err != nil { return false, errors.Wrap(err, "getting registries for context") } - matchingRegistries, err := getMatchingRegistries(registrySet.GetAll(), img) + matchingRegistries, err := getMatchingRegistries(registries, img) if err != nil { // Do not return an error for internal images when no integration is found. if enrichmentContext.Internal { @@ -649,17 +655,38 @@ func (e *enricherImpl) checkRegistryForImage(image *storage.Image) error { return nil } -func (e *enricherImpl) getRegistriesForContext(ctx EnrichmentContext) (registries.Set, error) { - registrySet := e.integrations.RegistrySet() +func (e *enricherImpl) getRegistriesForContext(ctx EnrichmentContext) ([]registryTypes.ImageRegistry, error) { + registries := e.integrations.RegistrySet().GetAll() if ctx.Internal { - return registrySet, nil + if ctx.Source == nil { + return registries, nil + } + filteredRegistries := registries[:0] + for _, registry := range registries { + integration := registry.Source() + if !integration.GetAutogenerated() { + filteredRegistries = append(filteredRegistries, registry) + continue + } + source := integration.GetSource() + if source.GetClusterId() != ctx.Source.ClusterID { + continue + } + if source.GetNamespace() != ctx.Source.Namespace { + continue + } + if !ctx.Source.ImagePullSecrets.Contains(source.GetName()) { + continue + } + filteredRegistries = append(filteredRegistries, registry) + } } - if registrySet.IsEmpty() { + if len(registries) == 0 { return nil, errox.NotFound.CausedBy("no image registries are integrated: please add an image integration") } - return registrySet, nil + return registries, nil } func getMatchingRegistries(registries []registryTypes.ImageRegistry, diff --git a/pkg/images/enricher/enricher_impl_test.go b/pkg/images/enricher/enricher_impl_test.go index ad3794073ef70..1758324cc85be 100644 --- a/pkg/images/enricher/enricher_impl_test.go +++ b/pkg/images/enricher/enricher_impl_test.go @@ -177,6 +177,13 @@ func (f *fakeRegistryScanner) DataSource() *storage.DataSource { } } +func (f *fakeRegistryScanner) Source() *storage.ImageIntegration { + return &storage.ImageIntegration{ + Id: "id", + Name: f.Name(), + } +} + type fakeCVESuppressor struct{} func (f *fakeCVESuppressor) EnrichImageWithSuppressedCVEs(image *storage.Image) { @@ -838,6 +845,7 @@ func TestEnrichWithSignature_Failures(t *testing.T) { emptyRegistrySetMock := registryMocks.NewMockSet(ctrl) emptyRegistrySetMock.EXPECT().IsEmpty().Return(true).AnyTimes() + emptyRegistrySetMock.EXPECT().GetAll().Return(nil).AnyTimes() nonMatchingRegistrySetMock := registryMocks.NewMockSet(ctrl) nonMatchingRegistrySetMock.EXPECT().IsEmpty().Return(false).AnyTimes() diff --git a/pkg/protoconv/resources/resources.go b/pkg/protoconv/resources/resources.go index 658aaf2e723a8..821c14bc62a24 100644 --- a/pkg/protoconv/resources/resources.go +++ b/pkg/protoconv/resources/resources.go @@ -296,11 +296,7 @@ func (w *DeploymentWrap) populateContainers(podSpec v1.PodSpec) { } func (w *DeploymentWrap) populateServiceAccount(podSpec v1.PodSpec) { - if podSpec.ServiceAccountName == "" { - w.ServiceAccount = "default" - } else { - w.ServiceAccount = podSpec.ServiceAccountName - } + w.ServiceAccount = stringutils.OrDefault(podSpec.ServiceAccountName, "default") } func (w *DeploymentWrap) populateAutomountServiceAccountToken(podSpec v1.PodSpec) { diff --git a/pkg/registries/factory_impl.go b/pkg/registries/factory_impl.go index 236598e24e411..ee06dc901744b 100644 --- a/pkg/registries/factory_impl.go +++ b/pkg/registries/factory_impl.go @@ -13,11 +13,11 @@ type factoryImpl struct { type registryWithDataSource struct { types.Registry - datasource *storage.DataSource + source *storage.ImageIntegration } -func (r *registryWithDataSource) DataSource() *storage.DataSource { - return r.datasource +func (r *registryWithDataSource) Source() *storage.ImageIntegration { + return r.source } func (e *factoryImpl) CreateRegistry(source *storage.ImageIntegration) (types.ImageRegistry, error) { @@ -32,9 +32,6 @@ func (e *factoryImpl) CreateRegistry(source *storage.ImageIntegration) (types.Im return ®istryWithDataSource{ Registry: integration, - datasource: &storage.DataSource{ - Id: source.GetId(), - Name: source.GetName(), - }, + source: source, }, nil } diff --git a/pkg/registries/set_impl_test.go b/pkg/registries/set_impl_test.go index 54de6d9bdeaca..43fda5e4c8870 100644 --- a/pkg/registries/set_impl_test.go +++ b/pkg/registries/set_impl_test.go @@ -41,7 +41,7 @@ func (f fakeRegistry) Name() string { return f.name } -func (f fakeRegistry) DataSource() *storage.DataSource { +func (f fakeRegistry) Source() *storage.ImageIntegration { return nil } diff --git a/pkg/registries/types/types.go b/pkg/registries/types/types.go index 3257d962d2b8a..4a2b2937c7bab 100644 --- a/pkg/registries/types/types.go +++ b/pkg/registries/types/types.go @@ -27,7 +27,7 @@ type Registry interface { // integration formed the interface type ImageRegistry interface { Registry - DataSource() *storage.DataSource + Source() *storage.ImageIntegration } // DockerfileInstructionSet are the set of acceptable keywords in a Dockerfile diff --git a/proto/api/v1/image_service.proto b/proto/api/v1/image_service.proto index 8e0a3a8b50ed1..eb15c27c7569a 100644 --- a/proto/api/v1/image_service.proto +++ b/proto/api/v1/image_service.proto @@ -34,9 +34,12 @@ message ScanImageRequest { } message ScanImageInternalRequest { - storage.ContainerImage image = 1; - reserved 2; - bool cached_only = 3; + storage.ContainerImage image = 1; + reserved 2; + bool cached_only = 3; + string cluster_id = 4; + string namespace = 5; + repeated string image_pull_secrets = 6; } message ScanImageInternalResponse { diff --git a/proto/storage/image_integration.proto b/proto/storage/image_integration.proto index 125e28d04d68e..c5d68be47d634 100644 --- a/proto/storage/image_integration.proto +++ b/proto/storage/image_integration.proto @@ -8,7 +8,7 @@ import "google/protobuf/timestamp.proto"; package storage; -// Next Tag: 21 +// Next Tag: 22 message ImageIntegration { string id = 1 [(gogoproto.moretags) = 'sql:"pk"']; string name = 2 [(gogoproto.moretags) = 'sql:"unique"']; @@ -35,6 +35,13 @@ message ImageIntegration { bool skip_test_integration = 18; reserved 19; // Previously, scannerv2 + + message Source { + string cluster_id = 1; + string namespace = 2; + string name = 3; + } + Source source = 21; } message IBMRegistryConfig { diff --git a/qa-tests-backend/src/test/groovy/ImageScanningTest.groovy b/qa-tests-backend/src/test/groovy/ImageScanningTest.groovy index 4b7490f22d7f3..846107e0bea8e 100644 --- a/qa-tests-backend/src/test/groovy/ImageScanningTest.groovy +++ b/qa-tests-backend/src/test/groovy/ImageScanningTest.groovy @@ -618,7 +618,7 @@ class ImageScanningTest extends BaseSpecification { } private static String source(String server) { - return "Autogenerated ${server} for cluster ${DEFAULT_CLUSTER_NAME}" + return "Autogenerated ${server} for cluster ${DEFAULT_CLUSTER_NAME} from.*" } @Unroll @@ -800,7 +800,7 @@ class ImageScanningTest extends BaseSpecification { withRetry(5, 2) { autoGenerated = ImageIntegrationService.getImageIntegrationByName( - "Autogenerated ${secret.server} for cluster ${DEFAULT_CLUSTER_NAME}" + "Autogenerated ${secret.server} for cluster ${DEFAULT_CLUSTER_NAME} from ${secret.namespace}/${secret.name}" ) assert autoGenerated } diff --git a/sensor/common/detector/detector.go b/sensor/common/detector/detector.go index 7511fc6254db1..01eb385cb4246 100644 --- a/sensor/common/detector/detector.go +++ b/sensor/common/detector/detector.go @@ -54,7 +54,7 @@ type Detector interface { // New returns a new detector func New(enforcer enforcer.Enforcer, admCtrlSettingsMgr admissioncontroller.SettingsManager, - deploymentStore store.DeploymentStore, cache expiringcache.Cache, auditLogEvents chan *sensor.AuditEvents, + deploymentStore store.DeploymentStore, serviceAccountStore store.ServiceAccountStore, cache expiringcache.Cache, auditLogEvents chan *sensor.AuditEvents, auditLogUpdater updater.Component, networkPolicyStore store.NetworkPolicyStore) Detector { return &detectorImpl{ unifiedDetector: unified.NewDetector(), @@ -64,7 +64,8 @@ func New(enforcer enforcer.Enforcer, admCtrlSettingsMgr admissioncontroller.Sett deploymentAlertOutputChan: make(chan outputResult), deploymentProcessingMap: make(map[string]int64), - enricher: newEnricher(cache), + enricher: newEnricher(cache, serviceAccountStore), + serviceAccountStore: serviceAccountStore, deploymentStore: deploymentStore, extSrcsStore: externalsrcs.StoreInstance(), baselineEval: baseline.NewBaselineEvaluator(), @@ -100,6 +101,7 @@ type detectorImpl struct { enricher *enricher deploymentStore store.DeploymentStore + serviceAccountStore store.ServiceAccountStore extSrcsStore externalsrcs.Store baselineEval baseline.Evaluator networkbaselineEval networkBaselineEval.Evaluator diff --git a/sensor/common/detector/enricher.go b/sensor/common/detector/enricher.go index c9e9f5212e836..55847daf1509c 100644 --- a/sensor/common/detector/enricher.go +++ b/sensor/common/detector/enricher.go @@ -12,9 +12,12 @@ import ( "github.com/stackrox/rox/pkg/concurrency" "github.com/stackrox/rox/pkg/expiringcache" "github.com/stackrox/rox/pkg/images/types" + "github.com/stackrox/rox/pkg/set" + "github.com/stackrox/rox/sensor/common/clusterid" "github.com/stackrox/rox/sensor/common/detector/metrics" "github.com/stackrox/rox/sensor/common/imagecacheutils" "github.com/stackrox/rox/sensor/common/scan" + "github.com/stackrox/rox/sensor/common/store" "google.golang.org/grpc/status" ) @@ -38,8 +41,9 @@ type enricher struct { imageSvc v1.ImageServiceClient scanResultChan chan scanResult - imageCache expiringcache.Cache - stopSig concurrency.Signal + serviceAccountStore store.ServiceAccountStore + imageCache expiringcache.Cache + stopSig concurrency.Signal } type cacheValue struct { @@ -52,28 +56,31 @@ func (c *cacheValue) waitAndGet() *storage.Image { return c.image } -func scanImage(ctx context.Context, svc v1.ImageServiceClient, ci *storage.ContainerImage) (*v1.ScanImageInternalResponse, error) { +func scanImage(ctx context.Context, svc v1.ImageServiceClient, req *scanImageRequest) (*v1.ScanImageInternalResponse, error) { ctx, cancel := context.WithTimeout(ctx, scanTimeout) defer cancel() return svc.ScanImageInternal(ctx, &v1.ScanImageInternalRequest{ - Image: ci, + Image: req.containerImage, + ClusterId: req.clusterID, + Namespace: req.namespace, + ImagePullSecrets: req.pullSecrets, }) } -func scanImageLocal(ctx context.Context, svc v1.ImageServiceClient, ci *storage.ContainerImage) (*v1.ScanImageInternalResponse, error) { +func scanImageLocal(ctx context.Context, svc v1.ImageServiceClient, req *scanImageRequest) (*v1.ScanImageInternalResponse, error) { ctx, cancel := context.WithTimeout(ctx, scanTimeout) defer cancel() - img, err := scan.EnrichLocalImage(ctx, svc, ci) + img, err := scan.EnrichLocalImage(ctx, svc, req.containerImage) return &v1.ScanImageInternalResponse{ Image: img, }, err } -type scanFunc func(ctx context.Context, svc v1.ImageServiceClient, ci *storage.ContainerImage) (*v1.ScanImageInternalResponse, error) +type scanFunc func(ctx context.Context, svc v1.ImageServiceClient, req *scanImageRequest) (*v1.ScanImageInternalResponse, error) -func scanWithRetries(ctx context.Context, svc v1.ImageServiceClient, ci *storage.ContainerImage, scan scanFunc) (*v1.ScanImageInternalResponse, error) { +func scanWithRetries(ctx context.Context, svc v1.ImageServiceClient, req *scanImageRequest, scan scanFunc) (*v1.ScanImageInternalResponse, error) { eb := backoff.NewExponentialBackOff() eb.InitialInterval = 5 * time.Second eb.Multiplier = 2 @@ -86,7 +93,7 @@ outer: for { // We want to get the time spent in backoff without including the time it took to scan the image. timeSpentInBackoffSoFar := eb.GetElapsedTime() - scannedImage, err := scan(ctx, svc, ci) + scannedImage, err := scan(ctx, svc, req) if err != nil { for _, detail := range status.Convert(err).Details() { // If the client is effectively rate-limited, backoff and try again. @@ -105,33 +112,33 @@ outer: } } -func (c *cacheValue) scanAndSet(ctx context.Context, svc v1.ImageServiceClient, ci *storage.ContainerImage) { +func (c *cacheValue) scanAndSet(ctx context.Context, svc v1.ImageServiceClient, req *scanImageRequest) { defer c.signal.Signal() // Ask Central to scan the image if the image is not internal. // Otherwise, attempt to scan locally. scanImageFn := scanImage - if ci.GetIsClusterLocal() { + if req.containerImage.GetIsClusterLocal() { scanImageFn = scanImageLocal } - scannedImage, err := scanWithRetries(ctx, svc, ci, scanImageFn) + scannedImage, err := scanWithRetries(ctx, svc, req, scanImageFn) if err != nil { // Ignore the error and set the image to something basic, // so alerting can progress. - c.image = types.ToImage(ci) + c.image = types.ToImage(req.containerImage) return } c.image = scannedImage.GetImage() } -func newEnricher(cache expiringcache.Cache) *enricher { +func newEnricher(cache expiringcache.Cache, serviceAccountStore store.ServiceAccountStore) *enricher { return &enricher{ - scanResultChan: make(chan scanResult), - - imageCache: cache, - stopSig: concurrency.NewSignal(), + scanResultChan: make(chan scanResult), + serviceAccountStore: serviceAccountStore, + imageCache: cache, + stopSig: concurrency.NewSignal(), } } @@ -143,14 +150,14 @@ func (e *enricher) getImageFromCache(key string) (*storage.Image, bool) { return value.waitAndGet(), true } -func (e *enricher) runScan(containerIdx int, ci *storage.ContainerImage) imageChanResult { - key := imagecacheutils.GetImageCacheKey(ci) +func (e *enricher) runScan(req *scanImageRequest) imageChanResult { + key := imagecacheutils.GetImageCacheKey(req.containerImage) // If the container image says that the image is not pullable, don't even bother trying to scan - if ci.GetNotPullable() { + if req.containerImage.GetNotPullable() { return imageChanResult{ - image: types.ToImage(ci), - containerIdx: containerIdx, + image: types.ToImage(req.containerImage), + containerIdx: req.containerIdx, } } @@ -159,7 +166,7 @@ func (e *enricher) runScan(containerIdx int, ci *storage.ContainerImage) imageCh if ok { return imageChanResult{ image: img, - containerIdx: containerIdx, + containerIdx: req.containerIdx, } } @@ -168,25 +175,41 @@ func (e *enricher) runScan(containerIdx int, ci *storage.ContainerImage) imageCh } value := e.imageCache.GetOrSet(key, newValue).(*cacheValue) if newValue == value { - value.scanAndSet(concurrency.AsContext(&e.stopSig), e.imageSvc, ci) + value.scanAndSet(concurrency.AsContext(&e.stopSig), e.imageSvc, req) } return imageChanResult{ image: value.waitAndGet(), - containerIdx: containerIdx, + containerIdx: req.containerIdx, } } -func (e *enricher) runImageScanAsync(imageChan chan<- imageChanResult, containerIdx int, ci *storage.ContainerImage) { +type scanImageRequest struct { + containerIdx int + containerImage *storage.ContainerImage + clusterID, namespace string + pullSecrets []string +} + +func (e *enricher) runImageScanAsync(imageChan chan<- imageChanResult, req *scanImageRequest) { go func() { // unguarded send (push to channel outside a select) is allowed because the imageChan is a buffered channel of exact size - imageChan <- e.runScan(containerIdx, ci) + imageChan <- e.runScan(req) }() } func (e *enricher) getImages(deployment *storage.Deployment) []*storage.Image { imageChan := make(chan imageChanResult, len(deployment.GetContainers())) + + pullSecretSet := set.NewStringSet(e.serviceAccountStore.GetImagePullSecrets(deployment.GetNamespace(), deployment.GetServiceAccount())...) + pullSecretSet.AddAll(deployment.GetImagePullSecrets()...) for idx, container := range deployment.GetContainers() { - e.runImageScanAsync(imageChan, idx, container.GetImage()) + e.runImageScanAsync(imageChan, &scanImageRequest{ + containerIdx: idx, + containerImage: container.GetImage(), + clusterID: clusterid.Get(), + namespace: deployment.GetNamespace(), + pullSecrets: pullSecretSet.AsSlice(), + }) } images := make([]*storage.Image, len(deployment.GetContainers())) for i := 0; i < len(deployment.GetContainers()); i++ { diff --git a/sensor/common/store/mocks/types.go b/sensor/common/store/mocks/types.go index 087e2e51b0572..d9db826f3a86f 100644 --- a/sensor/common/store/mocks/types.go +++ b/sensor/common/store/mocks/types.go @@ -215,3 +215,64 @@ func (mr *MockNetworkPolicyStoreMockRecorder) Upsert(ns interface{}) *gomock.Cal mr.mock.ctrl.T.Helper() return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Upsert", reflect.TypeOf((*MockNetworkPolicyStore)(nil).Upsert), ns) } + +// MockServiceAccountStore is a mock of ServiceAccountStore interface. +type MockServiceAccountStore struct { + ctrl *gomock.Controller + recorder *MockServiceAccountStoreMockRecorder +} + +// MockServiceAccountStoreMockRecorder is the mock recorder for MockServiceAccountStore. +type MockServiceAccountStoreMockRecorder struct { + mock *MockServiceAccountStore +} + +// NewMockServiceAccountStore creates a new mock instance. +func NewMockServiceAccountStore(ctrl *gomock.Controller) *MockServiceAccountStore { + mock := &MockServiceAccountStore{ctrl: ctrl} + mock.recorder = &MockServiceAccountStoreMockRecorder{mock} + return mock +} + +// EXPECT returns an object that allows the caller to indicate expected use. +func (m *MockServiceAccountStore) EXPECT() *MockServiceAccountStoreMockRecorder { + return m.recorder +} + +// Add mocks base method. +func (m *MockServiceAccountStore) Add(sa *storage.ServiceAccount) { + m.ctrl.T.Helper() + m.ctrl.Call(m, "Add", sa) +} + +// Add indicates an expected call of Add. +func (mr *MockServiceAccountStoreMockRecorder) Add(sa interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Add", reflect.TypeOf((*MockServiceAccountStore)(nil).Add), sa) +} + +// GetImagePullSecrets mocks base method. +func (m *MockServiceAccountStore) GetImagePullSecrets(namespace, name string) []string { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "GetImagePullSecrets", namespace, name) + ret0, _ := ret[0].([]string) + return ret0 +} + +// GetImagePullSecrets indicates an expected call of GetImagePullSecrets. +func (mr *MockServiceAccountStoreMockRecorder) GetImagePullSecrets(namespace, name interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetImagePullSecrets", reflect.TypeOf((*MockServiceAccountStore)(nil).GetImagePullSecrets), namespace, name) +} + +// Remove mocks base method. +func (m *MockServiceAccountStore) Remove(sa *storage.ServiceAccount) { + m.ctrl.T.Helper() + m.ctrl.Call(m, "Remove", sa) +} + +// Remove indicates an expected call of Remove. +func (mr *MockServiceAccountStoreMockRecorder) Remove(sa interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Remove", reflect.TypeOf((*MockServiceAccountStore)(nil).Remove), sa) +} diff --git a/sensor/common/store/types.go b/sensor/common/store/types.go index 353e6a26a7934..c0734d82c67bc 100644 --- a/sensor/common/store/types.go +++ b/sensor/common/store/types.go @@ -27,3 +27,11 @@ type NetworkPolicyStore interface { Find(namespace string, labels map[string]string) map[string]*storage.NetworkPolicy Delete(ID, ns string) } + +// ServiceAccountStore provides functionality to find image pull secrets by service account +//go:generate mockgen-wrapper +type ServiceAccountStore interface { + Add(sa *storage.ServiceAccount) + Remove(sa *storage.ServiceAccount) + GetImagePullSecrets(namespace, name string) []string +} diff --git a/sensor/kubernetes/listener/resources/dispatcher.go b/sensor/kubernetes/listener/resources/dispatcher.go index 3f10c0814f47d..9c491b322f944 100644 --- a/sensor/kubernetes/listener/resources/dispatcher.go +++ b/sensor/kubernetes/listener/resources/dispatcher.go @@ -68,6 +68,7 @@ func NewDispatcherRegistry( traceWriter io.Writer, ) DispatcherRegistry { serviceStore := newServiceStore() + serviceAccountStore := ServiceAccountStoreSingleton() deploymentStore := DeploymentStoreSingleton() podStore := PodStoreSingleton() nodeStore := newNodeStore() @@ -89,7 +90,7 @@ func NewDispatcherRegistry( secretDispatcher: newSecretDispatcher(registryStore), networkPolicyDispatcher: newNetworkPolicyDispatcher(netPolicyStore, deploymentStore, detector), nodeDispatcher: newNodeDispatcher(serviceStore, deploymentStore, nodeStore, endpointManager), - serviceAccountDispatcher: newServiceAccountDispatcher(), + serviceAccountDispatcher: newServiceAccountDispatcher(serviceAccountStore), clusterOperatorDispatcher: newClusterOperatorDispatcher(namespaces), traceWriter: traceWriter, diff --git a/sensor/kubernetes/listener/resources/secrets.go b/sensor/kubernetes/listener/resources/secrets.go index 66a9845071653..71156cb2b3cea 100644 --- a/sensor/kubernetes/listener/resources/secrets.go +++ b/sensor/kubernetes/listener/resources/secrets.go @@ -4,21 +4,23 @@ import ( "context" "encoding/base64" "encoding/json" - "errors" "fmt" "sort" "strings" "github.com/cloudflare/cfssl/certinfo" + "github.com/pkg/errors" "github.com/stackrox/rox/generated/internalapi/central" "github.com/stackrox/rox/generated/storage" "github.com/stackrox/rox/pkg/docker/config" "github.com/stackrox/rox/pkg/protoconv" "github.com/stackrox/rox/pkg/registries/docker" "github.com/stackrox/rox/pkg/registries/rhel" + "github.com/stackrox/rox/pkg/set" "github.com/stackrox/rox/pkg/urlfmt" "github.com/stackrox/rox/pkg/utils" "github.com/stackrox/rox/pkg/uuid" + "github.com/stackrox/rox/sensor/common/clusterid" "github.com/stackrox/rox/sensor/common/registry" v1 "k8s.io/api/core/v1" ) @@ -133,16 +135,29 @@ func newSecretDispatcher(regStore *registry.Store) *secretDispatcher { } } +func deriveIDFromSecret(secret *v1.Secret, registry string) (string, error) { + rootUUID, err := uuid.FromString(string(secret.UID)) + if err != nil { + return "", errors.Wrapf(err, "converting secret ID %q to uuid", secret.UID) + } + id := uuid.NewV5(rootUUID, registry).String() + return id, nil +} + // DockerConfigToImageIntegration creates an image integration for a given // registry URL and docker config. -func DockerConfigToImageIntegration(registry string, dce config.DockerConfigEntry) *storage.ImageIntegration { +func DockerConfigToImageIntegration(secret *v1.Secret, registry string, dce config.DockerConfigEntry) (*storage.ImageIntegration, error) { registryType := docker.GenericDockerRegistryType if urlfmt.TrimHTTPPrefixes(registry) == redhatRegistryEndpoint { registryType = rhel.RedHatRegistryType } + id, err := deriveIDFromSecret(secret, registry) + if err != nil { + return nil, errors.Wrapf(err, "deriving image integration ID from secret %q", secret.UID) + } return &storage.ImageIntegration{ - Id: uuid.NewV4().String(), + Id: id, Type: registryType, Categories: []storage.ImageIntegrationCategory{storage.ImageIntegrationCategory_REGISTRY}, IntegrationConfig: &storage.ImageIntegration_Docker{ @@ -153,10 +168,15 @@ func DockerConfigToImageIntegration(registry string, dce config.DockerConfigEntr }, }, Autogenerated: true, - } + Source: &storage.ImageIntegration_Source{ + ClusterId: clusterid.Get(), + Namespace: secret.GetNamespace(), + Name: secret.GetName(), + }, + }, nil } -func (s *secretDispatcher) processDockerConfigEvent(secret *v1.Secret, action central.ResourceAction) []*central.SensorEvent { +func getDockerConfigFromSecret(secret *v1.Secret) *config.DockerConfig { var dockerConfig config.DockerConfig switch secret.Type { case v1.SecretTypeDockercfg: @@ -183,6 +203,35 @@ func (s *secretDispatcher) processDockerConfigEvent(secret *v1.Secret, action ce _ = utils.Should(errors.New("only Docker Config secrets are allowed")) return nil } + return &dockerConfig +} + +func imageIntegationIDSetFromSecret(secret *v1.Secret) (set.StringSet, error) { + if secret == nil { + return nil, nil + } + dockerConfigPtr := getDockerConfigFromSecret(secret) + if dockerConfigPtr == nil { + return nil, nil + } + dockerConfig := *dockerConfigPtr + imageIntegrationIDSet := set.NewStringSet() + for reg := range dockerConfig { + id, err := deriveIDFromSecret(secret, reg) + if err != nil { + return nil, err + } + imageIntegrationIDSet.Add(id) + } + return imageIntegrationIDSet, nil +} + +func (s *secretDispatcher) processDockerConfigEvent(secret, oldSecret *v1.Secret, action central.ResourceAction) []*central.SensorEvent { + dockerConfigPtr := getDockerConfigFromSecret(secret) + if dockerConfigPtr == nil { + return nil + } + dockerConfig := *dockerConfigPtr sensorEvents := make([]*central.SensorEvent, 0, len(dockerConfig)+1) registries := make([]*storage.ImagePullSecret_Registry, 0, len(dockerConfig)) @@ -191,6 +240,8 @@ func (s *secretDispatcher) processDockerConfigEvent(secret *v1.Secret, action ce // In OpenShift, the default service account also contains credentials for the // OpenShift Container Registry, which is an internal image registry. fromDefaultSA := secret.GetAnnotations()[saAnnotation] == defaultSA + + newIntegrationSet := set.NewStringSet() for registry, dce := range dockerConfig { if fromDefaultSA { // Store the registry credentials so Sensor can reach it. @@ -199,14 +250,19 @@ func (s *secretDispatcher) processDockerConfigEvent(secret *v1.Secret, action ce log.Errorf("Unable to upsert registry %q into store: %v", registry, err) } } else { - ii := DockerConfigToImageIntegration(registry, dce) - sensorEvents = append(sensorEvents, ¢ral.SensorEvent{ - // Only update is supported at this time. - Action: central.ResourceAction_UPDATE_RESOURCE, - Resource: ¢ral.SensorEvent_ImageIntegration{ - ImageIntegration: ii, - }, - }) + ii, err := DockerConfigToImageIntegration(secret, registry, dce) + if err != nil { + log.Errorf("unable to create docker config for secret %s: %v", secret.GetName(), err) + } else { + sensorEvents = append(sensorEvents, ¢ral.SensorEvent{ + // Only update is supported at this time. + Action: action, + Resource: ¢ral.SensorEvent_ImageIntegration{ + ImageIntegration: ii, + }, + }) + newIntegrationSet.Add(ii.GetId()) + } } registries = append(registries, &storage.ImagePullSecret_Registry{ @@ -214,6 +270,23 @@ func (s *secretDispatcher) processDockerConfigEvent(secret *v1.Secret, action ce Username: dce.Username, }) } + // Compute diff between old and new secret to automatically clean up delete secrets + oldIntegrations, err := imageIntegationIDSetFromSecret(oldSecret) + if err != nil { + log.Errorf("error getting ids from old secret %q: %v", string(oldSecret.UID), err) + } else { + for id := range oldIntegrations.Difference(newIntegrationSet) { + sensorEvents = append(sensorEvents, ¢ral.SensorEvent{ + Id: id, + Action: central.ResourceAction_REMOVE_RESOURCE, + Resource: ¢ral.SensorEvent_ImageIntegration{ + ImageIntegration: &storage.ImageIntegration{ + Id: id, + }, + }, + }) + } + } protoSecret := getProtoSecret(secret) protoSecret.Files = []*storage.SecretDataFile{{ @@ -225,7 +298,6 @@ func (s *secretDispatcher) processDockerConfigEvent(secret *v1.Secret, action ce }, }, }} - return append(sensorEvents, secretToSensorEvent(action, protoSecret)) } @@ -251,12 +323,17 @@ func secretToSensorEvent(action central.ResourceAction, secret *storage.Secret) } // ProcessEvent processes a secret resource event, and returns the sensor events to emit in response. -func (s *secretDispatcher) ProcessEvent(obj, _ interface{}, action central.ResourceAction) []*central.SensorEvent { +func (s *secretDispatcher) ProcessEvent(obj, oldObj interface{}, action central.ResourceAction) []*central.SensorEvent { secret := obj.(*v1.Secret) + oldSecret, ok := oldObj.(*v1.Secret) + if !ok { + oldSecret = nil + } + switch secret.Type { case v1.SecretTypeDockerConfigJson, v1.SecretTypeDockercfg: - return s.processDockerConfigEvent(secret, action) + return s.processDockerConfigEvent(secret, oldSecret, action) case v1.SecretTypeServiceAccountToken: // Filter out service account tokens because we have a service account processor. return nil diff --git a/sensor/kubernetes/listener/resources/serviceaccount.go b/sensor/kubernetes/listener/resources/serviceaccount.go index b85da097d45ba..eaa1a70bdfe4c 100644 --- a/sensor/kubernetes/listener/resources/serviceaccount.go +++ b/sensor/kubernetes/listener/resources/serviceaccount.go @@ -8,15 +8,19 @@ import ( ) // serviceAccountDispatcher handles service account events -type serviceAccountDispatcher struct{} +type serviceAccountDispatcher struct { + serviceAccountStore *ServiceAccountStore +} // newServiceAccountDispatcher creates and returns a new service account dispatcher. -func newServiceAccountDispatcher() *serviceAccountDispatcher { - return &serviceAccountDispatcher{} +func newServiceAccountDispatcher(serviceAccountStore *ServiceAccountStore) *serviceAccountDispatcher { + return &serviceAccountDispatcher{ + serviceAccountStore: serviceAccountStore, + } } // ProcessEvent processes a service account resource event, and returns the sensor events to emit in response. -func (*serviceAccountDispatcher) ProcessEvent(obj, _ interface{}, action central.ResourceAction) []*central.SensorEvent { +func (s *serviceAccountDispatcher) ProcessEvent(obj, _ interface{}, action central.ResourceAction) []*central.SensorEvent { serviceAccount := obj.(*v1.ServiceAccount) var serviceAccountSecrets []string @@ -47,6 +51,12 @@ func (*serviceAccountDispatcher) ProcessEvent(obj, _ interface{}, action central if serviceAccount.AutomountServiceAccountToken != nil { sa.ServiceAccount.AutomountToken = *serviceAccount.AutomountServiceAccountToken } + switch action { + case central.ResourceAction_REMOVE_RESOURCE: + s.serviceAccountStore.Remove(sa.ServiceAccount) + default: + s.serviceAccountStore.Add(sa.ServiceAccount) + } return []*central.SensorEvent{ { @@ -55,5 +65,4 @@ func (*serviceAccountDispatcher) ProcessEvent(obj, _ interface{}, action central Resource: sa, }, } - } diff --git a/sensor/kubernetes/listener/resources/serviceaccount_store.go b/sensor/kubernetes/listener/resources/serviceaccount_store.go new file mode 100644 index 0000000000000..a957dbcf38bc8 --- /dev/null +++ b/sensor/kubernetes/listener/resources/serviceaccount_store.go @@ -0,0 +1,50 @@ +package resources + +import ( + "github.com/stackrox/rox/generated/storage" + "github.com/stackrox/rox/pkg/sync" +) + +type serviceAccountKey struct { + namespace, name string +} + +// ServiceAccountStore keeps a mapping of service accounts to image pull secrets +type ServiceAccountStore struct { + lock sync.RWMutex + serviceAccountToPullSecrets map[serviceAccountKey][]string +} + +func newServiceAccountStore() *ServiceAccountStore { + return &ServiceAccountStore{ + serviceAccountToPullSecrets: make(map[serviceAccountKey][]string), + } +} + +func key(namespace, name string) serviceAccountKey { + return serviceAccountKey{ + namespace: namespace, + name: name, + } +} + +// GetImagePullSecrets get the image pull secrets for a namespace and secret name pair +func (sas *ServiceAccountStore) GetImagePullSecrets(namespace, name string) []string { + sas.lock.RLock() + defer sas.lock.RUnlock() + return sas.serviceAccountToPullSecrets[key(namespace, name)] +} + +// Add inserts a new service account and its image pull secrets to the map +func (sas *ServiceAccountStore) Add(sa *storage.ServiceAccount) { + sas.lock.Lock() + defer sas.lock.Unlock() + sas.serviceAccountToPullSecrets[key(sa.GetNamespace(), sa.GetName())] = sa.GetImagePullSecrets() +} + +// Remove removes the service account from the map +func (sas *ServiceAccountStore) Remove(sa *storage.ServiceAccount) { + sas.lock.Lock() + defer sas.lock.Unlock() + delete(sas.serviceAccountToPullSecrets, key(sa.GetNamespace(), sa.GetName())) +} diff --git a/sensor/kubernetes/listener/resources/singleton.go b/sensor/kubernetes/listener/resources/singleton.go index 6bc49dfdd77da..5d74556a8e286 100644 --- a/sensor/kubernetes/listener/resources/singleton.go +++ b/sensor/kubernetes/listener/resources/singleton.go @@ -6,6 +6,9 @@ var ( dsInit sync.Once depStore *DeploymentStore + saInit sync.Once + saStore *ServiceAccountStore + psInit sync.Once podStore *PodStore @@ -21,6 +24,14 @@ func DeploymentStoreSingleton() *DeploymentStore { return depStore } +// ServiceAccountStoreSingleton returns a singleton of the ServiceAccountStore +func ServiceAccountStoreSingleton() *ServiceAccountStore { + saInit.Do(func() { + saStore = newServiceAccountStore() + }) + return saStore +} + // PodStoreSingleton returns a singleton of the PodStore func PodStoreSingleton() *PodStore { psInit.Do(func() { diff --git a/sensor/kubernetes/sensor/sensor.go b/sensor/kubernetes/sensor/sensor.go index 0d55fe984869f..627cf8cc07903 100644 --- a/sensor/kubernetes/sensor/sensor.go +++ b/sensor/kubernetes/sensor/sensor.go @@ -101,7 +101,7 @@ func CreateSensor(cfg *CreateOptions) (*sensor.Sensor, error) { } imageCache := expiringcache.NewExpiringCache(env.ReprocessInterval.DurationSetting()) - policyDetector := detector.New(enforcer, admCtrlSettingsMgr, resources.DeploymentStoreSingleton(), imageCache, auditLogEventsInput, auditLogCollectionManager, resources.NetworkPolicySingleton()) + policyDetector := detector.New(enforcer, admCtrlSettingsMgr, resources.DeploymentStoreSingleton(), resources.ServiceAccountStoreSingleton(), imageCache, auditLogEventsInput, auditLogCollectionManager, resources.NetworkPolicySingleton()) resourceListener := listener.New(cfg.k8sClient, configHandler, policyDetector, k8sNodeName.Setting(), cfg.resyncPeriod, cfg.traceWriter) admCtrlMsgForwarder := admissioncontroller.NewAdmCtrlMsgForwarder(admCtrlSettingsMgr, resourceListener) From 7939438b11c8d2792f84ceb53aeed6e905b0ee13 Mon Sep 17 00:00:00 2001 From: Connor Gorman Date: Thu, 29 Sep 2022 17:21:46 -0700 Subject: [PATCH 2/5] Remove scan test in nongroovy as it's covered by qa-backend tests --- tests/scan_test.go | 94 ---------------------------------------------- 1 file changed, 94 deletions(-) delete mode 100644 tests/scan_test.go diff --git a/tests/scan_test.go b/tests/scan_test.go deleted file mode 100644 index 7f7f8709ed6ae..0000000000000 --- a/tests/scan_test.go +++ /dev/null @@ -1,94 +0,0 @@ -package tests - -import ( - "context" - "fmt" - "testing" - "time" - - v1 "github.com/stackrox/rox/generated/api/v1" - "github.com/stackrox/rox/generated/storage" - "github.com/stackrox/rox/pkg/retry" - "github.com/stackrox/rox/pkg/testutils/centralgrpc" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" -) - -func verifySummariesExist(t *testing.T, image *storage.Image, shouldExist bool) { - assertFunc := assert.NotEmpty - if !shouldExist { - assertFunc = assert.Empty - } - - var checkedAtLeastOnce bool - for _, component := range image.GetScan().GetComponents() { - for _, vuln := range component.GetVulns() { - checkedAtLeastOnce = true - assertFunc(t, vuln.Summary) - } - } - // Ensure there are components and vulns - assert.True(t, checkedAtLeastOnce) -} - -// Grab the backup DB and open it, ensuring that there are values for deployments -func TestScan(t *testing.T) { - deployment := "nginx-1-17" - imageID := "sha256:f83b2ffd963ac911f9e638184c8d580cc1f3139d5c8c33c87c3fb90aebdebf76" - image := fmt.Sprintf("quay.io/rhacs-eng/qa:nginx-1-17-1@%s", imageID) - setupDeployment(t, image, deployment) - defer teardownDeployment(t, deployment) - - conn := centralgrpc.GRPCConnectionToCentral(t) - imageService := v1.NewImageServiceClient(conn) - - ctx, cancel := context.WithTimeout(context.Background(), 3*time.Minute) - defer cancel() - - var resp *storage.Image - var err error - err = retry.WithRetry(func() error { - resp, err = imageService.GetImage(ctx, &v1.GetImageRequest{ - Id: imageID, - }) - if err != nil { - return retry.MakeRetryable(err) - } - return nil - }, retry.OnFailedAttempts(func(err error) { - log.Errorf("error getting image: %v", err) - time.Sleep(5 * time.Second) - }), retry.Tries(20)) - require.NoError(t, err) - - resp, err = imageService.GetImage(ctx, &v1.GetImageRequest{ - Id: imageID, - }) - require.NoError(t, err) - verifySummariesExist(t, resp, true) - - resp, err = imageService.ScanImage(ctx, &v1.ScanImageRequest{ - ImageName: image, - }) - require.NoError(t, err) - verifySummariesExist(t, resp, true) - - resp, err = imageService.GetImage(ctx, &v1.GetImageRequest{ - Id: resp.GetId(), - }) - require.NoError(t, err) - verifySummariesExist(t, resp, true) - - resp, err = imageService.ScanImage(ctx, &v1.ScanImageRequest{ - ImageName: "docker.io/library/nginx:1.18", - Force: true, - }) - require.NoError(t, err) - verifySummariesExist(t, resp, true) - - resp, err = imageService.GetImage(ctx, &v1.GetImageRequest{ - Id: resp.GetId(), - }) - require.NoError(t, err) - verifySummariesExist(t, resp, true) -} From d81fd6da47f9f0942d4972edc485fd35b99a631e Mon Sep 17 00:00:00 2001 From: Connor Gorman Date: Thu, 29 Sep 2022 17:53:46 -0700 Subject: [PATCH 3/5] suppress line length --- qa-tests-backend/src/test/groovy/ImageScanningTest.groovy | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/qa-tests-backend/src/test/groovy/ImageScanningTest.groovy b/qa-tests-backend/src/test/groovy/ImageScanningTest.groovy index 846107e0bea8e..8b90587ce0db6 100644 --- a/qa-tests-backend/src/test/groovy/ImageScanningTest.groovy +++ b/qa-tests-backend/src/test/groovy/ImageScanningTest.groovy @@ -795,13 +795,13 @@ class ImageScanningTest extends BaseSpecification { includeScanner: true,]) } } + @SuppressWarnings('LineLength') private static String expectAutoGeneratedRegistry(Secret secret) { ImageIntegrationOuterClass.ImageIntegration autoGenerated = null withRetry(5, 2) { - autoGenerated = - ImageIntegrationService.getImageIntegrationByName( - "Autogenerated ${secret.server} for cluster ${DEFAULT_CLUSTER_NAME} from ${secret.namespace}/${secret.name}" - ) + autoGenerated = ImageIntegrationService.getImageIntegrationByName( + "Autogenerated ${secret.server} for cluster ${DEFAULT_CLUSTER_NAME} from ${secret.namespace}/${secret.name}" + ) assert autoGenerated } assert autoGenerated From 7a511944523e47f7958b265913e1c18f0f3ac932 Mon Sep 17 00:00:00 2001 From: Daniel Haus Date: Wed, 12 Oct 2022 06:32:35 +0200 Subject: [PATCH 4/5] Address review comments. Refactor image integration pipeline, refactor proto messages --- central/image/service/service_impl.go | 8 +- .../pipeline/imageintegrations/pipeline.go | 43 +- .../v1/image_integration_service.swagger.json | 2 +- generated/api/v1/image_service.pb.go | 483 +++++++++++++----- generated/api/v1/image_service.swagger.json | 17 + generated/storage/image_integration.pb.go | 177 +++---- pkg/images/enricher/enricher_impl.go | 46 +- proto/api/v1/image_service.proto | 12 +- proto/storage/image_integration.proto | 6 +- sensor/common/detector/enricher.go | 10 +- .../kubernetes/listener/resources/secrets.go | 20 +- 11 files changed, 533 insertions(+), 291 deletions(-) diff --git a/central/image/service/service_impl.go b/central/image/service/service_impl.go index 92852eabc612b..dedaa284cc03a 100644 --- a/central/image/service/service_impl.go +++ b/central/image/service/service_impl.go @@ -231,11 +231,11 @@ func (s *serviceImpl) ScanImageInternal(ctx context.Context, request *v1.ScanIma img := types.ToImage(request.GetImage()) var source *enricher.RequestSource - if request.GetClusterId() != "" { + if request.GetSource() != nil { source = &enricher.RequestSource{ - ClusterID: request.GetClusterId(), - Namespace: request.GetNamespace(), - ImagePullSecrets: set.NewStringSet(request.GetImagePullSecrets()...), + ClusterID: request.GetSource().GetClusterId(), + Namespace: request.GetSource().GetNamespace(), + ImagePullSecrets: set.NewStringSet(request.GetSource().GetImagePullSecrets()...), } } diff --git a/central/sensor/service/pipeline/imageintegrations/pipeline.go b/central/sensor/service/pipeline/imageintegrations/pipeline.go index f22414ef48170..933640a1bfab3 100644 --- a/central/sensor/service/pipeline/imageintegrations/pipeline.go +++ b/central/sensor/service/pipeline/imageintegrations/pipeline.go @@ -40,7 +40,6 @@ func GetPipeline() pipeline.Fragment { datastore.Singleton(), clusterDatastore.Singleton(), reprocessor.Singleton(), - connection.ManagerSingleton(), ) } @@ -48,10 +47,9 @@ func GetPipeline() pipeline.Fragment { func NewPipeline(integrationManager enrichment.Manager, datastore datastore.DataStore, clusterDatastore clusterDatastore.DataStore, - enrichAndDetectLoop reprocessor.Loop, connManager connection.Manager) pipeline.Fragment { + enrichAndDetectLoop reprocessor.Loop) pipeline.Fragment { return &pipelineImpl{ integrationManager: integrationManager, - connManager: connManager, datastore: datastore, clusterDatastore: clusterDatastore, enrichAndDetectLoop: enrichAndDetectLoop, @@ -61,7 +59,6 @@ func NewPipeline(integrationManager enrichment.Manager, type pipelineImpl struct { integrationManager enrichment.Manager - connManager connection.Manager datastore datastore.DataStore clusterDatastore clusterDatastore.DataStore enrichAndDetectLoop reprocessor.Loop @@ -70,10 +67,8 @@ type pipelineImpl struct { func (s *pipelineImpl) Reconcile(ctx context.Context, clusterID string, storeMap *reconciliation.StoreMap) error { existingIDs := set.NewStringSet() - conn := s.connManager.GetConnection(clusterID) - if conn == nil { - return nil - } + conn := connection.FromContext(ctx) + // We should not reconcile image integrations unless the Sensor is on a version that can provide scoped integrations // with consistent uuids if !conn.HasCapability(centralsensor.ScopedImageIntegrations) { @@ -85,6 +80,7 @@ func (s *pipelineImpl) Reconcile(ctx context.Context, clusterID string, storeMap return errors.Wrap(err, "getting image integrations for reconciliation") } for _, integration := range integrations { + // Skipping ECR image integrations since they are special and use AWS IAM. if integration.GetEcr() != nil { continue } @@ -275,23 +271,34 @@ func (s *pipelineImpl) Run(ctx context.Context, clusterID string, msg *central.M if source == nil { return s.legacyRun(ctx, imageIntegration, matches) } - imageIntegration.Name = fmt.Sprintf("Autogenerated %s for cluster %s from %s/%s", description, clusterName, source.GetNamespace(), source.GetName()) + imageIntegration.Name = fmt.Sprintf("Autogenerated %s for cluster %s from %s/%s", + description, clusterName, source.GetNamespace(), source.GetImagePullSecretName()) - _, exists, err = s.datastore.GetImageIntegration(ctx, imageIntegration.GetId()) + requiresShortCircuit, err := s.upsertImageIntegration(ctx, imageIntegration) if err != nil { - return errors.Wrapf(err, "retrieving image integration %q", imageIntegration.GetId()) + return err } - if _, err := s.datastore.AddImageIntegration(ctx, imageIntegration); err != nil { - return errors.Wrapf(err, "adding image integration %q", imageIntegration.GetId()) - } - if err := s.integrationManager.Upsert(imageIntegration); err != nil { - return errors.Wrapf(err, "notifying of update for image integration %q", imageIntegration.GetId()) - } - if !exists { + if requiresShortCircuit { s.enrichAndDetectLoop.ShortCircuit() } + return nil } func (s *pipelineImpl) OnFinish(_ string) {} + +func (s *pipelineImpl) upsertImageIntegration(ctx context.Context, imageIntegration *storage.ImageIntegration) (bool, error) { + _, exists, err := s.datastore.GetImageIntegration(ctx, imageIntegration.GetId()) + if err != nil { + return exists, errors.Wrapf(err, "retrieving image integration %q", imageIntegration.GetId()) + } + + if _, err := s.datastore.AddImageIntegration(ctx, imageIntegration); err != nil { + return exists, errors.Wrapf(err, "adding image integration %q", imageIntegration.GetId()) + } + if err := s.integrationManager.Upsert(imageIntegration); err != nil { + return exists, errors.Wrapf(err, "notifying of update for image integration %q", imageIntegration.GetId()) + } + return exists, nil +} diff --git a/generated/api/v1/image_integration_service.swagger.json b/generated/api/v1/image_integration_service.swagger.json index 494d95ce4f7fc..d611b6dc673a2 100644 --- a/generated/api/v1/image_integration_service.swagger.json +++ b/generated/api/v1/image_integration_service.swagger.json @@ -529,7 +529,7 @@ "namespace": { "type": "string" }, - "name": { + "imagePullSecretName": { "type": "string" } } diff --git a/generated/api/v1/image_service.pb.go b/generated/api/v1/image_service.pb.go index e693eaa8b206d..26a30b2f3d9bd 100644 --- a/generated/api/v1/image_service.pb.go +++ b/generated/api/v1/image_service.pb.go @@ -338,14 +338,12 @@ func (m *ScanImageRequest) Clone() *ScanImageRequest { } type ScanImageInternalRequest struct { - Image *storage.ContainerImage `protobuf:"bytes,1,opt,name=image,proto3" json:"image,omitempty"` - CachedOnly bool `protobuf:"varint,3,opt,name=cached_only,json=cachedOnly,proto3" json:"cached_only,omitempty"` - ClusterId string `protobuf:"bytes,4,opt,name=cluster_id,json=clusterId,proto3" json:"cluster_id,omitempty"` - Namespace string `protobuf:"bytes,5,opt,name=namespace,proto3" json:"namespace,omitempty"` - ImagePullSecrets []string `protobuf:"bytes,6,rep,name=image_pull_secrets,json=imagePullSecrets,proto3" json:"image_pull_secrets,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + Image *storage.ContainerImage `protobuf:"bytes,1,opt,name=image,proto3" json:"image,omitempty"` + CachedOnly bool `protobuf:"varint,3,opt,name=cached_only,json=cachedOnly,proto3" json:"cached_only,omitempty"` + Source *ScanImageInternalRequest_Source `protobuf:"bytes,4,opt,name=source,proto3" json:"source,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *ScanImageInternalRequest) Reset() { *m = ScanImageInternalRequest{} } @@ -395,38 +393,101 @@ func (m *ScanImageInternalRequest) GetCachedOnly() bool { return false } -func (m *ScanImageInternalRequest) GetClusterId() string { +func (m *ScanImageInternalRequest) GetSource() *ScanImageInternalRequest_Source { + if m != nil { + return m.Source + } + return nil +} + +func (m *ScanImageInternalRequest) MessageClone() proto.Message { + return m.Clone() +} +func (m *ScanImageInternalRequest) Clone() *ScanImageInternalRequest { + if m == nil { + return nil + } + cloned := new(ScanImageInternalRequest) + *cloned = *m + + cloned.Image = m.Image.Clone() + cloned.Source = m.Source.Clone() + return cloned +} + +type ScanImageInternalRequest_Source struct { + ClusterId string `protobuf:"bytes,1,opt,name=cluster_id,json=clusterId,proto3" json:"cluster_id,omitempty"` + Namespace string `protobuf:"bytes,2,opt,name=namespace,proto3" json:"namespace,omitempty"` + ImagePullSecrets []string `protobuf:"bytes,3,rep,name=image_pull_secrets,json=imagePullSecrets,proto3" json:"image_pull_secrets,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *ScanImageInternalRequest_Source) Reset() { *m = ScanImageInternalRequest_Source{} } +func (m *ScanImageInternalRequest_Source) String() string { return proto.CompactTextString(m) } +func (*ScanImageInternalRequest_Source) ProtoMessage() {} +func (*ScanImageInternalRequest_Source) Descriptor() ([]byte, []int) { + return fileDescriptor_b4306cfe43028263, []int{4, 0} +} +func (m *ScanImageInternalRequest_Source) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *ScanImageInternalRequest_Source) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_ScanImageInternalRequest_Source.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *ScanImageInternalRequest_Source) XXX_Merge(src proto.Message) { + xxx_messageInfo_ScanImageInternalRequest_Source.Merge(m, src) +} +func (m *ScanImageInternalRequest_Source) XXX_Size() int { + return m.Size() +} +func (m *ScanImageInternalRequest_Source) XXX_DiscardUnknown() { + xxx_messageInfo_ScanImageInternalRequest_Source.DiscardUnknown(m) +} + +var xxx_messageInfo_ScanImageInternalRequest_Source proto.InternalMessageInfo + +func (m *ScanImageInternalRequest_Source) GetClusterId() string { if m != nil { return m.ClusterId } return "" } -func (m *ScanImageInternalRequest) GetNamespace() string { +func (m *ScanImageInternalRequest_Source) GetNamespace() string { if m != nil { return m.Namespace } return "" } -func (m *ScanImageInternalRequest) GetImagePullSecrets() []string { +func (m *ScanImageInternalRequest_Source) GetImagePullSecrets() []string { if m != nil { return m.ImagePullSecrets } return nil } -func (m *ScanImageInternalRequest) MessageClone() proto.Message { +func (m *ScanImageInternalRequest_Source) MessageClone() proto.Message { return m.Clone() } -func (m *ScanImageInternalRequest) Clone() *ScanImageInternalRequest { +func (m *ScanImageInternalRequest_Source) Clone() *ScanImageInternalRequest_Source { if m == nil { return nil } - cloned := new(ScanImageInternalRequest) + cloned := new(ScanImageInternalRequest_Source) *cloned = *m - cloned.Image = m.Image.Clone() if m.ImagePullSecrets != nil { cloned.ImagePullSecrets = make([]string, len(m.ImagePullSecrets)) copy(cloned.ImagePullSecrets, m.ImagePullSecrets) @@ -1239,6 +1300,7 @@ func init() { proto.RegisterType((*CountImagesResponse)(nil), "v1.CountImagesResponse") proto.RegisterType((*ScanImageRequest)(nil), "v1.ScanImageRequest") proto.RegisterType((*ScanImageInternalRequest)(nil), "v1.ScanImageInternalRequest") + proto.RegisterType((*ScanImageInternalRequest_Source)(nil), "v1.ScanImageInternalRequest.Source") proto.RegisterType((*ScanImageInternalResponse)(nil), "v1.ScanImageInternalResponse") proto.RegisterType((*GetImageVulnerabilitiesInternalRequest)(nil), "v1.GetImageVulnerabilitiesInternalRequest") proto.RegisterType((*EnrichLocalImageInternalRequest)(nil), "v1.EnrichLocalImageInternalRequest") @@ -1255,91 +1317,92 @@ func init() { func init() { proto.RegisterFile("api/v1/image_service.proto", fileDescriptor_b4306cfe43028263) } var fileDescriptor_b4306cfe43028263 = []byte{ - // 1337 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xc4, 0x56, 0x41, 0x73, 0x1b, 0xc5, - 0x12, 0x8e, 0xa4, 0xc8, 0xb1, 0x5a, 0x8e, 0x24, 0x8f, 0x1d, 0x7b, 0xad, 0x38, 0xb6, 0x6a, 0xf3, - 0xde, 0x8b, 0x9f, 0xf3, 0x9e, 0x5c, 0x12, 0xc5, 0x25, 0x45, 0x15, 0x11, 0xb6, 0x62, 0x44, 0x59, - 0xb2, 0x59, 0x3b, 0x26, 0x50, 0x29, 0xb6, 0x26, 0xbb, 0x13, 0x7b, 0x8a, 0xd5, 0xec, 0x66, 0x67, - 0x24, 0xa3, 0x50, 0x1c, 0xe0, 0xc4, 0x9d, 0x0b, 0xc5, 0xcf, 0xe0, 0x2f, 0x70, 0xe1, 0x48, 0x15, - 0x47, 0x2e, 0x54, 0xe0, 0x87, 0x50, 0x3b, 0x33, 0x5a, 0xef, 0x4a, 0x4a, 0x0c, 0x27, 0x6e, 0x3b, - 0xdd, 0x3d, 0x5f, 0x6f, 0x7f, 0xdd, 0xf3, 0xcd, 0x40, 0x15, 0x07, 0x74, 0x67, 0xd8, 0xd8, 0xa1, - 0x7d, 0x7c, 0x46, 0x6c, 0x4e, 0xc2, 0x21, 0x75, 0x48, 0x3d, 0x08, 0x7d, 0xe1, 0xa3, 0xec, 0xb0, - 0x51, 0x5d, 0x3f, 0xf3, 0xfd, 0x33, 0x8f, 0xec, 0x44, 0x61, 0x98, 0x31, 0x5f, 0x60, 0x41, 0x7d, - 0xc6, 0x55, 0x44, 0xf5, 0xb6, 0xde, 0xcd, 0x09, 0x0e, 0x9d, 0xf3, 0xf4, 0xf6, 0x2a, 0xd2, 0x4e, - 0xd2, 0x0f, 0xc4, 0x48, 0xdb, 0x36, 0xb8, 0x83, 0x19, 0x23, 0xe1, 0x8e, 0xf6, 0x39, 0x7e, 0x3f, - 0xf0, 0x19, 0x61, 0x42, 0xfb, 0xd7, 0x26, 0xfc, 0xcc, 0x17, 0x63, 0xb8, 0x25, 0x2e, 0xfc, 0x10, - 0x9f, 0x11, 0xf5, 0xab, 0xda, 0x68, 0x8c, 0x8d, 0x2e, 0x09, 0x3c, 0x7f, 0xd4, 0x8f, 0x91, 0xcc, - 0x0b, 0x28, 0xef, 0x13, 0xd1, 0x89, 0x62, 0x2d, 0xf2, 0x62, 0x40, 0xb8, 0x40, 0x25, 0xc8, 0x52, - 0xd7, 0xc8, 0xd4, 0x32, 0x5b, 0x05, 0x2b, 0x4b, 0x5d, 0x74, 0x0f, 0xca, 0x94, 0x39, 0xde, 0xc0, - 0x25, 0x36, 0x67, 0xbe, 0xff, 0x92, 0xb8, 0x46, 0xb6, 0x96, 0xd9, 0x9a, 0xb7, 0x4a, 0xda, 0x7c, - 0xac, 0xac, 0xe8, 0x3e, 0x2c, 0x72, 0x11, 0xd2, 0xc0, 0x76, 0x09, 0x77, 0x42, 0x1a, 0x44, 0x14, - 0x18, 0x39, 0x19, 0x5a, 0x91, 0x8e, 0xbd, 0x4b, 0xbb, 0xf9, 0x10, 0xd0, 0x01, 0xe5, 0x2a, 0x33, - 0xb7, 0x08, 0x0f, 0x7c, 0xc6, 0x09, 0xda, 0x86, 0x39, 0xf9, 0xdf, 0xdc, 0xc8, 0xd4, 0x72, 0x5b, - 0xc5, 0x26, 0xaa, 0xeb, 0x3f, 0xaf, 0xc7, 0xc1, 0x96, 0x8e, 0x30, 0xef, 0xc3, 0xd2, 0xae, 0x3f, - 0x60, 0x93, 0x10, 0xcb, 0x90, 0x77, 0x22, 0xb3, 0xac, 0x20, 0x6f, 0xa9, 0x85, 0x19, 0x40, 0xe5, - 0xd8, 0xc1, 0x2c, 0x55, 0xe8, 0x1d, 0x00, 0xd5, 0x4f, 0x86, 0xfb, 0x44, 0x17, 0x5c, 0x90, 0x96, - 0x1e, 0xee, 0x4b, 0xa0, 0xe7, 0x7e, 0xe8, 0x10, 0x5d, 0xad, 0x5a, 0xcc, 0x62, 0x23, 0x37, 0x8b, - 0x0d, 0xf3, 0xd7, 0x0c, 0x18, 0x71, 0xca, 0x0e, 0x13, 0x24, 0x64, 0xd8, 0x1b, 0xa7, 0xfe, 0x3f, - 0xe4, 0x65, 0x22, 0x99, 0xb5, 0xd8, 0x5c, 0x8d, 0xcb, 0xdc, 0xf5, 0x99, 0xc0, 0x94, 0x91, 0x50, - 0xfd, 0xa9, 0x8a, 0x42, 0x9b, 0x50, 0x74, 0xb0, 0x73, 0x4e, 0x5c, 0xdb, 0x67, 0xde, 0x48, 0x27, - 0x04, 0x65, 0x3a, 0x64, 0xde, 0x28, 0x2a, 0xc5, 0xf1, 0x06, 0x5c, 0x90, 0xd0, 0xa6, 0xae, 0x71, - 0x5d, 0x95, 0xa2, 0x2d, 0x1d, 0x17, 0xad, 0x43, 0x21, 0xaa, 0x91, 0x07, 0xd8, 0x21, 0x46, 0x5e, - 0x79, 0x63, 0x03, 0xfa, 0x1f, 0x20, 0xc5, 0x43, 0x30, 0xf0, 0x3c, 0x9b, 0x13, 0x27, 0x24, 0x82, - 0x1b, 0x73, 0xb5, 0xdc, 0x56, 0xc1, 0xaa, 0x48, 0xcf, 0xd1, 0xc0, 0xf3, 0x8e, 0x95, 0xfd, 0x83, - 0xeb, 0xf3, 0xd9, 0x4a, 0xce, 0x6c, 0xc1, 0xda, 0x8c, 0xe2, 0x74, 0x0b, 0xfe, 0x95, 0xae, 0xae, - 0x14, 0x57, 0x97, 0x2c, 0xca, 0xfc, 0x21, 0x0b, 0xff, 0x19, 0xcf, 0xde, 0xe9, 0xc0, 0x63, 0x24, - 0xc4, 0xcf, 0xa8, 0x47, 0x05, 0x25, 0x7c, 0x92, 0xae, 0x35, 0x98, 0x57, 0x7f, 0x18, 0x0f, 0xe6, - 0x0d, 0xb9, 0xee, 0xb8, 0xa8, 0x91, 0x6a, 0x62, 0x56, 0x26, 0x44, 0xe9, 0x84, 0x51, 0x37, 0x93, - 0x8d, 0x6d, 0xc2, 0x7c, 0x9f, 0x08, 0xec, 0x62, 0x81, 0x25, 0x95, 0xc5, 0xe6, 0x4a, 0x7a, 0x43, - 0x57, 0x7b, 0xad, 0x38, 0x0e, 0x6d, 0x41, 0x85, 0x72, 0x7b, 0xcc, 0xb1, 0xe7, 0x3b, 0xd8, 0x33, - 0xe6, 0x74, 0xdf, 0xf9, 0xae, 0x32, 0x1f, 0x44, 0x56, 0xf4, 0x36, 0x40, 0x7c, 0x5c, 0xb9, 0x6c, - 0x45, 0xb1, 0x79, 0xab, 0xae, 0x0f, 0xec, 0x69, 0xa3, 0xbe, 0x1b, 0x3b, 0xad, 0x44, 0x20, 0xfa, - 0x37, 0xe4, 0xa3, 0x53, 0xcc, 0x8d, 0x7c, 0x2d, 0xb7, 0x55, 0x6a, 0x96, 0x13, 0x3b, 0x7a, 0xbe, - 0x20, 0x96, 0xf2, 0x9a, 0x3f, 0x66, 0x61, 0xb3, 0xcd, 0x42, 0xea, 0x9c, 0xcb, 0x6c, 0x33, 0x87, - 0xeb, 0x9f, 0x67, 0xeb, 0x21, 0x94, 0xb5, 0x52, 0xd2, 0x33, 0x86, 0xc5, 0x20, 0x24, 0x9a, 0x88, - 0xd5, 0xf4, 0xd6, 0xe3, 0xb1, 0xdb, 0x2a, 0xd1, 0xd4, 0x7a, 0x82, 0xc5, 0xfc, 0xdf, 0x66, 0x71, - 0xee, 0x8d, 0x2c, 0x1e, 0xc3, 0xd2, 0x1e, 0xf1, 0x88, 0x20, 0x63, 0xed, 0x50, 0xc4, 0x99, 0x90, - 0x7f, 0x31, 0x20, 0xe1, 0x48, 0xcf, 0xed, 0x42, 0x7d, 0xd8, 0xa8, 0x5b, 0xf8, 0xe2, 0xc3, 0xc8, - 0x66, 0x29, 0x17, 0x32, 0xe0, 0x86, 0xe3, 0xb3, 0xe7, 0x34, 0xec, 0x6b, 0x5d, 0x18, 0x2f, 0xcd, - 0x23, 0x58, 0x4e, 0x83, 0xea, 0xd3, 0xb0, 0x09, 0x45, 0x36, 0xe8, 0xdb, 0xae, 0xf4, 0xa9, 0x8e, - 0xdc, 0xb4, 0x80, 0x0d, 0xfa, 0x2a, 0xda, 0x45, 0xab, 0x70, 0xc3, 0x0d, 0x47, 0x76, 0x38, 0x60, - 0x1a, 0x72, 0xce, 0x0d, 0x47, 0xd6, 0x80, 0x99, 0xf7, 0x60, 0xf1, 0x23, 0x2c, 0x9c, 0xf3, 0x94, - 0x6a, 0x21, 0xb8, 0x9e, 0xd0, 0x2b, 0xf9, 0x6d, 0x7e, 0x95, 0x05, 0x94, 0x8c, 0xd4, 0x99, 0xef, - 0x41, 0x99, 0xf9, 0x61, 0x1f, 0x7b, 0xf4, 0x25, 0x71, 0x93, 0x2a, 0x57, 0xba, 0x34, 0xcb, 0x1e, - 0xbf, 0x0b, 0x40, 0xc2, 0xd0, 0x0f, 0x6d, 0x31, 0x0a, 0xd4, 0x58, 0x94, 0x9a, 0xb5, 0xa8, 0xfa, - 0x69, 0xd0, 0x7a, 0x3b, 0x0a, 0x3c, 0x19, 0x05, 0xc4, 0x2a, 0x90, 0xf1, 0x27, 0xba, 0x0b, 0x37, - 0x15, 0x40, 0x9f, 0x70, 0x1e, 0x9d, 0xfc, 0x9c, 0xcc, 0xb3, 0x20, 0x8d, 0x5d, 0x65, 0x33, 0x9f, - 0x42, 0x21, 0xde, 0x8c, 0x16, 0x60, 0xbe, 0x77, 0x68, 0xb7, 0x2d, 0xeb, 0xd0, 0xaa, 0x5c, 0x43, - 0x2b, 0x80, 0x3a, 0xbd, 0xd3, 0xd6, 0x41, 0x67, 0xcf, 0xee, 0x74, 0x5b, 0xfb, 0x6d, 0xbb, 0xd7, - 0xea, 0xb6, 0x2b, 0x19, 0x64, 0xc0, 0x72, 0xef, 0xd0, 0xd6, 0x8e, 0xde, 0x49, 0x7b, 0xdf, 0x6a, - 0x9d, 0x74, 0x0e, 0x7b, 0x95, 0x2c, 0x2a, 0x43, 0xf1, 0x78, 0xb7, 0xd5, 0xb3, 0x1f, 0xb5, 0x3a, - 0x07, 0xed, 0xbd, 0x4a, 0xce, 0xfc, 0x2f, 0x2c, 0x3d, 0x66, 0x17, 0x7f, 0x89, 0xae, 0x27, 0x60, - 0xec, 0x13, 0x21, 0x6b, 0x23, 0xee, 0x44, 0xb7, 0xde, 0x81, 0xd2, 0x85, 0x72, 0xd8, 0xa9, 0x9b, - 0xe8, 0x56, 0x3c, 0xb9, 0xc9, 0x7d, 0xd6, 0xcd, 0x8b, 0x24, 0x8a, 0xf9, 0x00, 0x6a, 0xaf, 0x95, - 0xc5, 0x3d, 0x22, 0x30, 0xf5, 0x78, 0x75, 0x05, 0x96, 0x4f, 0x7c, 0xbf, 0x8b, 0xd9, 0xe8, 0x08, - 0x87, 0xd8, 0xf3, 0x88, 0x17, 0x6d, 0xe1, 0xcd, 0xef, 0xe7, 0x61, 0x41, 0x9d, 0x0a, 0xf5, 0x3e, - 0x40, 0xef, 0xc3, 0xfc, 0x58, 0x1f, 0xd1, 0x52, 0xd4, 0x8d, 0x89, 0x9b, 0xba, 0x3a, 0x21, 0xac, - 0xe6, 0xea, 0xd7, 0xbf, 0xfc, 0xf1, 0x6d, 0x76, 0x11, 0x95, 0xe3, 0xa7, 0x0a, 0xdf, 0xf9, 0x82, - 0xba, 0x5f, 0xa2, 0x2e, 0x14, 0x13, 0x57, 0x25, 0x4a, 0x0d, 0x76, 0x75, 0x35, 0x5a, 0xcd, 0xb8, - 0x49, 0x67, 0xc1, 0xc9, 0xcb, 0x14, 0x3d, 0x02, 0xb8, 0xbc, 0xbb, 0x27, 0xd0, 0x56, 0xa2, 0xd5, - 0xf4, 0xcd, 0x6e, 0x22, 0x09, 0xb6, 0x80, 0xe0, 0x12, 0x0c, 0x75, 0xa1, 0x10, 0xb3, 0x85, 0x96, - 0xa3, 0x8d, 0x93, 0x77, 0xf4, 0x54, 0x89, 0x55, 0x09, 0xb3, 0x6c, 0x26, 0x4b, 0x8c, 0xce, 0xf8, - 0x83, 0xcc, 0x36, 0x3a, 0x82, 0xc5, 0x29, 0xf2, 0xd1, 0x7a, 0x0a, 0x76, 0x42, 0x2a, 0xab, 0x77, - 0x5e, 0xe3, 0xd5, 0xc3, 0xf0, 0x02, 0x36, 0xaf, 0xb8, 0xa1, 0xd0, 0x76, 0xb2, 0x31, 0x6f, 0xbe, - 0xc6, 0xae, 0xc8, 0x66, 0xe6, 0xbe, 0xc9, 0x66, 0xd0, 0xa7, 0x60, 0xbc, 0x4e, 0xdf, 0xd1, 0xdd, - 0x68, 0xff, 0x15, 0xea, 0x7f, 0x55, 0x49, 0x4f, 0x61, 0xb3, 0xc3, 0x86, 0xd8, 0xa3, 0x2e, 0x16, - 0x24, 0x0a, 0x6b, 0x31, 0xd7, 0x22, 0x67, 0x94, 0x8b, 0x70, 0xb4, 0x1b, 0x3d, 0x28, 0x38, 0x2a, - 0xc8, 0x34, 0xd1, 0x73, 0xb4, 0x7a, 0xf9, 0x69, 0xde, 0x95, 0xcc, 0xdf, 0x41, 0xb7, 0x13, 0xcc, - 0xcb, 0x17, 0xc8, 0x0e, 0x8d, 0xf1, 0xd0, 0x63, 0x58, 0x48, 0x6a, 0x20, 0x92, 0xb3, 0x35, 0x43, - 0x6a, 0xab, 0xc6, 0xb4, 0x23, 0x3d, 0x28, 0xdb, 0xc9, 0x41, 0xf9, 0x18, 0xe0, 0x52, 0x89, 0xd0, - 0xad, 0x49, 0x65, 0x52, 0x90, 0x2b, 0xb3, 0x05, 0xcb, 0x5c, 0x97, 0x80, 0x2b, 0xe6, 0x62, 0x04, - 0xa8, 0x8f, 0xab, 0xc2, 0x8d, 0x86, 0xa6, 0x0b, 0x0b, 0x49, 0xd9, 0x50, 0x7f, 0x3c, 0x43, 0x48, - 0x92, 0x54, 0xac, 0x49, 0xc4, 0xa5, 0xed, 0x69, 0x44, 0x74, 0x0a, 0x95, 0x49, 0x69, 0x49, 0xf2, - 0xb9, 0xae, 0xa7, 0x65, 0xa6, 0xf6, 0x8c, 0x71, 0xd1, 0x34, 0xee, 0x7b, 0xf5, 0x9f, 0x5e, 0x6d, - 0x64, 0x7e, 0x7e, 0xb5, 0x91, 0xf9, 0xed, 0xd5, 0x46, 0xe6, 0xbb, 0xdf, 0x37, 0xae, 0x81, 0x41, - 0xfd, 0x3a, 0x17, 0xd8, 0xf9, 0x2c, 0xf4, 0x3f, 0x57, 0x8f, 0xf9, 0x3a, 0x0e, 0x68, 0x7d, 0xd8, - 0xf8, 0x24, 0x3b, 0x6c, 0x3c, 0xb9, 0xf6, 0x6c, 0x4e, 0xda, 0xde, 0xfa, 0x33, 0x00, 0x00, 0xff, - 0xff, 0x0d, 0x73, 0xfa, 0x16, 0xbb, 0x0c, 0x00, 0x00, + // 1357 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xc4, 0x57, 0xd1, 0x72, 0xdb, 0x44, + 0x17, 0xae, 0xe5, 0x26, 0x8d, 0x4f, 0x52, 0xdb, 0xd9, 0xa4, 0x89, 0xe2, 0xa6, 0x89, 0x47, 0xfd, + 0xff, 0xbf, 0xf9, 0x53, 0x70, 0xc6, 0x66, 0xb8, 0x29, 0xcc, 0x50, 0x93, 0xb8, 0xc1, 0x4c, 0xec, + 0x04, 0x39, 0x0d, 0x85, 0xe9, 0xa0, 0xd9, 0x4a, 0xdb, 0x44, 0x83, 0xbc, 0xab, 0x6a, 0x25, 0x07, + 0x97, 0xe1, 0x02, 0xae, 0xb8, 0xe7, 0x86, 0xe1, 0x92, 0x47, 0xe0, 0x15, 0xb8, 0xe1, 0x92, 0x19, + 0x5e, 0x80, 0x29, 0x3c, 0x08, 0xa3, 0xdd, 0xb5, 0x2c, 0x39, 0x4e, 0x03, 0x57, 0xdc, 0x69, 0xcf, + 0x39, 0xfb, 0x9d, 0x3d, 0xdf, 0x9e, 0xfd, 0x76, 0x05, 0x15, 0xec, 0xbb, 0x3b, 0x83, 0xfa, 0x8e, + 0xdb, 0xc7, 0xa7, 0xc4, 0xe2, 0x24, 0x18, 0xb8, 0x36, 0xa9, 0xf9, 0x01, 0x0b, 0x19, 0xd2, 0x06, + 0xf5, 0xca, 0xfa, 0x29, 0x63, 0xa7, 0x1e, 0xd9, 0x89, 0xc3, 0x30, 0xa5, 0x2c, 0xc4, 0xa1, 0xcb, + 0x28, 0x97, 0x11, 0x95, 0xdb, 0x6a, 0x36, 0x27, 0x38, 0xb0, 0xcf, 0xb2, 0xd3, 0x2b, 0x48, 0x39, + 0x49, 0xdf, 0x0f, 0x87, 0xca, 0xb6, 0xc1, 0x6d, 0x4c, 0x29, 0x09, 0x76, 0x94, 0xcf, 0x66, 0x7d, + 0x9f, 0x51, 0x42, 0x43, 0xe5, 0x5f, 0x9b, 0xf0, 0x53, 0x16, 0x8e, 0xe0, 0x96, 0x78, 0xc8, 0x02, + 0x7c, 0x4a, 0xe4, 0x52, 0x95, 0x51, 0x1f, 0x19, 0x1d, 0xe2, 0x7b, 0x6c, 0xd8, 0x4f, 0x90, 0x8c, + 0x73, 0x28, 0xed, 0x93, 0xb0, 0x1d, 0xc7, 0x9a, 0xe4, 0x45, 0x44, 0x78, 0x88, 0x8a, 0xa0, 0xb9, + 0x8e, 0x9e, 0xab, 0xe6, 0xb6, 0x0a, 0xa6, 0xe6, 0x3a, 0xe8, 0x1e, 0x94, 0x5c, 0x6a, 0x7b, 0x91, + 0x43, 0x2c, 0x4e, 0x19, 0x7b, 0x49, 0x1c, 0x5d, 0xab, 0xe6, 0xb6, 0xe6, 0xcc, 0xa2, 0x32, 0xf7, + 0xa4, 0x15, 0xdd, 0x87, 0x45, 0x1e, 0x06, 0xae, 0x6f, 0x39, 0x84, 0xdb, 0x81, 0xeb, 0xc7, 0x14, + 0xe8, 0x79, 0x11, 0x5a, 0x16, 0x8e, 0xbd, 0xb1, 0xdd, 0x78, 0x08, 0xe8, 0xc0, 0xe5, 0x32, 0x33, + 0x37, 0x09, 0xf7, 0x19, 0xe5, 0x04, 0x6d, 0xc3, 0xac, 0x58, 0x37, 0xd7, 0x73, 0xd5, 0xfc, 0xd6, + 0x7c, 0x03, 0xd5, 0xd4, 0xca, 0x6b, 0x49, 0xb0, 0xa9, 0x22, 0x8c, 0xfb, 0xb0, 0xb4, 0xcb, 0x22, + 0x3a, 0x09, 0xb1, 0x0c, 0x33, 0x76, 0x6c, 0x16, 0x15, 0xcc, 0x98, 0x72, 0x60, 0xf8, 0x50, 0xee, + 0xd9, 0x98, 0x66, 0x0a, 0xbd, 0x03, 0x20, 0xf7, 0x93, 0xe2, 0x3e, 0x51, 0x05, 0x17, 0x84, 0xa5, + 0x8b, 0xfb, 0x02, 0xe8, 0x39, 0x0b, 0x6c, 0xa2, 0xaa, 0x95, 0x83, 0x69, 0x6c, 0xe4, 0xa7, 0xb1, + 0x61, 0xfc, 0xa8, 0x81, 0x9e, 0xa4, 0x6c, 0xd3, 0x90, 0x04, 0x14, 0x7b, 0xa3, 0xd4, 0x6f, 0xc2, + 0x8c, 0x48, 0x24, 0xb2, 0xce, 0x37, 0x56, 0x93, 0x32, 0x77, 0x19, 0x0d, 0xb1, 0x4b, 0x49, 0x20, + 0x57, 0x2a, 0xa3, 0xd0, 0x26, 0xcc, 0xdb, 0xd8, 0x3e, 0x23, 0x8e, 0xc5, 0xa8, 0x37, 0x54, 0x09, + 0x41, 0x9a, 0x0e, 0xa9, 0x37, 0x44, 0xef, 0xc0, 0x2c, 0x67, 0x51, 0xbc, 0xd8, 0xeb, 0x02, 0xf0, + 0x6e, 0x6d, 0x50, 0xaf, 0x5d, 0x96, 0xbd, 0xd6, 0x13, 0xa1, 0xa6, 0x9a, 0x52, 0xe1, 0x30, 0x2b, + 0x2d, 0x31, 0x23, 0xb6, 0x17, 0xf1, 0x90, 0x04, 0x56, 0xd2, 0x02, 0x05, 0x65, 0x69, 0x3b, 0x68, + 0x1d, 0x0a, 0x31, 0x55, 0xdc, 0xc7, 0x8a, 0x95, 0x82, 0x39, 0x36, 0xa0, 0x37, 0x00, 0x49, 0x3a, + 0xfd, 0xc8, 0xf3, 0x2c, 0x4e, 0xec, 0x80, 0x84, 0x5c, 0xcf, 0x57, 0xf3, 0x5b, 0x05, 0xb3, 0x2c, + 0x3c, 0x47, 0x91, 0xe7, 0xf5, 0xa4, 0xfd, 0xc3, 0xeb, 0x73, 0x5a, 0x39, 0x6f, 0x34, 0x61, 0x6d, + 0xca, 0x2a, 0xd5, 0x4e, 0xfe, 0x27, 0x4b, 0x52, 0x31, 0x21, 0x29, 0xcd, 0x8d, 0xf1, 0x93, 0x06, + 0xff, 0x1b, 0xb5, 0xf0, 0x49, 0xe4, 0x51, 0x12, 0xe0, 0x67, 0xae, 0xe7, 0x86, 0x2e, 0xe1, 0x93, + 0xac, 0xaf, 0xc1, 0x9c, 0x5c, 0x61, 0x52, 0xdc, 0x0d, 0x31, 0x6e, 0x3b, 0xa8, 0x9e, 0xe9, 0x05, + 0x4d, 0x24, 0x44, 0xd9, 0x84, 0x71, 0x53, 0xa4, 0xfb, 0xa3, 0x01, 0x73, 0x7d, 0x12, 0x62, 0x07, + 0x87, 0x58, 0xec, 0xc8, 0x7c, 0x63, 0x25, 0x3b, 0xa1, 0xa3, 0xbc, 0x66, 0x12, 0x87, 0xb6, 0xa0, + 0xec, 0x72, 0x6b, 0xc4, 0xb1, 0xc7, 0x6c, 0xec, 0xe9, 0xb3, 0xaa, 0x7d, 0xf8, 0xae, 0x34, 0x1f, + 0xc4, 0x56, 0xf4, 0x36, 0x40, 0x72, 0xea, 0xb9, 0xda, 0xd5, 0x5b, 0x35, 0x75, 0xee, 0x4f, 0xea, + 0xb5, 0xdd, 0xc4, 0x69, 0xa6, 0x02, 0xd1, 0x7f, 0x61, 0x26, 0x16, 0x03, 0xae, 0xcf, 0x54, 0xf3, + 0x5b, 0xc5, 0x46, 0x29, 0x35, 0xa3, 0xcb, 0x42, 0x62, 0x4a, 0xaf, 0xf1, 0xb3, 0x06, 0x9b, 0x2d, + 0x1a, 0xb8, 0xf6, 0x99, 0xc8, 0x36, 0xb5, 0x47, 0xff, 0x7d, 0xb6, 0x1e, 0x42, 0x49, 0x09, 0xae, + 0x7b, 0x4a, 0x71, 0x18, 0x05, 0xa3, 0xf6, 0x5e, 0xcd, 0x4e, 0xed, 0x8d, 0xdc, 0x66, 0xd1, 0xcd, + 0x8c, 0x27, 0x58, 0x9c, 0xf9, 0xc7, 0x2c, 0xce, 0xbe, 0x96, 0xc5, 0x1e, 0x2c, 0xed, 0x11, 0x8f, + 0x84, 0x64, 0x24, 0x41, 0x92, 0x38, 0x03, 0x66, 0x5e, 0x44, 0x24, 0x18, 0xaa, 0xbe, 0x5d, 0x88, + 0xcf, 0xa2, 0x89, 0xcf, 0x3f, 0x8a, 0x6d, 0xa6, 0x74, 0x21, 0x1d, 0x6e, 0xd8, 0x8c, 0x3e, 0x77, + 0x83, 0xbe, 0x92, 0x97, 0xd1, 0xd0, 0x38, 0x82, 0xe5, 0x2c, 0xa8, 0x3a, 0x0d, 0x9b, 0x30, 0x4f, + 0xa3, 0xbe, 0xe5, 0x08, 0x9f, 0xdc, 0x91, 0x9b, 0x26, 0xd0, 0xa8, 0x2f, 0xa3, 0x1d, 0xb4, 0x0a, + 0x37, 0x9c, 0x60, 0x68, 0x05, 0x11, 0x55, 0x90, 0xb3, 0x4e, 0x30, 0x34, 0x23, 0x6a, 0xdc, 0x83, + 0xc5, 0x8f, 0x71, 0x68, 0x9f, 0x65, 0xc4, 0x0f, 0xc1, 0xf5, 0x94, 0xec, 0x89, 0x6f, 0xe3, 0x6b, + 0x0d, 0x50, 0x3a, 0x52, 0x65, 0xbe, 0x07, 0x25, 0xca, 0x82, 0x3e, 0xf6, 0xdc, 0x97, 0xc4, 0x49, + 0x8b, 0x65, 0x71, 0x6c, 0x16, 0x7b, 0xfc, 0x1e, 0x00, 0x09, 0x02, 0x16, 0x58, 0xe1, 0xd0, 0x97, + 0x6d, 0x51, 0x6c, 0x54, 0xe3, 0xea, 0x2f, 0x82, 0xd6, 0x5a, 0x71, 0xe0, 0xf1, 0xd0, 0x27, 0x66, + 0x81, 0x8c, 0x3e, 0xd1, 0x5d, 0xb8, 0x29, 0x01, 0xfa, 0x84, 0xf3, 0xf8, 0xe4, 0xe7, 0x45, 0x9e, + 0x05, 0x61, 0xec, 0x48, 0x9b, 0xf1, 0x14, 0x0a, 0xc9, 0x64, 0xb4, 0x00, 0x73, 0xdd, 0x43, 0xab, + 0x65, 0x9a, 0x87, 0x66, 0xf9, 0x1a, 0x5a, 0x01, 0xd4, 0xee, 0x9e, 0x34, 0x0f, 0xda, 0x7b, 0x56, + 0xbb, 0xd3, 0xdc, 0x6f, 0x59, 0xdd, 0x66, 0xa7, 0x55, 0xce, 0x21, 0x1d, 0x96, 0xbb, 0x87, 0x96, + 0x72, 0x74, 0x8f, 0x5b, 0xfb, 0x66, 0xf3, 0xb8, 0x7d, 0xd8, 0x2d, 0x6b, 0xa8, 0x04, 0xf3, 0xbd, + 0xdd, 0x66, 0xd7, 0x7a, 0xd4, 0x6c, 0x1f, 0xb4, 0xf6, 0xca, 0x79, 0xe3, 0xff, 0xb0, 0xf4, 0x98, + 0x9e, 0xff, 0x2d, 0xba, 0x9e, 0x80, 0xbe, 0x4f, 0x42, 0x51, 0x1b, 0x71, 0x26, 0x76, 0xeb, 0x5d, + 0x28, 0x9e, 0x4b, 0x87, 0x95, 0xb9, 0xd0, 0x6e, 0x25, 0x9d, 0x9b, 0x9e, 0x67, 0xde, 0x3c, 0x4f, + 0xa3, 0x18, 0x0f, 0xa0, 0x7a, 0xa9, 0x2c, 0xee, 0x91, 0x10, 0xbb, 0x1e, 0xaf, 0xac, 0xc0, 0xf2, + 0x31, 0x63, 0x1d, 0x4c, 0x87, 0x47, 0x38, 0xc0, 0x9e, 0x47, 0xbc, 0x78, 0x0a, 0x6f, 0xfc, 0x30, + 0x07, 0x0b, 0xf2, 0x54, 0xc8, 0x67, 0x06, 0xfa, 0x00, 0xe6, 0x46, 0xfa, 0x88, 0x96, 0xe2, 0xdd, + 0x98, 0xb8, 0xf0, 0x2b, 0x13, 0xc2, 0x6a, 0xac, 0x7e, 0xf3, 0xdb, 0x9f, 0xdf, 0x69, 0x8b, 0xa8, + 0x94, 0xbc, 0x78, 0xf8, 0xce, 0x97, 0xae, 0xf3, 0x15, 0xea, 0xc0, 0x7c, 0xea, 0xc6, 0x45, 0x99, + 0xc6, 0xae, 0xac, 0xc6, 0xa3, 0x29, 0x17, 0xf2, 0x34, 0x38, 0x71, 0x27, 0xa3, 0x47, 0x00, 0xe3, + 0x27, 0xc0, 0x04, 0xda, 0x4a, 0x3c, 0xba, 0xf8, 0x40, 0x30, 0x90, 0x00, 0x5b, 0x40, 0x30, 0x06, + 0x43, 0x1d, 0x28, 0x24, 0x6c, 0xa1, 0xe5, 0xcc, 0xcd, 0x77, 0x59, 0x89, 0x15, 0x01, 0xb3, 0x6c, + 0xa4, 0x4b, 0x8c, 0xcf, 0xf8, 0x83, 0xdc, 0x36, 0x3a, 0x82, 0xc5, 0x0b, 0xe4, 0xa3, 0xf5, 0xd7, + 0x5d, 0xa8, 0x95, 0x3b, 0x97, 0x78, 0x55, 0x33, 0xbc, 0x80, 0xcd, 0x2b, 0x6e, 0x28, 0xb4, 0x9d, + 0xde, 0x98, 0xd7, 0x5f, 0x63, 0x57, 0x64, 0x33, 0xf2, 0xdf, 0x6a, 0x39, 0xf4, 0x19, 0xe8, 0x97, + 0xe9, 0x3b, 0x12, 0x8f, 0x83, 0x2b, 0xd4, 0xff, 0xaa, 0x92, 0x9e, 0xc2, 0x66, 0x9b, 0x0e, 0xb0, + 0xe7, 0x3a, 0x38, 0x24, 0x71, 0x58, 0x93, 0x3a, 0x26, 0x39, 0x75, 0x79, 0x18, 0x0c, 0x77, 0xe3, + 0x77, 0x09, 0x47, 0x05, 0x91, 0x26, 0x7e, 0xd5, 0x56, 0xc6, 0x9f, 0xc6, 0x5d, 0xc1, 0xfc, 0x1d, + 0x74, 0x3b, 0xc5, 0xbc, 0x78, 0xc8, 0xec, 0xb8, 0x09, 0x1e, 0x7a, 0x0c, 0x0b, 0x69, 0x0d, 0x44, + 0xa2, 0xb7, 0xa6, 0x48, 0x6d, 0x45, 0xbf, 0xe8, 0xc8, 0x36, 0xca, 0x76, 0xba, 0x51, 0x3e, 0x01, + 0x18, 0x2b, 0x11, 0xba, 0x35, 0xa9, 0x4c, 0x12, 0x72, 0x65, 0xba, 0x60, 0x19, 0xeb, 0x02, 0x70, + 0xc5, 0x58, 0x8c, 0x01, 0xd5, 0x71, 0x95, 0xb8, 0x71, 0xd3, 0x74, 0x60, 0x21, 0x2d, 0x1b, 0x72, + 0xc5, 0x53, 0x84, 0x24, 0x4d, 0xc5, 0x9a, 0x40, 0x5c, 0xda, 0xbe, 0x88, 0x88, 0x4e, 0xa0, 0x3c, + 0x29, 0x2d, 0x69, 0x3e, 0xd7, 0x55, 0xb7, 0x4c, 0xd5, 0x9e, 0x11, 0x2e, 0xba, 0x88, 0xfb, 0x7e, + 0xed, 0x97, 0x57, 0x1b, 0xb9, 0x5f, 0x5f, 0x6d, 0xe4, 0x7e, 0x7f, 0xb5, 0x91, 0xfb, 0xfe, 0x8f, + 0x8d, 0x6b, 0xa0, 0xbb, 0xac, 0xc6, 0x43, 0x6c, 0x7f, 0x1e, 0xb0, 0x2f, 0xe4, 0x3f, 0x41, 0x0d, + 0xfb, 0x6e, 0x6d, 0x50, 0xff, 0x54, 0x1b, 0xd4, 0x9f, 0x5c, 0x7b, 0x36, 0x2b, 0x6c, 0x6f, 0xfd, + 0x15, 0x00, 0x00, 0xff, 0xff, 0xe4, 0xec, 0xfe, 0x3e, 0x02, 0x0d, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -2056,26 +2119,15 @@ func (m *ScanImageInternalRequest) MarshalToSizedBuffer(dAtA []byte) (int, error i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.ImagePullSecrets) > 0 { - for iNdEx := len(m.ImagePullSecrets) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.ImagePullSecrets[iNdEx]) - copy(dAtA[i:], m.ImagePullSecrets[iNdEx]) - i = encodeVarintImageService(dAtA, i, uint64(len(m.ImagePullSecrets[iNdEx]))) - i-- - dAtA[i] = 0x32 + if m.Source != nil { + { + size, err := m.Source.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintImageService(dAtA, i, uint64(size)) } - } - if len(m.Namespace) > 0 { - i -= len(m.Namespace) - copy(dAtA[i:], m.Namespace) - i = encodeVarintImageService(dAtA, i, uint64(len(m.Namespace))) - i-- - dAtA[i] = 0x2a - } - if len(m.ClusterId) > 0 { - i -= len(m.ClusterId) - copy(dAtA[i:], m.ClusterId) - i = encodeVarintImageService(dAtA, i, uint64(len(m.ClusterId))) i-- dAtA[i] = 0x22 } @@ -2104,6 +2156,56 @@ func (m *ScanImageInternalRequest) MarshalToSizedBuffer(dAtA []byte) (int, error return len(dAtA) - i, nil } +func (m *ScanImageInternalRequest_Source) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *ScanImageInternalRequest_Source) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *ScanImageInternalRequest_Source) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.ImagePullSecrets) > 0 { + for iNdEx := len(m.ImagePullSecrets) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.ImagePullSecrets[iNdEx]) + copy(dAtA[i:], m.ImagePullSecrets[iNdEx]) + i = encodeVarintImageService(dAtA, i, uint64(len(m.ImagePullSecrets[iNdEx]))) + i-- + dAtA[i] = 0x1a + } + } + if len(m.Namespace) > 0 { + i -= len(m.Namespace) + copy(dAtA[i:], m.Namespace) + i = encodeVarintImageService(dAtA, i, uint64(len(m.Namespace))) + i-- + dAtA[i] = 0x12 + } + if len(m.ClusterId) > 0 { + i -= len(m.ClusterId) + copy(dAtA[i:], m.ClusterId) + i = encodeVarintImageService(dAtA, i, uint64(len(m.ClusterId))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + func (m *ScanImageInternalResponse) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -2178,20 +2280,20 @@ func (m *GetImageVulnerabilitiesInternalRequest) MarshalToSizedBuffer(dAtA []byt dAtA[i] = 0x30 } if len(m.Notes) > 0 { - dAtA4 := make([]byte, len(m.Notes)*10) - var j3 int + dAtA5 := make([]byte, len(m.Notes)*10) + var j4 int for _, num := range m.Notes { for num >= 1<<7 { - dAtA4[j3] = uint8(uint64(num)&0x7f | 0x80) + dAtA5[j4] = uint8(uint64(num)&0x7f | 0x80) num >>= 7 - j3++ + j4++ } - dAtA4[j3] = uint8(num) - j3++ + dAtA5[j4] = uint8(num) + j4++ } - i -= j3 - copy(dAtA[i:], dAtA4[:j3]) - i = encodeVarintImageService(dAtA, i, uint64(j3)) + i -= j4 + copy(dAtA[i:], dAtA5[:j4]) + i = encodeVarintImageService(dAtA, i, uint64(j4)) i-- dAtA[i] = 0x2a } @@ -2266,20 +2368,20 @@ func (m *EnrichLocalImageInternalRequest) MarshalToSizedBuffer(dAtA []byte) (int copy(dAtA[i:], m.XXX_unrecognized) } if len(m.Notes) > 0 { - dAtA9 := make([]byte, len(m.Notes)*10) - var j8 int + dAtA10 := make([]byte, len(m.Notes)*10) + var j9 int for _, num := range m.Notes { for num >= 1<<7 { - dAtA9[j8] = uint8(uint64(num)&0x7f | 0x80) + dAtA10[j9] = uint8(uint64(num)&0x7f | 0x80) num >>= 7 - j8++ + j9++ } - dAtA9[j8] = uint8(num) - j8++ + dAtA10[j9] = uint8(num) + j9++ } - i -= j8 - copy(dAtA[i:], dAtA9[:j8]) - i = encodeVarintImageService(dAtA, i, uint64(j8)) + i -= j9 + copy(dAtA[i:], dAtA10[:j9]) + i = encodeVarintImageService(dAtA, i, uint64(j9)) i-- dAtA[i] = 0x32 } @@ -2742,6 +2844,22 @@ func (m *ScanImageInternalRequest) Size() (n int) { if m.CachedOnly { n += 2 } + if m.Source != nil { + l = m.Source.Size() + n += 1 + l + sovImageService(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *ScanImageInternalRequest_Source) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l l = len(m.ClusterId) if l > 0 { n += 1 + l + sovImageService(uint64(l)) @@ -3482,6 +3600,93 @@ func (m *ScanImageInternalRequest) Unmarshal(dAtA []byte) error { } m.CachedOnly = bool(v != 0) case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Source", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowImageService + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthImageService + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthImageService + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Source == nil { + m.Source = &ScanImageInternalRequest_Source{} + } + if err := m.Source.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipImageService(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthImageService + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *ScanImageInternalRequest_Source) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowImageService + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: Source: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: Source: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field ClusterId", wireType) } @@ -3513,7 +3718,7 @@ func (m *ScanImageInternalRequest) Unmarshal(dAtA []byte) error { } m.ClusterId = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 5: + case 2: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) } @@ -3545,7 +3750,7 @@ func (m *ScanImageInternalRequest) Unmarshal(dAtA []byte) error { } m.Namespace = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 6: + case 3: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field ImagePullSecrets", wireType) } diff --git a/generated/api/v1/image_service.swagger.json b/generated/api/v1/image_service.swagger.json index 201959cc64fda..94c0039e2c932 100644 --- a/generated/api/v1/image_service.swagger.json +++ b/generated/api/v1/image_service.swagger.json @@ -1501,6 +1501,23 @@ }, "description": "RawQuery represents the search query string.\nThe format of the query string is \"\u003cfield name\u003e:\u003cvalue,value,...\u003e+\u003cfield name\u003e:\u003cvalue, value,...\u003e+...\"\nFor example:\nTo search for deployments named \"central\" and \"sensor\" in the namespace \"stackrox\", the query string would be\n\"Deployment:central,sensor+Namespace:stackrox\"\nRawQuery is used in ListAPIs to search for a particular object." }, + "v1ScanImageInternalRequestSource": { + "type": "object", + "properties": { + "clusterId": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "imagePullSecrets": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, "v1ScanImageInternalResponse": { "type": "object", "properties": { diff --git a/generated/storage/image_integration.pb.go b/generated/storage/image_integration.pb.go index d9b3be9a34801..6c052332ca9a5 100644 --- a/generated/storage/image_integration.pb.go +++ b/generated/storage/image_integration.pb.go @@ -368,7 +368,7 @@ func (m *ImageIntegration) Clone() *ImageIntegration { type ImageIntegration_Source struct { ClusterId string `protobuf:"bytes,1,opt,name=cluster_id,json=clusterId,proto3" json:"cluster_id,omitempty"` Namespace string `protobuf:"bytes,2,opt,name=namespace,proto3" json:"namespace,omitempty"` - Name string `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"` + ImagePullSecretName string `protobuf:"bytes,3,opt,name=image_pull_secret_name,json=imagePullSecretName,proto3" json:"image_pull_secret_name,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -421,9 +421,9 @@ func (m *ImageIntegration_Source) GetNamespace() string { return "" } -func (m *ImageIntegration_Source) GetName() string { +func (m *ImageIntegration_Source) GetImagePullSecretName() string { if m != nil { - return m.Name + return m.ImagePullSecretName } return "" } @@ -1207,84 +1207,85 @@ func init() { func init() { proto.RegisterFile("storage/image_integration.proto", fileDescriptor_9e3766be4a43c581) } var fileDescriptor_9e3766be4a43c581 = []byte{ - // 1223 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x96, 0xdf, 0x6e, 0x1b, 0x45, - 0x17, 0xc0, 0xeb, 0xc4, 0x71, 0xd6, 0x27, 0x4e, 0x62, 0x4f, 0x92, 0xaf, 0xfb, 0x59, 0xfd, 0x62, - 0x7f, 0xab, 0xa8, 0x0a, 0x10, 0x39, 0x25, 0x50, 0x04, 0x41, 0x42, 0x72, 0x9c, 0xa8, 0x38, 0x85, - 0x22, 0x36, 0xb9, 0x69, 0x2f, 0x58, 0x4d, 0x76, 0x4f, 0xdd, 0x21, 0xf6, 0xce, 0x76, 0x66, 0xb6, - 0xad, 0x79, 0x08, 0xae, 0x11, 0x6f, 0x81, 0x78, 0x04, 0x6e, 0xb8, 0xe4, 0x1e, 0xc9, 0x42, 0x05, - 0xf1, 0x00, 0x7e, 0x02, 0x34, 0xb3, 0xeb, 0xf5, 0x3a, 0x51, 0x42, 0xa5, 0xe6, 0x6e, 0xe7, 0x9c, - 0xdf, 0x39, 0x7b, 0xfe, 0xcd, 0x1f, 0x68, 0x48, 0xc5, 0x05, 0xed, 0xe1, 0x2e, 0x1b, 0xd0, 0x1e, - 0x7a, 0x2c, 0x54, 0xd8, 0x13, 0x54, 0x31, 0x1e, 0xb6, 0x22, 0xc1, 0x15, 0x27, 0x8b, 0x29, 0x50, - 0x5f, 0xef, 0xf1, 0x1e, 0x37, 0xb2, 0x5d, 0xfd, 0x95, 0xa8, 0xeb, 0x8d, 0x1e, 0xe7, 0xbd, 0x3e, - 0xee, 0x9a, 0xd5, 0x59, 0xfc, 0x74, 0x57, 0xb1, 0x01, 0x4a, 0x45, 0x07, 0x51, 0x02, 0x38, 0x7f, - 0x95, 0xa0, 0xda, 0xd5, 0xbe, 0xbb, 0x53, 0xd7, 0xe4, 0x0e, 0xcc, 0xb1, 0xc0, 0x2e, 0x34, 0x0b, - 0xdb, 0xe5, 0x83, 0xca, 0x78, 0xd4, 0xb0, 0xe4, 0xf3, 0xfe, 0xbe, 0x13, 0x9d, 0x3b, 0xee, 0x1c, - 0x0b, 0xc8, 0x16, 0x14, 0x43, 0x3a, 0x40, 0x7b, 0xce, 0xe8, 0xab, 0xe3, 0x51, 0xa3, 0x62, 0xf4, - 0x71, 0xc8, 0x9e, 0xc7, 0xe8, 0xb8, 0x46, 0x4b, 0x08, 0x14, 0xd5, 0x30, 0x42, 0x7b, 0x5e, 0x53, - 0xae, 0xf9, 0x26, 0x6d, 0x00, 0x9f, 0x2a, 0xec, 0x71, 0xc1, 0x50, 0xda, 0xa5, 0xe6, 0xfc, 0xf6, - 0xca, 0xde, 0xff, 0x5b, 0x69, 0x06, 0xad, 0x8b, 0x61, 0x74, 0x12, 0x74, 0xe8, 0xe6, 0x8c, 0xc8, - 0x7d, 0xb0, 0xfc, 0x3e, 0x65, 0x82, 0x3d, 0x1d, 0xda, 0x56, 0xb3, 0xb0, 0xbd, 0xb4, 0x77, 0x3b, - 0x73, 0xd0, 0x49, 0x15, 0x1d, 0x1e, 0x3e, 0x65, 0xbd, 0xcf, 0x6f, 0xb9, 0x19, 0x4a, 0x76, 0xa1, - 0x14, 0x70, 0xff, 0x1c, 0x85, 0x5d, 0x36, 0x46, 0x1b, 0x99, 0xd1, 0xa1, 0x11, 0x67, 0x26, 0x29, - 0x46, 0xde, 0x81, 0xe2, 0xf3, 0x98, 0x0e, 0x6d, 0x30, 0xf8, 0x5a, 0x86, 0x7f, 0x1d, 0xd3, 0xa9, - 0x7f, 0x83, 0x90, 0xbb, 0x30, 0x8f, 0xbe, 0xb0, 0x97, 0x0c, 0x49, 0x32, 0xf2, 0xa8, 0xe3, 0x66, - 0xa0, 0x06, 0x74, 0x0c, 0x49, 0x37, 0xec, 0xe5, 0x0b, 0x31, 0x3c, 0x30, 0xe2, 0x69, 0x0c, 0x09, - 0x46, 0x76, 0x60, 0xc1, 0x24, 0x60, 0xaf, 0x18, 0x7e, 0x7d, 0x36, 0xd1, 0x0c, 0x4f, 0x20, 0xd2, - 0x82, 0x79, 0x76, 0x36, 0xb0, 0xd7, 0x0d, 0x5b, 0x9f, 0x56, 0xf5, 0xe0, 0x4b, 0x17, 0x7b, 0x4c, - 0x2a, 0x31, 0x8d, 0x5b, 0x83, 0x64, 0x0b, 0x96, 0x69, 0xac, 0x78, 0x0f, 0x43, 0x14, 0x54, 0x61, - 0x60, 0xaf, 0x36, 0x0b, 0xdb, 0x96, 0x3b, 0x2b, 0x24, 0x1d, 0x00, 0xbf, 0x1f, 0x4b, 0x85, 0xc2, - 0x63, 0x81, 0x5d, 0x35, 0x2d, 0xdf, 0x1a, 0x8f, 0x1a, 0x4d, 0x89, 0x54, 0xf8, 0xcf, 0xf6, 0x9d, - 0x4e, 0xa2, 0x6d, 0x76, 0x0f, 0x77, 0x9e, 0xb1, 0x20, 0xc0, 0x70, 0x47, 0xff, 0x19, 0x1d, 0xb7, - 0x9c, 0xda, 0x75, 0x03, 0xb2, 0x07, 0x1b, 0xf2, 0x9c, 0x45, 0x9e, 0x42, 0xa9, 0xf2, 0x33, 0x6c, - 0x13, 0xf3, 0xcb, 0x35, 0xad, 0x3c, 0x45, 0xa9, 0xf2, 0x33, 0xf8, 0x31, 0x94, 0x24, 0x8f, 0x85, - 0x8f, 0xf6, 0x86, 0xc9, 0xa8, 0x79, 0xe5, 0x9c, 0xb4, 0x4e, 0x0c, 0xe7, 0xa6, 0x7c, 0xfd, 0x31, - 0x94, 0x12, 0x09, 0xf9, 0xdf, 0x4c, 0xf0, 0x66, 0x9e, 0xf3, 0x61, 0xdd, 0x81, 0xb2, 0x1e, 0x55, - 0x19, 0x51, 0x3f, 0x9d, 0x66, 0x77, 0x2a, 0xd0, 0x03, 0x6c, 0xc6, 0x3c, 0x1d, 0x60, 0xfd, 0x7d, - 0xb0, 0x06, 0xb5, 0xfc, 0x80, 0x9a, 0x7a, 0x1e, 0x17, 0xad, 0x62, 0x75, 0xe1, 0xb8, 0x68, 0x2d, - 0x54, 0x4b, 0xc7, 0x45, 0x6b, 0xb1, 0x6a, 0x1d, 0x17, 0xad, 0x4a, 0x75, 0xf9, 0xb8, 0x68, 0xd5, - 0xaa, 0xe4, 0xb8, 0x68, 0xad, 0x55, 0xd7, 0x9d, 0xef, 0x0b, 0x50, 0xbb, 0xd4, 0x09, 0xf2, 0x05, - 0x58, 0x18, 0x06, 0x11, 0x67, 0xa1, 0x4a, 0x77, 0xdb, 0xbd, 0xf1, 0xa8, 0xb1, 0x23, 0x7d, 0x11, - 0x9f, 0xed, 0x3b, 0x01, 0x46, 0x18, 0x06, 0x18, 0x2a, 0xa7, 0xf9, 0x82, 0xf6, 0x59, 0x40, 0x15, - 0xee, 0x3b, 0x21, 0xef, 0x73, 0x9f, 0xf6, 0x27, 0x66, 0x8e, 0x9b, 0x79, 0x20, 0xef, 0xc1, 0x22, - 0x8d, 0x98, 0x77, 0x8e, 0xc3, 0x74, 0x6b, 0x92, 0xf1, 0xa8, 0xb1, 0x92, 0x3a, 0xa3, 0xfd, 0x97, - 0x74, 0x28, 0x1d, 0xb7, 0x44, 0x23, 0xf6, 0x10, 0x87, 0xce, 0xdf, 0x73, 0x00, 0xd3, 0x59, 0xbe, - 0xe1, 0x48, 0xf6, 0x00, 0x38, 0x8d, 0xd5, 0xb3, 0x53, 0x7e, 0x8e, 0xe1, 0x35, 0xc1, 0xe4, 0x28, - 0x52, 0x07, 0x8b, 0x85, 0x12, 0xfd, 0x58, 0x24, 0x25, 0xb7, 0xdc, 0x6c, 0x4d, 0xbe, 0x81, 0xba, - 0x48, 0x2b, 0xe7, 0x09, 0x7e, 0xc6, 0x95, 0xe7, 0x0b, 0xd4, 0xf1, 0x30, 0xda, 0x97, 0x76, 0xf1, - 0xc2, 0x7c, 0x4c, 0xd3, 0x6a, 0xb9, 0x1a, 0x6e, 0xfb, 0x3e, 0x8f, 0x43, 0xe5, 0xda, 0x13, 0x1f, - 0x46, 0xda, 0x99, 0x7a, 0xa8, 0x3f, 0x81, 0x4a, 0x9e, 0xd4, 0xb1, 0xc4, 0x12, 0x85, 0x69, 0x7f, - 0x32, 0x35, 0xd9, 0x9a, 0xb4, 0xc0, 0x8a, 0xa8, 0x94, 0x2f, 0xb9, 0x08, 0xae, 0xc9, 0x2c, 0x63, - 0x1c, 0x84, 0xa5, 0xdc, 0x76, 0x25, 0xfb, 0x97, 0x0a, 0xbd, 0x39, 0x1e, 0x35, 0xea, 0x6f, 0x54, - 0xd6, 0x7c, 0x89, 0xe6, 0x66, 0x4b, 0xe4, 0xfc, 0x52, 0x80, 0x95, 0xd9, 0xf3, 0xef, 0xad, 0x7e, - 0xd5, 0x81, 0xe5, 0x9e, 0x88, 0x7c, 0x2f, 0x73, 0x30, 0xff, 0x46, 0x0e, 0x2a, 0xda, 0xe8, 0x68, - 0xe2, 0xe4, 0x1e, 0xac, 0x87, 0xf1, 0xc0, 0xf3, 0x79, 0xe8, 0xc7, 0x42, 0x60, 0xa8, 0x3c, 0xe9, - 0xd3, 0x50, 0x9a, 0xd8, 0x17, 0x5c, 0x12, 0xc6, 0x83, 0x4e, 0xa6, 0x3a, 0xd1, 0x1a, 0xe7, 0xf7, - 0x02, 0x54, 0xf2, 0x07, 0xf2, 0x0d, 0xcf, 0xe5, 0xfb, 0xb9, 0xbe, 0x26, 0xbd, 0xdb, 0x18, 0x8f, - 0x1a, 0xb5, 0x4b, 0xde, 0xae, 0x68, 0xf7, 0xfc, 0xbf, 0xb7, 0x7b, 0xa6, 0x47, 0xc5, 0x0b, 0x3d, - 0xfa, 0x69, 0x01, 0xca, 0xd9, 0xad, 0x40, 0x1a, 0xb0, 0x94, 0x0d, 0x75, 0x76, 0x3a, 0xc1, 0x44, - 0xd4, 0x0d, 0xc8, 0x47, 0xb0, 0x4c, 0x7d, 0x1f, 0xa5, 0xd4, 0x5b, 0x5a, 0x23, 0x57, 0x8f, 0xdb, - 0x52, 0x02, 0x3e, 0x44, 0x6d, 0xf7, 0x19, 0xd4, 0x24, 0xfa, 0x02, 0x95, 0x37, 0x35, 0xbf, 0x26, - 0xf6, 0xd5, 0x04, 0x6e, 0x4f, 0x3c, 0x90, 0xff, 0x40, 0x49, 0x47, 0xc1, 0x43, 0x93, 0x40, 0xd9, - 0x4d, 0x57, 0xa4, 0x05, 0x8b, 0xb1, 0x44, 0x8f, 0xd1, 0x81, 0xbd, 0xa0, 0x33, 0xbb, 0xaa, 0x78, - 0xa5, 0x58, 0x62, 0x97, 0x0e, 0x66, 0x7a, 0x57, 0x7a, 0xeb, 0xde, 0xdd, 0x85, 0x55, 0xfd, 0x77, - 0x2a, 0x65, 0x3c, 0x40, 0x4f, 0xf0, 0x3e, 0xda, 0x8b, 0xc9, 0x85, 0x15, 0x4b, 0x6c, 0x1b, 0xa9, - 0xcb, 0xfb, 0x48, 0xb6, 0x60, 0x25, 0xc7, 0xe8, 0xb2, 0x59, 0x26, 0x8b, 0x0a, 0xcd, 0x98, 0x6e, - 0x40, 0xee, 0xc3, 0xed, 0x3c, 0x85, 0xaf, 0x94, 0xee, 0x77, 0x5f, 0xe3, 0x65, 0x83, 0xaf, 0x4f, - 0xf1, 0xa3, 0x54, 0xd9, 0x0d, 0xc8, 0x09, 0x10, 0x7d, 0x62, 0x71, 0xc1, 0xbe, 0x33, 0x37, 0x80, - 0x17, 0x50, 0x45, 0xd3, 0x37, 0xc2, 0xd6, 0xe5, 0x9b, 0xbf, 0xd5, 0xce, 0xc3, 0x87, 0x54, 0x51, - 0xb7, 0x46, 0x2f, 0x8a, 0xea, 0x3f, 0x16, 0xa0, 0x76, 0x09, 0xbc, 0xc9, 0x33, 0x88, 0x7c, 0x02, - 0x80, 0xaf, 0x22, 0x26, 0x50, 0x7a, 0x34, 0xd9, 0xca, 0xfa, 0x85, 0x90, 0xbc, 0x32, 0x5a, 0x93, - 0xa7, 0x61, 0xeb, 0x74, 0xf2, 0x34, 0x74, 0xcb, 0x29, 0xdd, 0x56, 0xce, 0xcf, 0x05, 0xa8, 0xe4, - 0x9f, 0x27, 0x37, 0xbc, 0x23, 0x3f, 0x85, 0x55, 0x89, 0xe2, 0x05, 0xf3, 0x51, 0x0f, 0xab, 0x3e, - 0x7c, 0xaf, 0x49, 0x68, 0x25, 0x45, 0x27, 0xc7, 0xb4, 0x0d, 0x8b, 0x91, 0xe0, 0xdf, 0xa2, 0x9f, - 0x1e, 0x4f, 0xee, 0x64, 0xf9, 0xee, 0x03, 0xb0, 0xaf, 0x7a, 0x4d, 0x92, 0x0a, 0x58, 0xee, 0xd1, - 0x83, 0xee, 0xc9, 0xa9, 0xfb, 0xb8, 0x7a, 0x8b, 0x2c, 0xc1, 0xe2, 0x49, 0xa7, 0xfd, 0xe8, 0xd1, - 0x91, 0x5b, 0x2d, 0x90, 0x2a, 0x54, 0x1e, 0x7d, 0x75, 0x78, 0xe4, 0x4d, 0x24, 0x73, 0x07, 0x1f, - 0xfe, 0xfa, 0x7a, 0xb3, 0xf0, 0xdb, 0xeb, 0xcd, 0xc2, 0x1f, 0xaf, 0x37, 0x0b, 0x3f, 0xfc, 0xb9, - 0x79, 0x0b, 0xfe, 0xcb, 0x78, 0x4b, 0x2a, 0xea, 0x9f, 0x0b, 0xfe, 0x2a, 0xa9, 0xdd, 0xa4, 0xef, - 0x4f, 0x26, 0x6f, 0xf1, 0xb3, 0x92, 0x91, 0x7f, 0xf0, 0x4f, 0x00, 0x00, 0x00, 0xff, 0xff, 0xcb, - 0x3d, 0xb5, 0x49, 0xbe, 0x0b, 0x00, 0x00, + // 1245 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x96, 0x4f, 0x6f, 0xdb, 0xc6, + 0x12, 0xc0, 0x23, 0x5b, 0x96, 0xa8, 0xb1, 0x6c, 0x4b, 0x6b, 0x3b, 0xe1, 0x13, 0xf2, 0x2c, 0x3d, + 0xc2, 0x08, 0xfc, 0xde, 0x33, 0xe4, 0xd4, 0x69, 0x8a, 0xd6, 0x05, 0x0a, 0xc8, 0xb2, 0x91, 0xca, + 0x69, 0xdd, 0x96, 0xf6, 0xa5, 0x39, 0x94, 0x58, 0x93, 0x13, 0x85, 0x35, 0xc5, 0x65, 0x76, 0x97, + 0x49, 0x94, 0x7b, 0xaf, 0x3d, 0x17, 0xfd, 0x16, 0x45, 0x3f, 0x42, 0x2f, 0x3d, 0xf6, 0x5e, 0x40, + 0x28, 0x52, 0xa0, 0x1f, 0x40, 0x9f, 0xa0, 0xd8, 0x25, 0x45, 0x51, 0x36, 0xec, 0x06, 0x88, 0x6f, + 0xda, 0x99, 0xdf, 0x0e, 0xe7, 0xdf, 0x8e, 0x06, 0x9a, 0x42, 0x32, 0x4e, 0xfb, 0xb8, 0xe3, 0x0f, + 0x68, 0x1f, 0x1d, 0x3f, 0x94, 0xd8, 0xe7, 0x54, 0xfa, 0x2c, 0x6c, 0x47, 0x9c, 0x49, 0x46, 0xca, + 0x29, 0xd0, 0x58, 0xeb, 0xb3, 0x3e, 0xd3, 0xb2, 0x1d, 0xf5, 0x2b, 0x51, 0x37, 0x9a, 0x7d, 0xc6, + 0xfa, 0x01, 0xee, 0xe8, 0xd3, 0x59, 0xfc, 0x74, 0x47, 0xfa, 0x03, 0x14, 0x92, 0x0e, 0xa2, 0x04, + 0xb0, 0xbe, 0x2b, 0x43, 0xad, 0xa7, 0x6c, 0xf7, 0xa6, 0xa6, 0xc9, 0x5d, 0x98, 0xf3, 0x3d, 0xb3, + 0xd0, 0x2a, 0x6c, 0x55, 0xf6, 0xab, 0xe3, 0x51, 0xd3, 0x10, 0xcf, 0x83, 0x3d, 0x2b, 0x3a, 0xb7, + 0xec, 0x39, 0xdf, 0x23, 0x9b, 0x50, 0x0c, 0xe9, 0x00, 0xcd, 0x39, 0xad, 0xaf, 0x8d, 0x47, 0xcd, + 0xaa, 0xd6, 0xc7, 0xa1, 0xff, 0x3c, 0x46, 0xcb, 0xd6, 0x5a, 0x42, 0xa0, 0x28, 0x87, 0x11, 0x9a, + 0xf3, 0x8a, 0xb2, 0xf5, 0x6f, 0xd2, 0x01, 0x70, 0xa9, 0xc4, 0x3e, 0xe3, 0x3e, 0x0a, 0xb3, 0xd4, + 0x9a, 0xdf, 0x5a, 0xde, 0xfd, 0x4f, 0x3b, 0x8d, 0xa0, 0x7d, 0xd1, 0x8d, 0x6e, 0x82, 0x0e, 0xed, + 0xdc, 0x25, 0xf2, 0x10, 0x0c, 0x37, 0xa0, 0x3e, 0xf7, 0x9f, 0x0e, 0x4d, 0xa3, 0x55, 0xd8, 0x5a, + 0xdc, 0xbd, 0x93, 0x19, 0xe8, 0xa6, 0x8a, 0x2e, 0x0b, 0x9f, 0xfa, 0xfd, 0x4f, 0x6f, 0xd9, 0x19, + 0x4a, 0x76, 0xa0, 0xe4, 0x31, 0xf7, 0x1c, 0xb9, 0x59, 0xd1, 0x97, 0xd6, 0xb3, 0x4b, 0x07, 0x5a, + 0x9c, 0x5d, 0x49, 0x31, 0xf2, 0x5f, 0x28, 0x3e, 0x8f, 0xe9, 0xd0, 0x04, 0x8d, 0xaf, 0x66, 0xf8, + 0x57, 0x31, 0x9d, 0xda, 0xd7, 0x08, 0xb9, 0x07, 0xf3, 0xe8, 0x72, 0x73, 0x51, 0x93, 0x24, 0x23, + 0x0f, 0xbb, 0x76, 0x06, 0x2a, 0x40, 0xf9, 0x90, 0x54, 0xc3, 0x5c, 0xba, 0xe0, 0xc3, 0x23, 0x2d, + 0x9e, 0xfa, 0x90, 0x60, 0x64, 0x1b, 0x16, 0x74, 0x00, 0xe6, 0xb2, 0xe6, 0xd7, 0x66, 0x03, 0xcd, + 0xf0, 0x04, 0x22, 0x6d, 0x98, 0xf7, 0xcf, 0x06, 0xe6, 0x9a, 0x66, 0x1b, 0xd3, 0xac, 0xee, 0x7f, + 0x6e, 0x63, 0xdf, 0x17, 0x92, 0x4f, 0xfd, 0x56, 0x20, 0xd9, 0x84, 0x25, 0x1a, 0x4b, 0xd6, 0xc7, + 0x10, 0x39, 0x95, 0xe8, 0x99, 0x2b, 0xad, 0xc2, 0x96, 0x61, 0xcf, 0x0a, 0x49, 0x17, 0xc0, 0x0d, + 0x62, 0x21, 0x91, 0x3b, 0xbe, 0x67, 0xd6, 0x74, 0xc9, 0x37, 0xc7, 0xa3, 0x66, 0x4b, 0x20, 0xe5, + 0xee, 0xb3, 0x3d, 0xab, 0x9b, 0x68, 0x5b, 0xbd, 0x83, 0xed, 0x67, 0xbe, 0xe7, 0x61, 0xb8, 0xad, + 0xbe, 0x8c, 0x96, 0x5d, 0x49, 0xef, 0xf5, 0x3c, 0xb2, 0x0b, 0xeb, 0xe2, 0xdc, 0x8f, 0x1c, 0x89, + 0x42, 0xe6, 0x7b, 0xd8, 0x24, 0xfa, 0x93, 0xab, 0x4a, 0x79, 0x8a, 0x42, 0xe6, 0x7b, 0xf0, 0x43, + 0x28, 0x09, 0x16, 0x73, 0x17, 0xcd, 0x75, 0x1d, 0x51, 0xeb, 0xca, 0x3e, 0x69, 0x9f, 0x68, 0xce, + 0x4e, 0xf9, 0xc6, 0x6b, 0x28, 0x25, 0x12, 0xf2, 0xef, 0x19, 0xe7, 0x75, 0x3f, 0xe7, 0xdd, 0xba, + 0x0b, 0x15, 0xd5, 0xaa, 0x22, 0xa2, 0x6e, 0xda, 0xcd, 0xf6, 0x54, 0x40, 0x1e, 0xc0, 0xed, 0xe4, + 0xd1, 0x45, 0x71, 0x10, 0x38, 0x02, 0x5d, 0x8e, 0xd2, 0xd1, 0x8d, 0x9f, 0xb4, 0xf4, 0xaa, 0xd6, + 0x7e, 0x19, 0x07, 0xc1, 0x89, 0xd6, 0x1d, 0xd3, 0x01, 0xee, 0xaf, 0x42, 0x3d, 0xdf, 0xc1, 0x3a, + 0xe1, 0x47, 0x45, 0xa3, 0x58, 0x5b, 0x38, 0x2a, 0x1a, 0x0b, 0xb5, 0xd2, 0x51, 0xd1, 0x28, 0xd7, + 0x8c, 0xa3, 0xa2, 0x51, 0xad, 0x2d, 0x1d, 0x15, 0x8d, 0x7a, 0x8d, 0x1c, 0x15, 0x8d, 0xd5, 0xda, + 0x9a, 0xf5, 0x7d, 0x01, 0xea, 0x97, 0x4a, 0x45, 0x3e, 0x03, 0x03, 0x43, 0x2f, 0x62, 0x7e, 0x28, + 0xd3, 0xe7, 0x78, 0x7f, 0x3c, 0x6a, 0x6e, 0x0b, 0x97, 0xc7, 0x67, 0x7b, 0x96, 0x87, 0x11, 0x86, + 0x1e, 0x86, 0xd2, 0x6a, 0xbd, 0xa0, 0x81, 0xef, 0x51, 0x89, 0x7b, 0x56, 0xc8, 0x02, 0xe6, 0xd2, + 0x60, 0x72, 0xcd, 0xb2, 0x33, 0x0b, 0xe4, 0xff, 0x50, 0xa6, 0x91, 0xef, 0x9c, 0xe3, 0x30, 0x7d, + 0xbb, 0x64, 0x3c, 0x6a, 0x2e, 0xa7, 0xc6, 0x68, 0xf0, 0x92, 0x0e, 0x85, 0x65, 0x97, 0x68, 0xe4, + 0x3f, 0xc6, 0xa1, 0xf5, 0xd7, 0x1c, 0xc0, 0xb4, 0xd9, 0x6f, 0xd8, 0x93, 0x5d, 0x00, 0x46, 0x63, + 0xf9, 0xec, 0x94, 0x9d, 0x63, 0x78, 0x8d, 0x33, 0x39, 0x8a, 0x34, 0xc0, 0xf0, 0x43, 0x81, 0x6e, + 0xcc, 0x93, 0x0a, 0x18, 0x76, 0x76, 0x26, 0xdf, 0x40, 0x83, 0xa7, 0x99, 0x73, 0x38, 0x3b, 0x63, + 0xd2, 0x71, 0x39, 0x2a, 0x7f, 0x7c, 0x1a, 0x08, 0xb3, 0x78, 0xa1, 0x81, 0xa6, 0x61, 0xb5, 0x6d, + 0x05, 0x77, 0x5c, 0x97, 0xc5, 0xa1, 0xb4, 0xcd, 0x89, 0x0d, 0x2d, 0xed, 0x4e, 0x2d, 0x34, 0x9e, + 0x40, 0x35, 0x4f, 0x2a, 0x5f, 0x62, 0x81, 0x5c, 0x77, 0x43, 0xd2, 0x56, 0xd9, 0x99, 0xb4, 0xc1, + 0x88, 0xa8, 0x10, 0x2f, 0x19, 0xf7, 0xae, 0x89, 0x2c, 0x63, 0x2c, 0x84, 0xc5, 0xdc, 0x7b, 0x26, + 0x7b, 0x97, 0x12, 0xbd, 0x31, 0x1e, 0x35, 0x1b, 0x6f, 0x95, 0xd6, 0x7c, 0x8a, 0xe6, 0x66, 0x53, + 0x64, 0xfd, 0x52, 0x80, 0xe5, 0xd9, 0x01, 0xf9, 0x4e, 0x9f, 0xea, 0xc2, 0x52, 0x9f, 0x47, 0xae, + 0x93, 0x19, 0x98, 0x7f, 0x2b, 0x03, 0x55, 0x75, 0xe9, 0x70, 0x62, 0xe4, 0x3e, 0xac, 0x85, 0xf1, + 0xc0, 0x71, 0x59, 0xe8, 0xc6, 0x9c, 0x63, 0x28, 0x1d, 0xe1, 0xd2, 0x50, 0x68, 0xdf, 0x17, 0x6c, + 0x12, 0xc6, 0x83, 0x6e, 0xa6, 0x3a, 0x51, 0x1a, 0xeb, 0xf7, 0x02, 0x54, 0xf3, 0x13, 0xfb, 0x86, + 0xfb, 0xf2, 0xbd, 0x5c, 0x5d, 0x93, 0xda, 0xad, 0x8f, 0x47, 0xcd, 0xfa, 0x25, 0x6b, 0x57, 0x94, + 0x7b, 0xfe, 0x9f, 0xcb, 0x3d, 0x53, 0xa3, 0xe2, 0x85, 0x1a, 0xfd, 0xb4, 0x00, 0x95, 0xec, 0x6f, + 0x83, 0x34, 0x61, 0x31, 0x6b, 0xea, 0x6c, 0x7c, 0xc1, 0x44, 0xd4, 0xf3, 0xc8, 0x07, 0xb0, 0x44, + 0x5d, 0x17, 0x85, 0x50, 0x4f, 0x5a, 0x21, 0x57, 0xb7, 0xdb, 0x62, 0x02, 0x3e, 0x46, 0x75, 0xef, + 0x13, 0xa8, 0xa7, 0xe3, 0x6c, 0x7a, 0xfd, 0x1a, 0xdf, 0x57, 0x12, 0xb8, 0x33, 0xb1, 0x40, 0x6e, + 0x43, 0x49, 0x79, 0xc1, 0x42, 0x1d, 0x40, 0xc5, 0x4e, 0x4f, 0xa4, 0x0d, 0xe5, 0x58, 0xa0, 0xe3, + 0xd3, 0x81, 0xb9, 0xa0, 0x22, 0xbb, 0x2a, 0x79, 0xa5, 0x58, 0x60, 0x8f, 0x0e, 0x66, 0x6a, 0x57, + 0x7a, 0xe7, 0xda, 0xdd, 0x83, 0x15, 0xf5, 0x75, 0x2a, 0x44, 0x3c, 0x40, 0x87, 0xb3, 0x00, 0xcd, + 0x72, 0xf2, 0x8f, 0x16, 0x0b, 0xec, 0x68, 0xa9, 0xcd, 0x02, 0x24, 0x9b, 0xb0, 0x9c, 0x63, 0x54, + 0xda, 0x0c, 0x1d, 0x45, 0x95, 0x66, 0x4c, 0xcf, 0x23, 0x0f, 0xe1, 0x4e, 0x9e, 0xc2, 0x57, 0x52, + 0xd5, 0x3b, 0x50, 0x78, 0x45, 0xe3, 0x6b, 0x53, 0xfc, 0x30, 0x55, 0xf6, 0x3c, 0x72, 0x02, 0x44, + 0x4d, 0x2c, 0xc6, 0xfd, 0xd7, 0xfa, 0x1f, 0xc0, 0xf1, 0xa8, 0xa4, 0xe9, 0x12, 0xb1, 0x79, 0x79, + 0x35, 0x68, 0x77, 0xf2, 0xf0, 0x01, 0x95, 0xd4, 0xae, 0xd3, 0x8b, 0xa2, 0xc6, 0x8f, 0x05, 0xa8, + 0x5f, 0x02, 0x6f, 0x72, 0x06, 0x91, 0x8f, 0x00, 0xf0, 0x55, 0xe4, 0x73, 0x14, 0x0e, 0x4d, 0x9e, + 0xb2, 0x5a, 0x21, 0x92, 0x35, 0xa4, 0x3d, 0xd9, 0x1d, 0xdb, 0xa7, 0x93, 0xdd, 0xd1, 0xae, 0xa4, + 0x74, 0x47, 0x5a, 0x3f, 0x17, 0xa0, 0x9a, 0xdf, 0x5f, 0x6e, 0xf8, 0x45, 0x7e, 0x0c, 0x2b, 0x02, + 0xf9, 0x0b, 0xdf, 0x45, 0xd5, 0xac, 0x6a, 0xf8, 0x5e, 0x13, 0xd0, 0x72, 0x8a, 0x4e, 0xc6, 0xb4, + 0x09, 0xe5, 0x88, 0xb3, 0x6f, 0xd1, 0x4d, 0xc7, 0x93, 0x3d, 0x39, 0xfe, 0xef, 0x11, 0x98, 0x57, + 0xad, 0x9b, 0xa4, 0x0a, 0x86, 0x7d, 0xf8, 0xa8, 0x77, 0x72, 0x6a, 0x7f, 0x5d, 0xbb, 0x45, 0x16, + 0xa1, 0x7c, 0xd2, 0xed, 0x1c, 0x1f, 0x1f, 0xda, 0xb5, 0x02, 0xa9, 0x41, 0xf5, 0xf8, 0x8b, 0x83, + 0x43, 0x67, 0x22, 0x99, 0xdb, 0x7f, 0xff, 0xd7, 0x37, 0x1b, 0x85, 0xdf, 0xde, 0x6c, 0x14, 0xfe, + 0x78, 0xb3, 0x51, 0xf8, 0xe1, 0xcf, 0x8d, 0x5b, 0xf0, 0x2f, 0x9f, 0xb5, 0x85, 0xa4, 0xee, 0x39, + 0x67, 0xaf, 0x92, 0xdc, 0x4d, 0xea, 0xfe, 0x64, 0xb2, 0xac, 0x9f, 0x95, 0xb4, 0xfc, 0xc1, 0xdf, + 0x01, 0x00, 0x00, 0xff, 0xff, 0xe0, 0xe9, 0x85, 0xd8, 0xdf, 0x0b, 0x00, 0x00, } func (m *ImageIntegration) Marshal() (dAtA []byte, err error) { @@ -1580,10 +1581,10 @@ func (m *ImageIntegration_Source) MarshalToSizedBuffer(dAtA []byte) (int, error) i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Name) > 0 { - i -= len(m.Name) - copy(dAtA[i:], m.Name) - i = encodeVarintImageIntegration(dAtA, i, uint64(len(m.Name))) + if len(m.ImagePullSecretName) > 0 { + i -= len(m.ImagePullSecretName) + copy(dAtA[i:], m.ImagePullSecretName) + i = encodeVarintImageIntegration(dAtA, i, uint64(len(m.ImagePullSecretName))) i-- dAtA[i] = 0x1a } @@ -2263,7 +2264,7 @@ func (m *ImageIntegration_Source) Size() (n int) { if l > 0 { n += 1 + l + sovImageIntegration(uint64(l)) } - l = len(m.Name) + l = len(m.ImagePullSecretName) if l > 0 { n += 1 + l + sovImageIntegration(uint64(l)) } @@ -3177,7 +3178,7 @@ func (m *ImageIntegration_Source) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ImagePullSecretName", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -3205,7 +3206,7 @@ func (m *ImageIntegration_Source) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Name = string(dAtA[iNdEx:postIndex]) + m.ImagePullSecretName = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex diff --git a/pkg/images/enricher/enricher_impl.go b/pkg/images/enricher/enricher_impl.go index c3cb1e2a20fb5..97c3faa82eb95 100644 --- a/pkg/images/enricher/enricher_impl.go +++ b/pkg/images/enricher/enricher_impl.go @@ -661,25 +661,7 @@ func (e *enricherImpl) getRegistriesForContext(ctx EnrichmentContext) ([]registr if ctx.Source == nil { return registries, nil } - filteredRegistries := registries[:0] - for _, registry := range registries { - integration := registry.Source() - if !integration.GetAutogenerated() { - filteredRegistries = append(filteredRegistries, registry) - continue - } - source := integration.GetSource() - if source.GetClusterId() != ctx.Source.ClusterID { - continue - } - if source.GetNamespace() != ctx.Source.Namespace { - continue - } - if !ctx.Source.ImagePullSecrets.Contains(source.GetName()) { - continue - } - filteredRegistries = append(filteredRegistries, registry) - } + filterRegistriesBySource(ctx.Source, registries) } if len(registries) == 0 { @@ -689,6 +671,32 @@ func (e *enricherImpl) getRegistriesForContext(ctx EnrichmentContext) ([]registr return registries, nil } +// filterRegistriesBySource will filter the registries based on the following conditions: +// 1. If the registry is autogenerated +// 2. If the integration's source matches with the EnrichmentContext.Source +// Note that this function WILL modify the input array. +func filterRegistriesBySource(requestSource *RequestSource, registries []registryTypes.ImageRegistry) { + filteredRegistries := registries[:0] + for _, registry := range registries { + integration := registry.Source() + if !integration.GetAutogenerated() { + filteredRegistries = append(filteredRegistries, registry) + continue + } + source := integration.GetSource() + if source.GetClusterId() != requestSource.ClusterID { + continue + } + if source.GetNamespace() != requestSource.Namespace { + continue + } + if !requestSource.ImagePullSecrets.Contains(source.GetImagePullSecretName()) { + continue + } + filteredRegistries = append(filteredRegistries, registry) + } +} + func getMatchingRegistries(registries []registryTypes.ImageRegistry, image *storage.Image) ([]registryTypes.ImageRegistry, error) { var matchingRegistries []registryTypes.ImageRegistry diff --git a/proto/api/v1/image_service.proto b/proto/api/v1/image_service.proto index eb15c27c7569a..79ec0a0ead512 100644 --- a/proto/api/v1/image_service.proto +++ b/proto/api/v1/image_service.proto @@ -34,12 +34,16 @@ message ScanImageRequest { } message ScanImageInternalRequest { + message Source { + string cluster_id = 1; + string namespace = 2; + repeated string image_pull_secrets = 3; + } + storage.ContainerImage image = 1; - reserved 2; + reserved 2; bool cached_only = 3; - string cluster_id = 4; - string namespace = 5; - repeated string image_pull_secrets = 6; + Source source = 4; } message ScanImageInternalResponse { diff --git a/proto/storage/image_integration.proto b/proto/storage/image_integration.proto index c5d68be47d634..23e00063b7bb8 100644 --- a/proto/storage/image_integration.proto +++ b/proto/storage/image_integration.proto @@ -37,9 +37,9 @@ message ImageIntegration { reserved 19; // Previously, scannerv2 message Source { - string cluster_id = 1; - string namespace = 2; - string name = 3; + string cluster_id = 1; + string namespace = 2; + string image_pull_secret_name = 3; } Source source = 21; } diff --git a/sensor/common/detector/enricher.go b/sensor/common/detector/enricher.go index 55847daf1509c..f7c0c53ca255f 100644 --- a/sensor/common/detector/enricher.go +++ b/sensor/common/detector/enricher.go @@ -61,10 +61,12 @@ func scanImage(ctx context.Context, svc v1.ImageServiceClient, req *scanImageReq defer cancel() return svc.ScanImageInternal(ctx, &v1.ScanImageInternalRequest{ - Image: req.containerImage, - ClusterId: req.clusterID, - Namespace: req.namespace, - ImagePullSecrets: req.pullSecrets, + Image: req.containerImage, + Source: &v1.ScanImageInternalRequest_Source{ + ClusterId: req.clusterID, + Namespace: req.namespace, + ImagePullSecrets: req.pullSecrets, + }, }) } diff --git a/sensor/kubernetes/listener/resources/secrets.go b/sensor/kubernetes/listener/resources/secrets.go index 71156cb2b3cea..a2a1bc462227d 100644 --- a/sensor/kubernetes/listener/resources/secrets.go +++ b/sensor/kubernetes/listener/resources/secrets.go @@ -169,14 +169,14 @@ func DockerConfigToImageIntegration(secret *v1.Secret, registry string, dce conf }, Autogenerated: true, Source: &storage.ImageIntegration_Source{ - ClusterId: clusterid.Get(), - Namespace: secret.GetNamespace(), - Name: secret.GetName(), + ClusterId: clusterid.Get(), + Namespace: secret.GetNamespace(), + ImagePullSecretName: secret.GetName(), }, }, nil } -func getDockerConfigFromSecret(secret *v1.Secret) *config.DockerConfig { +func getDockerConfigFromSecret(secret *v1.Secret) config.DockerConfig { var dockerConfig config.DockerConfig switch secret.Type { case v1.SecretTypeDockercfg: @@ -203,18 +203,17 @@ func getDockerConfigFromSecret(secret *v1.Secret) *config.DockerConfig { _ = utils.Should(errors.New("only Docker Config secrets are allowed")) return nil } - return &dockerConfig + return dockerConfig } func imageIntegationIDSetFromSecret(secret *v1.Secret) (set.StringSet, error) { if secret == nil { return nil, nil } - dockerConfigPtr := getDockerConfigFromSecret(secret) - if dockerConfigPtr == nil { + dockerConfig := getDockerConfigFromSecret(secret) + if len(dockerConfig) == 0 { return nil, nil } - dockerConfig := *dockerConfigPtr imageIntegrationIDSet := set.NewStringSet() for reg := range dockerConfig { id, err := deriveIDFromSecret(secret, reg) @@ -227,11 +226,10 @@ func imageIntegationIDSetFromSecret(secret *v1.Secret) (set.StringSet, error) { } func (s *secretDispatcher) processDockerConfigEvent(secret, oldSecret *v1.Secret, action central.ResourceAction) []*central.SensorEvent { - dockerConfigPtr := getDockerConfigFromSecret(secret) - if dockerConfigPtr == nil { + dockerConfig := getDockerConfigFromSecret(secret) + if len(dockerConfig) == 0 { return nil } - dockerConfig := *dockerConfigPtr sensorEvents := make([]*central.SensorEvent, 0, len(dockerConfig)+1) registries := make([]*storage.ImagePullSecret_Registry, 0, len(dockerConfig)) From 9048c66fbb00e8856969422b369b1f8792bd9849 Mon Sep 17 00:00:00 2001 From: Daniel Haus Date: Tue, 18 Oct 2022 06:45:05 +0200 Subject: [PATCH 5/5] Address review comments. --- .../pipeline/imageintegrations/pipeline.go | 29 ++++++++++++------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/central/sensor/service/pipeline/imageintegrations/pipeline.go b/central/sensor/service/pipeline/imageintegrations/pipeline.go index 933640a1bfab3..63b74ba978c52 100644 --- a/central/sensor/service/pipeline/imageintegrations/pipeline.go +++ b/central/sensor/service/pipeline/imageintegrations/pipeline.go @@ -173,8 +173,10 @@ func setUpIntegrationParams(ctx context.Context, imageIntegration *storage.Image validTLS, tlsErr := tlscheck.CheckTLS(ctx, dockerCfg.GetEndpoint()) if tlsErr != nil { log.Debugf("reaching out for TLS check to %s: %v", dockerCfg.GetEndpoint(), err) - // Assume TLS is true - validTLS = true + // Not enough evidence that we can skip TLS, so conservatively require it. + dockerCfg.Insecure = false + } else { + dockerCfg.Insecure = !validTLS } dockerCfg.Insecure = !validTLS dockerCfg.Endpoint = parseEndpointForURL(dockerCfg.GetEndpoint()) @@ -274,12 +276,17 @@ func (s *pipelineImpl) Run(ctx context.Context, clusterID string, msg *central.M imageIntegration.Name = fmt.Sprintf("Autogenerated %s for cluster %s from %s/%s", description, clusterName, source.GetNamespace(), source.GetImagePullSecretName()) - requiresShortCircuit, err := s.upsertImageIntegration(ctx, imageIntegration) + integrationExisted, err := s.upsertImageIntegration(ctx, imageIntegration) if err != nil { return err } - if requiresShortCircuit { + // Currently, we will only trigger a reprocess of deployments when an image integration is newly added instead of + // updated. Reasoning behind this is that we currently do not have a way of scoping a reprocessing to specific + // deployments based on properties (i.e. deployments from the same cluster, deployments using a specific image + // integration). This combined with the frequent updates of image integrations on OpenShift and the fact that + // deployments will be reprocessed in ~1hr, we will skip reprocessing on updates for now. + if !integrationExisted { s.enrichAndDetectLoop.ShortCircuit() } @@ -288,17 +295,19 @@ func (s *pipelineImpl) Run(ctx context.Context, clusterID string, msg *central.M func (s *pipelineImpl) OnFinish(_ string) {} -func (s *pipelineImpl) upsertImageIntegration(ctx context.Context, imageIntegration *storage.ImageIntegration) (bool, error) { - _, exists, err := s.datastore.GetImageIntegration(ctx, imageIntegration.GetId()) +// upsertImageIntegration will add the given image integration within the datastore. +// It will return any errors during the creation and whether the integration existed previously. +func (s *pipelineImpl) upsertImageIntegration(ctx context.Context, imageIntegration *storage.ImageIntegration) (existed bool, err error) { + _, existed, err = s.datastore.GetImageIntegration(ctx, imageIntegration.GetId()) if err != nil { - return exists, errors.Wrapf(err, "retrieving image integration %q", imageIntegration.GetId()) + return existed, errors.Wrapf(err, "retrieving image integration %q", imageIntegration.GetId()) } if _, err := s.datastore.AddImageIntegration(ctx, imageIntegration); err != nil { - return exists, errors.Wrapf(err, "adding image integration %q", imageIntegration.GetId()) + return existed, errors.Wrapf(err, "adding image integration %q", imageIntegration.GetId()) } if err := s.integrationManager.Upsert(imageIntegration); err != nil { - return exists, errors.Wrapf(err, "notifying of update for image integration %q", imageIntegration.GetId()) + return existed, errors.Wrapf(err, "notifying of update for image integration %q", imageIntegration.GetId()) } - return exists, nil + return existed, nil }