From 727c183bf6371efa463c8ff1ed29648e5264f99c Mon Sep 17 00:00:00 2001 From: RTann Date: Fri, 14 Jan 2022 08:19:36 -0800 Subject: [PATCH 001/103] for now --- .../listener/resources/registry_store.go | 46 ++++++++++++++++++ .../kubernetes/listener/resources/secrets.go | 48 +++++++++++++------ .../listener/resources/serviceaccount.go | 3 +- .../listener/resources/singleton.go | 11 +++++ 4 files changed, 91 insertions(+), 17 deletions(-) create mode 100644 sensor/kubernetes/listener/resources/registry_store.go diff --git a/sensor/kubernetes/listener/resources/registry_store.go b/sensor/kubernetes/listener/resources/registry_store.go new file mode 100644 index 0000000000000..3d362e0954fae --- /dev/null +++ b/sensor/kubernetes/listener/resources/registry_store.go @@ -0,0 +1,46 @@ +package resources + +import "github.com/stackrox/rox/pkg/sync" + +// RegistryStore stores cluster-internal registries by namespace. +type RegistryStore struct { + // store maps a namespace to the names of registries accessible from within the namespace. + // The registry maps to its credentials. + store map[string]map[string]dockerConfigEntry + + mutex sync.RWMutex +} + +// newRegistryStore creates a new registryStore. +func newRegistryStore() *RegistryStore { + return &RegistryStore{ + store: make(map[string]map[string]dockerConfigEntry), + } +} + +func (rs *RegistryStore) addOrUpdateRegistry(namespace, registry string, dce dockerConfigEntry) { + rs.mutex.Lock() + defer rs.mutex.Unlock() + + nsMap := rs.store[namespace] + if nsMap == nil { + nsMap = make(map[string]dockerConfigEntry) + rs.store[namespace] = nsMap + } + + nsMap[registry] = dce +} + +// getAllInNamespace returns all the registries+credentials within a given namespace. +func (rs *RegistryStore) getAllInNamespace(namespace string) map[string]dockerConfigEntry { + regs := make(map[string]dockerConfigEntry) + + rs.mutex.RLock() + rs.mutex.RUnlock() + + for reg, dce := range rs.store[namespace] { + regs[reg] = dce + } + + return regs +} diff --git a/sensor/kubernetes/listener/resources/secrets.go b/sensor/kubernetes/listener/resources/secrets.go index 2452b46081ead..b4315e3b75512 100644 --- a/sensor/kubernetes/listener/resources/secrets.go +++ b/sensor/kubernetes/listener/resources/secrets.go @@ -11,6 +11,7 @@ import ( "github.com/cloudflare/cfssl/certinfo" "github.com/stackrox/rox/generated/internalapi/central" "github.com/stackrox/rox/generated/storage" + "github.com/stackrox/rox/pkg/features" "github.com/stackrox/rox/pkg/protoconv" "github.com/stackrox/rox/pkg/registries/docker" "github.com/stackrox/rox/pkg/registries/rhel" @@ -20,7 +21,12 @@ import ( v1 "k8s.io/api/core/v1" ) -const redhatRegistryEndpoint = "registry.redhat.io" +const ( + redhatRegistryEndpoint = "registry.redhat.io" + + saAnnotation = "kubernetes.io/service-account.name" + defaultSA = "default" +) // The following types are copied from the Kubernetes codebase, // since it is not placed in any of the officially supported client @@ -187,11 +193,15 @@ func populateTypeData(secret *storage.Secret, dataFiles map[string][]byte) { } // secretDispatcher handles secret resource events. -type secretDispatcher struct{} +type secretDispatcher struct{ + regStore *RegistryStore +} // newSecretDispatcher creates and returns a new secret handler. -func newSecretDispatcher() *secretDispatcher { - return &secretDispatcher{} +func newSecretDispatcher(regStore *RegistryStore) *secretDispatcher { + return &secretDispatcher{ + regStore: regStore, + } } func dockerConfigToImageIntegration(registry string, dce dockerConfigEntry) *storage.ImageIntegration { @@ -200,11 +210,6 @@ func dockerConfigToImageIntegration(registry string, dce dockerConfigEntry) *sto registryType = rhel.RedHatRegistryType } - username, password := dce.Username, dce.Password - // TODO(ROX-8465): Determine which Service Account's token to use to replace the credentials. - // if features.LocalImageScanning.Enabled() { - // } - return &storage.ImageIntegration{ Id: uuid.NewV4().String(), Type: registryType, @@ -212,15 +217,15 @@ func dockerConfigToImageIntegration(registry string, dce dockerConfigEntry) *sto IntegrationConfig: &storage.ImageIntegration_Docker{ Docker: &storage.DockerConfig{ Endpoint: registry, - Username: username, - Password: password, + Username: dce.Username, + Password: dce.Password, }, }, Autogenerated: true, } } -func processDockerConfigEvent(secret *v1.Secret, action central.ResourceAction) []*central.SensorEvent { +func (s *secretDispatcher) processDockerConfigEvent(secret *v1.Secret, action central.ResourceAction) []*central.SensorEvent { var dockerConfig dockerConfig switch secret.Type { case v1.SecretTypeDockercfg: @@ -248,9 +253,22 @@ func processDockerConfigEvent(secret *v1.Secret, action central.ResourceAction) return nil } + // The default service account comes with credentials to the internal registry. + // Check the service account annotation to see if this configuration is from the + // default SA. + var fromDefaultSA bool + if secret.GetAnnotations()[saAnnotation] == defaultSA { + fromDefaultSA = true + } + sensorEvents := make([]*central.SensorEvent, 0, len(dockerConfig)+1) registries := make([]*storage.ImagePullSecret_Registry, 0, len(dockerConfig)) for registry, dce := range dockerConfig { + if features.LocalImageScanning.Enabled() { + if fromDefaultSA { + s.regStore.addOrUpdateRegistry(secret.GetNamespace(), registry, dce) + } + } ii := dockerConfigToImageIntegration(registry, dce) sensorEvents = append(sensorEvents, ¢ral.SensorEvent{ // Only update is supported at this time. @@ -302,14 +320,14 @@ func secretToSensorEvent(action central.ResourceAction, secret *storage.Secret) } // ProcessEvent processes a secret resource event, and returns the sensor events to emit in response. -func (*secretDispatcher) ProcessEvent(obj, _ interface{}, action central.ResourceAction) []*central.SensorEvent { +func (s *secretDispatcher) ProcessEvent(obj, _ interface{}, action central.ResourceAction) []*central.SensorEvent { secret := obj.(*v1.Secret) switch secret.Type { case v1.SecretTypeDockerConfigJson, v1.SecretTypeDockercfg: - return processDockerConfigEvent(secret, action) + return s.processDockerConfigEvent(secret, action) case v1.SecretTypeServiceAccountToken: - // Filter out service account tokens because we have a service account field. + // Filter out service account tokens because we have a service account processor. return nil } diff --git a/sensor/kubernetes/listener/resources/serviceaccount.go b/sensor/kubernetes/listener/resources/serviceaccount.go index a0643eeb71f7f..b85da097d45ba 100644 --- a/sensor/kubernetes/listener/resources/serviceaccount.go +++ b/sensor/kubernetes/listener/resources/serviceaccount.go @@ -15,9 +15,8 @@ func newServiceAccountDispatcher() *serviceAccountDispatcher { return &serviceAccountDispatcher{} } -// Process processes a service account resource event, and returns the sensor events to emit in response. +// ProcessEvent processes a service account resource event, and returns the sensor events to emit in response. func (*serviceAccountDispatcher) ProcessEvent(obj, _ interface{}, action central.ResourceAction) []*central.SensorEvent { - serviceAccount := obj.(*v1.ServiceAccount) var serviceAccountSecrets []string diff --git a/sensor/kubernetes/listener/resources/singleton.go b/sensor/kubernetes/listener/resources/singleton.go index f04348a28e0f9..484069cb0e42c 100644 --- a/sensor/kubernetes/listener/resources/singleton.go +++ b/sensor/kubernetes/listener/resources/singleton.go @@ -8,6 +8,9 @@ var ( psInit sync.Once podStore *PodStore + + rsInit sync.Once + regStore *RegistryStore ) // DeploymentStoreSingleton returns a singleton of the DeploymentStore @@ -25,3 +28,11 @@ func PodStoreSingleton() *PodStore { }) return podStore } + +// RegistryStoreSingleton returns a singleton of the RegistryStore. +func RegistryStoreSingleton() *RegistryStore { + rsInit.Do(func() { + regStore = newRegistryStore() + }) + return regStore +} From aea8089d0708aaa1016a5af6fad66175a491b446 Mon Sep 17 00:00:00 2001 From: RTann Date: Mon, 17 Jan 2022 16:39:01 -0800 Subject: [PATCH 002/103] updates --- .../listener/resources/registry_store.go | 1 + sensor/kubernetes/listener/resources/secrets.go | 16 +++++++--------- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/sensor/kubernetes/listener/resources/registry_store.go b/sensor/kubernetes/listener/resources/registry_store.go index 3d362e0954fae..1b565193b7b3c 100644 --- a/sensor/kubernetes/listener/resources/registry_store.go +++ b/sensor/kubernetes/listener/resources/registry_store.go @@ -38,6 +38,7 @@ func (rs *RegistryStore) getAllInNamespace(namespace string) map[string]dockerCo rs.mutex.RLock() rs.mutex.RUnlock() + // Copy the registry to configuration map. for reg, dce := range rs.store[namespace] { regs[reg] = dce } diff --git a/sensor/kubernetes/listener/resources/secrets.go b/sensor/kubernetes/listener/resources/secrets.go index b4315e3b75512..dd5b852ea9fdc 100644 --- a/sensor/kubernetes/listener/resources/secrets.go +++ b/sensor/kubernetes/listener/resources/secrets.go @@ -249,23 +249,21 @@ func (s *secretDispatcher) processDockerConfigEvent(secret *v1.Secret, action ce } dockerConfig = dockerConfigJSON.Auths default: - utils.Should(errors.New("only Docker Config secrets are allowed")) + _ = utils.Should(errors.New("only Docker Config secrets are allowed")) return nil } - // The default service account comes with credentials to the internal registry. - // Check the service account annotation to see if this configuration is from the - // default SA. - var fromDefaultSA bool - if secret.GetAnnotations()[saAnnotation] == defaultSA { - fromDefaultSA = true - } - sensorEvents := make([]*central.SensorEvent, 0, len(dockerConfig)+1) registries := make([]*storage.ImagePullSecret_Registry, 0, len(dockerConfig)) + // In Kubernetes, the `default` service account always exists in each namespace (it is recreated upon deletion). + // The default service account always contains an API token. + // In OpenShift, the default service account also contains credentials for the + // OpenShift Container Registry, which is an internal image registry. + fromDefaultSA := secret.GetAnnotations()[saAnnotation] == defaultSA for registry, dce := range dockerConfig { if features.LocalImageScanning.Enabled() { if fromDefaultSA { + // Store the registry credentials so Sensor can reach it. s.regStore.addOrUpdateRegistry(secret.GetNamespace(), registry, dce) } } From d0df329cbd2a47fd09f7be52dd081413d80ee1f3 Mon Sep 17 00:00:00 2001 From: RTann Date: Tue, 18 Jan 2022 09:22:09 -0800 Subject: [PATCH 003/103] simple test --- .../listener/resources/dispatcher.go | 3 +- .../listener/resources/registry_store_test.go | 35 +++++++++++++++++++ 2 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 sensor/kubernetes/listener/resources/registry_store_test.go diff --git a/sensor/kubernetes/listener/resources/dispatcher.go b/sensor/kubernetes/listener/resources/dispatcher.go index 6ca07a0672f2b..092f5e32948c0 100644 --- a/sensor/kubernetes/listener/resources/dispatcher.go +++ b/sensor/kubernetes/listener/resources/dispatcher.go @@ -61,6 +61,7 @@ func NewDispatcherRegistry(clusterID string, podLister v1Listers.PodLister, prof endpointManager := newEndpointManager(serviceStore, deploymentStore, podStore, nodeStore, entityStore) rbacUpdater := rbac.NewStore() portExposureReconciler := newPortExposureReconciler(deploymentStore, serviceStore) + registryStore := newRegistryStore() return ®istryImpl{ deploymentHandler: newDeploymentHandler(clusterID, serviceStore, deploymentStore, podStore, endpointManager, nsStore, @@ -70,7 +71,7 @@ func NewDispatcherRegistry(clusterID string, podLister v1Listers.PodLister, prof namespaceDispatcher: newNamespaceDispatcher(nsStore, serviceStore, deploymentStore, podStore), serviceDispatcher: newServiceDispatcher(serviceStore, deploymentStore, endpointManager, portExposureReconciler), osRouteDispatcher: newRouteDispatcher(serviceStore, portExposureReconciler), - secretDispatcher: newSecretDispatcher(), + secretDispatcher: newSecretDispatcher(registryStore), networkPolicyDispatcher: newNetworkPolicyDispatcher(), nodeDispatcher: newNodeDispatcher(serviceStore, deploymentStore, nodeStore, endpointManager), serviceAccountDispatcher: newServiceAccountDispatcher(), diff --git a/sensor/kubernetes/listener/resources/registry_store_test.go b/sensor/kubernetes/listener/resources/registry_store_test.go new file mode 100644 index 0000000000000..3f72399d92382 --- /dev/null +++ b/sensor/kubernetes/listener/resources/registry_store_test.go @@ -0,0 +1,35 @@ +package resources + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestRegistryStore(t *testing.T) { + rs := newRegistryStore() + rs.addOrUpdateRegistry("a", "reg1", dockerConfigEntry{ + Username: "test1", + Password: "test1pass", + Email: "test1@test.com", + }) + rs.addOrUpdateRegistry("a", "reg2", dockerConfigEntry{ + Username: "test2", + Password: "test2pass", + Email: "test2@test.com", + }) + rs.addOrUpdateRegistry("b", "reg3", dockerConfigEntry{ + Username: "test3", + Password: "test2pass", + Email: "test3@test.com", + }) + + regs := rs.getAllInNamespace("a") + assert.Len(t, regs, 2) + + regs = rs.getAllInNamespace("b") + assert.Len(t, regs, 1) + + regs = rs.getAllInNamespace("c") + assert.Empty(t, regs) +} From 8397df49eb6def304bfabf13585e961fe564b0c9 Mon Sep 17 00:00:00 2001 From: RTann Date: Tue, 18 Jan 2022 09:41:24 -0800 Subject: [PATCH 004/103] style --- sensor/kubernetes/listener/resources/secrets.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sensor/kubernetes/listener/resources/secrets.go b/sensor/kubernetes/listener/resources/secrets.go index dd5b852ea9fdc..7af54b9cffda6 100644 --- a/sensor/kubernetes/listener/resources/secrets.go +++ b/sensor/kubernetes/listener/resources/secrets.go @@ -193,7 +193,7 @@ func populateTypeData(secret *storage.Secret, dataFiles map[string][]byte) { } // secretDispatcher handles secret resource events. -type secretDispatcher struct{ +type secretDispatcher struct { regStore *RegistryStore } From 0350677a731a16976629ec9e23be455380ce74ca Mon Sep 17 00:00:00 2001 From: RTann Date: Tue, 18 Jan 2022 11:30:28 -0800 Subject: [PATCH 005/103] initial --- central/image/service/service_impl.go | 31 +- .../v1/image_integration_service.swagger.json | 2 +- generated/api/v1/image_service.pb.go | 912 ++++++++++++++++-- generated/api/v1/image_service.swagger.json | 242 ++++- generated/storage/image_integration.pb.go | 142 +-- go.mod | 2 +- go.sum | 4 +- make/protogen.mk | 20 +- pkg/env/sensor.go | 4 + proto/api/v1/image_service.proto | 20 +- proto/internalapi/sensor/image_iservice.proto | 2 +- proto/storage/image_integration.proto | 3 +- sensor/common/scannerclient/grpc_client.go | 79 ++ sensor/common/scannerclient/util.go | 44 + 14 files changed, 1319 insertions(+), 188 deletions(-) create mode 100644 sensor/common/scannerclient/grpc_client.go create mode 100644 sensor/common/scannerclient/util.go diff --git a/central/image/service/service_impl.go b/central/image/service/service_impl.go index 71b0c3ff959c2..d1591f8b00e4c 100644 --- a/central/image/service/service_impl.go +++ b/central/image/service/service_impl.go @@ -163,7 +163,7 @@ func (s *serviceImpl) saveImage(img *storage.Image) { } } -// ScanImage handles an image request from Sensor +// ScanImageInternal handles an image request from Sensor and Admission Controller. func (s *serviceImpl) ScanImageInternal(ctx context.Context, request *v1.ScanImageInternalRequest) (*v1.ScanImageInternalResponse, error) { // Always pull the image from the store if the ID != "". Central will manage the reprocessing over the // images @@ -172,11 +172,11 @@ func (s *serviceImpl) ScanImageInternal(ctx context.Context, request *v1.ScanIma if err != nil { return nil, err } - // If the scan exists and it is less than the reprocessing interval then return the scan. Otherwise, fetch it from the DB + // If the scan exists, and it is less than the reprocessing interval, then return the scan. + // Otherwise, fetch it from the DB. if exists { - utils.FilterSuppressedCVEsNoClone(img) return &v1.ScanImageInternalResponse{ - Image: utils.StripCVEDescriptions(img), + Image: sanitizeImage(img), }, nil } } @@ -196,18 +196,25 @@ func (s *serviceImpl) ScanImageInternal(ctx context.Context, request *v1.ScanIma // even if we weren't able to enrich it } - // asynchronously upsert images as this rpc should be performant + // asynchronously upsert the image, as this rpc should be performant if img.GetId() != "" { go s.saveImage(img.Clone()) } - // This modifies the image object - utils.FilterSuppressedCVEsNoClone(img) return &v1.ScanImageInternalResponse{ - Image: utils.StripCVEDescriptions(img), + Image: sanitizeImage(img), }, nil } +// sanitizeImage prepares the image for responses. +// The passed in image is modified. +// Returns the passed in image. +func sanitizeImage(img *storage.Image) *storage.Image { + utils.FilterSuppressedCVEsNoClone(img) + utils.StripCVEDescriptionsNoClone(img) + return img +} + // ScanImage scans an image and returns the result func (s *serviceImpl) ScanImage(ctx context.Context, request *v1.ScanImageRequest) (*storage.Image, error) { enrichmentCtx := enricher.EnrichmentContext{ @@ -234,6 +241,14 @@ func (s *serviceImpl) ScanImage(ctx context.Context, request *v1.ScanImageReques return img, nil } +// GetImageVulnerabilitiesInternal retrieves the vulnerabilities related to the image +// specified by the given components and scan notes. +// This is meant to be called by Sensor or Admission Controller. +// TODO(ROX-8401): Implement me. +func (s *serviceImpl) GetImageVulnerabilitiesInternal(ctx context.Context, request *v1.GetImageVulnerabilitiesInternalRequest) (*v1.GetImageVulnerabilitiesInternalResponse, error) { + return nil, nil +} + // DeleteImages deletes images based on query func (s *serviceImpl) DeleteImages(ctx context.Context, request *v1.DeleteImagesRequest) (*v1.DeleteImagesResponse, error) { if request.GetQuery() == nil { diff --git a/generated/api/v1/image_integration_service.swagger.json b/generated/api/v1/image_integration_service.swagger.json index a381d15023503..169c4ad18f979 100644 --- a/generated/api/v1/image_integration_service.swagger.json +++ b/generated/api/v1/image_integration_service.swagger.json @@ -477,7 +477,7 @@ "items": { "type": "string" }, - "description": "If a list of clusters is provided, the integration will only be accessed from the specified clusters' sensors." + "description": "If a list of clusters is provided, the integration will only be accessed from the specified clusters' sensors.\nPlease use cluster_id instead." }, "categories": { "type": "array", diff --git a/generated/api/v1/image_service.pb.go b/generated/api/v1/image_service.pb.go index 36e77d44c10c9..7b029f81f7adf 100644 --- a/generated/api/v1/image_service.pb.go +++ b/generated/api/v1/image_service.pb.go @@ -8,6 +8,7 @@ import ( fmt "fmt" proto "github.com/golang/protobuf/proto" storage "github.com/stackrox/rox/generated/storage" + v1 "github.com/stackrox/scanner/generated/scanner/api/v1" grpc "google.golang.org/grpc" codes "google.golang.org/grpc/codes" status "google.golang.org/grpc/status" @@ -55,7 +56,7 @@ func (x WatchImageResponse_ErrorType) String() string { } func (WatchImageResponse_ErrorType) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_b4306cfe43028263, []int{9, 0} + return fileDescriptor_b4306cfe43028263, []int{11, 0} } type GetImageRequest struct { @@ -458,6 +459,170 @@ func (m *ScanImageInternalResponse) Clone() *ScanImageInternalResponse { return cloned } +type GetImageVulnerabilitiesInternalRequest struct { + ImageId string `protobuf:"bytes,1,opt,name=image_id,json=imageId,proto3" json:"image_id,omitempty"` + ImageName *storage.ImageName `protobuf:"bytes,2,opt,name=image_name,json=imageName,proto3" json:"image_name,omitempty"` + Metadata *storage.ImageMetadata `protobuf:"bytes,3,opt,name=metadata,proto3" json:"metadata,omitempty"` + Components *v1.Components `protobuf:"bytes,4,opt,name=components,proto3" json:"components,omitempty"` + Notes []v1.Note `protobuf:"varint,5,rep,packed,name=notes,proto3,enum=scannerV1.Note" json:"notes,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *GetImageVulnerabilitiesInternalRequest) Reset() { + *m = GetImageVulnerabilitiesInternalRequest{} +} +func (m *GetImageVulnerabilitiesInternalRequest) String() string { return proto.CompactTextString(m) } +func (*GetImageVulnerabilitiesInternalRequest) ProtoMessage() {} +func (*GetImageVulnerabilitiesInternalRequest) Descriptor() ([]byte, []int) { + return fileDescriptor_b4306cfe43028263, []int{6} +} +func (m *GetImageVulnerabilitiesInternalRequest) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *GetImageVulnerabilitiesInternalRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_GetImageVulnerabilitiesInternalRequest.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *GetImageVulnerabilitiesInternalRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_GetImageVulnerabilitiesInternalRequest.Merge(m, src) +} +func (m *GetImageVulnerabilitiesInternalRequest) XXX_Size() int { + return m.Size() +} +func (m *GetImageVulnerabilitiesInternalRequest) XXX_DiscardUnknown() { + xxx_messageInfo_GetImageVulnerabilitiesInternalRequest.DiscardUnknown(m) +} + +var xxx_messageInfo_GetImageVulnerabilitiesInternalRequest proto.InternalMessageInfo + +func (m *GetImageVulnerabilitiesInternalRequest) GetImageId() string { + if m != nil { + return m.ImageId + } + return "" +} + +func (m *GetImageVulnerabilitiesInternalRequest) GetImageName() *storage.ImageName { + if m != nil { + return m.ImageName + } + return nil +} + +func (m *GetImageVulnerabilitiesInternalRequest) GetMetadata() *storage.ImageMetadata { + if m != nil { + return m.Metadata + } + return nil +} + +func (m *GetImageVulnerabilitiesInternalRequest) GetComponents() *v1.Components { + if m != nil { + return m.Components + } + return nil +} + +func (m *GetImageVulnerabilitiesInternalRequest) GetNotes() []v1.Note { + if m != nil { + return m.Notes + } + return nil +} + +func (m *GetImageVulnerabilitiesInternalRequest) MessageClone() proto.Message { + return m.Clone() +} +func (m *GetImageVulnerabilitiesInternalRequest) Clone() *GetImageVulnerabilitiesInternalRequest { + if m == nil { + return nil + } + cloned := new(GetImageVulnerabilitiesInternalRequest) + *cloned = *m + + cloned.ImageName = m.ImageName.Clone() + cloned.Metadata = m.Metadata.Clone() + cloned.Components = m.Components.Clone() + if m.Notes != nil { + cloned.Notes = make([]v1.Note, len(m.Notes)) + copy(cloned.Notes, m.Notes) + } + return cloned +} + +type GetImageVulnerabilitiesInternalResponse struct { + Image *storage.Image `protobuf:"bytes,1,opt,name=image,proto3" json:"image,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *GetImageVulnerabilitiesInternalResponse) Reset() { + *m = GetImageVulnerabilitiesInternalResponse{} +} +func (m *GetImageVulnerabilitiesInternalResponse) String() string { return proto.CompactTextString(m) } +func (*GetImageVulnerabilitiesInternalResponse) ProtoMessage() {} +func (*GetImageVulnerabilitiesInternalResponse) Descriptor() ([]byte, []int) { + return fileDescriptor_b4306cfe43028263, []int{7} +} +func (m *GetImageVulnerabilitiesInternalResponse) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *GetImageVulnerabilitiesInternalResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_GetImageVulnerabilitiesInternalResponse.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *GetImageVulnerabilitiesInternalResponse) XXX_Merge(src proto.Message) { + xxx_messageInfo_GetImageVulnerabilitiesInternalResponse.Merge(m, src) +} +func (m *GetImageVulnerabilitiesInternalResponse) XXX_Size() int { + return m.Size() +} +func (m *GetImageVulnerabilitiesInternalResponse) XXX_DiscardUnknown() { + xxx_messageInfo_GetImageVulnerabilitiesInternalResponse.DiscardUnknown(m) +} + +var xxx_messageInfo_GetImageVulnerabilitiesInternalResponse proto.InternalMessageInfo + +func (m *GetImageVulnerabilitiesInternalResponse) GetImage() *storage.Image { + if m != nil { + return m.Image + } + return nil +} + +func (m *GetImageVulnerabilitiesInternalResponse) MessageClone() proto.Message { + return m.Clone() +} +func (m *GetImageVulnerabilitiesInternalResponse) Clone() *GetImageVulnerabilitiesInternalResponse { + if m == nil { + return nil + } + cloned := new(GetImageVulnerabilitiesInternalResponse) + *cloned = *m + + cloned.Image = m.Image.Clone() + return cloned +} + type DeleteImagesRequest struct { Query *RawQuery `protobuf:"bytes,1,opt,name=query,proto3" json:"query,omitempty"` Confirm bool `protobuf:"varint,2,opt,name=confirm,proto3" json:"confirm,omitempty"` @@ -470,7 +635,7 @@ func (m *DeleteImagesRequest) Reset() { *m = DeleteImagesRequest{} } func (m *DeleteImagesRequest) String() string { return proto.CompactTextString(m) } func (*DeleteImagesRequest) ProtoMessage() {} func (*DeleteImagesRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_b4306cfe43028263, []int{6} + return fileDescriptor_b4306cfe43028263, []int{8} } func (m *DeleteImagesRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -539,7 +704,7 @@ func (m *DeleteImagesResponse) Reset() { *m = DeleteImagesResponse{} } func (m *DeleteImagesResponse) String() string { return proto.CompactTextString(m) } func (*DeleteImagesResponse) ProtoMessage() {} func (*DeleteImagesResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_b4306cfe43028263, []int{7} + return fileDescriptor_b4306cfe43028263, []int{9} } func (m *DeleteImagesResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -609,7 +774,7 @@ func (m *WatchImageRequest) Reset() { *m = WatchImageRequest{} } func (m *WatchImageRequest) String() string { return proto.CompactTextString(m) } func (*WatchImageRequest) ProtoMessage() {} func (*WatchImageRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_b4306cfe43028263, []int{8} + return fileDescriptor_b4306cfe43028263, []int{10} } func (m *WatchImageRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -675,7 +840,7 @@ func (m *WatchImageResponse) Reset() { *m = WatchImageResponse{} } func (m *WatchImageResponse) String() string { return proto.CompactTextString(m) } func (*WatchImageResponse) ProtoMessage() {} func (*WatchImageResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_b4306cfe43028263, []int{9} + return fileDescriptor_b4306cfe43028263, []int{11} } func (m *WatchImageResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -751,7 +916,7 @@ func (m *UnwatchImageRequest) Reset() { *m = UnwatchImageRequest{} } func (m *UnwatchImageRequest) String() string { return proto.CompactTextString(m) } func (*UnwatchImageRequest) ProtoMessage() {} func (*UnwatchImageRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_b4306cfe43028263, []int{10} + return fileDescriptor_b4306cfe43028263, []int{12} } func (m *UnwatchImageRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -811,7 +976,7 @@ func (m *GetWatchedImagesResponse) Reset() { *m = GetWatchedImagesRespon func (m *GetWatchedImagesResponse) String() string { return proto.CompactTextString(m) } func (*GetWatchedImagesResponse) ProtoMessage() {} func (*GetWatchedImagesResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_b4306cfe43028263, []int{11} + return fileDescriptor_b4306cfe43028263, []int{13} } func (m *GetWatchedImagesResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -874,6 +1039,8 @@ func init() { proto.RegisterType((*ScanImageRequest)(nil), "v1.ScanImageRequest") proto.RegisterType((*ScanImageInternalRequest)(nil), "v1.ScanImageInternalRequest") proto.RegisterType((*ScanImageInternalResponse)(nil), "v1.ScanImageInternalResponse") + proto.RegisterType((*GetImageVulnerabilitiesInternalRequest)(nil), "v1.GetImageVulnerabilitiesInternalRequest") + proto.RegisterType((*GetImageVulnerabilitiesInternalResponse)(nil), "v1.GetImageVulnerabilitiesInternalResponse") proto.RegisterType((*DeleteImagesRequest)(nil), "v1.DeleteImagesRequest") proto.RegisterType((*DeleteImagesResponse)(nil), "v1.DeleteImagesResponse") proto.RegisterType((*WatchImageRequest)(nil), "v1.WatchImageRequest") @@ -885,68 +1052,78 @@ func init() { func init() { proto.RegisterFile("api/v1/image_service.proto", fileDescriptor_b4306cfe43028263) } var fileDescriptor_b4306cfe43028263 = []byte{ - // 975 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x55, 0xdd, 0x6e, 0xe3, 0x44, - 0x14, 0x6e, 0x92, 0x6d, 0xb7, 0x39, 0x49, 0x93, 0x74, 0x92, 0x6d, 0xbd, 0xde, 0xfe, 0xc9, 0x8b, - 0xd4, 0x52, 0x84, 0xa3, 0x94, 0x3b, 0x84, 0x04, 0xa1, 0xcd, 0x96, 0xac, 0x9a, 0x64, 0x71, 0xba, - 0xcb, 0x82, 0x56, 0xb2, 0x06, 0x7b, 0x36, 0xb5, 0x88, 0x67, 0xbc, 0x1e, 0x27, 0xc5, 0x45, 0x5c, - 0xc0, 0x2b, 0x70, 0xc3, 0x1b, 0xc1, 0x25, 0x12, 0x2f, 0x80, 0x0a, 0x0f, 0x82, 0x3c, 0x33, 0x49, - 0x9c, 0x1f, 0x24, 0xee, 0x3c, 0xdf, 0x39, 0xf3, 0x9d, 0x9f, 0x39, 0xe7, 0x33, 0xe8, 0x38, 0xf0, - 0xea, 0xe3, 0x46, 0xdd, 0xf3, 0xf1, 0x80, 0xd8, 0x9c, 0x84, 0x63, 0xcf, 0x21, 0x66, 0x10, 0xb2, - 0x88, 0xa1, 0xec, 0xb8, 0xa1, 0xef, 0x0d, 0x18, 0x1b, 0x0c, 0x49, 0x3d, 0x71, 0xc3, 0x94, 0xb2, - 0x08, 0x47, 0x1e, 0xa3, 0x5c, 0x7a, 0xe8, 0x4f, 0xd4, 0x6d, 0x4e, 0x70, 0xe8, 0xdc, 0xcc, 0x5f, - 0xd7, 0x91, 0x32, 0x12, 0x3f, 0x88, 0x62, 0x85, 0x55, 0x79, 0xc4, 0x42, 0x3c, 0x20, 0x32, 0x9e, - 0x02, 0xb5, 0x09, 0xe8, 0x92, 0x60, 0xc8, 0x62, 0x9f, 0xd0, 0x48, 0x5a, 0x8c, 0xe7, 0x50, 0xbe, - 0x24, 0x51, 0x3b, 0xf1, 0xb5, 0xc8, 0xbb, 0x11, 0xe1, 0x11, 0x2a, 0x41, 0xd6, 0x73, 0xb5, 0xcc, - 0x51, 0xe6, 0x24, 0x6f, 0x65, 0x3d, 0x17, 0x1d, 0x43, 0xd9, 0xa3, 0xce, 0x70, 0xe4, 0x12, 0x9b, - 0x53, 0xc6, 0xee, 0x88, 0xab, 0x65, 0x8f, 0x32, 0x27, 0x9b, 0x56, 0x49, 0xc1, 0x7d, 0x89, 0x1a, - 0x9f, 0x01, 0xba, 0xf2, 0xb8, 0x24, 0xe3, 0x16, 0xe1, 0x01, 0xa3, 0x9c, 0xa0, 0x53, 0xd8, 0x10, - 0xa9, 0x70, 0x2d, 0x73, 0x94, 0x3b, 0x29, 0x9c, 0x21, 0x53, 0x25, 0x63, 0x4e, 0x9d, 0x2d, 0xe5, - 0x61, 0x7c, 0x00, 0xd5, 0x73, 0x36, 0xa2, 0x8b, 0x14, 0x35, 0x58, 0x77, 0x12, 0x58, 0x24, 0xb5, - 0x6e, 0xc9, 0x83, 0x11, 0x40, 0xa5, 0xef, 0x60, 0x3a, 0x97, 0xfb, 0x3e, 0x80, 0xec, 0x33, 0xc5, - 0x3e, 0x51, 0x35, 0xe4, 0x05, 0xd2, 0xc5, 0xbe, 0x20, 0x7a, 0xcb, 0x42, 0x87, 0xa8, 0x02, 0xe4, - 0x61, 0x55, 0x81, 0xb9, 0x95, 0x05, 0x06, 0xa0, 0x4d, 0x23, 0xb6, 0x69, 0x44, 0x42, 0x8a, 0x87, - 0x93, 0xc8, 0x1f, 0xc2, 0xba, 0x88, 0x23, 0x82, 0x16, 0xce, 0x76, 0xa7, 0x55, 0x9e, 0x33, 0x1a, - 0x61, 0x8f, 0x92, 0x50, 0x26, 0x2a, 0xbd, 0xd0, 0x21, 0x14, 0x1c, 0xec, 0xdc, 0x10, 0xd7, 0x66, - 0x74, 0x18, 0xab, 0x78, 0x20, 0xa1, 0x1e, 0x1d, 0xc6, 0xcf, 0x1f, 0x6c, 0x66, 0x2b, 0x39, 0xa3, - 0x09, 0x8f, 0x57, 0x44, 0x54, 0x6d, 0x79, 0x6f, 0x3e, 0x64, 0x69, 0x1a, 0x32, 0x1d, 0xc9, 0xe8, - 0x43, 0xf5, 0x82, 0x0c, 0x49, 0x44, 0x26, 0x4d, 0x95, 0xf9, 0x1a, 0xb0, 0xfe, 0x6e, 0x44, 0xc2, - 0x58, 0x5d, 0x2e, 0x9a, 0xe3, 0x86, 0x69, 0xe1, 0xdb, 0x2f, 0x13, 0xcc, 0x92, 0x26, 0xa4, 0xc1, - 0x43, 0x87, 0xd1, 0xb7, 0x5e, 0xe8, 0xab, 0x86, 0x4d, 0x8e, 0xc6, 0x0b, 0xa8, 0xcd, 0x93, 0xaa, - 0x94, 0x0e, 0xa1, 0x40, 0x47, 0xbe, 0xed, 0x0a, 0x9b, 0x1c, 0xa2, 0x2d, 0x0b, 0xe8, 0xc8, 0x97, - 0xde, 0x2e, 0xda, 0x85, 0x87, 0x6e, 0x18, 0xdb, 0xe1, 0x88, 0x2a, 0xca, 0x0d, 0x37, 0x8c, 0xad, - 0x11, 0x35, 0x8e, 0x61, 0xfb, 0x2b, 0x1c, 0x39, 0x37, 0x73, 0xcf, 0x89, 0xe0, 0x41, 0xea, 0x21, - 0xc5, 0xb7, 0xf1, 0x53, 0x16, 0x50, 0xda, 0x53, 0x45, 0x3e, 0x86, 0x32, 0x65, 0xa1, 0x8f, 0x87, - 0xde, 0x1d, 0x71, 0xd3, 0xcf, 0x5f, 0x9a, 0xc1, 0x62, 0x06, 0x3e, 0x05, 0x20, 0x61, 0xc8, 0x42, - 0x3b, 0x8a, 0x03, 0x39, 0x08, 0xa5, 0xb3, 0xa3, 0xa4, 0xfa, 0x65, 0x52, 0xb3, 0x95, 0x38, 0x5e, - 0xc7, 0x01, 0xb1, 0xf2, 0x64, 0xf2, 0x89, 0x9e, 0xc2, 0x96, 0x24, 0xf0, 0x09, 0xe7, 0x49, 0xfb, - 0x73, 0x22, 0x4e, 0x51, 0x80, 0x1d, 0x89, 0x19, 0x6f, 0x20, 0x3f, 0xbd, 0x8c, 0x8a, 0xb0, 0xd9, - 0xed, 0xd9, 0x2d, 0xcb, 0xea, 0x59, 0x95, 0x35, 0xb4, 0x03, 0xa8, 0xdd, 0x7d, 0xd5, 0xbc, 0x6a, - 0x5f, 0xd8, 0xed, 0x4e, 0xf3, 0xb2, 0x65, 0x77, 0x9b, 0x9d, 0x56, 0x25, 0x83, 0x34, 0xa8, 0x75, - 0x7b, 0xb6, 0x32, 0x74, 0xaf, 0x5b, 0x97, 0x56, 0xf3, 0xba, 0xdd, 0xeb, 0x56, 0xb2, 0xa8, 0x0c, - 0x85, 0xfe, 0x79, 0xb3, 0x6b, 0x3f, 0x6b, 0xb6, 0xaf, 0x5a, 0x17, 0x95, 0x9c, 0xf1, 0x3e, 0x54, - 0x5f, 0xd2, 0xdb, 0xff, 0xd5, 0xae, 0xd7, 0xa0, 0x5d, 0x92, 0x48, 0xd4, 0x46, 0xdc, 0x85, 0xd7, - 0xfa, 0x04, 0x4a, 0xb7, 0xd2, 0x60, 0xcf, 0xad, 0xe8, 0xa3, 0xe9, 0x24, 0xa5, 0xef, 0x59, 0x5b, - 0xb7, 0x69, 0x96, 0xb3, 0xdf, 0x36, 0xa0, 0x28, 0x3e, 0xfb, 0x52, 0x94, 0xd0, 0x17, 0xb0, 0x39, - 0xd1, 0x12, 0x54, 0x4d, 0x3a, 0xba, 0xa0, 0x2c, 0xfa, 0xc2, 0x84, 0x1a, 0xbb, 0x3f, 0xff, 0xf9, - 0xcf, 0x2f, 0xd9, 0x6d, 0x54, 0x9e, 0xea, 0x23, 0xaf, 0xff, 0xe0, 0xb9, 0x3f, 0xa2, 0x0e, 0x14, - 0x52, 0x3a, 0x80, 0xe6, 0x86, 0x53, 0xdf, 0x4d, 0x4e, 0x2b, 0x64, 0x62, 0x15, 0x9d, 0x50, 0x0a, - 0xf4, 0x0c, 0x60, 0x26, 0x4c, 0x0b, 0x6c, 0x3b, 0xc9, 0x69, 0x59, 0xb6, 0x0c, 0x24, 0xc8, 0x8a, - 0x08, 0x66, 0x64, 0xa8, 0x03, 0xf9, 0xe9, 0x36, 0xa2, 0x5a, 0x72, 0x71, 0x51, 0x80, 0x96, 0x4a, - 0xd4, 0x05, 0x4d, 0xcd, 0x48, 0x97, 0xc8, 0x1d, 0x4c, 0x3f, 0xce, 0x9c, 0xa2, 0x17, 0xb0, 0xbd, - 0xb4, 0xdc, 0x68, 0x6f, 0x8e, 0x76, 0x41, 0x65, 0xf4, 0xfd, 0xff, 0xb0, 0xaa, 0x07, 0x7d, 0x03, - 0x87, 0x6d, 0x3a, 0xc6, 0x43, 0xcf, 0xc5, 0x11, 0x49, 0xdc, 0x9a, 0xd4, 0xb5, 0xc8, 0xc0, 0xe3, - 0x51, 0x18, 0x9f, 0x27, 0xda, 0xc2, 0x51, 0x3e, 0x61, 0x68, 0x25, 0x3f, 0x0c, 0x7d, 0xf6, 0x69, - 0x3c, 0x15, 0x69, 0xee, 0xa3, 0x27, 0xa9, 0x34, 0x85, 0x18, 0xd5, 0xbd, 0x29, 0x1f, 0x7a, 0x09, - 0xc5, 0xf4, 0xd2, 0x23, 0xf1, 0x10, 0x2b, 0xb4, 0x45, 0xd7, 0x96, 0x0d, 0xf3, 0x5d, 0x3d, 0x4d, - 0x77, 0xf5, 0x6b, 0x80, 0xd9, 0xea, 0xa1, 0x47, 0x8b, 0xab, 0x28, 0x29, 0x77, 0x56, 0x6f, 0xa8, - 0xb1, 0x27, 0x08, 0x77, 0x8c, 0xed, 0x84, 0x50, 0xcd, 0xa7, 0xe4, 0x4d, 0x3a, 0xdc, 0x81, 0x62, - 0x7a, 0x4f, 0x64, 0xc6, 0x2b, 0x36, 0x27, 0xdd, 0x8a, 0xc7, 0x82, 0xb1, 0x7a, 0xba, 0xcc, 0x88, - 0x5e, 0x41, 0x65, 0x71, 0x97, 0xd2, 0xfd, 0xdc, 0x53, 0x33, 0xbf, 0x72, 0xd9, 0x26, 0xbc, 0x68, - 0x99, 0xf7, 0x73, 0xf3, 0xf7, 0xfb, 0x83, 0xcc, 0x1f, 0xf7, 0x07, 0x99, 0xbf, 0xee, 0x0f, 0x32, - 0xbf, 0xfe, 0x7d, 0xb0, 0x06, 0x9a, 0xc7, 0x4c, 0x1e, 0x61, 0xe7, 0xbb, 0x90, 0x7d, 0x2f, 0xff, - 0xd4, 0x26, 0x0e, 0x3c, 0x73, 0xdc, 0xf8, 0x26, 0x3b, 0x6e, 0xbc, 0x5e, 0xfb, 0x76, 0x43, 0x60, - 0x1f, 0xfd, 0x1b, 0x00, 0x00, 0xff, 0xff, 0xdf, 0xb5, 0xf9, 0x38, 0x5d, 0x08, 0x00, 0x00, + // 1136 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x56, 0x5d, 0x6f, 0xe3, 0x44, + 0x17, 0x6e, 0x92, 0xa6, 0x4d, 0x4e, 0xd2, 0x24, 0x9d, 0xf4, 0xc3, 0xcd, 0xf6, 0x4b, 0xde, 0xf7, + 0xa5, 0xa5, 0x2b, 0x1c, 0x25, 0x88, 0x1b, 0x84, 0x04, 0xa1, 0xcd, 0x96, 0xac, 0x9a, 0x64, 0x71, + 0xbb, 0x65, 0x41, 0x2b, 0x59, 0xb3, 0xf6, 0x6c, 0x6b, 0x11, 0xcf, 0x64, 0x6d, 0x27, 0x25, 0x45, + 0x5c, 0xc0, 0x15, 0xf7, 0xdc, 0xf0, 0x7f, 0xb8, 0xe1, 0x12, 0x89, 0x3f, 0x80, 0x0a, 0x3f, 0x04, + 0x79, 0x66, 0xe2, 0xda, 0x4e, 0x60, 0x97, 0x3b, 0xcf, 0x39, 0x67, 0x9e, 0xf3, 0xfd, 0x8c, 0xa1, + 0x86, 0x87, 0x76, 0x7d, 0xdc, 0xa8, 0xdb, 0x0e, 0xbe, 0x22, 0x86, 0x47, 0xdc, 0xb1, 0x6d, 0x12, + 0x6d, 0xe8, 0x32, 0x9f, 0xa1, 0xf4, 0xb8, 0x51, 0xdb, 0xbe, 0x62, 0xec, 0x6a, 0x40, 0xea, 0x81, + 0x19, 0xa6, 0x94, 0xf9, 0xd8, 0xb7, 0x19, 0xf5, 0x84, 0x45, 0xed, 0x81, 0xbc, 0xed, 0x11, 0xec, + 0x9a, 0xd7, 0xf1, 0xeb, 0x35, 0x24, 0x95, 0xc4, 0x19, 0xfa, 0x13, 0x29, 0xdb, 0xf5, 0x4c, 0x4c, + 0x29, 0x71, 0xeb, 0x52, 0x67, 0x32, 0x67, 0xc8, 0x28, 0xa1, 0xbe, 0xd4, 0x6f, 0x25, 0xf4, 0x94, + 0xf9, 0x53, 0xb8, 0xaa, 0xe7, 0x33, 0x17, 0x5f, 0x11, 0x11, 0xaa, 0x14, 0x2a, 0x53, 0xa1, 0x45, + 0x86, 0x03, 0x36, 0x71, 0x42, 0x24, 0xf5, 0x09, 0x94, 0x4f, 0x89, 0xdf, 0x09, 0x6c, 0x75, 0xf2, + 0x7a, 0x44, 0x3c, 0x1f, 0x95, 0x20, 0x6d, 0x5b, 0x4a, 0x6a, 0x3f, 0x75, 0x98, 0xd7, 0xd3, 0xb6, + 0x85, 0x0e, 0xa0, 0x6c, 0x53, 0x73, 0x30, 0xb2, 0x88, 0xe1, 0x51, 0xc6, 0x6e, 0x89, 0xa5, 0xa4, + 0xf7, 0x53, 0x87, 0x39, 0xbd, 0x24, 0xc5, 0xe7, 0x42, 0xaa, 0x7e, 0x02, 0xe8, 0xcc, 0xf6, 0x04, + 0x98, 0xa7, 0x13, 0x6f, 0xc8, 0xa8, 0x47, 0xd0, 0x11, 0x2c, 0xf1, 0x50, 0x3c, 0x25, 0xb5, 0x9f, + 0x39, 0x2c, 0x34, 0x91, 0x26, 0x83, 0xd1, 0x42, 0x63, 0x5d, 0x5a, 0xa8, 0x8f, 0xa0, 0x7a, 0xcc, + 0x46, 0x34, 0x09, 0xb1, 0x06, 0x59, 0x33, 0x10, 0xf3, 0xa0, 0xb2, 0xba, 0x38, 0xa8, 0x43, 0xa8, + 0x9c, 0x9b, 0x98, 0xc6, 0x62, 0xdf, 0x01, 0x10, 0x2d, 0xa2, 0xd8, 0x21, 0x32, 0x87, 0x3c, 0x97, + 0xf4, 0xb0, 0xc3, 0x81, 0x5e, 0x31, 0xd7, 0x24, 0x32, 0x01, 0x71, 0x98, 0x97, 0x60, 0x66, 0x6e, + 0x82, 0x43, 0x50, 0x42, 0x8f, 0x1d, 0xea, 0x13, 0x97, 0xe2, 0xc1, 0xd4, 0xf3, 0x7b, 0x90, 0xe5, + 0x7e, 0xb8, 0xd3, 0x42, 0x73, 0x33, 0xcc, 0xf2, 0x98, 0x51, 0x1f, 0xdb, 0x94, 0xb8, 0x22, 0x50, + 0x61, 0x85, 0xf6, 0xa0, 0x60, 0x62, 0xf3, 0x9a, 0x58, 0x06, 0xa3, 0x83, 0x89, 0xf4, 0x07, 0x42, + 0xd4, 0xa7, 0x83, 0xc9, 0x93, 0xc5, 0x5c, 0xba, 0x92, 0x51, 0x5b, 0xb0, 0x35, 0xc7, 0xa3, 0x2c, + 0xcb, 0xff, 0xe2, 0x2e, 0x4b, 0xa1, 0xcb, 0xa8, 0x27, 0xf5, 0xc7, 0x34, 0xbc, 0x33, 0x6d, 0xf1, + 0xe5, 0x68, 0x40, 0x89, 0x8b, 0x5f, 0xda, 0x03, 0xdb, 0xb7, 0x89, 0x97, 0xcc, 0x61, 0x0b, 0x72, + 0xa2, 0x7a, 0x61, 0xff, 0x97, 0xf9, 0xb9, 0x63, 0xa1, 0x46, 0xac, 0xb0, 0x69, 0xee, 0x10, 0xc5, + 0x1d, 0x06, 0x15, 0x8e, 0x16, 0xbb, 0x09, 0x39, 0x87, 0xf8, 0xd8, 0xc2, 0x3e, 0xe6, 0xf9, 0x15, + 0x9a, 0x1b, 0xf1, 0x0b, 0x5d, 0xa9, 0xd5, 0x43, 0x3b, 0xf4, 0x01, 0x40, 0x38, 0xeb, 0x9e, 0xb2, + 0xc8, 0x6f, 0xad, 0x6b, 0x72, 0xda, 0x2f, 0x1b, 0xda, 0x71, 0xa8, 0xd4, 0x23, 0x86, 0xe8, 0xff, + 0x90, 0x0d, 0x56, 0xc0, 0x53, 0xb2, 0xfb, 0x99, 0xc3, 0x52, 0xb3, 0x1c, 0xb9, 0xd1, 0x63, 0x3e, + 0xd1, 0x85, 0x56, 0xed, 0xc3, 0xc1, 0x1b, 0x2b, 0xf1, 0x9f, 0x6a, 0x7b, 0x0e, 0xd5, 0x13, 0x32, + 0x20, 0x3e, 0x99, 0x0e, 0xac, 0xa8, 0xa3, 0x0a, 0xd9, 0xd7, 0x23, 0xe2, 0x4e, 0xe4, 0xe5, 0xa2, + 0x36, 0x6e, 0x68, 0x3a, 0xbe, 0xf9, 0x3c, 0x90, 0xe9, 0x42, 0x85, 0x14, 0x58, 0x36, 0x19, 0x7d, + 0x65, 0xbb, 0x8e, 0x1c, 0xc6, 0xe9, 0x51, 0x7d, 0x0a, 0x6b, 0x71, 0x50, 0x19, 0xd2, 0x1e, 0x14, + 0xe8, 0xc8, 0x31, 0x2c, 0xae, 0x13, 0x0d, 0x5a, 0xd1, 0x81, 0x8e, 0x1c, 0x61, 0x6d, 0xa1, 0x4d, + 0x58, 0xb6, 0xdc, 0x89, 0xe1, 0x8e, 0xa8, 0x84, 0x5c, 0xb2, 0xdc, 0x89, 0x3e, 0xa2, 0xea, 0x01, + 0xac, 0x7e, 0x81, 0x7d, 0xf3, 0x3a, 0xb6, 0x2a, 0x08, 0x16, 0x23, 0x4b, 0xc2, 0xbf, 0xd5, 0xef, + 0xd3, 0x80, 0xa2, 0x96, 0xd2, 0xf3, 0x01, 0x94, 0x29, 0x73, 0x1d, 0x3c, 0xb0, 0x6f, 0x89, 0x15, + 0x5d, 0xad, 0xd2, 0xbd, 0x98, 0xb7, 0xfc, 0x63, 0x00, 0xe2, 0xba, 0xcc, 0x35, 0xfc, 0xc9, 0x50, + 0x4c, 0x49, 0xa9, 0xb9, 0x1f, 0x64, 0x3f, 0x0b, 0xaa, 0xb5, 0x03, 0xc3, 0x8b, 0xc9, 0x90, 0xe8, + 0x79, 0x32, 0xfd, 0x44, 0x0f, 0x61, 0x45, 0x00, 0x38, 0xc4, 0xf3, 0x82, 0xf2, 0x67, 0xb8, 0x9f, + 0x22, 0x17, 0x76, 0x85, 0x4c, 0x7d, 0x01, 0xf9, 0xf0, 0x32, 0x2a, 0x42, 0xae, 0xd7, 0x37, 0xda, + 0xba, 0xde, 0xd7, 0x2b, 0x0b, 0x68, 0x03, 0x50, 0xa7, 0x77, 0xd9, 0x3a, 0xeb, 0x9c, 0x18, 0x9d, + 0x6e, 0xeb, 0xb4, 0x6d, 0xf4, 0x5a, 0xdd, 0x76, 0x25, 0x85, 0x14, 0x58, 0xeb, 0xf5, 0x0d, 0xa9, + 0xe8, 0x5d, 0xb4, 0x4f, 0xf5, 0xd6, 0x45, 0xa7, 0xdf, 0xab, 0xa4, 0x51, 0x19, 0x0a, 0xe7, 0xc7, + 0xad, 0x9e, 0xf1, 0xb8, 0xd5, 0x39, 0x6b, 0x9f, 0x54, 0x32, 0xea, 0xbb, 0x50, 0x7d, 0x46, 0x6f, + 0xde, 0xaa, 0x5c, 0xcf, 0x41, 0x39, 0x25, 0x3e, 0xcf, 0x8d, 0x58, 0x89, 0x6e, 0x7d, 0x04, 0xa5, + 0x1b, 0xa1, 0x30, 0x62, 0xf4, 0xb7, 0x1e, 0x4e, 0x52, 0xf4, 0x9e, 0xbe, 0x72, 0x13, 0x45, 0x69, + 0xfe, 0xb2, 0x0c, 0x45, 0xfe, 0x79, 0x2e, 0xde, 0x0a, 0xf4, 0x19, 0xe4, 0xa6, 0xa3, 0x8b, 0xaa, + 0x41, 0x45, 0x13, 0xac, 0x5d, 0x4b, 0x4c, 0xa8, 0xba, 0xf9, 0xc3, 0xef, 0x7f, 0xfd, 0x94, 0x5e, + 0x45, 0xe5, 0xf0, 0xd9, 0xf2, 0xea, 0xdf, 0xda, 0xd6, 0x77, 0xa8, 0x0b, 0x85, 0x08, 0xc7, 0xa2, + 0xd8, 0x70, 0xd6, 0x36, 0x83, 0xd3, 0x1c, 0x0a, 0x9e, 0x07, 0xc7, 0x59, 0x18, 0x3d, 0x06, 0xb8, + 0x27, 0xfd, 0x04, 0xda, 0x46, 0x70, 0x9a, 0x7d, 0x12, 0x54, 0xc4, 0xc1, 0x8a, 0x08, 0xee, 0xc1, + 0x50, 0x17, 0xf2, 0x21, 0xd3, 0xa1, 0xb5, 0xe0, 0x62, 0x92, 0xdc, 0x67, 0x52, 0xac, 0x71, 0x98, + 0x35, 0x35, 0x9a, 0x62, 0xb0, 0xf8, 0x1f, 0xa6, 0x8e, 0xd0, 0x53, 0x58, 0x9d, 0x21, 0x4e, 0xb4, + 0x1d, 0x83, 0x4d, 0xb0, 0x5f, 0x6d, 0xe7, 0x1f, 0xb4, 0xb2, 0xa1, 0xb7, 0xb0, 0xf7, 0x06, 0xf2, + 0x40, 0x47, 0xd1, 0xc6, 0xfc, 0x3b, 0xd7, 0xd6, 0x1e, 0xbd, 0x95, 0xad, 0xf4, 0xfd, 0x02, 0xf6, + 0x3a, 0x74, 0x8c, 0x07, 0xb6, 0x85, 0x7d, 0x12, 0x84, 0xd8, 0xa2, 0x96, 0x4e, 0xae, 0x6c, 0xcf, + 0x77, 0x27, 0xc7, 0xc1, 0x9b, 0xe1, 0xa1, 0x7c, 0x80, 0xd7, 0x0e, 0xfe, 0x21, 0x6a, 0xf7, 0x9f, + 0xea, 0x43, 0x5e, 0xa2, 0x1d, 0xf4, 0x20, 0x52, 0x22, 0xfe, 0xc8, 0xd4, 0xed, 0x10, 0x0f, 0x3d, + 0x83, 0x62, 0x94, 0x70, 0x10, 0x1f, 0x82, 0x39, 0xbc, 0x56, 0x53, 0x66, 0x15, 0xf1, 0x8e, 0x1e, + 0x45, 0x3b, 0xfa, 0x25, 0xc0, 0xfd, 0xda, 0xa3, 0xf5, 0x24, 0x0d, 0x08, 0xc8, 0x8d, 0xf9, 0xec, + 0xa0, 0x6e, 0x73, 0xc0, 0x0d, 0x75, 0x35, 0x00, 0x94, 0xbb, 0x21, 0x70, 0x83, 0xee, 0x76, 0xa1, + 0x18, 0xdd, 0x51, 0x11, 0xf1, 0x9c, 0xad, 0x8d, 0x96, 0x62, 0x8b, 0x23, 0x56, 0x8f, 0x66, 0x11, + 0xd1, 0x25, 0x54, 0x92, 0x7b, 0x1c, 0xad, 0xe7, 0xb6, 0x6c, 0xd5, 0xdc, 0x45, 0x9f, 0xe2, 0xa2, + 0x59, 0xdc, 0x4f, 0xb5, 0x5f, 0xef, 0x76, 0x53, 0xbf, 0xdd, 0xed, 0xa6, 0xfe, 0xb8, 0xdb, 0x4d, + 0xfd, 0xfc, 0xe7, 0xee, 0x02, 0x28, 0x36, 0xd3, 0x3c, 0x1f, 0x9b, 0x5f, 0xbb, 0xec, 0x1b, 0xf1, + 0x07, 0xa6, 0xe1, 0xa1, 0xad, 0x8d, 0x1b, 0x5f, 0xa5, 0xc7, 0x8d, 0xe7, 0x0b, 0x2f, 0x97, 0xb8, + 0xec, 0xfd, 0xbf, 0x03, 0x00, 0x00, 0xff, 0xff, 0xb0, 0xef, 0x6a, 0x87, 0x70, 0x0a, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -969,8 +1146,11 @@ type ImageServiceClient interface { ListImages(ctx context.Context, in *RawQuery, opts ...grpc.CallOption) (*ListImagesResponse, error) // ScanImage scans a single image and returns the result ScanImage(ctx context.Context, in *ScanImageRequest, opts ...grpc.CallOption) (*storage.Image, error) - // ScanImageInternal is used solely by the Sensor to send scan requests + // ScanImageInternal is used solely by the Sensor and Admission Controller to send scan requests ScanImageInternal(ctx context.Context, in *ScanImageInternalRequest, opts ...grpc.CallOption) (*ScanImageInternalResponse, error) + // GetImageVulnerabilities is used solely by the Sensor and Admission Controller to send + // vulnerability matching requests. + GetImageVulnerabilitiesInternal(ctx context.Context, in *GetImageVulnerabilitiesInternalRequest, opts ...grpc.CallOption) (*GetImageVulnerabilitiesInternalResponse, error) // InvalidateScanAndRegistryCaches removes the image metadata cache. InvalidateScanAndRegistryCaches(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) // DeleteImage removes the images based on a query @@ -1039,6 +1219,15 @@ func (c *imageServiceClient) ScanImageInternal(ctx context.Context, in *ScanImag return out, nil } +func (c *imageServiceClient) GetImageVulnerabilitiesInternal(ctx context.Context, in *GetImageVulnerabilitiesInternalRequest, opts ...grpc.CallOption) (*GetImageVulnerabilitiesInternalResponse, error) { + out := new(GetImageVulnerabilitiesInternalResponse) + err := c.cc.Invoke(ctx, "/v1.ImageService/GetImageVulnerabilitiesInternal", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + func (c *imageServiceClient) InvalidateScanAndRegistryCaches(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) { out := new(Empty) err := c.cc.Invoke(ctx, "/v1.ImageService/InvalidateScanAndRegistryCaches", in, out, opts...) @@ -1094,8 +1283,11 @@ type ImageServiceServer interface { ListImages(context.Context, *RawQuery) (*ListImagesResponse, error) // ScanImage scans a single image and returns the result ScanImage(context.Context, *ScanImageRequest) (*storage.Image, error) - // ScanImageInternal is used solely by the Sensor to send scan requests + // ScanImageInternal is used solely by the Sensor and Admission Controller to send scan requests ScanImageInternal(context.Context, *ScanImageInternalRequest) (*ScanImageInternalResponse, error) + // GetImageVulnerabilities is used solely by the Sensor and Admission Controller to send + // vulnerability matching requests. + GetImageVulnerabilitiesInternal(context.Context, *GetImageVulnerabilitiesInternalRequest) (*GetImageVulnerabilitiesInternalResponse, error) // InvalidateScanAndRegistryCaches removes the image metadata cache. InvalidateScanAndRegistryCaches(context.Context, *Empty) (*Empty, error) // DeleteImage removes the images based on a query @@ -1130,6 +1322,9 @@ func (*UnimplementedImageServiceServer) ScanImage(ctx context.Context, req *Scan func (*UnimplementedImageServiceServer) ScanImageInternal(ctx context.Context, req *ScanImageInternalRequest) (*ScanImageInternalResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method ScanImageInternal not implemented") } +func (*UnimplementedImageServiceServer) GetImageVulnerabilitiesInternal(ctx context.Context, req *GetImageVulnerabilitiesInternalRequest) (*GetImageVulnerabilitiesInternalResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetImageVulnerabilitiesInternal not implemented") +} func (*UnimplementedImageServiceServer) InvalidateScanAndRegistryCaches(ctx context.Context, req *Empty) (*Empty, error) { return nil, status.Errorf(codes.Unimplemented, "method InvalidateScanAndRegistryCaches not implemented") } @@ -1240,6 +1435,24 @@ func _ImageService_ScanImageInternal_Handler(srv interface{}, ctx context.Contex return interceptor(ctx, in, info, handler) } +func _ImageService_GetImageVulnerabilitiesInternal_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(GetImageVulnerabilitiesInternalRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(ImageServiceServer).GetImageVulnerabilitiesInternal(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/v1.ImageService/GetImageVulnerabilitiesInternal", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(ImageServiceServer).GetImageVulnerabilitiesInternal(ctx, req.(*GetImageVulnerabilitiesInternalRequest)) + } + return interceptor(ctx, in, info, handler) +} + func _ImageService_InvalidateScanAndRegistryCaches_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(Empty) if err := dec(in); err != nil { @@ -1354,6 +1567,10 @@ var _ImageService_serviceDesc = grpc.ServiceDesc{ MethodName: "ScanImageInternal", Handler: _ImageService_ScanImageInternal_Handler, }, + { + MethodName: "GetImageVulnerabilitiesInternal", + Handler: _ImageService_GetImageVulnerabilitiesInternal_Handler, + }, { MethodName: "InvalidateScanAndRegistryCaches", Handler: _ImageService_InvalidateScanAndRegistryCaches_Handler, @@ -1638,6 +1855,133 @@ func (m *ScanImageInternalResponse) MarshalToSizedBuffer(dAtA []byte) (int, erro return len(dAtA) - i, nil } +func (m *GetImageVulnerabilitiesInternalRequest) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *GetImageVulnerabilitiesInternalRequest) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *GetImageVulnerabilitiesInternalRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.Notes) > 0 { + dAtA4 := make([]byte, len(m.Notes)*10) + var j3 int + for _, num := range m.Notes { + for num >= 1<<7 { + dAtA4[j3] = uint8(uint64(num)&0x7f | 0x80) + num >>= 7 + j3++ + } + dAtA4[j3] = uint8(num) + j3++ + } + i -= j3 + copy(dAtA[i:], dAtA4[:j3]) + i = encodeVarintImageService(dAtA, i, uint64(j3)) + i-- + dAtA[i] = 0x2a + } + if m.Components != nil { + { + size, err := m.Components.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintImageService(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x22 + } + if m.Metadata != nil { + { + size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintImageService(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x1a + } + if m.ImageName != nil { + { + size, err := m.ImageName.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintImageService(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + if len(m.ImageId) > 0 { + i -= len(m.ImageId) + copy(dAtA[i:], m.ImageId) + i = encodeVarintImageService(dAtA, i, uint64(len(m.ImageId))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func (m *GetImageVulnerabilitiesInternalResponse) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *GetImageVulnerabilitiesInternalResponse) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *GetImageVulnerabilitiesInternalResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if m.Image != nil { + { + size, err := m.Image.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintImageService(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + func (m *DeleteImagesRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -2004,18 +2348,34 @@ func (m *ScanImageInternalResponse) Size() (n int) { return n } -func (m *DeleteImagesRequest) Size() (n int) { +func (m *GetImageVulnerabilitiesInternalRequest) Size() (n int) { if m == nil { return 0 } var l int _ = l - if m.Query != nil { - l = m.Query.Size() + l = len(m.ImageId) + if l > 0 { n += 1 + l + sovImageService(uint64(l)) } - if m.Confirm { - n += 2 + if m.ImageName != nil { + l = m.ImageName.Size() + n += 1 + l + sovImageService(uint64(l)) + } + if m.Metadata != nil { + l = m.Metadata.Size() + n += 1 + l + sovImageService(uint64(l)) + } + if m.Components != nil { + l = m.Components.Size() + n += 1 + l + sovImageService(uint64(l)) + } + if len(m.Notes) > 0 { + l = 0 + for _, e := range m.Notes { + l += sovImageService(uint64(e)) + } + n += 1 + sovImageService(uint64(l)) + l } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) @@ -2023,17 +2383,15 @@ func (m *DeleteImagesRequest) Size() (n int) { return n } -func (m *DeleteImagesResponse) Size() (n int) { +func (m *GetImageVulnerabilitiesInternalResponse) Size() (n int) { if m == nil { return 0 } var l int _ = l - if m.NumDeleted != 0 { - n += 1 + sovImageService(uint64(m.NumDeleted)) - } - if m.DryRun { - n += 2 + if m.Image != nil { + l = m.Image.Size() + n += 1 + l + sovImageService(uint64(l)) } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) @@ -2041,14 +2399,51 @@ func (m *DeleteImagesResponse) Size() (n int) { return n } -func (m *WatchImageRequest) Size() (n int) { +func (m *DeleteImagesRequest) Size() (n int) { if m == nil { return 0 } var l int _ = l - l = len(m.Name) - if l > 0 { + if m.Query != nil { + l = m.Query.Size() + n += 1 + l + sovImageService(uint64(l)) + } + if m.Confirm { + n += 2 + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *DeleteImagesResponse) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.NumDeleted != 0 { + n += 1 + sovImageService(uint64(m.NumDeleted)) + } + if m.DryRun { + n += 2 + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *WatchImageRequest) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Name) + if l > 0 { n += 1 + l + sovImageService(uint64(l)) } if m.XXX_unrecognized != nil { @@ -2695,6 +3090,353 @@ func (m *ScanImageInternalResponse) Unmarshal(dAtA []byte) error { } return nil } +func (m *GetImageVulnerabilitiesInternalRequest) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowImageService + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: GetImageVulnerabilitiesInternalRequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: GetImageVulnerabilitiesInternalRequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ImageId", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowImageService + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthImageService + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthImageService + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ImageId = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ImageName", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowImageService + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthImageService + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthImageService + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.ImageName == nil { + m.ImageName = &storage.ImageName{} + } + if err := m.ImageName.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowImageService + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthImageService + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthImageService + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Metadata == nil { + m.Metadata = &storage.ImageMetadata{} + } + if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Components", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowImageService + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthImageService + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthImageService + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Components == nil { + m.Components = &v1.Components{} + } + if err := m.Components.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 5: + if wireType == 0 { + var v v1.Note + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowImageService + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= v1.Note(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.Notes = append(m.Notes, v) + } else if wireType == 2 { + var packedLen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowImageService + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + packedLen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if packedLen < 0 { + return ErrInvalidLengthImageService + } + postIndex := iNdEx + packedLen + if postIndex < 0 { + return ErrInvalidLengthImageService + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + var elementCount int + if elementCount != 0 && len(m.Notes) == 0 { + m.Notes = make([]v1.Note, 0, elementCount) + } + for iNdEx < postIndex { + var v v1.Note + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowImageService + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= v1.Note(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.Notes = append(m.Notes, v) + } + } else { + return fmt.Errorf("proto: wrong wireType = %d for field Notes", wireType) + } + default: + iNdEx = preIndex + skippy, err := skipImageService(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthImageService + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *GetImageVulnerabilitiesInternalResponse) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowImageService + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: GetImageVulnerabilitiesInternalResponse: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: GetImageVulnerabilitiesInternalResponse: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Image", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowImageService + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthImageService + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthImageService + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Image == nil { + m.Image = &storage.Image{} + } + if err := m.Image.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipImageService(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthImageService + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func (m *DeleteImagesRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 diff --git a/generated/api/v1/image_service.swagger.json b/generated/api/v1/image_service.swagger.json index 1ceb9b400f61d..41cc54aa16528 100644 --- a/generated/api/v1/image_service.swagger.json +++ b/generated/api/v1/image_service.swagger.json @@ -408,20 +408,6 @@ ], "default": "UI_NONE" }, - "EmbeddedImageScanComponentExecutable": { - "type": "object", - "properties": { - "path": { - "type": "string" - }, - "dependencies": { - "type": "array", - "items": { - "type": "string" - } - } - } - }, "EmbeddedVulnerabilityVulnerabilityType": { "type": "string", "enum": [ @@ -480,6 +466,210 @@ } } }, + "scannerV1Components": { + "type": "object", + "properties": { + "namespace": { + "type": "string" + }, + "osComponents": { + "type": "array", + "items": { + "$ref": "#/definitions/scannerV1OSComponent" + } + }, + "rhelComponents": { + "type": "array", + "items": { + "$ref": "#/definitions/scannerV1RHELComponent" + } + }, + "languageComponents": { + "type": "array", + "items": { + "$ref": "#/definitions/scannerV1LanguageComponent" + } + } + } + }, + "scannerV1Executable": { + "type": "object", + "properties": { + "path": { + "type": "string" + }, + "requiredFeatures": { + "type": "array", + "items": { + "$ref": "#/definitions/scannerV1FeatureNameVersion" + } + } + } + }, + "scannerV1FeatureNameVersion": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + } + }, + "scannerV1JavaComponent": { + "type": "object", + "properties": { + "implementationVersion": { + "type": "string" + }, + "mavenVersion": { + "type": "string" + }, + "origins": { + "type": "array", + "items": { + "type": "string" + } + }, + "specificationVersion": { + "type": "string" + }, + "bundleName": { + "type": "string" + } + } + }, + "scannerV1LanguageComponent": { + "type": "object", + "properties": { + "type": { + "$ref": "#/definitions/scannerV1SourceType" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + }, + "location": { + "type": "string" + }, + "java": { + "$ref": "#/definitions/scannerV1JavaComponent" + }, + "python": { + "$ref": "#/definitions/scannerV1PythonComponent" + }, + "addedBy": { + "type": "string" + } + } + }, + "scannerV1Note": { + "type": "string", + "enum": [ + "OS_CVES_UNAVAILABLE", + "OS_CVES_STALE", + "LANGUAGE_CVES_UNAVAILABLE", + "CERTIFIED_RHEL_SCAN_UNAVAILABLE" + ], + "default": "OS_CVES_UNAVAILABLE" + }, + "scannerV1OSComponent": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + }, + "addedBy": { + "type": "string" + }, + "executables": { + "type": "array", + "items": { + "$ref": "#/definitions/scannerV1Executable" + } + } + } + }, + "scannerV1PythonComponent": { + "type": "object", + "properties": { + "homepage": { + "type": "string" + }, + "authorEmail": { + "type": "string" + }, + "downloadUrl": { + "type": "string" + }, + "summary": { + "type": "string" + }, + "description": { + "type": "string" + } + } + }, + "scannerV1RHELComponent": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "int64" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + }, + "arch": { + "type": "string" + }, + "module": { + "type": "string" + }, + "cpes": { + "type": "array", + "items": { + "type": "string" + } + }, + "addedBy": { + "type": "string" + }, + "executables": { + "type": "array", + "items": { + "$ref": "#/definitions/scannerV1Executable" + } + } + } + }, + "scannerV1SourceType": { + "type": "string", + "enum": [ + "UNSET_SOURCE_TYPE", + "JAVA", + "PYTHON", + "NPM", + "GEM", + "DOTNETCORERUNTIME" + ], + "default": "UNSET_SOURCE_TYPE" + }, "storageCVSSV2": { "type": "object", "properties": { @@ -708,13 +898,27 @@ "executables": { "type": "array", "items": { - "$ref": "#/definitions/EmbeddedImageScanComponentExecutable" + "$ref": "#/definitions/storageEmbeddedImageScanComponentExecutable" }, "title": "Values are cleared after moving to cache, remove them from the grpc return as well" } }, "title": "Next Tag: 13" }, + "storageEmbeddedImageScanComponentExecutable": { + "type": "object", + "properties": { + "path": { + "type": "string" + }, + "dependencies": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, "storageEmbeddedVulnerability": { "type": "object", "properties": { @@ -1141,6 +1345,14 @@ "v1Empty": { "type": "object" }, + "v1GetImageVulnerabilitiesInternalResponse": { + "type": "object", + "properties": { + "image": { + "$ref": "#/definitions/storageImage" + } + } + }, "v1GetWatchedImagesResponse": { "type": "object", "properties": { diff --git a/generated/storage/image_integration.pb.go b/generated/storage/image_integration.pb.go index ddc19b9b99e83..f690579a36c2e 100644 --- a/generated/storage/image_integration.pb.go +++ b/generated/storage/image_integration.pb.go @@ -60,7 +60,8 @@ type ImageIntegration struct { Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"` Type string `protobuf:"bytes,3,opt,name=type,proto3" json:"type,omitempty"` // If a list of clusters is provided, the integration will only be accessed from the specified clusters' sensors. - Clusters []string `protobuf:"bytes,5,rep,name=clusters,proto3" json:"clusters,omitempty"` + // Please use cluster_id instead. + Clusters []string `protobuf:"bytes,5,rep,name=clusters,proto3" json:"clusters,omitempty"` // Deprecated: Do not use. Categories []ImageIntegrationCategory `protobuf:"varint,6,rep,packed,name=categories,proto3,enum=storage.ImageIntegrationCategory" json:"categories,omitempty"` // Types that are valid to be assigned to IntegrationConfig: // *ImageIntegration_Dtr @@ -292,6 +293,7 @@ func (m *ImageIntegration) GetType() string { return "" } +// Deprecated: Do not use. func (m *ImageIntegration) GetClusters() []string { if m != nil { return m.Clusters @@ -1273,75 +1275,75 @@ func init() { func init() { proto.RegisterFile("storage/image_integration.proto", fileDescriptor_9e3766be4a43c581) } var fileDescriptor_9e3766be4a43c581 = []byte{ - // 1077 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xdc, 0x96, 0xcf, 0x6e, 0x23, 0xc5, - 0x13, 0xc7, 0x77, 0xec, 0xc4, 0x7f, 0xca, 0x7f, 0xe2, 0x74, 0xbc, 0xbb, 0xf3, 0x8b, 0xf4, 0x8b, - 0xcd, 0x68, 0xb5, 0x0a, 0xb0, 0x72, 0x76, 0x03, 0xcb, 0x21, 0x48, 0x48, 0xb6, 0xd7, 0x0a, 0x66, - 0x21, 0x88, 0x49, 0x2e, 0x70, 0x19, 0x75, 0x66, 0x6a, 0x67, 0x87, 0xd8, 0xd3, 0xa6, 0xbb, 0x67, - 0x77, 0xfd, 0x12, 0x5c, 0xe1, 0x19, 0xb8, 0xf2, 0x00, 0x1c, 0xb8, 0x70, 0xe4, 0x88, 0x04, 0x8a, - 0x50, 0x78, 0x83, 0x3c, 0x01, 0xea, 0x9e, 0xf1, 0x78, 0xec, 0x90, 0x28, 0x28, 0x39, 0x71, 0x9b, - 0xa9, 0xfe, 0x54, 0xf5, 0xb7, 0xab, 0xab, 0xba, 0x1b, 0x5a, 0x42, 0x32, 0x4e, 0x7d, 0xdc, 0x09, - 0xc6, 0xd4, 0x47, 0x27, 0x08, 0x25, 0xfa, 0x9c, 0xca, 0x80, 0x85, 0x9d, 0x09, 0x67, 0x92, 0x91, - 0x62, 0x02, 0x6c, 0x36, 0x7d, 0xe6, 0x33, 0x6d, 0xdb, 0x51, 0x5f, 0xf1, 0xb0, 0xf5, 0x5d, 0x01, - 0x1a, 0x43, 0xe5, 0x3a, 0x9c, 0x7b, 0x92, 0x3a, 0xe4, 0x02, 0xcf, 0x34, 0xda, 0xc6, 0x76, 0xd9, - 0xce, 0x05, 0x1e, 0x21, 0xb0, 0x12, 0xd2, 0x31, 0x9a, 0x39, 0x6d, 0xd1, 0xdf, 0xca, 0x26, 0xa7, - 0x13, 0x34, 0xf3, 0xb1, 0x4d, 0x7d, 0x93, 0x4d, 0x28, 0xb9, 0xa3, 0x48, 0x48, 0xe4, 0xc2, 0x5c, - 0x6d, 0xe7, 0xb7, 0xcb, 0x76, 0xfa, 0x4f, 0xba, 0x00, 0x2e, 0x95, 0xe8, 0x33, 0x1e, 0xa0, 0x30, - 0x0b, 0xed, 0xfc, 0x76, 0x7d, 0xf7, 0xad, 0x4e, 0x22, 0xae, 0xb3, 0x2c, 0xa1, 0x1f, 0xa3, 0x53, - 0x3b, 0xe3, 0x44, 0x1e, 0x42, 0xde, 0x93, 0xdc, 0x2c, 0xb6, 0x8d, 0xed, 0xca, 0x2e, 0x49, 0x7d, - 0x9f, 0x1d, 0xd9, 0x7d, 0x16, 0xbe, 0x08, 0xfc, 0x8f, 0xef, 0xd8, 0x0a, 0x20, 0x4f, 0x95, 0x0c, - 0x1a, 0xf0, 0xe0, 0xc5, 0xd4, 0x2c, 0x69, 0xf8, 0x7e, 0x0a, 0xf7, 0x93, 0x81, 0xd4, 0x23, 0x45, - 0xc9, 0x0e, 0x14, 0x3c, 0xe6, 0x9e, 0x20, 0x37, 0xcb, 0xda, 0xe9, 0xee, 0x7c, 0x06, 0x6d, 0x4e, - 0x5d, 0x12, 0x8c, 0xbc, 0x0d, 0x2b, 0xdf, 0x44, 0x74, 0x6a, 0x82, 0xc6, 0x37, 0x52, 0xfc, 0x8b, - 0x88, 0xce, 0xe3, 0x6b, 0x44, 0x49, 0x47, 0x97, 0x9b, 0x95, 0x25, 0xe9, 0x83, 0x7e, 0x46, 0x3a, - 0xba, 0x9c, 0xec, 0x42, 0x51, 0x62, 0x48, 0x8f, 0x47, 0x68, 0x56, 0x35, 0x7b, 0x2f, 0x65, 0x8f, - 0x62, 0x7b, 0xca, 0xcf, 0x40, 0xa5, 0xdb, 0x67, 0xcc, 0x1f, 0xa1, 0x59, 0x5b, 0xd2, 0xbd, 0xaf, - 0xcd, 0x73, 0xdd, 0x31, 0x46, 0x1e, 0xc1, 0xaa, 0x5e, 0xb4, 0x59, 0xd7, 0x7c, 0x73, 0x31, 0x39, - 0x29, 0x1e, 0x43, 0x4a, 0x12, 0x0d, 0xdd, 0x97, 0x8c, 0xa3, 0xb9, 0xbe, 0x24, 0xa9, 0x1b, 0xdb, - 0xe7, 0x92, 0x12, 0x90, 0x74, 0x20, 0x1f, 0x1c, 0x8f, 0xcd, 0xa6, 0xe6, 0x37, 0xe7, 0xbb, 0xdc, - 0xfb, 0xcc, 0x46, 0x3f, 0x10, 0x92, 0xcf, 0xf3, 0xa3, 0x40, 0xf2, 0x00, 0x6a, 0x34, 0x92, 0xcc, - 0xc7, 0x10, 0x39, 0x95, 0xe8, 0x99, 0x6b, 0x6d, 0x63, 0xbb, 0x64, 0x2f, 0x1a, 0xc9, 0xff, 0x01, - 0x92, 0x72, 0x72, 0x02, 0xcf, 0x6c, 0xe8, 0xc2, 0x2b, 0x27, 0x96, 0xa1, 0x47, 0x76, 0xe1, 0xae, - 0x38, 0x09, 0x26, 0x8e, 0x44, 0x21, 0xb3, 0x8d, 0x60, 0x12, 0x1d, 0x6c, 0x43, 0x0d, 0x1e, 0xa1, - 0x90, 0x99, 0x32, 0xeb, 0x6d, 0xc0, 0x7a, 0xb6, 0xea, 0xb4, 0xa8, 0x4f, 0x56, 0x4a, 0x1b, 0x8d, - 0xa6, 0xf5, 0xad, 0x01, 0xeb, 0x17, 0x04, 0x93, 0x4f, 0xa1, 0x84, 0xa1, 0x37, 0x61, 0x41, 0x28, - 0xe3, 0x06, 0xe9, 0x3d, 0x3e, 0x3f, 0x6d, 0x3d, 0x12, 0x2e, 0x8f, 0x8e, 0xf7, 0x2c, 0x0f, 0x27, - 0x18, 0x7a, 0x18, 0x4a, 0xab, 0xfd, 0x8a, 0x8e, 0x02, 0x8f, 0x4a, 0xdc, 0xb3, 0x42, 0x36, 0x62, - 0x2e, 0x1d, 0xcd, 0xdc, 0x2c, 0x3b, 0x8d, 0x40, 0xde, 0x85, 0x22, 0x9d, 0x04, 0xce, 0x09, 0x4e, - 0xe3, 0xde, 0xea, 0x91, 0xf3, 0xd3, 0x56, 0x3d, 0x09, 0x46, 0x47, 0xaf, 0xe9, 0x54, 0x58, 0x76, - 0x81, 0x4e, 0x82, 0xe7, 0x38, 0xb5, 0x7e, 0x30, 0x00, 0xe6, 0xa5, 0x75, 0xcb, 0x4a, 0x76, 0x01, - 0x18, 0x8d, 0xe4, 0xcb, 0x23, 0x76, 0x82, 0xe1, 0x15, 0x62, 0x32, 0x94, 0x6a, 0xf7, 0x20, 0x14, - 0xe8, 0x46, 0x3c, 0x3e, 0x06, 0x4a, 0x76, 0xfa, 0x6f, 0x21, 0x54, 0x32, 0xd5, 0x44, 0xf6, 0x2e, - 0x88, 0xdd, 0x3a, 0x3f, 0x6d, 0x6d, 0x5e, 0x4b, 0x5a, 0x76, 0x9a, 0xdc, 0xd2, 0x34, 0x3f, 0x1b, - 0x50, 0x5f, 0x6c, 0xe9, 0x1b, 0x4d, 0xd5, 0x87, 0x9a, 0xcf, 0x27, 0xae, 0x93, 0x06, 0xc8, 0x5f, - 0x2b, 0x40, 0x55, 0x39, 0x0d, 0x66, 0x41, 0x1e, 0x43, 0x33, 0x8c, 0xc6, 0x8e, 0xcb, 0x42, 0x37, - 0xe2, 0x1c, 0x43, 0xe9, 0x08, 0x97, 0x86, 0x42, 0x6b, 0x5f, 0xb5, 0x49, 0x18, 0x8d, 0xfb, 0xe9, - 0xd0, 0xa1, 0x1a, 0xb1, 0x7e, 0x37, 0xa0, 0x9a, 0x3d, 0x63, 0x6e, 0x79, 0x6f, 0x9f, 0x40, 0x29, - 0x12, 0xc8, 0xe7, 0x47, 0x78, 0xef, 0xee, 0xf9, 0x69, 0x6b, 0xfd, 0x42, 0x34, 0x3b, 0xc5, 0x48, - 0x07, 0x4a, 0x13, 0x2a, 0xc4, 0x6b, 0xc6, 0xbd, 0x24, 0x07, 0xff, 0x54, 0x0c, 0x29, 0xb3, 0xb0, - 0x47, 0x2b, 0x4b, 0x7b, 0xf4, 0x53, 0x1e, 0xca, 0xe9, 0x41, 0x47, 0x5a, 0x50, 0xe1, 0x49, 0x4b, - 0x39, 0xe9, 0x25, 0x03, 0x33, 0xd3, 0xd0, 0x23, 0x1f, 0x40, 0x8d, 0xba, 0x2e, 0x0a, 0xa1, 0xda, - 0x42, 0x21, 0x97, 0x17, 0x63, 0x25, 0x06, 0x9f, 0xa3, 0xf2, 0xfb, 0x08, 0xd6, 0x05, 0xba, 0x1c, - 0xa5, 0x33, 0x77, 0xbf, 0x42, 0xfb, 0x5a, 0x0c, 0x77, 0x67, 0x11, 0xc8, 0x3d, 0x28, 0x28, 0x15, - 0x2c, 0xd4, 0x0b, 0x28, 0xdb, 0xc9, 0x1f, 0xe9, 0x40, 0x31, 0x12, 0xe8, 0x04, 0x74, 0x6c, 0xae, - 0xaa, 0x95, 0x5d, 0x96, 0xbc, 0x42, 0x24, 0x70, 0x48, 0xc7, 0x0b, 0x7b, 0x57, 0xb8, 0xf1, 0xde, - 0x3d, 0x84, 0x35, 0x35, 0x3b, 0x15, 0x22, 0x1a, 0xa3, 0xc3, 0xd9, 0x08, 0xf5, 0xfd, 0x57, 0xb2, - 0x6b, 0x91, 0xc0, 0xae, 0xb6, 0xda, 0x6c, 0x84, 0xe4, 0x01, 0xd4, 0x33, 0x8c, 0x4a, 0x5b, 0x49, - 0xaf, 0xa2, 0x4a, 0x53, 0x66, 0xe8, 0x91, 0xa7, 0x70, 0x3f, 0x4b, 0xe1, 0x1b, 0xa9, 0xf6, 0x7b, - 0xa4, 0xf0, 0xb2, 0xc6, 0x9b, 0x73, 0x7c, 0x90, 0x0c, 0x0e, 0x3d, 0xeb, 0x37, 0x03, 0xca, 0xe9, - 0x2d, 0xbb, 0x50, 0x4e, 0xc6, 0xbf, 0x2f, 0xa7, 0xdc, 0x35, 0xca, 0x29, 0x9b, 0xc3, 0xfc, 0x8d, - 0x73, 0x78, 0x55, 0x71, 0xfe, 0x68, 0x40, 0x35, 0x7b, 0x4d, 0xde, 0x72, 0xeb, 0x7d, 0x08, 0x6b, - 0x02, 0xf9, 0xab, 0xc0, 0x45, 0x55, 0x95, 0x2c, 0x0a, 0xe5, 0x15, 0xeb, 0xaf, 0x27, 0x68, 0x37, - 0x26, 0x89, 0x09, 0xc5, 0x09, 0x67, 0x5f, 0xa3, 0x9b, 0x24, 0xc1, 0x9e, 0xfd, 0x5a, 0x11, 0xd4, - 0x16, 0x9e, 0x03, 0xe4, 0x09, 0x40, 0xa6, 0xea, 0x8d, 0x4b, 0xa7, 0x28, 0xa7, 0x1d, 0xa3, 0x5c, - 0x92, 0x7e, 0xb9, 0xfa, 0xfa, 0x29, 0xc7, 0x94, 0xba, 0x81, 0xfe, 0x30, 0xa0, 0xb6, 0x70, 0xe7, - 0xff, 0xa7, 0x0e, 0xaa, 0x77, 0xf6, 0xc1, 0xbc, 0xec, 0x1d, 0x4a, 0xaa, 0x50, 0xb2, 0x07, 0xfb, - 0xc3, 0xc3, 0x23, 0xfb, 0xcb, 0xc6, 0x1d, 0x52, 0x81, 0xe2, 0x61, 0xbf, 0x7b, 0x70, 0x30, 0xb0, - 0x1b, 0x06, 0x69, 0x40, 0xf5, 0xe0, 0xf3, 0x67, 0x03, 0x67, 0x66, 0xc9, 0xf5, 0xde, 0xff, 0xe5, - 0x6c, 0xcb, 0xf8, 0xf5, 0x6c, 0xcb, 0xf8, 0xf3, 0x6c, 0xcb, 0xf8, 0xfe, 0xaf, 0xad, 0x3b, 0xf0, - 0xbf, 0x80, 0x75, 0x84, 0xa4, 0xee, 0x09, 0x67, 0x6f, 0xe2, 0x97, 0xf7, 0xec, 0x51, 0xf4, 0xd5, - 0xec, 0x81, 0x7e, 0x5c, 0xd0, 0xf6, 0xf7, 0xfe, 0x0e, 0x00, 0x00, 0xff, 0xff, 0x68, 0x0f, 0x88, - 0xa1, 0xd3, 0x0b, 0x00, 0x00, + // 1082 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xdc, 0x96, 0xdf, 0x6e, 0xe3, 0xc4, + 0x17, 0xc7, 0xeb, 0xa4, 0x4d, 0x9c, 0x93, 0x3f, 0x4d, 0xa7, 0xe9, 0xae, 0x7f, 0x95, 0x7e, 0x49, + 0xb0, 0x56, 0xab, 0x02, 0xab, 0x74, 0xb7, 0xb0, 0x5c, 0x14, 0x09, 0x29, 0xc9, 0x46, 0x25, 0x2c, + 0x14, 0xe1, 0xf6, 0x06, 0x6e, 0xac, 0xa9, 0x7d, 0xd6, 0x6b, 0x9a, 0x78, 0xc2, 0xcc, 0x78, 0x77, + 0xf3, 0x12, 0x5c, 0x23, 0xf1, 0x06, 0xdc, 0xf2, 0x00, 0x5c, 0x70, 0xc3, 0x25, 0x97, 0x48, 0xa0, + 0x0a, 0x95, 0x37, 0xe8, 0x13, 0xa0, 0xb1, 0x1d, 0xc7, 0x49, 0x69, 0x55, 0xd4, 0x5e, 0x71, 0x67, + 0x9f, 0xf9, 0x9c, 0x33, 0xdf, 0x39, 0x73, 0xce, 0xcc, 0x40, 0x4b, 0x48, 0xc6, 0xa9, 0x87, 0xbb, + 0xfe, 0x98, 0x7a, 0x68, 0xfb, 0x81, 0x44, 0x8f, 0x53, 0xe9, 0xb3, 0xa0, 0x33, 0xe1, 0x4c, 0x32, + 0x52, 0x4c, 0x80, 0xed, 0x86, 0xc7, 0x3c, 0x16, 0xd9, 0x76, 0xd5, 0x57, 0x3c, 0x6c, 0x7e, 0x5f, + 0x80, 0xfa, 0x50, 0xb9, 0x0e, 0xe7, 0x9e, 0xa4, 0x06, 0x39, 0xdf, 0x35, 0xb4, 0xb6, 0xb6, 0x53, + 0xb2, 0x72, 0xbe, 0x4b, 0x08, 0xac, 0x06, 0x74, 0x8c, 0x46, 0x2e, 0xb2, 0x44, 0xdf, 0xca, 0x26, + 0xa7, 0x13, 0x34, 0xf2, 0xb1, 0x4d, 0x7d, 0x93, 0x26, 0xe8, 0xce, 0x28, 0x14, 0x12, 0xb9, 0x30, + 0xd6, 0xda, 0xf9, 0x9d, 0x52, 0x2f, 0x67, 0x68, 0x56, 0x6a, 0x23, 0x5d, 0x00, 0x87, 0x4a, 0xf4, + 0x18, 0xf7, 0x51, 0x18, 0x85, 0x76, 0x7e, 0xa7, 0xb6, 0xf7, 0x56, 0x27, 0x11, 0xd8, 0x59, 0x96, + 0xd1, 0x8f, 0xd1, 0xa9, 0x95, 0x71, 0x22, 0x0f, 0x21, 0xef, 0x4a, 0x6e, 0x14, 0xdb, 0xda, 0x4e, + 0x79, 0x8f, 0xa4, 0xbe, 0xcf, 0x8e, 0xad, 0x3e, 0x0b, 0x5e, 0xf8, 0xde, 0xc7, 0x2b, 0x96, 0x02, + 0xc8, 0x53, 0x25, 0x85, 0xfa, 0xdc, 0x7f, 0x31, 0x35, 0xf4, 0x08, 0xbe, 0x9f, 0xc2, 0xfd, 0x64, + 0x20, 0xf5, 0x48, 0x51, 0xb2, 0x0b, 0x05, 0x97, 0x39, 0xa7, 0xc8, 0x8d, 0x52, 0xe4, 0xb4, 0x35, + 0x9f, 0x21, 0x32, 0xa7, 0x2e, 0x09, 0x46, 0xde, 0x86, 0xd5, 0x6f, 0x42, 0x3a, 0x35, 0x20, 0xc2, + 0x37, 0x53, 0xfc, 0x8b, 0x90, 0xce, 0xe3, 0x47, 0x88, 0x92, 0x8e, 0x0e, 0x37, 0xca, 0x4b, 0xd2, + 0x07, 0xfd, 0x8c, 0x74, 0x74, 0x38, 0xd9, 0x83, 0xa2, 0xc4, 0x80, 0x9e, 0x8c, 0xd0, 0xa8, 0x44, + 0xec, 0xbd, 0x94, 0x3d, 0x8e, 0xed, 0x29, 0x3f, 0x03, 0x95, 0x6e, 0x8f, 0x31, 0x6f, 0x84, 0x46, + 0x75, 0x49, 0xf7, 0x41, 0x64, 0x9e, 0xeb, 0x8e, 0x31, 0xf2, 0x08, 0xd6, 0xa2, 0x45, 0x1b, 0xb5, + 0x88, 0x6f, 0x2c, 0x26, 0x27, 0xc5, 0x63, 0x48, 0x49, 0xa2, 0x81, 0xf3, 0x92, 0x71, 0x34, 0x36, + 0x96, 0x24, 0x75, 0x63, 0xfb, 0x5c, 0x52, 0x02, 0x92, 0x0e, 0xe4, 0xfd, 0x93, 0xb1, 0xd1, 0x88, + 0xf8, 0xed, 0xf9, 0x2e, 0xf7, 0x3e, 0xb3, 0xd0, 0xf3, 0x85, 0xe4, 0xf3, 0xfc, 0x28, 0x90, 0x3c, + 0x80, 0x2a, 0x0d, 0x25, 0xf3, 0x30, 0x40, 0x4e, 0x25, 0xba, 0xc6, 0x7a, 0x5b, 0xdb, 0xd1, 0xad, + 0x45, 0x23, 0xf9, 0x3f, 0x40, 0x52, 0x4e, 0xb6, 0xef, 0x1a, 0xf5, 0xa8, 0xf8, 0x4a, 0x89, 0x65, + 0xe8, 0x92, 0x3d, 0xd8, 0x12, 0xa7, 0xfe, 0xc4, 0x96, 0x28, 0x64, 0xb6, 0x19, 0x0c, 0x12, 0x05, + 0xdb, 0x54, 0x83, 0xc7, 0x28, 0x64, 0xa6, 0xcc, 0x7a, 0x9b, 0xb0, 0x91, 0xad, 0xba, 0x48, 0xd4, + 0x27, 0xab, 0xfa, 0x66, 0xbd, 0x61, 0x7e, 0xab, 0xc1, 0xc6, 0x25, 0xc1, 0xe4, 0x53, 0xd0, 0x31, + 0x70, 0x27, 0xcc, 0x0f, 0x64, 0xdc, 0x24, 0xbd, 0xc7, 0x17, 0x67, 0xad, 0x47, 0xc2, 0xe1, 0xe1, + 0xc9, 0xbe, 0xe9, 0xe2, 0x04, 0x03, 0x17, 0x03, 0x69, 0xb6, 0x5f, 0xd1, 0x91, 0xef, 0x52, 0x89, + 0xfb, 0x66, 0xc0, 0x46, 0xcc, 0xa1, 0xa3, 0x99, 0x9b, 0x69, 0xa5, 0x11, 0xc8, 0xbb, 0x50, 0xa4, + 0x13, 0xdf, 0x3e, 0xc5, 0x69, 0xdc, 0x5f, 0x3d, 0x72, 0x71, 0xd6, 0xaa, 0x25, 0xc1, 0xe8, 0xe8, + 0x35, 0x9d, 0x0a, 0xd3, 0x2a, 0xd0, 0x89, 0xff, 0x1c, 0xa7, 0xe6, 0x0f, 0x1a, 0xc0, 0xbc, 0xb4, + 0xee, 0x58, 0xc9, 0x1e, 0x00, 0xa3, 0xa1, 0x7c, 0x79, 0xcc, 0x4e, 0x31, 0xb8, 0x46, 0x4c, 0x86, + 0x22, 0xdb, 0xa0, 0xfb, 0x81, 0x40, 0x27, 0xe4, 0xf1, 0x51, 0xa0, 0x5b, 0xe9, 0xbf, 0x89, 0x50, + 0xce, 0x54, 0x13, 0xd9, 0xbf, 0x24, 0xb6, 0x79, 0x71, 0xd6, 0xda, 0xbe, 0x91, 0xb4, 0xec, 0x34, + 0xb9, 0xa5, 0x69, 0x7e, 0xd6, 0xa0, 0xb6, 0xd8, 0xd2, 0xb7, 0x9a, 0xaa, 0x0f, 0x55, 0x8f, 0x4f, + 0x1c, 0x3b, 0x0d, 0x90, 0xbf, 0x51, 0x80, 0x8a, 0x72, 0x1a, 0xcc, 0x82, 0x3c, 0x86, 0x46, 0x10, + 0x8e, 0x6d, 0x87, 0x05, 0x4e, 0xc8, 0x39, 0x06, 0xd2, 0x16, 0x0e, 0x0d, 0x44, 0xa4, 0x7d, 0xcd, + 0x22, 0x41, 0x38, 0xee, 0xa7, 0x43, 0x47, 0x6a, 0xc4, 0xfc, 0x5d, 0x83, 0x4a, 0xf6, 0x8c, 0xb9, + 0xe3, 0xbd, 0x7d, 0x02, 0x7a, 0x28, 0x90, 0xcf, 0x8f, 0xf1, 0xde, 0xd6, 0xc5, 0x59, 0x6b, 0xe3, + 0x52, 0x34, 0x2b, 0xc5, 0x48, 0x07, 0xf4, 0x09, 0x15, 0xe2, 0x35, 0xe3, 0x6e, 0x92, 0x83, 0x7f, + 0x2a, 0x86, 0x94, 0x59, 0xd8, 0xa3, 0xd5, 0xa5, 0x3d, 0xfa, 0x29, 0x0f, 0xa5, 0xf4, 0xa0, 0x23, + 0x2d, 0x28, 0xf3, 0xa4, 0xa5, 0xec, 0xf4, 0xa2, 0x81, 0x99, 0x69, 0xe8, 0x92, 0x0f, 0xa0, 0x4a, + 0x1d, 0x07, 0x85, 0x50, 0x6d, 0xa1, 0x90, 0xab, 0x8b, 0xb1, 0x1c, 0x83, 0xcf, 0x51, 0xf9, 0x7d, + 0x04, 0x1b, 0x02, 0x1d, 0x8e, 0xd2, 0x9e, 0xbb, 0x5f, 0xa3, 0x7d, 0x3d, 0x86, 0xbb, 0xb3, 0x08, + 0xe4, 0x1e, 0x14, 0x94, 0x0a, 0x16, 0x44, 0x0b, 0x28, 0x59, 0xc9, 0x1f, 0xe9, 0x40, 0x31, 0x14, + 0x68, 0xfb, 0x74, 0x6c, 0xac, 0xa9, 0x95, 0x5d, 0x95, 0xbc, 0x42, 0x28, 0x70, 0x48, 0xc7, 0x0b, + 0x7b, 0x57, 0xb8, 0xf5, 0xde, 0x3d, 0x84, 0x75, 0x35, 0x3b, 0x15, 0x22, 0x1c, 0xa3, 0xcd, 0xd9, + 0x08, 0xa3, 0xfb, 0x4f, 0xb7, 0xaa, 0xa1, 0xc0, 0x6e, 0x64, 0xb5, 0xd8, 0x08, 0xc9, 0x03, 0xa8, + 0x65, 0x18, 0x95, 0x36, 0x3d, 0x5a, 0x45, 0x85, 0xa6, 0xcc, 0xd0, 0x25, 0x4f, 0xe1, 0x7e, 0x96, + 0xc2, 0x37, 0x52, 0xed, 0xf7, 0x48, 0xe1, 0xa5, 0x08, 0x6f, 0xcc, 0xf1, 0x41, 0x32, 0x38, 0x74, + 0xcd, 0xdf, 0x34, 0x28, 0xa5, 0xb7, 0xec, 0x42, 0x39, 0x69, 0xff, 0xbe, 0x9c, 0x72, 0x37, 0x28, + 0xa7, 0x6c, 0x0e, 0xf3, 0xb7, 0xce, 0xe1, 0x75, 0xc5, 0xf9, 0xa3, 0x06, 0x95, 0xec, 0x35, 0x79, + 0xc7, 0xad, 0xf7, 0x21, 0xac, 0x0b, 0xe4, 0xaf, 0x7c, 0x07, 0x55, 0x55, 0xb2, 0x30, 0x90, 0xd7, + 0xac, 0xbf, 0x96, 0xa0, 0xdd, 0x98, 0x24, 0x06, 0x14, 0x27, 0x9c, 0x7d, 0x8d, 0x4e, 0x92, 0x04, + 0x6b, 0xf6, 0x6b, 0x86, 0x50, 0x5d, 0x78, 0x0e, 0x90, 0x27, 0x00, 0x99, 0xaa, 0xd7, 0xae, 0x9c, + 0xa2, 0x94, 0x76, 0x8c, 0x72, 0x49, 0xfa, 0xe5, 0xfa, 0xeb, 0xa7, 0x14, 0x53, 0xea, 0x06, 0xfa, + 0x43, 0x83, 0xea, 0xc2, 0x9d, 0xff, 0x9f, 0x3a, 0xa8, 0xde, 0x39, 0x00, 0xe3, 0xaa, 0x77, 0x28, + 0xa9, 0x80, 0x6e, 0x0d, 0x0e, 0x86, 0x47, 0xc7, 0xd6, 0x97, 0xf5, 0x15, 0x52, 0x86, 0xe2, 0x51, + 0xbf, 0x7b, 0x78, 0x38, 0xb0, 0xea, 0x1a, 0xa9, 0x43, 0xe5, 0xf0, 0xf3, 0x67, 0x03, 0x7b, 0x66, + 0xc9, 0xf5, 0xde, 0xff, 0xe5, 0xbc, 0xa9, 0xfd, 0x7a, 0xde, 0xd4, 0xfe, 0x3c, 0x6f, 0x6a, 0xdf, + 0xfd, 0xd5, 0x5c, 0x81, 0xff, 0xf9, 0xac, 0x23, 0x24, 0x75, 0x4e, 0x39, 0x7b, 0x13, 0xbf, 0xbe, + 0x67, 0x8f, 0xa2, 0xaf, 0x66, 0x8f, 0xf4, 0x93, 0x42, 0x64, 0x7f, 0xef, 0xef, 0x00, 0x00, 0x00, + 0xff, 0xff, 0x09, 0x4a, 0x7a, 0xfc, 0xd7, 0x0b, 0x00, 0x00, } func (m *ImageIntegration) Marshal() (dAtA []byte, err error) { diff --git a/go.mod b/go.mod index e5556cc46a13b..767b6d79ae46e 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.16 // CAVEAT: This introduces a circular dependency. If you change this line, you MUST change the "exclude" // directive at the bottom of the file as well. -require github.com/stackrox/scanner v0.0.0-20220106020903-2744339f7e9d +require github.com/stackrox/scanner v0.0.0-20220114174010-bfa0b08101ec require ( cloud.google.com/go v0.94.1 diff --git a/go.sum b/go.sum index 1bfff196af178..cc2d942948acd 100644 --- a/go.sum +++ b/go.sum @@ -1936,8 +1936,8 @@ github.com/stackrox/k8s-istio-cve-pusher v0.0.0-20210422200002-d89f671ac4f5 h1:0 github.com/stackrox/k8s-istio-cve-pusher v0.0.0-20210422200002-d89f671ac4f5/go.mod h1:GEtZ9DYAzmOtyqQPCJCEIzXJ7NcrHbMy6ZPJbcyfmLM= github.com/stackrox/nvdtools v0.0.0-20210326191554-5daeb6395b56 h1:D2wYiy+hcKy8qZAg9SxSWfZgbvmEgD9AdV0g0lJqGZ0= github.com/stackrox/nvdtools v0.0.0-20210326191554-5daeb6395b56/go.mod h1:AIeN7k60Q/kcW9aeiMpA0PY8CU3zsrLV0UhIksolMn4= -github.com/stackrox/scanner v0.0.0-20220106020903-2744339f7e9d h1:AugbkBwG2hVTam/UG0k+/GcjNMLMDd8/au9ke2NnOtY= -github.com/stackrox/scanner v0.0.0-20220106020903-2744339f7e9d/go.mod h1:DxQRXuuHfgvLOCBkhwX67Q6qO/6MkKizEBXdnhKudkQ= +github.com/stackrox/scanner v0.0.0-20220114174010-bfa0b08101ec h1:0cTIDwloboGC/edJaOOT7KZNlP60r1UlAbD8Lg1iXb4= +github.com/stackrox/scanner v0.0.0-20220114174010-bfa0b08101ec/go.mod h1:DxQRXuuHfgvLOCBkhwX67Q6qO/6MkKizEBXdnhKudkQ= github.com/stackrox/tail v1.4.9-0.20210831224919-407035634f5d h1:jeM6QMtwE9BU0rfDYcmkI/aOChOUfIO18LDp/DSnZpI= github.com/stackrox/tail v1.4.9-0.20210831224919-407035634f5d/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/stackrox/yaml/v2 v2.4.1 h1:09ux+QFfvp+Lk73pwGlMTAHeZoS2pqs6CCngYaJ6EQo= diff --git a/make/protogen.mk b/make/protogen.mk index bbe79d49620e4..e58098c474a94 100644 --- a/make/protogen.mk +++ b/make/protogen.mk @@ -20,6 +20,11 @@ GENERATED_PB_SRCS = $(ALL_PROTOS_REL:%.proto=$(GENERATED_BASE_PATH)/%.pb.go) GENERATED_API_GW_SRCS = $(SERVICE_PROTOS_REL:%.proto=$(GENERATED_BASE_PATH)/%.pb.gw.go) GENERATED_API_SWAGGER_SPECS = $(API_SERVICE_PROTOS:%.proto=$(GENERATED_BASE_PATH)/%.swagger.json) +SCANNER_DIR = $(shell go list -f '{{.Dir}}' -m github.com/stackrox/scanner) +SCANNER_PROTO_BASE_PATH = $(SCANNER_DIR)/proto +ALL_SCANNER_PROTOS = $(shell find $(SCANNER_PROTO_BASE_PATH) -name '*.proto') +ALL_SCANNER_PROTOS_REL = $(ALL_SCANNER_PROTOS:$(SCANNER_PROTO_BASE_PATH)/%=%) + ############## ## Protobuf ## ############## @@ -91,10 +96,15 @@ $(PROTOC_GEN_LINT): $(MODFILE_DIR)/github.com/ckaznocha/protoc-gen-lint/UPDATE_C GOGO_M_STR := Mgoogle/protobuf/any.proto=github.com/gogo/protobuf/types,Mgoogle/protobuf/duration.proto=github.com/gogo/protobuf/types,Mgoogle/protobuf/struct.proto=github.com/gogo/protobuf/types,Mgoogle/protobuf/timestamp.proto=github.com/gogo/protobuf/types,Mgoogle/protobuf/wrappers.proto=github.com/gogo/protobuf/types,Mgoogle/protobuf/empty.proto=github.com/gogo/protobuf/types -# The --go_out=M... argument specifies the go package to use for an imported proto file. Here, we instruct protoc-gen-go -# to import the go source for proto file $(BASE_PATH)//*.proto to +# The --go_out=M... argument specifies the go package to use for an imported proto file. +# Here, we instruct protoc-gen-go to import the go source for proto file $(BASE_PATH)//*.proto to # "github.com/stackrox/rox/generated/". -M_ARGS = $(foreach proto,$(ALL_PROTOS_REL),M$(proto)=github.com/stackrox/rox/generated/$(patsubst %/,%,$(dir $(proto)))) +ROX_M_ARGS = $(foreach proto,$(ALL_PROTOS_REL),M$(proto)=github.com/stackrox/rox/generated/$(patsubst %/,%,$(dir $(proto)))) +# Here, we instruct protoc-gen-go to import the go source for proto file github.com/scanner/proto//*.proto to +# "github.com/stackrox/scanner/generated/". +SCANNER_M_ARGS = $(foreach proto,$(ALL_SCANNER_PROTOS_REL),M$(proto)=github.com/stackrox/scanner/generated/$(patsubst %/,%,$(dir $(proto)))) +# Combine the *_M_ARGS. +M_ARGS = $(ROX_M_ARGS) $(SCANNER_M_ARGS) # This is the M_ARGS used for the grpc-gateway invocation. We only map the storage protos, because # - the gateway code produces no output (possibly because of a bug) if we pass M_ARGS_STR to it. # - the gateway code doesn't need access to anything outside api/v1 except storage. In particular, it should NOT import internalapi protos. @@ -122,6 +132,7 @@ proto-fmt: $(PROTOC_GEN_LINT) -I$(PROTOC_INCLUDES) \ -I$(GOGO_DIR)/protobuf \ -I$(GRPC_GATEWAY_DIR)/third_party/googleapis \ + -I$(SCANNER_PROTO_BASE_PATH) \ --lint_out=. \ --proto_path=$(PROTO_BASE_PATH) \ $(ALL_PROTOS) @@ -190,6 +201,7 @@ $(GENERATED_BASE_PATH)/%.pb.go: $(PROTO_BASE_PATH)/%.proto $(PROTO_DEPS) $(PROTO -I$(GOGO_DIR) \ -I$(PROTOC_INCLUDES) \ -I$(GRPC_GATEWAY_DIR)/third_party/googleapis \ + -I$(SCANNER_PROTO_BASE_PATH) \ --proto_path=$(PROTO_BASE_PATH) \ --gofast_out=$(GOGO_M_STR:%=%,)$(M_ARGS_STR:%=%,)plugins=grpc:$(GENERATED_BASE_PATH) \ $(dir $<)/*.proto @@ -204,6 +216,7 @@ $(GENERATED_BASE_PATH)/%_service.pb.gw.go: $(PROTO_BASE_PATH)/%_service.proto $( -I$(PROTOC_INCLUDES) \ -I$(GOGO_DIR) \ -I$(GRPC_GATEWAY_DIR)/third_party/googleapis \ + -I$(SCANNER_PROTO_BASE_PATH) \ --proto_path=$(PROTO_BASE_PATH) \ --grpc-gateway_out=$(GATEWAY_M_ARGS_STR:%=%,)allow_colon_final_segments=true,logtostderr=true:$(GENERATED_BASE_PATH) \ $(dir $<)/*.proto @@ -217,6 +230,7 @@ $(GENERATED_BASE_PATH)/%.swagger.json: $(PROTO_BASE_PATH)/%.proto $(PROTO_DEPS) -I$(GOGO_DIR) \ -I$(PROTOC_INCLUDES) \ -I$(GRPC_GATEWAY_DIR)/third_party/googleapis \ + -I$(SCANNER_PROTO_BASE_PATH) \ --proto_path=$(PROTO_BASE_PATH) \ --swagger_out=logtostderr=true,json_names_for_fields=true:$(GENERATED_BASE_PATH) \ $(dir $<)/*.proto diff --git a/pkg/env/sensor.go b/pkg/env/sensor.go index 865f1cd96eed5..c73f97590de16 100644 --- a/pkg/env/sensor.go +++ b/pkg/env/sensor.go @@ -11,4 +11,8 @@ var ( // SensorEndpoint is used to communicate the sensor endpoint to other services in the same cluster. SensorEndpoint = RegisterSetting("ROX_SENSOR_ENDPOINT", WithDefault("sensor.stackrox.svc:443")) + + // ScannerEndpoint is used to communicate the scanner endpoint to other services in the same cluster. + // This is typically used for Sensor to communicate with a local Scanner-slim's gRPC server. + ScannerEndpoint = RegisterSetting("ROX_SCANNER_GRPC_ENDPOINT", WithDefault("scanner.stackrox.svc:8443")) ) diff --git a/proto/api/v1/image_service.proto b/proto/api/v1/image_service.proto index 2526e13fd8d54..624c26e27f05d 100644 --- a/proto/api/v1/image_service.proto +++ b/proto/api/v1/image_service.proto @@ -6,6 +6,8 @@ option java_package = "io.stackrox.proto.api.v1"; import weak "google/api/annotations.proto"; import "api/v1/search_service.proto"; import "api/v1/empty.proto"; +import "scanner/api/v1/component.proto"; +import "scanner/api/v1/note.proto"; import "storage/image.proto"; import "storage/deployment.proto"; @@ -40,6 +42,18 @@ message ScanImageInternalResponse { storage.Image image = 1; } +message GetImageVulnerabilitiesInternalRequest { + string image_id = 1; + storage.ImageName image_name = 2; + storage.ImageMetadata metadata = 3; + scannerV1.Components components = 4; + repeated scannerV1.Note notes = 5; +} + +message GetImageVulnerabilitiesInternalResponse { + storage.Image image = 1; +} + message DeleteImagesRequest { RawQuery query = 1; bool confirm = 2; @@ -119,9 +133,13 @@ service ImageService { }; } - // ScanImageInternal is used solely by the Sensor to send scan requests + // ScanImageInternal is used solely by the Sensor and Admission Controller to send scan requests rpc ScanImageInternal (ScanImageInternalRequest) returns (ScanImageInternalResponse); + // GetImageVulnerabilities is used solely by the Sensor and Admission Controller to send + // vulnerability matching requests. + rpc GetImageVulnerabilitiesInternal (GetImageVulnerabilitiesInternalRequest) returns (GetImageVulnerabilitiesInternalResponse); + // InvalidateScanAndRegistryCaches removes the image metadata cache. rpc InvalidateScanAndRegistryCaches (Empty) returns (Empty) { option (google.api.http) = { diff --git a/proto/internalapi/sensor/image_iservice.proto b/proto/internalapi/sensor/image_iservice.proto index 75ed86dc209f4..285a92820354e 100644 --- a/proto/internalapi/sensor/image_iservice.proto +++ b/proto/internalapi/sensor/image_iservice.proto @@ -16,7 +16,7 @@ message GetImageResponse { storage.Image image = 1; } -// A Sensor service that allows admission controller to retrieve images from Sensor +// A Sensor service that allows Admission Controller to retrieve images from Sensor service ImageService { rpc GetImage (GetImageRequest) returns (GetImageResponse); } diff --git a/proto/storage/image_integration.proto b/proto/storage/image_integration.proto index 052534b96cf51..02302ef7e3210 100644 --- a/proto/storage/image_integration.proto +++ b/proto/storage/image_integration.proto @@ -13,7 +13,8 @@ message ImageIntegration { string name = 2; string type = 3; // If a list of clusters is provided, the integration will only be accessed from the specified clusters' sensors. - repeated string clusters = 5; + // Please use cluster_id instead. + repeated string clusters = 5 [deprecated = true]; repeated ImageIntegrationCategory categories = 6; oneof IntegrationConfig { diff --git a/sensor/common/scannerclient/grpc_client.go b/sensor/common/scannerclient/grpc_client.go new file mode 100644 index 0000000000000..7ee9b7a6e64af --- /dev/null +++ b/sensor/common/scannerclient/grpc_client.go @@ -0,0 +1,79 @@ +package scannerclient + +import ( + "context" + "fmt" + "strings" + + "github.com/pkg/errors" + "github.com/stackrox/rox/generated/storage" + "github.com/stackrox/rox/pkg/clientconn" + "github.com/stackrox/rox/pkg/mtls" + scannerV1 "github.com/stackrox/scanner/generated/scanner/api/v1" + "google.golang.org/grpc" + "google.golang.org/grpc/credentials" +) + +// Client is a Scanner gRPC client. +type Client struct { + client scannerV1.ImageScanServiceClient +} + +// NewGRPCClient creates a new Scanner client. +func NewGRPCClient(endpoint string) (*Client, error) { + if endpoint == "" { + // No Scanner connection desired. + return nil, nil + } + + parts := strings.SplitN(endpoint, "://", 2) + if parts[0] != "https" { + if len(parts) != 1 { + return nil, errors.Errorf("creating client unsupported scheme %s", parts[0]) + } + + endpoint = fmt.Sprintf("https://%s", endpoint) + } + + // TODO: is this right? + tlsConfig, err := clientconn.TLSConfig(mtls.ScannerSubject, clientconn.TLSConfigOptions{ + UseClientCert: clientconn.MustUseClientCert, + }) + if err != nil { + return nil, errors.Wrap(err, "failed to initialize Scanner TLS config") + } + + conn, err := grpc.Dial(endpoint, grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig))) + if err != nil { + return nil, errors.Wrap(err, "failed to connect to Scanner") + } + + return &Client{ + client: scannerV1.NewImageScanServiceClient(conn), + }, nil +} + +// GetImageAnalysis retrieves the image analysis results for the given image. +// The steps are as follows: +// 1. Retrieve image metadata. +// 2. Request image analysis from Scanner, directly. +// 3. Return image analysis results. +func (c *Client) GetImageAnalysis(ctx context.Context, image *storage.ContainerImage) (*scannerV1.GetImageComponentsResponse, error) { + + // TODO: get image metadata + + resp, err := c.client.GetImageComponents(ctx, &scannerV1.GetImageComponentsRequest{ + Image: image.GetId(), + // TODO + Registry: &scannerV1.RegistryData{ + Url: image.GetName().GetRegistry(), + Username: "", + Password: "", + }, + }) + if err != nil { + return nil, errors.Wrap(err, "getting image components from scanner") + } + + return resp, nil +} diff --git a/sensor/common/scannerclient/util.go b/sensor/common/scannerclient/util.go new file mode 100644 index 0000000000000..5f8765265c0d9 --- /dev/null +++ b/sensor/common/scannerclient/util.go @@ -0,0 +1,44 @@ +package scannerclient + +import ( + "context" + + "github.com/pkg/errors" + v1 "github.com/stackrox/rox/generated/api/v1" + "github.com/stackrox/rox/generated/storage" + "github.com/stackrox/rox/pkg/env" + scannerV1 "github.com/stackrox/scanner/generated/scanner/api/v1" +) + +// ScanImage runs the pipeline required to scan an image with a local Scanner. +func ScanImage(ctx context.Context, centralClient v1.ImageServiceClient, image *storage.ContainerImage) (*storage.Image, error) { + scannerClient, err := NewGRPCClient(env.ScannerEndpoint.Setting()) + if err != nil { + return nil, errors.Wrap(err, "creating Scanner client") + } + if scannerClient == nil { + // There is no local Scanner. + return nil, nil + } + + scannerResp, err := scannerClient.GetImageAnalysis(ctx, image) + if err != nil { + return nil, errors.Wrap(err, "scanning image") + } + // If the scan did not succeed, then ignore the results. + if scannerResp.GetStatus() != scannerV1.ScanStatus_SUCCEEDED { + return nil, nil + } + + centralResp, err := centralClient.GetImageVulnerabilitiesInternal(ctx, &v1.GetImageVulnerabilitiesInternalRequest{ + ImageId: image.GetId(), + ImageName: image.GetName(), + Components: scannerResp.GetComponents(), + Notes: scannerResp.GetNotes(), + }) + if err != nil { + return nil, errors.Wrap(err, "retrieving image vulnerabilities") + } + + return centralResp.GetImage(), nil +} From fd639457d91a79cc6197b4ef6b9e253766bece68 Mon Sep 17 00:00:00 2001 From: RTann Date: Tue, 18 Jan 2022 15:02:05 -0800 Subject: [PATCH 006/103] for now --- generated/api/v1/alert_service.swagger.json | 3 + .../api/v1/compliance_service.swagger.json | 3 + .../api/v1/deployment_service.swagger.json | 3 + .../api/v1/detection_service.swagger.json | 3 + generated/api/v1/image_service.swagger.json | 3 + generated/storage/deployment.pb.go | 454 ++++++++++-------- proto/storage/deployment.proto | 8 +- sensor/admission-control/manager/images.go | 7 +- sensor/common/detector/enricher.go | 21 +- sensor/common/image/service_impl.go | 26 +- sensor/common/scannerclient/grpc_client.go | 1 - 11 files changed, 318 insertions(+), 214 deletions(-) diff --git a/generated/api/v1/alert_service.swagger.json b/generated/api/v1/alert_service.swagger.json index 168e7bcf6fce0..ee9bc14d57a30 100644 --- a/generated/api/v1/alert_service.swagger.json +++ b/generated/api/v1/alert_service.swagger.json @@ -1012,6 +1012,9 @@ }, "notPullable": { "type": "boolean" + }, + "namespace": { + "type": "string" } } }, diff --git a/generated/api/v1/compliance_service.swagger.json b/generated/api/v1/compliance_service.swagger.json index f0ea4fb903278..7edd7d215153d 100644 --- a/generated/api/v1/compliance_service.swagger.json +++ b/generated/api/v1/compliance_service.swagger.json @@ -1418,6 +1418,9 @@ }, "notPullable": { "type": "boolean" + }, + "namespace": { + "type": "string" } } }, diff --git a/generated/api/v1/deployment_service.swagger.json b/generated/api/v1/deployment_service.swagger.json index 12d4f5b94a185..c0f20c5448541 100644 --- a/generated/api/v1/deployment_service.swagger.json +++ b/generated/api/v1/deployment_service.swagger.json @@ -573,6 +573,9 @@ }, "notPullable": { "type": "boolean" + }, + "namespace": { + "type": "string" } } }, diff --git a/generated/api/v1/detection_service.swagger.json b/generated/api/v1/detection_service.swagger.json index a08416d9569d9..1cb672997fcdc 100644 --- a/generated/api/v1/detection_service.swagger.json +++ b/generated/api/v1/detection_service.swagger.json @@ -707,6 +707,9 @@ }, "notPullable": { "type": "boolean" + }, + "namespace": { + "type": "string" } } }, diff --git a/generated/api/v1/image_service.swagger.json b/generated/api/v1/image_service.swagger.json index 41cc54aa16528..3dee4f9042d84 100644 --- a/generated/api/v1/image_service.swagger.json +++ b/generated/api/v1/image_service.swagger.json @@ -837,6 +837,9 @@ }, "notPullable": { "type": "boolean" + }, + "namespace": { + "type": "string" } } }, diff --git a/generated/storage/deployment.pb.go b/generated/storage/deployment.pb.go index 5d7495eb93c4f..c86a595e95d08 100644 --- a/generated/storage/deployment.pb.go +++ b/generated/storage/deployment.pb.go @@ -512,6 +512,7 @@ type ContainerImage struct { Id string `protobuf:"bytes,4,opt,name=id,proto3" json:"id,omitempty" search:"Image Sha,store,hidden"` Name *ImageName `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` NotPullable bool `protobuf:"varint,10,opt,name=not_pullable,json=notPullable,proto3" json:"not_pullable,omitempty"` + Namespace string `protobuf:"bytes,11,opt,name=namespace,proto3" json:"namespace,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_sizecache int32 `json:"-"` } @@ -570,6 +571,13 @@ func (m *ContainerImage) GetNotPullable() bool { return false } +func (m *ContainerImage) GetNamespace() string { + if m != nil { + return m.Namespace + } + return "" +} + func (m *ContainerImage) MessageClone() proto.Message { return m.Clone() } @@ -2247,210 +2255,211 @@ func init() { func init() { proto.RegisterFile("storage/deployment.proto", fileDescriptor_c3884ae4621696a3) } var fileDescriptor_c3884ae4621696a3 = []byte{ - // 3247 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x59, 0x4b, 0x73, 0xdb, 0xd6, + // 3257 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x59, 0xcb, 0x73, 0xdb, 0x56, 0x77, 0x37, 0x45, 0x4a, 0x22, 0x0f, 0x29, 0x3e, 0xae, 0xfc, 0x80, 0xe9, 0x07, 0x60, 0x24, 0x4e, 0x14, 0xc7, 0x91, 0x1d, 0xd9, 0xd3, 0xa4, 0x1a, 0x3b, 0x19, 0x89, 0xa2, 0x12, 0xda, 0x12, 0xc5, 0x40, 0x54, 0xd2, 0xa6, 0x0b, 0x0c, 0x04, 0x5c, 0x53, 0xa8, 0x41, 0x5c, 0x14, 0x00, 0x55, 0x6b, - 0xd9, 0x65, 0x17, 0xdd, 0x74, 0x91, 0xc9, 0xb6, 0xab, 0x7e, 0x83, 0x7e, 0x86, 0xce, 0x74, 0xa6, - 0x93, 0x99, 0x76, 0xcd, 0x76, 0xd2, 0x65, 0xbb, 0x29, 0x3f, 0xc1, 0x7f, 0xee, 0x0b, 0x0f, 0x52, - 0xfa, 0xc7, 0xf9, 0xaf, 0x48, 0x9c, 0xf3, 0x3b, 0xbf, 0x7b, 0x70, 0xef, 0xb9, 0xe7, 0x9e, 0x73, - 0x01, 0x4a, 0x14, 0x93, 0xd0, 0x1a, 0xe1, 0x27, 0x0e, 0x0e, 0x3c, 0x72, 0x31, 0xc6, 0x7e, 0xbc, - 0x19, 0x84, 0x24, 0x26, 0x68, 0x55, 0x68, 0xda, 0xea, 0x88, 0x90, 0x91, 0x87, 0x9f, 0x30, 0xf1, - 0xe9, 0xe4, 0xcd, 0x93, 0xd8, 0x1d, 0xe3, 0x28, 0xb6, 0xc6, 0x01, 0x47, 0xb6, 0x55, 0xc9, 0x61, - 0x13, 0x3f, 0xb6, 0x5c, 0x1f, 0x87, 0x66, 0x38, 0xf1, 0x29, 0x4a, 0x00, 0xae, 0x4b, 0x80, 0x67, - 0x9d, 0x62, 0x2f, 0x12, 0xd2, 0x75, 0x29, 0x75, 0xc7, 0xd6, 0x68, 0x01, 0x4a, 0x89, 0x62, 0x09, - 0x45, 0x52, 0x1a, 0x9e, 0x5a, 0xb6, 0x44, 0x8e, 0xc8, 0x88, 0xb0, 0xbf, 0x4f, 0xe8, 0x3f, 0x2e, - 0xd5, 0xff, 0x1d, 0x01, 0xec, 0x25, 0xaf, 0x82, 0xbe, 0x80, 0x25, 0xd7, 0x51, 0x0a, 0x5a, 0x61, - 0xa3, 0xb2, 0xfb, 0xf1, 0x6c, 0xaa, 0x7e, 0x10, 0x61, 0x2b, 0xb4, 0xcf, 0xb6, 0xf5, 0x14, 0xa3, - 0xf5, 0xf6, 0x1e, 0x53, 0x7a, 0xfc, 0xf8, 0xcc, 0x75, 0x1c, 0xec, 0xeb, 0xc6, 0x92, 0xeb, 0xa0, - 0xcf, 0xa1, 0xe4, 0x5b, 0x63, 0xac, 0x2c, 0x31, 0xd3, 0x7b, 0xb3, 0xa9, 0x7a, 0x7b, 0xd1, 0x94, - 0xdb, 0xe9, 0x06, 0x83, 0xa2, 0x87, 0x50, 0x3a, 0xb3, 0xa2, 0x33, 0xa5, 0xad, 0x15, 0x36, 0x4a, - 0xbb, 0xad, 0xd9, 0x54, 0x5d, 0xa3, 0xcf, 0xdb, 0xba, 0x3b, 0xf2, 0x39, 0x8c, 0x3e, 0xa2, 0xa7, - 0x50, 0x8a, 0x2f, 0x02, 0xac, 0x94, 0x18, 0xf3, 0xdd, 0xd9, 0x54, 0x55, 0x2e, 0x71, 0x6a, 0x78, - 0x11, 0x50, 0x0b, 0x8a, 0x44, 0xdb, 0x50, 0xa1, 0x03, 0x44, 0x81, 0x65, 0x63, 0x65, 0x79, 0xd1, - 0xac, 0x2f, 0x95, 0xd2, 0x9f, 0x14, 0x8e, 0x5e, 0x40, 0x2d, 0x79, 0x30, 0x5d, 0x47, 0xb9, 0xc5, - 0xcc, 0x6f, 0xcf, 0xa6, 0xea, 0x8d, 0x05, 0x73, 0xad, 0xb7, 0xa7, 0x1b, 0xd5, 0x04, 0xde, 0x73, - 0xd0, 0x8f, 0x70, 0x93, 0x84, 0xf6, 0x19, 0x8e, 0xe2, 0xd0, 0x8a, 0x49, 0x68, 0xda, 0x64, 0x1c, - 0x10, 0x1f, 0xfb, 0xb1, 0xf2, 0x40, 0x2b, 0x6c, 0x94, 0x77, 0x3f, 0x98, 0x4d, 0x55, 0x55, 0xf2, - 0x1c, 0x65, 0x90, 0x5a, 0x47, 0x22, 0x75, 0xe3, 0x46, 0x96, 0x22, 0x91, 0xa3, 0x36, 0x94, 0x43, - 0x1c, 0x78, 0xae, 0x6d, 0x45, 0xca, 0x8a, 0x56, 0xd8, 0x28, 0x1a, 0xc9, 0x33, 0xfa, 0x0e, 0x56, - 0x78, 0xa8, 0x28, 0xab, 0x5a, 0x71, 0xa3, 0xba, 0xa5, 0x6e, 0x8a, 0x00, 0xd8, 0x4c, 0xa7, 0x68, - 0xf3, 0x80, 0x21, 0xba, 0x7e, 0x1c, 0x5e, 0xec, 0x2a, 0xb3, 0xa9, 0x7a, 0x5d, 0x3a, 0xc2, 0x14, - 0x72, 0x2e, 0x04, 0x11, 0x32, 0x01, 0x02, 0xe2, 0x98, 0x82, 0x76, 0x9d, 0xd1, 0xea, 0x97, 0xd1, - 0x0e, 0x88, 0x93, 0x65, 0xce, 0xcd, 0xf4, 0x80, 0x38, 0x5a, 0x8e, 0xbd, 0x12, 0x48, 0x34, 0x7a, - 0x09, 0x75, 0x46, 0x6e, 0x46, 0xd8, 0xc3, 0x76, 0x4c, 0x42, 0xe5, 0xba, 0x56, 0xd8, 0xa8, 0x6e, - 0xdd, 0x4c, 0x06, 0x61, 0xc0, 0x63, 0xa1, 0x35, 0xd6, 0xbc, 0xec, 0x23, 0xc2, 0xb0, 0x6a, 0x87, - 0xd8, 0x8a, 0xb1, 0xa3, 0x94, 0x99, 0x5d, 0x7b, 0x93, 0xef, 0xbb, 0x4d, 0xb9, 0xef, 0x36, 0x87, - 0x72, 0xdf, 0xed, 0x3e, 0x99, 0x4d, 0xd5, 0x4f, 0xa5, 0x53, 0x1d, 0x6e, 0x96, 0x0f, 0x62, 0x2d, - 0x1f, 0x7a, 0x92, 0x1b, 0x75, 0x00, 0x6c, 0x6f, 0x12, 0xc5, 0x38, 0xa4, 0xd1, 0x50, 0x61, 0xd1, - 0xf0, 0xe1, 0x6c, 0xaa, 0x6a, 0x09, 0x1b, 0xd7, 0x2e, 0xee, 0x8a, 0x8a, 0xb0, 0xeb, 0x39, 0xe8, - 0x25, 0xd4, 0x24, 0x09, 0xdb, 0x24, 0xc0, 0x68, 0xda, 0xb3, 0xa9, 0x7a, 0x73, 0x8e, 0x46, 0xce, - 0x53, 0x55, 0xe0, 0x69, 0xac, 0xa1, 0x2d, 0x80, 0x24, 0x53, 0x44, 0x4a, 0x95, 0x2d, 0x05, 0x4a, - 0x66, 0xa9, 0x23, 0x55, 0x46, 0x06, 0x85, 0x4c, 0xa8, 0x5a, 0xbe, 0x4f, 0x62, 0x2b, 0x76, 0x89, - 0x1f, 0x29, 0x75, 0x66, 0xf4, 0xe1, 0x65, 0xeb, 0xb7, 0x93, 0xc2, 0xf8, 0x0a, 0xde, 0x9a, 0x4d, - 0xd5, 0x75, 0xe9, 0x57, 0xaa, 0xd5, 0x8d, 0x2c, 0x23, 0xda, 0x87, 0x72, 0x10, 0xba, 0x24, 0x74, - 0xe3, 0x0b, 0xa5, 0x41, 0xc3, 0x71, 0xf7, 0xd1, 0x6c, 0xaa, 0x7e, 0x94, 0xac, 0xbc, 0xd0, 0x5d, - 0x31, 0xbf, 0x89, 0x2d, 0x0d, 0x6b, 0xd7, 0xb7, 0xec, 0xd8, 0x3d, 0xc7, 0x4a, 0x93, 0x6e, 0x12, - 0x23, 0x79, 0x46, 0x07, 0x80, 0x58, 0xae, 0x33, 0x83, 0x89, 0x47, 0xe3, 0xc4, 0x0e, 0x71, 0x1c, - 0x29, 0x2d, 0xad, 0xb8, 0x51, 0xd9, 0xbd, 0x3f, 0x9b, 0xaa, 0x6d, 0x39, 0x5a, 0x8f, 0xa2, 0xb4, - 0xc1, 0xc4, 0xf3, 0xb4, 0x63, 0x86, 0xd2, 0x8d, 0x26, 0xb3, 0xa4, 0x22, 0x2e, 0x89, 0x50, 0x17, - 0x1a, 0x11, 0x0e, 0xcf, 0x5d, 0x1b, 0x9b, 0x96, 0x6d, 0x93, 0x89, 0x1f, 0x2b, 0x68, 0x31, 0x39, - 0x1c, 0x73, 0x88, 0xb6, 0xc3, 0x21, 0xba, 0x51, 0x17, 0x46, 0x42, 0x80, 0x7e, 0x2a, 0x80, 0x36, - 0xc7, 0x63, 0x06, 0x38, 0x1c, 0xbb, 0x51, 0xe4, 0x12, 0xdf, 0xf4, 0xf0, 0x39, 0xf6, 0x94, 0xbb, - 0x5a, 0x61, 0xa3, 0xbe, 0xa5, 0x24, 0xf3, 0x3d, 0x48, 0x00, 0x07, 0x54, 0xbf, 0xfb, 0x6c, 0x36, - 0x55, 0x9f, 0x5c, 0x31, 0xa4, 0x96, 0x82, 0x35, 0x86, 0x96, 0x41, 0x71, 0x2f, 0xef, 0xc9, 0x1c, - 0x27, 0x8a, 0x40, 0xb5, 0x26, 0x31, 0x19, 0x33, 0x8f, 0xe6, 0x3d, 0x8c, 0xc9, 0x5b, 0xec, 0x2b, - 0xb7, 0x59, 0x16, 0x7a, 0x3c, 0x9b, 0xaa, 0x1b, 0x01, 0xf1, 0x5c, 0xfb, 0x62, 0x5b, 0xdf, 0x91, - 0x26, 0xda, 0xbc, 0x1b, 0x43, 0x6a, 0xa2, 0x1b, 0x77, 0x13, 0xd2, 0xe3, 0xdc, 0xf0, 0x4c, 0x4d, - 0xf3, 0xe5, 0x19, 0x89, 0x62, 0xd3, 0xc7, 0xf1, 0xdf, 0x92, 0xf0, 0xad, 0x72, 0x83, 0x8d, 0xc0, - 0xf2, 0xa5, 0x1c, 0xe1, 0x5b, 0x12, 0xc5, 0x5a, 0x9f, 0xeb, 0x75, 0xa3, 0x4a, 0xe1, 0xe2, 0x09, - 0x3d, 0x85, 0x32, 0xb3, 0x0e, 0x5c, 0x47, 0x51, 0x99, 0xe5, 0x8d, 0xd9, 0x54, 0x6d, 0xe5, 0x2c, - 0x07, 0x34, 0xcb, 0xae, 0x52, 0xd8, 0xc0, 0x75, 0x12, 0x0b, 0x37, 0xb0, 0x15, 0xed, 0x0a, 0x8b, - 0xde, 0xa0, 0x23, 0x2c, 0x7a, 0x81, 0x8d, 0xbe, 0x86, 0x35, 0x71, 0xba, 0x9a, 0xb6, 0x67, 0x45, - 0x91, 0xa2, 0xa7, 0xbb, 0x4f, 0x9a, 0x19, 0x1c, 0xa0, 0x75, 0x28, 0x40, 0x37, 0x6a, 0xc2, 0x80, - 0x3d, 0xa2, 0x2e, 0x54, 0x63, 0xe2, 0xe1, 0x50, 0x6c, 0xa5, 0x9b, 0x6c, 0x2b, 0xad, 0x27, 0x4b, - 0x3b, 0x4c, 0x74, 0xbb, 0xf5, 0xd9, 0x54, 0x05, 0xb9, 0xaa, 0x9f, 0xe9, 0x46, 0xd6, 0x0e, 0xbd, - 0x84, 0xe5, 0x80, 0x84, 0x71, 0xa4, 0x28, 0x73, 0x04, 0x03, 0x12, 0xc6, 0x1d, 0xe2, 0xbf, 0x71, - 0x47, 0xbb, 0x68, 0x36, 0x55, 0xeb, 0xd2, 0x29, 0x2a, 0x8f, 0x74, 0x83, 0x5b, 0xa1, 0x3e, 0x34, - 0xa2, 0xd8, 0x8a, 0xb1, 0x99, 0x54, 0x13, 0xca, 0x1d, 0xb6, 0xed, 0x1e, 0xce, 0xa6, 0xea, 0x83, - 0xdc, 0xee, 0xd2, 0x22, 0xec, 0x47, 0x24, 0xcc, 0xef, 0xb8, 0x3a, 0xb3, 0x4e, 0x52, 0x22, 0xea, - 0x03, 0x84, 0x6e, 0xf4, 0xd6, 0x8c, 0x6c, 0x12, 0x62, 0xe5, 0x9e, 0x56, 0xd8, 0x58, 0xca, 0xa7, - 0x49, 0xc3, 0x8d, 0xde, 0x6a, 0xc7, 0x76, 0x36, 0x47, 0x4a, 0xcf, 0x1e, 0x4b, 0xd2, 0x0a, 0xa5, - 0x60, 0x18, 0xb4, 0x03, 0xb5, 0x20, 0x24, 0x36, 0x8e, 0x22, 0x33, 0xb6, 0x46, 0x91, 0x72, 0x7f, - 0x71, 0x97, 0x0e, 0xb8, 0x5e, 0x1b, 0x5a, 0xa3, 0x24, 0xcf, 0x09, 0x9b, 0xa1, 0x35, 0x8a, 0xda, - 0x7f, 0x0e, 0xd5, 0xcc, 0x49, 0x82, 0x9a, 0x50, 0x7c, 0x8b, 0x2f, 0x78, 0x31, 0x62, 0xd0, 0xbf, - 0xe8, 0x3a, 0x2c, 0x9f, 0x5b, 0xde, 0x44, 0x54, 0x19, 0x06, 0x7f, 0xd8, 0x5e, 0xfa, 0xb2, 0xd0, - 0x7e, 0x01, 0xf5, 0xfc, 0x39, 0xf4, 0xbb, 0xac, 0xbf, 0x82, 0xe6, 0x7c, 0x16, 0xfc, 0x3d, 0xf6, - 0xaf, 0x4a, 0xe5, 0x62, 0xb3, 0xf4, 0xaa, 0x54, 0xae, 0x35, 0xd7, 0xf4, 0x9f, 0x0a, 0x50, 0x4f, - 0x52, 0x32, 0xcb, 0x4b, 0xe8, 0x19, 0x2b, 0xaa, 0x78, 0xfd, 0x92, 0xab, 0x00, 0x78, 0xda, 0x3a, - 0x3e, 0xb3, 0x2e, 0x29, 0xa8, 0x3e, 0x12, 0x05, 0x55, 0x81, 0x1d, 0x6e, 0x69, 0xba, 0x67, 0x36, - 0xf4, 0x58, 0x10, 0x55, 0xd4, 0x03, 0xa8, 0xf9, 0x24, 0x66, 0x19, 0xd2, 0x3a, 0xf5, 0xf8, 0xd9, - 0x52, 0x36, 0xaa, 0x3e, 0x89, 0x07, 0x42, 0xb4, 0x5d, 0xfa, 0xe5, 0x9f, 0xd4, 0x6b, 0xfa, 0x7f, - 0x16, 0xa1, 0x92, 0x38, 0x86, 0xea, 0x69, 0xa1, 0xc7, 0x86, 0x7b, 0x0a, 0x2b, 0x36, 0x8b, 0x41, - 0xf6, 0x76, 0xd5, 0x4c, 0xea, 0x4a, 0x6c, 0x78, 0x8c, 0x1a, 0x02, 0x87, 0x3e, 0x83, 0x65, 0x96, - 0x62, 0x95, 0x22, 0x33, 0xb8, 0xb5, 0x68, 0xc0, 0x5c, 0x35, 0x38, 0x0a, 0x75, 0xa0, 0x19, 0x61, - 0x7b, 0x42, 0x73, 0xbe, 0x49, 0xcf, 0x29, 0xfc, 0x2e, 0x66, 0x53, 0x92, 0x1d, 0xea, 0x58, 0x00, - 0x3a, 0x5c, 0x6f, 0x34, 0xa2, 0xbc, 0x00, 0x7d, 0x02, 0xab, 0xe7, 0xc4, 0x9b, 0x8c, 0x71, 0xa4, - 0x2c, 0xb3, 0x5d, 0xd4, 0x48, 0x6c, 0xbf, 0x67, 0x72, 0x43, 0xea, 0xd1, 0x2b, 0xb9, 0xdd, 0x56, - 0xae, 0xde, 0x6e, 0xea, 0x6c, 0xaa, 0xde, 0x99, 0x0f, 0x6a, 0x2d, 0xb3, 0x81, 0xc5, 0xde, 0xfb, - 0x1c, 0x56, 0xe5, 0xe1, 0xc3, 0xeb, 0xab, 0xf4, 0x65, 0xbb, 0xe3, 0x53, 0xec, 0x38, 0xd8, 0xe1, - 0x87, 0x8c, 0x21, 0x71, 0xe8, 0x29, 0x54, 0x42, 0x1c, 0x91, 0x49, 0x68, 0xe3, 0x48, 0x14, 0x28, - 0xe9, 0x1a, 0x1a, 0x52, 0x63, 0xa4, 0x20, 0xf4, 0x44, 0x2c, 0x38, 0x2f, 0x0e, 0xee, 0xcc, 0xa6, - 0xea, 0x2d, 0xe9, 0x5a, 0x32, 0xa3, 0x1a, 0x5d, 0x78, 0x51, 0x3f, 0xbf, 0x2a, 0x95, 0x2b, 0x4d, - 0xd0, 0xff, 0x6d, 0x09, 0x2a, 0x09, 0x1f, 0x1a, 0x40, 0xcb, 0x0e, 0x26, 0x26, 0xdd, 0x91, 0x91, - 0x19, 0xe2, 0xbf, 0x99, 0xe0, 0x28, 0x66, 0xab, 0xbc, 0x34, 0x57, 0xb5, 0x0c, 0x4e, 0xb4, 0x0e, - 0x05, 0x69, 0x06, 0x07, 0xc9, 0x0d, 0xd9, 0xb0, 0x83, 0x09, 0x53, 0x08, 0x39, 0x7a, 0x05, 0x8d, - 0x94, 0xd1, 0x73, 0xc7, 0x6e, 0xcc, 0x22, 0x64, 0x69, 0x57, 0x9f, 0x4d, 0xd5, 0xfb, 0x8b, 0x7c, - 0x07, 0x14, 0x22, 0xd9, 0xd6, 0x24, 0x1b, 0x93, 0x22, 0x03, 0x5a, 0x63, 0x3c, 0x26, 0xe1, 0x85, - 0x39, 0x3e, 0x4d, 0xbc, 0x2b, 0x32, 0xb6, 0x8f, 0x66, 0x53, 0x55, 0x97, 0x6c, 0x87, 0x0c, 0x24, - 0x5d, 0xd3, 0x36, 0x0e, 0x77, 0x3f, 0x49, 0xfc, 0xe3, 0x04, 0x87, 0xa7, 0xd2, 0xbf, 0x03, 0x68, - 0xa4, 0x9c, 0xdc, 0xbf, 0xd2, 0xe2, 0xfb, 0x0a, 0x46, 0xe6, 0x46, 0x8e, 0x6f, 0x4d, 0xf2, 0x31, - 0x95, 0xfe, 0xbf, 0x45, 0x58, 0xe1, 0x91, 0x84, 0xb6, 0x32, 0x1b, 0x70, 0x2e, 0x91, 0x71, 0x04, - 0x5b, 0x8c, 0x7c, 0x4b, 0xf3, 0x25, 0xac, 0xf0, 0x95, 0x10, 0x7d, 0x90, 0x36, 0x9b, 0xaa, 0x77, - 0xe7, 0xac, 0x8e, 0x19, 0x20, 0x29, 0xb7, 0x39, 0x1e, 0x7d, 0x03, 0x55, 0x07, 0x47, 0xb1, 0xeb, - 0xb3, 0x1c, 0xc4, 0x26, 0xa5, 0xc2, 0x53, 0xfb, 0x9c, 0xf9, 0x5e, 0x8a, 0x4a, 0x92, 0x68, 0xc6, - 0x12, 0x7d, 0x4d, 0x03, 0xcf, 0x72, 0x4c, 0xe2, 0x7b, 0x17, 0x6c, 0x26, 0xca, 0xf9, 0x95, 0x12, - 0x34, 0x06, 0xb6, 0x9c, 0x23, 0xdf, 0xbb, 0x90, 0x1c, 0xe5, 0x50, 0x08, 0xe8, 0x7b, 0xb3, 0x7e, - 0x6b, 0xf9, 0xca, 0xf7, 0xa6, 0xbd, 0x56, 0xf2, 0xde, 0xac, 0xe3, 0x1a, 0x43, 0x8b, 0x97, 0x1d, - 0x41, 0x48, 0x02, 0x6b, 0xc4, 0xdf, 0x61, 0x85, 0xd5, 0x40, 0xda, 0xdc, 0x0e, 0xdd, 0x3c, 0x64, - 0xb5, 0x4b, 0x8a, 0xe3, 0x43, 0xc8, 0x50, 0x3f, 0xe4, 0x15, 0x50, 0xaa, 0xd6, 0x8d, 0xe6, 0x78, - 0xce, 0x42, 0xdf, 0x87, 0xe6, 0x3c, 0x0b, 0x2a, 0x43, 0xa9, 0x7f, 0xd4, 0xef, 0x36, 0xaf, 0xa1, - 0x1b, 0xd0, 0xfa, 0xf6, 0xe8, 0x78, 0x68, 0x0e, 0x8f, 0xcc, 0xce, 0x51, 0x7f, 0xb8, 0xd3, 0xeb, - 0x77, 0x8d, 0x66, 0x01, 0xb5, 0x60, 0x6d, 0xb7, 0xb7, 0xd7, 0x33, 0xba, 0x9d, 0x61, 0xef, 0xa8, - 0xbf, 0x73, 0xd0, 0x5c, 0xd2, 0xff, 0xab, 0x04, 0xc5, 0x01, 0x71, 0xd0, 0xa3, 0x4c, 0xd7, 0x9b, - 0xab, 0xca, 0x69, 0xff, 0xd2, 0xdb, 0xcb, 0xe5, 0xe5, 0xa7, 0xb9, 0x46, 0x77, 0xa1, 0xdb, 0x61, - 0x31, 0x21, 0xf1, 0x3c, 0x28, 0xf6, 0x61, 0x2d, 0xbd, 0x2c, 0xa0, 0x5d, 0x04, 0x5f, 0xdc, 0x07, - 0xb3, 0xa9, 0x7a, 0xef, 0xf2, 0xf6, 0x5a, 0xda, 0xd7, 0x52, 0xbb, 0x9e, 0x93, 0x6f, 0x6b, 0x4b, - 0xbf, 0xaf, 0xad, 0xcd, 0xb7, 0x31, 0xcb, 0x7f, 0x5a, 0x1b, 0xb3, 0x03, 0x75, 0xcf, 0x3d, 0xc7, - 0xa6, 0xeb, 0x47, 0xb1, 0xe5, 0xd3, 0xc4, 0xc6, 0x73, 0x6b, 0xfb, 0x92, 0xd4, 0x2f, 0x20, 0xc6, - 0x1a, 0xb5, 0x90, 0x4f, 0x11, 0xc2, 0x70, 0x3d, 0xa6, 0x65, 0xab, 0x4f, 0x9b, 0xab, 0x0c, 0xd1, - 0xea, 0x5c, 0x7f, 0x39, 0x20, 0xce, 0x22, 0xd9, 0x81, 0x1b, 0xc5, 0x0b, 0x35, 0xd6, 0x7a, 0xca, - 0x97, 0x0e, 0xf3, 0x1c, 0x56, 0xa3, 0xd8, 0x0a, 0xdf, 0xab, 0x39, 0x34, 0x24, 0xb4, 0xfd, 0x1d, - 0xdc, 0xb8, 0x74, 0x4c, 0xf4, 0x25, 0x54, 0x52, 0x57, 0x0b, 0xbf, 0xf9, 0xce, 0x29, 0x58, 0xff, - 0x8f, 0x22, 0xb4, 0x16, 0x00, 0xe8, 0x25, 0x54, 0x25, 0xc4, 0x14, 0x81, 0x57, 0xdd, 0xba, 0x7b, - 0x35, 0x63, 0x6f, 0xcf, 0x00, 0x69, 0xd0, 0xa3, 0xe1, 0xda, 0x12, 0x9d, 0x9e, 0xeb, 0x8f, 0x4c, - 0xda, 0xa5, 0xbb, 0x8e, 0x28, 0x4a, 0x1a, 0xa9, 0x62, 0x40, 0x9c, 0x9e, 0x83, 0x1e, 0x42, 0x3d, - 0xbd, 0x65, 0x62, 0x81, 0xbb, 0xc2, 0x80, 0x6b, 0x89, 0x94, 0xb5, 0x98, 0x1f, 0x40, 0x2a, 0x30, - 0xdd, 0x20, 0x52, 0x8a, 0xb4, 0x7c, 0x33, 0x6a, 0x89, 0xb0, 0x17, 0xe4, 0x66, 0xb5, 0xf4, 0xde, - 0xb3, 0x8a, 0x0e, 0xa1, 0xc6, 0x9b, 0x38, 0xc7, 0x1d, 0xd1, 0x7c, 0xcf, 0x83, 0x2f, 0xd7, 0x2c, - 0xa6, 0xe7, 0x1b, 0xaf, 0x88, 0xf6, 0x18, 0x32, 0x09, 0xc1, 0x2a, 0xb3, 0xe7, 0x42, 0xf4, 0x67, - 0x50, 0x7e, 0xe3, 0xfa, 0x6e, 0x74, 0x86, 0x1d, 0x65, 0xf5, 0x37, 0xbd, 0x48, 0xb0, 0xe8, 0x0e, - 0x54, 0xf0, 0x3b, 0x37, 0x36, 0x6d, 0xe2, 0x60, 0x16, 0x14, 0xcb, 0x46, 0x99, 0x0a, 0x3a, 0xc4, - 0xc1, 0xe8, 0x33, 0x40, 0x32, 0x8c, 0x68, 0x0f, 0x17, 0x62, 0x2b, 0x22, 0x3e, 0xef, 0xf6, 0x8d, - 0x56, 0x46, 0x63, 0x30, 0x85, 0xfe, 0x77, 0x05, 0x58, 0xbf, 0x64, 0x91, 0xd0, 0x7e, 0xb2, 0x30, - 0xe9, 0x95, 0x1e, 0x5b, 0xdd, 0xfa, 0xd6, 0xed, 0x4b, 0xfa, 0x75, 0x0e, 0x30, 0x9a, 0xf6, 0x9c, - 0x44, 0x14, 0x67, 0x4b, 0x49, 0x71, 0x86, 0xa0, 0xe4, 0x53, 0xb7, 0x59, 0xe2, 0x30, 0xd8, 0x7f, - 0x7d, 0x04, 0xf5, 0x7c, 0xed, 0x81, 0x3e, 0xce, 0x1d, 0x58, 0xeb, 0xb3, 0xa9, 0xda, 0x48, 0x3b, - 0x4c, 0xde, 0x14, 0xf3, 0x84, 0xf4, 0x18, 0x4a, 0x81, 0x15, 0x9f, 0x89, 0x14, 0x96, 0xbb, 0x0a, - 0xe2, 0x40, 0x6d, 0x60, 0xc5, 0x67, 0xba, 0xc1, 0x50, 0xfa, 0x3f, 0x96, 0x01, 0xd2, 0x9a, 0x89, - 0xf9, 0x92, 0x8c, 0x22, 0x08, 0xbf, 0xca, 0x06, 0x19, 0x2d, 0x99, 0x18, 0xf5, 0x72, 0xfe, 0x26, - 0x81, 0x72, 0xa4, 0x75, 0x81, 0x84, 0x53, 0x29, 0x7a, 0x01, 0x65, 0xb6, 0x76, 0x36, 0xf1, 0x44, - 0x72, 0xcc, 0x1d, 0x9c, 0x14, 0x43, 0x8f, 0x04, 0x06, 0x48, 0x0e, 0x2c, 0x69, 0x81, 0x1c, 0x28, - 0xe3, 0x77, 0x01, 0x89, 0x26, 0x21, 0x4f, 0x8b, 0xf5, 0xad, 0x07, 0x97, 0x14, 0x7b, 0x9b, 0x5d, - 0x81, 0xe1, 0x0d, 0x78, 0xee, 0x68, 0x3d, 0xb4, 0xde, 0x69, 0x52, 0x9d, 0x6f, 0xb9, 0x13, 0x66, - 0xf4, 0x10, 0x6a, 0xec, 0x3f, 0x76, 0xf8, 0x1b, 0x2e, 0xb3, 0x37, 0x5c, 0x52, 0x0a, 0x46, 0x55, - 0xc8, 0xd9, 0xab, 0x38, 0x50, 0x97, 0x26, 0xa6, 0xeb, 0xbf, 0x21, 0x32, 0x47, 0x6a, 0x7f, 0xcc, - 0xa5, 0x9e, 0xff, 0x86, 0xe4, 0x2b, 0xbe, 0xc4, 0x1b, 0xaa, 0x8a, 0x74, 0x63, 0x0d, 0x67, 0xa0, - 0x51, 0xfb, 0x9f, 0x4b, 0x50, 0xcb, 0x1a, 0xa3, 0x1f, 0x61, 0x99, 0x5f, 0x3c, 0x14, 0xde, 0x77, - 0x02, 0x72, 0xc7, 0xcf, 0xe5, 0x2f, 0xcf, 0x29, 0xd1, 0x3e, 0xd4, 0xe4, 0x6d, 0x42, 0xe6, 0xe4, - 0xcb, 0x35, 0x32, 0xcc, 0xde, 0xf5, 0x47, 0xf2, 0x0e, 0x21, 0xa9, 0x4c, 0x84, 0x21, 0xcb, 0x31, - 0xf7, 0x00, 0x24, 0x8f, 0x3c, 0x04, 0x8d, 0x8a, 0x90, 0xf4, 0x1c, 0xf4, 0x18, 0x90, 0x54, 0x27, - 0x47, 0x55, 0xc0, 0xcf, 0x39, 0xa3, 0x29, 0x34, 0xe2, 0x94, 0xea, 0x05, 0xe8, 0x75, 0xea, 0x54, - 0x66, 0x39, 0x36, 0x66, 0x53, 0xf5, 0xc3, 0xab, 0x9c, 0xd2, 0xb2, 0x11, 0x28, 0x3d, 0x63, 0x8b, - 0xb6, 0x03, 0x15, 0xba, 0xa7, 0x38, 0xd3, 0x0a, 0x63, 0xca, 0x1d, 0x8e, 0x5d, 0xbe, 0xc0, 0x5a, - 0x9f, 0x38, 0x79, 0x96, 0x32, 0x35, 0x13, 0x14, 0x35, 0xfc, 0x2e, 0xc6, 0xa1, 0x6f, 0x79, 0x2c, - 0x7f, 0xae, 0x2e, 0xb6, 0xbf, 0x5d, 0xa1, 0xd7, 0x7a, 0x83, 0xc4, 0x0b, 0x69, 0x43, 0xd3, 0xeb, - 0x31, 0xa0, 0x84, 0xe2, 0x8c, 0x44, 0x31, 0x3b, 0xbd, 0x95, 0x32, 0x23, 0x9a, 0x73, 0x47, 0x10, - 0x7d, 0x2b, 0x50, 0x92, 0xae, 0x25, 0xed, 0xa5, 0x22, 0xd2, 0x4f, 0x60, 0x2d, 0xb7, 0xee, 0xa8, - 0x02, 0xcb, 0x27, 0xfd, 0xe3, 0xee, 0xb0, 0x79, 0x0d, 0xd5, 0xa0, 0xdc, 0xfd, 0x8b, 0x61, 0xd7, - 0xa0, 0xc5, 0x50, 0x81, 0x17, 0x50, 0x7b, 0xdd, 0xe6, 0x12, 0x95, 0xf7, 0xfa, 0x42, 0x5e, 0xa4, - 0x72, 0x5a, 0x4e, 0x35, 0x4b, 0xd4, 0xd4, 0x38, 0x3a, 0x19, 0x76, 0x9b, 0xcb, 0xfa, 0xcf, 0xcb, - 0xd0, 0x98, 0x6b, 0x0c, 0xd1, 0x0b, 0x28, 0x62, 0xff, 0x5c, 0x9c, 0x8f, 0x8f, 0xae, 0xea, 0x1f, - 0x37, 0xbb, 0xfe, 0xb9, 0x1b, 0x12, 0x9f, 0x16, 0x35, 0xa2, 0xa3, 0xa4, 0x66, 0x48, 0x81, 0x55, - 0x9b, 0x8c, 0xc7, 0x96, 0x4f, 0x13, 0x1f, 0x3d, 0x7b, 0xe4, 0x23, 0xcd, 0x38, 0x56, 0x38, 0x92, - 0x47, 0x12, 0xfb, 0x8f, 0xee, 0x42, 0xc5, 0x71, 0x43, 0x76, 0x13, 0x7c, 0x21, 0x62, 0x24, 0x15, - 0x50, 0x8b, 0x49, 0x84, 0x43, 0x7e, 0xd4, 0x18, 0xec, 0x3f, 0xed, 0xe7, 0x27, 0xae, 0x23, 0x6e, - 0xce, 0xe9, 0x5f, 0xd4, 0x83, 0x96, 0x15, 0x04, 0xa6, 0x15, 0x8e, 0x49, 0x48, 0x0b, 0xd7, 0x37, - 0xae, 0x87, 0xd9, 0x91, 0x22, 0xbe, 0x5f, 0x24, 0x37, 0x64, 0x41, 0xb0, 0x43, 0x31, 0x34, 0x05, - 0x51, 0x8c, 0x6e, 0x34, 0x2c, 0x21, 0x12, 0x92, 0xf6, 0xdf, 0x17, 0xa1, 0xb5, 0xf0, 0x5e, 0xe8, - 0x79, 0xe6, 0x0a, 0x21, 0x5f, 0x84, 0x67, 0xb0, 0xda, 0x6b, 0x9c, 0x14, 0xe1, 0xec, 0x9a, 0x61, - 0x3b, 0x77, 0xcd, 0x30, 0xb7, 0xf2, 0x19, 0xbb, 0xef, 0x29, 0x28, 0xd9, 0xaa, 0xcc, 0x04, 0xfd, - 0x43, 0x01, 0xea, 0xd8, 0x3f, 0x37, 0xcf, 0xad, 0xd0, 0x14, 0x8d, 0x48, 0x91, 0x25, 0x84, 0x2f, - 0xde, 0x7f, 0x39, 0xa8, 0xe4, 0x7b, 0x2b, 0xe4, 0x6d, 0xca, 0xee, 0xe6, 0x6c, 0xaa, 0x3e, 0xba, - 0x7c, 0xf8, 0xd0, 0xb5, 0x4e, 0xbd, 0xf9, 0x7e, 0xa6, 0x86, 0x33, 0xd6, 0x7a, 0x08, 0xb5, 0x2c, - 0x5b, 0x36, 0xf8, 0x56, 0xa1, 0x68, 0xec, 0xfc, 0xd0, 0x2c, 0xa0, 0x3a, 0xc0, 0x71, 0xb7, 0x63, - 0x74, 0x87, 0xe6, 0xeb, 0xee, 0x5f, 0x36, 0x97, 0x10, 0x82, 0x7a, 0xe7, 0xa8, 0xbf, 0xdf, 0xfb, - 0xc6, 0x3c, 0xdc, 0x19, 0x30, 0x59, 0x91, 0xda, 0xed, 0xf7, 0xba, 0x07, 0x7b, 0xcd, 0x12, 0x55, - 0x1b, 0xdd, 0xe3, 0xa3, 0x13, 0xa3, 0xd3, 0x35, 0xb9, 0x6c, 0x19, 0x55, 0x61, 0xf5, 0xa4, 0xff, - 0xba, 0x7f, 0xf4, 0x43, 0xbf, 0xb9, 0xa2, 0xff, 0xcb, 0x0a, 0x34, 0xe6, 0x2e, 0x12, 0xd0, 0x4b, - 0x80, 0x20, 0x74, 0xcf, 0x5d, 0x0f, 0x8f, 0x30, 0xaf, 0xb7, 0xca, 0xf9, 0x6f, 0x54, 0x83, 0x44, - 0x2b, 0x5f, 0x24, 0x63, 0x80, 0xb6, 0x69, 0xff, 0xef, 0xb9, 0xfe, 0xe4, 0x9d, 0xb8, 0x1d, 0xd1, - 0xae, 0xba, 0xb2, 0xd8, 0x3c, 0xee, 0x1e, 0x50, 0x9c, 0x21, 0x0d, 0xd0, 0x77, 0xd0, 0x72, 0x42, - 0x12, 0x98, 0xb6, 0x15, 0x58, 0xa7, 0xae, 0xe7, 0xc6, 0x2e, 0x16, 0xa1, 0x9c, 0x5f, 0xda, 0xbd, - 0x90, 0x04, 0x5a, 0x27, 0x03, 0x92, 0x8e, 0x34, 0xa9, 0x79, 0x56, 0x81, 0xfa, 0xd0, 0xb4, 0x1c, - 0x27, 0xcf, 0x58, 0x62, 0x8c, 0xb9, 0xa4, 0xbc, 0xe3, 0x38, 0x97, 0x12, 0x36, 0x2c, 0xc7, 0xc9, - 0xf1, 0x8d, 0xe0, 0x76, 0xd2, 0x32, 0x9a, 0x21, 0x21, 0xb1, 0x49, 0x83, 0x3a, 0xba, 0x88, 0x62, - 0x3c, 0x66, 0x7b, 0x48, 0x5c, 0x19, 0x27, 0x37, 0x83, 0xd8, 0x72, 0x34, 0xda, 0x2b, 0x6a, 0x06, - 0x21, 0xb1, 0xb6, 0x9f, 0x80, 0xe5, 0x08, 0x37, 0x65, 0x33, 0x49, 0xf5, 0xa9, 0x1a, 0x0d, 0xa0, - 0x11, 0x61, 0xdb, 0x26, 0xe3, 0x20, 0xd9, 0x6f, 0x2b, 0x6c, 0x3e, 0x3f, 0xbe, 0x7a, 0x3e, 0x39, - 0x5e, 0x6c, 0x34, 0xa3, 0x1e, 0xe5, 0x9e, 0xdb, 0x7f, 0x05, 0xab, 0x62, 0xc6, 0x93, 0x4d, 0x5f, - 0xc8, 0x6c, 0x7a, 0x04, 0xa5, 0x90, 0x78, 0xf2, 0xc6, 0x8e, 0xfd, 0xa7, 0x32, 0xd6, 0xdf, 0x8a, - 0x62, 0x8a, 0xf5, 0xaf, 0xd7, 0xe5, 0xf1, 0xc9, 0x53, 0x09, 0x7f, 0x68, 0xff, 0x5f, 0x01, 0xea, - 0xf9, 0xf1, 0xd1, 0x5f, 0x0b, 0x63, 0x7e, 0xcc, 0x3e, 0x7b, 0x4f, 0xb7, 0x37, 0xc5, 0x2f, 0x6d, - 0x9c, 0xf9, 0xc1, 0x2b, 0x73, 0x8b, 0xc0, 0xc9, 0xd4, 0x92, 0xfb, 0x8c, 0xf9, 0x29, 0xb4, 0x3c, - 0x62, 0x5b, 0x1e, 0xbf, 0x21, 0x17, 0xf3, 0xc5, 0xdf, 0xa4, 0x99, 0x28, 0x64, 0x4e, 0xda, 0x81, - 0x6a, 0x66, 0x10, 0xba, 0xa9, 0x4e, 0xfa, 0x6c, 0x1b, 0xf5, 0xbb, 0x7b, 0xcd, 0x6b, 0x68, 0x1d, - 0x1a, 0xc6, 0x49, 0x7f, 0xd8, 0x3b, 0xec, 0x9a, 0x7b, 0xdd, 0xfd, 0x9d, 0x93, 0x83, 0x61, 0xb3, - 0x80, 0xd6, 0xa0, 0x72, 0x70, 0xd4, 0xd9, 0x39, 0x60, 0xe9, 0x7d, 0x49, 0xff, 0xff, 0x02, 0xd4, - 0x69, 0xbb, 0x93, 0xf9, 0x1c, 0x3c, 0x7f, 0x4b, 0x88, 0xc4, 0x27, 0x5b, 0x5a, 0x3f, 0x97, 0xc4, - 0xf7, 0x59, 0x94, 0x6d, 0x88, 0x45, 0x41, 0x48, 0x93, 0x39, 0x3f, 0xaa, 0xc5, 0x34, 0xcb, 0x47, - 0x5a, 0x04, 0x64, 0x1a, 0x51, 0x91, 0xb9, 0xd3, 0x16, 0xf3, 0xee, 0xc2, 0xa7, 0xdb, 0x6c, 0x17, - 0xfb, 0x3c, 0xfd, 0xe6, 0xb7, 0xf2, 0xdb, 0x0d, 0x88, 0xfc, 0x84, 0xd7, 0xce, 0x7c, 0xa9, 0x5a, - 0xe5, 0x1f, 0x4e, 0xe5, 0xf3, 0xee, 0xf3, 0x7f, 0xfd, 0xf5, 0x7e, 0xe1, 0x97, 0x5f, 0xef, 0x17, - 0xfe, 0xfb, 0xd7, 0xfb, 0x85, 0x9f, 0xff, 0xe7, 0xfe, 0x35, 0xb8, 0xed, 0x92, 0xcd, 0x28, 0xb6, - 0xec, 0xb7, 0x21, 0x79, 0xc7, 0x69, 0xe5, 0x22, 0xff, 0x28, 0xbf, 0xf0, 0x9f, 0xae, 0x30, 0xf9, - 0xb3, 0x3f, 0x04, 0x00, 0x00, 0xff, 0xff, 0x55, 0x22, 0xa1, 0x1b, 0x0d, 0x20, 0x00, 0x00, + 0xd9, 0x65, 0x17, 0xdd, 0x74, 0xd1, 0xc9, 0xb6, 0xab, 0xfe, 0x03, 0x9d, 0xfe, 0x0d, 0x9d, 0xe9, + 0x4c, 0x27, 0x33, 0xed, 0x9a, 0xed, 0xa4, 0xcb, 0x7e, 0x9b, 0x8f, 0x7f, 0xc1, 0x37, 0xf7, 0x85, + 0x07, 0x29, 0x7d, 0x71, 0xbe, 0x15, 0x89, 0x73, 0x7e, 0xe7, 0x87, 0x73, 0xef, 0x3d, 0xf7, 0xdc, + 0x73, 0x2e, 0x40, 0x89, 0x62, 0x12, 0x5a, 0x23, 0xfc, 0xc4, 0xc1, 0x81, 0x47, 0x2e, 0xc6, 0xd8, + 0x8f, 0x37, 0x83, 0x90, 0xc4, 0x04, 0xad, 0x0a, 0x4d, 0x5b, 0x1d, 0x11, 0x32, 0xf2, 0xf0, 0x13, + 0x26, 0x3e, 0x9d, 0xbc, 0x79, 0x12, 0xbb, 0x63, 0x1c, 0xc5, 0xd6, 0x38, 0xe0, 0xc8, 0xb6, 0x2a, + 0x39, 0x6c, 0xe2, 0xc7, 0x96, 0xeb, 0xe3, 0xd0, 0x0c, 0x27, 0x3e, 0x45, 0x09, 0xc0, 0x75, 0x09, + 0xf0, 0xac, 0x53, 0xec, 0x45, 0x42, 0xba, 0x2e, 0xa5, 0xee, 0xd8, 0x1a, 0x2d, 0x40, 0x29, 0x51, + 0x2c, 0xa1, 0x48, 0x4a, 0xc3, 0x53, 0xcb, 0x96, 0xc8, 0x11, 0x19, 0x11, 0xf6, 0xf7, 0x09, 0xfd, + 0xc7, 0xa5, 0xfa, 0x7f, 0x22, 0x80, 0xbd, 0x64, 0x28, 0xe8, 0x0b, 0x58, 0x72, 0x1d, 0xa5, 0xa0, + 0x15, 0x36, 0x2a, 0xbb, 0x1f, 0xcf, 0xa6, 0xea, 0x07, 0x11, 0xb6, 0x42, 0xfb, 0x6c, 0x5b, 0x4f, + 0x31, 0x5a, 0x6f, 0xef, 0x31, 0xa5, 0xc7, 0x8f, 0xcf, 0x5c, 0xc7, 0xc1, 0xbe, 0x6e, 0x2c, 0xb9, + 0x0e, 0xfa, 0x1c, 0x4a, 0xbe, 0x35, 0xc6, 0xca, 0x12, 0x33, 0xbd, 0x37, 0x9b, 0xaa, 0xb7, 0x17, + 0x4d, 0xb9, 0x9d, 0x6e, 0x30, 0x28, 0x7a, 0x08, 0xa5, 0x33, 0x2b, 0x3a, 0x53, 0xda, 0x5a, 0x61, + 0xa3, 0xb4, 0xdb, 0x9a, 0x4d, 0xd5, 0x35, 0xfa, 0xbc, 0xad, 0xbb, 0x23, 0x9f, 0xc3, 0xe8, 0x23, + 0x7a, 0x0a, 0xa5, 0xf8, 0x22, 0xc0, 0x4a, 0x89, 0x31, 0xdf, 0x9d, 0x4d, 0x55, 0xe5, 0x12, 0xa7, + 0x86, 0x17, 0x01, 0xb5, 0xa0, 0x48, 0xb4, 0x0d, 0x15, 0xfa, 0x82, 0x28, 0xb0, 0x6c, 0xac, 0x2c, + 0x2f, 0x9a, 0xf5, 0xa5, 0x52, 0xfa, 0x93, 0xc2, 0xd1, 0x0b, 0xa8, 0x25, 0x0f, 0xa6, 0xeb, 0x28, + 0xb7, 0x98, 0xf9, 0xed, 0xd9, 0x54, 0xbd, 0xb1, 0x60, 0xae, 0xf5, 0xf6, 0x74, 0xa3, 0x9a, 0xc0, + 0x7b, 0x0e, 0xfa, 0x11, 0x6e, 0x92, 0xd0, 0x3e, 0xc3, 0x51, 0x1c, 0x5a, 0x31, 0x09, 0x4d, 0x9b, + 0x8c, 0x03, 0xe2, 0x63, 0x3f, 0x56, 0x1e, 0x68, 0x85, 0x8d, 0xf2, 0xee, 0x07, 0xb3, 0xa9, 0xaa, + 0x4a, 0x9e, 0xa3, 0x0c, 0x52, 0xeb, 0x48, 0xa4, 0x6e, 0xdc, 0xc8, 0x52, 0x24, 0x72, 0xd4, 0x86, + 0x72, 0x88, 0x03, 0xcf, 0xb5, 0xad, 0x48, 0x59, 0xd1, 0x0a, 0x1b, 0x45, 0x23, 0x79, 0x46, 0xdf, + 0xc1, 0x0a, 0x0f, 0x15, 0x65, 0x55, 0x2b, 0x6e, 0x54, 0xb7, 0xd4, 0x4d, 0x11, 0x00, 0x9b, 0xe9, + 0x14, 0x6d, 0x1e, 0x30, 0x44, 0xd7, 0x8f, 0xc3, 0x8b, 0x5d, 0x65, 0x36, 0x55, 0xaf, 0x4b, 0x47, + 0x98, 0x42, 0xce, 0x85, 0x20, 0x42, 0x26, 0x40, 0x40, 0x1c, 0x53, 0xd0, 0xae, 0x33, 0x5a, 0xfd, + 0x32, 0xda, 0x01, 0x71, 0xb2, 0xcc, 0xb9, 0x99, 0x1e, 0x10, 0x47, 0xcb, 0xb1, 0x57, 0x02, 0x89, + 0x46, 0x2f, 0xa1, 0xce, 0xc8, 0xcd, 0x08, 0x7b, 0xd8, 0x8e, 0x49, 0xa8, 0x5c, 0xd7, 0x0a, 0x1b, + 0xd5, 0xad, 0x9b, 0xc9, 0x4b, 0x18, 0xf0, 0x58, 0x68, 0x8d, 0x35, 0x2f, 0xfb, 0x88, 0x30, 0xac, + 0xda, 0x21, 0xb6, 0x62, 0xec, 0x28, 0x65, 0x66, 0xd7, 0xde, 0xe4, 0xfb, 0x6e, 0x53, 0xee, 0xbb, + 0xcd, 0xa1, 0xdc, 0x77, 0xbb, 0x4f, 0x66, 0x53, 0xf5, 0x53, 0xe9, 0x54, 0x87, 0x9b, 0xe5, 0x83, + 0x58, 0xcb, 0x87, 0x9e, 0xe4, 0x46, 0x1d, 0x00, 0xdb, 0x9b, 0x44, 0x31, 0x0e, 0x69, 0x34, 0x54, + 0x58, 0x34, 0x7c, 0x38, 0x9b, 0xaa, 0x5a, 0xc2, 0xc6, 0xb5, 0x8b, 0xbb, 0xa2, 0x22, 0xec, 0x7a, + 0x0e, 0x7a, 0x09, 0x35, 0x49, 0xc2, 0x36, 0x09, 0x30, 0x9a, 0xf6, 0x6c, 0xaa, 0xde, 0x9c, 0xa3, + 0x91, 0xf3, 0x54, 0x15, 0x78, 0x1a, 0x6b, 0x68, 0x0b, 0x20, 0xc9, 0x14, 0x91, 0x52, 0x65, 0x4b, + 0x81, 0x92, 0x59, 0xea, 0x48, 0x95, 0x91, 0x41, 0x21, 0x13, 0xaa, 0x96, 0xef, 0x93, 0xd8, 0x8a, + 0x5d, 0xe2, 0x47, 0x4a, 0x9d, 0x19, 0x7d, 0x78, 0xd9, 0xfa, 0xed, 0xa4, 0x30, 0xbe, 0x82, 0xb7, + 0x66, 0x53, 0x75, 0x5d, 0xfa, 0x95, 0x6a, 0x75, 0x23, 0xcb, 0x88, 0xf6, 0xa1, 0x1c, 0x84, 0x2e, + 0x09, 0xdd, 0xf8, 0x42, 0x69, 0xd0, 0x70, 0xdc, 0x7d, 0x34, 0x9b, 0xaa, 0x1f, 0x25, 0x2b, 0x2f, + 0x74, 0x57, 0xcc, 0x6f, 0x62, 0x4b, 0xc3, 0xda, 0xf5, 0x2d, 0x3b, 0x76, 0xcf, 0xb1, 0xd2, 0xa4, + 0x9b, 0xc4, 0x48, 0x9e, 0xd1, 0x01, 0x20, 0x96, 0xeb, 0xcc, 0x60, 0xe2, 0xd1, 0x38, 0xb1, 0x43, + 0x1c, 0x47, 0x4a, 0x4b, 0x2b, 0x6e, 0x54, 0x76, 0xef, 0xcf, 0xa6, 0x6a, 0x5b, 0xbe, 0xad, 0x47, + 0x51, 0xda, 0x60, 0xe2, 0x79, 0xda, 0x31, 0x43, 0xe9, 0x46, 0x93, 0x59, 0x52, 0x11, 0x97, 0x44, + 0xa8, 0x0b, 0x8d, 0x08, 0x87, 0xe7, 0xae, 0x8d, 0x4d, 0xcb, 0xb6, 0xc9, 0xc4, 0x8f, 0x15, 0xb4, + 0x98, 0x1c, 0x8e, 0x39, 0x44, 0xdb, 0xe1, 0x10, 0xdd, 0xa8, 0x0b, 0x23, 0x21, 0x40, 0xff, 0x54, + 0x00, 0x6d, 0x8e, 0xc7, 0x0c, 0x70, 0x38, 0x76, 0xa3, 0xc8, 0x25, 0xbe, 0xe9, 0xe1, 0x73, 0xec, + 0x29, 0x77, 0xb5, 0xc2, 0x46, 0x7d, 0x4b, 0x49, 0xe6, 0x7b, 0x90, 0x00, 0x0e, 0xa8, 0x7e, 0xf7, + 0xd9, 0x6c, 0xaa, 0x3e, 0xb9, 0xe2, 0x95, 0x5a, 0x0a, 0xd6, 0x18, 0x5a, 0x06, 0xc5, 0xbd, 0xbc, + 0x27, 0x73, 0x9c, 0x28, 0x02, 0xd5, 0x9a, 0xc4, 0x64, 0xcc, 0x3c, 0x9a, 0xf7, 0x30, 0x26, 0x6f, + 0xb1, 0xaf, 0xdc, 0x66, 0x59, 0xe8, 0xf1, 0x6c, 0xaa, 0x6e, 0x04, 0xc4, 0x73, 0xed, 0x8b, 0x6d, + 0x7d, 0x47, 0x9a, 0x68, 0xf3, 0x6e, 0x0c, 0xa9, 0x89, 0x6e, 0xdc, 0x4d, 0x48, 0x8f, 0x73, 0xaf, + 0x67, 0x6a, 0x9a, 0x2f, 0xcf, 0x48, 0x14, 0x9b, 0x3e, 0x8e, 0xff, 0x96, 0x84, 0x6f, 0x95, 0x1b, + 0xec, 0x0d, 0x2c, 0x5f, 0xca, 0x37, 0x7c, 0x4b, 0xa2, 0x58, 0xeb, 0x73, 0xbd, 0x6e, 0x54, 0x29, + 0x5c, 0x3c, 0xa1, 0xa7, 0x50, 0x66, 0xd6, 0x81, 0xeb, 0x28, 0x2a, 0xb3, 0xbc, 0x31, 0x9b, 0xaa, + 0xad, 0x9c, 0xe5, 0x80, 0x66, 0xd9, 0x55, 0x0a, 0x1b, 0xb8, 0x4e, 0x62, 0xe1, 0x06, 0xb6, 0xa2, + 0x5d, 0x61, 0xd1, 0x1b, 0x74, 0x84, 0x45, 0x2f, 0xb0, 0xd1, 0xd7, 0xb0, 0x26, 0x4e, 0x57, 0xd3, + 0xf6, 0xac, 0x28, 0x52, 0xf4, 0x74, 0xf7, 0x49, 0x33, 0x83, 0x03, 0xb4, 0x0e, 0x05, 0xe8, 0x46, + 0x4d, 0x18, 0xb0, 0x47, 0xd4, 0x85, 0x6a, 0x4c, 0x3c, 0x1c, 0x8a, 0xad, 0x74, 0x93, 0x6d, 0xa5, + 0xf5, 0x64, 0x69, 0x87, 0x89, 0x6e, 0xb7, 0x3e, 0x9b, 0xaa, 0x20, 0x57, 0xf5, 0x33, 0xdd, 0xc8, + 0xda, 0xa1, 0x97, 0xb0, 0x1c, 0x90, 0x30, 0x8e, 0x14, 0x65, 0x8e, 0x60, 0x40, 0xc2, 0xb8, 0x43, + 0xfc, 0x37, 0xee, 0x68, 0x17, 0xcd, 0xa6, 0x6a, 0x5d, 0x3a, 0x45, 0xe5, 0x91, 0x6e, 0x70, 0x2b, + 0xd4, 0x87, 0x46, 0x14, 0x5b, 0x31, 0x36, 0x93, 0x6a, 0x42, 0xb9, 0xc3, 0xb6, 0xdd, 0xc3, 0xd9, + 0x54, 0x7d, 0x90, 0xdb, 0x5d, 0x5a, 0x84, 0xfd, 0x88, 0x84, 0xf9, 0x1d, 0x57, 0x67, 0xd6, 0x49, + 0x4a, 0x44, 0x7d, 0x80, 0xd0, 0x8d, 0xde, 0x9a, 0x91, 0x4d, 0x42, 0xac, 0xdc, 0xd3, 0x0a, 0x1b, + 0x4b, 0xf9, 0x34, 0x69, 0xb8, 0xd1, 0x5b, 0xed, 0xd8, 0xce, 0xe6, 0x48, 0xe9, 0xd9, 0x63, 0x49, + 0x5a, 0xa1, 0x14, 0x0c, 0x83, 0x76, 0xa0, 0x16, 0x84, 0xc4, 0xc6, 0x51, 0x64, 0xc6, 0xd6, 0x28, + 0x52, 0xee, 0x2f, 0xee, 0xd2, 0x01, 0xd7, 0x6b, 0x43, 0x6b, 0x94, 0xe4, 0x39, 0x61, 0x33, 0xb4, + 0x46, 0x51, 0xfb, 0xcf, 0xa1, 0x9a, 0x39, 0x49, 0x50, 0x13, 0x8a, 0x6f, 0xf1, 0x05, 0x2f, 0x46, + 0x0c, 0xfa, 0x17, 0x5d, 0x87, 0xe5, 0x73, 0xcb, 0x9b, 0x88, 0x2a, 0xc3, 0xe0, 0x0f, 0xdb, 0x4b, + 0x5f, 0x16, 0xda, 0x2f, 0xa0, 0x9e, 0x3f, 0x87, 0x7e, 0x93, 0xf5, 0x57, 0xd0, 0x9c, 0xcf, 0x82, + 0xbf, 0xc5, 0xfe, 0x55, 0xa9, 0x5c, 0x6c, 0x96, 0x5e, 0x95, 0xca, 0xb5, 0xe6, 0x9a, 0xfe, 0xaf, + 0x05, 0xa8, 0x27, 0x29, 0x99, 0xe5, 0x25, 0xf4, 0x8c, 0x15, 0x55, 0xbc, 0x7e, 0xc9, 0x55, 0x00, + 0x3c, 0x6d, 0x1d, 0x9f, 0x59, 0x97, 0x14, 0x54, 0x1f, 0x89, 0x82, 0xaa, 0xc0, 0x0e, 0xb7, 0x34, + 0xdd, 0x33, 0x1b, 0x7a, 0x2c, 0x88, 0x2a, 0xea, 0x01, 0xd4, 0x7c, 0x12, 0xb3, 0x0c, 0x69, 0x9d, + 0x7a, 0xfc, 0x6c, 0x29, 0x1b, 0x55, 0x9f, 0xc4, 0x03, 0x21, 0x42, 0x77, 0xb3, 0xf5, 0x50, 0x95, + 0x39, 0x9f, 0x0a, 0xb6, 0x4b, 0x3f, 0xff, 0xb3, 0x7a, 0x4d, 0xff, 0xef, 0x22, 0x54, 0x12, 0xb7, + 0x51, 0x3d, 0x2d, 0x03, 0x99, 0x33, 0x4f, 0x61, 0xc5, 0x66, 0x11, 0xca, 0xc6, 0x5e, 0xcd, 0x24, + 0xb6, 0xc4, 0x86, 0x47, 0xb0, 0x21, 0x70, 0xe8, 0x33, 0x58, 0x66, 0x09, 0x58, 0x29, 0x32, 0x83, + 0x5b, 0x8b, 0x06, 0x6c, 0x20, 0x06, 0x47, 0xa1, 0x0e, 0x34, 0x23, 0x6c, 0x4f, 0xe8, 0x89, 0x60, + 0xd2, 0x53, 0x0c, 0xbf, 0x8b, 0xd9, 0x84, 0x65, 0x5f, 0x75, 0x2c, 0x00, 0x1d, 0xae, 0x37, 0x1a, + 0x51, 0x5e, 0x80, 0x3e, 0x81, 0xd5, 0x73, 0xe2, 0x4d, 0xc6, 0x38, 0x52, 0x96, 0xd9, 0x1e, 0x6b, + 0x24, 0xb6, 0xdf, 0x33, 0xb9, 0x21, 0xf5, 0xe8, 0x95, 0xdc, 0x8c, 0x2b, 0x57, 0x6f, 0x46, 0x75, + 0x36, 0x55, 0xef, 0xcc, 0x87, 0xbc, 0x96, 0xd9, 0xde, 0x62, 0x67, 0x7e, 0x0e, 0xab, 0xf2, 0x68, + 0xe2, 0xd5, 0x57, 0x3a, 0xd8, 0xee, 0xf8, 0x14, 0x3b, 0x0e, 0x76, 0xf8, 0x11, 0x64, 0x48, 0x1c, + 0x7a, 0x0a, 0x95, 0x10, 0x47, 0x64, 0x12, 0xda, 0x38, 0x12, 0xe5, 0x4b, 0xba, 0xc2, 0x86, 0xd4, + 0x18, 0x29, 0x08, 0x3d, 0x11, 0xe1, 0xc0, 0x4b, 0x87, 0x3b, 0xb3, 0xa9, 0x7a, 0x4b, 0xba, 0x96, + 0xcc, 0xa8, 0x46, 0xc3, 0x42, 0x54, 0xd7, 0xaf, 0x4a, 0xe5, 0x4a, 0x13, 0xf4, 0xff, 0x58, 0x82, + 0x4a, 0xc2, 0x87, 0x06, 0xd0, 0xb2, 0x83, 0x89, 0x49, 0xf7, 0x6b, 0x64, 0x86, 0xf8, 0x6f, 0x26, + 0x38, 0x8a, 0xd9, 0x2a, 0x2f, 0xcd, 0xd5, 0x34, 0x83, 0x13, 0xad, 0x43, 0x41, 0x9a, 0xc1, 0x41, + 0x72, 0xbb, 0x36, 0xec, 0x60, 0xc2, 0x14, 0x42, 0x8e, 0x5e, 0x41, 0x23, 0x65, 0xf4, 0xdc, 0xb1, + 0x1b, 0xb3, 0x08, 0x59, 0xda, 0xd5, 0x67, 0x53, 0xf5, 0xfe, 0x22, 0xdf, 0x01, 0x85, 0x48, 0xb6, + 0x35, 0xc9, 0xc6, 0xa4, 0xc8, 0x80, 0xd6, 0x18, 0x8f, 0x49, 0x78, 0x61, 0x8e, 0x4f, 0x13, 0xef, + 0x8a, 0x8c, 0xed, 0xa3, 0xd9, 0x54, 0xd5, 0x25, 0xdb, 0x21, 0x03, 0x49, 0xd7, 0xb4, 0x8d, 0xc3, + 0xdd, 0x4f, 0x12, 0xff, 0x38, 0xc1, 0xe1, 0xa9, 0xf4, 0xef, 0x00, 0x1a, 0x29, 0x27, 0xf7, 0xaf, + 0xb4, 0x38, 0x5e, 0xc1, 0xc8, 0xdc, 0xc8, 0xf1, 0xad, 0x49, 0x3e, 0xa6, 0xd2, 0xff, 0xbf, 0x08, + 0x2b, 0x3c, 0x92, 0xd0, 0x56, 0x66, 0x7b, 0xce, 0xa5, 0x39, 0x8e, 0x60, 0x8b, 0x91, 0x6f, 0x78, + 0xbe, 0x84, 0x15, 0xbe, 0x12, 0xa2, 0x4b, 0xd2, 0x66, 0x53, 0xf5, 0xee, 0x9c, 0xd5, 0x31, 0x03, + 0x24, 0xc5, 0x38, 0xc7, 0xa3, 0x6f, 0xa0, 0xea, 0xe0, 0x28, 0x76, 0x7d, 0x96, 0xa1, 0xd8, 0xa4, + 0x54, 0x78, 0xe2, 0x9f, 0x33, 0xdf, 0x4b, 0x51, 0x49, 0x8a, 0xcd, 0x58, 0xa2, 0xaf, 0x69, 0xe0, + 0x59, 0x8e, 0x49, 0x7c, 0xef, 0x82, 0xcd, 0x44, 0x39, 0xbf, 0x52, 0x82, 0xc6, 0xc0, 0x96, 0x73, + 0xe4, 0x7b, 0x17, 0x92, 0xa3, 0x1c, 0x0a, 0x01, 0x1d, 0x37, 0xeb, 0xc6, 0x96, 0xaf, 0x1c, 0x37, + 0xed, 0xc4, 0x92, 0x71, 0xb3, 0x7e, 0x6c, 0x0c, 0x2d, 0x5e, 0x94, 0x04, 0x21, 0x09, 0xac, 0x11, + 0x1f, 0xc3, 0x0a, 0xab, 0x90, 0xb4, 0xb9, 0x1d, 0xba, 0x79, 0xc8, 0x2a, 0x9b, 0x14, 0xc7, 0x5f, + 0x21, 0x43, 0xfd, 0x90, 0xd7, 0x47, 0xa9, 0x5a, 0x37, 0x9a, 0xe3, 0x39, 0x0b, 0x7d, 0x1f, 0x9a, + 0xf3, 0x2c, 0xa8, 0x0c, 0xa5, 0xfe, 0x51, 0xbf, 0xdb, 0xbc, 0x86, 0x6e, 0x40, 0xeb, 0xdb, 0xa3, + 0xe3, 0xa1, 0x39, 0x3c, 0x32, 0x3b, 0x47, 0xfd, 0xe1, 0x4e, 0xaf, 0xdf, 0x35, 0x9a, 0x05, 0xd4, + 0x82, 0xb5, 0xdd, 0xde, 0x5e, 0xcf, 0xe8, 0x76, 0x86, 0xbd, 0xa3, 0xfe, 0xce, 0x41, 0x73, 0x49, + 0xff, 0x9f, 0x12, 0x14, 0x07, 0xc4, 0x41, 0x8f, 0x32, 0x3d, 0x71, 0xae, 0x66, 0xa7, 0xdd, 0x4d, + 0x6f, 0x2f, 0x97, 0xb5, 0x9f, 0xe6, 0xda, 0xe0, 0x85, 0x5e, 0x88, 0xc5, 0x84, 0xc4, 0xf3, 0xa0, + 0xd8, 0x87, 0xb5, 0xf4, 0x2a, 0x81, 0xf6, 0x18, 0x7c, 0x71, 0x1f, 0xcc, 0xa6, 0xea, 0xbd, 0xcb, + 0x9b, 0x6f, 0x69, 0x5f, 0x4b, 0xed, 0x7a, 0x4e, 0xbe, 0xe9, 0x2d, 0xfd, 0xb6, 0xa6, 0x37, 0xdf, + 0xe4, 0x2c, 0xff, 0x69, 0x4d, 0xce, 0x0e, 0xd4, 0x3d, 0xf7, 0x1c, 0x9b, 0xae, 0x1f, 0xc5, 0x96, + 0x4f, 0x13, 0x1b, 0xcf, 0xad, 0xed, 0x4b, 0x52, 0xbf, 0x80, 0x18, 0x6b, 0xd4, 0x42, 0x3e, 0x45, + 0x08, 0xc3, 0xf5, 0x98, 0x16, 0xb5, 0x3e, 0x6d, 0xbd, 0x32, 0x44, 0xab, 0x73, 0xdd, 0xe7, 0x80, + 0x38, 0x8b, 0x64, 0x07, 0x6e, 0x14, 0x2f, 0x54, 0x60, 0xeb, 0x29, 0x5f, 0xfa, 0x9a, 0xe7, 0xb0, + 0x1a, 0xc5, 0x56, 0xf8, 0x5e, 0xad, 0xa3, 0x21, 0xa1, 0xed, 0xef, 0xe0, 0xc6, 0xa5, 0xef, 0x44, + 0x5f, 0x42, 0x25, 0x75, 0xb5, 0xf0, 0xab, 0x63, 0x4e, 0xc1, 0xfa, 0x7f, 0x15, 0xa1, 0xb5, 0x00, + 0x40, 0x2f, 0xa1, 0x2a, 0x21, 0xa6, 0x08, 0xbc, 0xea, 0xd6, 0xdd, 0xab, 0x19, 0x7b, 0x7b, 0x06, + 0x48, 0x83, 0x1e, 0x0d, 0xd7, 0x96, 0xe8, 0x03, 0x5d, 0x7f, 0x64, 0xd2, 0x1e, 0xde, 0x75, 0x44, + 0xc9, 0xd2, 0x48, 0x15, 0x03, 0xe2, 0xf4, 0x1c, 0xf4, 0x10, 0xea, 0xe9, 0x1d, 0x14, 0x0b, 0xdc, + 0x15, 0x06, 0x5c, 0x4b, 0xa4, 0xac, 0x01, 0xfd, 0x00, 0x52, 0x81, 0xe9, 0x06, 0x91, 0x52, 0xa4, + 0xc5, 0x9d, 0x51, 0x4b, 0x84, 0xbd, 0x20, 0x37, 0xab, 0xa5, 0xf7, 0x9e, 0x55, 0x74, 0x08, 0x35, + 0xde, 0xe2, 0x39, 0xee, 0x88, 0xe6, 0x7b, 0x1e, 0x7c, 0xb9, 0x56, 0x32, 0x3d, 0xdf, 0x78, 0xbd, + 0xb4, 0xc7, 0x90, 0x49, 0x08, 0x56, 0x99, 0x3d, 0x17, 0xa2, 0x3f, 0x83, 0xf2, 0x1b, 0xd7, 0x77, + 0xa3, 0x33, 0xec, 0x28, 0xab, 0xbf, 0xea, 0x45, 0x82, 0x45, 0x77, 0xa0, 0x82, 0xdf, 0xb9, 0xb1, + 0x69, 0x13, 0x07, 0xb3, 0xa0, 0x58, 0x36, 0xca, 0x54, 0xd0, 0x21, 0x0e, 0x46, 0x9f, 0x01, 0x92, + 0x61, 0x44, 0x3b, 0xbc, 0x10, 0x5b, 0x11, 0xf1, 0xf9, 0x5d, 0x80, 0xd1, 0xca, 0x68, 0x0c, 0xa6, + 0xd0, 0xff, 0xae, 0x00, 0xeb, 0x97, 0x2c, 0x12, 0xda, 0x4f, 0x16, 0x26, 0xbd, 0xf0, 0x63, 0xab, + 0x5b, 0xdf, 0xba, 0x7d, 0x49, 0x37, 0xcf, 0x01, 0x46, 0xd3, 0x9e, 0x93, 0x88, 0xe2, 0x6c, 0x29, + 0x29, 0xce, 0x10, 0x94, 0x7c, 0xea, 0x36, 0x4b, 0x1c, 0x06, 0xfb, 0xaf, 0x8f, 0xa0, 0x9e, 0xaf, + 0x3d, 0xd0, 0xc7, 0xb9, 0x03, 0x6b, 0x7d, 0x36, 0x55, 0x1b, 0x69, 0xff, 0xc9, 0x5b, 0x66, 0x9e, + 0x90, 0x1e, 0x43, 0x29, 0xb0, 0xe2, 0x33, 0x91, 0xc2, 0x72, 0x17, 0x45, 0x1c, 0xa8, 0x0d, 0xac, + 0xf8, 0x4c, 0x37, 0x18, 0x4a, 0xff, 0xc7, 0x32, 0x40, 0x5a, 0x33, 0x31, 0x5f, 0x92, 0xb7, 0x08, + 0xc2, 0xaf, 0xb2, 0x41, 0x46, 0x4b, 0x26, 0x46, 0xbd, 0x9c, 0xbf, 0x67, 0xa0, 0x1c, 0x69, 0x5d, + 0x20, 0xe1, 0x54, 0x8a, 0x5e, 0x40, 0x99, 0xad, 0x9d, 0x4d, 0x3c, 0x91, 0x1c, 0x73, 0x07, 0x27, + 0xc5, 0xd0, 0x23, 0x81, 0x01, 0x92, 0x03, 0x4b, 0x5a, 0x20, 0x07, 0xca, 0xf8, 0x5d, 0x40, 0xa2, + 0x49, 0xc8, 0xd3, 0x62, 0x7d, 0xeb, 0xc1, 0x25, 0xc5, 0xde, 0x66, 0x57, 0x60, 0x78, 0x7b, 0x9e, + 0x3b, 0x5a, 0x0f, 0xad, 0x77, 0x9a, 0x54, 0xe7, 0x1b, 0xf2, 0x84, 0x19, 0x3d, 0x84, 0x1a, 0xfb, + 0x8f, 0x1d, 0x3e, 0xc2, 0x65, 0x36, 0xc2, 0x25, 0xa5, 0x60, 0x54, 0x85, 0x9c, 0x0d, 0xc5, 0x81, + 0xba, 0x34, 0x31, 0x5d, 0xff, 0x0d, 0x91, 0x39, 0x52, 0xfb, 0x63, 0x2e, 0xf5, 0xfc, 0x37, 0x24, + 0x5f, 0xf1, 0x25, 0xde, 0x50, 0x55, 0xa4, 0x1b, 0x6b, 0x38, 0x03, 0x8d, 0xda, 0xff, 0x52, 0x82, + 0x5a, 0xd6, 0x18, 0xfd, 0x08, 0xcb, 0xfc, 0x5a, 0xa2, 0xf0, 0xbe, 0x13, 0x90, 0x3b, 0x7e, 0x2e, + 0x1f, 0x3c, 0xa7, 0x44, 0xfb, 0x50, 0x93, 0x77, 0x0d, 0x99, 0x93, 0x2f, 0xd7, 0xe6, 0x30, 0x7b, + 0xd7, 0x1f, 0xc9, 0x1b, 0x86, 0xa4, 0x32, 0x11, 0x86, 0x2c, 0xc7, 0xdc, 0x03, 0x90, 0x3c, 0xf2, + 0x10, 0x34, 0x2a, 0x42, 0xd2, 0x73, 0xd0, 0x63, 0x40, 0x52, 0x9d, 0x1c, 0x55, 0x01, 0x3f, 0xe7, + 0x8c, 0xa6, 0xd0, 0x88, 0x53, 0xaa, 0x17, 0xa0, 0xd7, 0xa9, 0x53, 0x99, 0xe5, 0xd8, 0x98, 0x4d, + 0xd5, 0x0f, 0xaf, 0x72, 0x4a, 0xcb, 0x46, 0xa0, 0xf4, 0x8c, 0x2d, 0xda, 0x0e, 0x54, 0xe8, 0x9e, + 0xe2, 0x4c, 0x2b, 0x8c, 0x29, 0x77, 0x38, 0x76, 0xf9, 0x02, 0x6b, 0x7d, 0xe2, 0xe4, 0x59, 0xca, + 0xd4, 0x4c, 0x50, 0xd4, 0xf0, 0xbb, 0x18, 0x87, 0xbe, 0xe5, 0xb1, 0xfc, 0xb9, 0xba, 0xd8, 0x1c, + 0x77, 0x85, 0x5e, 0xeb, 0x0d, 0x12, 0x2f, 0xa4, 0x0d, 0x4d, 0xaf, 0xc7, 0x80, 0x12, 0x8a, 0x33, + 0x12, 0xc5, 0xec, 0xf4, 0x56, 0xca, 0x8c, 0x68, 0xce, 0x1d, 0x41, 0xf4, 0xad, 0x40, 0x49, 0xba, + 0x96, 0xb4, 0x97, 0x8a, 0x48, 0x3f, 0x81, 0xb5, 0xdc, 0xba, 0xa3, 0x0a, 0x2c, 0x9f, 0xf4, 0x8f, + 0xbb, 0xc3, 0xe6, 0x35, 0x54, 0x83, 0x72, 0xf7, 0x2f, 0x86, 0x5d, 0x83, 0x16, 0x43, 0x05, 0x5e, + 0x40, 0xed, 0x75, 0x9b, 0x4b, 0x54, 0xde, 0xeb, 0x0b, 0x79, 0x91, 0xca, 0x69, 0x39, 0xd5, 0x2c, + 0x51, 0x53, 0xe3, 0xe8, 0x64, 0xd8, 0x6d, 0x2e, 0xeb, 0x3f, 0x2d, 0x43, 0x63, 0xae, 0x31, 0x44, + 0x2f, 0xa0, 0x88, 0xfd, 0x73, 0x71, 0x3e, 0x3e, 0xba, 0xaa, 0x7f, 0xdc, 0xec, 0xfa, 0xe7, 0x6e, + 0x48, 0x7c, 0x5a, 0xd4, 0x88, 0x8e, 0x92, 0x9a, 0x21, 0x05, 0x56, 0x6d, 0x32, 0x1e, 0x5b, 0x3e, + 0x4d, 0x7c, 0xf4, 0xec, 0x91, 0x8f, 0x34, 0xe3, 0x58, 0xe1, 0x48, 0x1e, 0x49, 0xec, 0x3f, 0x6d, + 0x78, 0x1d, 0x37, 0x64, 0xf7, 0xc4, 0x17, 0x22, 0x46, 0x52, 0x01, 0xb5, 0x98, 0x44, 0x38, 0xe4, + 0x47, 0x8d, 0xc1, 0xfe, 0xd3, 0x6e, 0x7f, 0xe2, 0x3a, 0xe2, 0x5e, 0x9d, 0xfe, 0x45, 0x3d, 0x68, + 0x59, 0x41, 0x60, 0x5a, 0xe1, 0x98, 0x84, 0xb4, 0x70, 0x7d, 0xe3, 0x7a, 0x98, 0x1d, 0x29, 0xe2, + 0xeb, 0x46, 0x72, 0x7f, 0x16, 0x04, 0x3b, 0x14, 0x43, 0x53, 0x10, 0xc5, 0xe8, 0x46, 0xc3, 0x12, + 0x22, 0x21, 0x69, 0xff, 0x7d, 0x11, 0x5a, 0x0b, 0xe3, 0x42, 0xcf, 0x33, 0x17, 0x0c, 0xf9, 0x22, + 0x3c, 0x83, 0xd5, 0x5e, 0xe3, 0xa4, 0x08, 0x67, 0x97, 0x10, 0xdb, 0xb9, 0x4b, 0x88, 0xb9, 0x95, + 0xcf, 0xd8, 0x7d, 0x4f, 0x41, 0xc9, 0x56, 0x65, 0x26, 0xe8, 0x1f, 0x0a, 0x50, 0xc7, 0xfe, 0xb9, + 0x79, 0x6e, 0x85, 0xa6, 0x68, 0x44, 0x8a, 0x2c, 0x21, 0x7c, 0xf1, 0xfe, 0xcb, 0x41, 0x25, 0xdf, + 0x5b, 0x21, 0x6f, 0x53, 0x76, 0x37, 0x67, 0x53, 0xf5, 0xd1, 0xe5, 0xaf, 0x0f, 0x5d, 0xeb, 0xd4, + 0x9b, 0xef, 0x67, 0x6a, 0x38, 0x63, 0xad, 0x87, 0x50, 0xcb, 0xb2, 0x65, 0x83, 0x6f, 0x15, 0x8a, + 0xc6, 0xce, 0x0f, 0xcd, 0x02, 0xaa, 0x03, 0x1c, 0x77, 0x3b, 0x46, 0x77, 0x68, 0xbe, 0xee, 0xfe, + 0x65, 0x73, 0x09, 0x21, 0xa8, 0x77, 0x8e, 0xfa, 0xfb, 0xbd, 0x6f, 0xcc, 0xc3, 0x9d, 0x01, 0x93, + 0x15, 0xa9, 0xdd, 0x7e, 0xaf, 0x7b, 0xb0, 0xd7, 0x2c, 0x51, 0xb5, 0xd1, 0x3d, 0x3e, 0x3a, 0x31, + 0x3a, 0x5d, 0x93, 0xcb, 0x96, 0x51, 0x15, 0x56, 0x4f, 0xfa, 0xaf, 0xfb, 0x47, 0x3f, 0xf4, 0x9b, + 0x2b, 0xfa, 0xbf, 0xad, 0x40, 0x63, 0xee, 0x22, 0x01, 0xbd, 0x04, 0x08, 0x42, 0xf7, 0xdc, 0xf5, + 0xf0, 0x08, 0xf3, 0x7a, 0xab, 0x9c, 0xff, 0x82, 0x35, 0x48, 0xb4, 0x72, 0x20, 0x19, 0x03, 0xb4, + 0x4d, 0xfb, 0x7f, 0xcf, 0xf5, 0x27, 0xef, 0xc4, 0xed, 0x88, 0x76, 0xd5, 0x95, 0xc5, 0xe6, 0x71, + 0xf7, 0x80, 0xe2, 0x0c, 0x69, 0x80, 0xbe, 0x83, 0x96, 0x13, 0x92, 0xc0, 0xb4, 0xad, 0xc0, 0x3a, + 0x75, 0x3d, 0x37, 0x76, 0xb1, 0x08, 0xe5, 0xfc, 0xd2, 0xee, 0x85, 0x24, 0xd0, 0x3a, 0x19, 0x90, + 0x74, 0xa4, 0x49, 0xcd, 0xb3, 0x0a, 0xd4, 0x87, 0xa6, 0xe5, 0x38, 0x79, 0xc6, 0x12, 0x63, 0xcc, + 0x25, 0xe5, 0x1d, 0xc7, 0xb9, 0x94, 0xb0, 0x61, 0x39, 0x4e, 0x8e, 0x6f, 0x04, 0xb7, 0x93, 0x96, + 0xd1, 0x0c, 0x09, 0x89, 0x4d, 0x1a, 0xd4, 0xd1, 0x45, 0x14, 0xe3, 0x31, 0xdb, 0x43, 0xe2, 0x42, + 0x39, 0xb9, 0x37, 0xc4, 0x96, 0xa3, 0xd1, 0x5e, 0x51, 0x33, 0x08, 0x89, 0xb5, 0xfd, 0x04, 0x2c, + 0xdf, 0x70, 0x53, 0x36, 0x93, 0x54, 0x9f, 0xaa, 0xd1, 0x00, 0x1a, 0x11, 0xb6, 0x6d, 0x32, 0x0e, + 0x92, 0xfd, 0xb6, 0xc2, 0xe6, 0xf3, 0xe3, 0xab, 0xe7, 0x93, 0xe3, 0xc5, 0x46, 0x33, 0xea, 0x51, + 0xee, 0xb9, 0xfd, 0x57, 0xb0, 0x2a, 0x66, 0x3c, 0xd9, 0xf4, 0x85, 0xcc, 0xa6, 0x47, 0x50, 0x0a, + 0x89, 0x27, 0xef, 0xf3, 0xd8, 0x7f, 0x2a, 0x63, 0xfd, 0xad, 0x28, 0xa6, 0x58, 0xff, 0x7a, 0x5d, + 0x1e, 0x9f, 0x3c, 0x95, 0xf0, 0x87, 0xf6, 0xef, 0x0a, 0x50, 0xcf, 0xbf, 0x1f, 0xfd, 0xb5, 0x30, + 0xe6, 0xc7, 0xec, 0xb3, 0xf7, 0x74, 0x7b, 0x53, 0xfc, 0xd2, 0xc6, 0x99, 0x1f, 0xbc, 0x32, 0xb7, + 0x08, 0x9c, 0x4c, 0x2d, 0xb9, 0x8f, 0x9c, 0x9f, 0x42, 0xcb, 0x23, 0xb6, 0xe5, 0xf1, 0xfb, 0x73, + 0x31, 0x5f, 0x7c, 0x24, 0xcd, 0x44, 0x21, 0x73, 0xd2, 0x0e, 0x54, 0x33, 0x2f, 0xa1, 0x9b, 0xea, + 0xa4, 0xcf, 0xb6, 0x51, 0xbf, 0xbb, 0xd7, 0xbc, 0x86, 0xd6, 0xa1, 0x61, 0x9c, 0xf4, 0x87, 0xbd, + 0xc3, 0xae, 0xb9, 0xd7, 0xdd, 0xdf, 0x39, 0x39, 0x18, 0x36, 0x0b, 0x68, 0x0d, 0x2a, 0x07, 0x47, + 0x9d, 0x9d, 0x03, 0x96, 0xde, 0x97, 0xf4, 0xdf, 0x17, 0xa0, 0x4e, 0xdb, 0x9d, 0xcc, 0xc7, 0xe2, + 0xf9, 0x5b, 0x42, 0x24, 0x3e, 0xe8, 0xd2, 0xfa, 0xb9, 0x24, 0xbe, 0xde, 0xa2, 0x6c, 0x43, 0x2c, + 0x0a, 0x42, 0x9a, 0xcc, 0xf9, 0x51, 0x2d, 0xa6, 0x59, 0x3e, 0xd2, 0x22, 0x20, 0xd3, 0x88, 0x8a, + 0xcc, 0x9d, 0xb6, 0x98, 0x77, 0x17, 0x3e, 0xec, 0x66, 0xbb, 0xd8, 0xe7, 0xe9, 0x17, 0xc1, 0x95, + 0x5f, 0x6f, 0x40, 0xe4, 0x07, 0xbe, 0x76, 0xe6, 0x3b, 0xd6, 0x2a, 0xff, 0xac, 0x2a, 0x9f, 0x77, + 0x9f, 0xff, 0xfb, 0x2f, 0xf7, 0x0b, 0x3f, 0xff, 0x72, 0xbf, 0xf0, 0xbf, 0xbf, 0xdc, 0x2f, 0xfc, + 0xf4, 0x7f, 0xf7, 0xaf, 0xc1, 0x6d, 0x97, 0x6c, 0x46, 0xb1, 0x65, 0xbf, 0x0d, 0xc9, 0x3b, 0x4e, + 0x2b, 0x17, 0xf9, 0x47, 0xf9, 0xfd, 0xff, 0x74, 0x85, 0xc9, 0x9f, 0xfd, 0x21, 0x00, 0x00, 0xff, + 0xff, 0x4d, 0x93, 0xfd, 0xf8, 0x2b, 0x20, 0x00, 0x00, } func (m *Deployment) Marshal() (dAtA []byte, err error) { @@ -2833,6 +2842,13 @@ func (m *ContainerImage) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if len(m.Namespace) > 0 { + i -= len(m.Namespace) + copy(dAtA[i:], m.Namespace) + i = encodeVarintDeployment(dAtA, i, uint64(len(m.Namespace))) + i-- + dAtA[i] = 0x5a + } if m.NotPullable { i-- if m.NotPullable { @@ -4175,6 +4191,10 @@ func (m *ContainerImage) Size() (n int) { if m.NotPullable { n += 2 } + l = len(m.Namespace) + if l > 0 { + n += 1 + l + sovDeployment(uint64(l)) + } return n } @@ -6030,6 +6050,38 @@ func (m *ContainerImage) Unmarshal(dAtA []byte) error { } } m.NotPullable = bool(v != 0) + case 11: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowDeployment + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthDeployment + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthDeployment + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Namespace = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipDeployment(dAtA[iNdEx:]) diff --git a/proto/storage/deployment.proto b/proto/storage/deployment.proto index 38cd03e92f385..8259eb75d54c1 100644 --- a/proto/storage/deployment.proto +++ b/proto/storage/deployment.proto @@ -57,9 +57,11 @@ message ContainerImage { option (gogoproto.goproto_unrecognized) = false; // These tags maintain backwards compatibility with the previously embedded storage.Image - string id = 4 [(gogoproto.moretags) = "search:\"Image Sha,store,hidden\""]; - ImageName name = 1; - bool not_pullable = 10; + string id = 4 [(gogoproto.moretags) = "search:\"Image Sha,store,hidden\""]; + ImageName name = 1; + bool not_pullable = 10; + + string namespace = 11; } message Container { diff --git a/sensor/admission-control/manager/images.go b/sensor/admission-control/manager/images.go index e3b05d851f4dc..15137d7dbf8e5 100644 --- a/sensor/admission-control/manager/images.go +++ b/sensor/admission-control/manager/images.go @@ -64,6 +64,7 @@ type fetchImageResult struct { func (m *manager) getImageFromSensorOrCentral(ctx context.Context, s *state, img *storage.ContainerImage) (*storage.Image, error) { // Talk to central if we know its endpoint (and the client connection is not shutting down), and if we are not // currently connected to sensor. + // Note: we do not support scanning images stored in local registries if we cannot reach Sensor. if !m.sensorConnStatus.Get() && s.centralConn != nil && s.centralConn.GetState() != connectivity.Shutdown { // Central route resp, err := v1.NewImageServiceClient(s.centralConn).ScanImageInternal(ctx, &v1.ScanImageInternalRequest{ @@ -120,6 +121,8 @@ func (m *manager) getAvailableImagesAndKickOffScans(ctx context.Context, s *stat scanInline := s.GetClusterConfig().GetAdmissionControllerConfig().GetScanInline() + namespace := deployment.GetNamespace() + for idx, container := range deployment.GetContainers() { image := container.GetImage() if image.GetId() != "" || scanInline { @@ -127,9 +130,11 @@ func (m *manager) getAvailableImagesAndKickOffScans(ctx context.Context, s *stat if cachedImage != nil { images[idx] = cachedImage } - // The cached image might be insufficient if it doesn't have a scan and we want to do inline scans. + // The cached image might be insufficient if it doesn't have a scan, and we want to do inline scans. if ctx != nil && (cachedImage == nil || (scanInline && cachedImage.GetScan() == nil)) { atomic.AddInt32(&pendingCount, 1) + // Ensure the image has its Namespace field, as it may be needed when fetching. + image.Namespace = namespace go m.fetchImage(ctx, s, imgChan, &pendingCount, idx, image) } } diff --git a/sensor/common/detector/enricher.go b/sensor/common/detector/enricher.go index 7277651dffe51..0c5a3096926ba 100644 --- a/sensor/common/detector/enricher.go +++ b/sensor/common/detector/enricher.go @@ -11,10 +11,11 @@ import ( "github.com/stackrox/rox/pkg/expiringcache" "github.com/stackrox/rox/pkg/images/types" "github.com/stackrox/rox/sensor/common/imagecacheutils" + "github.com/stackrox/rox/sensor/common/scannerclient" ) const ( - scanTimeout = 6 * time.Minute + scanTimeout = 10 * time.Minute ) type scanResult struct { @@ -54,11 +55,22 @@ func (c *cacheValue) scanAndSet(svc v1.ImageServiceClient, ci *storage.Container scannedImage, err := svc.ScanImageInternal(ctx, &v1.ScanImageInternalRequest{ Image: ci, }) + + img := scannedImage.GetImage() + + // ScanImageInternal may return without error even if it was unable to find the image. + // Check the metadata here: if Central cannot retrieve the metadata, perhaps the + // image is stored in an internal registry which Sensor can reach. + if err == nil && img.GetMetadata() == nil { + img, err = scannerclient.ScanImage(ctx, svc, ci) + } + if err != nil { c.image = types.ToImage(ci) return } - c.image = scannedImage.GetImage() + + c.image = img } func newEnricher(cache expiringcache.Cache) *enricher { @@ -113,7 +125,7 @@ func (e *enricher) runScan(containerIdx int, ci *storage.ContainerImage) imageCh func (e *enricher) runImageScanAsync(imageChan chan<- imageChanResult, containerIdx int, ci *storage.ContainerImage) { go func() { - // unguarded send (push to channel outside of a select) is allowed because the imageChan is a buffered channel of exact size + // unguarded send (push to channel outside a select) is allowed because the imageChan is a buffered channel of exact size imageChan <- e.runScan(containerIdx, ci) }() } @@ -121,6 +133,9 @@ func (e *enricher) runImageScanAsync(imageChan chan<- imageChanResult, container func (e *enricher) getImages(deployment *storage.Deployment) []*storage.Image { imageChan := make(chan imageChanResult, len(deployment.GetContainers())) for idx, container := range deployment.GetContainers() { + img := container.GetImage() + // Ensure the container image has its namespace populated prior to scanning. + img.Namespace = deployment.GetNamespace() e.runImageScanAsync(imageChan, idx, container.GetImage()) } images := make([]*storage.Image, len(deployment.GetContainers())) diff --git a/sensor/common/image/service_impl.go b/sensor/common/image/service_impl.go index cd5db9ac51696..70c24071da547 100644 --- a/sensor/common/image/service_impl.go +++ b/sensor/common/image/service_impl.go @@ -4,6 +4,7 @@ import ( "context" "github.com/grpc-ecosystem/grpc-gateway/runtime" + "github.com/pkg/errors" v1 "github.com/stackrox/rox/generated/api/v1" "github.com/stackrox/rox/generated/internalapi/sensor" "github.com/stackrox/rox/generated/storage" @@ -11,10 +12,11 @@ import ( grpcPkg "github.com/stackrox/rox/pkg/grpc" "github.com/stackrox/rox/pkg/grpc/authz/idcheck" "github.com/stackrox/rox/sensor/common/imagecacheutils" + "github.com/stackrox/rox/sensor/common/scannerclient" "google.golang.org/grpc" ) -// Service is an interface to receiving ComplianceReturns from launched daemons. +// Service is an interface to receiving image scan results for the Admission Controller. type Service interface { grpcPkg.APIService sensor.ImageServiceServer @@ -23,8 +25,7 @@ type Service interface { SetClient(conn grpc.ClientConnInterface) } -// NewService returns the ComplianceServiceServer API for Sensor to use, outputs any received ComplianceReturns -// to the input channel. +// NewService returns the ImageService API for the Admission Controller to use. func NewService(imageCache expiringcache.Cache) Service { return &serviceImpl{ imageCache: imageCache, @@ -49,15 +50,30 @@ func (s *serviceImpl) GetImage(ctx context.Context, req *sensor.GetImageRequest) }, nil } } + + // Ask Central to scan the image. scanResp, err := s.centralClient.ScanImageInternal(ctx, &v1.ScanImageInternalRequest{ Image: req.GetImage(), CachedOnly: !req.GetScanInline(), }) if err != nil { - return nil, err + return nil, errors.Wrap(err, "scanning image via central") + } + + img := scanResp.GetImage() + + // ScanImageInternal may return without error even if it was unable to find the image. + // Check the metadata here: if Central cannot retrieve the metadata, perhaps the + // image is stored in an internal registry which Scanner can reach. + if img.GetMetadata() == nil { + img, err = scannerclient.ScanImage(ctx, s.centralClient, req.GetImage()) + if err != nil { + return nil, errors.Wrap(err, "scanning image via local scanner") + } } + return &sensor.GetImageResponse{ - Image: scanResp.GetImage(), + Image: img, }, nil } diff --git a/sensor/common/scannerclient/grpc_client.go b/sensor/common/scannerclient/grpc_client.go index 7ee9b7a6e64af..c17dfa137d766 100644 --- a/sensor/common/scannerclient/grpc_client.go +++ b/sensor/common/scannerclient/grpc_client.go @@ -59,7 +59,6 @@ func NewGRPCClient(endpoint string) (*Client, error) { // 2. Request image analysis from Scanner, directly. // 3. Return image analysis results. func (c *Client) GetImageAnalysis(ctx context.Context, image *storage.ContainerImage) (*scannerV1.GetImageComponentsResponse, error) { - // TODO: get image metadata resp, err := c.client.GetImageComponents(ctx, &scannerV1.GetImageComponentsRequest{ From 35633225a2916a7016c78562a5f1d44a020a2841 Mon Sep 17 00:00:00 2001 From: RTann Date: Tue, 18 Jan 2022 15:15:41 -0800 Subject: [PATCH 007/103] updates --- pkg/docker/types/config.go | 84 +++++++++++++++++++ .../listener/resources/registry_store.go | 17 ++-- .../listener/resources/registry_store_test.go | 7 +- .../kubernetes/listener/resources/secrets.go | 80 +----------------- 4 files changed, 102 insertions(+), 86 deletions(-) create mode 100644 pkg/docker/types/config.go diff --git a/pkg/docker/types/config.go b/pkg/docker/types/config.go new file mode 100644 index 0000000000000..cbb814e869130 --- /dev/null +++ b/pkg/docker/types/config.go @@ -0,0 +1,84 @@ +package types + +import ( + "encoding/base64" + "encoding/json" + "strings" + + "github.com/pkg/errors" +) + +// The following types are copied from the Kubernetes codebase, +// since it is not placed in any of the officially supported client +// libraries. + +// DockerConfigJSON represents ~/.docker/config.json file info +// see https://github.com/docker/docker/pull/12009. +type DockerConfigJSON struct { + Auths DockerConfig `json:"auths"` +} + +// DockerConfig represents the config file used by the docker CLI. +// This config that represents the credentials that should be used +// when pulling images from specific image repositories. +type DockerConfig map[string]DockerConfigEntry + +// DockerConfigEntry is an entry in the DockerConfig. +type DockerConfigEntry struct { + Username string + Password string + Email string +} + +// DockerConfigEntryWithAuth is used solely for deserializing the Auth field +// into a DockerConfigEntry during JSON deserialization. +type DockerConfigEntryWithAuth struct { + // +optional + Username string `json:"username,omitempty"` + // +optional + Password string `json:"password,omitempty"` + // +optional + Email string `json:"email,omitempty"` + // +optional + Auth string `json:"auth,omitempty"` +} + +// decodeDockerConfigFieldAuth deserializes the "auth" field from dockercfg into a +// username and a password. The format of the auth field is base64(:). +func decodeDockerConfigFieldAuth(field string) (username, password string, err error) { + decoded, err := base64.StdEncoding.DecodeString(field) + if err != nil { + return + } + + parts := strings.SplitN(string(decoded), ":", 2) + if len(parts) != 2 { + err = errors.New("unable to parse auth field") + return + } + + username = parts[0] + password = parts[1] + + return +} + +// UnmarshalJSON unmarshals the given JSON data into a *DockerConfigEntry. +func (d *DockerConfigEntry) UnmarshalJSON(data []byte) error { + var tmp DockerConfigEntryWithAuth + err := json.Unmarshal(data, &tmp) + if err != nil { + return err + } + + d.Username = tmp.Username + d.Password = tmp.Password + d.Email = tmp.Email + + if len(tmp.Auth) == 0 { + return nil + } + + d.Username, d.Password, err = decodeDockerConfigFieldAuth(tmp.Auth) + return err +} diff --git a/sensor/kubernetes/listener/resources/registry_store.go b/sensor/kubernetes/listener/resources/registry_store.go index 1b565193b7b3c..5d0baffad2032 100644 --- a/sensor/kubernetes/listener/resources/registry_store.go +++ b/sensor/kubernetes/listener/resources/registry_store.go @@ -1,12 +1,15 @@ package resources -import "github.com/stackrox/rox/pkg/sync" +import ( + "github.com/stackrox/rox/pkg/docker/types" + "github.com/stackrox/rox/pkg/sync" +) // RegistryStore stores cluster-internal registries by namespace. type RegistryStore struct { // store maps a namespace to the names of registries accessible from within the namespace. // The registry maps to its credentials. - store map[string]map[string]dockerConfigEntry + store map[string]map[string]types.DockerConfigEntry mutex sync.RWMutex } @@ -14,17 +17,17 @@ type RegistryStore struct { // newRegistryStore creates a new registryStore. func newRegistryStore() *RegistryStore { return &RegistryStore{ - store: make(map[string]map[string]dockerConfigEntry), + store: make(map[string]map[string]types.DockerConfigEntry), } } -func (rs *RegistryStore) addOrUpdateRegistry(namespace, registry string, dce dockerConfigEntry) { +func (rs *RegistryStore) addOrUpdateRegistry(namespace, registry string, dce types.DockerConfigEntry) { rs.mutex.Lock() defer rs.mutex.Unlock() nsMap := rs.store[namespace] if nsMap == nil { - nsMap = make(map[string]dockerConfigEntry) + nsMap = make(map[string]types.DockerConfigEntry) rs.store[namespace] = nsMap } @@ -32,8 +35,8 @@ func (rs *RegistryStore) addOrUpdateRegistry(namespace, registry string, dce doc } // getAllInNamespace returns all the registries+credentials within a given namespace. -func (rs *RegistryStore) getAllInNamespace(namespace string) map[string]dockerConfigEntry { - regs := make(map[string]dockerConfigEntry) +func (rs *RegistryStore) getAllInNamespace(namespace string) map[string]types.DockerConfigEntry { + regs := make(map[string]types.DockerConfigEntry) rs.mutex.RLock() rs.mutex.RUnlock() diff --git a/sensor/kubernetes/listener/resources/registry_store_test.go b/sensor/kubernetes/listener/resources/registry_store_test.go index 3f72399d92382..2de11c6e715c3 100644 --- a/sensor/kubernetes/listener/resources/registry_store_test.go +++ b/sensor/kubernetes/listener/resources/registry_store_test.go @@ -3,22 +3,23 @@ package resources import ( "testing" + "github.com/stackrox/rox/pkg/docker/types" "github.com/stretchr/testify/assert" ) func TestRegistryStore(t *testing.T) { rs := newRegistryStore() - rs.addOrUpdateRegistry("a", "reg1", dockerConfigEntry{ + rs.addOrUpdateRegistry("a", "reg1", types.DockerConfigEntry{ Username: "test1", Password: "test1pass", Email: "test1@test.com", }) - rs.addOrUpdateRegistry("a", "reg2", dockerConfigEntry{ + rs.addOrUpdateRegistry("a", "reg2", types.DockerConfigEntry{ Username: "test2", Password: "test2pass", Email: "test2@test.com", }) - rs.addOrUpdateRegistry("b", "reg3", dockerConfigEntry{ + rs.addOrUpdateRegistry("b", "reg3", types.DockerConfigEntry{ Username: "test3", Password: "test2pass", Email: "test3@test.com", diff --git a/sensor/kubernetes/listener/resources/secrets.go b/sensor/kubernetes/listener/resources/secrets.go index 7af54b9cffda6..7a5658463aa3a 100644 --- a/sensor/kubernetes/listener/resources/secrets.go +++ b/sensor/kubernetes/listener/resources/secrets.go @@ -11,6 +11,7 @@ import ( "github.com/cloudflare/cfssl/certinfo" "github.com/stackrox/rox/generated/internalapi/central" "github.com/stackrox/rox/generated/storage" + "github.com/stackrox/rox/pkg/docker/types" "github.com/stackrox/rox/pkg/features" "github.com/stackrox/rox/pkg/protoconv" "github.com/stackrox/rox/pkg/registries/docker" @@ -28,79 +29,6 @@ const ( defaultSA = "default" ) -// The following types are copied from the Kubernetes codebase, -// since it is not placed in any of the officially supported client -// libraries. -// dockerConfigJSON represents ~/.docker/config.json file info -// see https://github.com/docker/docker/pull/12009 -type dockerConfigJSON struct { - Auths dockerConfig `json:"auths"` -} - -// dockerConfig represents the config file used by the docker CLI. -// This config that represents the credentials that should be used -// when pulling images from specific image repositories. -type dockerConfig map[string]dockerConfigEntry - -// dockerConfigEntry is an entry in the dockerConfig. -type dockerConfigEntry struct { - Username string - Password string - Email string -} - -// dockerConfigEntryWithAuth is used solely for deserializing the Auth field -// into a dockerConfigEntry during JSON deserialization. -type dockerConfigEntryWithAuth struct { - // +optional - Username string `json:"username,omitempty"` - // +optional - Password string `json:"password,omitempty"` - // +optional - Email string `json:"email,omitempty"` - // +optional - Auth string `json:"auth,omitempty"` -} - -// decodeDockerConfigFieldAuth deserializes the "auth" field from dockercfg into a -// username and a password. The format of the auth field is base64(:). -func decodeDockerConfigFieldAuth(field string) (username, password string, err error) { - decoded, err := base64.StdEncoding.DecodeString(field) - if err != nil { - return - } - - parts := strings.SplitN(string(decoded), ":", 2) - if len(parts) != 2 { - err = errors.New("unable to parse auth field") - return - } - - username = parts[0] - password = parts[1] - - return -} - -func (d *dockerConfigEntry) UnmarshalJSON(data []byte) error { - var tmp dockerConfigEntryWithAuth - err := json.Unmarshal(data, &tmp) - if err != nil { - return err - } - - d.Username = tmp.Username - d.Password = tmp.Password - d.Email = tmp.Email - - if len(tmp.Auth) == 0 { - return nil - } - - d.Username, d.Password, err = decodeDockerConfigFieldAuth(tmp.Auth) - return err -} - var dataTypeMap = map[string]storage.SecretType{ "-----BEGIN CERTIFICATE-----": storage.SecretType_PUBLIC_CERTIFICATE, "-----BEGIN NEW CERTIFICATE REQUEST-----": storage.SecretType_CERTIFICATE_REQUEST, @@ -204,7 +132,7 @@ func newSecretDispatcher(regStore *RegistryStore) *secretDispatcher { } } -func dockerConfigToImageIntegration(registry string, dce dockerConfigEntry) *storage.ImageIntegration { +func dockerConfigToImageIntegration(registry string, dce types.DockerConfigEntry) *storage.ImageIntegration { registryType := docker.GenericDockerRegistryType if urlfmt.TrimHTTPPrefixes(registry) == redhatRegistryEndpoint { registryType = rhel.RedHatRegistryType @@ -226,7 +154,7 @@ func dockerConfigToImageIntegration(registry string, dce dockerConfigEntry) *sto } func (s *secretDispatcher) processDockerConfigEvent(secret *v1.Secret, action central.ResourceAction) []*central.SensorEvent { - var dockerConfig dockerConfig + var dockerConfig types.DockerConfig switch secret.Type { case v1.SecretTypeDockercfg: data, ok := secret.Data[v1.DockerConfigKey] @@ -242,7 +170,7 @@ func (s *secretDispatcher) processDockerConfigEvent(secret *v1.Secret, action ce if !ok { return nil } - var dockerConfigJSON dockerConfigJSON + var dockerConfigJSON types.DockerConfigJSON if err := json.Unmarshal(data, &dockerConfigJSON); err != nil { log.Error(err) return nil From 196eb1c0e0e6977933aa7b06c953d336242f6406 Mon Sep 17 00:00:00 2001 From: RTann Date: Wed, 19 Jan 2022 12:27:48 -0800 Subject: [PATCH 008/103] for now --- pkg/registries/factory.go | 40 +++++++++++-------- pkg/registries/factory_options.go | 22 ++++++++++ .../listener/resources/registry_store.go | 33 +++++++++++---- 3 files changed, 72 insertions(+), 23 deletions(-) create mode 100644 pkg/registries/factory_options.go diff --git a/pkg/registries/factory.go b/pkg/registries/factory.go index 7e01362fd9501..fe0eb2988f170 100644 --- a/pkg/registries/factory.go +++ b/pkg/registries/factory.go @@ -28,27 +28,35 @@ type Factory interface { type creatorWrapper func() (string, func(integration *storage.ImageIntegration) (types.Registry, error)) +var allCreatorFuncs = []creatorWrapper{ + artifactRegistryFactory.Creator, + artifactoryFactory.Creator, + dockerFactory.Creator, + dtrFactory.Creator, + ecrFactory.Creator, + googleFactory.Creator, + quayFactory.Creator, + tenableFactory.Creator, + nexusFactory.Creator, + azureFactory.Creator, + rhelFactory.Creator, + ibmFactory.Creator, +} + // NewFactory creates a new scanner factory. -func NewFactory() Factory { +func NewFactory(opts ...FactoryOption) Factory { + var o factoryOption + for _, opt := range opts { + opt.apply(&o) + } + reg := &factoryImpl{ creators: make(map[string]Creator), } - // Add registries to factory. - ////////////////////////////// - creatorFuncs := []creatorWrapper{ - artifactRegistryFactory.Creator, - artifactoryFactory.Creator, - dockerFactory.Creator, - dtrFactory.Creator, - ecrFactory.Creator, - googleFactory.Creator, - quayFactory.Creator, - tenableFactory.Creator, - nexusFactory.Creator, - azureFactory.Creator, - rhelFactory.Creator, - ibmFactory.Creator, + creatorFuncs := allCreatorFuncs + if len(o.creatorFuncs) > 0 { + creatorFuncs = o.creatorFuncs } for _, creatorFunc := range creatorFuncs { diff --git a/pkg/registries/factory_options.go b/pkg/registries/factory_options.go new file mode 100644 index 0000000000000..63cc952aa6c8a --- /dev/null +++ b/pkg/registries/factory_options.go @@ -0,0 +1,22 @@ +package registries + +type factoryOption struct { + creatorFuncs []creatorWrapper +} + +type FactoryOption interface { + apply(*factoryOption) +} + +type factoryOptionFunc func(*factoryOption) + +func (o factoryOptionFunc) apply(opt *factoryOption) { + o(opt) +} + +// WithRegistryCreators specifies which registries to add to the factory. +func WithRegistryCreators(creatorFuncs ...creatorWrapper) FactoryOption { + return factoryOptionFunc(func(o *factoryOption) { + o.creatorFuncs = creatorFuncs + }) +} diff --git a/sensor/kubernetes/listener/resources/registry_store.go b/sensor/kubernetes/listener/resources/registry_store.go index 5d0baffad2032..206f223534302 100644 --- a/sensor/kubernetes/listener/resources/registry_store.go +++ b/sensor/kubernetes/listener/resources/registry_store.go @@ -1,15 +1,20 @@ package resources import ( + "github.com/stackrox/rox/generated/storage" "github.com/stackrox/rox/pkg/docker/types" + "github.com/stackrox/rox/pkg/registries" + dockerFactory "github.com/stackrox/rox/pkg/registries/docker" "github.com/stackrox/rox/pkg/sync" + "github.com/stackrox/rox/pkg/tlscheck" ) // RegistryStore stores cluster-internal registries by namespace. type RegistryStore struct { + factory registries.Factory // store maps a namespace to the names of registries accessible from within the namespace. // The registry maps to its credentials. - store map[string]map[string]types.DockerConfigEntry + store map[string]registries.Set mutex sync.RWMutex } @@ -17,7 +22,8 @@ type RegistryStore struct { // newRegistryStore creates a new registryStore. func newRegistryStore() *RegistryStore { return &RegistryStore{ - store: make(map[string]map[string]types.DockerConfigEntry), + factory: registries.NewFactory(registries.WithRegistryCreators(dockerFactory.Creator)), + store: make(map[string]registries.Set), } } @@ -25,13 +31,26 @@ func (rs *RegistryStore) addOrUpdateRegistry(namespace, registry string, dce typ rs.mutex.Lock() defer rs.mutex.Unlock() - nsMap := rs.store[namespace] - if nsMap == nil { - nsMap = make(map[string]types.DockerConfigEntry) - rs.store[namespace] = nsMap + regs := rs.store[namespace] + if regs == nil { + regs = registries.NewSet(rs.factory) + rs.store[namespace] = regs } - nsMap[registry] = dce + tlscheck.CheckTLS(registry) + regs.UpdateImageIntegration(&storage.ImageIntegration{ + Name: registry, + Type: "docker", + Categories: []storage.ImageIntegrationCategory{storage.ImageIntegrationCategory_REGISTRY}, + IntegrationConfig: &storage.ImageIntegration_Docker{ + Docker: &storage.DockerConfig{ + Endpoint: registry, + Username: dce.Username, + Password: dce.Password, + Insecure: false, + }, + }, + }) } // getAllInNamespace returns all the registries+credentials within a given namespace. From 2d53f131ef90b0dc9ec42d8aa0fafd1d4881d07e Mon Sep 17 00:00:00 2001 From: RTann Date: Wed, 19 Jan 2022 13:20:54 -0800 Subject: [PATCH 009/103] updates --- .../listener/resources/registry_store.go | 39 ++++++++++++------- .../listener/resources/registry_store_test.go | 36 ----------------- .../kubernetes/listener/resources/secrets.go | 5 ++- 3 files changed, 29 insertions(+), 51 deletions(-) delete mode 100644 sensor/kubernetes/listener/resources/registry_store_test.go diff --git a/sensor/kubernetes/listener/resources/registry_store.go b/sensor/kubernetes/listener/resources/registry_store.go index 206f223534302..8f4343e778db8 100644 --- a/sensor/kubernetes/listener/resources/registry_store.go +++ b/sensor/kubernetes/listener/resources/registry_store.go @@ -1,6 +1,7 @@ package resources import ( + "github.com/pkg/errors" "github.com/stackrox/rox/generated/storage" "github.com/stackrox/rox/pkg/docker/types" "github.com/stackrox/rox/pkg/registries" @@ -10,6 +11,7 @@ import ( ) // RegistryStore stores cluster-internal registries by namespace. +// It is assumed all the registries are Docker registries. type RegistryStore struct { factory registries.Factory // store maps a namespace to the names of registries accessible from within the namespace. @@ -27,7 +29,7 @@ func newRegistryStore() *RegistryStore { } } -func (rs *RegistryStore) addOrUpdateRegistry(namespace, registry string, dce types.DockerConfigEntry) { +func (rs *RegistryStore) getRegistries(namespace string) registries.Set { rs.mutex.Lock() defer rs.mutex.Unlock() @@ -37,8 +39,19 @@ func (rs *RegistryStore) addOrUpdateRegistry(namespace, registry string, dce typ rs.store[namespace] = regs } - tlscheck.CheckTLS(registry) - regs.UpdateImageIntegration(&storage.ImageIntegration{ + return regs +} + +// upsertRegistry upserts the given registry with the given credentials in the given namespace into the store. +func (rs *RegistryStore) upsertRegistry(namespace, registry string, dce types.DockerConfigEntry) error { + regs := rs.getRegistries(namespace) + + secure, err := tlscheck.CheckTLS(registry) + if err != nil { + return errors.Wrapf(err, "unable to check TLS for registry %q", registry) + } + + err = regs.UpdateImageIntegration(&storage.ImageIntegration{ Name: registry, Type: "docker", Categories: []storage.ImageIntegrationCategory{storage.ImageIntegrationCategory_REGISTRY}, @@ -47,23 +60,21 @@ func (rs *RegistryStore) addOrUpdateRegistry(namespace, registry string, dce typ Endpoint: registry, Username: dce.Username, Password: dce.Password, - Insecure: false, + Insecure: !secure, }, }, }) + if err != nil { + return errors.Wrapf(err, "updating registry store with registry %q", registry) + } + + return nil } // getAllInNamespace returns all the registries+credentials within a given namespace. -func (rs *RegistryStore) getAllInNamespace(namespace string) map[string]types.DockerConfigEntry { - regs := make(map[string]types.DockerConfigEntry) - +func (rs *RegistryStore) getAllInNamespace(namespace string) registries.Set { rs.mutex.RLock() - rs.mutex.RUnlock() + defer rs.mutex.RUnlock() - // Copy the registry to configuration map. - for reg, dce := range rs.store[namespace] { - regs[reg] = dce - } - - return regs + return rs.store[namespace] } diff --git a/sensor/kubernetes/listener/resources/registry_store_test.go b/sensor/kubernetes/listener/resources/registry_store_test.go deleted file mode 100644 index 2de11c6e715c3..0000000000000 --- a/sensor/kubernetes/listener/resources/registry_store_test.go +++ /dev/null @@ -1,36 +0,0 @@ -package resources - -import ( - "testing" - - "github.com/stackrox/rox/pkg/docker/types" - "github.com/stretchr/testify/assert" -) - -func TestRegistryStore(t *testing.T) { - rs := newRegistryStore() - rs.addOrUpdateRegistry("a", "reg1", types.DockerConfigEntry{ - Username: "test1", - Password: "test1pass", - Email: "test1@test.com", - }) - rs.addOrUpdateRegistry("a", "reg2", types.DockerConfigEntry{ - Username: "test2", - Password: "test2pass", - Email: "test2@test.com", - }) - rs.addOrUpdateRegistry("b", "reg3", types.DockerConfigEntry{ - Username: "test3", - Password: "test2pass", - Email: "test3@test.com", - }) - - regs := rs.getAllInNamespace("a") - assert.Len(t, regs, 2) - - regs = rs.getAllInNamespace("b") - assert.Len(t, regs, 1) - - regs = rs.getAllInNamespace("c") - assert.Empty(t, regs) -} diff --git a/sensor/kubernetes/listener/resources/secrets.go b/sensor/kubernetes/listener/resources/secrets.go index 7a5658463aa3a..0c1ac2465f675 100644 --- a/sensor/kubernetes/listener/resources/secrets.go +++ b/sensor/kubernetes/listener/resources/secrets.go @@ -192,7 +192,10 @@ func (s *secretDispatcher) processDockerConfigEvent(secret *v1.Secret, action ce if features.LocalImageScanning.Enabled() { if fromDefaultSA { // Store the registry credentials so Sensor can reach it. - s.regStore.addOrUpdateRegistry(secret.GetNamespace(), registry, dce) + err := s.regStore.upsertRegistry(secret.GetNamespace(), registry, dce) + if err != nil { + log.Errorf("Unable to upsert registry %q into store: %v", registry, err) + } } } ii := dockerConfigToImageIntegration(registry, dce) From fdcbdfc3b8b85707a26f53747640139dffc35ce7 Mon Sep 17 00:00:00 2001 From: RTann Date: Wed, 19 Jan 2022 13:29:59 -0800 Subject: [PATCH 010/103] debug logs --- pkg/registries/set_impl.go | 11 +++++++++++ sensor/kubernetes/listener/resources/secrets.go | 4 ++++ 2 files changed, 15 insertions(+) diff --git a/pkg/registries/set_impl.go b/pkg/registries/set_impl.go index 904be77e32e3f..ed070c875fea5 100644 --- a/pkg/registries/set_impl.go +++ b/pkg/registries/set_impl.go @@ -2,6 +2,7 @@ package registries import ( "sort" + "strings" "github.com/stackrox/rox/generated/storage" "github.com/stackrox/rox/pkg/registries/types" @@ -15,6 +16,16 @@ type setImpl struct { integrations map[string]types.ImageRegistry } +// TODO: delete me +func (e *setImpl) String() string { + regs := make([]string, 0, len(e.integrations)) + for _, integ := range e.integrations { + regs = append(regs, integ.Name()) + } + + return strings.Join(regs, ", ") +} + func sortIntegrations(integrations []types.ImageRegistry) { // This just ensures that the registries that have username/passwords are processed first sort.SliceStable(integrations, func(i, j int) bool { diff --git a/sensor/kubernetes/listener/resources/secrets.go b/sensor/kubernetes/listener/resources/secrets.go index 0c1ac2465f675..bbd153f641c3f 100644 --- a/sensor/kubernetes/listener/resources/secrets.go +++ b/sensor/kubernetes/listener/resources/secrets.go @@ -195,6 +195,10 @@ func (s *secretDispatcher) processDockerConfigEvent(secret *v1.Secret, action ce err := s.regStore.upsertRegistry(secret.GetNamespace(), registry, dce) if err != nil { log.Errorf("Unable to upsert registry %q into store: %v", registry, err) + } else { + // TODO: delete me + log.Infof("Successfully added registry") + log.Infof("Registries: %v", s.regStore.store) } } } From 4bfb84f68ee7c0e898fbe2b503db0fc29637403a Mon Sep 17 00:00:00 2001 From: RTann Date: Thu, 20 Jan 2022 12:50:40 -0800 Subject: [PATCH 011/103] for now --- pkg/registries/factory_options.go | 8 +++++--- sensor/kubernetes/listener/resources/registry_store.go | 3 +-- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/pkg/registries/factory_options.go b/pkg/registries/factory_options.go index 63cc952aa6c8a..03a0117a368cc 100644 --- a/pkg/registries/factory_options.go +++ b/pkg/registries/factory_options.go @@ -1,5 +1,7 @@ package registries +import dockerFactory "github.com/stackrox/rox/pkg/registries/docker" + type factoryOption struct { creatorFuncs []creatorWrapper } @@ -14,9 +16,9 @@ func (o factoryOptionFunc) apply(opt *factoryOption) { o(opt) } -// WithRegistryCreators specifies which registries to add to the factory. -func WithRegistryCreators(creatorFuncs ...creatorWrapper) FactoryOption { +// WithDockerRegistry adds the Docker registry creator to the registry factory. +func WithDockerRegistry() FactoryOption { return factoryOptionFunc(func(o *factoryOption) { - o.creatorFuncs = creatorFuncs + o.creatorFuncs = append(o.creatorFuncs, dockerFactory.Creator) }) } diff --git a/sensor/kubernetes/listener/resources/registry_store.go b/sensor/kubernetes/listener/resources/registry_store.go index 8f4343e778db8..1fae7ac0076dd 100644 --- a/sensor/kubernetes/listener/resources/registry_store.go +++ b/sensor/kubernetes/listener/resources/registry_store.go @@ -5,7 +5,6 @@ import ( "github.com/stackrox/rox/generated/storage" "github.com/stackrox/rox/pkg/docker/types" "github.com/stackrox/rox/pkg/registries" - dockerFactory "github.com/stackrox/rox/pkg/registries/docker" "github.com/stackrox/rox/pkg/sync" "github.com/stackrox/rox/pkg/tlscheck" ) @@ -24,7 +23,7 @@ type RegistryStore struct { // newRegistryStore creates a new registryStore. func newRegistryStore() *RegistryStore { return &RegistryStore{ - factory: registries.NewFactory(registries.WithRegistryCreators(dockerFactory.Creator)), + factory: registries.NewFactory(registries.WithDockerRegistry()), store: make(map[string]registries.Set), } } From aa30729593e1bccdb12fcbc573afa29531ca4016 Mon Sep 17 00:00:00 2001 From: RTann Date: Mon, 24 Jan 2022 11:30:10 -0800 Subject: [PATCH 012/103] update factory opts --- pkg/registries/factory_options.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/registries/factory_options.go b/pkg/registries/factory_options.go index 63cc952aa6c8a..78456b215b07c 100644 --- a/pkg/registries/factory_options.go +++ b/pkg/registries/factory_options.go @@ -10,13 +10,13 @@ type FactoryOption interface { type factoryOptionFunc func(*factoryOption) -func (o factoryOptionFunc) apply(opt *factoryOption) { - o(opt) +func (f factoryOptionFunc) apply(opt *factoryOption) { + f(opt) } // WithRegistryCreators specifies which registries to add to the factory. func WithRegistryCreators(creatorFuncs ...creatorWrapper) FactoryOption { return factoryOptionFunc(func(o *factoryOption) { - o.creatorFuncs = creatorFuncs + o.creatorFuncs = append(o.creatorFuncs, creatorFuncs...) }) } From 2b53677341ffe4c323d88c1f95072f420e5011e6 Mon Sep 17 00:00:00 2001 From: RTann Date: Mon, 24 Jan 2022 13:40:44 -0800 Subject: [PATCH 013/103] debug --- sensor/kubernetes/listener/resources/registry_store.go | 2 ++ sensor/kubernetes/listener/resources/secrets.go | 2 ++ 2 files changed, 4 insertions(+) diff --git a/sensor/kubernetes/listener/resources/registry_store.go b/sensor/kubernetes/listener/resources/registry_store.go index 8f4343e778db8..739f977b1011a 100644 --- a/sensor/kubernetes/listener/resources/registry_store.go +++ b/sensor/kubernetes/listener/resources/registry_store.go @@ -66,6 +66,8 @@ func (rs *RegistryStore) upsertRegistry(namespace, registry string, dce types.Do }) if err != nil { return errors.Wrapf(err, "updating registry store with registry %q", registry) + } else { + log.Infof("Updated registry store with %q (Secure: %v)", registry, secure) } return nil diff --git a/sensor/kubernetes/listener/resources/secrets.go b/sensor/kubernetes/listener/resources/secrets.go index 0c1ac2465f675..17ee5051a1bb3 100644 --- a/sensor/kubernetes/listener/resources/secrets.go +++ b/sensor/kubernetes/listener/resources/secrets.go @@ -195,6 +195,8 @@ func (s *secretDispatcher) processDockerConfigEvent(secret *v1.Secret, action ce err := s.regStore.upsertRegistry(secret.GetNamespace(), registry, dce) if err != nil { log.Errorf("Unable to upsert registry %q into store: %v", registry, err) + } else { + log.Info("Upserted registry %q", registry) } } } From 93550ab80b90b63994b408c022a347b97b98b531 Mon Sep 17 00:00:00 2001 From: RTann Date: Mon, 24 Jan 2022 13:58:05 -0800 Subject: [PATCH 014/103] style --- pkg/registries/factory_options.go | 1 + .../listener/resources/registry_store.go | 20 +++++++++---------- .../kubernetes/listener/resources/secrets.go | 2 +- 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/pkg/registries/factory_options.go b/pkg/registries/factory_options.go index 78456b215b07c..259d9d676b81c 100644 --- a/pkg/registries/factory_options.go +++ b/pkg/registries/factory_options.go @@ -4,6 +4,7 @@ type factoryOption struct { creatorFuncs []creatorWrapper } +// FactoryOption specifies optional configuration parameters for a registry factory. type FactoryOption interface { apply(*factoryOption) } diff --git a/sensor/kubernetes/listener/resources/registry_store.go b/sensor/kubernetes/listener/resources/registry_store.go index 739f977b1011a..b705cdadb6ba4 100644 --- a/sensor/kubernetes/listener/resources/registry_store.go +++ b/sensor/kubernetes/listener/resources/registry_store.go @@ -52,24 +52,24 @@ func (rs *RegistryStore) upsertRegistry(namespace, registry string, dce types.Do } err = regs.UpdateImageIntegration(&storage.ImageIntegration{ - Name: registry, - Type: "docker", - Categories: []storage.ImageIntegrationCategory{storage.ImageIntegrationCategory_REGISTRY}, - IntegrationConfig: &storage.ImageIntegration_Docker{ + Name: registry, + Type: "docker", + Categories: []storage.ImageIntegrationCategory{storage.ImageIntegrationCategory_REGISTRY}, + IntegrationConfig: &storage.ImageIntegration_Docker{ Docker: &storage.DockerConfig{ - Endpoint: registry, - Username: dce.Username, - Password: dce.Password, - Insecure: !secure, + Endpoint: registry, + Username: dce.Username, + Password: dce.Password, + Insecure: !secure, }, }, }) if err != nil { return errors.Wrapf(err, "updating registry store with registry %q", registry) - } else { - log.Infof("Updated registry store with %q (Secure: %v)", registry, secure) } + log.Infof("Updated registry store with %q (Secure: %v)", registry, secure) + return nil } diff --git a/sensor/kubernetes/listener/resources/secrets.go b/sensor/kubernetes/listener/resources/secrets.go index 17ee5051a1bb3..decb8b2be4f4e 100644 --- a/sensor/kubernetes/listener/resources/secrets.go +++ b/sensor/kubernetes/listener/resources/secrets.go @@ -196,7 +196,7 @@ func (s *secretDispatcher) processDockerConfigEvent(secret *v1.Secret, action ce if err != nil { log.Errorf("Unable to upsert registry %q into store: %v", registry, err) } else { - log.Info("Upserted registry %q", registry) + log.Infof("Upserted registry %q", registry) } } } From 325beeb9b48d6e6e25f13f20c030d7461f94608c Mon Sep 17 00:00:00 2001 From: RTann Date: Tue, 25 Jan 2022 11:31:03 -0800 Subject: [PATCH 015/103] update --- sensor/kubernetes/listener/resources/dispatcher.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sensor/kubernetes/listener/resources/dispatcher.go b/sensor/kubernetes/listener/resources/dispatcher.go index 092f5e32948c0..85544a9e5f606 100644 --- a/sensor/kubernetes/listener/resources/dispatcher.go +++ b/sensor/kubernetes/listener/resources/dispatcher.go @@ -61,7 +61,7 @@ func NewDispatcherRegistry(clusterID string, podLister v1Listers.PodLister, prof endpointManager := newEndpointManager(serviceStore, deploymentStore, podStore, nodeStore, entityStore) rbacUpdater := rbac.NewStore() portExposureReconciler := newPortExposureReconciler(deploymentStore, serviceStore) - registryStore := newRegistryStore() + registryStore := RegistryStoreSingleton() return ®istryImpl{ deploymentHandler: newDeploymentHandler(clusterID, serviceStore, deploymentStore, podStore, endpointManager, nsStore, From b12da60afc043e6eb39641829725e6f0c60437a2 Mon Sep 17 00:00:00 2001 From: RTann Date: Tue, 25 Jan 2022 14:25:06 -0800 Subject: [PATCH 016/103] add more logs --- sensor/kubernetes/listener/resources/secrets.go | 1 + 1 file changed, 1 insertion(+) diff --git a/sensor/kubernetes/listener/resources/secrets.go b/sensor/kubernetes/listener/resources/secrets.go index decb8b2be4f4e..22792fdca5e83 100644 --- a/sensor/kubernetes/listener/resources/secrets.go +++ b/sensor/kubernetes/listener/resources/secrets.go @@ -188,6 +188,7 @@ func (s *secretDispatcher) processDockerConfigEvent(secret *v1.Secret, action ce // In OpenShift, the default service account also contains credentials for the // OpenShift Container Registry, which is an internal image registry. fromDefaultSA := secret.GetAnnotations()[saAnnotation] == defaultSA + log.Infof("Secret %s:%s from default SA? %v", secret.GetName(), secret.GetNamespace(), secret.GetAnnotations()[saAnnotation] == defaultSA) for registry, dce := range dockerConfig { if features.LocalImageScanning.Enabled() { if fromDefaultSA { From 1d6baf9eae4e4b9570db4b0170b383d92f5820a7 Mon Sep 17 00:00:00 2001 From: RTann Date: Tue, 25 Jan 2022 15:14:37 -0800 Subject: [PATCH 017/103] remove log --- sensor/kubernetes/listener/resources/secrets.go | 1 - 1 file changed, 1 deletion(-) diff --git a/sensor/kubernetes/listener/resources/secrets.go b/sensor/kubernetes/listener/resources/secrets.go index 22792fdca5e83..decb8b2be4f4e 100644 --- a/sensor/kubernetes/listener/resources/secrets.go +++ b/sensor/kubernetes/listener/resources/secrets.go @@ -188,7 +188,6 @@ func (s *secretDispatcher) processDockerConfigEvent(secret *v1.Secret, action ce // In OpenShift, the default service account also contains credentials for the // OpenShift Container Registry, which is an internal image registry. fromDefaultSA := secret.GetAnnotations()[saAnnotation] == defaultSA - log.Infof("Secret %s:%s from default SA? %v", secret.GetName(), secret.GetNamespace(), secret.GetAnnotations()[saAnnotation] == defaultSA) for registry, dce := range dockerConfig { if features.LocalImageScanning.Enabled() { if fromDefaultSA { From e6b48cd508b77fd87be669668fc6f6b8e22f9586 Mon Sep 17 00:00:00 2001 From: RTann Date: Tue, 25 Jan 2022 15:28:41 -0800 Subject: [PATCH 018/103] remove logs --- sensor/kubernetes/listener/resources/registry_store.go | 4 +--- sensor/kubernetes/listener/resources/secrets.go | 2 -- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/sensor/kubernetes/listener/resources/registry_store.go b/sensor/kubernetes/listener/resources/registry_store.go index b705cdadb6ba4..7f1d5ddabc779 100644 --- a/sensor/kubernetes/listener/resources/registry_store.go +++ b/sensor/kubernetes/listener/resources/registry_store.go @@ -68,12 +68,10 @@ func (rs *RegistryStore) upsertRegistry(namespace, registry string, dce types.Do return errors.Wrapf(err, "updating registry store with registry %q", registry) } - log.Infof("Updated registry store with %q (Secure: %v)", registry, secure) - return nil } -// getAllInNamespace returns all the registries+credentials within a given namespace. +// getAllInNamespace returns all the registries within a given namespace. func (rs *RegistryStore) getAllInNamespace(namespace string) registries.Set { rs.mutex.RLock() defer rs.mutex.RUnlock() diff --git a/sensor/kubernetes/listener/resources/secrets.go b/sensor/kubernetes/listener/resources/secrets.go index decb8b2be4f4e..0c1ac2465f675 100644 --- a/sensor/kubernetes/listener/resources/secrets.go +++ b/sensor/kubernetes/listener/resources/secrets.go @@ -195,8 +195,6 @@ func (s *secretDispatcher) processDockerConfigEvent(secret *v1.Secret, action ce err := s.regStore.upsertRegistry(secret.GetNamespace(), registry, dce) if err != nil { log.Errorf("Unable to upsert registry %q into store: %v", registry, err) - } else { - log.Infof("Upserted registry %q", registry) } } } From 5560267383a10c12c776a0e264b981807c02d2fb Mon Sep 17 00:00:00 2001 From: RTann Date: Tue, 25 Jan 2022 16:10:20 -0800 Subject: [PATCH 019/103] updates --- central/image/service/service_impl.go | 20 +++++++------------- pkg/registries/set_impl.go | 11 ----------- 2 files changed, 7 insertions(+), 24 deletions(-) diff --git a/central/image/service/service_impl.go b/central/image/service/service_impl.go index d7eb43897bbd1..69a3d38bf0d82 100644 --- a/central/image/service/service_impl.go +++ b/central/image/service/service_impl.go @@ -193,8 +193,9 @@ func (s *serviceImpl) ScanImageInternal(ctx context.Context, request *v1.ScanIma // If the scan exists, and it is less than the reprocessing interval, then return the scan. // Otherwise, fetch it from the DB. if exists { + utils.FilterSuppressedCVEsNoClone(img) return &v1.ScanImageInternalResponse{ - Image: sanitizeImage(img), + Image: utils.StripCVEDescriptions(img), }, nil } } @@ -214,25 +215,18 @@ func (s *serviceImpl) ScanImageInternal(ctx context.Context, request *v1.ScanIma // even if we weren't able to enrich it } - // asynchronously upsert the image, as this rpc should be performant + // asynchronously upsert images as this rpc should be performant if img.GetId() != "" { go s.saveImage(img.Clone()) } + // This modifies the image object + utils.FilterSuppressedCVEsNoClone(img) return &v1.ScanImageInternalResponse{ - Image: sanitizeImage(img), + Image: utils.StripCVEDescriptions(img), }, nil } -// sanitizeImage prepares the image for responses. -// The passed in image is modified. -// Returns the passed in image. -func sanitizeImage(img *storage.Image) *storage.Image { - utils.FilterSuppressedCVEsNoClone(img) - utils.StripCVEDescriptionsNoClone(img) - return img -} - // ScanImage scans an image and returns the result func (s *serviceImpl) ScanImage(ctx context.Context, request *v1.ScanImageRequest) (*storage.Image, error) { enrichmentCtx := enricher.EnrichmentContext{ @@ -261,7 +255,7 @@ func (s *serviceImpl) ScanImage(ctx context.Context, request *v1.ScanImageReques // GetImageVulnerabilitiesInternal retrieves the vulnerabilities related to the image // specified by the given components and scan notes. -// This is meant to be called by Sensor or Admission Controller. +// This is meant to be called by Sensor. // TODO(ROX-8401): Implement me. func (s *serviceImpl) GetImageVulnerabilitiesInternal(ctx context.Context, request *v1.GetImageVulnerabilitiesInternalRequest) (*v1.GetImageVulnerabilitiesInternalResponse, error) { return nil, nil diff --git a/pkg/registries/set_impl.go b/pkg/registries/set_impl.go index ed070c875fea5..904be77e32e3f 100644 --- a/pkg/registries/set_impl.go +++ b/pkg/registries/set_impl.go @@ -2,7 +2,6 @@ package registries import ( "sort" - "strings" "github.com/stackrox/rox/generated/storage" "github.com/stackrox/rox/pkg/registries/types" @@ -16,16 +15,6 @@ type setImpl struct { integrations map[string]types.ImageRegistry } -// TODO: delete me -func (e *setImpl) String() string { - regs := make([]string, 0, len(e.integrations)) - for _, integ := range e.integrations { - regs = append(regs, integ.Name()) - } - - return strings.Join(regs, ", ") -} - func sortIntegrations(integrations []types.ImageRegistry) { // This just ensures that the registries that have username/passwords are processed first sort.SliceStable(integrations, func(i, j int) bool { From 6656825e082d328e2949147fe14684e1f9529942 Mon Sep 17 00:00:00 2001 From: RTann Date: Tue, 25 Jan 2022 16:13:25 -0800 Subject: [PATCH 020/103] update scanner version --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 1d9c87b070db9..aa8fe3922cb39 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.16 // CAVEAT: This introduces a circular dependency. If you change this line, you MUST change the "exclude" // directive at the bottom of the file as well. -require github.com/stackrox/scanner v0.0.0-20220114174010-bfa0b08101ec +require github.com/stackrox/scanner v0.0.0-20220125184214-761202d6ab74 require ( cloud.google.com/go v0.94.1 diff --git a/go.sum b/go.sum index 2e2ee7edeee12..675e70b1acd36 100644 --- a/go.sum +++ b/go.sum @@ -1939,8 +1939,8 @@ github.com/stackrox/k8s-istio-cve-pusher v0.0.0-20210422200002-d89f671ac4f5 h1:0 github.com/stackrox/k8s-istio-cve-pusher v0.0.0-20210422200002-d89f671ac4f5/go.mod h1:GEtZ9DYAzmOtyqQPCJCEIzXJ7NcrHbMy6ZPJbcyfmLM= github.com/stackrox/nvdtools v0.0.0-20210326191554-5daeb6395b56 h1:D2wYiy+hcKy8qZAg9SxSWfZgbvmEgD9AdV0g0lJqGZ0= github.com/stackrox/nvdtools v0.0.0-20210326191554-5daeb6395b56/go.mod h1:AIeN7k60Q/kcW9aeiMpA0PY8CU3zsrLV0UhIksolMn4= -github.com/stackrox/scanner v0.0.0-20220114174010-bfa0b08101ec h1:0cTIDwloboGC/edJaOOT7KZNlP60r1UlAbD8Lg1iXb4= -github.com/stackrox/scanner v0.0.0-20220114174010-bfa0b08101ec/go.mod h1:DxQRXuuHfgvLOCBkhwX67Q6qO/6MkKizEBXdnhKudkQ= +github.com/stackrox/scanner v0.0.0-20220125184214-761202d6ab74 h1:Ka3RjwpzRdzbjO7+MSBYU8fa8cE5TV0Bv4f5T+nDZpg= +github.com/stackrox/scanner v0.0.0-20220125184214-761202d6ab74/go.mod h1:DxQRXuuHfgvLOCBkhwX67Q6qO/6MkKizEBXdnhKudkQ= github.com/stackrox/tail v1.4.9-0.20210831224919-407035634f5d h1:jeM6QMtwE9BU0rfDYcmkI/aOChOUfIO18LDp/DSnZpI= github.com/stackrox/tail v1.4.9-0.20210831224919-407035634f5d/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/stackrox/yaml/v2 v2.4.1 h1:09ux+QFfvp+Lk73pwGlMTAHeZoS2pqs6CCngYaJ6EQo= From 346abf9393c456363309658cfbf176f7e2b67217 Mon Sep 17 00:00:00 2001 From: RTann Date: Tue, 25 Jan 2022 16:13:31 -0800 Subject: [PATCH 021/103] remove logs --- sensor/kubernetes/listener/resources/secrets.go | 4 ---- 1 file changed, 4 deletions(-) diff --git a/sensor/kubernetes/listener/resources/secrets.go b/sensor/kubernetes/listener/resources/secrets.go index bbd153f641c3f..0c1ac2465f675 100644 --- a/sensor/kubernetes/listener/resources/secrets.go +++ b/sensor/kubernetes/listener/resources/secrets.go @@ -195,10 +195,6 @@ func (s *secretDispatcher) processDockerConfigEvent(secret *v1.Secret, action ce err := s.regStore.upsertRegistry(secret.GetNamespace(), registry, dce) if err != nil { log.Errorf("Unable to upsert registry %q into store: %v", registry, err) - } else { - // TODO: delete me - log.Infof("Successfully added registry") - log.Infof("Registries: %v", s.regStore.store) } } } From 944fbd37595cb2ac61d97edfb116976f792c2172 Mon Sep 17 00:00:00 2001 From: RTann Date: Tue, 25 Jan 2022 16:15:49 -0800 Subject: [PATCH 022/103] update comment --- generated/api/v1/image_service.pb.go | 6 ++---- proto/api/v1/image_service.proto | 3 +-- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/generated/api/v1/image_service.pb.go b/generated/api/v1/image_service.pb.go index 592d67f80f62d..8a963d4a74bb6 100644 --- a/generated/api/v1/image_service.pb.go +++ b/generated/api/v1/image_service.pb.go @@ -1264,8 +1264,7 @@ type ImageServiceClient interface { ScanImage(ctx context.Context, in *ScanImageRequest, opts ...grpc.CallOption) (*storage.Image, error) // ScanImageInternal is used solely by the Sensor and Admission Controller to send scan requests ScanImageInternal(ctx context.Context, in *ScanImageInternalRequest, opts ...grpc.CallOption) (*ScanImageInternalResponse, error) - // GetImageVulnerabilities is used solely by the Sensor and Admission Controller to send - // vulnerability matching requests. + // GetImageVulnerabilities is used solely by the Sensor to send vulnerability matching requests. GetImageVulnerabilitiesInternal(ctx context.Context, in *GetImageVulnerabilitiesInternalRequest, opts ...grpc.CallOption) (*GetImageVulnerabilitiesInternalResponse, error) // InvalidateScanAndRegistryCaches removes the image metadata cache. InvalidateScanAndRegistryCaches(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) @@ -1401,8 +1400,7 @@ type ImageServiceServer interface { ScanImage(context.Context, *ScanImageRequest) (*storage.Image, error) // ScanImageInternal is used solely by the Sensor and Admission Controller to send scan requests ScanImageInternal(context.Context, *ScanImageInternalRequest) (*ScanImageInternalResponse, error) - // GetImageVulnerabilities is used solely by the Sensor and Admission Controller to send - // vulnerability matching requests. + // GetImageVulnerabilities is used solely by the Sensor to send vulnerability matching requests. GetImageVulnerabilitiesInternal(context.Context, *GetImageVulnerabilitiesInternalRequest) (*GetImageVulnerabilitiesInternalResponse, error) // InvalidateScanAndRegistryCaches removes the image metadata cache. InvalidateScanAndRegistryCaches(context.Context, *Empty) (*Empty, error) diff --git a/proto/api/v1/image_service.proto b/proto/api/v1/image_service.proto index bb89f6f52364a..65de55c92df9d 100644 --- a/proto/api/v1/image_service.proto +++ b/proto/api/v1/image_service.proto @@ -146,8 +146,7 @@ service ImageService { // ScanImageInternal is used solely by the Sensor and Admission Controller to send scan requests rpc ScanImageInternal (ScanImageInternalRequest) returns (ScanImageInternalResponse); - // GetImageVulnerabilities is used solely by the Sensor and Admission Controller to send - // vulnerability matching requests. + // GetImageVulnerabilities is used solely by the Sensor to send vulnerability matching requests. rpc GetImageVulnerabilitiesInternal (GetImageVulnerabilitiesInternalRequest) returns (GetImageVulnerabilitiesInternalResponse); // InvalidateScanAndRegistryCaches removes the image metadata cache. From bf3ec4bdf52e6d4849e6d67e8c0be421e3121bd6 Mon Sep 17 00:00:00 2001 From: RTann Date: Tue, 25 Jan 2022 17:57:42 -0800 Subject: [PATCH 023/103] updates --- sensor/common/scannerclient/grpc_client.go | 6 ++++++ sensor/common/scannerclient/util.go | 3 +++ 2 files changed, 9 insertions(+) diff --git a/sensor/common/scannerclient/grpc_client.go b/sensor/common/scannerclient/grpc_client.go index c17dfa137d766..add6dd023a312 100644 --- a/sensor/common/scannerclient/grpc_client.go +++ b/sensor/common/scannerclient/grpc_client.go @@ -17,6 +17,7 @@ import ( // Client is a Scanner gRPC client. type Client struct { client scannerV1.ImageScanServiceClient + conn *grpc.ClientConn } // NewGRPCClient creates a new Scanner client. @@ -50,6 +51,7 @@ func NewGRPCClient(endpoint string) (*Client, error) { return &Client{ client: scannerV1.NewImageScanServiceClient(conn), + conn: conn, }, nil } @@ -76,3 +78,7 @@ func (c *Client) GetImageAnalysis(ctx context.Context, image *storage.ContainerI return resp, nil } + +func (c *Client) Close() error { + return c.conn.Close() +} diff --git a/sensor/common/scannerclient/util.go b/sensor/common/scannerclient/util.go index 5f8765265c0d9..65df75bff7cf9 100644 --- a/sensor/common/scannerclient/util.go +++ b/sensor/common/scannerclient/util.go @@ -7,11 +7,13 @@ import ( v1 "github.com/stackrox/rox/generated/api/v1" "github.com/stackrox/rox/generated/storage" "github.com/stackrox/rox/pkg/env" + "github.com/stackrox/rox/pkg/utils" scannerV1 "github.com/stackrox/scanner/generated/scanner/api/v1" ) // ScanImage runs the pipeline required to scan an image with a local Scanner. func ScanImage(ctx context.Context, centralClient v1.ImageServiceClient, image *storage.ContainerImage) (*storage.Image, error) { + // TODO: It might be better to have a persistent connection. scannerClient, err := NewGRPCClient(env.ScannerEndpoint.Setting()) if err != nil { return nil, errors.Wrap(err, "creating Scanner client") @@ -20,6 +22,7 @@ func ScanImage(ctx context.Context, centralClient v1.ImageServiceClient, image * // There is no local Scanner. return nil, nil } + defer utils.IgnoreError(scannerClient.Close) scannerResp, err := scannerClient.GetImageAnalysis(ctx, image) if err != nil { From 0130294a563a75f2e83ff7eaa3c7d9f2595ddf31 Mon Sep 17 00:00:00 2001 From: RTann Date: Tue, 25 Jan 2022 18:06:16 -0800 Subject: [PATCH 024/103] revert comment change --- sensor/admission-control/manager/images.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sensor/admission-control/manager/images.go b/sensor/admission-control/manager/images.go index 15137d7dbf8e5..fa1aba49423cd 100644 --- a/sensor/admission-control/manager/images.go +++ b/sensor/admission-control/manager/images.go @@ -130,7 +130,7 @@ func (m *manager) getAvailableImagesAndKickOffScans(ctx context.Context, s *stat if cachedImage != nil { images[idx] = cachedImage } - // The cached image might be insufficient if it doesn't have a scan, and we want to do inline scans. + // The cached image might be insufficient if it doesn't have a scan and we want to do inline scans. if ctx != nil && (cachedImage == nil || (scanInline && cachedImage.GetScan() == nil)) { atomic.AddInt32(&pendingCount, 1) // Ensure the image has its Namespace field, as it may be needed when fetching. From b578ded304c7ab33308c99e875e0bcdb6094ec66 Mon Sep 17 00:00:00 2001 From: RTann Date: Tue, 25 Jan 2022 18:28:33 -0800 Subject: [PATCH 025/103] updates --- sensor/common/detector/enricher.go | 1 - sensor/common/scannerclient/grpc_client.go | 15 ++++++------ .../common/scannerclient/{util.go => scan.go} | 17 ++++++-------- sensor/common/scannerclient/singleton.go | 23 +++++++++++++++++++ 4 files changed, 37 insertions(+), 19 deletions(-) rename sensor/common/scannerclient/{util.go => scan.go} (75%) create mode 100644 sensor/common/scannerclient/singleton.go diff --git a/sensor/common/detector/enricher.go b/sensor/common/detector/enricher.go index 14a7ea50fe86c..c662a650a7a32 100644 --- a/sensor/common/detector/enricher.go +++ b/sensor/common/detector/enricher.go @@ -61,7 +61,6 @@ func scanImage(ctx context.Context, svc v1.ImageServiceClient, ci *storage.Conta // Check the metadata here: if Central cannot retrieve the metadata, perhaps the // image is stored in an internal registry which Sensor can reach. if err == nil && scannedImage.GetImage().GetMetadata() == nil { - // TODO: Add rate limiting? scannedImage.Image, err = scannerclient.ScanImage(ctx, svc, ci) } diff --git a/sensor/common/scannerclient/grpc_client.go b/sensor/common/scannerclient/grpc_client.go index add6dd023a312..c3cc92206b09c 100644 --- a/sensor/common/scannerclient/grpc_client.go +++ b/sensor/common/scannerclient/grpc_client.go @@ -14,14 +14,14 @@ import ( "google.golang.org/grpc/credentials" ) -// Client is a Scanner gRPC client. -type Client struct { +// client is a Scanner gRPC client. +type client struct { client scannerV1.ImageScanServiceClient conn *grpc.ClientConn } -// NewGRPCClient creates a new Scanner client. -func NewGRPCClient(endpoint string) (*Client, error) { +// newGRPCClient creates a new Scanner client. +func newGRPCClient(endpoint string) (*client, error) { if endpoint == "" { // No Scanner connection desired. return nil, nil @@ -36,7 +36,6 @@ func NewGRPCClient(endpoint string) (*Client, error) { endpoint = fmt.Sprintf("https://%s", endpoint) } - // TODO: is this right? tlsConfig, err := clientconn.TLSConfig(mtls.ScannerSubject, clientconn.TLSConfigOptions{ UseClientCert: clientconn.MustUseClientCert, }) @@ -49,7 +48,7 @@ func NewGRPCClient(endpoint string) (*Client, error) { return nil, errors.Wrap(err, "failed to connect to Scanner") } - return &Client{ + return &client{ client: scannerV1.NewImageScanServiceClient(conn), conn: conn, }, nil @@ -60,7 +59,7 @@ func NewGRPCClient(endpoint string) (*Client, error) { // 1. Retrieve image metadata. // 2. Request image analysis from Scanner, directly. // 3. Return image analysis results. -func (c *Client) GetImageAnalysis(ctx context.Context, image *storage.ContainerImage) (*scannerV1.GetImageComponentsResponse, error) { +func (c *client) GetImageAnalysis(ctx context.Context, image *storage.ContainerImage) (*scannerV1.GetImageComponentsResponse, error) { // TODO: get image metadata resp, err := c.client.GetImageComponents(ctx, &scannerV1.GetImageComponentsRequest{ @@ -79,6 +78,6 @@ func (c *Client) GetImageAnalysis(ctx context.Context, image *storage.ContainerI return resp, nil } -func (c *Client) Close() error { +func (c *client) Close() error { return c.conn.Close() } diff --git a/sensor/common/scannerclient/util.go b/sensor/common/scannerclient/scan.go similarity index 75% rename from sensor/common/scannerclient/util.go rename to sensor/common/scannerclient/scan.go index 65df75bff7cf9..e5a335a5b5166 100644 --- a/sensor/common/scannerclient/util.go +++ b/sensor/common/scannerclient/scan.go @@ -6,23 +6,20 @@ import ( "github.com/pkg/errors" v1 "github.com/stackrox/rox/generated/api/v1" "github.com/stackrox/rox/generated/storage" - "github.com/stackrox/rox/pkg/env" - "github.com/stackrox/rox/pkg/utils" scannerV1 "github.com/stackrox/scanner/generated/scanner/api/v1" ) +var ( + ErrNoLocalScanner = errors.New("No local Scanner integrated") +) + // ScanImage runs the pipeline required to scan an image with a local Scanner. +// TODO: add rate-limiting? func ScanImage(ctx context.Context, centralClient v1.ImageServiceClient, image *storage.ContainerImage) (*storage.Image, error) { - // TODO: It might be better to have a persistent connection. - scannerClient, err := NewGRPCClient(env.ScannerEndpoint.Setting()) - if err != nil { - return nil, errors.Wrap(err, "creating Scanner client") - } + scannerClient := GRPCClientSingleton() if scannerClient == nil { - // There is no local Scanner. - return nil, nil + return nil, ErrNoLocalScanner } - defer utils.IgnoreError(scannerClient.Close) scannerResp, err := scannerClient.GetImageAnalysis(ctx, image) if err != nil { diff --git a/sensor/common/scannerclient/singleton.go b/sensor/common/scannerclient/singleton.go new file mode 100644 index 0000000000000..d153b005f682b --- /dev/null +++ b/sensor/common/scannerclient/singleton.go @@ -0,0 +1,23 @@ +package scannerclient + +import ( + "github.com/stackrox/rox/pkg/env" + "github.com/stackrox/rox/pkg/sync" + "github.com/stackrox/rox/pkg/utils" +) + +var ( + once sync.Once + scannerClient *client +) + +// GRPCClientSingleton returns a gRPC client to a local Scanner. +// Only one client per Sensor is required. +func GRPCClientSingleton() *client { + once.Do(func() { + var err error + scannerClient, err = newGRPCClient(env.ScannerEndpoint.Setting()) + _ = utils.Should(err) + }) + return scannerClient +} From 9733eeb59df55e278720bc5a90b36d24daaab57a Mon Sep 17 00:00:00 2001 From: RTann Date: Wed, 26 Jan 2022 09:09:31 -0800 Subject: [PATCH 026/103] updates --- .../registry}/registry_store.go | 20 +++++++++---------- sensor/common/registry/singleton.go | 16 +++++++++++++++ .../listener/resources/dispatcher.go | 3 ++- .../kubernetes/listener/resources/secrets.go | 7 ++++--- .../listener/resources/singleton.go | 11 ---------- 5 files changed, 32 insertions(+), 25 deletions(-) rename sensor/{kubernetes/listener/resources => common/registry}/registry_store.go (76%) create mode 100644 sensor/common/registry/singleton.go diff --git a/sensor/kubernetes/listener/resources/registry_store.go b/sensor/common/registry/registry_store.go similarity index 76% rename from sensor/kubernetes/listener/resources/registry_store.go rename to sensor/common/registry/registry_store.go index 7f1d5ddabc779..6a3442c43de98 100644 --- a/sensor/kubernetes/listener/resources/registry_store.go +++ b/sensor/common/registry/registry_store.go @@ -1,4 +1,4 @@ -package resources +package registry import ( "github.com/pkg/errors" @@ -10,9 +10,9 @@ import ( "github.com/stackrox/rox/pkg/tlscheck" ) -// RegistryStore stores cluster-internal registries by namespace. +// Store stores cluster-internal registries by namespace. // It is assumed all the registries are Docker registries. -type RegistryStore struct { +type Store struct { factory registries.Factory // store maps a namespace to the names of registries accessible from within the namespace. // The registry maps to its credentials. @@ -22,14 +22,14 @@ type RegistryStore struct { } // newRegistryStore creates a new registryStore. -func newRegistryStore() *RegistryStore { - return &RegistryStore{ +func newRegistryStore() *Store { + return &Store{ factory: registries.NewFactory(registries.WithRegistryCreators(dockerFactory.Creator)), store: make(map[string]registries.Set), } } -func (rs *RegistryStore) getRegistries(namespace string) registries.Set { +func (rs *Store) getRegistries(namespace string) registries.Set { rs.mutex.Lock() defer rs.mutex.Unlock() @@ -42,8 +42,8 @@ func (rs *RegistryStore) getRegistries(namespace string) registries.Set { return regs } -// upsertRegistry upserts the given registry with the given credentials in the given namespace into the store. -func (rs *RegistryStore) upsertRegistry(namespace, registry string, dce types.DockerConfigEntry) error { +// UpsertRegistry upserts the given registry with the given credentials in the given namespace into the store. +func (rs *Store) UpsertRegistry(namespace, registry string, dce types.DockerConfigEntry) error { regs := rs.getRegistries(namespace) secure, err := tlscheck.CheckTLS(registry) @@ -71,8 +71,8 @@ func (rs *RegistryStore) upsertRegistry(namespace, registry string, dce types.Do return nil } -// getAllInNamespace returns all the registries within a given namespace. -func (rs *RegistryStore) getAllInNamespace(namespace string) registries.Set { +// GetAllInNamespace returns all the registries within a given namespace. +func (rs *Store) GetAllInNamespace(namespace string) registries.Set { rs.mutex.RLock() defer rs.mutex.RUnlock() diff --git a/sensor/common/registry/singleton.go b/sensor/common/registry/singleton.go new file mode 100644 index 0000000000000..402eb291f447c --- /dev/null +++ b/sensor/common/registry/singleton.go @@ -0,0 +1,16 @@ +package registry + +import "github.com/stackrox/rox/pkg/sync" + +var ( + once sync.Once + rStore *Store +) + +// Singleton returns a singleton of the registry storage. +func Singleton() *Store { + once.Do(func() { + rStore = newRegistryStore() + }) + return rStore +} diff --git a/sensor/kubernetes/listener/resources/dispatcher.go b/sensor/kubernetes/listener/resources/dispatcher.go index 85544a9e5f606..717c7d114a460 100644 --- a/sensor/kubernetes/listener/resources/dispatcher.go +++ b/sensor/kubernetes/listener/resources/dispatcher.go @@ -12,6 +12,7 @@ import ( "github.com/stackrox/rox/sensor/common/config" "github.com/stackrox/rox/sensor/common/detector" "github.com/stackrox/rox/sensor/common/metrics" + "github.com/stackrox/rox/sensor/common/registry" complianceOperatorDispatchers "github.com/stackrox/rox/sensor/kubernetes/listener/resources/complianceoperator/dispatchers" "github.com/stackrox/rox/sensor/kubernetes/listener/resources/rbac" "github.com/stackrox/rox/sensor/kubernetes/orchestratornamespaces" @@ -61,7 +62,7 @@ func NewDispatcherRegistry(clusterID string, podLister v1Listers.PodLister, prof endpointManager := newEndpointManager(serviceStore, deploymentStore, podStore, nodeStore, entityStore) rbacUpdater := rbac.NewStore() portExposureReconciler := newPortExposureReconciler(deploymentStore, serviceStore) - registryStore := RegistryStoreSingleton() + registryStore := registry.Singleton() return ®istryImpl{ deploymentHandler: newDeploymentHandler(clusterID, serviceStore, deploymentStore, podStore, endpointManager, nsStore, diff --git a/sensor/kubernetes/listener/resources/secrets.go b/sensor/kubernetes/listener/resources/secrets.go index 0c1ac2465f675..4b61626c13408 100644 --- a/sensor/kubernetes/listener/resources/secrets.go +++ b/sensor/kubernetes/listener/resources/secrets.go @@ -19,6 +19,7 @@ import ( "github.com/stackrox/rox/pkg/urlfmt" "github.com/stackrox/rox/pkg/utils" "github.com/stackrox/rox/pkg/uuid" + "github.com/stackrox/rox/sensor/common/registry" v1 "k8s.io/api/core/v1" ) @@ -122,11 +123,11 @@ func populateTypeData(secret *storage.Secret, dataFiles map[string][]byte) { // secretDispatcher handles secret resource events. type secretDispatcher struct { - regStore *RegistryStore + regStore *registry.Store } // newSecretDispatcher creates and returns a new secret handler. -func newSecretDispatcher(regStore *RegistryStore) *secretDispatcher { +func newSecretDispatcher(regStore *registry.Store) *secretDispatcher { return &secretDispatcher{ regStore: regStore, } @@ -192,7 +193,7 @@ func (s *secretDispatcher) processDockerConfigEvent(secret *v1.Secret, action ce if features.LocalImageScanning.Enabled() { if fromDefaultSA { // Store the registry credentials so Sensor can reach it. - err := s.regStore.upsertRegistry(secret.GetNamespace(), registry, dce) + err := s.regStore.UpsertRegistry(secret.GetNamespace(), registry, dce) if err != nil { log.Errorf("Unable to upsert registry %q into store: %v", registry, err) } diff --git a/sensor/kubernetes/listener/resources/singleton.go b/sensor/kubernetes/listener/resources/singleton.go index 484069cb0e42c..f04348a28e0f9 100644 --- a/sensor/kubernetes/listener/resources/singleton.go +++ b/sensor/kubernetes/listener/resources/singleton.go @@ -8,9 +8,6 @@ var ( psInit sync.Once podStore *PodStore - - rsInit sync.Once - regStore *RegistryStore ) // DeploymentStoreSingleton returns a singleton of the DeploymentStore @@ -28,11 +25,3 @@ func PodStoreSingleton() *PodStore { }) return podStore } - -// RegistryStoreSingleton returns a singleton of the RegistryStore. -func RegistryStoreSingleton() *RegistryStore { - rsInit.Do(func() { - regStore = newRegistryStore() - }) - return regStore -} From 73b254ebc14ec56de8e4c374246bffc6d6b0e054 Mon Sep 17 00:00:00 2001 From: RTann Date: Wed, 26 Jan 2022 09:42:00 -0800 Subject: [PATCH 027/103] updates --- sensor/common/scannerclient/grpc_client.go | 29 +++++++++++++++++++--- 1 file changed, 25 insertions(+), 4 deletions(-) diff --git a/sensor/common/scannerclient/grpc_client.go b/sensor/common/scannerclient/grpc_client.go index c3cc92206b09c..cb25e731b680b 100644 --- a/sensor/common/scannerclient/grpc_client.go +++ b/sensor/common/scannerclient/grpc_client.go @@ -9,6 +9,8 @@ import ( "github.com/stackrox/rox/generated/storage" "github.com/stackrox/rox/pkg/clientconn" "github.com/stackrox/rox/pkg/mtls" + "github.com/stackrox/rox/pkg/registries/types" + "github.com/stackrox/rox/sensor/common/registry" scannerV1 "github.com/stackrox/scanner/generated/scanner/api/v1" "google.golang.org/grpc" "google.golang.org/grpc/credentials" @@ -60,15 +62,22 @@ func newGRPCClient(endpoint string) (*client, error) { // 2. Request image analysis from Scanner, directly. // 3. Return image analysis results. func (c *client) GetImageAnalysis(ctx context.Context, image *storage.ContainerImage) (*scannerV1.GetImageComponentsResponse, error) { + reg, err := getRegistry(image) + if err != nil { + return nil, err + } + // TODO: get image metadata + + cfg := reg.Config() resp, err := c.client.GetImageComponents(ctx, &scannerV1.GetImageComponentsRequest{ Image: image.GetId(), - // TODO Registry: &scannerV1.RegistryData{ - Url: image.GetName().GetRegistry(), - Username: "", - Password: "", + Url: cfg.URL, + Username: cfg.Username, + Password: cfg.Password, + Insecure: cfg.Insecure, }, }) if err != nil { @@ -78,6 +87,18 @@ func (c *client) GetImageAnalysis(ctx context.Context, image *storage.ContainerI return resp, nil } +func getRegistry(img *storage.ContainerImage) (types.Registry, error) { + reg := img.GetName().GetRegistry() + regs := registry.Singleton().GetAllInNamespace(img.GetNamespace()) + for _, r := range regs.GetAll() { + if r.Name() == reg { + return r, nil + } + } + + return nil, errors.Errorf("Unknown image registry: %q", reg) +} + func (c *client) Close() error { return c.conn.Close() } From f345db07c78b0ae7ddd1fc900aae514b44c3027a Mon Sep 17 00:00:00 2001 From: RTann Date: Tue, 1 Feb 2022 10:14:37 -0800 Subject: [PATCH 028/103] scanner proto location update --- go.mod | 2 +- go.sum | 4 ++-- pkg/scanners/clairify/clairify.go | 2 +- pkg/scanners/clairify/convert.go | 2 +- pkg/scanners/clairify/convert_test.go | 2 +- pkg/scanners/clairify/mock/mock.go | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/go.mod b/go.mod index 352e10bb336d5..15b430d36d8b0 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.16 // CAVEAT: This introduces a circular dependency. If you change this line, you MUST change the "exclude" // directive at the bottom of the file as well. -require github.com/stackrox/scanner v0.0.0-20211030133935-e0a9b47f81de +require github.com/stackrox/scanner v0.0.0-20220201004112-4a96e25547db require ( cloud.google.com/go v0.94.1 diff --git a/go.sum b/go.sum index b403488d87040..57f69e8b2318b 100644 --- a/go.sum +++ b/go.sum @@ -1940,8 +1940,8 @@ github.com/stackrox/k8s-istio-cve-pusher v0.0.0-20210422200002-d89f671ac4f5 h1:0 github.com/stackrox/k8s-istio-cve-pusher v0.0.0-20210422200002-d89f671ac4f5/go.mod h1:GEtZ9DYAzmOtyqQPCJCEIzXJ7NcrHbMy6ZPJbcyfmLM= github.com/stackrox/nvdtools v0.0.0-20210326191554-5daeb6395b56 h1:D2wYiy+hcKy8qZAg9SxSWfZgbvmEgD9AdV0g0lJqGZ0= github.com/stackrox/nvdtools v0.0.0-20210326191554-5daeb6395b56/go.mod h1:AIeN7k60Q/kcW9aeiMpA0PY8CU3zsrLV0UhIksolMn4= -github.com/stackrox/scanner v0.0.0-20211030133935-e0a9b47f81de h1:ipW4oTA2JaWmqFxFiwbf9eBD6+PDXuj6JcRlY7r9Pxo= -github.com/stackrox/scanner v0.0.0-20211030133935-e0a9b47f81de/go.mod h1:DxQRXuuHfgvLOCBkhwX67Q6qO/6MkKizEBXdnhKudkQ= +github.com/stackrox/scanner v0.0.0-20220201004112-4a96e25547db h1:8hCvAjASwa79mdJXAVzv5RJnErLhUNE1XO2oZY0L/rQ= +github.com/stackrox/scanner v0.0.0-20220201004112-4a96e25547db/go.mod h1:DxQRXuuHfgvLOCBkhwX67Q6qO/6MkKizEBXdnhKudkQ= github.com/stackrox/tail v1.4.9-0.20210831224919-407035634f5d h1:jeM6QMtwE9BU0rfDYcmkI/aOChOUfIO18LDp/DSnZpI= github.com/stackrox/tail v1.4.9-0.20210831224919-407035634f5d/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/stackrox/yaml/v2 v2.4.1 h1:09ux+QFfvp+Lk73pwGlMTAHeZoS2pqs6CCngYaJ6EQo= diff --git a/pkg/scanners/clairify/clairify.go b/pkg/scanners/clairify/clairify.go index 7d1c32a57d8f2..23757258e84a5 100644 --- a/pkg/scanners/clairify/clairify.go +++ b/pkg/scanners/clairify/clairify.go @@ -26,7 +26,7 @@ import ( "github.com/stackrox/rox/pkg/stringutils" "github.com/stackrox/rox/pkg/urlfmt" clairV1 "github.com/stackrox/scanner/api/v1" - clairGRPCV1 "github.com/stackrox/scanner/generated/shared/api/v1" + clairGRPCV1 "github.com/stackrox/scanner/generated/scanner/api/v1" "github.com/stackrox/scanner/pkg/clairify/client" "github.com/stackrox/scanner/pkg/clairify/types" "google.golang.org/grpc" diff --git a/pkg/scanners/clairify/convert.go b/pkg/scanners/clairify/convert.go index 8cc16d46494e8..7370f978b46cb 100644 --- a/pkg/scanners/clairify/convert.go +++ b/pkg/scanners/clairify/convert.go @@ -8,7 +8,7 @@ import ( "github.com/stackrox/rox/pkg/cvss/cvssv3" "github.com/stackrox/rox/pkg/scans" "github.com/stackrox/rox/pkg/stringutils" - v1 "github.com/stackrox/scanner/generated/shared/api/v1" + v1 "github.com/stackrox/scanner/generated/scanner/api/v1" ) func convertNodeToVulnRequest(node *storage.Node) *v1.GetNodeVulnerabilitiesRequest { diff --git a/pkg/scanners/clairify/convert_test.go b/pkg/scanners/clairify/convert_test.go index a43a8546f2242..3d5d1cd1414d2 100644 --- a/pkg/scanners/clairify/convert_test.go +++ b/pkg/scanners/clairify/convert_test.go @@ -5,7 +5,7 @@ import ( "github.com/stackrox/rox/generated/storage" "github.com/stackrox/rox/pkg/scanners/clairify/mock" - v1 "github.com/stackrox/scanner/generated/shared/api/v1" + v1 "github.com/stackrox/scanner/generated/scanner/api/v1" "github.com/stretchr/testify/assert" ) diff --git a/pkg/scanners/clairify/mock/mock.go b/pkg/scanners/clairify/mock/mock.go index bcc456a39469e..313895092809e 100644 --- a/pkg/scanners/clairify/mock/mock.go +++ b/pkg/scanners/clairify/mock/mock.go @@ -2,7 +2,7 @@ package mock import ( "github.com/stackrox/rox/generated/storage" - scannerV1 "github.com/stackrox/scanner/generated/shared/api/v1" + scannerV1 "github.com/stackrox/scanner/generated/scanner/api/v1" ) // GetTestScannerVulns returns test clair vulns and also the expected converted proto vulns From 17f38f52d13a37642b2988ad22bfb0e1789640b5 Mon Sep 17 00:00:00 2001 From: RTann Date: Tue, 1 Feb 2022 11:23:47 -0800 Subject: [PATCH 029/103] update --- pkg/clair/convert.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/clair/convert.go b/pkg/clair/convert.go index 667c16d8f218e..e1b1a8e146e72 100644 --- a/pkg/clair/convert.go +++ b/pkg/clair/convert.go @@ -153,9 +153,9 @@ func convertFeature(feature clairV1.Feature) *storage.EmbeddedImageScanComponent } } - executables := make([]*storage.EmbeddedImageScanComponent_Executable, 0, len(feature.ProvidedExecutables)) - for _, path := range feature.ProvidedExecutables { - exec := &storage.EmbeddedImageScanComponent_Executable{Path: path} + executables := make([]*storage.EmbeddedImageScanComponent_Executable, 0, len(feature.Executables)) + for _, executable := range feature.Executables { + exec := &storage.EmbeddedImageScanComponent_Executable{Path: executable.Path} executables = append(executables, exec) } component.Executables = executables From c0d2a0695d11ec67cec083655b608f4dc08197de Mon Sep 17 00:00:00 2001 From: RTann Date: Tue, 1 Feb 2022 12:39:19 -0800 Subject: [PATCH 030/103] conflict --- generated/api/v1/image_service.swagger.json | 17 - generated/storage/deployment.pb.go | 630 +++++++------------- 2 files changed, 211 insertions(+), 436 deletions(-) diff --git a/generated/api/v1/image_service.swagger.json b/generated/api/v1/image_service.swagger.json index d321b378f3ddd..246fa808b08f6 100644 --- a/generated/api/v1/image_service.swagger.json +++ b/generated/api/v1/image_service.swagger.json @@ -408,17 +408,6 @@ ], "default": "UI_NONE" }, -<<<<<<< HEAD -======= - "EmbeddedImageScanComponentExecutable": { - "type": "object", - "properties": { - "path": { - "type": "string" - } - } - }, ->>>>>>> ROX-8401-registry-store "EmbeddedVulnerabilityVulnerabilityType": { "type": "string", "enum": [ @@ -932,12 +921,6 @@ "properties": { "path": { "type": "string" - }, - "dependencies": { - "type": "array", - "items": { - "type": "string" - } } } }, diff --git a/generated/storage/deployment.pb.go b/generated/storage/deployment.pb.go index 49a51c8a71f34..e25a954c2e0ce 100644 --- a/generated/storage/deployment.pb.go +++ b/generated/storage/deployment.pb.go @@ -2395,425 +2395,217 @@ func init() { func init() { proto.RegisterFile("storage/deployment.proto", fileDescriptor_c3884ae4621696a3) } var fileDescriptor_c3884ae4621696a3 = []byte{ -<<<<<<< HEAD - // 3257 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x59, 0xcb, 0x73, 0xdb, 0x56, - 0x77, 0x37, 0x45, 0x4a, 0x22, 0x0f, 0x29, 0x3e, 0xae, 0xfc, 0x80, 0xe9, 0x07, 0x60, 0x24, 0x4e, - 0x14, 0xc7, 0x91, 0x1d, 0xd9, 0xd3, 0xa4, 0x1a, 0x3b, 0x19, 0x89, 0xa2, 0x12, 0xda, 0x12, 0xc5, - 0x40, 0x54, 0xd2, 0xa6, 0x0b, 0x0c, 0x04, 0x5c, 0x53, 0xa8, 0x41, 0x5c, 0x14, 0x00, 0x55, 0x6b, - 0xd9, 0x65, 0x17, 0xdd, 0x74, 0xd1, 0xc9, 0xb6, 0xab, 0xfe, 0x03, 0x9d, 0xfe, 0x0d, 0x9d, 0xe9, - 0x4c, 0x27, 0x33, 0xed, 0x9a, 0xed, 0xa4, 0xcb, 0x7e, 0x9b, 0x8f, 0x7f, 0xc1, 0x37, 0xf7, 0x85, - 0x07, 0x29, 0x7d, 0x71, 0xbe, 0x15, 0x89, 0x73, 0x7e, 0xe7, 0x87, 0x73, 0xef, 0x3d, 0xf7, 0xdc, - 0x73, 0x2e, 0x40, 0x89, 0x62, 0x12, 0x5a, 0x23, 0xfc, 0xc4, 0xc1, 0x81, 0x47, 0x2e, 0xc6, 0xd8, - 0x8f, 0x37, 0x83, 0x90, 0xc4, 0x04, 0xad, 0x0a, 0x4d, 0x5b, 0x1d, 0x11, 0x32, 0xf2, 0xf0, 0x13, - 0x26, 0x3e, 0x9d, 0xbc, 0x79, 0x12, 0xbb, 0x63, 0x1c, 0xc5, 0xd6, 0x38, 0xe0, 0xc8, 0xb6, 0x2a, - 0x39, 0x6c, 0xe2, 0xc7, 0x96, 0xeb, 0xe3, 0xd0, 0x0c, 0x27, 0x3e, 0x45, 0x09, 0xc0, 0x75, 0x09, - 0xf0, 0xac, 0x53, 0xec, 0x45, 0x42, 0xba, 0x2e, 0xa5, 0xee, 0xd8, 0x1a, 0x2d, 0x40, 0x29, 0x51, - 0x2c, 0xa1, 0x48, 0x4a, 0xc3, 0x53, 0xcb, 0x96, 0xc8, 0x11, 0x19, 0x11, 0xf6, 0xf7, 0x09, 0xfd, - 0xc7, 0xa5, 0xfa, 0x7f, 0x22, 0x80, 0xbd, 0x64, 0x28, 0xe8, 0x0b, 0x58, 0x72, 0x1d, 0xa5, 0xa0, - 0x15, 0x36, 0x2a, 0xbb, 0x1f, 0xcf, 0xa6, 0xea, 0x07, 0x11, 0xb6, 0x42, 0xfb, 0x6c, 0x5b, 0x4f, - 0x31, 0x5a, 0x6f, 0xef, 0x31, 0xa5, 0xc7, 0x8f, 0xcf, 0x5c, 0xc7, 0xc1, 0xbe, 0x6e, 0x2c, 0xb9, - 0x0e, 0xfa, 0x1c, 0x4a, 0xbe, 0x35, 0xc6, 0xca, 0x12, 0x33, 0xbd, 0x37, 0x9b, 0xaa, 0xb7, 0x17, - 0x4d, 0xb9, 0x9d, 0x6e, 0x30, 0x28, 0x7a, 0x08, 0xa5, 0x33, 0x2b, 0x3a, 0x53, 0xda, 0x5a, 0x61, - 0xa3, 0xb4, 0xdb, 0x9a, 0x4d, 0xd5, 0x35, 0xfa, 0xbc, 0xad, 0xbb, 0x23, 0x9f, 0xc3, 0xe8, 0x23, - 0x7a, 0x0a, 0xa5, 0xf8, 0x22, 0xc0, 0x4a, 0x89, 0x31, 0xdf, 0x9d, 0x4d, 0x55, 0xe5, 0x12, 0xa7, - 0x86, 0x17, 0x01, 0xb5, 0xa0, 0x48, 0xb4, 0x0d, 0x15, 0xfa, 0x82, 0x28, 0xb0, 0x6c, 0xac, 0x2c, - 0x2f, 0x9a, 0xf5, 0xa5, 0x52, 0xfa, 0x93, 0xc2, 0xd1, 0x0b, 0xa8, 0x25, 0x0f, 0xa6, 0xeb, 0x28, - 0xb7, 0x98, 0xf9, 0xed, 0xd9, 0x54, 0xbd, 0xb1, 0x60, 0xae, 0xf5, 0xf6, 0x74, 0xa3, 0x9a, 0xc0, - 0x7b, 0x0e, 0xfa, 0x11, 0x6e, 0x92, 0xd0, 0x3e, 0xc3, 0x51, 0x1c, 0x5a, 0x31, 0x09, 0x4d, 0x9b, - 0x8c, 0x03, 0xe2, 0x63, 0x3f, 0x56, 0x1e, 0x68, 0x85, 0x8d, 0xf2, 0xee, 0x07, 0xb3, 0xa9, 0xaa, - 0x4a, 0x9e, 0xa3, 0x0c, 0x52, 0xeb, 0x48, 0xa4, 0x6e, 0xdc, 0xc8, 0x52, 0x24, 0x72, 0xd4, 0x86, - 0x72, 0x88, 0x03, 0xcf, 0xb5, 0xad, 0x48, 0x59, 0xd1, 0x0a, 0x1b, 0x45, 0x23, 0x79, 0x46, 0xdf, - 0xc1, 0x0a, 0x0f, 0x15, 0x65, 0x55, 0x2b, 0x6e, 0x54, 0xb7, 0xd4, 0x4d, 0x11, 0x00, 0x9b, 0xe9, - 0x14, 0x6d, 0x1e, 0x30, 0x44, 0xd7, 0x8f, 0xc3, 0x8b, 0x5d, 0x65, 0x36, 0x55, 0xaf, 0x4b, 0x47, - 0x98, 0x42, 0xce, 0x85, 0x20, 0x42, 0x26, 0x40, 0x40, 0x1c, 0x53, 0xd0, 0xae, 0x33, 0x5a, 0xfd, - 0x32, 0xda, 0x01, 0x71, 0xb2, 0xcc, 0xb9, 0x99, 0x1e, 0x10, 0x47, 0xcb, 0xb1, 0x57, 0x02, 0x89, - 0x46, 0x2f, 0xa1, 0xce, 0xc8, 0xcd, 0x08, 0x7b, 0xd8, 0x8e, 0x49, 0xa8, 0x5c, 0xd7, 0x0a, 0x1b, - 0xd5, 0xad, 0x9b, 0xc9, 0x4b, 0x18, 0xf0, 0x58, 0x68, 0x8d, 0x35, 0x2f, 0xfb, 0x88, 0x30, 0xac, - 0xda, 0x21, 0xb6, 0x62, 0xec, 0x28, 0x65, 0x66, 0xd7, 0xde, 0xe4, 0xfb, 0x6e, 0x53, 0xee, 0xbb, - 0xcd, 0xa1, 0xdc, 0x77, 0xbb, 0x4f, 0x66, 0x53, 0xf5, 0x53, 0xe9, 0x54, 0x87, 0x9b, 0xe5, 0x83, - 0x58, 0xcb, 0x87, 0x9e, 0xe4, 0x46, 0x1d, 0x00, 0xdb, 0x9b, 0x44, 0x31, 0x0e, 0x69, 0x34, 0x54, - 0x58, 0x34, 0x7c, 0x38, 0x9b, 0xaa, 0x5a, 0xc2, 0xc6, 0xb5, 0x8b, 0xbb, 0xa2, 0x22, 0xec, 0x7a, - 0x0e, 0x7a, 0x09, 0x35, 0x49, 0xc2, 0x36, 0x09, 0x30, 0x9a, 0xf6, 0x6c, 0xaa, 0xde, 0x9c, 0xa3, - 0x91, 0xf3, 0x54, 0x15, 0x78, 0x1a, 0x6b, 0x68, 0x0b, 0x20, 0xc9, 0x14, 0x91, 0x52, 0x65, 0x4b, - 0x81, 0x92, 0x59, 0xea, 0x48, 0x95, 0x91, 0x41, 0x21, 0x13, 0xaa, 0x96, 0xef, 0x93, 0xd8, 0x8a, - 0x5d, 0xe2, 0x47, 0x4a, 0x9d, 0x19, 0x7d, 0x78, 0xd9, 0xfa, 0xed, 0xa4, 0x30, 0xbe, 0x82, 0xb7, - 0x66, 0x53, 0x75, 0x5d, 0xfa, 0x95, 0x6a, 0x75, 0x23, 0xcb, 0x88, 0xf6, 0xa1, 0x1c, 0x84, 0x2e, - 0x09, 0xdd, 0xf8, 0x42, 0x69, 0xd0, 0x70, 0xdc, 0x7d, 0x34, 0x9b, 0xaa, 0x1f, 0x25, 0x2b, 0x2f, - 0x74, 0x57, 0xcc, 0x6f, 0x62, 0x4b, 0xc3, 0xda, 0xf5, 0x2d, 0x3b, 0x76, 0xcf, 0xb1, 0xd2, 0xa4, - 0x9b, 0xc4, 0x48, 0x9e, 0xd1, 0x01, 0x20, 0x96, 0xeb, 0xcc, 0x60, 0xe2, 0xd1, 0x38, 0xb1, 0x43, - 0x1c, 0x47, 0x4a, 0x4b, 0x2b, 0x6e, 0x54, 0x76, 0xef, 0xcf, 0xa6, 0x6a, 0x5b, 0xbe, 0xad, 0x47, - 0x51, 0xda, 0x60, 0xe2, 0x79, 0xda, 0x31, 0x43, 0xe9, 0x46, 0x93, 0x59, 0x52, 0x11, 0x97, 0x44, - 0xa8, 0x0b, 0x8d, 0x08, 0x87, 0xe7, 0xae, 0x8d, 0x4d, 0xcb, 0xb6, 0xc9, 0xc4, 0x8f, 0x15, 0xb4, - 0x98, 0x1c, 0x8e, 0x39, 0x44, 0xdb, 0xe1, 0x10, 0xdd, 0xa8, 0x0b, 0x23, 0x21, 0x40, 0xff, 0x54, - 0x00, 0x6d, 0x8e, 0xc7, 0x0c, 0x70, 0x38, 0x76, 0xa3, 0xc8, 0x25, 0xbe, 0xe9, 0xe1, 0x73, 0xec, - 0x29, 0x77, 0xb5, 0xc2, 0x46, 0x7d, 0x4b, 0x49, 0xe6, 0x7b, 0x90, 0x00, 0x0e, 0xa8, 0x7e, 0xf7, - 0xd9, 0x6c, 0xaa, 0x3e, 0xb9, 0xe2, 0x95, 0x5a, 0x0a, 0xd6, 0x18, 0x5a, 0x06, 0xc5, 0xbd, 0xbc, - 0x27, 0x73, 0x9c, 0x28, 0x02, 0xd5, 0x9a, 0xc4, 0x64, 0xcc, 0x3c, 0x9a, 0xf7, 0x30, 0x26, 0x6f, - 0xb1, 0xaf, 0xdc, 0x66, 0x59, 0xe8, 0xf1, 0x6c, 0xaa, 0x6e, 0x04, 0xc4, 0x73, 0xed, 0x8b, 0x6d, - 0x7d, 0x47, 0x9a, 0x68, 0xf3, 0x6e, 0x0c, 0xa9, 0x89, 0x6e, 0xdc, 0x4d, 0x48, 0x8f, 0x73, 0xaf, - 0x67, 0x6a, 0x9a, 0x2f, 0xcf, 0x48, 0x14, 0x9b, 0x3e, 0x8e, 0xff, 0x96, 0x84, 0x6f, 0x95, 0x1b, - 0xec, 0x0d, 0x2c, 0x5f, 0xca, 0x37, 0x7c, 0x4b, 0xa2, 0x58, 0xeb, 0x73, 0xbd, 0x6e, 0x54, 0x29, - 0x5c, 0x3c, 0xa1, 0xa7, 0x50, 0x66, 0xd6, 0x81, 0xeb, 0x28, 0x2a, 0xb3, 0xbc, 0x31, 0x9b, 0xaa, - 0xad, 0x9c, 0xe5, 0x80, 0x66, 0xd9, 0x55, 0x0a, 0x1b, 0xb8, 0x4e, 0x62, 0xe1, 0x06, 0xb6, 0xa2, - 0x5d, 0x61, 0xd1, 0x1b, 0x74, 0x84, 0x45, 0x2f, 0xb0, 0xd1, 0xd7, 0xb0, 0x26, 0x4e, 0x57, 0xd3, - 0xf6, 0xac, 0x28, 0x52, 0xf4, 0x74, 0xf7, 0x49, 0x33, 0x83, 0x03, 0xb4, 0x0e, 0x05, 0xe8, 0x46, - 0x4d, 0x18, 0xb0, 0x47, 0xd4, 0x85, 0x6a, 0x4c, 0x3c, 0x1c, 0x8a, 0xad, 0x74, 0x93, 0x6d, 0xa5, - 0xf5, 0x64, 0x69, 0x87, 0x89, 0x6e, 0xb7, 0x3e, 0x9b, 0xaa, 0x20, 0x57, 0xf5, 0x33, 0xdd, 0xc8, - 0xda, 0xa1, 0x97, 0xb0, 0x1c, 0x90, 0x30, 0x8e, 0x14, 0x65, 0x8e, 0x60, 0x40, 0xc2, 0xb8, 0x43, - 0xfc, 0x37, 0xee, 0x68, 0x17, 0xcd, 0xa6, 0x6a, 0x5d, 0x3a, 0x45, 0xe5, 0x91, 0x6e, 0x70, 0x2b, - 0xd4, 0x87, 0x46, 0x14, 0x5b, 0x31, 0x36, 0x93, 0x6a, 0x42, 0xb9, 0xc3, 0xb6, 0xdd, 0xc3, 0xd9, - 0x54, 0x7d, 0x90, 0xdb, 0x5d, 0x5a, 0x84, 0xfd, 0x88, 0x84, 0xf9, 0x1d, 0x57, 0x67, 0xd6, 0x49, - 0x4a, 0x44, 0x7d, 0x80, 0xd0, 0x8d, 0xde, 0x9a, 0x91, 0x4d, 0x42, 0xac, 0xdc, 0xd3, 0x0a, 0x1b, - 0x4b, 0xf9, 0x34, 0x69, 0xb8, 0xd1, 0x5b, 0xed, 0xd8, 0xce, 0xe6, 0x48, 0xe9, 0xd9, 0x63, 0x49, - 0x5a, 0xa1, 0x14, 0x0c, 0x83, 0x76, 0xa0, 0x16, 0x84, 0xc4, 0xc6, 0x51, 0x64, 0xc6, 0xd6, 0x28, - 0x52, 0xee, 0x2f, 0xee, 0xd2, 0x01, 0xd7, 0x6b, 0x43, 0x6b, 0x94, 0xe4, 0x39, 0x61, 0x33, 0xb4, - 0x46, 0x51, 0xfb, 0xcf, 0xa1, 0x9a, 0x39, 0x49, 0x50, 0x13, 0x8a, 0x6f, 0xf1, 0x05, 0x2f, 0x46, - 0x0c, 0xfa, 0x17, 0x5d, 0x87, 0xe5, 0x73, 0xcb, 0x9b, 0x88, 0x2a, 0xc3, 0xe0, 0x0f, 0xdb, 0x4b, - 0x5f, 0x16, 0xda, 0x2f, 0xa0, 0x9e, 0x3f, 0x87, 0x7e, 0x93, 0xf5, 0x57, 0xd0, 0x9c, 0xcf, 0x82, - 0xbf, 0xc5, 0xfe, 0x55, 0xa9, 0x5c, 0x6c, 0x96, 0x5e, 0x95, 0xca, 0xb5, 0xe6, 0x9a, 0xfe, 0xaf, - 0x05, 0xa8, 0x27, 0x29, 0x99, 0xe5, 0x25, 0xf4, 0x8c, 0x15, 0x55, 0xbc, 0x7e, 0xc9, 0x55, 0x00, - 0x3c, 0x6d, 0x1d, 0x9f, 0x59, 0x97, 0x14, 0x54, 0x1f, 0x89, 0x82, 0xaa, 0xc0, 0x0e, 0xb7, 0x34, - 0xdd, 0x33, 0x1b, 0x7a, 0x2c, 0x88, 0x2a, 0xea, 0x01, 0xd4, 0x7c, 0x12, 0xb3, 0x0c, 0x69, 0x9d, - 0x7a, 0xfc, 0x6c, 0x29, 0x1b, 0x55, 0x9f, 0xc4, 0x03, 0x21, 0x42, 0x77, 0xb3, 0xf5, 0x50, 0x95, - 0x39, 0x9f, 0x0a, 0xb6, 0x4b, 0x3f, 0xff, 0xb3, 0x7a, 0x4d, 0xff, 0xef, 0x22, 0x54, 0x12, 0xb7, - 0x51, 0x3d, 0x2d, 0x03, 0x99, 0x33, 0x4f, 0x61, 0xc5, 0x66, 0x11, 0xca, 0xc6, 0x5e, 0xcd, 0x24, - 0xb6, 0xc4, 0x86, 0x47, 0xb0, 0x21, 0x70, 0xe8, 0x33, 0x58, 0x66, 0x09, 0x58, 0x29, 0x32, 0x83, - 0x5b, 0x8b, 0x06, 0x6c, 0x20, 0x06, 0x47, 0xa1, 0x0e, 0x34, 0x23, 0x6c, 0x4f, 0xe8, 0x89, 0x60, - 0xd2, 0x53, 0x0c, 0xbf, 0x8b, 0xd9, 0x84, 0x65, 0x5f, 0x75, 0x2c, 0x00, 0x1d, 0xae, 0x37, 0x1a, - 0x51, 0x5e, 0x80, 0x3e, 0x81, 0xd5, 0x73, 0xe2, 0x4d, 0xc6, 0x38, 0x52, 0x96, 0xd9, 0x1e, 0x6b, - 0x24, 0xb6, 0xdf, 0x33, 0xb9, 0x21, 0xf5, 0xe8, 0x95, 0xdc, 0x8c, 0x2b, 0x57, 0x6f, 0x46, 0x75, - 0x36, 0x55, 0xef, 0xcc, 0x87, 0xbc, 0x96, 0xd9, 0xde, 0x62, 0x67, 0x7e, 0x0e, 0xab, 0xf2, 0x68, - 0xe2, 0xd5, 0x57, 0x3a, 0xd8, 0xee, 0xf8, 0x14, 0x3b, 0x0e, 0x76, 0xf8, 0x11, 0x64, 0x48, 0x1c, - 0x7a, 0x0a, 0x95, 0x10, 0x47, 0x64, 0x12, 0xda, 0x38, 0x12, 0xe5, 0x4b, 0xba, 0xc2, 0x86, 0xd4, - 0x18, 0x29, 0x08, 0x3d, 0x11, 0xe1, 0xc0, 0x4b, 0x87, 0x3b, 0xb3, 0xa9, 0x7a, 0x4b, 0xba, 0x96, - 0xcc, 0xa8, 0x46, 0xc3, 0x42, 0x54, 0xd7, 0xaf, 0x4a, 0xe5, 0x4a, 0x13, 0xf4, 0xff, 0x58, 0x82, - 0x4a, 0xc2, 0x87, 0x06, 0xd0, 0xb2, 0x83, 0x89, 0x49, 0xf7, 0x6b, 0x64, 0x86, 0xf8, 0x6f, 0x26, - 0x38, 0x8a, 0xd9, 0x2a, 0x2f, 0xcd, 0xd5, 0x34, 0x83, 0x13, 0xad, 0x43, 0x41, 0x9a, 0xc1, 0x41, - 0x72, 0xbb, 0x36, 0xec, 0x60, 0xc2, 0x14, 0x42, 0x8e, 0x5e, 0x41, 0x23, 0x65, 0xf4, 0xdc, 0xb1, - 0x1b, 0xb3, 0x08, 0x59, 0xda, 0xd5, 0x67, 0x53, 0xf5, 0xfe, 0x22, 0xdf, 0x01, 0x85, 0x48, 0xb6, - 0x35, 0xc9, 0xc6, 0xa4, 0xc8, 0x80, 0xd6, 0x18, 0x8f, 0x49, 0x78, 0x61, 0x8e, 0x4f, 0x13, 0xef, - 0x8a, 0x8c, 0xed, 0xa3, 0xd9, 0x54, 0xd5, 0x25, 0xdb, 0x21, 0x03, 0x49, 0xd7, 0xb4, 0x8d, 0xc3, - 0xdd, 0x4f, 0x12, 0xff, 0x38, 0xc1, 0xe1, 0xa9, 0xf4, 0xef, 0x00, 0x1a, 0x29, 0x27, 0xf7, 0xaf, - 0xb4, 0x38, 0x5e, 0xc1, 0xc8, 0xdc, 0xc8, 0xf1, 0xad, 0x49, 0x3e, 0xa6, 0xd2, 0xff, 0xbf, 0x08, - 0x2b, 0x3c, 0x92, 0xd0, 0x56, 0x66, 0x7b, 0xce, 0xa5, 0x39, 0x8e, 0x60, 0x8b, 0x91, 0x6f, 0x78, - 0xbe, 0x84, 0x15, 0xbe, 0x12, 0xa2, 0x4b, 0xd2, 0x66, 0x53, 0xf5, 0xee, 0x9c, 0xd5, 0x31, 0x03, - 0x24, 0xc5, 0x38, 0xc7, 0xa3, 0x6f, 0xa0, 0xea, 0xe0, 0x28, 0x76, 0x7d, 0x96, 0xa1, 0xd8, 0xa4, - 0x54, 0x78, 0xe2, 0x9f, 0x33, 0xdf, 0x4b, 0x51, 0x49, 0x8a, 0xcd, 0x58, 0xa2, 0xaf, 0x69, 0xe0, - 0x59, 0x8e, 0x49, 0x7c, 0xef, 0x82, 0xcd, 0x44, 0x39, 0xbf, 0x52, 0x82, 0xc6, 0xc0, 0x96, 0x73, - 0xe4, 0x7b, 0x17, 0x92, 0xa3, 0x1c, 0x0a, 0x01, 0x1d, 0x37, 0xeb, 0xc6, 0x96, 0xaf, 0x1c, 0x37, - 0xed, 0xc4, 0x92, 0x71, 0xb3, 0x7e, 0x6c, 0x0c, 0x2d, 0x5e, 0x94, 0x04, 0x21, 0x09, 0xac, 0x11, - 0x1f, 0xc3, 0x0a, 0xab, 0x90, 0xb4, 0xb9, 0x1d, 0xba, 0x79, 0xc8, 0x2a, 0x9b, 0x14, 0xc7, 0x5f, - 0x21, 0x43, 0xfd, 0x90, 0xd7, 0x47, 0xa9, 0x5a, 0x37, 0x9a, 0xe3, 0x39, 0x0b, 0x7d, 0x1f, 0x9a, - 0xf3, 0x2c, 0xa8, 0x0c, 0xa5, 0xfe, 0x51, 0xbf, 0xdb, 0xbc, 0x86, 0x6e, 0x40, 0xeb, 0xdb, 0xa3, - 0xe3, 0xa1, 0x39, 0x3c, 0x32, 0x3b, 0x47, 0xfd, 0xe1, 0x4e, 0xaf, 0xdf, 0x35, 0x9a, 0x05, 0xd4, - 0x82, 0xb5, 0xdd, 0xde, 0x5e, 0xcf, 0xe8, 0x76, 0x86, 0xbd, 0xa3, 0xfe, 0xce, 0x41, 0x73, 0x49, - 0xff, 0x9f, 0x12, 0x14, 0x07, 0xc4, 0x41, 0x8f, 0x32, 0x3d, 0x71, 0xae, 0x66, 0xa7, 0xdd, 0x4d, - 0x6f, 0x2f, 0x97, 0xb5, 0x9f, 0xe6, 0xda, 0xe0, 0x85, 0x5e, 0x88, 0xc5, 0x84, 0xc4, 0xf3, 0xa0, - 0xd8, 0x87, 0xb5, 0xf4, 0x2a, 0x81, 0xf6, 0x18, 0x7c, 0x71, 0x1f, 0xcc, 0xa6, 0xea, 0xbd, 0xcb, - 0x9b, 0x6f, 0x69, 0x5f, 0x4b, 0xed, 0x7a, 0x4e, 0xbe, 0xe9, 0x2d, 0xfd, 0xb6, 0xa6, 0x37, 0xdf, - 0xe4, 0x2c, 0xff, 0x69, 0x4d, 0xce, 0x0e, 0xd4, 0x3d, 0xf7, 0x1c, 0x9b, 0xae, 0x1f, 0xc5, 0x96, - 0x4f, 0x13, 0x1b, 0xcf, 0xad, 0xed, 0x4b, 0x52, 0xbf, 0x80, 0x18, 0x6b, 0xd4, 0x42, 0x3e, 0x45, - 0x08, 0xc3, 0xf5, 0x98, 0x16, 0xb5, 0x3e, 0x6d, 0xbd, 0x32, 0x44, 0xab, 0x73, 0xdd, 0xe7, 0x80, - 0x38, 0x8b, 0x64, 0x07, 0x6e, 0x14, 0x2f, 0x54, 0x60, 0xeb, 0x29, 0x5f, 0xfa, 0x9a, 0xe7, 0xb0, - 0x1a, 0xc5, 0x56, 0xf8, 0x5e, 0xad, 0xa3, 0x21, 0xa1, 0xed, 0xef, 0xe0, 0xc6, 0xa5, 0xef, 0x44, - 0x5f, 0x42, 0x25, 0x75, 0xb5, 0xf0, 0xab, 0x63, 0x4e, 0xc1, 0xfa, 0x7f, 0x15, 0xa1, 0xb5, 0x00, - 0x40, 0x2f, 0xa1, 0x2a, 0x21, 0xa6, 0x08, 0xbc, 0xea, 0xd6, 0xdd, 0xab, 0x19, 0x7b, 0x7b, 0x06, - 0x48, 0x83, 0x1e, 0x0d, 0xd7, 0x96, 0xe8, 0x03, 0x5d, 0x7f, 0x64, 0xd2, 0x1e, 0xde, 0x75, 0x44, - 0xc9, 0xd2, 0x48, 0x15, 0x03, 0xe2, 0xf4, 0x1c, 0xf4, 0x10, 0xea, 0xe9, 0x1d, 0x14, 0x0b, 0xdc, - 0x15, 0x06, 0x5c, 0x4b, 0xa4, 0xac, 0x01, 0xfd, 0x00, 0x52, 0x81, 0xe9, 0x06, 0x91, 0x52, 0xa4, - 0xc5, 0x9d, 0x51, 0x4b, 0x84, 0xbd, 0x20, 0x37, 0xab, 0xa5, 0xf7, 0x9e, 0x55, 0x74, 0x08, 0x35, - 0xde, 0xe2, 0x39, 0xee, 0x88, 0xe6, 0x7b, 0x1e, 0x7c, 0xb9, 0x56, 0x32, 0x3d, 0xdf, 0x78, 0xbd, - 0xb4, 0xc7, 0x90, 0x49, 0x08, 0x56, 0x99, 0x3d, 0x17, 0xa2, 0x3f, 0x83, 0xf2, 0x1b, 0xd7, 0x77, - 0xa3, 0x33, 0xec, 0x28, 0xab, 0xbf, 0xea, 0x45, 0x82, 0x45, 0x77, 0xa0, 0x82, 0xdf, 0xb9, 0xb1, - 0x69, 0x13, 0x07, 0xb3, 0xa0, 0x58, 0x36, 0xca, 0x54, 0xd0, 0x21, 0x0e, 0x46, 0x9f, 0x01, 0x92, - 0x61, 0x44, 0x3b, 0xbc, 0x10, 0x5b, 0x11, 0xf1, 0xf9, 0x5d, 0x80, 0xd1, 0xca, 0x68, 0x0c, 0xa6, - 0xd0, 0xff, 0xae, 0x00, 0xeb, 0x97, 0x2c, 0x12, 0xda, 0x4f, 0x16, 0x26, 0xbd, 0xf0, 0x63, 0xab, - 0x5b, 0xdf, 0xba, 0x7d, 0x49, 0x37, 0xcf, 0x01, 0x46, 0xd3, 0x9e, 0x93, 0x88, 0xe2, 0x6c, 0x29, - 0x29, 0xce, 0x10, 0x94, 0x7c, 0xea, 0x36, 0x4b, 0x1c, 0x06, 0xfb, 0xaf, 0x8f, 0xa0, 0x9e, 0xaf, - 0x3d, 0xd0, 0xc7, 0xb9, 0x03, 0x6b, 0x7d, 0x36, 0x55, 0x1b, 0x69, 0xff, 0xc9, 0x5b, 0x66, 0x9e, - 0x90, 0x1e, 0x43, 0x29, 0xb0, 0xe2, 0x33, 0x91, 0xc2, 0x72, 0x17, 0x45, 0x1c, 0xa8, 0x0d, 0xac, - 0xf8, 0x4c, 0x37, 0x18, 0x4a, 0xff, 0xc7, 0x32, 0x40, 0x5a, 0x33, 0x31, 0x5f, 0x92, 0xb7, 0x08, - 0xc2, 0xaf, 0xb2, 0x41, 0x46, 0x4b, 0x26, 0x46, 0xbd, 0x9c, 0xbf, 0x67, 0xa0, 0x1c, 0x69, 0x5d, - 0x20, 0xe1, 0x54, 0x8a, 0x5e, 0x40, 0x99, 0xad, 0x9d, 0x4d, 0x3c, 0x91, 0x1c, 0x73, 0x07, 0x27, - 0xc5, 0xd0, 0x23, 0x81, 0x01, 0x92, 0x03, 0x4b, 0x5a, 0x20, 0x07, 0xca, 0xf8, 0x5d, 0x40, 0xa2, - 0x49, 0xc8, 0xd3, 0x62, 0x7d, 0xeb, 0xc1, 0x25, 0xc5, 0xde, 0x66, 0x57, 0x60, 0x78, 0x7b, 0x9e, - 0x3b, 0x5a, 0x0f, 0xad, 0x77, 0x9a, 0x54, 0xe7, 0x1b, 0xf2, 0x84, 0x19, 0x3d, 0x84, 0x1a, 0xfb, - 0x8f, 0x1d, 0x3e, 0xc2, 0x65, 0x36, 0xc2, 0x25, 0xa5, 0x60, 0x54, 0x85, 0x9c, 0x0d, 0xc5, 0x81, - 0xba, 0x34, 0x31, 0x5d, 0xff, 0x0d, 0x91, 0x39, 0x52, 0xfb, 0x63, 0x2e, 0xf5, 0xfc, 0x37, 0x24, - 0x5f, 0xf1, 0x25, 0xde, 0x50, 0x55, 0xa4, 0x1b, 0x6b, 0x38, 0x03, 0x8d, 0xda, 0xff, 0x52, 0x82, - 0x5a, 0xd6, 0x18, 0xfd, 0x08, 0xcb, 0xfc, 0x5a, 0xa2, 0xf0, 0xbe, 0x13, 0x90, 0x3b, 0x7e, 0x2e, - 0x1f, 0x3c, 0xa7, 0x44, 0xfb, 0x50, 0x93, 0x77, 0x0d, 0x99, 0x93, 0x2f, 0xd7, 0xe6, 0x30, 0x7b, - 0xd7, 0x1f, 0xc9, 0x1b, 0x86, 0xa4, 0x32, 0x11, 0x86, 0x2c, 0xc7, 0xdc, 0x03, 0x90, 0x3c, 0xf2, - 0x10, 0x34, 0x2a, 0x42, 0xd2, 0x73, 0xd0, 0x63, 0x40, 0x52, 0x9d, 0x1c, 0x55, 0x01, 0x3f, 0xe7, - 0x8c, 0xa6, 0xd0, 0x88, 0x53, 0xaa, 0x17, 0xa0, 0xd7, 0xa9, 0x53, 0x99, 0xe5, 0xd8, 0x98, 0x4d, - 0xd5, 0x0f, 0xaf, 0x72, 0x4a, 0xcb, 0x46, 0xa0, 0xf4, 0x8c, 0x2d, 0xda, 0x0e, 0x54, 0xe8, 0x9e, - 0xe2, 0x4c, 0x2b, 0x8c, 0x29, 0x77, 0x38, 0x76, 0xf9, 0x02, 0x6b, 0x7d, 0xe2, 0xe4, 0x59, 0xca, - 0xd4, 0x4c, 0x50, 0xd4, 0xf0, 0xbb, 0x18, 0x87, 0xbe, 0xe5, 0xb1, 0xfc, 0xb9, 0xba, 0xd8, 0x1c, - 0x77, 0x85, 0x5e, 0xeb, 0x0d, 0x12, 0x2f, 0xa4, 0x0d, 0x4d, 0xaf, 0xc7, 0x80, 0x12, 0x8a, 0x33, - 0x12, 0xc5, 0xec, 0xf4, 0x56, 0xca, 0x8c, 0x68, 0xce, 0x1d, 0x41, 0xf4, 0xad, 0x40, 0x49, 0xba, - 0x96, 0xb4, 0x97, 0x8a, 0x48, 0x3f, 0x81, 0xb5, 0xdc, 0xba, 0xa3, 0x0a, 0x2c, 0x9f, 0xf4, 0x8f, - 0xbb, 0xc3, 0xe6, 0x35, 0x54, 0x83, 0x72, 0xf7, 0x2f, 0x86, 0x5d, 0x83, 0x16, 0x43, 0x05, 0x5e, - 0x40, 0xed, 0x75, 0x9b, 0x4b, 0x54, 0xde, 0xeb, 0x0b, 0x79, 0x91, 0xca, 0x69, 0x39, 0xd5, 0x2c, - 0x51, 0x53, 0xe3, 0xe8, 0x64, 0xd8, 0x6d, 0x2e, 0xeb, 0x3f, 0x2d, 0x43, 0x63, 0xae, 0x31, 0x44, - 0x2f, 0xa0, 0x88, 0xfd, 0x73, 0x71, 0x3e, 0x3e, 0xba, 0xaa, 0x7f, 0xdc, 0xec, 0xfa, 0xe7, 0x6e, - 0x48, 0x7c, 0x5a, 0xd4, 0x88, 0x8e, 0x92, 0x9a, 0x21, 0x05, 0x56, 0x6d, 0x32, 0x1e, 0x5b, 0x3e, - 0x4d, 0x7c, 0xf4, 0xec, 0x91, 0x8f, 0x34, 0xe3, 0x58, 0xe1, 0x48, 0x1e, 0x49, 0xec, 0x3f, 0x6d, - 0x78, 0x1d, 0x37, 0x64, 0xf7, 0xc4, 0x17, 0x22, 0x46, 0x52, 0x01, 0xb5, 0x98, 0x44, 0x38, 0xe4, - 0x47, 0x8d, 0xc1, 0xfe, 0xd3, 0x6e, 0x7f, 0xe2, 0x3a, 0xe2, 0x5e, 0x9d, 0xfe, 0x45, 0x3d, 0x68, - 0x59, 0x41, 0x60, 0x5a, 0xe1, 0x98, 0x84, 0xb4, 0x70, 0x7d, 0xe3, 0x7a, 0x98, 0x1d, 0x29, 0xe2, - 0xeb, 0x46, 0x72, 0x7f, 0x16, 0x04, 0x3b, 0x14, 0x43, 0x53, 0x10, 0xc5, 0xe8, 0x46, 0xc3, 0x12, - 0x22, 0x21, 0x69, 0xff, 0x7d, 0x11, 0x5a, 0x0b, 0xe3, 0x42, 0xcf, 0x33, 0x17, 0x0c, 0xf9, 0x22, - 0x3c, 0x83, 0xd5, 0x5e, 0xe3, 0xa4, 0x08, 0x67, 0x97, 0x10, 0xdb, 0xb9, 0x4b, 0x88, 0xb9, 0x95, - 0xcf, 0xd8, 0x7d, 0x4f, 0x41, 0xc9, 0x56, 0x65, 0x26, 0xe8, 0x1f, 0x0a, 0x50, 0xc7, 0xfe, 0xb9, - 0x79, 0x6e, 0x85, 0xa6, 0x68, 0x44, 0x8a, 0x2c, 0x21, 0x7c, 0xf1, 0xfe, 0xcb, 0x41, 0x25, 0xdf, - 0x5b, 0x21, 0x6f, 0x53, 0x76, 0x37, 0x67, 0x53, 0xf5, 0xd1, 0xe5, 0xaf, 0x0f, 0x5d, 0xeb, 0xd4, - 0x9b, 0xef, 0x67, 0x6a, 0x38, 0x63, 0xad, 0x87, 0x50, 0xcb, 0xb2, 0x65, 0x83, 0x6f, 0x15, 0x8a, - 0xc6, 0xce, 0x0f, 0xcd, 0x02, 0xaa, 0x03, 0x1c, 0x77, 0x3b, 0x46, 0x77, 0x68, 0xbe, 0xee, 0xfe, - 0x65, 0x73, 0x09, 0x21, 0xa8, 0x77, 0x8e, 0xfa, 0xfb, 0xbd, 0x6f, 0xcc, 0xc3, 0x9d, 0x01, 0x93, - 0x15, 0xa9, 0xdd, 0x7e, 0xaf, 0x7b, 0xb0, 0xd7, 0x2c, 0x51, 0xb5, 0xd1, 0x3d, 0x3e, 0x3a, 0x31, - 0x3a, 0x5d, 0x93, 0xcb, 0x96, 0x51, 0x15, 0x56, 0x4f, 0xfa, 0xaf, 0xfb, 0x47, 0x3f, 0xf4, 0x9b, - 0x2b, 0xfa, 0xbf, 0xad, 0x40, 0x63, 0xee, 0x22, 0x01, 0xbd, 0x04, 0x08, 0x42, 0xf7, 0xdc, 0xf5, - 0xf0, 0x08, 0xf3, 0x7a, 0xab, 0x9c, 0xff, 0x82, 0x35, 0x48, 0xb4, 0x72, 0x20, 0x19, 0x03, 0xb4, - 0x4d, 0xfb, 0x7f, 0xcf, 0xf5, 0x27, 0xef, 0xc4, 0xed, 0x88, 0x76, 0xd5, 0x95, 0xc5, 0xe6, 0x71, - 0xf7, 0x80, 0xe2, 0x0c, 0x69, 0x80, 0xbe, 0x83, 0x96, 0x13, 0x92, 0xc0, 0xb4, 0xad, 0xc0, 0x3a, - 0x75, 0x3d, 0x37, 0x76, 0xb1, 0x08, 0xe5, 0xfc, 0xd2, 0xee, 0x85, 0x24, 0xd0, 0x3a, 0x19, 0x90, - 0x74, 0xa4, 0x49, 0xcd, 0xb3, 0x0a, 0xd4, 0x87, 0xa6, 0xe5, 0x38, 0x79, 0xc6, 0x12, 0x63, 0xcc, - 0x25, 0xe5, 0x1d, 0xc7, 0xb9, 0x94, 0xb0, 0x61, 0x39, 0x4e, 0x8e, 0x6f, 0x04, 0xb7, 0x93, 0x96, - 0xd1, 0x0c, 0x09, 0x89, 0x4d, 0x1a, 0xd4, 0xd1, 0x45, 0x14, 0xe3, 0x31, 0xdb, 0x43, 0xe2, 0x42, - 0x39, 0xb9, 0x37, 0xc4, 0x96, 0xa3, 0xd1, 0x5e, 0x51, 0x33, 0x08, 0x89, 0xb5, 0xfd, 0x04, 0x2c, - 0xdf, 0x70, 0x53, 0x36, 0x93, 0x54, 0x9f, 0xaa, 0xd1, 0x00, 0x1a, 0x11, 0xb6, 0x6d, 0x32, 0x0e, - 0x92, 0xfd, 0xb6, 0xc2, 0xe6, 0xf3, 0xe3, 0xab, 0xe7, 0x93, 0xe3, 0xc5, 0x46, 0x33, 0xea, 0x51, - 0xee, 0xb9, 0xfd, 0x57, 0xb0, 0x2a, 0x66, 0x3c, 0xd9, 0xf4, 0x85, 0xcc, 0xa6, 0x47, 0x50, 0x0a, - 0x89, 0x27, 0xef, 0xf3, 0xd8, 0x7f, 0x2a, 0x63, 0xfd, 0xad, 0x28, 0xa6, 0x58, 0xff, 0x7a, 0x5d, - 0x1e, 0x9f, 0x3c, 0x95, 0xf0, 0x87, 0xf6, 0xef, 0x0a, 0x50, 0xcf, 0xbf, 0x1f, 0xfd, 0xb5, 0x30, - 0xe6, 0xc7, 0xec, 0xb3, 0xf7, 0x74, 0x7b, 0x53, 0xfc, 0xd2, 0xc6, 0x99, 0x1f, 0xbc, 0x32, 0xb7, - 0x08, 0x9c, 0x4c, 0x2d, 0xb9, 0x8f, 0x9c, 0x9f, 0x42, 0xcb, 0x23, 0xb6, 0xe5, 0xf1, 0xfb, 0x73, - 0x31, 0x5f, 0x7c, 0x24, 0xcd, 0x44, 0x21, 0x73, 0xd2, 0x0e, 0x54, 0x33, 0x2f, 0xa1, 0x9b, 0xea, - 0xa4, 0xcf, 0xb6, 0x51, 0xbf, 0xbb, 0xd7, 0xbc, 0x86, 0xd6, 0xa1, 0x61, 0x9c, 0xf4, 0x87, 0xbd, - 0xc3, 0xae, 0xb9, 0xd7, 0xdd, 0xdf, 0x39, 0x39, 0x18, 0x36, 0x0b, 0x68, 0x0d, 0x2a, 0x07, 0x47, - 0x9d, 0x9d, 0x03, 0x96, 0xde, 0x97, 0xf4, 0xdf, 0x17, 0xa0, 0x4e, 0xdb, 0x9d, 0xcc, 0xc7, 0xe2, - 0xf9, 0x5b, 0x42, 0x24, 0x3e, 0xe8, 0xd2, 0xfa, 0xb9, 0x24, 0xbe, 0xde, 0xa2, 0x6c, 0x43, 0x2c, - 0x0a, 0x42, 0x9a, 0xcc, 0xf9, 0x51, 0x2d, 0xa6, 0x59, 0x3e, 0xd2, 0x22, 0x20, 0xd3, 0x88, 0x8a, - 0xcc, 0x9d, 0xb6, 0x98, 0x77, 0x17, 0x3e, 0xec, 0x66, 0xbb, 0xd8, 0xe7, 0xe9, 0x17, 0xc1, 0x95, - 0x5f, 0x6f, 0x40, 0xe4, 0x07, 0xbe, 0x76, 0xe6, 0x3b, 0xd6, 0x2a, 0xff, 0xac, 0x2a, 0x9f, 0x77, - 0x9f, 0xff, 0xfb, 0x2f, 0xf7, 0x0b, 0x3f, 0xff, 0x72, 0xbf, 0xf0, 0xbf, 0xbf, 0xdc, 0x2f, 0xfc, - 0xf4, 0x7f, 0xf7, 0xaf, 0xc1, 0x6d, 0x97, 0x6c, 0x46, 0xb1, 0x65, 0xbf, 0x0d, 0xc9, 0x3b, 0x4e, - 0x2b, 0x17, 0xf9, 0x47, 0xf9, 0xfd, 0xff, 0x74, 0x85, 0xc9, 0x9f, 0xfd, 0x21, 0x00, 0x00, 0xff, - 0xff, 0x4d, 0x93, 0xfd, 0xf8, 0x2b, 0x20, 0x00, 0x00, -======= - // 3347 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x5a, 0x49, 0x73, 0xdb, 0xd8, - 0x76, 0x36, 0x45, 0x4a, 0x24, 0x0f, 0x29, 0x0e, 0x57, 0x1e, 0x60, 0x7a, 0x00, 0x8c, 0x6e, 0x77, - 0xeb, 0xf9, 0xb9, 0x65, 0xb7, 0xec, 0xca, 0xeb, 0xa8, 0xec, 0x7e, 0x91, 0x28, 0xea, 0x35, 0x6d, - 0x89, 0x62, 0x43, 0x54, 0xbf, 0xa4, 0xb3, 0x40, 0x41, 0xc0, 0x35, 0x85, 0x18, 0xc4, 0x45, 0x00, - 0x50, 0xb1, 0x96, 0x59, 0x66, 0x91, 0x4d, 0x16, 0xaf, 0x7a, 0x9b, 0x55, 0xfe, 0x41, 0x7e, 0x43, - 0xaa, 0xb2, 0xe9, 0xaa, 0x54, 0xb6, 0x4c, 0xaa, 0x53, 0x59, 0x25, 0x9b, 0xf0, 0x17, 0xa4, 0xee, - 0x84, 0x81, 0x94, 0xd2, 0xee, 0xac, 0x44, 0x9c, 0xf3, 0x9d, 0x0f, 0x77, 0x38, 0xf7, 0x0c, 0x17, - 0x02, 0x25, 0x8a, 0x49, 0x68, 0x8d, 0xf1, 0x33, 0x07, 0x07, 0x1e, 0xb9, 0x9c, 0x60, 0x3f, 0xde, - 0x0a, 0x42, 0x12, 0x13, 0x54, 0x16, 0x9a, 0x8e, 0x3a, 0x26, 0x64, 0xec, 0xe1, 0x67, 0x4c, 0x7c, - 0x36, 0x7d, 0xf7, 0x2c, 0x76, 0x27, 0x38, 0x8a, 0xad, 0x49, 0xc0, 0x91, 0x1d, 0x55, 0x72, 0xd8, - 0xc4, 0x8f, 0x2d, 0xd7, 0xc7, 0xa1, 0x19, 0x4e, 0x7d, 0x8a, 0x12, 0x80, 0x9b, 0x12, 0xe0, 0x59, - 0x67, 0xd8, 0x8b, 0x84, 0x74, 0x43, 0x4a, 0xdd, 0x89, 0x35, 0x5e, 0x82, 0x52, 0xa2, 0x58, 0x42, - 0x91, 0x94, 0x86, 0x67, 0x96, 0x2d, 0x91, 0x63, 0x32, 0x26, 0xec, 0xe7, 0x33, 0xfa, 0x8b, 0x4b, - 0xf5, 0xff, 0x44, 0x00, 0xfb, 0xc9, 0x54, 0xd0, 0x6f, 0x60, 0xc5, 0x75, 0x94, 0x82, 0x56, 0xd8, - 0xac, 0xee, 0x7d, 0x3e, 0x9f, 0xa9, 0x9f, 0x44, 0xd8, 0x0a, 0xed, 0xf3, 0x1d, 0x3d, 0xc5, 0x68, - 0xfd, 0xfd, 0xa7, 0x94, 0x1e, 0x3f, 0x3d, 0x77, 0x1d, 0x07, 0xfb, 0xba, 0xb1, 0xe2, 0x3a, 0xe8, - 0x4b, 0x28, 0xf9, 0xd6, 0x04, 0x2b, 0x2b, 0xcc, 0xf4, 0xc1, 0x7c, 0xa6, 0xde, 0x5d, 0x36, 0xe5, - 0x76, 0xba, 0xc1, 0xa0, 0xe8, 0x31, 0x94, 0xce, 0xad, 0xe8, 0x5c, 0xe9, 0x68, 0x85, 0xcd, 0xd2, - 0x5e, 0x7b, 0x3e, 0x53, 0xd7, 0xe9, 0xf3, 0x8e, 0xee, 0x8e, 0x7d, 0x0e, 0xa3, 0x8f, 0xe8, 0x39, - 0x94, 0xe2, 0xcb, 0x00, 0x2b, 0x25, 0xc6, 0x7c, 0x7f, 0x3e, 0x53, 0x95, 0x2b, 0x06, 0x35, 0xba, - 0x0c, 0xa8, 0x05, 0x45, 0xa2, 0x1d, 0xa8, 0xd2, 0x17, 0x44, 0x81, 0x65, 0x63, 0x65, 0x75, 0xd9, - 0x6c, 0x20, 0x95, 0x72, 0x3c, 0x29, 0x1c, 0xbd, 0x82, 0x7a, 0xf2, 0x60, 0xba, 0x8e, 0x72, 0x87, - 0x99, 0xdf, 0x9d, 0xcf, 0xd4, 0x5b, 0x4b, 0xe6, 0x5a, 0x7f, 0x5f, 0x37, 0x6a, 0x09, 0xbc, 0xef, - 0xa0, 0xef, 0xe1, 0x36, 0x09, 0xed, 0x73, 0x1c, 0xc5, 0xa1, 0x15, 0x93, 0xd0, 0xb4, 0xc9, 0x24, - 0x20, 0x3e, 0xf6, 0x63, 0xe5, 0x91, 0x56, 0xd8, 0xac, 0xec, 0x7d, 0x32, 0x9f, 0xa9, 0xaa, 0xe4, - 0x39, 0xce, 0x20, 0xb5, 0xae, 0x44, 0xea, 0xc6, 0xad, 0x2c, 0x45, 0x22, 0x47, 0x5f, 0x42, 0x25, - 0xc4, 0x81, 0xe7, 0xda, 0x56, 0xa4, 0xac, 0x69, 0x85, 0xcd, 0xe2, 0xde, 0xad, 0xf9, 0x4c, 0x6d, - 0x07, 0xc4, 0x73, 0xed, 0xcb, 0x1d, 0xdd, 0x10, 0x3a, 0xdd, 0x48, 0x60, 0xe8, 0x5b, 0x58, 0xe3, - 0x1e, 0xa4, 0x94, 0xb5, 0xe2, 0x66, 0x6d, 0x5b, 0xdd, 0x12, 0x7e, 0xb1, 0x95, 0xae, 0xdc, 0xd6, - 0x21, 0x43, 0xf4, 0xfc, 0x38, 0xbc, 0xdc, 0x53, 0xe6, 0x33, 0xf5, 0xa6, 0x1c, 0x1f, 0x53, 0xc8, - 0x25, 0x12, 0x44, 0xc8, 0x04, 0x08, 0x88, 0x63, 0x0a, 0xda, 0x0d, 0x46, 0xab, 0x5f, 0x45, 0x3b, - 0x24, 0x4e, 0x96, 0x39, 0xb7, 0x01, 0x43, 0xe2, 0x68, 0x39, 0xf6, 0x6a, 0x20, 0xd1, 0xe8, 0x35, - 0x34, 0x18, 0xb9, 0x19, 0x61, 0x0f, 0xdb, 0x31, 0x09, 0x95, 0x9b, 0x5a, 0x61, 0xb3, 0xb6, 0x7d, - 0x3b, 0x79, 0x09, 0x03, 0x9e, 0x08, 0xad, 0xb1, 0xee, 0x65, 0x1f, 0x11, 0x86, 0xb2, 0x1d, 0x62, - 0x2b, 0xc6, 0x8e, 0x52, 0x61, 0x76, 0x9d, 0x2d, 0x7e, 0x1c, 0xb7, 0xe4, 0x71, 0xdc, 0x1a, 0xc9, - 0xe3, 0xb8, 0xf7, 0x6c, 0x3e, 0x53, 0x7f, 0x2d, 0x07, 0xd5, 0xe5, 0x66, 0x79, 0xdf, 0xd6, 0xf2, - 0x1e, 0x29, 0xb9, 0x51, 0x17, 0xc0, 0xf6, 0xa6, 0x51, 0x8c, 0x43, 0xea, 0x24, 0x55, 0xe6, 0x24, - 0x9f, 0xce, 0x67, 0xaa, 0x96, 0xb0, 0x71, 0xed, 0xf2, 0x61, 0xa9, 0x0a, 0xbb, 0xbe, 0x83, 0x5e, - 0x43, 0x5d, 0x92, 0xb0, 0xb3, 0x03, 0x8c, 0xa6, 0x33, 0x9f, 0xa9, 0xb7, 0x17, 0x68, 0xe4, 0x3a, - 0xd5, 0x04, 0x9e, 0xba, 0x20, 0xda, 0x06, 0x48, 0x02, 0x48, 0xa4, 0xd4, 0xd8, 0x56, 0xa0, 0x64, - 0x95, 0xba, 0x52, 0x65, 0x64, 0x50, 0xc8, 0x84, 0x9a, 0xe5, 0xfb, 0x24, 0xb6, 0x62, 0x97, 0xf8, - 0x91, 0xd2, 0x60, 0x46, 0x9f, 0x5e, 0xb5, 0x7f, 0xbb, 0x29, 0x8c, 0xef, 0xe0, 0x9d, 0xf9, 0x4c, - 0xdd, 0x90, 0xe3, 0x4a, 0xb5, 0xba, 0x91, 0x65, 0x44, 0x07, 0x50, 0x09, 0x42, 0x97, 0x84, 0x6e, - 0x7c, 0xa9, 0x34, 0x99, 0x97, 0x3e, 0x99, 0xcf, 0xd4, 0xcf, 0x92, 0x9d, 0x17, 0xba, 0x6b, 0xd6, - 0x37, 0xb1, 0x45, 0x1d, 0xa8, 0xb8, 0xbe, 0x65, 0xc7, 0xee, 0x05, 0x56, 0x5a, 0xf4, 0xec, 0x18, - 0xc9, 0x33, 0x3a, 0x04, 0xc4, 0x42, 0xa0, 0x19, 0x4c, 0x3d, 0xea, 0x27, 0x76, 0x88, 0xe3, 0x48, - 0x69, 0x6b, 0xc5, 0xcd, 0xea, 0xde, 0xc3, 0xf9, 0x4c, 0xed, 0xc8, 0xb7, 0xf5, 0x29, 0x4a, 0x1b, - 0x4e, 0x3d, 0x4f, 0x3b, 0x61, 0x28, 0xdd, 0x68, 0x31, 0x4b, 0x2a, 0xe2, 0x92, 0x08, 0xf5, 0xa0, - 0x19, 0xe1, 0xf0, 0xc2, 0xb5, 0xb1, 0x69, 0xd9, 0x36, 0x99, 0xfa, 0xb1, 0x82, 0x96, 0x63, 0xc6, - 0x09, 0x87, 0x68, 0xbb, 0x1c, 0xa2, 0x1b, 0x0d, 0x61, 0x24, 0x04, 0xe8, 0x0f, 0x05, 0xd0, 0x16, - 0x78, 0xcc, 0x00, 0x87, 0x13, 0x37, 0x8a, 0x5c, 0xe2, 0x9b, 0x1e, 0xbe, 0xc0, 0x9e, 0x72, 0x5f, - 0x2b, 0x6c, 0x36, 0xb6, 0x95, 0x64, 0xbd, 0x87, 0x09, 0xe0, 0x90, 0xea, 0xf7, 0x5e, 0xcc, 0x67, - 0xea, 0xb3, 0x6b, 0x5e, 0xa9, 0xa5, 0x60, 0x8d, 0xa1, 0xa5, 0x53, 0x3c, 0xc8, 0x8f, 0x64, 0x81, - 0x13, 0x45, 0xa0, 0x5a, 0xd3, 0x98, 0x4c, 0xd8, 0x88, 0x16, 0x47, 0x18, 0x93, 0xf7, 0xd8, 0x57, - 0xee, 0xb2, 0xe0, 0xf4, 0x74, 0x3e, 0x53, 0x37, 0x65, 0x38, 0xd9, 0x95, 0x26, 0xda, 0xe2, 0x30, - 0x46, 0xd4, 0x44, 0x37, 0xee, 0x27, 0xa4, 0x27, 0xb9, 0xd7, 0x33, 0x35, 0x0d, 0xa3, 0xe7, 0x24, - 0x8a, 0x4d, 0x1f, 0xc7, 0x7f, 0x45, 0xc2, 0xf7, 0xca, 0x2d, 0xf6, 0x06, 0x16, 0x46, 0xe5, 0x1b, - 0xbe, 0x21, 0x51, 0xac, 0x0d, 0xb8, 0x5e, 0x37, 0x6a, 0x14, 0x2e, 0x9e, 0xd0, 0x73, 0xa8, 0x30, - 0xeb, 0xc0, 0x75, 0x14, 0x95, 0x59, 0xe6, 0x42, 0x1d, 0xb3, 0x1c, 0xd2, 0xe0, 0x5b, 0xa6, 0xb0, - 0xa1, 0xeb, 0x24, 0x16, 0x6e, 0x60, 0x2b, 0xda, 0x35, 0x16, 0xfd, 0x61, 0x57, 0x58, 0xf4, 0x03, - 0x1b, 0xfd, 0x16, 0xd6, 0x45, 0xd2, 0x35, 0x6d, 0xcf, 0x8a, 0x22, 0x45, 0x4f, 0x4f, 0x5f, 0x12, - 0x53, 0x39, 0x40, 0xeb, 0x52, 0x80, 0x6e, 0xd4, 0x85, 0x01, 0x7b, 0x44, 0x3d, 0xa8, 0xc5, 0xc4, - 0xc3, 0xa1, 0x38, 0x4a, 0xb7, 0xd9, 0x51, 0xda, 0x48, 0xb6, 0x76, 0x94, 0xe8, 0xf6, 0x1a, 0xf3, - 0x99, 0x0a, 0x72, 0x57, 0xbf, 0xd0, 0x8d, 0xac, 0x1d, 0x7a, 0x0d, 0xab, 0x01, 0x09, 0xe3, 0x48, - 0x51, 0x16, 0x08, 0x86, 0x24, 0x8c, 0xbb, 0xc4, 0x7f, 0xe7, 0x8e, 0xf7, 0xd0, 0x7c, 0xa6, 0x36, - 0xe4, 0xa0, 0xa8, 0x3c, 0xd2, 0x0d, 0x6e, 0x85, 0x06, 0xd0, 0x8c, 0x62, 0x2b, 0xc6, 0x66, 0x52, - 0x64, 0x28, 0xf7, 0xd8, 0xb1, 0x7b, 0x3c, 0x9f, 0xa9, 0x8f, 0x72, 0xa7, 0x4b, 0x8b, 0xb0, 0x1f, - 0x91, 0x30, 0x7f, 0xe2, 0x1a, 0xcc, 0x3a, 0x09, 0x89, 0x68, 0x00, 0x10, 0xba, 0xd1, 0x7b, 0x33, - 0xb2, 0x49, 0x88, 0x95, 0x07, 0x5a, 0x61, 0x73, 0x25, 0x1f, 0x26, 0x0d, 0x37, 0x7a, 0xaf, 0x9d, - 0xd8, 0xd9, 0x18, 0x29, 0x47, 0xf6, 0x54, 0x92, 0x56, 0x29, 0x05, 0xc3, 0xa0, 0x5d, 0xa8, 0x07, - 0x21, 0xb1, 0x71, 0x14, 0x99, 0xb1, 0x35, 0x8e, 0x94, 0x87, 0xcb, 0xa7, 0x74, 0xc8, 0xf5, 0xda, - 0xc8, 0x1a, 0x27, 0x71, 0x4e, 0xd8, 0x8c, 0xac, 0x71, 0xd4, 0xf9, 0x63, 0xa8, 0x65, 0x32, 0x09, - 0x6a, 0x41, 0xf1, 0x3d, 0xbe, 0xe4, 0x35, 0x8a, 0x41, 0x7f, 0xa2, 0x9b, 0xb0, 0x7a, 0x61, 0x79, - 0x53, 0x51, 0x7c, 0x18, 0xfc, 0x61, 0x67, 0xe5, 0xab, 0x42, 0xe7, 0x15, 0x34, 0xf2, 0x79, 0xe8, - 0x17, 0x59, 0x7f, 0x0d, 0xad, 0xc5, 0x28, 0xf8, 0x4b, 0xec, 0xdf, 0x94, 0x2a, 0xc5, 0x56, 0xe9, - 0x4d, 0xa9, 0x52, 0x6f, 0xad, 0xeb, 0x7f, 0x28, 0x40, 0x23, 0x09, 0xc9, 0x2c, 0x2e, 0xa1, 0x17, - 0xac, 0xd6, 0xe2, 0x65, 0x4d, 0xae, 0x30, 0xe0, 0x61, 0xeb, 0xe4, 0xdc, 0xba, 0xa2, 0xce, 0xfa, - 0x4c, 0xd4, 0x59, 0x05, 0x96, 0xdc, 0xd2, 0x70, 0xcf, 0x6c, 0x68, 0x5a, 0x10, 0xc5, 0xd5, 0x23, - 0xa8, 0xfb, 0x24, 0x66, 0x11, 0xd2, 0x3a, 0xf3, 0x78, 0x6e, 0xa9, 0x18, 0x35, 0x9f, 0xc4, 0x43, - 0x21, 0xda, 0x29, 0xfd, 0xf8, 0xf7, 0xea, 0x0d, 0xfd, 0x5f, 0x4b, 0x50, 0x4d, 0x06, 0x86, 0x1a, - 0x69, 0xfd, 0xc7, 0x5e, 0xf7, 0x1c, 0xd6, 0x6c, 0xe6, 0x83, 0x6c, 0x76, 0xb5, 0x4c, 0xe8, 0x4a, - 0x6c, 0xb8, 0x8f, 0x1a, 0x02, 0x87, 0xbe, 0x80, 0x55, 0x16, 0x62, 0x95, 0x22, 0x33, 0xb8, 0xb3, - 0x6c, 0xc0, 0x86, 0x6a, 0x70, 0x14, 0xea, 0x42, 0x2b, 0xc2, 0xf6, 0x94, 0xc6, 0x7c, 0x93, 0xe6, - 0x29, 0xfc, 0x21, 0x66, 0x4b, 0x92, 0x7d, 0xd5, 0x89, 0x00, 0x74, 0xb9, 0xde, 0x68, 0x46, 0x79, - 0x01, 0xfa, 0x15, 0x94, 0x2f, 0x88, 0x37, 0x9d, 0xe0, 0x48, 0x59, 0x65, 0xa7, 0xa8, 0x99, 0xd8, - 0x7e, 0xc7, 0xe4, 0x86, 0xd4, 0xa3, 0x37, 0xf2, 0xb8, 0xad, 0x5d, 0x7f, 0xdc, 0xd4, 0xf9, 0x4c, - 0xbd, 0xb7, 0xe8, 0xd4, 0x5a, 0xe6, 0x00, 0x8b, 0xb3, 0xf7, 0x25, 0x94, 0x65, 0xf2, 0xe1, 0xf5, - 0x55, 0x3a, 0xd9, 0xde, 0xe4, 0x0c, 0x3b, 0x0e, 0x76, 0x78, 0x92, 0x31, 0x24, 0x0e, 0x3d, 0x87, - 0x6a, 0x88, 0x23, 0x32, 0x0d, 0x6d, 0x1c, 0x89, 0x02, 0x25, 0xdd, 0x43, 0x43, 0x6a, 0x8c, 0x14, - 0x84, 0x9e, 0x89, 0x0d, 0xe7, 0xc5, 0xc1, 0xbd, 0xf9, 0x4c, 0xbd, 0x23, 0x87, 0x96, 0xac, 0xa8, - 0x46, 0x37, 0x5e, 0x96, 0xd5, 0xb4, 0x80, 0x72, 0x2f, 0xb0, 0x4f, 0x8f, 0x5c, 0x10, 0x92, 0x33, - 0xac, 0xd4, 0x16, 0x0b, 0x28, 0xa1, 0x1e, 0x52, 0xad, 0xb1, 0xee, 0x65, 0x1f, 0xd1, 0x9f, 0x40, - 0x33, 0xc4, 0x96, 0xe3, 0x66, 0xec, 0xeb, 0x0b, 0x3b, 0x69, 0x48, 0x3d, 0x27, 0x68, 0x84, 0xb9, - 0xe7, 0x37, 0xa5, 0x4a, 0xb5, 0x05, 0xfa, 0x3f, 0xaf, 0x40, 0x35, 0x99, 0x10, 0x1a, 0x42, 0xdb, - 0x0e, 0xa6, 0x26, 0x0d, 0x09, 0x91, 0x19, 0xe2, 0xbf, 0x9c, 0xe2, 0x28, 0x66, 0x6e, 0xb6, 0xb2, - 0x50, 0x36, 0x0d, 0x4f, 0xb5, 0x2e, 0x05, 0x69, 0x06, 0x07, 0xc9, 0x88, 0xd0, 0xb4, 0x83, 0x29, - 0x53, 0x08, 0x39, 0x7a, 0x03, 0xcd, 0x94, 0xd1, 0x73, 0x27, 0x6e, 0xcc, 0x5c, 0x74, 0x65, 0x4f, - 0x9f, 0xcf, 0xd4, 0x87, 0xcb, 0x7c, 0x87, 0x14, 0x22, 0xd9, 0xd6, 0x25, 0x1b, 0x93, 0x22, 0x03, - 0xda, 0x13, 0x3c, 0x21, 0xe1, 0xa5, 0x39, 0x39, 0x4b, 0x46, 0x57, 0x64, 0x6c, 0x9f, 0xcd, 0x67, - 0xaa, 0x2e, 0xd9, 0x8e, 0x18, 0x48, 0x0e, 0x4d, 0xdb, 0x3c, 0xda, 0xfb, 0x55, 0x32, 0x3e, 0x4e, - 0x70, 0x74, 0x26, 0xc7, 0x77, 0x08, 0xcd, 0x94, 0x93, 0x8f, 0xaf, 0xb4, 0x3c, 0x5f, 0xc1, 0xc8, - 0x86, 0x91, 0xe3, 0x5b, 0x97, 0x7c, 0x4c, 0xa5, 0xff, 0x57, 0x11, 0xd6, 0xb8, 0x2b, 0xa3, 0xed, - 0x4c, 0x04, 0x58, 0x88, 0xa4, 0x1c, 0xc1, 0xbc, 0x21, 0xdf, 0x6a, 0x7d, 0x05, 0x6b, 0x7c, 0x27, - 0x44, 0x7f, 0xa6, 0xcd, 0x67, 0xea, 0xfd, 0x05, 0xab, 0x13, 0x06, 0x48, 0xea, 0x7d, 0x8e, 0x47, - 0xbf, 0x83, 0x9a, 0x83, 0xa3, 0xd8, 0xf5, 0x59, 0x10, 0x64, 0x8b, 0x52, 0xe5, 0xb9, 0x65, 0xc1, - 0x7c, 0x3f, 0x45, 0x25, 0x51, 0x3c, 0x63, 0x89, 0x7e, 0x4b, 0x3d, 0xdf, 0x72, 0x4c, 0xe2, 0x7b, - 0x97, 0x6c, 0x25, 0x2a, 0xf9, 0x9d, 0x12, 0x34, 0xd4, 0xb7, 0x8e, 0x7d, 0xef, 0x52, 0x72, 0x54, - 0x42, 0x21, 0xa0, 0xf3, 0x66, 0x7d, 0xe0, 0xea, 0xb5, 0xf3, 0xa6, 0x3d, 0x60, 0x32, 0x6f, 0xd6, - 0x09, 0x4e, 0xa0, 0xcd, 0xeb, 0x9e, 0x20, 0x24, 0x81, 0x35, 0xe6, 0x73, 0x58, 0x63, 0x45, 0x98, - 0xb6, 0x10, 0x22, 0xb6, 0x8e, 0x58, 0xf1, 0x94, 0xe2, 0xf8, 0x2b, 0xe4, 0x59, 0x3b, 0xe2, 0x25, - 0x58, 0xaa, 0xd6, 0x8d, 0xd6, 0x64, 0xc1, 0x42, 0x3f, 0x80, 0xd6, 0x22, 0x0b, 0xaa, 0x40, 0x69, - 0x70, 0x3c, 0xe8, 0xb5, 0x6e, 0xa0, 0x5b, 0xd0, 0xfe, 0xe6, 0xf8, 0x64, 0x64, 0x8e, 0x8e, 0xcd, - 0xee, 0xf1, 0x60, 0xb4, 0xdb, 0x1f, 0xf4, 0x8c, 0x56, 0x01, 0xb5, 0x61, 0x7d, 0xaf, 0xbf, 0xdf, - 0x37, 0x7a, 0xdd, 0x51, 0xff, 0x78, 0xb0, 0x7b, 0xd8, 0x5a, 0xd1, 0x07, 0xb0, 0x9e, 0x3b, 0xa3, - 0xe8, 0x35, 0x94, 0x1d, 0xfc, 0xce, 0xf5, 0x31, 0x8f, 0xcd, 0xa2, 0x91, 0x94, 0x63, 0x93, 0x58, - 0x8d, 0x81, 0xb5, 0x7d, 0x8e, 0xd4, 0x0d, 0x69, 0xa3, 0x0f, 0xa1, 0x91, 0x3f, 0xb3, 0xe8, 0xeb, - 0x45, 0x42, 0xe6, 0x95, 0x69, 0x2f, 0x29, 0xc0, 0xd7, 0x32, 0xfe, 0x5b, 0x09, 0x8a, 0x43, 0xe2, - 0xa0, 0x27, 0x99, 0xfb, 0x82, 0x5c, 0xe3, 0x42, 0x5b, 0xbc, 0xfe, 0x7e, 0x2e, 0x75, 0x3d, 0xcf, - 0x5d, 0x11, 0x2c, 0x35, 0x84, 0xcc, 0x6b, 0x25, 0x9e, 0xbb, 0xed, 0x01, 0xac, 0xa7, 0xd7, 0x2c, - 0xb4, 0xd1, 0xe2, 0xee, 0xf7, 0x68, 0x3e, 0x53, 0x1f, 0x5c, 0x7d, 0x31, 0x21, 0xed, 0xeb, 0xa9, - 0x5d, 0xdf, 0xc9, 0x5f, 0x08, 0x94, 0x7e, 0xd9, 0x85, 0x40, 0xbe, 0xd3, 0x5b, 0xfd, 0xff, 0x75, - 0x7a, 0xbb, 0x3c, 0x26, 0x9b, 0xae, 0x1f, 0xc5, 0x96, 0x4f, 0x63, 0x3f, 0x4f, 0x3f, 0x9d, 0x2b, - 0xb2, 0xa3, 0x80, 0xf0, 0xb8, 0x2c, 0x9f, 0x22, 0x84, 0xe1, 0x66, 0x4c, 0x2b, 0x7b, 0x9f, 0xf6, - 0x9f, 0x19, 0xa2, 0xf2, 0x42, 0x0b, 0x3e, 0x24, 0xce, 0x32, 0xd9, 0xa1, 0x1b, 0xc5, 0x4b, 0x65, - 0xe8, 0x46, 0xca, 0x97, 0xbe, 0xe6, 0x25, 0x94, 0xa3, 0xd8, 0x0a, 0x3f, 0xaa, 0x7f, 0x36, 0x24, - 0xb4, 0xf3, 0x2d, 0xdc, 0xba, 0xf2, 0x9d, 0xe8, 0x2b, 0xa8, 0xa6, 0x43, 0x2d, 0xfc, 0xec, 0x9c, - 0x53, 0xb0, 0xfe, 0x2f, 0x45, 0x68, 0x2f, 0x01, 0xd0, 0x6b, 0xa8, 0x49, 0x88, 0x29, 0x1c, 0xaf, - 0xb6, 0x7d, 0xff, 0x7a, 0xc6, 0xfe, 0xbe, 0x01, 0xd2, 0xa0, 0x4f, 0xdd, 0xb5, 0x2d, 0x9a, 0x61, - 0xd7, 0x1f, 0x9b, 0x01, 0x71, 0x28, 0x09, 0xaf, 0xdb, 0x9a, 0xa9, 0x62, 0x48, 0x9c, 0xbe, 0x83, - 0x1e, 0x43, 0x23, 0xbd, 0x9f, 0x63, 0x8e, 0xbb, 0xc6, 0x80, 0xeb, 0x89, 0x94, 0x75, 0xe1, 0x9f, - 0x40, 0x2a, 0x30, 0xdd, 0x20, 0x52, 0x8a, 0xb4, 0xc2, 0x35, 0xea, 0x89, 0xb0, 0x1f, 0xe4, 0x56, - 0xb5, 0xf4, 0xd1, 0xab, 0x8a, 0x8e, 0xa0, 0xce, 0xfb, 0x5c, 0xc7, 0x1d, 0xd3, 0x8c, 0xc4, 0x9d, - 0x2f, 0xd7, 0x4f, 0xa7, 0x25, 0x00, 0x2f, 0x1a, 0xf7, 0x19, 0x32, 0x71, 0xc1, 0x1a, 0xb3, 0xe7, - 0x42, 0xf4, 0x47, 0x50, 0x79, 0xe7, 0xfa, 0x6e, 0x74, 0x8e, 0x1d, 0xa5, 0xfc, 0xb3, 0xa3, 0x48, - 0xb0, 0xe8, 0x1e, 0x54, 0xf1, 0x07, 0x37, 0x36, 0x6d, 0xe2, 0x60, 0xe6, 0x14, 0xab, 0x46, 0x85, - 0x0a, 0xba, 0xc4, 0xc1, 0xe8, 0x0b, 0x40, 0xd2, 0x8d, 0x68, 0x9b, 0x1b, 0x62, 0x2b, 0x22, 0x3e, - 0xbf, 0x10, 0x31, 0xda, 0x19, 0x8d, 0xc1, 0x14, 0xfa, 0x5f, 0x17, 0x60, 0xe3, 0x8a, 0x4d, 0x42, - 0x07, 0xc9, 0xc6, 0xa4, 0x97, 0xa1, 0x6c, 0x77, 0x1b, 0xdb, 0x77, 0xaf, 0xb8, 0xd2, 0xe0, 0x00, - 0xa3, 0x65, 0x2f, 0x48, 0x44, 0xfd, 0xba, 0x92, 0xd4, 0xaf, 0x08, 0x4a, 0x3e, 0x1d, 0x36, 0x0b, - 0x1c, 0x06, 0xfb, 0xad, 0x8f, 0xa1, 0x91, 0x2f, 0xcf, 0xd0, 0xe7, 0xb9, 0x94, 0xba, 0x31, 0x9f, - 0xa9, 0xcd, 0xb4, 0x09, 0xe7, 0xf7, 0x06, 0x3c, 0x20, 0x3d, 0x85, 0x52, 0x60, 0xc5, 0xe7, 0x22, - 0x84, 0xe5, 0x6e, 0xcb, 0x38, 0x50, 0x1b, 0x5a, 0xf1, 0xb9, 0x6e, 0x30, 0x94, 0xfe, 0x77, 0x15, - 0x80, 0xb4, 0xac, 0x64, 0x63, 0x49, 0xde, 0x22, 0x08, 0xbf, 0xce, 0x3a, 0x19, 0xad, 0x2a, 0x19, - 0xf5, 0x6a, 0xfe, 0xb2, 0x85, 0x72, 0xa4, 0x95, 0x8b, 0x84, 0x53, 0x29, 0x7a, 0x05, 0x15, 0xb6, - 0x77, 0x36, 0xf1, 0x44, 0x70, 0xcc, 0xa5, 0x76, 0x8a, 0xa1, 0x31, 0x9c, 0x01, 0x92, 0x94, 0x2a, - 0x2d, 0x90, 0x03, 0x15, 0xfc, 0x21, 0x20, 0xd1, 0x34, 0xe4, 0x61, 0xb1, 0xb1, 0xfd, 0xe8, 0x8a, - 0x7a, 0x78, 0xab, 0x27, 0x30, 0xfc, 0x8e, 0x22, 0x97, 0xfc, 0x8f, 0xac, 0x0f, 0x9a, 0x54, 0xe7, - 0x6f, 0x25, 0x12, 0x66, 0xf4, 0x18, 0xea, 0xec, 0x37, 0x76, 0xf8, 0x0c, 0x57, 0xd9, 0x0c, 0x57, - 0x94, 0x82, 0x51, 0x13, 0x72, 0x36, 0x15, 0x07, 0x1a, 0xd2, 0xc4, 0x74, 0xfd, 0x77, 0x44, 0xc6, - 0x48, 0xed, 0xff, 0x1a, 0x52, 0xdf, 0x7f, 0x47, 0xf2, 0x45, 0x71, 0x32, 0x1a, 0xaa, 0x8a, 0x74, - 0x63, 0x1d, 0x67, 0xa0, 0x51, 0xe7, 0x1f, 0x4a, 0x50, 0xcf, 0x1a, 0xa3, 0xef, 0x61, 0x95, 0xdf, - 0xcd, 0x14, 0x3e, 0x76, 0x01, 0x72, 0xe9, 0xe7, 0xea, 0xc9, 0x73, 0x4a, 0x74, 0x00, 0x75, 0x79, - 0xe1, 0x92, 0xc9, 0x7c, 0xb9, 0x5e, 0x8f, 0xd9, 0xbb, 0xfe, 0x58, 0x5e, 0xb3, 0x24, 0xb5, 0x93, - 0x30, 0x64, 0x31, 0xe6, 0x01, 0x80, 0xe4, 0x91, 0x49, 0xd0, 0xa8, 0x0a, 0x49, 0xdf, 0x41, 0x4f, - 0x01, 0x49, 0x75, 0x92, 0xaa, 0x02, 0x9e, 0xe7, 0x8c, 0x96, 0xd0, 0x88, 0x2c, 0xd5, 0x0f, 0xd0, - 0xdb, 0x74, 0x50, 0x99, 0xed, 0xd8, 0x9c, 0xcf, 0xd4, 0x4f, 0xaf, 0x1b, 0x94, 0x96, 0xf5, 0x40, - 0x39, 0x32, 0xb6, 0x69, 0xbb, 0x50, 0xa5, 0x67, 0x8a, 0x33, 0xad, 0x31, 0xa6, 0x5c, 0x72, 0xec, - 0xf1, 0x0d, 0xd6, 0x06, 0xc4, 0xc9, 0xb3, 0x54, 0xa8, 0x99, 0xa0, 0xa8, 0xe3, 0x0f, 0x31, 0x0e, - 0x7d, 0xcb, 0x63, 0xf1, 0xb3, 0xbc, 0x7c, 0x43, 0xd0, 0x13, 0x7a, 0xad, 0x3f, 0x4c, 0x46, 0x21, - 0x6d, 0x68, 0x78, 0x3d, 0x01, 0x94, 0x50, 0x9c, 0x93, 0x28, 0x66, 0xd9, 0x5b, 0xa9, 0x30, 0xa2, - 0x85, 0xe1, 0x08, 0xa2, 0x6f, 0x04, 0x4a, 0xd2, 0xb5, 0xa5, 0xbd, 0x54, 0x44, 0xfa, 0x29, 0xac, - 0xe7, 0xf6, 0x1d, 0x55, 0x61, 0xf5, 0x74, 0x70, 0xd2, 0x1b, 0xb5, 0x6e, 0xa0, 0x3a, 0x54, 0x7a, - 0x7f, 0x3a, 0xea, 0x19, 0xb4, 0x5c, 0x2b, 0xf0, 0x12, 0x6f, 0xbf, 0xd7, 0x5a, 0xa1, 0xf2, 0xfe, - 0x40, 0xc8, 0x8b, 0x54, 0x4e, 0x0b, 0xbe, 0x56, 0x89, 0x9a, 0x1a, 0xc7, 0xa7, 0xa3, 0x5e, 0x6b, - 0x55, 0xff, 0x61, 0x15, 0x9a, 0x0b, 0xbd, 0x33, 0x7a, 0x05, 0x45, 0xec, 0x5f, 0x88, 0xfc, 0xf8, - 0xe4, 0xba, 0x16, 0x7b, 0xab, 0xe7, 0x5f, 0xb8, 0x21, 0xf1, 0x69, 0x51, 0x23, 0x9a, 0x6e, 0x6a, - 0x86, 0x14, 0x28, 0xdb, 0x64, 0x32, 0xb1, 0x7c, 0x1a, 0xf8, 0x68, 0xee, 0x91, 0x8f, 0x34, 0xe2, - 0x58, 0xe1, 0x58, 0xa6, 0x24, 0xf6, 0x1b, 0xdd, 0x87, 0xaa, 0xe3, 0x86, 0xec, 0xb2, 0xfc, 0x52, - 0xf8, 0x48, 0x2a, 0xa0, 0x16, 0xd3, 0x08, 0x87, 0x3c, 0xd5, 0x18, 0xec, 0x37, 0x6a, 0x41, 0x71, - 0xea, 0x3a, 0xfc, 0x9b, 0x83, 0x41, 0x7f, 0xa2, 0x3e, 0xb4, 0xad, 0x20, 0x30, 0xad, 0x70, 0x42, - 0x42, 0x5a, 0x5a, 0xbf, 0x73, 0x3d, 0xcc, 0x52, 0x8a, 0xf8, 0xf2, 0x93, 0x5c, 0x22, 0x06, 0xc1, - 0x2e, 0xc5, 0xd0, 0x10, 0x44, 0x31, 0xba, 0xd1, 0xb4, 0x84, 0x48, 0x48, 0x3a, 0x7f, 0x53, 0x84, - 0xf6, 0xd2, 0xbc, 0xd0, 0xcb, 0xcc, 0x2d, 0x4b, 0xbe, 0x4d, 0xc8, 0x60, 0xb5, 0xb7, 0x38, 0x69, - 0x13, 0xd8, 0x4d, 0xcc, 0x4e, 0xee, 0x26, 0x66, 0x61, 0xe7, 0x33, 0x76, 0xdf, 0x51, 0x50, 0x72, - 0x54, 0x99, 0x09, 0xfa, 0xdb, 0x02, 0x34, 0xb0, 0x7f, 0x61, 0x5e, 0x58, 0xa1, 0x29, 0x5a, 0xa5, - 0x22, 0x0b, 0x08, 0xbf, 0xf9, 0xf8, 0xed, 0xa0, 0x92, 0xef, 0xac, 0x90, 0x37, 0x52, 0x7b, 0x5b, - 0xf3, 0x99, 0xfa, 0xe4, 0xea, 0xd7, 0x87, 0xae, 0x75, 0xe6, 0x2d, 0x76, 0x5c, 0x75, 0x9c, 0xb1, - 0xd6, 0x43, 0xa8, 0x67, 0xd9, 0xb2, 0xce, 0x57, 0x86, 0xa2, 0xb1, 0xfb, 0xfb, 0x56, 0x01, 0x35, - 0x00, 0x4e, 0x7a, 0x5d, 0xa3, 0x37, 0x32, 0xdf, 0xf6, 0xfe, 0xac, 0xb5, 0x82, 0x10, 0x34, 0xba, - 0xc7, 0x83, 0x83, 0xfe, 0xef, 0xcc, 0xa3, 0xdd, 0x21, 0x93, 0x15, 0xa9, 0xdd, 0x41, 0xbf, 0x77, - 0xb8, 0xdf, 0x2a, 0x51, 0xb5, 0xd1, 0x3b, 0x39, 0x3e, 0x35, 0xba, 0x3d, 0x93, 0xcb, 0x56, 0x51, - 0x0d, 0xca, 0xa7, 0x83, 0xb7, 0x83, 0xe3, 0xdf, 0x0f, 0x5a, 0x6b, 0xfa, 0x3f, 0xae, 0x41, 0x73, - 0xe1, 0xae, 0x05, 0xbd, 0x06, 0x08, 0x42, 0xf7, 0xc2, 0xf5, 0xf0, 0x38, 0xe9, 0x15, 0x72, 0x5f, - 0xf7, 0x86, 0x89, 0x56, 0x4e, 0x24, 0x63, 0x80, 0x76, 0xa0, 0x1c, 0x61, 0xcf, 0xf5, 0xa7, 0x1f, - 0xc4, 0x05, 0x92, 0x76, 0xdd, 0xad, 0xce, 0xd6, 0x49, 0xef, 0x90, 0xe2, 0x0c, 0x69, 0x80, 0xbe, - 0x85, 0xb6, 0x13, 0x92, 0xc0, 0xb4, 0xad, 0xc0, 0x3a, 0x73, 0x3d, 0x37, 0x76, 0xb1, 0x70, 0xe5, - 0xfc, 0xd6, 0xee, 0x87, 0x24, 0xd0, 0xba, 0x19, 0x90, 0x1c, 0x48, 0x8b, 0x9a, 0x67, 0x15, 0x68, - 0x00, 0x2d, 0xcb, 0x71, 0xf2, 0x8c, 0x25, 0xc6, 0x98, 0x0b, 0xca, 0xbb, 0x8e, 0x73, 0x25, 0x61, - 0xd3, 0x72, 0x9c, 0x1c, 0xdf, 0x18, 0xee, 0x26, 0x4d, 0xad, 0x19, 0x12, 0x12, 0x9b, 0xd4, 0xa9, - 0xa3, 0xcb, 0x28, 0xc6, 0x13, 0x76, 0x86, 0xc4, 0xad, 0x7a, 0x72, 0x79, 0x8a, 0x2d, 0x47, 0xa3, - 0xdd, 0xac, 0x66, 0x10, 0x12, 0x6b, 0x07, 0x09, 0x58, 0xbe, 0xe1, 0xb6, 0x6c, 0x77, 0xa9, 0x3e, - 0x55, 0xa3, 0x21, 0x34, 0x23, 0x6c, 0xdb, 0x64, 0x12, 0x24, 0xe7, 0x6d, 0x8d, 0xad, 0xe7, 0xe7, - 0xd7, 0xaf, 0x27, 0xc7, 0x8b, 0x83, 0x66, 0x34, 0xa2, 0xdc, 0x73, 0xe7, 0xcf, 0xa1, 0x2c, 0x56, - 0x3c, 0x39, 0xf4, 0x85, 0xcc, 0xa1, 0x47, 0x50, 0x0a, 0x89, 0x27, 0x2f, 0x35, 0xd9, 0x6f, 0x2a, - 0x63, 0x1d, 0xb8, 0x28, 0xa6, 0x58, 0x87, 0x7d, 0x53, 0xa6, 0x4f, 0x1e, 0x4a, 0xf8, 0x43, 0xe7, - 0xbf, 0x0b, 0xd0, 0xc8, 0xbf, 0x1f, 0xfd, 0x85, 0x30, 0xe6, 0x69, 0xf6, 0xc5, 0x47, 0x0e, 0x7b, - 0x4b, 0xfc, 0xa5, 0xad, 0x3d, 0x4f, 0xbc, 0x32, 0xb6, 0x08, 0x9c, 0x0c, 0x2d, 0xb9, 0x0f, 0xc0, - 0xbf, 0x86, 0xb6, 0x47, 0x6c, 0xcb, 0xe3, 0x1f, 0x11, 0xc4, 0x7a, 0xf1, 0x99, 0xb4, 0x12, 0x85, - 0x8c, 0x49, 0xbb, 0x50, 0xcb, 0xbc, 0x84, 0x1e, 0xaa, 0xd3, 0x01, 0x3b, 0x46, 0x83, 0xde, 0x7e, - 0xeb, 0x06, 0xda, 0x80, 0xa6, 0x71, 0x3a, 0x18, 0xf5, 0x8f, 0x7a, 0xe6, 0x7e, 0xef, 0x60, 0xf7, - 0xf4, 0x70, 0xd4, 0x2a, 0xa0, 0x75, 0xa8, 0x1e, 0x1e, 0x77, 0x77, 0x0f, 0x59, 0x78, 0x5f, 0xd1, - 0xff, 0xa7, 0x00, 0x0d, 0xda, 0xee, 0x64, 0x3e, 0xa4, 0x2f, 0x5e, 0xa4, 0x22, 0xf1, 0xb1, 0x9b, - 0xd6, 0xcf, 0x25, 0xf1, 0x65, 0x1b, 0x65, 0x1b, 0x62, 0x51, 0x10, 0xd2, 0x60, 0xce, 0x53, 0xb5, - 0x58, 0x66, 0xf9, 0x48, 0x8b, 0x80, 0x4c, 0x23, 0x2a, 0x22, 0x77, 0xda, 0x62, 0xde, 0x5f, 0xfa, - 0xe8, 0x9d, 0xed, 0x62, 0x5f, 0xa6, 0x9f, 0x45, 0xd7, 0x7e, 0xbe, 0x01, 0x91, 0x5f, 0x39, 0x3b, - 0x99, 0x8f, 0x79, 0x65, 0x16, 0xfe, 0x93, 0xe7, 0xbd, 0x97, 0xff, 0xf4, 0xd3, 0xc3, 0xc2, 0x8f, - 0x3f, 0x3d, 0x2c, 0xfc, 0xfb, 0x4f, 0x0f, 0x0b, 0x3f, 0xfc, 0xc7, 0xc3, 0x1b, 0x70, 0xd7, 0x25, - 0x5b, 0x51, 0x6c, 0xd9, 0xef, 0x43, 0xf2, 0x81, 0xd3, 0xca, 0x4d, 0xfe, 0x5e, 0xfe, 0x6f, 0xc4, - 0xd9, 0x1a, 0x93, 0xbf, 0xf8, 0xdf, 0x00, 0x00, 0x00, 0xff, 0xff, 0x9b, 0xcf, 0xea, 0x43, 0x47, - 0x21, 0x00, 0x00, ->>>>>>> ROX-8401-registry-store + // 3357 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x5a, 0x4b, 0x73, 0xdb, 0x58, + 0x76, 0x36, 0x45, 0x4a, 0x24, 0x0f, 0x29, 0x3e, 0xae, 0x6c, 0x37, 0x4c, 0xcb, 0x06, 0x8c, 0x6e, + 0x77, 0x6b, 0x3c, 0x6e, 0xd9, 0x2d, 0xbb, 0x32, 0x1d, 0x95, 0xdd, 0x13, 0x89, 0xa2, 0xa6, 0x69, + 0x4b, 0x14, 0x1b, 0xa2, 0x7a, 0x92, 0xce, 0x02, 0x05, 0x01, 0xd7, 0x14, 0x62, 0x10, 0x17, 0x01, + 0x40, 0xc5, 0x5a, 0x66, 0x99, 0x45, 0x36, 0x59, 0xa4, 0x66, 0x9b, 0x55, 0xfe, 0x40, 0x2a, 0xbf, + 0x21, 0x55, 0xd9, 0x4c, 0x55, 0x2a, 0x5b, 0x26, 0xd5, 0xa9, 0xac, 0x92, 0x4d, 0xf8, 0x0b, 0x52, + 0xf7, 0x85, 0x07, 0x29, 0xa5, 0xdd, 0x59, 0x89, 0x38, 0xe7, 0x3b, 0x1f, 0xee, 0xe3, 0xdc, 0xf3, + 0xb8, 0x10, 0x28, 0x51, 0x4c, 0x42, 0x6b, 0x8c, 0x9f, 0x39, 0x38, 0xf0, 0xc8, 0xd5, 0x04, 0xfb, + 0xf1, 0x76, 0x10, 0x92, 0x98, 0xa0, 0xb2, 0xd0, 0x74, 0xd4, 0x31, 0x21, 0x63, 0x0f, 0x3f, 0x63, + 0xe2, 0xf3, 0xe9, 0xbb, 0x67, 0xb1, 0x3b, 0xc1, 0x51, 0x6c, 0x4d, 0x02, 0x8e, 0xec, 0xa8, 0x92, + 0xc3, 0x26, 0x7e, 0x6c, 0xb9, 0x3e, 0x0e, 0xcd, 0x70, 0xea, 0x53, 0x94, 0x00, 0xdc, 0x96, 0x00, + 0xcf, 0x3a, 0xc7, 0x5e, 0x24, 0xa4, 0x1b, 0x52, 0xea, 0x4e, 0xac, 0xf1, 0x12, 0x94, 0x12, 0xc5, + 0x12, 0x8a, 0xa4, 0x34, 0x3c, 0xb7, 0x6c, 0x89, 0x1c, 0x93, 0x31, 0x61, 0x3f, 0x9f, 0xd1, 0x5f, + 0x5c, 0xaa, 0xff, 0x27, 0x02, 0x38, 0x48, 0xa6, 0x82, 0x7e, 0x05, 0x2b, 0xae, 0xa3, 0x14, 0xb4, + 0xc2, 0x56, 0x75, 0xff, 0x8b, 0xf9, 0x4c, 0xfd, 0x34, 0xc2, 0x56, 0x68, 0x5f, 0xec, 0xea, 0x29, + 0x46, 0xeb, 0x1f, 0x3c, 0xa5, 0xf4, 0xf8, 0xe9, 0x85, 0xeb, 0x38, 0xd8, 0xd7, 0x8d, 0x15, 0xd7, + 0x41, 0x5f, 0x41, 0xc9, 0xb7, 0x26, 0x58, 0x59, 0x61, 0xa6, 0x0f, 0xe6, 0x33, 0xf5, 0xde, 0xb2, + 0x29, 0xb7, 0xd3, 0x0d, 0x06, 0x45, 0x8f, 0xa1, 0x74, 0x61, 0x45, 0x17, 0x4a, 0x47, 0x2b, 0x6c, + 0x95, 0xf6, 0xdb, 0xf3, 0x99, 0xba, 0x4e, 0x9f, 0x77, 0x75, 0x77, 0xec, 0x73, 0x18, 0x7d, 0x44, + 0xcf, 0xa1, 0x14, 0x5f, 0x05, 0x58, 0x29, 0x31, 0xe6, 0xcd, 0xf9, 0x4c, 0x55, 0xae, 0x19, 0xd4, + 0xe8, 0x2a, 0xa0, 0x16, 0x14, 0x89, 0x76, 0xa1, 0x4a, 0x5f, 0x10, 0x05, 0x96, 0x8d, 0x95, 0xd5, + 0x65, 0xb3, 0x81, 0x54, 0xca, 0xf1, 0xa4, 0x70, 0xf4, 0x0a, 0xea, 0xc9, 0x83, 0xe9, 0x3a, 0xca, + 0x27, 0xcc, 0xfc, 0xde, 0x7c, 0xa6, 0xde, 0x59, 0x32, 0xd7, 0xfa, 0x07, 0xba, 0x51, 0x4b, 0xe0, + 0x7d, 0x07, 0xfd, 0x00, 0x77, 0x49, 0x68, 0x5f, 0xe0, 0x28, 0x0e, 0xad, 0x98, 0x84, 0xa6, 0x4d, + 0x26, 0x01, 0xf1, 0xb1, 0x1f, 0x2b, 0x8f, 0xb4, 0xc2, 0x56, 0x65, 0xff, 0xd3, 0xf9, 0x4c, 0x55, + 0x25, 0xcf, 0x49, 0x06, 0xa9, 0x75, 0x25, 0x52, 0x37, 0xee, 0x64, 0x29, 0x12, 0x39, 0xfa, 0x0a, + 0x2a, 0x21, 0x0e, 0x3c, 0xd7, 0xb6, 0x22, 0x65, 0x4d, 0x2b, 0x6c, 0x15, 0xf7, 0xef, 0xcc, 0x67, + 0x6a, 0x3b, 0x20, 0x9e, 0x6b, 0x5f, 0xed, 0xea, 0x86, 0xd0, 0xe9, 0x46, 0x02, 0x43, 0xdf, 0xc1, + 0x1a, 0xf7, 0x20, 0xa5, 0xac, 0x15, 0xb7, 0x6a, 0x3b, 0xea, 0xb6, 0xf0, 0x8b, 0xed, 0x74, 0xe5, + 0xb6, 0x8f, 0x18, 0xa2, 0xe7, 0xc7, 0xe1, 0xd5, 0xbe, 0x32, 0x9f, 0xa9, 0xb7, 0xe5, 0xf8, 0x98, + 0x42, 0x2e, 0x91, 0x20, 0x42, 0x26, 0x40, 0x40, 0x1c, 0x53, 0xd0, 0x6e, 0x30, 0x5a, 0xfd, 0x3a, + 0xda, 0x21, 0x71, 0xb2, 0xcc, 0xb9, 0x0d, 0x18, 0x12, 0x47, 0xcb, 0xb1, 0x57, 0x03, 0x89, 0x46, + 0xaf, 0xa1, 0xc1, 0xc8, 0xcd, 0x08, 0x7b, 0xd8, 0x8e, 0x49, 0xa8, 0xdc, 0xd6, 0x0a, 0x5b, 0xb5, + 0x9d, 0xbb, 0xc9, 0x4b, 0x18, 0xf0, 0x54, 0x68, 0x8d, 0x75, 0x2f, 0xfb, 0x88, 0x30, 0x94, 0xed, + 0x10, 0x5b, 0x31, 0x76, 0x94, 0x0a, 0xb3, 0xeb, 0x6c, 0xf3, 0xe3, 0xb8, 0x2d, 0x8f, 0xe3, 0xf6, + 0x48, 0x1e, 0xc7, 0xfd, 0x67, 0xf3, 0x99, 0xfa, 0x4b, 0x39, 0xa8, 0x2e, 0x37, 0xcb, 0xfb, 0xb6, + 0x96, 0xf7, 0x48, 0xc9, 0x8d, 0xba, 0x00, 0xb6, 0x37, 0x8d, 0x62, 0x1c, 0x52, 0x27, 0xa9, 0x32, + 0x27, 0xf9, 0x6c, 0x3e, 0x53, 0xb5, 0x84, 0x8d, 0x6b, 0x97, 0x0f, 0x4b, 0x55, 0xd8, 0xf5, 0x1d, + 0xf4, 0x1a, 0xea, 0x92, 0x84, 0x9d, 0x1d, 0x60, 0x34, 0x9d, 0xf9, 0x4c, 0xbd, 0xbb, 0x40, 0x23, + 0xd7, 0xa9, 0x26, 0xf0, 0xd4, 0x05, 0xd1, 0x0e, 0x40, 0x12, 0x40, 0x22, 0xa5, 0xc6, 0xb6, 0x02, + 0x25, 0xab, 0xd4, 0x95, 0x2a, 0x23, 0x83, 0x42, 0x26, 0xd4, 0x2c, 0xdf, 0x27, 0xb1, 0x15, 0xbb, + 0xc4, 0x8f, 0x94, 0x06, 0x33, 0xfa, 0xec, 0xba, 0xfd, 0xdb, 0x4b, 0x61, 0x7c, 0x07, 0x3f, 0x99, + 0xcf, 0xd4, 0x0d, 0x39, 0xae, 0x54, 0xab, 0x1b, 0x59, 0x46, 0x74, 0x08, 0x95, 0x20, 0x74, 0x49, + 0xe8, 0xc6, 0x57, 0x4a, 0x93, 0x79, 0xe9, 0x93, 0xf9, 0x4c, 0xfd, 0x3c, 0xd9, 0x79, 0xa1, 0xbb, + 0x61, 0x7d, 0x13, 0x5b, 0xd4, 0x81, 0x8a, 0xeb, 0x5b, 0x76, 0xec, 0x5e, 0x62, 0xa5, 0x45, 0xcf, + 0x8e, 0x91, 0x3c, 0xa3, 0x23, 0x40, 0x2c, 0x04, 0x9a, 0xc1, 0xd4, 0xa3, 0x7e, 0x62, 0x87, 0x38, + 0x8e, 0x94, 0xb6, 0x56, 0xdc, 0xaa, 0xee, 0x3f, 0x9c, 0xcf, 0xd4, 0x8e, 0x7c, 0x5b, 0x9f, 0xa2, + 0xb4, 0xe1, 0xd4, 0xf3, 0xb4, 0x53, 0x86, 0xd2, 0x8d, 0x16, 0xb3, 0xa4, 0x22, 0x2e, 0x89, 0x50, + 0x0f, 0x9a, 0x11, 0x0e, 0x2f, 0x5d, 0x1b, 0x9b, 0x96, 0x6d, 0x93, 0xa9, 0x1f, 0x2b, 0x68, 0x39, + 0x66, 0x9c, 0x72, 0x88, 0xb6, 0xc7, 0x21, 0xba, 0xd1, 0x10, 0x46, 0x42, 0x80, 0xfe, 0xb6, 0x00, + 0xda, 0x02, 0x8f, 0x19, 0xe0, 0x70, 0xe2, 0x46, 0x91, 0x4b, 0x7c, 0xd3, 0xc3, 0x97, 0xd8, 0x53, + 0x36, 0xb5, 0xc2, 0x56, 0x63, 0x47, 0x49, 0xd6, 0x7b, 0x98, 0x00, 0x8e, 0xa8, 0x7e, 0xff, 0xc5, + 0x7c, 0xa6, 0x3e, 0xbb, 0xe1, 0x95, 0x5a, 0x0a, 0xd6, 0x18, 0x5a, 0x3a, 0xc5, 0x83, 0xfc, 0x48, + 0x16, 0x38, 0x51, 0x04, 0xaa, 0x35, 0x8d, 0xc9, 0x84, 0x8d, 0x68, 0x71, 0x84, 0x31, 0x79, 0x8f, + 0x7d, 0xe5, 0x1e, 0x0b, 0x4e, 0x4f, 0xe7, 0x33, 0x75, 0x4b, 0x86, 0x93, 0x3d, 0x69, 0xa2, 0x2d, + 0x0e, 0x63, 0x44, 0x4d, 0x74, 0x63, 0x33, 0x21, 0x3d, 0xcd, 0xbd, 0x9e, 0xa9, 0x69, 0x18, 0xbd, + 0x20, 0x51, 0x6c, 0xfa, 0x38, 0xfe, 0x0b, 0x12, 0xbe, 0x57, 0xee, 0xb0, 0x37, 0xb0, 0x30, 0x2a, + 0xdf, 0xf0, 0x2d, 0x89, 0x62, 0x6d, 0xc0, 0xf5, 0xba, 0x51, 0xa3, 0x70, 0xf1, 0x84, 0x9e, 0x43, + 0x85, 0x59, 0x07, 0xae, 0xa3, 0xa8, 0xcc, 0x32, 0x17, 0xea, 0x98, 0xe5, 0x90, 0x06, 0xdf, 0x32, + 0x85, 0x0d, 0x5d, 0x27, 0xb1, 0x70, 0x03, 0x5b, 0xd1, 0x6e, 0xb0, 0xe8, 0x0f, 0xbb, 0xc2, 0xa2, + 0x1f, 0xd8, 0xe8, 0xd7, 0xb0, 0x2e, 0x92, 0xae, 0x69, 0x7b, 0x56, 0x14, 0x29, 0x7a, 0x7a, 0xfa, + 0x92, 0x98, 0xca, 0x01, 0x5a, 0x97, 0x02, 0x74, 0xa3, 0x2e, 0x0c, 0xd8, 0x23, 0xea, 0x41, 0x2d, + 0x26, 0x1e, 0x0e, 0xc5, 0x51, 0xba, 0xcb, 0x8e, 0xd2, 0x46, 0xb2, 0xb5, 0xa3, 0x44, 0xb7, 0xdf, + 0x98, 0xcf, 0x54, 0x90, 0xbb, 0xfa, 0xa5, 0x6e, 0x64, 0xed, 0xd0, 0x6b, 0x58, 0x0d, 0x48, 0x18, + 0x47, 0x8a, 0xb2, 0x40, 0x30, 0x24, 0x61, 0xdc, 0x25, 0xfe, 0x3b, 0x77, 0xbc, 0x8f, 0xe6, 0x33, + 0xb5, 0x21, 0x07, 0x45, 0xe5, 0x91, 0x6e, 0x70, 0x2b, 0x34, 0x80, 0x66, 0x14, 0x5b, 0x31, 0x36, + 0x93, 0x22, 0x43, 0xb9, 0xcf, 0x8e, 0xdd, 0xe3, 0xf9, 0x4c, 0x7d, 0x94, 0x3b, 0x5d, 0x5a, 0x84, + 0xfd, 0x88, 0x84, 0xf9, 0x13, 0xd7, 0x60, 0xd6, 0x49, 0x48, 0x44, 0x03, 0x80, 0xd0, 0x8d, 0xde, + 0x9b, 0x91, 0x4d, 0x42, 0xac, 0x3c, 0xd0, 0x0a, 0x5b, 0x2b, 0xf9, 0x30, 0x69, 0xb8, 0xd1, 0x7b, + 0xed, 0xd4, 0xce, 0xc6, 0x48, 0x39, 0xb2, 0xa7, 0x92, 0xb4, 0x4a, 0x29, 0x18, 0x06, 0xed, 0x41, + 0x3d, 0x08, 0x89, 0x8d, 0xa3, 0xc8, 0x8c, 0xad, 0x71, 0xa4, 0x3c, 0x5c, 0x3e, 0xa5, 0x43, 0xae, + 0xd7, 0x46, 0xd6, 0x38, 0x89, 0x73, 0xc2, 0x66, 0x64, 0x8d, 0xa3, 0xce, 0x1f, 0x42, 0x2d, 0x93, + 0x49, 0x50, 0x0b, 0x8a, 0xef, 0xf1, 0x15, 0xaf, 0x51, 0x0c, 0xfa, 0x13, 0xdd, 0x86, 0xd5, 0x4b, + 0xcb, 0x9b, 0x8a, 0xe2, 0xc3, 0xe0, 0x0f, 0xbb, 0x2b, 0x5f, 0x17, 0x3a, 0xaf, 0xa0, 0x91, 0xcf, + 0x43, 0x3f, 0xcb, 0xfa, 0x1b, 0x68, 0x2d, 0x46, 0xc1, 0x9f, 0x63, 0xff, 0xa6, 0x54, 0x29, 0xb6, + 0x4a, 0x6f, 0x4a, 0x95, 0x7a, 0x6b, 0x5d, 0xff, 0x87, 0x02, 0x34, 0x92, 0x90, 0xcc, 0xe2, 0x12, + 0x7a, 0xc1, 0x6a, 0x2d, 0x5e, 0xd6, 0xe4, 0x0a, 0x03, 0x1e, 0xb6, 0x4e, 0x2f, 0xac, 0x6b, 0xea, + 0xac, 0xcf, 0x45, 0x9d, 0x55, 0x60, 0xc9, 0x2d, 0x0d, 0xf7, 0xcc, 0x86, 0xa6, 0x05, 0x51, 0x5c, + 0x3d, 0x82, 0xba, 0x4f, 0x62, 0x16, 0x21, 0xad, 0x73, 0x8f, 0xe7, 0x96, 0x8a, 0x51, 0xf3, 0x49, + 0x3c, 0x14, 0x22, 0xb4, 0x99, 0x2d, 0x93, 0x6a, 0x6c, 0xf0, 0xa9, 0x60, 0xb7, 0xf4, 0xfb, 0xbf, + 0x53, 0x6f, 0xe9, 0xff, 0x5a, 0x82, 0x6a, 0x32, 0x6c, 0xd4, 0x48, 0xab, 0x43, 0x36, 0x98, 0xe7, + 0xb0, 0x66, 0x33, 0x0f, 0x65, 0x73, 0xaf, 0x65, 0x02, 0x5b, 0x62, 0xc3, 0x3d, 0xd8, 0x10, 0x38, + 0xf4, 0x25, 0xac, 0xb2, 0x00, 0xac, 0x14, 0x99, 0xc1, 0x27, 0xcb, 0x06, 0x6c, 0x22, 0x06, 0x47, + 0xa1, 0x2e, 0xb4, 0x22, 0x6c, 0x4f, 0x69, 0x46, 0x30, 0x69, 0x16, 0xc3, 0x1f, 0x62, 0xb6, 0x60, + 0xd9, 0x57, 0x9d, 0x0a, 0x40, 0x97, 0xeb, 0x8d, 0x66, 0x94, 0x17, 0xa0, 0x5f, 0x40, 0xf9, 0x92, + 0x78, 0xd3, 0x09, 0x8e, 0x94, 0x55, 0x76, 0xc6, 0x9a, 0x89, 0xed, 0xf7, 0x4c, 0x6e, 0x48, 0x3d, + 0x7a, 0x23, 0x0f, 0xe3, 0xda, 0xcd, 0x87, 0x51, 0x9d, 0xcf, 0xd4, 0xfb, 0x8b, 0x2e, 0xaf, 0x65, + 0x8e, 0xb7, 0x38, 0x99, 0x5f, 0x41, 0x59, 0xa6, 0x26, 0x5e, 0x7d, 0xa5, 0x93, 0xed, 0x4d, 0xce, + 0xb1, 0xe3, 0x60, 0x87, 0xa7, 0x20, 0x43, 0xe2, 0xd0, 0x73, 0xa8, 0x86, 0x38, 0x22, 0xd3, 0xd0, + 0xc6, 0x91, 0x28, 0x5f, 0xd2, 0x1d, 0x36, 0xa4, 0xc6, 0x48, 0x41, 0xe8, 0x99, 0x70, 0x07, 0x5e, + 0x3a, 0xdc, 0x9f, 0xcf, 0xd4, 0x4f, 0xe4, 0xd0, 0x92, 0x15, 0xd5, 0xa8, 0x5b, 0xc8, 0xa2, 0x9b, + 0x96, 0x57, 0xee, 0x25, 0xf6, 0xe9, 0x81, 0x0c, 0x42, 0x72, 0xce, 0x77, 0x3e, 0x57, 0x5e, 0x09, + 0xf5, 0x90, 0x6a, 0x8d, 0x75, 0x2f, 0xfb, 0x88, 0xfe, 0x08, 0x9a, 0x21, 0xb6, 0x1c, 0x37, 0x63, + 0x5f, 0x5f, 0xd8, 0x49, 0x43, 0xea, 0x39, 0x41, 0x23, 0xcc, 0x3d, 0xbf, 0x29, 0x55, 0xaa, 0x2d, + 0xd0, 0xff, 0x79, 0x05, 0xaa, 0xc9, 0x84, 0xd0, 0x10, 0xda, 0x76, 0x30, 0x35, 0x69, 0xc0, 0x88, + 0xcc, 0x10, 0xff, 0xf9, 0x14, 0x47, 0x31, 0x73, 0xb3, 0x95, 0x85, 0xa2, 0x6a, 0x78, 0xa6, 0x75, + 0x29, 0x48, 0x33, 0x38, 0x48, 0xc6, 0x8b, 0xa6, 0x1d, 0x4c, 0x99, 0x42, 0xc8, 0xd1, 0x1b, 0x68, + 0xa6, 0x8c, 0x9e, 0x3b, 0x71, 0x63, 0xe6, 0xa2, 0x2b, 0xfb, 0xfa, 0x7c, 0xa6, 0x3e, 0x5c, 0xe6, + 0x3b, 0xa2, 0x10, 0xc9, 0xb6, 0x2e, 0xd9, 0x98, 0x14, 0x19, 0xd0, 0x9e, 0xe0, 0x09, 0x09, 0xaf, + 0xcc, 0xc9, 0x79, 0x32, 0xba, 0x22, 0x63, 0xfb, 0x7c, 0x3e, 0x53, 0x75, 0xc9, 0x76, 0xcc, 0x40, + 0x72, 0x68, 0xda, 0xd6, 0xf1, 0xfe, 0x2f, 0x92, 0xf1, 0x71, 0x82, 0xe3, 0x73, 0x39, 0xbe, 0x23, + 0x68, 0xa6, 0x9c, 0x7c, 0x7c, 0xa5, 0xe5, 0xf9, 0x0a, 0x46, 0x36, 0x8c, 0x1c, 0xdf, 0xba, 0xe4, + 0x63, 0x2a, 0xfd, 0xbf, 0x8a, 0xb0, 0xc6, 0x5d, 0x19, 0xed, 0x64, 0xe2, 0xc3, 0x42, 0x9c, 0xe5, + 0x08, 0xe6, 0x0d, 0xf9, 0x46, 0xec, 0x6b, 0x58, 0xe3, 0x3b, 0x21, 0xba, 0x37, 0x6d, 0x3e, 0x53, + 0x37, 0x17, 0xac, 0x4e, 0x19, 0x20, 0xe9, 0x06, 0x38, 0x1e, 0xfd, 0x06, 0x6a, 0x0e, 0x8e, 0x62, + 0xd7, 0x67, 0x21, 0x92, 0x2d, 0x4a, 0x95, 0x67, 0x9e, 0x05, 0xf3, 0x83, 0x14, 0x95, 0xc4, 0xf8, + 0x8c, 0x25, 0xfa, 0x35, 0xf5, 0x7c, 0xcb, 0x31, 0x89, 0xef, 0x5d, 0xb1, 0x95, 0xa8, 0xe4, 0x77, + 0x4a, 0xd0, 0x50, 0xdf, 0x3a, 0xf1, 0xbd, 0x2b, 0xc9, 0x51, 0x09, 0x85, 0x80, 0xce, 0x9b, 0x75, + 0x89, 0xab, 0x37, 0xce, 0x9b, 0x76, 0x88, 0xc9, 0xbc, 0x59, 0x9f, 0x38, 0x81, 0x36, 0xaf, 0x8a, + 0x82, 0x90, 0x04, 0xd6, 0x98, 0xcf, 0x61, 0x8d, 0x95, 0x68, 0xda, 0x42, 0x88, 0xd8, 0x3e, 0x66, + 0xa5, 0x55, 0x8a, 0xe3, 0xaf, 0x90, 0x67, 0xed, 0x98, 0x17, 0x68, 0xa9, 0x5a, 0x37, 0x5a, 0x93, + 0x05, 0x0b, 0xfd, 0x10, 0x5a, 0x8b, 0x2c, 0xa8, 0x02, 0xa5, 0xc1, 0xc9, 0xa0, 0xd7, 0xba, 0x85, + 0xee, 0x40, 0xfb, 0xdb, 0x93, 0xd3, 0x91, 0x39, 0x3a, 0x31, 0xbb, 0x27, 0x83, 0xd1, 0x5e, 0x7f, + 0xd0, 0x33, 0x5a, 0x05, 0xd4, 0x86, 0xf5, 0xfd, 0xfe, 0x41, 0xdf, 0xe8, 0x75, 0x47, 0xfd, 0x93, + 0xc1, 0xde, 0x51, 0x6b, 0x45, 0x1f, 0xc0, 0x7a, 0xee, 0x8c, 0xa2, 0xd7, 0x50, 0x76, 0xf0, 0x3b, + 0xd7, 0xc7, 0x3c, 0x36, 0x8b, 0x36, 0x53, 0x8e, 0x4d, 0x62, 0x35, 0x06, 0xd6, 0x0e, 0x38, 0x52, + 0x37, 0xa4, 0x8d, 0x3e, 0x84, 0x46, 0xfe, 0xcc, 0xa2, 0x6f, 0x16, 0x09, 0x99, 0x57, 0xa6, 0x9d, + 0xa6, 0x00, 0xdf, 0xc8, 0xf8, 0x6f, 0x25, 0x28, 0x0e, 0x89, 0x83, 0x9e, 0x64, 0x6e, 0x13, 0x72, + 0x6d, 0x0d, 0x6d, 0x00, 0xfb, 0x07, 0xb9, 0xc4, 0xf6, 0x3c, 0x77, 0x81, 0xb0, 0xd4, 0x2e, 0x32, + 0xaf, 0x95, 0x78, 0xee, 0xb6, 0x87, 0xb0, 0x9e, 0x5e, 0xc2, 0xd0, 0x36, 0x8c, 0xbb, 0xdf, 0xa3, + 0xf9, 0x4c, 0x7d, 0x70, 0xfd, 0xb5, 0x85, 0xb4, 0xaf, 0xa7, 0x76, 0x7d, 0x27, 0x7f, 0x5d, 0x50, + 0xfa, 0x79, 0xd7, 0x05, 0xf9, 0x3e, 0x70, 0xf5, 0xff, 0xd7, 0x07, 0xee, 0xf1, 0x98, 0x6c, 0xba, + 0x7e, 0x14, 0x5b, 0x3e, 0x8d, 0xfd, 0x3c, 0xfd, 0x74, 0xae, 0xc9, 0x8e, 0x02, 0xc2, 0xe3, 0xb2, + 0x7c, 0x8a, 0x10, 0x86, 0xdb, 0x31, 0xad, 0xfb, 0x7d, 0xda, 0x9d, 0x66, 0x88, 0xca, 0x0b, 0x0d, + 0xfa, 0x90, 0x38, 0xcb, 0x64, 0x47, 0x6e, 0x14, 0x2f, 0x15, 0xa9, 0x1b, 0x29, 0x5f, 0xfa, 0x9a, + 0x97, 0x50, 0x8e, 0x62, 0x2b, 0xfc, 0xa8, 0xee, 0xda, 0x90, 0xd0, 0xce, 0x77, 0x70, 0xe7, 0xda, + 0x77, 0xa2, 0xaf, 0xa1, 0x9a, 0x0e, 0xb5, 0xf0, 0x93, 0x73, 0x4e, 0xc1, 0xfa, 0xbf, 0x14, 0xa1, + 0xbd, 0x04, 0x40, 0xaf, 0xa1, 0x26, 0x21, 0xa6, 0x70, 0xbc, 0xda, 0xce, 0xe6, 0xcd, 0x8c, 0xfd, + 0x03, 0x03, 0xa4, 0x41, 0x9f, 0xba, 0x6b, 0x5b, 0xb4, 0xca, 0xae, 0x3f, 0x36, 0x03, 0xe2, 0x50, + 0x12, 0x5e, 0xd5, 0x35, 0x53, 0xc5, 0x90, 0x38, 0x7d, 0x07, 0x3d, 0x86, 0x46, 0x7a, 0x7b, 0xc7, + 0x1c, 0x77, 0x8d, 0x01, 0xd7, 0x13, 0x29, 0xeb, 0xd1, 0x3f, 0x85, 0x54, 0x60, 0xba, 0x41, 0xa4, + 0x14, 0x69, 0xfd, 0x6b, 0xd4, 0x13, 0x61, 0x3f, 0xc8, 0xad, 0x6a, 0xe9, 0xa3, 0x57, 0x15, 0x1d, + 0x43, 0x9d, 0x77, 0xc1, 0x8e, 0x3b, 0xa6, 0x19, 0x89, 0x3b, 0x5f, 0xae, 0xdb, 0x4e, 0x4b, 0x00, + 0x5e, 0x52, 0x1e, 0x30, 0x64, 0xe2, 0x82, 0x35, 0x66, 0xcf, 0x85, 0xe8, 0x0f, 0xa0, 0xf2, 0xce, + 0xf5, 0xdd, 0xe8, 0x02, 0x3b, 0x4a, 0xf9, 0x27, 0x47, 0x91, 0x60, 0xd1, 0x7d, 0xa8, 0xe2, 0x0f, + 0x6e, 0x6c, 0xda, 0xc4, 0xc1, 0xcc, 0x29, 0x56, 0x8d, 0x0a, 0x15, 0x74, 0x89, 0x83, 0xd1, 0x97, + 0x80, 0xa4, 0x1b, 0xd1, 0x26, 0x38, 0xc4, 0x56, 0x44, 0x7c, 0x7e, 0x5d, 0x62, 0xb4, 0x33, 0x1a, + 0x83, 0x29, 0xf4, 0xbf, 0x2c, 0xc0, 0xc6, 0x35, 0x9b, 0x84, 0x0e, 0x93, 0x8d, 0x49, 0xaf, 0x4a, + 0xd9, 0xee, 0x36, 0x76, 0xee, 0x5d, 0x73, 0xe1, 0xc1, 0x01, 0x46, 0xcb, 0x5e, 0x90, 0x88, 0xfa, + 0x75, 0x25, 0xa9, 0x5f, 0x11, 0x94, 0x7c, 0x3a, 0x6c, 0x16, 0x38, 0x0c, 0xf6, 0x5b, 0x1f, 0x43, + 0x23, 0x5f, 0x9e, 0xa1, 0x2f, 0x72, 0x29, 0x75, 0x63, 0x3e, 0x53, 0x9b, 0x69, 0x8b, 0xce, 0x6f, + 0x15, 0x78, 0x40, 0x7a, 0x0a, 0xa5, 0xc0, 0x8a, 0x2f, 0x44, 0x08, 0xcb, 0xdd, 0xa5, 0x71, 0xa0, + 0x36, 0xb4, 0xe2, 0x0b, 0xdd, 0x60, 0x28, 0xfd, 0x6f, 0x2a, 0x00, 0x69, 0x59, 0xc9, 0xc6, 0x92, + 0xbc, 0x45, 0x10, 0x7e, 0x93, 0x75, 0x32, 0x5a, 0x55, 0x32, 0xea, 0xd5, 0xfc, 0x55, 0x0c, 0xe5, + 0x48, 0x2b, 0x17, 0x09, 0xa7, 0x52, 0xf4, 0x0a, 0x2a, 0x6c, 0xef, 0x6c, 0xe2, 0x89, 0xe0, 0x98, + 0x4b, 0xed, 0x14, 0x43, 0x63, 0x38, 0x03, 0x24, 0x29, 0x55, 0x5a, 0x20, 0x07, 0x2a, 0xf8, 0x43, + 0x40, 0xa2, 0x69, 0xc8, 0xc3, 0x62, 0x63, 0xe7, 0xd1, 0x35, 0xf5, 0xf0, 0x76, 0x4f, 0x60, 0xf8, + 0x0d, 0x46, 0x2e, 0xf9, 0x1f, 0x5b, 0x1f, 0x34, 0xa9, 0xce, 0xdf, 0x59, 0x24, 0xcc, 0xe8, 0x31, + 0xd4, 0xd9, 0x6f, 0xec, 0xf0, 0x19, 0xae, 0xb2, 0x19, 0xae, 0x28, 0x05, 0xa3, 0x26, 0xe4, 0x6c, + 0x2a, 0x0e, 0x34, 0xa4, 0x89, 0xe9, 0xfa, 0xef, 0x88, 0x8c, 0x91, 0xda, 0xff, 0x35, 0xa4, 0xbe, + 0xff, 0x8e, 0xe4, 0x8b, 0xe2, 0x64, 0x34, 0x54, 0x15, 0xe9, 0xc6, 0x3a, 0xce, 0x40, 0xa3, 0xce, + 0xdf, 0x97, 0xa0, 0x9e, 0x35, 0x46, 0x3f, 0xc0, 0x2a, 0xbf, 0xb9, 0x29, 0x7c, 0xec, 0x02, 0xe4, + 0xd2, 0xcf, 0xf5, 0x93, 0xe7, 0x94, 0xe8, 0x10, 0xea, 0xf2, 0x3a, 0x26, 0x93, 0xf9, 0x72, 0x9d, + 0x20, 0xb3, 0x77, 0xfd, 0xb1, 0xbc, 0x84, 0x49, 0x6a, 0x27, 0x61, 0xc8, 0x62, 0xcc, 0x03, 0x00, + 0xc9, 0x23, 0x93, 0xa0, 0x51, 0x15, 0x92, 0xbe, 0x83, 0x9e, 0x02, 0x92, 0xea, 0x24, 0x55, 0x05, + 0x3c, 0xcf, 0x19, 0x2d, 0xa1, 0x11, 0x59, 0xaa, 0x1f, 0xa0, 0xb7, 0xe9, 0xa0, 0x32, 0xdb, 0xb1, + 0x35, 0x9f, 0xa9, 0x9f, 0xdd, 0x34, 0x28, 0x2d, 0xeb, 0x81, 0x72, 0x64, 0x6c, 0xd3, 0xf6, 0xa0, + 0x4a, 0xcf, 0x14, 0x67, 0x5a, 0x63, 0x4c, 0xb9, 0xe4, 0xd8, 0xe3, 0x1b, 0xac, 0x0d, 0x88, 0x93, + 0x67, 0xa9, 0x50, 0x33, 0x41, 0x51, 0xc7, 0x1f, 0x62, 0x1c, 0xfa, 0x96, 0xc7, 0xe2, 0x67, 0x79, + 0xf9, 0xfe, 0xa0, 0x27, 0xf4, 0x5a, 0x7f, 0x98, 0x8c, 0x42, 0xda, 0xd0, 0xf0, 0x7a, 0x0a, 0x28, + 0xa1, 0xb8, 0x20, 0x51, 0xcc, 0xb2, 0xb7, 0x52, 0x61, 0x44, 0x0b, 0xc3, 0x11, 0x44, 0xdf, 0x0a, + 0x94, 0xa4, 0x6b, 0x4b, 0x7b, 0xa9, 0x88, 0xf4, 0x33, 0x58, 0xcf, 0xed, 0x3b, 0xaa, 0xc2, 0xea, + 0xd9, 0xe0, 0xb4, 0x37, 0x6a, 0xdd, 0x42, 0x75, 0xa8, 0xf4, 0xfe, 0x78, 0xd4, 0x33, 0x68, 0xb9, + 0x56, 0xe0, 0x25, 0xde, 0x41, 0xaf, 0xb5, 0x42, 0xe5, 0xfd, 0x81, 0x90, 0x17, 0xa9, 0x9c, 0x16, + 0x7c, 0xad, 0x12, 0x35, 0x35, 0x4e, 0xce, 0x46, 0xbd, 0xd6, 0xaa, 0xfe, 0xbb, 0x55, 0x68, 0x2e, + 0xf4, 0xce, 0xe8, 0x15, 0x14, 0xb1, 0x7f, 0x29, 0xf2, 0xe3, 0x93, 0x9b, 0x5a, 0xec, 0xed, 0x9e, + 0x7f, 0xe9, 0x86, 0xc4, 0xa7, 0x45, 0x8d, 0x68, 0xba, 0xa9, 0x19, 0x52, 0xa0, 0x6c, 0x93, 0xc9, + 0xc4, 0xf2, 0x69, 0xe0, 0xa3, 0xb9, 0x47, 0x3e, 0xd2, 0x88, 0x63, 0x85, 0x63, 0x99, 0x92, 0xd8, + 0x6f, 0xb4, 0x09, 0x55, 0xc7, 0x0d, 0xd9, 0x55, 0xfa, 0x95, 0xf0, 0x91, 0x54, 0x40, 0x2d, 0xa6, + 0x11, 0x0e, 0x79, 0xaa, 0x31, 0xd8, 0x6f, 0xd4, 0x82, 0xe2, 0xd4, 0x75, 0xf8, 0x17, 0x09, 0x83, + 0xfe, 0x44, 0x7d, 0x68, 0x5b, 0x41, 0x60, 0x5a, 0xe1, 0x84, 0x84, 0xb4, 0xb4, 0x7e, 0xe7, 0x7a, + 0x98, 0xa5, 0x14, 0xf1, 0x5d, 0x28, 0xb9, 0x62, 0x0c, 0x82, 0x3d, 0x8a, 0xa1, 0x21, 0x88, 0x62, + 0x74, 0xa3, 0x69, 0x09, 0x91, 0x90, 0x74, 0xfe, 0xaa, 0x08, 0xed, 0xa5, 0x79, 0xa1, 0x97, 0x99, + 0x3b, 0x98, 0x7c, 0x9b, 0x90, 0xc1, 0x6a, 0x6f, 0x71, 0xd2, 0x26, 0xb0, 0x7b, 0x9a, 0xdd, 0xdc, + 0x3d, 0xcd, 0xc2, 0xce, 0x67, 0xec, 0xbe, 0xa7, 0xa0, 0xe4, 0xa8, 0x32, 0x13, 0xf4, 0xd7, 0x05, + 0x68, 0x60, 0xff, 0xd2, 0xbc, 0xb4, 0x42, 0x53, 0xb4, 0x4a, 0x45, 0x16, 0x10, 0x7e, 0xf5, 0xf1, + 0xdb, 0x41, 0x25, 0xdf, 0x5b, 0x21, 0x6f, 0xa4, 0xf6, 0xb7, 0xe7, 0x33, 0xf5, 0xc9, 0xf5, 0xaf, + 0x0f, 0x5d, 0xeb, 0xdc, 0x5b, 0xec, 0xb8, 0xea, 0x38, 0x63, 0xad, 0x87, 0x50, 0xcf, 0xb2, 0x65, + 0x9d, 0xaf, 0x0c, 0x45, 0x63, 0xef, 0xb7, 0xad, 0x02, 0x6a, 0x00, 0x9c, 0xf6, 0xba, 0x46, 0x6f, + 0x64, 0xbe, 0xed, 0xfd, 0x49, 0x6b, 0x05, 0x21, 0x68, 0x74, 0x4f, 0x06, 0x87, 0xfd, 0xdf, 0x98, + 0xc7, 0x7b, 0x43, 0x26, 0x2b, 0x52, 0xbb, 0xc3, 0x7e, 0xef, 0xe8, 0xa0, 0x55, 0xa2, 0x6a, 0xa3, + 0x77, 0x7a, 0x72, 0x66, 0x74, 0x7b, 0x26, 0x97, 0xad, 0xa2, 0x1a, 0x94, 0xcf, 0x06, 0x6f, 0x07, + 0x27, 0xbf, 0x1d, 0xb4, 0xd6, 0xf4, 0x7f, 0x5c, 0x83, 0xe6, 0xc2, 0x5d, 0x0b, 0x7a, 0x0d, 0x10, + 0x84, 0xee, 0xa5, 0xeb, 0xe1, 0x71, 0xd2, 0x2b, 0xe4, 0xbe, 0xfd, 0x0d, 0x13, 0xad, 0x9c, 0x48, + 0xc6, 0x00, 0xed, 0x42, 0x39, 0xc2, 0x9e, 0xeb, 0x4f, 0x3f, 0x88, 0x0b, 0x24, 0xed, 0xa6, 0x5b, + 0x9d, 0xed, 0xd3, 0xde, 0x11, 0xc5, 0x19, 0xd2, 0x00, 0x7d, 0x07, 0x6d, 0x27, 0x24, 0x81, 0x69, + 0x5b, 0x81, 0x75, 0xee, 0x7a, 0x6e, 0xec, 0x62, 0xe1, 0xca, 0xf9, 0xad, 0x3d, 0x08, 0x49, 0xa0, + 0x75, 0x33, 0x20, 0x39, 0x90, 0x16, 0x35, 0xcf, 0x2a, 0xd0, 0x00, 0x5a, 0x96, 0xe3, 0xe4, 0x19, + 0x4b, 0x8c, 0x31, 0x17, 0x94, 0xf7, 0x1c, 0xe7, 0x5a, 0xc2, 0xa6, 0xe5, 0x38, 0x39, 0xbe, 0x31, + 0xdc, 0x4b, 0x9a, 0x5a, 0x33, 0x24, 0x24, 0x36, 0xa9, 0x53, 0x47, 0x57, 0x51, 0x8c, 0x27, 0xec, + 0x0c, 0x89, 0x3b, 0xf7, 0xe4, 0x6a, 0x15, 0x5b, 0x8e, 0x46, 0xbb, 0x59, 0xcd, 0x20, 0x24, 0xd6, + 0x0e, 0x13, 0xb0, 0x7c, 0xc3, 0x5d, 0xd9, 0xee, 0x52, 0x7d, 0xaa, 0x46, 0x43, 0x68, 0x46, 0xd8, + 0xb6, 0xc9, 0x24, 0x48, 0xce, 0xdb, 0x1a, 0x5b, 0xcf, 0x2f, 0x6e, 0x5e, 0x4f, 0x8e, 0x17, 0x07, + 0xcd, 0x68, 0x44, 0xb9, 0xe7, 0xce, 0x9f, 0x42, 0x59, 0xac, 0x78, 0x72, 0xe8, 0x0b, 0x99, 0x43, + 0x8f, 0xa0, 0x14, 0x12, 0x4f, 0x5e, 0x79, 0xb2, 0xdf, 0x54, 0xc6, 0x3a, 0x70, 0x51, 0x4c, 0xb1, + 0x0e, 0xfb, 0xb6, 0x4c, 0x9f, 0x3c, 0x94, 0xf0, 0x87, 0xce, 0x7f, 0x17, 0xa0, 0x91, 0x7f, 0x3f, + 0xfa, 0x33, 0x61, 0xcc, 0xd3, 0xec, 0x8b, 0x8f, 0x1c, 0xf6, 0xb6, 0xf8, 0x4b, 0x5b, 0x7b, 0x9e, + 0x78, 0x65, 0x6c, 0x11, 0x38, 0x19, 0x5a, 0x72, 0x9f, 0x87, 0x7f, 0x09, 0x6d, 0x8f, 0xd8, 0x96, + 0xc7, 0x3f, 0x31, 0x88, 0xf5, 0xe2, 0x33, 0x69, 0x25, 0x0a, 0x19, 0x93, 0xf6, 0xa0, 0x96, 0x79, + 0x09, 0x3d, 0x54, 0x67, 0x03, 0x76, 0x8c, 0x06, 0xbd, 0x83, 0xd6, 0x2d, 0xb4, 0x01, 0x4d, 0xe3, + 0x6c, 0x30, 0xea, 0x1f, 0xf7, 0xcc, 0x83, 0xde, 0xe1, 0xde, 0xd9, 0xd1, 0xa8, 0x55, 0x40, 0xeb, + 0x50, 0x3d, 0x3a, 0xe9, 0xee, 0x1d, 0xb1, 0xf0, 0xbe, 0xa2, 0xff, 0x4f, 0x01, 0x1a, 0xb4, 0xdd, + 0xc9, 0x7c, 0x66, 0x5f, 0xbc, 0x48, 0x45, 0xe2, 0x53, 0x38, 0xad, 0x9f, 0x4b, 0xe2, 0xbb, 0x37, + 0xca, 0x36, 0xc4, 0xa2, 0x20, 0xa4, 0xc1, 0x9c, 0xa7, 0x6a, 0xb1, 0xcc, 0xf2, 0x91, 0x16, 0x01, + 0x99, 0x46, 0x54, 0x44, 0xee, 0xb4, 0xc5, 0xdc, 0x5c, 0xfa, 0x24, 0x9e, 0xed, 0x62, 0x5f, 0xa6, + 0x1f, 0x4d, 0xd7, 0x7e, 0xba, 0x01, 0x91, 0xdf, 0x40, 0x3b, 0x99, 0x4f, 0x7d, 0x65, 0x16, 0xfe, + 0x93, 0xe7, 0xfd, 0x97, 0xff, 0xf4, 0xe3, 0xc3, 0xc2, 0xef, 0x7f, 0x7c, 0x58, 0xf8, 0xf7, 0x1f, + 0x1f, 0x16, 0x7e, 0xf7, 0x1f, 0x0f, 0x6f, 0xc1, 0x3d, 0x97, 0x6c, 0x47, 0xb1, 0x65, 0xbf, 0x0f, + 0xc9, 0x07, 0x4e, 0x2b, 0x37, 0xf9, 0x07, 0xf9, 0x9f, 0x13, 0xe7, 0x6b, 0x4c, 0xfe, 0xe2, 0x7f, + 0x03, 0x00, 0x00, 0xff, 0xff, 0xa8, 0xea, 0xcc, 0x8b, 0x65, 0x21, 0x00, 0x00, } func (m *Deployment) Marshal() (dAtA []byte, err error) { From a4bcc196b3f2ff25f8c2ea2f42e15028d1377200 Mon Sep 17 00:00:00 2001 From: RTann Date: Tue, 1 Feb 2022 13:41:05 -0800 Subject: [PATCH 031/103] minor updates --- sensor/common/scannerclient/grpc_client.go | 20 +++++++++++++------- sensor/common/scannerclient/scan.go | 13 +++++++------ sensor/common/scannerclient/types.go | 11 +++++++++++ 3 files changed, 31 insertions(+), 13 deletions(-) create mode 100644 sensor/common/scannerclient/types.go diff --git a/sensor/common/scannerclient/grpc_client.go b/sensor/common/scannerclient/grpc_client.go index cb25e731b680b..1b3bf4ab98f64 100644 --- a/sensor/common/scannerclient/grpc_client.go +++ b/sensor/common/scannerclient/grpc_client.go @@ -8,8 +8,9 @@ import ( "github.com/pkg/errors" "github.com/stackrox/rox/generated/storage" "github.com/stackrox/rox/pkg/clientconn" + "github.com/stackrox/rox/pkg/images/types" "github.com/stackrox/rox/pkg/mtls" - "github.com/stackrox/rox/pkg/registries/types" + registryTypes "github.com/stackrox/rox/pkg/registries/types" "github.com/stackrox/rox/sensor/common/registry" scannerV1 "github.com/stackrox/scanner/generated/scanner/api/v1" "google.golang.org/grpc" @@ -61,14 +62,16 @@ func newGRPCClient(endpoint string) (*client, error) { // 1. Retrieve image metadata. // 2. Request image analysis from Scanner, directly. // 3. Return image analysis results. -func (c *client) GetImageAnalysis(ctx context.Context, image *storage.ContainerImage) (*scannerV1.GetImageComponentsResponse, error) { +func (c *client) GetImageAnalysis(ctx context.Context, image *storage.ContainerImage) (*imageData, error) { reg, err := getRegistry(image) if err != nil { - return nil, err + return nil, errors.Wrapf(err, "determining image registry for %s in namespace %q", image.GetName().GetFullName(), image.GetNamespace()) } - // TODO: get image metadata - + metadata, err := reg.Metadata(types.ToImage(image)) + if err != nil { + return nil, errors.Wrapf(err, "getting image metadata for %s in namespace %q", image.GetName().GetFullName(), image.GetNamespace()) + } cfg := reg.Config() resp, err := c.client.GetImageComponents(ctx, &scannerV1.GetImageComponentsRequest{ @@ -84,10 +87,13 @@ func (c *client) GetImageAnalysis(ctx context.Context, image *storage.ContainerI return nil, errors.Wrap(err, "getting image components from scanner") } - return resp, nil + return &imageData{ + Metadata: metadata, + GetImageComponentsResponse: resp, + }, nil } -func getRegistry(img *storage.ContainerImage) (types.Registry, error) { +func getRegistry(img *storage.ContainerImage) (registryTypes.Registry, error) { reg := img.GetName().GetRegistry() regs := registry.Singleton().GetAllInNamespace(img.GetNamespace()) for _, r := range regs.GetAll() { diff --git a/sensor/common/scannerclient/scan.go b/sensor/common/scannerclient/scan.go index e5a335a5b5166..f0a37ddc70c46 100644 --- a/sensor/common/scannerclient/scan.go +++ b/sensor/common/scannerclient/scan.go @@ -14,30 +14,31 @@ var ( ) // ScanImage runs the pipeline required to scan an image with a local Scanner. -// TODO: add rate-limiting? +// TODO: add retries for rate-limiting. func ScanImage(ctx context.Context, centralClient v1.ImageServiceClient, image *storage.ContainerImage) (*storage.Image, error) { scannerClient := GRPCClientSingleton() if scannerClient == nil { return nil, ErrNoLocalScanner } - scannerResp, err := scannerClient.GetImageAnalysis(ctx, image) + imgData, err := scannerClient.GetImageAnalysis(ctx, image) if err != nil { return nil, errors.Wrap(err, "scanning image") } // If the scan did not succeed, then ignore the results. - if scannerResp.GetStatus() != scannerV1.ScanStatus_SUCCEEDED { + if imgData.GetStatus() != scannerV1.ScanStatus_SUCCEEDED { return nil, nil } centralResp, err := centralClient.GetImageVulnerabilitiesInternal(ctx, &v1.GetImageVulnerabilitiesInternalRequest{ ImageId: image.GetId(), ImageName: image.GetName(), - Components: scannerResp.GetComponents(), - Notes: scannerResp.GetNotes(), + Metadata: imgData.Metadata, + Components: imgData.GetComponents(), + Notes: imgData.GetNotes(), }) if err != nil { - return nil, errors.Wrap(err, "retrieving image vulnerabilities") + return nil, errors.Wrapf(err, "retrieving image vulnerabilities for %s in namespace %q", image.GetName().GetFullName(), image.GetNamespace()) } return centralResp.GetImage(), nil diff --git a/sensor/common/scannerclient/types.go b/sensor/common/scannerclient/types.go new file mode 100644 index 0000000000000..f11d8b17cd952 --- /dev/null +++ b/sensor/common/scannerclient/types.go @@ -0,0 +1,11 @@ +package scannerclient + +import ( + "github.com/stackrox/rox/generated/storage" + scannerV1 "github.com/stackrox/scanner/generated/scanner/api/v1" +) + +type imageData struct { + Metadata *storage.ImageMetadata + *scannerV1.GetImageComponentsResponse +} From a911491fb1b2ec7165dc38e93acbb252dceebbd0 Mon Sep 17 00:00:00 2001 From: RTann Date: Tue, 1 Feb 2022 14:01:34 -0800 Subject: [PATCH 032/103] style --- sensor/common/scannerclient/grpc_client.go | 2 +- sensor/common/scannerclient/scan.go | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/sensor/common/scannerclient/grpc_client.go b/sensor/common/scannerclient/grpc_client.go index 1b3bf4ab98f64..f18a2c67a4e54 100644 --- a/sensor/common/scannerclient/grpc_client.go +++ b/sensor/common/scannerclient/grpc_client.go @@ -53,7 +53,7 @@ func newGRPCClient(endpoint string) (*client, error) { return &client{ client: scannerV1.NewImageScanServiceClient(conn), - conn: conn, + conn: conn, }, nil } diff --git a/sensor/common/scannerclient/scan.go b/sensor/common/scannerclient/scan.go index f0a37ddc70c46..8e769cc655c6e 100644 --- a/sensor/common/scannerclient/scan.go +++ b/sensor/common/scannerclient/scan.go @@ -10,6 +10,7 @@ import ( ) var ( + // ErrNoLocalScanner indicates there is no Secured Cluster-local Scanner. ErrNoLocalScanner = errors.New("No local Scanner integrated") ) From 40dfc0d779562ef7d3db1bc072e0c516753ae327 Mon Sep 17 00:00:00 2001 From: RTann Date: Tue, 1 Feb 2022 14:33:07 -0800 Subject: [PATCH 033/103] logs for debugging --- sensor/common/scannerclient/grpc_client.go | 5 +++++ sensor/common/scannerclient/scan.go | 6 +++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/sensor/common/scannerclient/grpc_client.go b/sensor/common/scannerclient/grpc_client.go index f18a2c67a4e54..8a57c0caa05e4 100644 --- a/sensor/common/scannerclient/grpc_client.go +++ b/sensor/common/scannerclient/grpc_client.go @@ -70,9 +70,14 @@ func (c *client) GetImageAnalysis(ctx context.Context, image *storage.ContainerI metadata, err := reg.Metadata(types.ToImage(image)) if err != nil { + log.Errorf("getting image metadata for %s in namespace %q: %v", image.GetName().GetFullName(), image.GetNamespace(), err) return nil, errors.Wrapf(err, "getting image metadata for %s in namespace %q", image.GetName().GetFullName(), image.GetNamespace()) + } else { + log.Infof("Successfully got image metadata for %s in namespace %q", image.GetName().GetFullName(), image.GetNamespace()) } + + cfg := reg.Config() resp, err := c.client.GetImageComponents(ctx, &scannerV1.GetImageComponentsRequest{ Image: image.GetId(), diff --git a/sensor/common/scannerclient/scan.go b/sensor/common/scannerclient/scan.go index 8e769cc655c6e..4c1c4b1b62bee 100644 --- a/sensor/common/scannerclient/scan.go +++ b/sensor/common/scannerclient/scan.go @@ -6,12 +6,15 @@ import ( "github.com/pkg/errors" v1 "github.com/stackrox/rox/generated/api/v1" "github.com/stackrox/rox/generated/storage" + "github.com/stackrox/rox/pkg/logging" scannerV1 "github.com/stackrox/scanner/generated/scanner/api/v1" ) var ( // ErrNoLocalScanner indicates there is no Secured Cluster-local Scanner. ErrNoLocalScanner = errors.New("No local Scanner integrated") + + log = logging.LoggerForModule() ) // ScanImage runs the pipeline required to scan an image with a local Scanner. @@ -19,7 +22,8 @@ var ( func ScanImage(ctx context.Context, centralClient v1.ImageServiceClient, image *storage.ContainerImage) (*storage.Image, error) { scannerClient := GRPCClientSingleton() if scannerClient == nil { - return nil, ErrNoLocalScanner + log.Warn("No local scanner") + //return nil, ErrNoLocalScanner } imgData, err := scannerClient.GetImageAnalysis(ctx, image) From c22ad520e159a7eff28155125a901d0ec38234f9 Mon Sep 17 00:00:00 2001 From: RTann Date: Tue, 1 Feb 2022 15:11:28 -0800 Subject: [PATCH 034/103] update log --- sensor/common/scannerclient/grpc_client.go | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/sensor/common/scannerclient/grpc_client.go b/sensor/common/scannerclient/grpc_client.go index 8a57c0caa05e4..88d2633527c30 100644 --- a/sensor/common/scannerclient/grpc_client.go +++ b/sensor/common/scannerclient/grpc_client.go @@ -72,11 +72,9 @@ func (c *client) GetImageAnalysis(ctx context.Context, image *storage.ContainerI if err != nil { log.Errorf("getting image metadata for %s in namespace %q: %v", image.GetName().GetFullName(), image.GetNamespace(), err) return nil, errors.Wrapf(err, "getting image metadata for %s in namespace %q", image.GetName().GetFullName(), image.GetNamespace()) - } else { - log.Infof("Successfully got image metadata for %s in namespace %q", image.GetName().GetFullName(), image.GetNamespace()) } - + log.Infof("Successfully got image metadata for %s in namespace %q: %v", image.GetName().GetFullName(), image.GetNamespace(), metadata) cfg := reg.Config() resp, err := c.client.GetImageComponents(ctx, &scannerV1.GetImageComponentsRequest{ From 168daac3a2c773c2e95e115ab43206d891c20415 Mon Sep 17 00:00:00 2001 From: RTann Date: Tue, 1 Feb 2022 15:46:40 -0800 Subject: [PATCH 035/103] remove debug logs and add feature flag check --- sensor/common/detector/enricher.go | 13 ++++++++----- sensor/common/image/service_impl.go | 17 ++++++++++------- sensor/common/scannerclient/grpc_client.go | 3 --- sensor/common/scannerclient/scan.go | 6 +----- 4 files changed, 19 insertions(+), 20 deletions(-) diff --git a/sensor/common/detector/enricher.go b/sensor/common/detector/enricher.go index f8c813b0f1161..f7da9767c370c 100644 --- a/sensor/common/detector/enricher.go +++ b/sensor/common/detector/enricher.go @@ -10,6 +10,7 @@ import ( "github.com/stackrox/rox/generated/storage" "github.com/stackrox/rox/pkg/concurrency" "github.com/stackrox/rox/pkg/expiringcache" + "github.com/stackrox/rox/pkg/features" "github.com/stackrox/rox/pkg/images/types" "github.com/stackrox/rox/sensor/common/detector/metrics" "github.com/stackrox/rox/sensor/common/imagecacheutils" @@ -57,11 +58,13 @@ func scanImage(ctx context.Context, svc v1.ImageServiceClient, ci *storage.Conta Image: ci, }) - // ScanImageInternal may return without error even if it was unable to find the image. - // Check the metadata here: if Central cannot retrieve the metadata, perhaps the - // image is stored in an internal registry which Sensor can reach. - if err == nil && scannedImage.GetImage().GetMetadata() == nil { - scannedImage.Image, err = scannerclient.ScanImage(ctx, svc, ci) + if features.LocalImageScanning.Enabled() { + // ScanImageInternal may return without error even if it was unable to find the image. + // Check the metadata here: if Central cannot retrieve the metadata, perhaps the + // image is stored in an internal registry which Sensor can reach. + if err == nil && scannedImage.GetImage().GetMetadata() == nil { + scannedImage.Image, err = scannerclient.ScanImage(ctx, svc, ci) + } } return scannedImage, err diff --git a/sensor/common/image/service_impl.go b/sensor/common/image/service_impl.go index 70c24071da547..43b1a30cd8349 100644 --- a/sensor/common/image/service_impl.go +++ b/sensor/common/image/service_impl.go @@ -9,6 +9,7 @@ import ( "github.com/stackrox/rox/generated/internalapi/sensor" "github.com/stackrox/rox/generated/storage" "github.com/stackrox/rox/pkg/expiringcache" + "github.com/stackrox/rox/pkg/features" grpcPkg "github.com/stackrox/rox/pkg/grpc" "github.com/stackrox/rox/pkg/grpc/authz/idcheck" "github.com/stackrox/rox/sensor/common/imagecacheutils" @@ -62,13 +63,15 @@ func (s *serviceImpl) GetImage(ctx context.Context, req *sensor.GetImageRequest) img := scanResp.GetImage() - // ScanImageInternal may return without error even if it was unable to find the image. - // Check the metadata here: if Central cannot retrieve the metadata, perhaps the - // image is stored in an internal registry which Scanner can reach. - if img.GetMetadata() == nil { - img, err = scannerclient.ScanImage(ctx, s.centralClient, req.GetImage()) - if err != nil { - return nil, errors.Wrap(err, "scanning image via local scanner") + if features.LocalImageScanning.Enabled() { + // ScanImageInternal may return without error even if it was unable to find the image. + // Check the metadata here: if Central cannot retrieve the metadata, perhaps the + // image is stored in an internal registry which Scanner can reach. + if img.GetMetadata() == nil { + img, err = scannerclient.ScanImage(ctx, s.centralClient, req.GetImage()) + if err != nil { + return nil, errors.Wrap(err, "scanning image via local scanner") + } } } diff --git a/sensor/common/scannerclient/grpc_client.go b/sensor/common/scannerclient/grpc_client.go index 88d2633527c30..f18a2c67a4e54 100644 --- a/sensor/common/scannerclient/grpc_client.go +++ b/sensor/common/scannerclient/grpc_client.go @@ -70,12 +70,9 @@ func (c *client) GetImageAnalysis(ctx context.Context, image *storage.ContainerI metadata, err := reg.Metadata(types.ToImage(image)) if err != nil { - log.Errorf("getting image metadata for %s in namespace %q: %v", image.GetName().GetFullName(), image.GetNamespace(), err) return nil, errors.Wrapf(err, "getting image metadata for %s in namespace %q", image.GetName().GetFullName(), image.GetNamespace()) } - log.Infof("Successfully got image metadata for %s in namespace %q: %v", image.GetName().GetFullName(), image.GetNamespace(), metadata) - cfg := reg.Config() resp, err := c.client.GetImageComponents(ctx, &scannerV1.GetImageComponentsRequest{ Image: image.GetId(), diff --git a/sensor/common/scannerclient/scan.go b/sensor/common/scannerclient/scan.go index 4c1c4b1b62bee..8e769cc655c6e 100644 --- a/sensor/common/scannerclient/scan.go +++ b/sensor/common/scannerclient/scan.go @@ -6,15 +6,12 @@ import ( "github.com/pkg/errors" v1 "github.com/stackrox/rox/generated/api/v1" "github.com/stackrox/rox/generated/storage" - "github.com/stackrox/rox/pkg/logging" scannerV1 "github.com/stackrox/scanner/generated/scanner/api/v1" ) var ( // ErrNoLocalScanner indicates there is no Secured Cluster-local Scanner. ErrNoLocalScanner = errors.New("No local Scanner integrated") - - log = logging.LoggerForModule() ) // ScanImage runs the pipeline required to scan an image with a local Scanner. @@ -22,8 +19,7 @@ var ( func ScanImage(ctx context.Context, centralClient v1.ImageServiceClient, image *storage.ContainerImage) (*storage.Image, error) { scannerClient := GRPCClientSingleton() if scannerClient == nil { - log.Warn("No local scanner") - //return nil, ErrNoLocalScanner + return nil, ErrNoLocalScanner } imgData, err := scannerClient.GetImageAnalysis(ctx, image) From 06b0584cd8e87ba2a5f4aaae03a35fd0d3e209b4 Mon Sep 17 00:00:00 2001 From: RTann Date: Wed, 2 Feb 2022 12:11:45 -0800 Subject: [PATCH 036/103] gogen --- central/graphql/resolvers/generated.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/central/graphql/resolvers/generated.go b/central/graphql/resolvers/generated.go index 6f9a9ab5fb075..0a980e4880061 100644 --- a/central/graphql/resolvers/generated.go +++ b/central/graphql/resolvers/generated.go @@ -474,6 +474,7 @@ func registerGeneratedTypes(builder generator.SchemaBuilder) { utils.Must(builder.AddType("ContainerImage", []string{ "id: ID!", "name: ImageName", + "namespace: String!", "notPullable: Boolean!", })) utils.Must(builder.AddType("ContainerInstance", []string{ @@ -5003,6 +5004,11 @@ func (resolver *containerImageResolver) Name(ctx context.Context) (*imageNameRes return resolver.root.wrapImageName(value, true, nil) } +func (resolver *containerImageResolver) Namespace(ctx context.Context) string { + value := resolver.data.GetNamespace() + return value +} + func (resolver *containerImageResolver) NotPullable(ctx context.Context) bool { value := resolver.data.GetNotPullable() return value From 5e72ab6d5eeb859bb9d6c1d62dceca51962407d4 Mon Sep 17 00:00:00 2001 From: RTann Date: Wed, 2 Feb 2022 12:19:20 -0800 Subject: [PATCH 037/103] update proto --- central/image/service/service_impl.go | 2 +- generated/api/v1/image_service.pb.go | 381 +++++--------------- generated/api/v1/image_service.swagger.json | 8 - proto/api/v1/image_service.proto | 6 +- 4 files changed, 89 insertions(+), 308 deletions(-) diff --git a/central/image/service/service_impl.go b/central/image/service/service_impl.go index f918897a87484..2645f988ebd08 100644 --- a/central/image/service/service_impl.go +++ b/central/image/service/service_impl.go @@ -256,7 +256,7 @@ func (s *serviceImpl) ScanImage(ctx context.Context, request *v1.ScanImageReques // specified by the given components and scan notes. // This is meant to be called by Sensor. // TODO(ROX-8401): Implement me. -func (s *serviceImpl) GetImageVulnerabilitiesInternal(ctx context.Context, request *v1.GetImageVulnerabilitiesInternalRequest) (*v1.GetImageVulnerabilitiesInternalResponse, error) { +func (s *serviceImpl) GetImageVulnerabilitiesInternal(ctx context.Context, request *v1.GetImageVulnerabilitiesInternalRequest) (*v1.ScanImageInternalResponse, error) { return nil, nil } diff --git a/generated/api/v1/image_service.pb.go b/generated/api/v1/image_service.pb.go index 8a963d4a74bb6..fadb539416145 100644 --- a/generated/api/v1/image_service.pb.go +++ b/generated/api/v1/image_service.pb.go @@ -56,7 +56,7 @@ func (x WatchImageResponse_ErrorType) String() string { } func (WatchImageResponse_ErrorType) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_b4306cfe43028263, []int{11, 0} + return fileDescriptor_b4306cfe43028263, []int{10, 0} } type GetImageRequest struct { @@ -560,69 +560,6 @@ func (m *GetImageVulnerabilitiesInternalRequest) Clone() *GetImageVulnerabilitie return cloned } -type GetImageVulnerabilitiesInternalResponse struct { - Image *storage.Image `protobuf:"bytes,1,opt,name=image,proto3" json:"image,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *GetImageVulnerabilitiesInternalResponse) Reset() { - *m = GetImageVulnerabilitiesInternalResponse{} -} -func (m *GetImageVulnerabilitiesInternalResponse) String() string { return proto.CompactTextString(m) } -func (*GetImageVulnerabilitiesInternalResponse) ProtoMessage() {} -func (*GetImageVulnerabilitiesInternalResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_b4306cfe43028263, []int{7} -} -func (m *GetImageVulnerabilitiesInternalResponse) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *GetImageVulnerabilitiesInternalResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_GetImageVulnerabilitiesInternalResponse.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *GetImageVulnerabilitiesInternalResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_GetImageVulnerabilitiesInternalResponse.Merge(m, src) -} -func (m *GetImageVulnerabilitiesInternalResponse) XXX_Size() int { - return m.Size() -} -func (m *GetImageVulnerabilitiesInternalResponse) XXX_DiscardUnknown() { - xxx_messageInfo_GetImageVulnerabilitiesInternalResponse.DiscardUnknown(m) -} - -var xxx_messageInfo_GetImageVulnerabilitiesInternalResponse proto.InternalMessageInfo - -func (m *GetImageVulnerabilitiesInternalResponse) GetImage() *storage.Image { - if m != nil { - return m.Image - } - return nil -} - -func (m *GetImageVulnerabilitiesInternalResponse) MessageClone() proto.Message { - return m.Clone() -} -func (m *GetImageVulnerabilitiesInternalResponse) Clone() *GetImageVulnerabilitiesInternalResponse { - if m == nil { - return nil - } - cloned := new(GetImageVulnerabilitiesInternalResponse) - *cloned = *m - - cloned.Image = m.Image.Clone() - return cloned -} - type DeleteImagesRequest struct { Query *RawQuery `protobuf:"bytes,1,opt,name=query,proto3" json:"query,omitempty"` Confirm bool `protobuf:"varint,2,opt,name=confirm,proto3" json:"confirm,omitempty"` @@ -635,7 +572,7 @@ func (m *DeleteImagesRequest) Reset() { *m = DeleteImagesRequest{} } func (m *DeleteImagesRequest) String() string { return proto.CompactTextString(m) } func (*DeleteImagesRequest) ProtoMessage() {} func (*DeleteImagesRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_b4306cfe43028263, []int{8} + return fileDescriptor_b4306cfe43028263, []int{7} } func (m *DeleteImagesRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -704,7 +641,7 @@ func (m *DeleteImagesResponse) Reset() { *m = DeleteImagesResponse{} } func (m *DeleteImagesResponse) String() string { return proto.CompactTextString(m) } func (*DeleteImagesResponse) ProtoMessage() {} func (*DeleteImagesResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_b4306cfe43028263, []int{9} + return fileDescriptor_b4306cfe43028263, []int{8} } func (m *DeleteImagesResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -774,7 +711,7 @@ func (m *WatchImageRequest) Reset() { *m = WatchImageRequest{} } func (m *WatchImageRequest) String() string { return proto.CompactTextString(m) } func (*WatchImageRequest) ProtoMessage() {} func (*WatchImageRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_b4306cfe43028263, []int{10} + return fileDescriptor_b4306cfe43028263, []int{9} } func (m *WatchImageRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -840,7 +777,7 @@ func (m *WatchImageResponse) Reset() { *m = WatchImageResponse{} } func (m *WatchImageResponse) String() string { return proto.CompactTextString(m) } func (*WatchImageResponse) ProtoMessage() {} func (*WatchImageResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_b4306cfe43028263, []int{11} + return fileDescriptor_b4306cfe43028263, []int{10} } func (m *WatchImageResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -916,7 +853,7 @@ func (m *UnwatchImageRequest) Reset() { *m = UnwatchImageRequest{} } func (m *UnwatchImageRequest) String() string { return proto.CompactTextString(m) } func (*UnwatchImageRequest) ProtoMessage() {} func (*UnwatchImageRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_b4306cfe43028263, []int{12} + return fileDescriptor_b4306cfe43028263, []int{11} } func (m *UnwatchImageRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -976,7 +913,7 @@ func (m *GetWatchedImagesResponse) Reset() { *m = GetWatchedImagesRespon func (m *GetWatchedImagesResponse) String() string { return proto.CompactTextString(m) } func (*GetWatchedImagesResponse) ProtoMessage() {} func (*GetWatchedImagesResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_b4306cfe43028263, []int{13} + return fileDescriptor_b4306cfe43028263, []int{12} } func (m *GetWatchedImagesResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1043,7 +980,7 @@ func (m *ScanImageInternalResponseDetails) Reset() { *m = ScanImageInter func (m *ScanImageInternalResponseDetails) String() string { return proto.CompactTextString(m) } func (*ScanImageInternalResponseDetails) ProtoMessage() {} func (*ScanImageInternalResponseDetails) Descriptor() ([]byte, []int) { - return fileDescriptor_b4306cfe43028263, []int{14} + return fileDescriptor_b4306cfe43028263, []int{13} } func (m *ScanImageInternalResponseDetails) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1101,7 +1038,7 @@ func (m *ScanImageInternalResponseDetails_TooManyParallelScans) String() string } func (*ScanImageInternalResponseDetails_TooManyParallelScans) ProtoMessage() {} func (*ScanImageInternalResponseDetails_TooManyParallelScans) Descriptor() ([]byte, []int) { - return fileDescriptor_b4306cfe43028263, []int{14, 0} + return fileDescriptor_b4306cfe43028263, []int{13, 0} } func (m *ScanImageInternalResponseDetails_TooManyParallelScans) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1152,7 +1089,6 @@ func init() { proto.RegisterType((*ScanImageInternalRequest)(nil), "v1.ScanImageInternalRequest") proto.RegisterType((*ScanImageInternalResponse)(nil), "v1.ScanImageInternalResponse") proto.RegisterType((*GetImageVulnerabilitiesInternalRequest)(nil), "v1.GetImageVulnerabilitiesInternalRequest") - proto.RegisterType((*GetImageVulnerabilitiesInternalResponse)(nil), "v1.GetImageVulnerabilitiesInternalResponse") proto.RegisterType((*DeleteImagesRequest)(nil), "v1.DeleteImagesRequest") proto.RegisterType((*DeleteImagesResponse)(nil), "v1.DeleteImagesResponse") proto.RegisterType((*WatchImageRequest)(nil), "v1.WatchImageRequest") @@ -1166,80 +1102,79 @@ func init() { func init() { proto.RegisterFile("api/v1/image_service.proto", fileDescriptor_b4306cfe43028263) } var fileDescriptor_b4306cfe43028263 = []byte{ - // 1166 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x56, 0x4d, 0x73, 0xdb, 0xc4, - 0x1b, 0xaf, 0x9d, 0xba, 0xb1, 0x1f, 0xbb, 0xb6, 0xb3, 0x76, 0x1d, 0x45, 0x4d, 0x13, 0x8f, 0xfa, - 0xff, 0x93, 0x90, 0x0e, 0xf2, 0xd8, 0x0c, 0x97, 0x0e, 0x33, 0x60, 0x12, 0x37, 0xb8, 0x53, 0xdb, - 0x45, 0x49, 0x43, 0x61, 0x3a, 0xa3, 0xd9, 0x4a, 0xdb, 0x54, 0x83, 0xb4, 0xeb, 0x4a, 0xb2, 0x83, - 0xcb, 0x70, 0x80, 0x13, 0x77, 0x2e, 0x7c, 0x1f, 0x2e, 0x1c, 0x99, 0xe1, 0x0b, 0x30, 0x81, 0x0f, - 0xc2, 0x68, 0x77, 0xad, 0x48, 0xb6, 0x4b, 0xcb, 0x4d, 0xfb, 0xbc, 0xfc, 0x9e, 0xd7, 0xfd, 0xad, - 0x40, 0xc5, 0x63, 0xa7, 0x35, 0x6d, 0xb7, 0x1c, 0x0f, 0x9f, 0x13, 0x33, 0x20, 0xfe, 0xd4, 0xb1, - 0x88, 0x3e, 0xf6, 0x59, 0xc8, 0x50, 0x76, 0xda, 0x56, 0xb7, 0xcf, 0x19, 0x3b, 0x77, 0x49, 0x2b, - 0x32, 0xc3, 0x94, 0xb2, 0x10, 0x87, 0x0e, 0xa3, 0x81, 0xb0, 0x50, 0x6f, 0x4b, 0xef, 0x80, 0x60, - 0xdf, 0x7a, 0x99, 0x76, 0x57, 0x91, 0x54, 0x12, 0x6f, 0x1c, 0xce, 0xa4, 0x6c, 0x27, 0xb0, 0x30, - 0xa5, 0xc4, 0x6f, 0x49, 0x9d, 0xc5, 0xbc, 0x31, 0xa3, 0x84, 0x86, 0x52, 0xbf, 0xb5, 0xa0, 0xa7, - 0x2c, 0x9c, 0xc3, 0xd5, 0x82, 0x90, 0xf9, 0xf8, 0x9c, 0x88, 0x54, 0xa5, 0x50, 0x99, 0x0b, 0x6d, - 0x32, 0x76, 0xd9, 0xcc, 0x8b, 0x91, 0xb4, 0x87, 0x50, 0x39, 0x26, 0x61, 0x3f, 0xb2, 0x35, 0xc8, - 0xab, 0x09, 0x09, 0x42, 0x54, 0x86, 0xac, 0x63, 0x2b, 0x99, 0x66, 0x66, 0xbf, 0x60, 0x64, 0x1d, - 0x1b, 0xed, 0x41, 0xc5, 0xa1, 0x96, 0x3b, 0xb1, 0x89, 0x19, 0x50, 0xc6, 0x5e, 0x13, 0x5b, 0xc9, - 0x36, 0x33, 0xfb, 0x79, 0xa3, 0x2c, 0xc5, 0x27, 0x42, 0xaa, 0x7d, 0x0a, 0xe8, 0x91, 0x13, 0x08, - 0xb0, 0xc0, 0x20, 0xc1, 0x98, 0xd1, 0x80, 0xa0, 0x03, 0xb8, 0xc1, 0x53, 0x09, 0x94, 0x4c, 0x73, - 0x6d, 0xbf, 0xd8, 0x41, 0xba, 0x4c, 0x46, 0x8f, 0x8d, 0x0d, 0x69, 0xa1, 0xdd, 0x83, 0xda, 0x21, - 0x9b, 0xd0, 0x45, 0x88, 0x3a, 0xe4, 0xac, 0x48, 0xcc, 0x93, 0xca, 0x19, 0xe2, 0xa0, 0x8d, 0xa1, - 0x7a, 0x62, 0x61, 0x9a, 0xca, 0xfd, 0x0e, 0x80, 0x18, 0x11, 0xc5, 0x1e, 0x91, 0x35, 0x14, 0xb8, - 0x64, 0x88, 0x3d, 0x0e, 0xf4, 0x82, 0xf9, 0x16, 0x91, 0x05, 0x88, 0xc3, 0xaa, 0x02, 0xd7, 0x56, - 0x16, 0x38, 0x06, 0x25, 0x8e, 0xd8, 0xa7, 0x21, 0xf1, 0x29, 0x76, 0xe7, 0x91, 0x3f, 0x80, 0x1c, - 0x8f, 0xc3, 0x83, 0x16, 0x3b, 0x9b, 0x71, 0x95, 0x87, 0x8c, 0x86, 0xd8, 0xa1, 0xc4, 0x17, 0x89, - 0x0a, 0x2b, 0xb4, 0x0b, 0x45, 0x0b, 0x5b, 0x2f, 0x89, 0x6d, 0x32, 0xea, 0xce, 0x64, 0x3c, 0x10, - 0xa2, 0x11, 0x75, 0x67, 0x0f, 0xaf, 0xe7, 0xb3, 0xd5, 0x35, 0xad, 0x0b, 0x5b, 0x2b, 0x22, 0xca, - 0xb6, 0xfc, 0x2f, 0x1d, 0xb2, 0x1c, 0x87, 0x4c, 0x46, 0xd2, 0x7e, 0xca, 0xc2, 0x7b, 0xf3, 0x11, - 0x9f, 0x4d, 0x5c, 0x4a, 0x7c, 0xfc, 0xdc, 0x71, 0x9d, 0xd0, 0x21, 0xc1, 0x62, 0x0d, 0x5b, 0x90, - 0x17, 0xdd, 0x8b, 0xe7, 0xbf, 0xce, 0xcf, 0x7d, 0x1b, 0xb5, 0x53, 0x8d, 0xcd, 0xf2, 0x80, 0x28, - 0x1d, 0x30, 0xea, 0x70, 0xb2, 0xd9, 0x1d, 0xc8, 0x7b, 0x24, 0xc4, 0x36, 0x0e, 0x31, 0xaf, 0xaf, - 0xd8, 0x69, 0xa4, 0x1d, 0x06, 0x52, 0x6b, 0xc4, 0x76, 0xe8, 0x23, 0x80, 0x78, 0xd7, 0x03, 0xe5, - 0x3a, 0xf7, 0xba, 0xa5, 0xcb, 0x6d, 0x3f, 0x6b, 0xeb, 0x87, 0xb1, 0xd2, 0x48, 0x18, 0xa2, 0xff, - 0x43, 0x2e, 0xba, 0x02, 0x81, 0x92, 0x6b, 0xae, 0xed, 0x97, 0x3b, 0x95, 0x84, 0xc7, 0x90, 0x85, - 0xc4, 0x10, 0x5a, 0x6d, 0x04, 0x7b, 0x6f, 0xed, 0xc4, 0x7f, 0xea, 0xed, 0x09, 0xd4, 0x8e, 0x88, - 0x4b, 0x42, 0x32, 0x5f, 0x58, 0xd1, 0x47, 0x0d, 0x72, 0xaf, 0x26, 0xc4, 0x9f, 0x49, 0xe7, 0x92, - 0x3e, 0x6d, 0xeb, 0x06, 0xbe, 0xf8, 0x22, 0x92, 0x19, 0x42, 0x85, 0x14, 0x58, 0xb7, 0x18, 0x7d, - 0xe1, 0xf8, 0x9e, 0x5c, 0xc6, 0xf9, 0x51, 0x7b, 0x0c, 0xf5, 0x34, 0xa8, 0x4c, 0x69, 0x17, 0x8a, - 0x74, 0xe2, 0x99, 0x36, 0xd7, 0x89, 0x01, 0xdd, 0x34, 0x80, 0x4e, 0x3c, 0x61, 0x6d, 0xa3, 0x4d, - 0x58, 0xb7, 0xfd, 0x99, 0xe9, 0x4f, 0xa8, 0x84, 0xbc, 0x61, 0xfb, 0x33, 0x63, 0x42, 0xb5, 0x3d, - 0xd8, 0xf8, 0x12, 0x87, 0xd6, 0xcb, 0xd4, 0x55, 0x41, 0x70, 0x3d, 0x71, 0x49, 0xf8, 0xb7, 0xf6, - 0x43, 0x16, 0x50, 0xd2, 0x52, 0x46, 0xde, 0x83, 0x0a, 0x65, 0xbe, 0x87, 0x5d, 0xe7, 0x35, 0xb1, - 0x93, 0x57, 0xab, 0x7c, 0x25, 0xe6, 0x23, 0xff, 0x04, 0x80, 0xf8, 0x3e, 0xf3, 0xcd, 0x70, 0x36, - 0x16, 0x5b, 0x52, 0xee, 0x34, 0xa3, 0xea, 0x97, 0x41, 0xf5, 0x5e, 0x64, 0x78, 0x3a, 0x1b, 0x13, - 0xa3, 0x40, 0xe6, 0x9f, 0xe8, 0x2e, 0xdc, 0x14, 0x00, 0x1e, 0x09, 0x82, 0xa8, 0xfd, 0x6b, 0x3c, - 0x4e, 0x89, 0x0b, 0x07, 0x42, 0xa6, 0x3d, 0x83, 0x42, 0xec, 0x8c, 0x4a, 0x90, 0x1f, 0x8e, 0xcc, - 0x9e, 0x61, 0x8c, 0x8c, 0xea, 0x35, 0xd4, 0x00, 0xd4, 0x1f, 0x9e, 0x75, 0x1f, 0xf5, 0x8f, 0xcc, - 0xfe, 0xa0, 0x7b, 0xdc, 0x33, 0x87, 0xdd, 0x41, 0xaf, 0x9a, 0x41, 0x0a, 0xd4, 0x87, 0x23, 0x53, - 0x2a, 0x86, 0xa7, 0xbd, 0x63, 0xa3, 0x7b, 0xda, 0x1f, 0x0d, 0xab, 0x59, 0x54, 0x81, 0xe2, 0xc9, - 0x61, 0x77, 0x68, 0x3e, 0xe8, 0xf6, 0x1f, 0xf5, 0x8e, 0xaa, 0x6b, 0xda, 0xfb, 0x50, 0x7b, 0x42, - 0x2f, 0xde, 0xa9, 0x5d, 0x4f, 0x41, 0x39, 0x26, 0x21, 0xaf, 0x8d, 0xd8, 0x0b, 0xd3, 0xfa, 0x18, - 0xca, 0x17, 0x42, 0x61, 0xa6, 0xe8, 0xef, 0x56, 0xbc, 0x49, 0x49, 0x3f, 0xe3, 0xe6, 0x45, 0x12, - 0x45, 0xbb, 0x0f, 0xcd, 0x37, 0xde, 0xfb, 0x23, 0x12, 0x62, 0xc7, 0x0d, 0xd4, 0x06, 0xd4, 0x4f, - 0x19, 0x1b, 0x60, 0x3a, 0x7b, 0x8c, 0x7d, 0xec, 0xba, 0xc4, 0x8d, 0x5c, 0x82, 0xce, 0xaf, 0xeb, - 0x50, 0xe2, 0x8e, 0x27, 0xe2, 0x9d, 0x41, 0x9f, 0x43, 0x7e, 0xbe, 0xf6, 0xa8, 0x16, 0x4d, 0x63, - 0x81, 0xf1, 0xd5, 0x85, 0xed, 0xd6, 0x36, 0x7f, 0xfc, 0xe3, 0xef, 0x9f, 0xb3, 0x1b, 0xa8, 0x12, - 0x3f, 0x79, 0x41, 0xeb, 0x3b, 0xc7, 0xfe, 0x1e, 0x0d, 0xa0, 0x98, 0xe0, 0x67, 0x94, 0x5a, 0x6c, - 0x75, 0x33, 0x3a, 0xad, 0xa0, 0xef, 0x55, 0x70, 0x9c, 0xc1, 0xd1, 0x03, 0x80, 0xab, 0x07, 0x63, - 0x01, 0xad, 0x11, 0x9d, 0x96, 0x9f, 0x13, 0x0d, 0x71, 0xb0, 0x12, 0x82, 0x2b, 0x30, 0x34, 0x80, - 0x42, 0xdc, 0x2d, 0x54, 0x8f, 0x1c, 0x17, 0x1f, 0x86, 0xa5, 0x12, 0x55, 0x0e, 0x53, 0xd7, 0x92, - 0x25, 0x46, 0xa4, 0x71, 0x3f, 0x73, 0x80, 0x1e, 0xc3, 0xc6, 0x52, 0xf3, 0xd1, 0x76, 0x0a, 0x76, - 0x81, 0x39, 0xd5, 0x3b, 0x6f, 0xd0, 0xca, 0x65, 0x78, 0x0d, 0xbb, 0x6f, 0x21, 0x1e, 0x74, 0x90, - 0x1c, 0xcc, 0xbf, 0xf3, 0xb4, 0x7a, 0xef, 0x9d, 0x6c, 0x65, 0xec, 0x67, 0xb0, 0xdb, 0xa7, 0x53, - 0xec, 0x3a, 0x36, 0x0e, 0x49, 0x94, 0x62, 0x97, 0xda, 0x06, 0x39, 0x77, 0x82, 0xd0, 0x9f, 0x1d, - 0x46, 0xef, 0x4d, 0x80, 0x0a, 0x11, 0x5e, 0x2f, 0xfa, 0xff, 0x50, 0xaf, 0x3e, 0xb5, 0xbb, 0xbc, - 0x45, 0x77, 0xd0, 0xed, 0x44, 0x8b, 0xf8, 0x03, 0xd5, 0x72, 0x62, 0x3c, 0xf4, 0x04, 0x4a, 0x49, - 0xb2, 0x42, 0x7c, 0x09, 0x56, 0x70, 0xa2, 0xaa, 0x2c, 0x2b, 0xd2, 0x13, 0x3d, 0x48, 0x4e, 0xf4, - 0x2b, 0x80, 0x2b, 0xca, 0x40, 0xb7, 0x16, 0x29, 0x44, 0x40, 0x36, 0x56, 0x33, 0x8b, 0xb6, 0xcd, - 0x01, 0x1b, 0xda, 0x46, 0x04, 0x28, 0xef, 0x95, 0xc0, 0x8d, 0xa6, 0x3b, 0x80, 0x52, 0xf2, 0x7e, - 0x8b, 0x8c, 0x57, 0xdc, 0xf8, 0x64, 0x2b, 0xb6, 0x38, 0x62, 0xed, 0x60, 0x19, 0x11, 0x9d, 0x41, - 0x75, 0x91, 0x03, 0x92, 0xfd, 0xdc, 0x96, 0xa3, 0x5a, 0x49, 0x12, 0x73, 0x5c, 0xb4, 0x8c, 0xfb, - 0x99, 0xfe, 0xdb, 0xe5, 0x4e, 0xe6, 0xf7, 0xcb, 0x9d, 0xcc, 0x9f, 0x97, 0x3b, 0x99, 0x5f, 0xfe, - 0xda, 0xb9, 0x06, 0x8a, 0xc3, 0xf4, 0x20, 0xc4, 0xd6, 0x37, 0x3e, 0xfb, 0x56, 0xfc, 0xbd, 0xe9, - 0x78, 0xec, 0xe8, 0xd3, 0xf6, 0xd7, 0xd9, 0x69, 0xfb, 0xe9, 0xb5, 0xe7, 0x37, 0xb8, 0xec, 0xc3, - 0x7f, 0x02, 0x00, 0x00, 0xff, 0xff, 0xe0, 0x47, 0xdb, 0x30, 0xac, 0x0a, 0x00, 0x00, + // 1152 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x56, 0xdd, 0x72, 0xdb, 0x44, + 0x14, 0xae, 0xed, 0xba, 0xb1, 0x8f, 0x5d, 0xdb, 0x59, 0x3b, 0x8e, 0xe2, 0xe6, 0xc7, 0xa3, 0x02, + 0x09, 0x61, 0x90, 0xc7, 0x66, 0xb8, 0xe9, 0x30, 0x03, 0x26, 0x71, 0x83, 0x3b, 0xb1, 0x13, 0x94, + 0x34, 0x14, 0xa6, 0x33, 0x9a, 0xad, 0xb4, 0x4d, 0x34, 0x48, 0xbb, 0xae, 0x24, 0x3b, 0xb8, 0x0c, + 0x17, 0x70, 0xc5, 0x3d, 0x37, 0xbc, 0x08, 0xef, 0xc0, 0x25, 0x33, 0xbc, 0x00, 0x13, 0x78, 0x10, + 0x46, 0xbb, 0x6b, 0x45, 0xb2, 0x5d, 0xca, 0x9d, 0xf6, 0xfc, 0x7c, 0x67, 0xcf, 0xdf, 0xb7, 0x82, + 0x06, 0x1e, 0xd9, 0xad, 0x49, 0xbb, 0x65, 0xbb, 0xf8, 0x92, 0x18, 0x3e, 0xf1, 0x26, 0xb6, 0x49, + 0xb4, 0x91, 0xc7, 0x02, 0x86, 0xd2, 0x93, 0x76, 0x63, 0xf3, 0x92, 0xb1, 0x4b, 0x87, 0xb4, 0x42, + 0x33, 0x4c, 0x29, 0x0b, 0x70, 0x60, 0x33, 0xea, 0x0b, 0x8b, 0xc6, 0x03, 0xe9, 0xed, 0x13, 0xec, + 0x99, 0x57, 0x49, 0xf7, 0x06, 0x92, 0x4a, 0xe2, 0x8e, 0x82, 0xa9, 0x94, 0x6d, 0xfb, 0x26, 0xa6, + 0x94, 0x78, 0x2d, 0xa9, 0x33, 0x99, 0x3b, 0x62, 0x94, 0xd0, 0x40, 0xea, 0x37, 0xe6, 0xf4, 0x94, + 0x05, 0x33, 0xb8, 0xaa, 0x1f, 0x30, 0x0f, 0x5f, 0x12, 0x71, 0x55, 0x29, 0x54, 0x66, 0x42, 0x8b, + 0x8c, 0x1c, 0x36, 0x75, 0x23, 0x24, 0xf5, 0x09, 0x94, 0x8f, 0x48, 0xd0, 0x0f, 0x6d, 0x75, 0xf2, + 0x6a, 0x4c, 0xfc, 0x00, 0x95, 0x20, 0x6d, 0x5b, 0x4a, 0xaa, 0x99, 0xda, 0xcb, 0xeb, 0x69, 0xdb, + 0x42, 0xbb, 0x50, 0xb6, 0xa9, 0xe9, 0x8c, 0x2d, 0x62, 0xf8, 0x94, 0xb1, 0xd7, 0xc4, 0x52, 0xd2, + 0xcd, 0xd4, 0x5e, 0x4e, 0x2f, 0x49, 0xf1, 0x99, 0x90, 0xaa, 0x9f, 0x01, 0x3a, 0xb6, 0x7d, 0x01, + 0xe6, 0xeb, 0xc4, 0x1f, 0x31, 0xea, 0x13, 0xb4, 0x0f, 0xf7, 0xf8, 0x55, 0x7c, 0x25, 0xd5, 0xcc, + 0xec, 0x15, 0x3a, 0x48, 0x93, 0x97, 0xd1, 0x22, 0x63, 0x5d, 0x5a, 0xa8, 0x1f, 0x40, 0xf5, 0x80, + 0x8d, 0xe9, 0x3c, 0x44, 0x0d, 0xb2, 0x66, 0x28, 0xe6, 0x97, 0xca, 0xea, 0xe2, 0xa0, 0x8e, 0xa0, + 0x72, 0x66, 0x62, 0x9a, 0xb8, 0xfb, 0x16, 0x80, 0x68, 0x11, 0xc5, 0x2e, 0x91, 0x39, 0xe4, 0xb9, + 0x64, 0x88, 0x5d, 0x0e, 0xf4, 0x92, 0x79, 0x26, 0x91, 0x09, 0x88, 0xc3, 0xb2, 0x04, 0x33, 0x4b, + 0x13, 0x1c, 0x81, 0x12, 0x45, 0xec, 0xd3, 0x80, 0x78, 0x14, 0x3b, 0xb3, 0xc8, 0x1f, 0x42, 0x96, + 0xc7, 0xe1, 0x41, 0x0b, 0x9d, 0xf5, 0x28, 0xcb, 0x03, 0x46, 0x03, 0x6c, 0x53, 0xe2, 0x89, 0x8b, + 0x0a, 0x2b, 0xb4, 0x03, 0x05, 0x13, 0x9b, 0x57, 0xc4, 0x32, 0x18, 0x75, 0xa6, 0x32, 0x1e, 0x08, + 0xd1, 0x09, 0x75, 0xa6, 0x4f, 0xee, 0xe6, 0xd2, 0x95, 0x8c, 0xda, 0x85, 0x8d, 0x25, 0x11, 0x65, + 0x59, 0xde, 0x49, 0x86, 0x2c, 0x45, 0x21, 0xe3, 0x91, 0xd4, 0x9f, 0xd3, 0xf0, 0xde, 0xac, 0xc5, + 0x17, 0x63, 0x87, 0x12, 0x0f, 0xbf, 0xb0, 0x1d, 0x3b, 0xb0, 0x89, 0x3f, 0x9f, 0xc3, 0x06, 0xe4, + 0x44, 0xf5, 0xa2, 0xfe, 0xaf, 0xf0, 0x73, 0xdf, 0x42, 0xed, 0x44, 0x61, 0xd3, 0x3c, 0x20, 0x4a, + 0x06, 0x0c, 0x2b, 0x1c, 0x2f, 0x76, 0x07, 0x72, 0x2e, 0x09, 0xb0, 0x85, 0x03, 0xcc, 0xf3, 0x2b, + 0x74, 0xea, 0x49, 0x87, 0x81, 0xd4, 0xea, 0x91, 0x1d, 0xfa, 0x18, 0x20, 0x9a, 0x75, 0x5f, 0xb9, + 0xcb, 0xbd, 0xd6, 0x34, 0x39, 0xed, 0x17, 0x6d, 0xed, 0x20, 0x52, 0xea, 0x31, 0x43, 0xf4, 0x2e, + 0x64, 0xc3, 0x15, 0xf0, 0x95, 0x6c, 0x33, 0xb3, 0x57, 0xea, 0x94, 0x63, 0x1e, 0x43, 0x16, 0x10, + 0x5d, 0x68, 0xd5, 0x33, 0xa8, 0x1e, 0x12, 0x87, 0x04, 0x64, 0x36, 0x5f, 0x22, 0x6d, 0x15, 0xb2, + 0xaf, 0xc6, 0xc4, 0x9b, 0xca, 0x3a, 0x16, 0xb5, 0x49, 0x5b, 0xd3, 0xf1, 0xf5, 0x97, 0xa1, 0x4c, + 0x17, 0x2a, 0xa4, 0xc0, 0x8a, 0xc9, 0xe8, 0x4b, 0xdb, 0x73, 0xe5, 0xec, 0xcc, 0x8e, 0xea, 0x29, + 0xd4, 0x92, 0xa0, 0xb2, 0x3b, 0x3b, 0x50, 0xa0, 0x63, 0xd7, 0xb0, 0xb8, 0x4e, 0xd4, 0xf3, 0xbe, + 0x0e, 0x74, 0xec, 0x0a, 0x6b, 0x0b, 0xad, 0xc3, 0x8a, 0xe5, 0x4d, 0x0d, 0x6f, 0x4c, 0x25, 0xe4, + 0x3d, 0xcb, 0x9b, 0xea, 0x63, 0xaa, 0xee, 0xc2, 0xea, 0x57, 0x38, 0x30, 0xaf, 0x12, 0x93, 0x8d, + 0xe0, 0x6e, 0x6c, 0xa6, 0xf9, 0xb7, 0xfa, 0x63, 0x1a, 0x50, 0xdc, 0x52, 0x46, 0xde, 0x85, 0x32, + 0x65, 0x9e, 0x8b, 0x1d, 0xfb, 0x35, 0xb1, 0xe2, 0x9b, 0x50, 0xba, 0x15, 0xf3, 0x0e, 0x7d, 0x0a, + 0x40, 0x3c, 0x8f, 0x79, 0x46, 0x30, 0x1d, 0x89, 0xa6, 0x96, 0x3a, 0xcd, 0x30, 0xfb, 0x45, 0x50, + 0xad, 0x17, 0x1a, 0x9e, 0x4f, 0x47, 0x44, 0xcf, 0x93, 0xd9, 0x27, 0x7a, 0x08, 0xf7, 0x05, 0x80, + 0x4b, 0x7c, 0x3f, 0x9c, 0xc4, 0x0c, 0x8f, 0x53, 0xe4, 0xc2, 0x81, 0x90, 0xa9, 0xcf, 0x21, 0x1f, + 0x39, 0xa3, 0x22, 0xe4, 0x86, 0x27, 0x46, 0x4f, 0xd7, 0x4f, 0xf4, 0xca, 0x1d, 0x54, 0x07, 0xd4, + 0x1f, 0x5e, 0x74, 0x8f, 0xfb, 0x87, 0x46, 0x7f, 0xd0, 0x3d, 0xea, 0x19, 0xc3, 0xee, 0xa0, 0x57, + 0x49, 0x21, 0x05, 0x6a, 0xc3, 0x13, 0x43, 0x2a, 0x86, 0xe7, 0xbd, 0x23, 0xbd, 0x7b, 0xde, 0x3f, + 0x19, 0x56, 0xd2, 0xa8, 0x0c, 0x85, 0xb3, 0x83, 0xee, 0xd0, 0x78, 0xdc, 0xed, 0x1f, 0xf7, 0x0e, + 0x2b, 0x19, 0xf5, 0x7d, 0xa8, 0x3e, 0xa5, 0xd7, 0xff, 0xab, 0x5c, 0xcf, 0x40, 0x39, 0x22, 0x01, + 0xcf, 0x8d, 0x58, 0x73, 0xdd, 0xfa, 0x04, 0x4a, 0xd7, 0x42, 0x61, 0x24, 0xd8, 0x6a, 0x2d, 0x1a, + 0xd9, 0xb8, 0x9f, 0x7e, 0xff, 0x3a, 0x8e, 0xa2, 0x3e, 0x82, 0xe6, 0x1b, 0xd7, 0xf4, 0x90, 0x04, + 0xd8, 0x76, 0xfc, 0x46, 0x1d, 0x6a, 0xe7, 0x8c, 0x0d, 0x30, 0x9d, 0x9e, 0x62, 0x0f, 0x3b, 0x0e, + 0x71, 0x42, 0x17, 0xbf, 0xf3, 0xdb, 0x0a, 0x14, 0xb9, 0xe3, 0x99, 0x78, 0x16, 0xd0, 0x17, 0x90, + 0x9b, 0xed, 0x2b, 0xaa, 0x86, 0xdd, 0x98, 0x23, 0xe8, 0xc6, 0xdc, 0xa2, 0xab, 0xeb, 0x3f, 0xfd, + 0xf9, 0xcf, 0x2f, 0xe9, 0x55, 0x54, 0x8e, 0x5e, 0x28, 0xbf, 0xf5, 0xbd, 0x6d, 0xfd, 0x80, 0x06, + 0x50, 0x88, 0xd1, 0x29, 0x4a, 0x0c, 0x76, 0x63, 0x3d, 0x3c, 0x2d, 0x61, 0xdb, 0x65, 0x70, 0x9c, + 0x70, 0xd1, 0x63, 0x80, 0x5b, 0x7e, 0x9f, 0x43, 0xab, 0x87, 0xa7, 0x45, 0xf6, 0x57, 0x11, 0x07, + 0x2b, 0x22, 0xb8, 0x05, 0x43, 0x03, 0xc8, 0x47, 0xd5, 0x42, 0xb5, 0xd0, 0x71, 0x9e, 0xc7, 0x17, + 0x52, 0x6c, 0x70, 0x98, 0x9a, 0x1a, 0x4f, 0x31, 0xdc, 0xf1, 0x47, 0xa9, 0x7d, 0x74, 0x0a, 0xab, + 0x0b, 0xc5, 0x47, 0x9b, 0x09, 0xd8, 0x39, 0xa2, 0x6b, 0x6c, 0xbd, 0x41, 0x2b, 0x87, 0xc1, 0x81, + 0x9d, 0xb7, 0x30, 0x26, 0xda, 0x8f, 0x37, 0xe6, 0xbf, 0x69, 0xf5, 0x6d, 0xd1, 0x9e, 0xc3, 0x4e, + 0x9f, 0x4e, 0xb0, 0x63, 0x5b, 0x38, 0x20, 0xa1, 0x59, 0x97, 0x5a, 0x3a, 0xb9, 0xb4, 0xfd, 0xc0, + 0x9b, 0x1e, 0x84, 0x0f, 0x82, 0x8f, 0xf2, 0x21, 0x42, 0x2f, 0xfc, 0x41, 0x68, 0xdc, 0x7e, 0xaa, + 0x0f, 0x79, 0x51, 0xb6, 0xd0, 0x83, 0x58, 0x51, 0xf8, 0x0b, 0xd2, 0xb2, 0x23, 0x3c, 0xf4, 0x14, + 0x8a, 0x71, 0x7a, 0x42, 0xbc, 0xed, 0x4b, 0x58, 0xb0, 0xa1, 0x2c, 0x2a, 0x92, 0x3d, 0xdc, 0x8f, + 0xf7, 0xf0, 0x6b, 0x80, 0x5b, 0x92, 0x40, 0x6b, 0xf3, 0xa4, 0x21, 0x20, 0xeb, 0xcb, 0xb9, 0x44, + 0xdd, 0xe4, 0x80, 0x75, 0x75, 0x35, 0x04, 0x94, 0x9b, 0x24, 0x70, 0xc3, 0x7e, 0x0e, 0xa0, 0x18, + 0xdf, 0x68, 0x71, 0xe3, 0x25, 0x3b, 0x1e, 0x2f, 0xc5, 0x06, 0x47, 0xac, 0xee, 0x2f, 0x22, 0xa2, + 0x0b, 0xa8, 0xcc, 0x6f, 0x7d, 0xbc, 0x9e, 0x9b, 0xb2, 0x91, 0x4b, 0x69, 0x61, 0x86, 0x8b, 0x16, + 0x71, 0x3f, 0xd7, 0x7e, 0xbf, 0xd9, 0x4e, 0xfd, 0x71, 0xb3, 0x9d, 0xfa, 0xeb, 0x66, 0x3b, 0xf5, + 0xeb, 0xdf, 0xdb, 0x77, 0x40, 0xb1, 0x99, 0xe6, 0x07, 0xd8, 0xfc, 0xd6, 0x63, 0xdf, 0x89, 0xdf, + 0x2b, 0x0d, 0x8f, 0x6c, 0x6d, 0xd2, 0xfe, 0x26, 0x3d, 0x69, 0x3f, 0xbb, 0xf3, 0xe2, 0x1e, 0x97, + 0x7d, 0xf4, 0x6f, 0x00, 0x00, 0x00, 0xff, 0xff, 0xf7, 0x46, 0xbc, 0xa2, 0x4d, 0x0a, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -1265,7 +1200,7 @@ type ImageServiceClient interface { // ScanImageInternal is used solely by the Sensor and Admission Controller to send scan requests ScanImageInternal(ctx context.Context, in *ScanImageInternalRequest, opts ...grpc.CallOption) (*ScanImageInternalResponse, error) // GetImageVulnerabilities is used solely by the Sensor to send vulnerability matching requests. - GetImageVulnerabilitiesInternal(ctx context.Context, in *GetImageVulnerabilitiesInternalRequest, opts ...grpc.CallOption) (*GetImageVulnerabilitiesInternalResponse, error) + GetImageVulnerabilitiesInternal(ctx context.Context, in *GetImageVulnerabilitiesInternalRequest, opts ...grpc.CallOption) (*ScanImageInternalResponse, error) // InvalidateScanAndRegistryCaches removes the image metadata cache. InvalidateScanAndRegistryCaches(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) // DeleteImage removes the images based on a query @@ -1334,8 +1269,8 @@ func (c *imageServiceClient) ScanImageInternal(ctx context.Context, in *ScanImag return out, nil } -func (c *imageServiceClient) GetImageVulnerabilitiesInternal(ctx context.Context, in *GetImageVulnerabilitiesInternalRequest, opts ...grpc.CallOption) (*GetImageVulnerabilitiesInternalResponse, error) { - out := new(GetImageVulnerabilitiesInternalResponse) +func (c *imageServiceClient) GetImageVulnerabilitiesInternal(ctx context.Context, in *GetImageVulnerabilitiesInternalRequest, opts ...grpc.CallOption) (*ScanImageInternalResponse, error) { + out := new(ScanImageInternalResponse) err := c.cc.Invoke(ctx, "/v1.ImageService/GetImageVulnerabilitiesInternal", in, out, opts...) if err != nil { return nil, err @@ -1401,7 +1336,7 @@ type ImageServiceServer interface { // ScanImageInternal is used solely by the Sensor and Admission Controller to send scan requests ScanImageInternal(context.Context, *ScanImageInternalRequest) (*ScanImageInternalResponse, error) // GetImageVulnerabilities is used solely by the Sensor to send vulnerability matching requests. - GetImageVulnerabilitiesInternal(context.Context, *GetImageVulnerabilitiesInternalRequest) (*GetImageVulnerabilitiesInternalResponse, error) + GetImageVulnerabilitiesInternal(context.Context, *GetImageVulnerabilitiesInternalRequest) (*ScanImageInternalResponse, error) // InvalidateScanAndRegistryCaches removes the image metadata cache. InvalidateScanAndRegistryCaches(context.Context, *Empty) (*Empty, error) // DeleteImage removes the images based on a query @@ -1436,7 +1371,7 @@ func (*UnimplementedImageServiceServer) ScanImage(ctx context.Context, req *Scan func (*UnimplementedImageServiceServer) ScanImageInternal(ctx context.Context, req *ScanImageInternalRequest) (*ScanImageInternalResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method ScanImageInternal not implemented") } -func (*UnimplementedImageServiceServer) GetImageVulnerabilitiesInternal(ctx context.Context, req *GetImageVulnerabilitiesInternalRequest) (*GetImageVulnerabilitiesInternalResponse, error) { +func (*UnimplementedImageServiceServer) GetImageVulnerabilitiesInternal(ctx context.Context, req *GetImageVulnerabilitiesInternalRequest) (*ScanImageInternalResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method GetImageVulnerabilitiesInternal not implemented") } func (*UnimplementedImageServiceServer) InvalidateScanAndRegistryCaches(ctx context.Context, req *Empty) (*Empty, error) { @@ -2057,45 +1992,6 @@ func (m *GetImageVulnerabilitiesInternalRequest) MarshalToSizedBuffer(dAtA []byt return len(dAtA) - i, nil } -func (m *GetImageVulnerabilitiesInternalResponse) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *GetImageVulnerabilitiesInternalResponse) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *GetImageVulnerabilitiesInternalResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } - if m.Image != nil { - { - size, err := m.Image.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintImageService(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} - func (m *DeleteImagesRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -2551,22 +2447,6 @@ func (m *GetImageVulnerabilitiesInternalRequest) Size() (n int) { return n } -func (m *GetImageVulnerabilitiesInternalResponse) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - if m.Image != nil { - l = m.Image.Size() - n += 1 + l + sovImageService(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - func (m *DeleteImagesRequest) Size() (n int) { if m == nil { return 0 @@ -3542,93 +3422,6 @@ func (m *GetImageVulnerabilitiesInternalRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *GetImageVulnerabilitiesInternalResponse) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowImageService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: GetImageVulnerabilitiesInternalResponse: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: GetImageVulnerabilitiesInternalResponse: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Image", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowImageService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthImageService - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthImageService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.Image == nil { - m.Image = &storage.Image{} - } - if err := m.Image.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipImageService(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthImageService - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} func (m *DeleteImagesRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 diff --git a/generated/api/v1/image_service.swagger.json b/generated/api/v1/image_service.swagger.json index 246fa808b08f6..bb4b1719147ba 100644 --- a/generated/api/v1/image_service.swagger.json +++ b/generated/api/v1/image_service.swagger.json @@ -1421,14 +1421,6 @@ "v1Empty": { "type": "object" }, - "v1GetImageVulnerabilitiesInternalResponse": { - "type": "object", - "properties": { - "image": { - "$ref": "#/definitions/storageImage" - } - } - }, "v1GetWatchedImagesResponse": { "type": "object", "properties": { diff --git a/proto/api/v1/image_service.proto b/proto/api/v1/image_service.proto index 65de55c92df9d..8353ba9d956f1 100644 --- a/proto/api/v1/image_service.proto +++ b/proto/api/v1/image_service.proto @@ -50,10 +50,6 @@ message GetImageVulnerabilitiesInternalRequest { repeated scannerV1.Note notes = 5; } -message GetImageVulnerabilitiesInternalResponse { - storage.Image image = 1; -} - message DeleteImagesRequest { RawQuery query = 1; bool confirm = 2; @@ -147,7 +143,7 @@ service ImageService { rpc ScanImageInternal (ScanImageInternalRequest) returns (ScanImageInternalResponse); // GetImageVulnerabilities is used solely by the Sensor to send vulnerability matching requests. - rpc GetImageVulnerabilitiesInternal (GetImageVulnerabilitiesInternalRequest) returns (GetImageVulnerabilitiesInternalResponse); + rpc GetImageVulnerabilitiesInternal (GetImageVulnerabilitiesInternalRequest) returns (ScanImageInternalResponse); // InvalidateScanAndRegistryCaches removes the image metadata cache. rpc InvalidateScanAndRegistryCaches (Empty) returns (Empty) { From bf2c6bf9bf920b6e4913fe513e44afd376491dd6 Mon Sep 17 00:00:00 2001 From: RTann Date: Wed, 2 Feb 2022 12:24:14 -0800 Subject: [PATCH 038/103] update error --- pkg/images/integration/set_impl.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/images/integration/set_impl.go b/pkg/images/integration/set_impl.go index 48fac9d7a57f9..29fab83639ac6 100644 --- a/pkg/images/integration/set_impl.go +++ b/pkg/images/integration/set_impl.go @@ -64,7 +64,7 @@ func (e *setImpl) UpdateImageIntegration(integration *storage.ImageIntegration) err = e.scannerSet.UpdateImageIntegration(integration) case storage.ImageIntegrationCategory_NODE_SCANNER: // This is because node scanners are implemented into image integrations default: - err = fmt.Errorf("Source category '%s' has not been implemented", category) + err = fmt.Errorf("source category %q has not been implemented", category) } } From 63588ab9da66805ad7ad4c91d99182e8d6e50638 Mon Sep 17 00:00:00 2001 From: RTann Date: Wed, 2 Feb 2022 14:48:09 -0800 Subject: [PATCH 039/103] unit test --- sensor/common/registry/registry_store.go | 25 +++- .../listener/resources/secrets_test.go | 122 ++++++++++++++++++ 2 files changed, 142 insertions(+), 5 deletions(-) create mode 100644 sensor/kubernetes/listener/resources/secrets_test.go diff --git a/sensor/common/registry/registry_store.go b/sensor/common/registry/registry_store.go index 6a3442c43de98..7ba7af492a12f 100644 --- a/sensor/common/registry/registry_store.go +++ b/sensor/common/registry/registry_store.go @@ -19,9 +19,11 @@ type Store struct { store map[string]registries.Set mutex sync.RWMutex + + test bool } -// newRegistryStore creates a new registryStore. +// newRegistryStore creates a new registry store. func newRegistryStore() *Store { return &Store{ factory: registries.NewFactory(registries.WithRegistryCreators(dockerFactory.Creator)), @@ -29,6 +31,15 @@ func newRegistryStore() *Store { } } +// NewTestRegistryStore creates a new registry store for testing purposes. +// The main difference between this and a non-test registry store +// is that this one does not attempt to reach out to the registry to check TLS. +func NewTestRegistryStore() *Store { + rs := newRegistryStore() + rs.test = true + return rs +} + func (rs *Store) getRegistries(namespace string) registries.Set { rs.mutex.Lock() defer rs.mutex.Unlock() @@ -46,12 +57,16 @@ func (rs *Store) getRegistries(namespace string) registries.Set { func (rs *Store) UpsertRegistry(namespace, registry string, dce types.DockerConfigEntry) error { regs := rs.getRegistries(namespace) - secure, err := tlscheck.CheckTLS(registry) - if err != nil { - return errors.Wrapf(err, "unable to check TLS for registry %q", registry) + var secure bool + if !rs.test { + var err error + secure, err = tlscheck.CheckTLS(registry) + if err != nil { + return errors.Wrapf(err, "unable to check TLS for registry %q", registry) + } } - err = regs.UpdateImageIntegration(&storage.ImageIntegration{ + err := regs.UpdateImageIntegration(&storage.ImageIntegration{ Name: registry, Type: "docker", Categories: []storage.ImageIntegrationCategory{storage.ImageIntegrationCategory_REGISTRY}, diff --git a/sensor/kubernetes/listener/resources/secrets_test.go b/sensor/kubernetes/listener/resources/secrets_test.go new file mode 100644 index 0000000000000..87b69ec795def --- /dev/null +++ b/sensor/kubernetes/listener/resources/secrets_test.go @@ -0,0 +1,122 @@ +package resources + +import ( + "testing" + + "github.com/stackrox/rox/generated/internalapi/central" + "github.com/stackrox/rox/pkg/features" + "github.com/stackrox/rox/pkg/registries/types" + "github.com/stackrox/rox/pkg/testutils/envisolator" + "github.com/stackrox/rox/sensor/common/registry" + "github.com/stretchr/testify/assert" + v1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +var ( + openshift311DockerConfigSecret = &v1.Secret{ + TypeMeta: metav1.TypeMeta{ + Kind: "Secret", + APIVersion: "v1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "default-dockercfg-6167c", + Namespace: "test-ns", + Annotations: map[string]string{ + "kubernetes.io/service-account.name": "default", + }, + }, + Data: map[string][]byte{ + ".dockercfg": []byte(` +{ + "docker-registry.default.svc.cluster.local:5000": { + "username": "serviceaccount", + "password": "password", + "email": "serviceaccount@example.org" + } +}`), + }, + Type: "kubernetes.io/dockercfg", + } + + openshift4xDockerConfigSecret = &v1.Secret{ + TypeMeta: metav1.TypeMeta{ + Kind: "Secret", + APIVersion: "v1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "default-dockercfg-9w5gn", + Namespace: "test-ns", + Annotations: map[string]string{ + "kubernetes.io/service-account.name": "default", + }, + }, + Data: map[string][]byte{ + ".dockercfg": []byte(` +{ + "image-registry.openshift-image-registry.svc:5000": { + "username": "serviceaccount", + "password": "password", + "email": "serviceaccount@example.org" + } +}`), + }, + Type: "kubernetes.io/dockercfg", + } +) + +func TestOpenShiftRegistrySecret_311(t *testing.T) { + envIsolator := envisolator.NewEnvIsolator(t) + envIsolator.Setenv(features.LocalImageScanning.EnvVar(), "true") + defer envIsolator.RestoreAll() + + regStore := registry.NewTestRegistryStore() + d := newSecretDispatcher(regStore) + + _ = d.ProcessEvent(openshift311DockerConfigSecret, nil, central.ResourceAction_CREATE_RESOURCE) + + assert.Nil(t, regStore.GetAllInNamespace("random-ns")) + + regs := regStore.GetAllInNamespace(openshift311DockerConfigSecret.GetNamespace()) + assert.NotNil(t, regs) + assert.Len(t, regs.GetAll(), 1) + + expectedRegConfig := &types.Config{ + Username: "serviceaccount", + Password: "password", + Insecure: true, + URL: "https://docker-registry.default.svc.cluster.local:5000", + RegistryHostname: "docker-registry.default.svc.cluster.local:5000", + Autogenerated: false, + } + + assert.Equal(t, expectedRegConfig, regs.GetAll()[0].Config()) +} + +func TestOpenShiftRegistrySecret_4x(t *testing.T) { + envIsolator := envisolator.NewEnvIsolator(t) + envIsolator.Setenv(features.LocalImageScanning.EnvVar(), "true") + defer envIsolator.RestoreAll() + + regStore := registry.NewTestRegistryStore() + d := newSecretDispatcher(regStore) + + _ = d.ProcessEvent(openshift4xDockerConfigSecret, nil, central.ResourceAction_CREATE_RESOURCE) + + assert.Nil(t, regStore.GetAllInNamespace("random-ns")) + + regs := regStore.GetAllInNamespace(openshift4xDockerConfigSecret.GetNamespace()) + assert.NotNil(t, regs) + assert.Len(t, regs.GetAll(), 1) + + expectedRegConfig := &types.Config{ + Username: "serviceaccount", + Password: "password", + Insecure: true, + URL: "https://image-registry.openshift-image-registry.svc:5000", + RegistryHostname: "image-registry.openshift-image-registry.svc:5000", + Autogenerated: false, + } + + assert.Equal(t, expectedRegConfig, regs.GetAll()[0].Config()) +} From a3c78c0b6fa4903797a73ab22de4c6a273c9d102 Mon Sep 17 00:00:00 2001 From: RTann Date: Wed, 2 Feb 2022 16:10:33 -0800 Subject: [PATCH 040/103] update unit tests --- .../kubernetes/listener/resources/secrets_test.go | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/sensor/kubernetes/listener/resources/secrets_test.go b/sensor/kubernetes/listener/resources/secrets_test.go index 87b69ec795def..cfa85d36bb79e 100644 --- a/sensor/kubernetes/listener/resources/secrets_test.go +++ b/sensor/kubernetes/listener/resources/secrets_test.go @@ -6,7 +6,7 @@ import ( "github.com/stackrox/rox/generated/internalapi/central" "github.com/stackrox/rox/pkg/features" "github.com/stackrox/rox/pkg/registries/types" - "github.com/stackrox/rox/pkg/testutils/envisolator" + "github.com/stackrox/rox/pkg/testutils" "github.com/stackrox/rox/sensor/common/registry" "github.com/stretchr/testify/assert" v1 "k8s.io/api/core/v1" @@ -66,10 +66,10 @@ var ( ) func TestOpenShiftRegistrySecret_311(t *testing.T) { - envIsolator := envisolator.NewEnvIsolator(t) - envIsolator.Setenv(features.LocalImageScanning.EnvVar(), "true") - defer envIsolator.RestoreAll() + testutils.RunWithFeatureFlagEnabled(t, features.LocalImageScanning, testOpenShiftRegistrySecret311) +} +func testOpenShiftRegistrySecret311(t *testing.T) { regStore := registry.NewTestRegistryStore() d := newSecretDispatcher(regStore) @@ -94,10 +94,10 @@ func TestOpenShiftRegistrySecret_311(t *testing.T) { } func TestOpenShiftRegistrySecret_4x(t *testing.T) { - envIsolator := envisolator.NewEnvIsolator(t) - envIsolator.Setenv(features.LocalImageScanning.EnvVar(), "true") - defer envIsolator.RestoreAll() + testutils.RunWithFeatureFlagEnabled(t, features.LocalImageScanning, testOpenShiftRegistrySecret4x) +} +func testOpenShiftRegistrySecret4x(t *testing.T) { regStore := registry.NewTestRegistryStore() d := newSecretDispatcher(regStore) From 3c1e2a7a43a35b08d9b13e5bede912aaf8517f27 Mon Sep 17 00:00:00 2001 From: RTann Date: Wed, 2 Feb 2022 16:12:53 -0800 Subject: [PATCH 041/103] comments --- sensor/common/registry/registry_store.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sensor/common/registry/registry_store.go b/sensor/common/registry/registry_store.go index 7ba7af492a12f..ce99785f73b1c 100644 --- a/sensor/common/registry/registry_store.go +++ b/sensor/common/registry/registry_store.go @@ -15,11 +15,11 @@ import ( type Store struct { factory registries.Factory // store maps a namespace to the names of registries accessible from within the namespace. - // The registry maps to its credentials. store map[string]registries.Set mutex sync.RWMutex + // test indicates if this is a test store or not. test bool } From 873df32a2ea765484ec00feb2d357f8f92aa246d Mon Sep 17 00:00:00 2001 From: RTann Date: Wed, 2 Feb 2022 17:41:17 -0800 Subject: [PATCH 042/103] update TODO --- central/image/service/service_impl.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/central/image/service/service_impl.go b/central/image/service/service_impl.go index 2645f988ebd08..9ed175fc75469 100644 --- a/central/image/service/service_impl.go +++ b/central/image/service/service_impl.go @@ -255,7 +255,7 @@ func (s *serviceImpl) ScanImage(ctx context.Context, request *v1.ScanImageReques // GetImageVulnerabilitiesInternal retrieves the vulnerabilities related to the image // specified by the given components and scan notes. // This is meant to be called by Sensor. -// TODO(ROX-8401): Implement me. +// TODO(ross): Implement me. func (s *serviceImpl) GetImageVulnerabilitiesInternal(ctx context.Context, request *v1.GetImageVulnerabilitiesInternalRequest) (*v1.ScanImageInternalResponse, error) { return nil, nil } From a21592d672935e1390a7d473808b960946ae5b7b Mon Sep 17 00:00:00 2001 From: RTann Date: Wed, 2 Feb 2022 17:50:00 -0800 Subject: [PATCH 043/103] add debug log --- sensor/common/registry/registry_store.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/sensor/common/registry/registry_store.go b/sensor/common/registry/registry_store.go index ce99785f73b1c..a174348d60c3c 100644 --- a/sensor/common/registry/registry_store.go +++ b/sensor/common/registry/registry_store.go @@ -4,12 +4,17 @@ import ( "github.com/pkg/errors" "github.com/stackrox/rox/generated/storage" "github.com/stackrox/rox/pkg/docker/types" + "github.com/stackrox/rox/pkg/logging" "github.com/stackrox/rox/pkg/registries" dockerFactory "github.com/stackrox/rox/pkg/registries/docker" "github.com/stackrox/rox/pkg/sync" "github.com/stackrox/rox/pkg/tlscheck" ) +var ( + log = logging.LoggerForModule() +) + // Store stores cluster-internal registries by namespace. // It is assumed all the registries are Docker registries. type Store struct { @@ -83,6 +88,8 @@ func (rs *Store) UpsertRegistry(namespace, registry string, dce types.DockerConf return errors.Wrapf(err, "updating registry store with registry %q", registry) } + log.Debugf("Upserted registry %q into store", registry) + return nil } From 8b864a91af56e605df0d7fbfc0873084723ec1fe Mon Sep 17 00:00:00 2001 From: RTann Date: Wed, 2 Feb 2022 18:01:24 -0800 Subject: [PATCH 044/103] add some debug logs --- sensor/common/scannerclient/grpc_client.go | 2 ++ sensor/common/scannerclient/scan.go | 3 +++ 2 files changed, 5 insertions(+) diff --git a/sensor/common/scannerclient/grpc_client.go b/sensor/common/scannerclient/grpc_client.go index f18a2c67a4e54..688ffc82d13c4 100644 --- a/sensor/common/scannerclient/grpc_client.go +++ b/sensor/common/scannerclient/grpc_client.go @@ -73,6 +73,8 @@ func (c *client) GetImageAnalysis(ctx context.Context, image *storage.ContainerI return nil, errors.Wrapf(err, "getting image metadata for %s in namespace %q", image.GetName().GetFullName(), image.GetNamespace()) } + log.Debugf("Retrieved metadata for image %s in namespace %s: %v", image.GetName().GetFullName(), image.GetNamespace(), metadata) + cfg := reg.Config() resp, err := c.client.GetImageComponents(ctx, &scannerV1.GetImageComponentsRequest{ Image: image.GetId(), diff --git a/sensor/common/scannerclient/scan.go b/sensor/common/scannerclient/scan.go index 8e769cc655c6e..f8bc83ef797e7 100644 --- a/sensor/common/scannerclient/scan.go +++ b/sensor/common/scannerclient/scan.go @@ -6,12 +6,15 @@ import ( "github.com/pkg/errors" v1 "github.com/stackrox/rox/generated/api/v1" "github.com/stackrox/rox/generated/storage" + "github.com/stackrox/rox/pkg/logging" scannerV1 "github.com/stackrox/scanner/generated/scanner/api/v1" ) var ( // ErrNoLocalScanner indicates there is no Secured Cluster-local Scanner. ErrNoLocalScanner = errors.New("No local Scanner integrated") + + log = logging.LoggerForModule() ) // ScanImage runs the pipeline required to scan an image with a local Scanner. From 7f8290af980cc34bce9635e5077537689db8995e Mon Sep 17 00:00:00 2001 From: RTann Date: Thu, 3 Feb 2022 12:23:29 -0800 Subject: [PATCH 045/103] remove annoying log --- sensor/kubernetes/listener/resources/deployments.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/sensor/kubernetes/listener/resources/deployments.go b/sensor/kubernetes/listener/resources/deployments.go index 28f227ae6a131..08ef8d24df229 100644 --- a/sensor/kubernetes/listener/resources/deployments.go +++ b/sensor/kubernetes/listener/resources/deployments.go @@ -249,8 +249,6 @@ func (d *deploymentHandler) processPodEvent(owningDeploymentID string, k8sPod *v d.podStore.addOrUpdatePod(p) d.processFilter.UpdateByGivenContainers(p.DeploymentId, d.podStore.getContainersForDeployment(p.Namespace, p.DeploymentId)) - log.Debugf("Action: %+v Pod: %+v", action, p) - return ¢ral.SensorEvent{ Id: p.GetId(), Action: action, From 59049ee1b72ee3fc3a633c29ccb24c689816d00d Mon Sep 17 00:00:00 2001 From: RTann Date: Thu, 3 Feb 2022 13:18:49 -0800 Subject: [PATCH 046/103] update log --- sensor/common/registry/registry_store.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sensor/common/registry/registry_store.go b/sensor/common/registry/registry_store.go index a174348d60c3c..92dc07335327a 100644 --- a/sensor/common/registry/registry_store.go +++ b/sensor/common/registry/registry_store.go @@ -88,7 +88,7 @@ func (rs *Store) UpsertRegistry(namespace, registry string, dce types.DockerConf return errors.Wrapf(err, "updating registry store with registry %q", registry) } - log.Debugf("Upserted registry %q into store", registry) + log.Debugf("Upserted registry %q for namespace %q into store", registry, namespace) return nil } From 32a556da4df4612fb6855d2e9c7b88bfbd916eed Mon Sep 17 00:00:00 2001 From: RTann Date: Thu, 3 Feb 2022 16:07:38 -0800 Subject: [PATCH 047/103] add log --- sensor/common/scannerclient/grpc_client.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sensor/common/scannerclient/grpc_client.go b/sensor/common/scannerclient/grpc_client.go index 688ffc82d13c4..305e05ec9e5b1 100644 --- a/sensor/common/scannerclient/grpc_client.go +++ b/sensor/common/scannerclient/grpc_client.go @@ -51,6 +51,8 @@ func newGRPCClient(endpoint string) (*client, error) { return nil, errors.Wrap(err, "failed to connect to Scanner") } + log.Infof("Connected to Scanner at %s", endpoint) + return &client{ client: scannerV1.NewImageScanServiceClient(conn), conn: conn, From 6ebb97efd6fcb7f321e1726f50931c720d63593f Mon Sep 17 00:00:00 2001 From: RTann Date: Thu, 3 Feb 2022 16:08:27 -0800 Subject: [PATCH 048/103] add another log --- sensor/common/scannerclient/grpc_client.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sensor/common/scannerclient/grpc_client.go b/sensor/common/scannerclient/grpc_client.go index 305e05ec9e5b1..9d6fedbb30eaf 100644 --- a/sensor/common/scannerclient/grpc_client.go +++ b/sensor/common/scannerclient/grpc_client.go @@ -26,7 +26,7 @@ type client struct { // newGRPCClient creates a new Scanner client. func newGRPCClient(endpoint string) (*client, error) { if endpoint == "" { - // No Scanner connection desired. + log.Info("No Scanner connection desired") return nil, nil } From 1ba3004d055737f56de47009e1bd73f3cad6c376 Mon Sep 17 00:00:00 2001 From: RTann Date: Thu, 3 Feb 2022 16:19:06 -0800 Subject: [PATCH 049/103] add TODO --- pkg/env/sensor.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/env/sensor.go b/pkg/env/sensor.go index c73f97590de16..60f92f6afe7f0 100644 --- a/pkg/env/sensor.go +++ b/pkg/env/sensor.go @@ -14,5 +14,6 @@ var ( // ScannerEndpoint is used to communicate the scanner endpoint to other services in the same cluster. // This is typically used for Sensor to communicate with a local Scanner-slim's gRPC server. + // TODO: Should this not be defaulted? ScannerEndpoint = RegisterSetting("ROX_SCANNER_GRPC_ENDPOINT", WithDefault("scanner.stackrox.svc:8443")) ) From 6816611feaa749a5b773459384df9ce0088ab8b7 Mon Sep 17 00:00:00 2001 From: RTann Date: Thu, 3 Feb 2022 16:52:21 -0800 Subject: [PATCH 050/103] dont actually print metadata --- sensor/common/scannerclient/grpc_client.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sensor/common/scannerclient/grpc_client.go b/sensor/common/scannerclient/grpc_client.go index 9d6fedbb30eaf..c0688ec8b8da0 100644 --- a/sensor/common/scannerclient/grpc_client.go +++ b/sensor/common/scannerclient/grpc_client.go @@ -75,7 +75,7 @@ func (c *client) GetImageAnalysis(ctx context.Context, image *storage.ContainerI return nil, errors.Wrapf(err, "getting image metadata for %s in namespace %q", image.GetName().GetFullName(), image.GetNamespace()) } - log.Debugf("Retrieved metadata for image %s in namespace %s: %v", image.GetName().GetFullName(), image.GetNamespace(), metadata) + log.Debugf("Retrieved metadata for image %s in namespace %s", image.GetName().GetFullName(), image.GetNamespace()) cfg := reg.Config() resp, err := c.client.GetImageComponents(ctx, &scannerV1.GetImageComponentsRequest{ From f74f93de1ac13bc1bf5fc458468ffc078b1a9c26 Mon Sep 17 00:00:00 2001 From: RTann Date: Thu, 3 Feb 2022 17:00:38 -0800 Subject: [PATCH 051/103] update authz --- central/image/service/service_impl.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/central/image/service/service_impl.go b/central/image/service/service_impl.go index 9ed175fc75469..74d06c2d56f35 100644 --- a/central/image/service/service_impl.go +++ b/central/image/service/service_impl.go @@ -51,9 +51,12 @@ var ( "/v1.ImageService/CountImages", "/v1.ImageService/ListImages", }, - or.Or(idcheck.SensorsOnly(), idcheck.AdmissionControlOnly()): { + or.SensorOrAuthorizer(idcheck.AdmissionControlOnly()): { "/v1.ImageService/ScanImageInternal", }, + idcheck.SensorsOnly(): { + "/v1.ImageService/GetImageVulnerabilitiesInternal", + }, user.With(permissions.Modify(permissions.WithLegacyAuthForSAC(resources.Image, true))): { "/v1.ImageService/DeleteImages", "/v1.ImageService/ScanImage", From 90b5d55794e21adeb88d7f25d60a47a08c266b9c Mon Sep 17 00:00:00 2001 From: RTann Date: Thu, 3 Feb 2022 17:20:52 -0800 Subject: [PATCH 052/103] Revert "Revert various Scanner updates for 68 (#483)" This reverts commit 946d26976b1e1e44cd658628500c0590ebfde60e. --- CHANGELOG.md | 6 ++++++ SCANNER_VERSION | 2 +- .../helm/shared/config-templates/scanner/config.yaml.tpl | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2bc2b7fbd9bf5..0b0eac799f1c6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,12 @@ Please avoid adding duplicate information across this changelog and JIRA/doc inp ## [68.0] +- Improved accuracy of active component and vulnerability and presented it with higher confidence. + - Added `Active` state to list of components and list of vulnerabilities under Vulnerability Management within the scope of a specific deployment. + - Added `Inactive` state: the component or vulnerability was not run in the specific deployment. + - Added image scope so that the Active State can be determined in the scope of a deployment for a specific image. +- The default gRPC port in Scanner's config map is changed to 8443, as that is what Scanner has actually been defaulting to this whole time. + - Note: Scanner has been ignoring the default `httpsPort` and `grpcPort` in its config map, as Scanner expects `HTTPSPort` and `GRPCPort` (and `MetricsPort`, if ever specified). - AWS ECR integration supports AssumeRole authentication. - The default policy to detect Log4Shell vulnerability has been updated to also detect CVE-2021-45046 and the remediation has been updated to reflect the latest guidance by the Apache Logging security team. - Prior to this release, CVEs could be snoozed using global write access on `Images`. Starting this release, requests to snooze CVEs can be created only using `VulnerabilityManagementRequests` global write access and requests can be approved only using `VulnerabilityManagementApprovals` global write access. Roles with write access on `Images`, created prior to this release, are provided with both the newly added permissions. We recommend updating the roles to only include the least amount of resources required for each role. All new roles must be explicitly supplied with `VulnerabilityManagementRequests` and/or `VulnerabilityManagementApprovals` permissions in order to use CVE snoozing functionality. diff --git a/SCANNER_VERSION b/SCANNER_VERSION index 2aed6180f4bab..db65e2167ef37 100644 --- a/SCANNER_VERSION +++ b/SCANNER_VERSION @@ -1 +1 @@ -2.21.4 +2.21.0 diff --git a/image/templates/helm/shared/config-templates/scanner/config.yaml.tpl b/image/templates/helm/shared/config-templates/scanner/config.yaml.tpl index cc821180103d8..b90d9e061c451 100644 --- a/image/templates/helm/shared/config-templates/scanner/config.yaml.tpl +++ b/image/templates/helm/shared/config-templates/scanner/config.yaml.tpl @@ -23,7 +23,7 @@ scanner: api: httpsPort: 8080 - grpcPort: 8081 + grpcPort: 8443 updater: # Frequency with which the scanner will poll for vulnerability updates. From f9712dbe8d562c7643ab0ee9541918c32e1e82b4 Mon Sep 17 00:00:00 2001 From: RTann Date: Thu, 3 Feb 2022 17:22:02 -0800 Subject: [PATCH 053/103] Revert "Revert "ROX-8742: Include executable dependent component (#74)" (#480)" This reverts commit 826370057e13ca2264ead59360029b616cf35942. --- SCANNER_VERSION | 2 +- .../activecomponent/updater/updater_impl.go | 4 +- .../updater/updater_impl_test.go | 34 +- central/graphql/resolvers/generated.go | 6 + generated/api/v1/image_service.swagger.json | 6 + generated/storage/image.pb.go | 350 ++++++++++-------- go.mod | 2 +- go.sum | 4 +- pkg/clair/convert.go | 12 +- proto/storage/image.proto | 3 +- tests/active_vuln_test.go | 12 +- 11 files changed, 257 insertions(+), 178 deletions(-) diff --git a/SCANNER_VERSION b/SCANNER_VERSION index db65e2167ef37..d93847fab5fc9 100644 --- a/SCANNER_VERSION +++ b/SCANNER_VERSION @@ -1 +1 @@ -2.21.0 +2.22.1 diff --git a/central/activecomponent/updater/updater_impl.go b/central/activecomponent/updater/updater_impl.go index 5f2112544da3c..958bb46a0e142 100644 --- a/central/activecomponent/updater/updater_impl.go +++ b/central/activecomponent/updater/updater_impl.go @@ -17,7 +17,6 @@ import ( "github.com/stackrox/rox/pkg/logging" "github.com/stackrox/rox/pkg/protoconv" "github.com/stackrox/rox/pkg/sac" - "github.com/stackrox/rox/pkg/scancomponent" "github.com/stackrox/rox/pkg/search" "github.com/stackrox/rox/pkg/set" "github.com/stackrox/rox/pkg/simplecache" @@ -87,9 +86,8 @@ func (u *updaterImpl) getExecToComponentsMap(imageScan *storage.ImageScan) map[s if component.GetSource() != storage.SourceType_OS { continue } - componentID := scancomponent.ComponentID(component.GetName(), component.GetVersion()) for _, exec := range component.GetExecutables() { - execToComponents[exec.GetPath()] = append(execToComponents[exec.GetPath()], componentID) + execToComponents[exec.GetPath()] = append(execToComponents[exec.GetPath()], exec.GetDependencies()...) } // Remove the executables to save some memory. The same image won't be processed again. component.Executables = nil diff --git a/central/activecomponent/updater/updater_impl_test.go b/central/activecomponent/updater/updater_impl_test.go index cd6603e13be67..cb531c00b7261 100644 --- a/central/activecomponent/updater/updater_impl_test.go +++ b/central/activecomponent/updater/updater_impl_test.go @@ -85,9 +85,9 @@ var ( Version: "1", Source: storage.SourceType_OS, Executables: []*storage.EmbeddedImageScanComponent_Executable{ - {Path: "/root/bin/image1_component1_match_file1"}, - {Path: "/root/bin/image1_component1_nonmatch_file2"}, - {Path: "/root/bin/image1_component1_nonmatch_file3"}, + {Path: "/root/bin/image1_component1_match_file1", Dependencies: []string{scancomponent.ComponentID("image1_component1", "1")}}, + {Path: "/root/bin/image1_component1_nonmatch_file2", Dependencies: []string{scancomponent.ComponentID("image1_component1", "1")}}, + {Path: "/root/bin/image1_component1_nonmatch_file3", Dependencies: []string{scancomponent.ComponentID("image1_component1", "1")}}, }, }, { @@ -95,9 +95,9 @@ var ( Version: "2", Source: storage.SourceType_OS, Executables: []*storage.EmbeddedImageScanComponent_Executable{ - {Path: "/root/bin/image1_component2_nonmatch_file1"}, - {Path: "/root/bin/image1_component2_nonmatch_file2"}, - {Path: "/root/bin/image1_component2_match_file3"}, + {Path: "/root/bin/image1_component2_nonmatch_file1", Dependencies: []string{scancomponent.ComponentID("image1_component2", "2")}}, + {Path: "/root/bin/image1_component2_nonmatch_file2", Dependencies: []string{scancomponent.ComponentID("image1_component2", "2")}}, + {Path: "/root/bin/image1_component2_match_file3", Dependencies: []string{scancomponent.ComponentID("image1_component2", "2")}}, }, }, { @@ -110,9 +110,9 @@ var ( Version: "2", Source: storage.SourceType_OS, Executables: []*storage.EmbeddedImageScanComponent_Executable{ - {Path: "/root/bin/image1_component4_nonmatch_file1"}, - {Path: "/root/bin/image1_component4_nonmatch_file2"}, - {Path: "/root/bin/image1_component4_match_file3"}, + {Path: "/root/bin/image1_component4_nonmatch_file1", Dependencies: []string{scancomponent.ComponentID("image1_component4", "2")}}, + {Path: "/root/bin/image1_component4_nonmatch_file2", Dependencies: []string{scancomponent.ComponentID("image1_component4", "2")}}, + {Path: "/root/bin/image1_component4_match_file3", Dependencies: []string{scancomponent.ComponentID("image1_component4", "2")}}, }, }, }, @@ -354,9 +354,13 @@ func (s *acUpdaterTestSuite) TestUpdater_Update() { Version: "1", Source: storage.SourceType_OS, Executables: []*storage.EmbeddedImageScanComponent_Executable{ - {Path: "/usr/bin/component1_file1"}, - {Path: "/usr/bin/component1_file2"}, - {Path: "/usr/bin/component1and2_file3"}, + {Path: "/usr/bin/component1_file1", Dependencies: []string{scancomponent.ComponentID("component1", "1")}}, + {Path: "/usr/bin/component1_file2", Dependencies: []string{scancomponent.ComponentID("component1", "1")}}, + {Path: "/usr/bin/component1and2_file3", Dependencies: []string{scancomponent.ComponentID("component1", "1")}}, + {Path: "/usr/bin/component1_file4", Dependencies: []string{ + scancomponent.ComponentID("component1", "1"), + scancomponent.ComponentID("component2", "1"), + }}, }, }, { @@ -364,9 +368,9 @@ func (s *acUpdaterTestSuite) TestUpdater_Update() { Version: "1", Source: storage.SourceType_OS, Executables: []*storage.EmbeddedImageScanComponent_Executable{ - {Path: "/usr/bin/component2_file1"}, - {Path: "/usr/bin/component2_file2"}, - {Path: "/usr/bin/component1and2_file3"}, + {Path: "/usr/bin/component2_file1", Dependencies: []string{scancomponent.ComponentID("component2", "1")}}, + {Path: "/usr/bin/component2_file2", Dependencies: []string{scancomponent.ComponentID("component2", "1")}}, + {Path: "/usr/bin/component1and2_file3", Dependencies: []string{scancomponent.ComponentID("component2", "1")}}, }, }, }, diff --git a/central/graphql/resolvers/generated.go b/central/graphql/resolvers/generated.go index 6f9a9ab5fb075..d2ef02ed27c14 100644 --- a/central/graphql/resolvers/generated.go +++ b/central/graphql/resolvers/generated.go @@ -556,6 +556,7 @@ func registerGeneratedTypes(builder generator.SchemaBuilder) { })) generator.RegisterProtoEnum(builder, reflect.TypeOf(storage.Email_AuthMethod(0))) utils.Must(builder.AddType("EmbeddedImageScanComponent_Executable", []string{ + "dependencies: [String!]!", "path: String!", })) utils.Must(builder.AddType("EmbeddedSecret", []string{ @@ -5639,6 +5640,11 @@ func (resolver *Resolver) wrapEmbeddedImageScanComponent_Executables(values []*s return output, nil } +func (resolver *embeddedImageScanComponent_ExecutableResolver) Dependencies(ctx context.Context) []string { + value := resolver.data.GetDependencies() + return value +} + func (resolver *embeddedImageScanComponent_ExecutableResolver) Path(ctx context.Context) string { value := resolver.data.GetPath() return value diff --git a/generated/api/v1/image_service.swagger.json b/generated/api/v1/image_service.swagger.json index dee6dfb920178..6d67342f4e4fd 100644 --- a/generated/api/v1/image_service.swagger.json +++ b/generated/api/v1/image_service.swagger.json @@ -413,6 +413,12 @@ "properties": { "path": { "type": "string" + }, + "dependencies": { + "type": "array", + "items": { + "type": "string" + } } } }, diff --git a/generated/storage/image.pb.go b/generated/storage/image.pb.go index 2ff3ceff20122..d2d22436b6259 100644 --- a/generated/storage/image.pb.go +++ b/generated/storage/image.pb.go @@ -1042,6 +1042,7 @@ func (m *EmbeddedImageScanComponent) Clone() *EmbeddedImageScanComponent { type EmbeddedImageScanComponent_Executable struct { Path string `protobuf:"bytes,1,opt,name=path,proto3" json:"path,omitempty"` + Dependencies []string `protobuf:"bytes,2,rep,name=dependencies,proto3" json:"dependencies,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -1087,6 +1088,13 @@ func (m *EmbeddedImageScanComponent_Executable) GetPath() string { return "" } +func (m *EmbeddedImageScanComponent_Executable) GetDependencies() []string { + if m != nil { + return m.Dependencies + } + return nil +} + func (m *EmbeddedImageScanComponent_Executable) MessageClone() proto.Message { return m.Clone() } @@ -1097,6 +1105,10 @@ func (m *EmbeddedImageScanComponent_Executable) Clone() *EmbeddedImageScanCompon cloned := new(EmbeddedImageScanComponent_Executable) *cloned = *m + if m.Dependencies != nil { + cloned.Dependencies = make([]string, len(m.Dependencies)) + copy(cloned.Dependencies, m.Dependencies) + } return cloned } @@ -2410,151 +2422,152 @@ func init() { func init() { proto.RegisterFile("storage/image.proto", fileDescriptor_c926ac8b7cb24b2e) } var fileDescriptor_c926ac8b7cb24b2e = []byte{ - // 2300 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x58, 0xcd, 0x6e, 0xdb, 0xd8, - 0xf5, 0x37, 0xf5, 0xad, 0x23, 0xc7, 0x51, 0x6e, 0x3c, 0x89, 0x62, 0x4f, 0x4c, 0x86, 0x99, 0x0f, - 0xe7, 0x4b, 0x49, 0x1c, 0xff, 0xff, 0xd3, 0x19, 0x20, 0x53, 0x48, 0x32, 0x63, 0xcb, 0xa3, 0x48, - 0xc1, 0x95, 0xac, 0x60, 0x3a, 0x0b, 0x82, 0xa6, 0xae, 0x65, 0xc2, 0x12, 0xa9, 0xf2, 0x52, 0x4a, - 0xd4, 0x07, 0x28, 0xd0, 0x6d, 0x81, 0x02, 0x7d, 0x80, 0x2e, 0xbb, 0xea, 0x4b, 0x74, 0x96, 0xf3, - 0x04, 0x42, 0x91, 0xee, 0x0a, 0x74, 0xa3, 0x75, 0x17, 0xc5, 0xbd, 0xbc, 0xa4, 0x48, 0xd9, 0x4e, - 0xdc, 0xdd, 0xe5, 0x39, 0xbf, 0x73, 0x78, 0x79, 0xbe, 0x0f, 0xe1, 0x26, 0xf5, 0x1c, 0xd7, 0xe8, - 0x93, 0xa7, 0xd6, 0xd0, 0xe8, 0x93, 0xf2, 0xc8, 0x75, 0x3c, 0x07, 0x65, 0x05, 0x71, 0x43, 0xee, - 0x3b, 0x4e, 0x7f, 0x40, 0x9e, 0x72, 0xf2, 0xf1, 0xf8, 0xe4, 0xa9, 0x67, 0x0d, 0x09, 0xf5, 0x8c, - 0xe1, 0xc8, 0x47, 0x6e, 0xa0, 0x40, 0xdc, 0xb5, 0xe8, 0x99, 0xa0, 0xdd, 0x08, 0x68, 0xe6, 0x44, - 0x28, 0xdc, 0xd8, 0x0c, 0x48, 0x93, 0xf1, 0xc0, 0x26, 0xae, 0x71, 0x6c, 0x0d, 0x2c, 0x6f, 0x7a, - 0x11, 0x53, 0x77, 0xc9, 0x6f, 0xc7, 0x84, 0x7a, 0x54, 0x30, 0xd7, 0xfb, 0x4e, 0xdf, 0xe1, 0xc7, - 0xa7, 0xec, 0xe4, 0x53, 0xd5, 0x3f, 0xe5, 0x20, 0x5d, 0x67, 0x17, 0x46, 0x2f, 0x20, 0x61, 0xf5, - 0x4a, 0x29, 0x45, 0xda, 0xce, 0x57, 0xef, 0xcf, 0x67, 0xb2, 0x4c, 0x89, 0xe1, 0x9a, 0xa7, 0xdf, - 0xa9, 0x9c, 0xad, 0xb4, 0x4f, 0x8d, 0xc7, 0x4c, 0x3d, 0x79, 0x7c, 0x6a, 0xf5, 0x7a, 0xc4, 0x56, - 0x71, 0xc2, 0xea, 0xa1, 0xaf, 0x20, 0x65, 0x1b, 0x43, 0x52, 0x92, 0x14, 0x69, 0xbb, 0xb0, 0x83, - 0xca, 0xe2, 0x02, 0x65, 0x2e, 0xd3, 0x34, 0x86, 0x04, 0x73, 0x3e, 0xda, 0x81, 0xdc, 0x90, 0x78, - 0x46, 0xcf, 0xf0, 0x8c, 0x52, 0x82, 0x63, 0x6f, 0xc5, 0xb1, 0xaf, 0x05, 0x17, 0x87, 0x38, 0xf4, - 0x6b, 0x48, 0x51, 0xd3, 0xb0, 0x4b, 0xc9, 0x8b, 0x74, 0xb7, 0x4d, 0xc3, 0xae, 0xde, 0x9e, 0xcf, - 0xe4, 0x9b, 0x23, 0x67, 0x60, 0x99, 0xd3, 0xf0, 0x9a, 0xa6, 0x61, 0xab, 0x98, 0x0b, 0xa2, 0x3e, - 0x6c, 0x52, 0xab, 0x6f, 0x1b, 0xde, 0xd8, 0x25, 0xfa, 0x84, 0xb8, 0xd6, 0x89, 0x65, 0x1a, 0x9e, - 0xe5, 0xd8, 0x3a, 0xbf, 0xc7, 0x75, 0xae, 0xf7, 0xeb, 0x25, 0xbd, 0x81, 0x40, 0x37, 0x82, 0xdf, - 0x63, 0x17, 0xbb, 0x43, 0x2f, 0x63, 0xa1, 0xff, 0x83, 0x7c, 0xc8, 0x2c, 0x15, 0xb9, 0xda, 0xdb, - 0x97, 0xa8, 0xc5, 0x0b, 0x24, 0xfa, 0x01, 0xc0, 0x74, 0x86, 0x23, 0xc7, 0x26, 0xb6, 0x47, 0x4b, - 0x59, 0x45, 0xda, 0x4e, 0x57, 0x1f, 0xcc, 0x67, 0xf2, 0x97, 0x81, 0xe5, 0x6b, 0x01, 0x57, 0xa9, - 0x39, 0x63, 0xdb, 0x8b, 0xdb, 0xff, 0x60, 0x05, 0x47, 0xc4, 0xd1, 0xb7, 0x90, 0x32, 0x27, 0x84, - 0x96, 0x72, 0x5c, 0x4d, 0xcc, 0x81, 0xb5, 0xae, 0x76, 0xa1, 0x02, 0x09, 0x73, 0x11, 0xf4, 0x06, - 0x56, 0x4f, 0xac, 0xf7, 0xc6, 0xf1, 0x80, 0xe8, 0x5c, 0x45, 0x9e, 0xab, 0x78, 0x34, 0x9f, 0xc9, - 0x5f, 0x07, 0x2a, 0x5e, 0xf9, 0x7c, 0xe5, 0x32, 0x55, 0x09, 0x5c, 0x10, 0x2a, 0x6a, 0x4c, 0xa3, - 0x0e, 0xab, 0x03, 0x83, 0x7a, 0xfa, 0x78, 0xd4, 0x33, 0x3c, 0xd2, 0x2b, 0xa5, 0xb9, 0x4d, 0x36, - 0xca, 0x7e, 0x12, 0x94, 0x83, 0x24, 0x28, 0x77, 0x82, 0x24, 0xa8, 0x2a, 0xf3, 0x99, 0xfc, 0x79, - 0xf0, 0xb6, 0x86, 0x41, 0x3d, 0xe5, 0xc8, 0x97, 0x0d, 0xc3, 0xad, 0xc0, 0x34, 0x0a, 0x22, 0xba, - 0x07, 0xab, 0xb6, 0xe3, 0xe9, 0xa3, 0xf1, 0x60, 0xc0, 0x5e, 0x5a, 0x02, 0x45, 0xda, 0xce, 0xe1, - 0x82, 0xed, 0x78, 0x6f, 0x04, 0x09, 0x6d, 0x40, 0x6e, 0xe4, 0x5a, 0x8e, 0x6b, 0x79, 0xd3, 0x52, - 0x41, 0x91, 0xb6, 0x93, 0x38, 0x7c, 0x46, 0x2f, 0x01, 0x58, 0x9a, 0xe9, 0xd4, 0x74, 0x5c, 0x52, - 0x5a, 0x55, 0xa4, 0xed, 0x44, 0x75, 0x6b, 0x3e, 0x93, 0x37, 0x82, 0x1b, 0x60, 0x8b, 0x9e, 0x29, - 0x6d, 0x33, 0x1a, 0xee, 0x79, 0x26, 0xc1, 0x49, 0xe8, 0x7b, 0xc8, 0x79, 0xce, 0x48, 0x37, 0x27, - 0x94, 0x96, 0xae, 0x71, 0xe1, 0x7b, 0xf3, 0x99, 0x7c, 0x37, 0x9e, 0x30, 0x1d, 0x67, 0xa4, 0xd4, - 0xba, 0xed, 0xb6, 0x6f, 0x29, 0xf5, 0x20, 0x89, 0xb3, 0x9e, 0x33, 0xaa, 0x4d, 0x28, 0x45, 0x0f, - 0x20, 0x6d, 0x3b, 0x1e, 0xa1, 0xa5, 0x35, 0x25, 0xb9, 0xbd, 0xb6, 0x73, 0x33, 0x1e, 0x2b, 0xe5, - 0xa6, 0xe3, 0x11, 0xec, 0x23, 0xd4, 0x17, 0x90, 0x62, 0x8f, 0x68, 0x1d, 0x8a, 0xaf, 0xeb, 0xed, - 0x76, 0xbd, 0xb9, 0xaf, 0xbf, 0xd6, 0x3a, 0x95, 0xbd, 0x4a, 0xa7, 0x52, 0x5c, 0x41, 0x9f, 0xc1, - 0x8d, 0x80, 0xda, 0xae, 0x55, 0x9a, 0x3a, 0x27, 0x4b, 0xd5, 0x22, 0xac, 0x51, 0xe2, 0xe9, 0x8b, - 0xe8, 0xa8, 0x02, 0xe4, 0x38, 0x65, 0x42, 0x68, 0xf5, 0x1a, 0x14, 0xd8, 0x59, 0xf8, 0xab, 0xba, - 0x06, 0xab, 0xec, 0x31, 0xf8, 0xa0, 0xc3, 0x54, 0x2e, 0x53, 0xcc, 0xaa, 0xcf, 0x00, 0x58, 0x68, - 0xb7, 0x9d, 0xb1, 0x6b, 0x12, 0xb4, 0xc6, 0x6b, 0x03, 0x4b, 0xf2, 0x3c, 0x4f, 0x7b, 0x24, 0xd2, - 0x3e, 0xc1, 0x29, 0xfc, 0xac, 0xfe, 0x21, 0x05, 0xf9, 0x30, 0x35, 0xd1, 0x4f, 0x90, 0x67, 0x39, - 0xa8, 0xb3, 0x32, 0x27, 0xaa, 0xc3, 0xc7, 0xdc, 0xaf, 0xce, 0x67, 0xf2, 0xd6, 0x52, 0xc1, 0x31, - 0x0d, 0x5b, 0x61, 0x08, 0x61, 0x40, 0x9c, 0x63, 0x0a, 0x19, 0x01, 0xd5, 0x62, 0x89, 0x93, 0x50, - 0x92, 0xdb, 0x85, 0x9d, 0xfb, 0xa1, 0x11, 0xb5, 0xe1, 0x31, 0xe9, 0xf5, 0x48, 0x2f, 0xbc, 0x4c, - 0x98, 0x46, 0xb1, 0x84, 0x79, 0x05, 0x45, 0x67, 0x44, 0x5c, 0xc3, 0xb3, 0xec, 0xbe, 0x4e, 0xa7, - 0xd4, 0x23, 0x43, 0x51, 0xfd, 0x36, 0xe7, 0x33, 0xf9, 0x76, 0xfc, 0x32, 0xad, 0xc0, 0x8d, 0xf8, - 0x7a, 0x28, 0xd4, 0xe6, 0x32, 0x68, 0x17, 0x0a, 0xac, 0x9c, 0xe8, 0x94, 0x9b, 0x4a, 0x54, 0xab, - 0x85, 0x4b, 0x17, 0x56, 0xc4, 0xd0, 0x5b, 0x58, 0xf4, 0x49, 0x10, 0x02, 0x69, 0x1e, 0x02, 0xb7, - 0xcf, 0x57, 0xb7, 0x58, 0x18, 0xfc, 0x55, 0x12, 0x71, 0x90, 0x87, 0xf4, 0x51, 0xb3, 0xad, 0x75, - 0x8a, 0x2b, 0x08, 0xc1, 0x5a, 0xab, 0xad, 0x1f, 0x35, 0x2b, 0xdd, 0x4a, 0xbd, 0x51, 0xa9, 0x36, - 0xb4, 0xa2, 0xc4, 0x02, 0xe2, 0x4d, 0x05, 0x77, 0xea, 0x95, 0x46, 0x24, 0x20, 0x12, 0xe8, 0x36, - 0xdc, 0x6c, 0xb5, 0xf5, 0x5a, 0x57, 0x8b, 0xe3, 0x93, 0xe8, 0x06, 0x5c, 0x0b, 0x18, 0xed, 0x4e, - 0xa5, 0xa1, 0x15, 0x53, 0xe8, 0x2e, 0xdc, 0x69, 0x54, 0x9a, 0xfb, 0x47, 0x95, 0x7d, 0xed, 0xbc, - 0x44, 0x1a, 0xdd, 0x07, 0xb9, 0xa6, 0xe1, 0x4e, 0xfd, 0x55, 0x5d, 0xdb, 0xd3, 0xf1, 0x81, 0x26, - 0x5e, 0x14, 0x05, 0x65, 0x54, 0x02, 0x5b, 0x1f, 0xaf, 0xa6, 0xa8, 0x06, 0x59, 0x97, 0xd0, 0xf1, - 0xc0, 0xa3, 0x25, 0x89, 0xfb, 0xef, 0xc1, 0x15, 0xea, 0x30, 0xe6, 0x12, 0x38, 0x90, 0x54, 0xff, - 0x9e, 0x00, 0xe5, 0x53, 0x68, 0xb4, 0x0f, 0x37, 0x62, 0xb5, 0xff, 0x6a, 0x11, 0x89, 0x8b, 0x51, - 0x21, 0x1e, 0x75, 0x32, 0x14, 0x7c, 0x1a, 0x71, 0x75, 0xab, 0x27, 0x62, 0x1f, 0x02, 0x52, 0xbd, - 0x87, 0x0e, 0x20, 0x43, 0x3d, 0xc3, 0x1b, 0x53, 0x1e, 0x04, 0x6b, 0x3b, 0xcf, 0xae, 0xfc, 0x49, - 0xe5, 0x36, 0x97, 0xc3, 0x42, 0x5e, 0x75, 0x20, 0xe3, 0x53, 0xa2, 0xfe, 0x5e, 0x85, 0x5c, 0x57, - 0xc3, 0xdc, 0xf0, 0x45, 0x89, 0xb9, 0xf4, 0x55, 0xa5, 0xde, 0xd0, 0xf6, 0x74, 0x9f, 0x58, 0xab, - 0x74, 0xea, 0xad, 0x66, 0x31, 0x81, 0x36, 0xe0, 0x56, 0xbd, 0xd9, 0xad, 0x34, 0xea, 0x7b, 0x7a, - 0xbb, 0xbe, 0xdf, 0xac, 0x74, 0x8e, 0xb0, 0xa6, 0x57, 0x1a, 0xfb, 0xad, 0x62, 0x92, 0x09, 0xd5, - 0x5a, 0x18, 0x1f, 0xbd, 0xe9, 0x68, 0x11, 0x6e, 0x31, 0xa5, 0xfe, 0x3b, 0x05, 0x1b, 0x97, 0xe7, - 0x0d, 0x7a, 0x16, 0x69, 0xf3, 0xf9, 0xea, 0xe7, 0xf3, 0x99, 0x5c, 0x3a, 0xd7, 0xa3, 0x82, 0x04, - 0xf1, 0x1b, 0xfe, 0xf7, 0x90, 0x9d, 0x10, 0x97, 0x5a, 0x8e, 0xed, 0x1b, 0xaa, 0xfa, 0xc5, 0x7c, - 0x26, 0x2b, 0xe7, 0x1b, 0x5b, 0xd7, 0x07, 0x05, 0xc2, 0x81, 0x10, 0x7a, 0x08, 0xd9, 0x81, 0x65, - 0x12, 0x9b, 0x06, 0x19, 0x55, 0x0c, 0x8d, 0xd9, 0xf0, 0xe9, 0x38, 0x00, 0xa0, 0x5d, 0x48, 0xb3, - 0x81, 0x87, 0x96, 0x52, 0x3c, 0x92, 0xb6, 0xce, 0x55, 0x82, 0x6e, 0x74, 0x56, 0xc2, 0x3e, 0x18, - 0xdd, 0x83, 0xc2, 0xc0, 0x98, 0x32, 0x5f, 0xda, 0x3d, 0xf2, 0x9e, 0xb7, 0xa8, 0x34, 0xeb, 0xa9, - 0x9c, 0x58, 0x67, 0xb4, 0x58, 0x0b, 0xc9, 0x2c, 0xb5, 0x90, 0x47, 0x90, 0x11, 0x19, 0x9f, 0xe5, - 0xce, 0x5e, 0x64, 0xbc, 0x9f, 0xe1, 0x9d, 0xe9, 0x88, 0x60, 0x01, 0x61, 0x8a, 0x06, 0x8e, 0xef, - 0x70, 0xde, 0xa0, 0xf3, 0x38, 0x7c, 0x46, 0x9b, 0x91, 0x66, 0xc2, 0x3a, 0x6f, 0xe2, 0x40, 0x5a, - 0x74, 0x8a, 0xbb, 0xb1, 0x46, 0xc5, 0xba, 0x5c, 0x22, 0xda, 0x88, 0xee, 0x40, 0xee, 0xc4, 0x7a, - 0x4f, 0x7a, 0xfa, 0xb1, 0xdf, 0xe3, 0xf2, 0x38, 0xcb, 0x9f, 0xab, 0x53, 0xf4, 0x16, 0x0a, 0xe4, - 0x3d, 0x31, 0xc7, 0x1e, 0x2b, 0xf2, 0xb4, 0xb4, 0xca, 0x4d, 0x53, 0xbe, 0x42, 0x91, 0x2c, 0x6b, - 0xa1, 0x58, 0x35, 0xfd, 0xaf, 0x99, 0x2c, 0x3d, 0xc1, 0x51, 0x4d, 0x1b, 0x0a, 0xc0, 0x02, 0xc1, - 0x3a, 0xc1, 0xc8, 0xf0, 0x4e, 0x45, 0x6f, 0xe0, 0xe7, 0xea, 0x0d, 0xb8, 0x7e, 0x6a, 0x50, 0x3d, - 0x62, 0xdd, 0xe5, 0x26, 0xa3, 0xd6, 0x20, 0x2b, 0xdc, 0x18, 0xf6, 0x12, 0x69, 0xd1, 0x4b, 0x18, - 0xcd, 0x9b, 0x8e, 0xc2, 0xfe, 0xc2, 0xce, 0xa8, 0x08, 0xc9, 0xb1, 0x3b, 0xe0, 0xd1, 0x90, 0xc7, - 0xec, 0xa8, 0xfe, 0x2c, 0xc1, 0xb5, 0xd8, 0xf0, 0x88, 0xee, 0x43, 0x62, 0xf2, 0x5c, 0x24, 0xf7, - 0xc2, 0x21, 0xdd, 0xe7, 0xe1, 0x74, 0x99, 0x98, 0x3c, 0xe7, 0xa0, 0x1d, 0x31, 0x85, 0x46, 0x40, - 0x3b, 0x11, 0xd0, 0x0e, 0x33, 0xbc, 0x7f, 0x7f, 0x7a, 0x6a, 0xb0, 0x7c, 0x4e, 0x6e, 0xe7, 0x71, - 0x9e, 0x53, 0xda, 0xa7, 0x06, 0x5d, 0x2e, 0xfa, 0xa9, 0xab, 0x15, 0xfd, 0xd2, 0x22, 0x29, 0x58, - 0xb8, 0xa5, 0xc2, 0x70, 0x57, 0xf7, 0x60, 0x2d, 0x5e, 0x23, 0xd0, 0x0e, 0x40, 0x38, 0x29, 0x06, - 0x35, 0x72, 0x31, 0x03, 0x2f, 0xe6, 0xc9, 0x08, 0x4a, 0x6d, 0x40, 0x3e, 0xaa, 0x20, 0x63, 0x3a, - 0x8c, 0x29, 0xec, 0x51, 0x0a, 0x85, 0x6b, 0x9c, 0x1c, 0x22, 0x0f, 0x56, 0xb0, 0x40, 0x56, 0x0b, - 0x11, 0x05, 0xea, 0x21, 0x5c, 0x5f, 0x42, 0xa2, 0x6f, 0xa0, 0xe4, 0x1a, 0xef, 0xf4, 0xc5, 0x54, - 0x7d, 0x6c, 0x50, 0xf2, 0xff, 0xbb, 0x3a, 0xb1, 0x4d, 0xe1, 0xbf, 0xcf, 0x5c, 0xe3, 0x5d, 0x88, - 0xaf, 0x72, 0xae, 0x66, 0x9b, 0xea, 0x17, 0x00, 0x0b, 0x03, 0xa3, 0x5b, 0x90, 0xe9, 0x59, 0x7d, - 0x42, 0x3d, 0x21, 0x24, 0x9e, 0xd4, 0xbf, 0xa5, 0x00, 0x16, 0xce, 0xba, 0x0c, 0x86, 0x7e, 0x82, - 0xac, 0xe9, 0x12, 0x3e, 0x58, 0x26, 0x3e, 0x39, 0x59, 0x7c, 0x39, 0x9f, 0xc9, 0xf7, 0xe2, 0xcd, - 0xbc, 0xe6, 0x0b, 0xc7, 0x86, 0x8b, 0x40, 0x23, 0x7b, 0xa9, 0x31, 0xf6, 0x4e, 0x1d, 0x57, 0x44, - 0x9a, 0x78, 0x62, 0xf9, 0xce, 0xdd, 0x1f, 0x54, 0x99, 0xa5, 0xa1, 0xad, 0xc1, 0x78, 0x58, 0x40, - 0xd0, 0x23, 0x48, 0x8d, 0x29, 0x71, 0xb9, 0x97, 0xf3, 0xfe, 0x9a, 0x12, 0xbf, 0xc2, 0x11, 0x25, - 0xae, 0x8a, 0x39, 0x08, 0xed, 0x42, 0xd6, 0x74, 0x86, 0x43, 0xc3, 0xee, 0x95, 0x32, 0x2c, 0xce, - 0xaa, 0x1b, 0xf3, 0x99, 0x7c, 0x6b, 0xe9, 0xca, 0x3e, 0x80, 0xdd, 0xd3, 0x3f, 0xb1, 0x11, 0x96, - 0xd8, 0x9e, 0x3b, 0x1d, 0x39, 0x96, 0xed, 0x95, 0xb2, 0x5c, 0xf0, 0xee, 0x7c, 0x26, 0xdf, 0x89, - 0x0b, 0x6a, 0x21, 0x46, 0xc5, 0x11, 0x01, 0xf6, 0xd2, 0x89, 0x33, 0x18, 0x0f, 0xf9, 0xc6, 0x70, - 0xc9, 0x4b, 0xbb, 0x3e, 0x80, 0x55, 0x65, 0xff, 0x84, 0xde, 0x32, 0x23, 0x1c, 0x93, 0x01, 0xab, - 0x54, 0xcc, 0x08, 0xf2, 0x05, 0x39, 0x56, 0x6e, 0x70, 0x04, 0x7f, 0x71, 0x7c, 0xa8, 0xf6, 0xb5, - 0x72, 0x76, 0x60, 0x76, 0xa1, 0x6e, 0xe3, 0x5b, 0x28, 0x44, 0xc4, 0x58, 0xae, 0x9f, 0x91, 0xa9, - 0x70, 0x3b, 0x3b, 0xa2, 0x75, 0x48, 0x4f, 0x8c, 0xc1, 0x38, 0x28, 0x09, 0xfe, 0xc3, 0x77, 0x89, - 0x5f, 0x49, 0xea, 0x1f, 0x13, 0x00, 0x0b, 0x17, 0xa0, 0x36, 0x14, 0x2c, 0x9b, 0x7a, 0xee, 0xd8, - 0xe4, 0xd5, 0xd6, 0xef, 0x58, 0xcf, 0xe7, 0x33, 0xf9, 0x49, 0x70, 0x8d, 0x3d, 0xc7, 0x3c, 0x23, - 0xee, 0x89, 0x35, 0x20, 0x4a, 0x7d, 0x81, 0x54, 0x7e, 0x20, 0xd3, 0x77, 0x8e, 0xdb, 0x0b, 0x6e, - 0x16, 0xd5, 0x82, 0xb4, 0xd8, 0xdb, 0xab, 0x4f, 0xe7, 0x33, 0xf9, 0xd1, 0x27, 0xd4, 0x75, 0x19, - 0x3e, 0x50, 0xe6, 0x4b, 0x73, 0x4f, 0x8b, 0xc0, 0x4d, 0x7e, 0x72, 0x00, 0xb9, 0x20, 0x22, 0x53, - 0xb1, 0x88, 0x5c, 0x87, 0x34, 0x19, 0x8e, 0x44, 0x6b, 0xca, 0x61, 0xff, 0xe1, 0x30, 0x95, 0x4b, - 0x17, 0x33, 0xea, 0x7f, 0x24, 0x31, 0x8c, 0xb3, 0x1d, 0x1c, 0xbd, 0x84, 0x9c, 0x4b, 0xfa, 0x16, - 0xf5, 0x5c, 0x61, 0xd3, 0x8b, 0xf6, 0x15, 0x2c, 0x10, 0xe1, 0xb8, 0x1d, 0x88, 0xa0, 0x6f, 0x20, - 0xe3, 0x92, 0xa1, 0xe3, 0x05, 0x9f, 0x2f, 0xcf, 0x67, 0xf2, 0xe6, 0xb2, 0x30, 0xe3, 0x87, 0x5e, - 0xf5, 0xe1, 0xa8, 0x0c, 0x49, 0xcf, 0xe8, 0xfb, 0x89, 0x14, 0x9f, 0x1a, 0xc4, 0x8a, 0x64, 0xf4, - 0x03, 0x11, 0x06, 0x44, 0xfb, 0x90, 0x3f, 0x19, 0x0f, 0x06, 0x3a, 0xef, 0x07, 0xfe, 0x2c, 0xfe, - 0x70, 0x3e, 0x93, 0xbf, 0x8a, 0x49, 0x89, 0xcd, 0xd3, 0xb0, 0x8d, 0xc1, 0xf4, 0x77, 0xc4, 0x7d, - 0x49, 0x3d, 0xc3, 0xee, 0x19, 0x6e, 0x4f, 0xc5, 0x39, 0x26, 0xcc, 0x3e, 0x58, 0xfd, 0x25, 0x01, - 0xf9, 0x86, 0x45, 0x3d, 0xff, 0xcf, 0x86, 0xbf, 0xbd, 0x64, 0x3f, 0xb6, 0xbd, 0x20, 0x25, 0xb6, - 0x52, 0x24, 0x83, 0x61, 0x20, 0xb2, 0x2f, 0xac, 0x8b, 0x05, 0x3b, 0xc5, 0x79, 0xc1, 0xee, 0x7c, - 0x7f, 0x69, 0x77, 0xf6, 0xc7, 0x88, 0xa5, 0x75, 0x38, 0xe2, 0xf7, 0xcc, 0xd5, 0xfd, 0xfe, 0x72, - 0x69, 0x89, 0xce, 0x7d, 0x52, 0x34, 0xb6, 0x22, 0x47, 0x87, 0x17, 0x88, 0x0f, 0x2f, 0xff, 0xd3, - 0x82, 0x78, 0x98, 0xca, 0xe5, 0x8b, 0xa0, 0xfe, 0x45, 0x02, 0xc4, 0xcd, 0x19, 0x0e, 0x0a, 0x5a, - 0xaf, 0x7f, 0x7e, 0x33, 0x5c, 0x9a, 0xaa, 0x12, 0x17, 0x4c, 0x55, 0x07, 0x91, 0x61, 0xc8, 0x0f, - 0x8d, 0xc7, 0xf3, 0x99, 0xbc, 0x7d, 0x7e, 0x36, 0x6c, 0x08, 0xd4, 0xd2, 0x7f, 0xa7, 0x50, 0xfa, - 0x82, 0x41, 0x83, 0x05, 0xfe, 0xaa, 0x7f, 0xcd, 0xae, 0x76, 0xe1, 0x05, 0x7f, 0x2f, 0xc1, 0xad, - 0x13, 0xcb, 0xa5, 0x9e, 0xce, 0xff, 0xd3, 0xe9, 0x8e, 0x69, 0x8e, 0x5d, 0x97, 0xd8, 0x26, 0xb9, - 0x42, 0x33, 0xd9, 0x9d, 0xcf, 0xe4, 0x67, 0x8b, 0x7f, 0x22, 0x2e, 0xf5, 0x14, 0xb1, 0x1f, 0x86, - 0x5a, 0x94, 0x10, 0x1d, 0x5e, 0x78, 0x9d, 0xbf, 0x8f, 0x03, 0x17, 0x38, 0xd4, 0x86, 0x34, 0x9b, - 0xf6, 0x89, 0x58, 0x16, 0x36, 0x17, 0xa5, 0x34, 0x3a, 0xad, 0xb2, 0x35, 0x80, 0xc4, 0xff, 0x8e, - 0xc4, 0xf8, 0x0a, 0x07, 0xa8, 0xd8, 0xd7, 0xa5, 0xaa, 0xb0, 0xfa, 0xd6, 0xf0, 0xcc, 0x53, 0x31, - 0xd8, 0x5d, 0x34, 0x5c, 0x3d, 0x3c, 0x03, 0x58, 0x8c, 0xa8, 0x28, 0x03, 0x89, 0x56, 0xbb, 0xb8, - 0x82, 0x00, 0x32, 0x6f, 0x7e, 0xec, 0x1c, 0xb4, 0x9a, 0x45, 0x09, 0xe5, 0x20, 0x75, 0x58, 0xe9, - 0xb2, 0xc5, 0x31, 0x07, 0x29, 0x7c, 0x54, 0xfd, 0xb1, 0x98, 0x64, 0xfc, 0x66, 0x6b, 0x4f, 0x3b, - 0x6c, 0x17, 0x53, 0x6c, 0xcb, 0xdc, 0x6b, 0x75, 0x9a, 0x5a, 0xa7, 0xd6, 0xc2, 0x1a, 0x3e, 0x6a, - 0x76, 0xea, 0xaf, 0xd9, 0x6a, 0x88, 0x60, 0xad, 0xde, 0x7c, 0x85, 0x2b, 0xed, 0x0e, 0x3e, 0xaa, - 0xf1, 0xc5, 0x22, 0x53, 0xdd, 0xfd, 0xf9, 0xc3, 0x96, 0xf4, 0xcb, 0x87, 0x2d, 0xe9, 0x1f, 0x1f, - 0xb6, 0xa4, 0x3f, 0xff, 0x73, 0x6b, 0x05, 0xee, 0x58, 0x4e, 0x99, 0x7a, 0x86, 0x79, 0xe6, 0x3a, - 0xef, 0x7d, 0x1b, 0x07, 0x5f, 0xfe, 0x9b, 0xe0, 0x6f, 0xe9, 0x71, 0x86, 0xd3, 0x5f, 0xfc, 0x37, - 0x00, 0x00, 0xff, 0xff, 0xcd, 0x3c, 0x67, 0xde, 0x54, 0x15, 0x00, 0x00, + // 2317 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x58, 0xcd, 0x72, 0xdb, 0xd6, + 0xf5, 0x17, 0xf8, 0xcd, 0x43, 0x59, 0xa6, 0xaf, 0x15, 0x9b, 0x96, 0x62, 0x01, 0x86, 0xf3, 0xa1, + 0xc4, 0x09, 0x6d, 0xcb, 0xfa, 0xff, 0xd3, 0x64, 0xc6, 0xe9, 0x90, 0x14, 0x2c, 0x51, 0xa1, 0x29, + 0xcf, 0x25, 0x45, 0x4f, 0x9a, 0x05, 0x06, 0x02, 0xae, 0x28, 0x8c, 0x48, 0x80, 0xc5, 0x05, 0x69, + 0xb3, 0x0f, 0xd0, 0x99, 0x2e, 0xdb, 0x99, 0xce, 0xf4, 0x01, 0xba, 0xec, 0xaa, 0x2f, 0xd1, 0x2c, + 0xf3, 0x04, 0x9c, 0x8e, 0xbb, 0xeb, 0x92, 0xeb, 0x2e, 0x3a, 0xf7, 0xe2, 0x02, 0x04, 0x28, 0xc9, + 0x56, 0x77, 0x17, 0xe7, 0xfc, 0xce, 0xc1, 0xc5, 0xf9, 0x3e, 0x80, 0xdb, 0xd4, 0x77, 0x3d, 0xa3, + 0x4f, 0x1e, 0xdb, 0x43, 0xa3, 0x4f, 0xaa, 0x23, 0xcf, 0xf5, 0x5d, 0x94, 0x17, 0xc4, 0x0d, 0xb9, + 0xef, 0xba, 0xfd, 0x01, 0x79, 0xcc, 0xc9, 0x27, 0xe3, 0xd3, 0xc7, 0xbe, 0x3d, 0x24, 0xd4, 0x37, + 0x86, 0xa3, 0x00, 0xb9, 0x81, 0x42, 0x71, 0xcf, 0xa6, 0xe7, 0x82, 0x76, 0x2b, 0xa4, 0x99, 0x13, + 0xa1, 0x70, 0x63, 0x33, 0x24, 0x4d, 0xc6, 0x03, 0x87, 0x78, 0xc6, 0x89, 0x3d, 0xb0, 0xfd, 0xe9, + 0x65, 0x4c, 0xdd, 0x23, 0xbf, 0x1d, 0x13, 0xea, 0x53, 0xc1, 0x5c, 0xef, 0xbb, 0x7d, 0x97, 0x1f, + 0x1f, 0xb3, 0x53, 0x40, 0x55, 0xff, 0x5c, 0x80, 0x6c, 0x93, 0x5d, 0x18, 0x3d, 0x83, 0x94, 0x6d, + 0x55, 0x32, 0x8a, 0xb4, 0x5d, 0xac, 0x3f, 0x9c, 0xcf, 0x64, 0x99, 0x12, 0xc3, 0x33, 0xcf, 0xbe, + 0x53, 0x39, 0x5b, 0xe9, 0x9c, 0x19, 0x5f, 0x31, 0xf5, 0xe4, 0xab, 0x33, 0xdb, 0xb2, 0x88, 0xa3, + 0xe2, 0x94, 0x6d, 0xa1, 0xcf, 0x20, 0xe3, 0x18, 0x43, 0x52, 0x91, 0x14, 0x69, 0xbb, 0xb4, 0x83, + 0xaa, 0xe2, 0x02, 0x55, 0x2e, 0xd3, 0x36, 0x86, 0x04, 0x73, 0x3e, 0xda, 0x81, 0xc2, 0x90, 0xf8, + 0x86, 0x65, 0xf8, 0x46, 0x25, 0xc5, 0xb1, 0x77, 0x92, 0xd8, 0x97, 0x82, 0x8b, 0x23, 0x1c, 0xfa, + 0x35, 0x64, 0xa8, 0x69, 0x38, 0x95, 0xf4, 0x65, 0xba, 0x3b, 0xa6, 0xe1, 0xd4, 0xef, 0xce, 0x67, + 0xf2, 0xed, 0x91, 0x3b, 0xb0, 0xcd, 0x69, 0x74, 0x4d, 0xd3, 0x70, 0x54, 0xcc, 0x05, 0x51, 0x1f, + 0x36, 0xa9, 0xdd, 0x77, 0x0c, 0x7f, 0xec, 0x11, 0x7d, 0x42, 0x3c, 0xfb, 0xd4, 0x36, 0x0d, 0xdf, + 0x76, 0x1d, 0x9d, 0xdf, 0xe3, 0x26, 0xd7, 0xfb, 0xf9, 0x92, 0xde, 0x50, 0xa0, 0x17, 0xc3, 0xef, + 0xb1, 0x8b, 0xdd, 0xa3, 0x57, 0xb1, 0xd0, 0xff, 0x41, 0x31, 0x62, 0x56, 0xca, 0x5c, 0xed, 0xdd, + 0x2b, 0xd4, 0xe2, 0x05, 0x12, 0xfd, 0x00, 0x60, 0xba, 0xc3, 0x91, 0xeb, 0x10, 0xc7, 0xa7, 0x95, + 0xbc, 0x22, 0x6d, 0x67, 0xeb, 0x5f, 0xcc, 0x67, 0xf2, 0xa7, 0xa1, 0xe5, 0x1b, 0x21, 0x57, 0x69, + 0xb8, 0x63, 0xc7, 0x4f, 0xda, 0xff, 0x60, 0x05, 0xc7, 0xc4, 0xd1, 0xb7, 0x90, 0x31, 0x27, 0x84, + 0x56, 0x0a, 0x5c, 0x4d, 0xc2, 0x81, 0x8d, 0x9e, 0x76, 0xa9, 0x02, 0x09, 0x73, 0x11, 0xf4, 0x0a, + 0x56, 0x4f, 0xed, 0xb7, 0xc6, 0xc9, 0x80, 0xe8, 0x5c, 0x45, 0x91, 0xab, 0x78, 0x34, 0x9f, 0xc9, + 0x9f, 0x87, 0x2a, 0x5e, 0x04, 0x7c, 0xe5, 0x2a, 0x55, 0x29, 0x5c, 0x12, 0x2a, 0x1a, 0x4c, 0xa3, + 0x0e, 0xab, 0x03, 0x83, 0xfa, 0xfa, 0x78, 0x64, 0x19, 0x3e, 0xb1, 0x2a, 0x59, 0x6e, 0x93, 0x8d, + 0x6a, 0x90, 0x04, 0xd5, 0x30, 0x09, 0xaa, 0xdd, 0x30, 0x09, 0xea, 0xca, 0x7c, 0x26, 0x7f, 0x1c, + 0xbe, 0xad, 0x65, 0x50, 0x5f, 0x39, 0x0e, 0x64, 0xa3, 0x70, 0x2b, 0x31, 0x8d, 0x82, 0x88, 0x1e, + 0xc0, 0xaa, 0xe3, 0xfa, 0xfa, 0x68, 0x3c, 0x18, 0xb0, 0x97, 0x56, 0x40, 0x91, 0xb6, 0x0b, 0xb8, + 0xe4, 0xb8, 0xfe, 0x2b, 0x41, 0x42, 0x1b, 0x50, 0x18, 0x79, 0xb6, 0xeb, 0xd9, 0xfe, 0xb4, 0x52, + 0x52, 0xa4, 0xed, 0x34, 0x8e, 0x9e, 0xd1, 0x73, 0x00, 0x96, 0x66, 0x3a, 0x35, 0x5d, 0x8f, 0x54, + 0x56, 0x15, 0x69, 0x3b, 0x55, 0xdf, 0x9a, 0xcf, 0xe4, 0x8d, 0xf0, 0x06, 0xd8, 0xa6, 0xe7, 0x4a, + 0xc7, 0x8c, 0x87, 0x7b, 0x91, 0x49, 0x70, 0x12, 0xfa, 0x1e, 0x0a, 0xbe, 0x3b, 0xd2, 0xcd, 0x09, + 0xa5, 0x95, 0x1b, 0x5c, 0xf8, 0xc1, 0x7c, 0x26, 0xdf, 0x4f, 0x26, 0x4c, 0xd7, 0x1d, 0x29, 0x8d, + 0x5e, 0xa7, 0x13, 0x58, 0x4a, 0x3d, 0x48, 0xe3, 0xbc, 0xef, 0x8e, 0x1a, 0x13, 0x4a, 0xd1, 0x17, + 0x90, 0x75, 0x5c, 0x9f, 0xd0, 0xca, 0x9a, 0x92, 0xde, 0x5e, 0xdb, 0xb9, 0x9d, 0x8c, 0x95, 0x6a, + 0xdb, 0xf5, 0x09, 0x0e, 0x10, 0xea, 0x33, 0xc8, 0xb0, 0x47, 0xb4, 0x0e, 0xe5, 0x97, 0xcd, 0x4e, + 0xa7, 0xd9, 0xde, 0xd7, 0x5f, 0x6a, 0xdd, 0xda, 0x5e, 0xad, 0x5b, 0x2b, 0xaf, 0xa0, 0x8f, 0xe0, + 0x56, 0x48, 0xed, 0x34, 0x6a, 0x6d, 0x9d, 0x93, 0xa5, 0x7a, 0x19, 0xd6, 0x28, 0xf1, 0xf5, 0x45, + 0x74, 0xd4, 0x01, 0x0a, 0x9c, 0x32, 0x21, 0xb4, 0x7e, 0x03, 0x4a, 0xec, 0x2c, 0xfc, 0x55, 0x5f, + 0x83, 0x55, 0xf6, 0x18, 0x7e, 0xd0, 0x61, 0xa6, 0x90, 0x2b, 0xe7, 0xd5, 0x27, 0x00, 0x2c, 0xb4, + 0x3b, 0xee, 0xd8, 0x33, 0x09, 0x5a, 0xe3, 0xb5, 0x81, 0x25, 0x79, 0x91, 0xa7, 0x3d, 0x12, 0x69, + 0x9f, 0xe2, 0x14, 0x7e, 0x56, 0xff, 0x90, 0x81, 0x62, 0x94, 0x9a, 0xe8, 0x27, 0x28, 0xb2, 0x1c, + 0xd4, 0x59, 0x99, 0x13, 0xd5, 0xe1, 0x7d, 0xee, 0x57, 0xe7, 0x33, 0x79, 0x6b, 0xa9, 0xe0, 0x98, + 0x86, 0xa3, 0x30, 0x84, 0x30, 0x20, 0x2e, 0x30, 0x85, 0x8c, 0x80, 0x1a, 0x89, 0xc4, 0x49, 0x29, + 0xe9, 0xed, 0xd2, 0xce, 0xc3, 0xc8, 0x88, 0xda, 0xf0, 0x84, 0x58, 0x16, 0xb1, 0xa2, 0xcb, 0x44, + 0x69, 0x94, 0x48, 0x98, 0x17, 0x50, 0x76, 0x47, 0xc4, 0x33, 0x7c, 0xdb, 0xe9, 0xeb, 0x74, 0x4a, + 0x7d, 0x32, 0x14, 0xd5, 0x6f, 0x73, 0x3e, 0x93, 0xef, 0x26, 0x2f, 0x73, 0x14, 0xba, 0x11, 0xdf, + 0x8c, 0x84, 0x3a, 0x5c, 0x06, 0xed, 0x42, 0x89, 0x95, 0x13, 0x9d, 0x72, 0x53, 0x89, 0x6a, 0xb5, + 0x70, 0xe9, 0xc2, 0x8a, 0x18, 0xac, 0x85, 0x45, 0xbf, 0x0e, 0x43, 0x20, 0xcb, 0x43, 0xe0, 0xee, + 0xc5, 0xea, 0x96, 0x08, 0x83, 0xbf, 0x49, 0x22, 0x0e, 0x8a, 0x90, 0x3d, 0x6e, 0x77, 0xb4, 0x6e, + 0x79, 0x05, 0x21, 0x58, 0x3b, 0xea, 0xe8, 0xc7, 0xed, 0x5a, 0xaf, 0xd6, 0x6c, 0xd5, 0xea, 0x2d, + 0xad, 0x2c, 0xb1, 0x80, 0x78, 0x55, 0xc3, 0xdd, 0x66, 0xad, 0x15, 0x0b, 0x88, 0x14, 0xba, 0x0b, + 0xb7, 0x8f, 0x3a, 0x7a, 0xa3, 0xa7, 0x25, 0xf1, 0x69, 0x74, 0x0b, 0x6e, 0x84, 0x8c, 0x4e, 0xb7, + 0xd6, 0xd2, 0xca, 0x19, 0x74, 0x1f, 0xee, 0xb5, 0x6a, 0xed, 0xfd, 0xe3, 0xda, 0xbe, 0x76, 0x51, + 0x22, 0x8b, 0x1e, 0x82, 0xdc, 0xd0, 0x70, 0xb7, 0xf9, 0xa2, 0xa9, 0xed, 0xe9, 0xf8, 0x40, 0x13, + 0x2f, 0x8a, 0x83, 0x72, 0x2a, 0x81, 0xad, 0xf7, 0x57, 0x53, 0xd4, 0x80, 0xbc, 0x47, 0xe8, 0x78, + 0xe0, 0xd3, 0x8a, 0xc4, 0xfd, 0xf7, 0xc5, 0x35, 0xea, 0x30, 0xe6, 0x12, 0x38, 0x94, 0x54, 0xff, + 0x91, 0x02, 0xe5, 0x43, 0x68, 0xb4, 0x0f, 0xb7, 0x12, 0xb5, 0xff, 0x7a, 0x11, 0x89, 0xcb, 0x71, + 0x21, 0x1e, 0x75, 0x32, 0x94, 0x02, 0x1a, 0xf1, 0x74, 0xdb, 0x12, 0xb1, 0x0f, 0x21, 0xa9, 0x69, + 0xa1, 0x03, 0xc8, 0x51, 0xdf, 0xf0, 0xc7, 0x94, 0x07, 0xc1, 0xda, 0xce, 0x93, 0x6b, 0x7f, 0x52, + 0xb5, 0xc3, 0xe5, 0xb0, 0x90, 0x57, 0x5d, 0xc8, 0x05, 0x94, 0xb8, 0xbf, 0x57, 0xa1, 0xd0, 0xd3, + 0x30, 0x37, 0x7c, 0x59, 0x62, 0x2e, 0x7d, 0x51, 0x6b, 0xb6, 0xb4, 0x3d, 0x3d, 0x20, 0x36, 0x6a, + 0xdd, 0xe6, 0x51, 0xbb, 0x9c, 0x42, 0x1b, 0x70, 0xa7, 0xd9, 0xee, 0xd5, 0x5a, 0xcd, 0x3d, 0xbd, + 0xd3, 0xdc, 0x6f, 0xd7, 0xba, 0xc7, 0x58, 0xd3, 0x6b, 0xad, 0xfd, 0xa3, 0x72, 0x9a, 0x09, 0x35, + 0x8e, 0x30, 0x3e, 0x7e, 0xd5, 0xd5, 0x62, 0xdc, 0x72, 0x46, 0xfd, 0x63, 0x16, 0x36, 0xae, 0xce, + 0x1b, 0xf4, 0x24, 0xd6, 0xe6, 0x8b, 0xf5, 0x8f, 0xe7, 0x33, 0xb9, 0x72, 0xa1, 0x47, 0x85, 0x09, + 0x12, 0x34, 0xfc, 0xef, 0x21, 0x3f, 0x21, 0x1e, 0xb5, 0x5d, 0x27, 0x30, 0x54, 0xfd, 0x93, 0xf9, + 0x4c, 0x56, 0x2e, 0x36, 0xb6, 0x5e, 0x00, 0x0a, 0x85, 0x43, 0x21, 0xf4, 0x25, 0xe4, 0x07, 0xb6, + 0x49, 0x1c, 0x1a, 0x66, 0x54, 0x39, 0x32, 0x66, 0x2b, 0xa0, 0xe3, 0x10, 0x80, 0x76, 0x21, 0xcb, + 0x06, 0x1e, 0x5a, 0xc9, 0xf0, 0x48, 0xda, 0xba, 0x50, 0x09, 0x7a, 0xf1, 0x59, 0x09, 0x07, 0x60, + 0xf4, 0x00, 0x4a, 0x03, 0x63, 0xca, 0x7c, 0xe9, 0x58, 0xe4, 0x2d, 0x6f, 0x51, 0x59, 0xd6, 0x53, + 0x39, 0xb1, 0xc9, 0x68, 0x89, 0x16, 0x92, 0x5b, 0x6a, 0x21, 0x8f, 0x20, 0x27, 0x32, 0x3e, 0xcf, + 0x9d, 0xbd, 0xc8, 0xf8, 0x20, 0xc3, 0xbb, 0xd3, 0x11, 0xc1, 0x02, 0xc2, 0x14, 0x0d, 0xdc, 0xc0, + 0xe1, 0xbc, 0x41, 0x17, 0x71, 0xf4, 0x8c, 0x36, 0x63, 0xcd, 0x84, 0x75, 0xde, 0xd4, 0x81, 0xb4, + 0xe8, 0x14, 0xf7, 0x13, 0x8d, 0x8a, 0x75, 0xb9, 0x54, 0xbc, 0x11, 0xdd, 0x83, 0xc2, 0xa9, 0xfd, + 0x96, 0x58, 0xfa, 0x49, 0xd0, 0xe3, 0x8a, 0x38, 0xcf, 0x9f, 0xeb, 0x53, 0xf4, 0x1a, 0x4a, 0xe4, + 0x2d, 0x31, 0xc7, 0x3e, 0x2b, 0xf2, 0xb4, 0xb2, 0xca, 0x4d, 0x53, 0xbd, 0x46, 0x91, 0xac, 0x6a, + 0x91, 0x58, 0x3d, 0xfb, 0xef, 0x99, 0x2c, 0x7d, 0x8d, 0xe3, 0x9a, 0x36, 0xf6, 0x00, 0x16, 0x08, + 0xd6, 0x09, 0x46, 0x86, 0x7f, 0x26, 0x7a, 0x03, 0x3f, 0x23, 0x15, 0x56, 0x2d, 0x32, 0x22, 0x8e, + 0x45, 0x1c, 0xd3, 0x26, 0x41, 0x81, 0x2e, 0xe2, 0x04, 0xad, 0x7e, 0x0b, 0x6e, 0x9e, 0x19, 0x54, + 0x8f, 0x79, 0x60, 0xb9, 0x11, 0xa9, 0x0d, 0xc8, 0x0b, 0x57, 0x47, 0xfd, 0x46, 0x5a, 0xf4, 0x1b, + 0x46, 0xf3, 0xa7, 0xa3, 0xa8, 0x07, 0xb1, 0x33, 0x2a, 0x43, 0x7a, 0xec, 0x0d, 0x78, 0xc4, 0x14, + 0x31, 0x3b, 0xaa, 0x3f, 0x4b, 0x70, 0x23, 0x31, 0x60, 0xa2, 0x87, 0x90, 0x9a, 0x3c, 0x15, 0x05, + 0x60, 0xe1, 0xb4, 0xde, 0xd3, 0x68, 0x02, 0x4d, 0x4d, 0x9e, 0x72, 0xd0, 0x8e, 0x98, 0x54, 0x63, + 0xa0, 0x9d, 0x18, 0x68, 0x87, 0x39, 0x27, 0xb8, 0x3f, 0x3d, 0x33, 0x58, 0xce, 0xb3, 0xaf, 0x2c, + 0x72, 0x4a, 0xe7, 0xcc, 0xa0, 0xcb, 0x8d, 0x21, 0x73, 0xbd, 0xc6, 0x50, 0x59, 0x24, 0x0e, 0x0b, + 0xc9, 0x4c, 0x94, 0x12, 0xea, 0x1e, 0xac, 0x25, 0xeb, 0x08, 0xda, 0x01, 0x88, 0xa6, 0xc9, 0xb0, + 0x8e, 0x2e, 0xe6, 0xe4, 0xc5, 0xcc, 0x19, 0x43, 0xa9, 0x2d, 0x28, 0xc6, 0x15, 0xe4, 0x4c, 0x97, + 0x31, 0x85, 0x3d, 0x2a, 0x91, 0x70, 0x83, 0x93, 0x23, 0xe4, 0xc1, 0x0a, 0x16, 0xc8, 0x7a, 0x29, + 0xa6, 0x40, 0x3d, 0x84, 0x9b, 0x4b, 0x48, 0xf4, 0x0d, 0x54, 0x3c, 0xe3, 0x8d, 0xbe, 0x98, 0xbc, + 0x4f, 0x0c, 0x4a, 0xfe, 0x7f, 0x57, 0x27, 0x8e, 0x29, 0xfc, 0xf7, 0x91, 0x67, 0xbc, 0x89, 0xf0, + 0x75, 0xce, 0xd5, 0x1c, 0x53, 0xfd, 0x04, 0x60, 0x61, 0x60, 0x74, 0x07, 0x72, 0x96, 0xdd, 0x27, + 0xd4, 0x17, 0x42, 0xe2, 0x49, 0xfd, 0x7b, 0x06, 0x60, 0xe1, 0xac, 0xab, 0x60, 0xe8, 0x27, 0xc8, + 0x9b, 0x1e, 0xe1, 0xc3, 0x67, 0xea, 0x83, 0xd3, 0xc7, 0xa7, 0xf3, 0x99, 0xfc, 0x20, 0xd9, 0xf0, + 0x1b, 0x81, 0x70, 0x62, 0x00, 0x09, 0x35, 0xb2, 0x97, 0x1a, 0x63, 0xff, 0xcc, 0xf5, 0x44, 0xa4, + 0x89, 0x27, 0x56, 0x13, 0xb8, 0xfb, 0xc3, 0x4a, 0xb4, 0x34, 0xd8, 0xb5, 0x18, 0x0f, 0x0b, 0x08, + 0x7a, 0x04, 0x99, 0x31, 0x25, 0x1e, 0xf7, 0x72, 0x31, 0x58, 0x65, 0x92, 0x57, 0x38, 0xa6, 0xc4, + 0x53, 0x31, 0x07, 0xa1, 0x5d, 0xc8, 0x9b, 0xee, 0x70, 0x68, 0x38, 0x56, 0x25, 0xc7, 0xe2, 0xac, + 0xbe, 0x31, 0x9f, 0xc9, 0x77, 0x96, 0xae, 0x1c, 0x00, 0xd8, 0x3d, 0x83, 0x13, 0x1b, 0x73, 0x89, + 0xe3, 0x7b, 0xd3, 0x91, 0x6b, 0x3b, 0x7e, 0x25, 0xcf, 0x05, 0xef, 0xcf, 0x67, 0xf2, 0xbd, 0xa4, + 0xa0, 0x16, 0x61, 0x54, 0x1c, 0x13, 0x60, 0x2f, 0x9d, 0xb8, 0x83, 0xf1, 0x90, 0x6f, 0x15, 0x57, + 0xbc, 0xb4, 0x17, 0x00, 0x58, 0xe5, 0x0e, 0x4e, 0xe8, 0x35, 0x33, 0xc2, 0x09, 0x19, 0xb0, 0x6a, + 0xc6, 0x8c, 0x20, 0x5f, 0x92, 0x63, 0xd5, 0x16, 0x47, 0xf0, 0x17, 0x27, 0x07, 0xef, 0x40, 0x2b, + 0x67, 0x87, 0x66, 0x17, 0xea, 0x36, 0xbe, 0x85, 0x52, 0x4c, 0x8c, 0xe5, 0xfa, 0x39, 0x99, 0x0a, + 0xb7, 0xb3, 0x23, 0x5a, 0x87, 0xec, 0xc4, 0x18, 0x8c, 0xc3, 0x92, 0x10, 0x3c, 0x7c, 0x97, 0xfa, + 0x95, 0xa4, 0xfe, 0x29, 0x05, 0xb0, 0x70, 0x01, 0xea, 0x40, 0xc9, 0x76, 0xa8, 0xef, 0x8d, 0x4d, + 0x5e, 0x91, 0x83, 0xae, 0xf6, 0x74, 0x3e, 0x93, 0xbf, 0x0e, 0xaf, 0xb1, 0xe7, 0x9a, 0xe7, 0xc4, + 0x3b, 0xb5, 0x07, 0x44, 0x69, 0x2e, 0x90, 0xca, 0x0f, 0x64, 0xfa, 0xc6, 0xf5, 0xac, 0xf0, 0x66, + 0x71, 0x2d, 0x48, 0x4b, 0xbc, 0xbd, 0xfe, 0x78, 0x3e, 0x93, 0x1f, 0x7d, 0x40, 0x5d, 0x8f, 0xe1, + 0x43, 0x65, 0x81, 0x34, 0xf7, 0xb4, 0x08, 0xdc, 0xf4, 0x07, 0x87, 0x94, 0x4b, 0x22, 0x32, 0x93, + 0x88, 0xc8, 0x75, 0xc8, 0x92, 0xe1, 0x48, 0xb4, 0xaf, 0x02, 0x0e, 0x1e, 0x0e, 0x33, 0x85, 0x6c, + 0x39, 0xa7, 0xfe, 0x47, 0x12, 0x03, 0x3b, 0xdb, 0xd3, 0xd1, 0x73, 0x28, 0x78, 0xa4, 0x6f, 0x53, + 0xdf, 0x13, 0x36, 0xbd, 0x6c, 0xa7, 0xc1, 0x02, 0x11, 0x8d, 0xe4, 0xa1, 0x08, 0xfa, 0x06, 0x72, + 0x1e, 0x19, 0xba, 0x7e, 0xf8, 0xf9, 0xf2, 0x7c, 0x26, 0x6f, 0x2e, 0x0b, 0x33, 0x7e, 0xe4, 0xd5, + 0x00, 0x8e, 0xaa, 0x90, 0xf6, 0x8d, 0x7e, 0x90, 0x48, 0xc9, 0xc9, 0x42, 0xac, 0x51, 0x46, 0x3f, + 0x14, 0x61, 0x40, 0xb4, 0x0f, 0xc5, 0xd3, 0xf1, 0x60, 0xa0, 0xf3, 0x7e, 0x10, 0xcc, 0xeb, 0x5f, + 0xce, 0x67, 0xf2, 0x67, 0x09, 0x29, 0xb1, 0x9d, 0x1a, 0x8e, 0x31, 0x98, 0xfe, 0x8e, 0x78, 0xcf, + 0xa9, 0x6f, 0x38, 0x96, 0xe1, 0x59, 0x2a, 0x2e, 0x30, 0x61, 0xf6, 0xc1, 0xea, 0x2f, 0x29, 0x28, + 0xb6, 0x6c, 0xea, 0x07, 0x7f, 0x3f, 0x82, 0x0d, 0x27, 0xff, 0xbe, 0x0d, 0x07, 0x29, 0x89, 0xb5, + 0x23, 0x1d, 0x0e, 0x0c, 0xb1, 0x9d, 0x62, 0x5d, 0x2c, 0xe1, 0x19, 0xce, 0x0b, 0xf7, 0xeb, 0x87, + 0x4b, 0xfb, 0x75, 0x30, 0x6a, 0x2c, 0xad, 0xcc, 0x31, 0xbf, 0xe7, 0xae, 0xef, 0xf7, 0xe7, 0x4b, + 0x8b, 0x76, 0xe1, 0x83, 0xa2, 0x89, 0x35, 0x3a, 0x3e, 0xe0, 0x40, 0x72, 0xc0, 0xf9, 0x9f, 0x96, + 0xc8, 0xc3, 0x4c, 0xa1, 0x58, 0x06, 0xf5, 0xaf, 0x12, 0x20, 0x6e, 0xce, 0x68, 0x98, 0xd0, 0xac, + 0xfe, 0xc5, 0xed, 0x71, 0x69, 0xf2, 0x4a, 0x5d, 0x32, 0x79, 0x1d, 0xc4, 0x06, 0xa6, 0x20, 0x34, + 0xbe, 0x9a, 0xcf, 0xe4, 0xed, 0x8b, 0xf3, 0x63, 0x4b, 0xa0, 0x96, 0xfe, 0x4d, 0x45, 0xd2, 0x97, + 0x0c, 0x1a, 0x2c, 0xf0, 0x57, 0x83, 0x6b, 0xf6, 0xb4, 0x4b, 0x2f, 0xf8, 0x7b, 0x09, 0xee, 0x9c, + 0xda, 0x1e, 0xf5, 0x75, 0xfe, 0x2f, 0x4f, 0x77, 0x4d, 0x73, 0xec, 0x79, 0xc4, 0x31, 0xc9, 0x35, + 0x9a, 0xc9, 0xee, 0x7c, 0x26, 0x3f, 0x59, 0xfc, 0x37, 0xf1, 0xa8, 0xaf, 0x88, 0x1d, 0x32, 0xd2, + 0xa2, 0x44, 0xe8, 0xe8, 0xc2, 0xeb, 0xfc, 0x7d, 0x1c, 0xb8, 0xc0, 0xa1, 0x0e, 0x64, 0xd9, 0x46, + 0x40, 0xc4, 0x42, 0xb1, 0xb9, 0x28, 0xa5, 0xf1, 0x89, 0x96, 0xad, 0x0a, 0x24, 0xf9, 0x07, 0x25, + 0xc1, 0x57, 0x38, 0x40, 0xc5, 0x81, 0x2e, 0x55, 0x85, 0xd5, 0xd7, 0x86, 0x6f, 0x9e, 0x89, 0xe1, + 0xef, 0xb2, 0xe1, 0xea, 0xcb, 0x73, 0x80, 0xc5, 0x18, 0x8b, 0x72, 0x90, 0x3a, 0xea, 0x94, 0x57, + 0x10, 0x40, 0xee, 0xd5, 0x8f, 0xdd, 0x83, 0xa3, 0x76, 0x59, 0x42, 0x05, 0xc8, 0x1c, 0xd6, 0x7a, + 0x6c, 0xb9, 0x2c, 0x40, 0x06, 0x1f, 0xd7, 0x7f, 0x2c, 0xa7, 0x19, 0xbf, 0x7d, 0xb4, 0xa7, 0x1d, + 0x76, 0xca, 0x19, 0xb6, 0x89, 0xee, 0x1d, 0x75, 0xdb, 0x5a, 0xb7, 0x71, 0x84, 0x35, 0x7c, 0xdc, + 0xee, 0x36, 0x5f, 0xb2, 0xf5, 0x11, 0xc1, 0x5a, 0xb3, 0xfd, 0x02, 0xd7, 0x3a, 0x5d, 0x7c, 0xdc, + 0xe0, 0xcb, 0x47, 0xae, 0xbe, 0xfb, 0xf3, 0xbb, 0x2d, 0xe9, 0x97, 0x77, 0x5b, 0xd2, 0x3f, 0xdf, + 0x6d, 0x49, 0x7f, 0xf9, 0xd7, 0xd6, 0x0a, 0xdc, 0xb3, 0xdd, 0x2a, 0xf5, 0x0d, 0xf3, 0xdc, 0x73, + 0xdf, 0x06, 0x36, 0x0e, 0xbf, 0xfc, 0x37, 0xe1, 0x1f, 0xd5, 0x93, 0x1c, 0xa7, 0x3f, 0xfb, 0x6f, + 0x00, 0x00, 0x00, 0xff, 0xff, 0xbc, 0x35, 0x89, 0x6f, 0x78, 0x15, 0x00, 0x00, } func (m *Image) Marshal() (dAtA []byte, err error) { @@ -3190,6 +3203,15 @@ func (m *EmbeddedImageScanComponent_Executable) MarshalToSizedBuffer(dAtA []byte i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if len(m.Dependencies) > 0 { + for iNdEx := len(m.Dependencies) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.Dependencies[iNdEx]) + copy(dAtA[i:], m.Dependencies[iNdEx]) + i = encodeVarintImage(dAtA, i, uint64(len(m.Dependencies[iNdEx]))) + i-- + dAtA[i] = 0x12 + } + } if len(m.Path) > 0 { i -= len(m.Path) copy(dAtA[i:], m.Path) @@ -4316,6 +4338,12 @@ func (m *EmbeddedImageScanComponent_Executable) Size() (n int) { if l > 0 { n += 1 + l + sovImage(uint64(l)) } + if len(m.Dependencies) > 0 { + for _, s := range m.Dependencies { + l = len(s) + n += 1 + l + sovImage(uint64(l)) + } + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -6228,6 +6256,38 @@ func (m *EmbeddedImageScanComponent_Executable) Unmarshal(dAtA []byte) error { } m.Path = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Dependencies", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowImage + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthImage + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthImage + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Dependencies = append(m.Dependencies, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipImage(dAtA[iNdEx:]) diff --git a/go.mod b/go.mod index 4e799f3796d23..43d32685c2c53 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.16 // CAVEAT: This introduces a circular dependency. If you change this line, you MUST change the "exclude" // directive at the bottom of the file as well. -require github.com/stackrox/scanner v0.0.0-20211030133935-e0a9b47f81de +require github.com/stackrox/scanner v0.0.0-20211214023301-55ee93adca37 require ( cloud.google.com/go v0.94.1 diff --git a/go.sum b/go.sum index cf7b4461a0b10..efbec3b0b35ac 100644 --- a/go.sum +++ b/go.sum @@ -1944,8 +1944,8 @@ github.com/stackrox/k8s-istio-cve-pusher v0.0.0-20210422200002-d89f671ac4f5 h1:0 github.com/stackrox/k8s-istio-cve-pusher v0.0.0-20210422200002-d89f671ac4f5/go.mod h1:GEtZ9DYAzmOtyqQPCJCEIzXJ7NcrHbMy6ZPJbcyfmLM= github.com/stackrox/nvdtools v0.0.0-20210326191554-5daeb6395b56 h1:D2wYiy+hcKy8qZAg9SxSWfZgbvmEgD9AdV0g0lJqGZ0= github.com/stackrox/nvdtools v0.0.0-20210326191554-5daeb6395b56/go.mod h1:AIeN7k60Q/kcW9aeiMpA0PY8CU3zsrLV0UhIksolMn4= -github.com/stackrox/scanner v0.0.0-20211030133935-e0a9b47f81de h1:ipW4oTA2JaWmqFxFiwbf9eBD6+PDXuj6JcRlY7r9Pxo= -github.com/stackrox/scanner v0.0.0-20211030133935-e0a9b47f81de/go.mod h1:DxQRXuuHfgvLOCBkhwX67Q6qO/6MkKizEBXdnhKudkQ= +github.com/stackrox/scanner v0.0.0-20211214023301-55ee93adca37 h1:XRSG0THUUfZojIpwEkscfc7AaU76l1CFBibzX+4Obms= +github.com/stackrox/scanner v0.0.0-20211214023301-55ee93adca37/go.mod h1:DxQRXuuHfgvLOCBkhwX67Q6qO/6MkKizEBXdnhKudkQ= github.com/stackrox/tail v1.4.9-0.20210831224919-407035634f5d h1:jeM6QMtwE9BU0rfDYcmkI/aOChOUfIO18LDp/DSnZpI= github.com/stackrox/tail v1.4.9-0.20210831224919-407035634f5d/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/stackrox/yaml/v2 v2.4.1 h1:09ux+QFfvp+Lk73pwGlMTAHeZoS2pqs6CCngYaJ6EQo= diff --git a/pkg/clair/convert.go b/pkg/clair/convert.go index 667c16d8f218e..28bb37a68657e 100644 --- a/pkg/clair/convert.go +++ b/pkg/clair/convert.go @@ -10,6 +10,7 @@ import ( "github.com/stackrox/rox/pkg/cvss/cvssv3" "github.com/stackrox/rox/pkg/logging" "github.com/stackrox/rox/pkg/protoconv" + "github.com/stackrox/rox/pkg/scancomponent" "github.com/stackrox/rox/pkg/scans" clairV1 "github.com/stackrox/scanner/api/v1" clientMetadata "github.com/stackrox/scanner/pkg/clairify/client/metadata" @@ -152,10 +153,13 @@ func convertFeature(feature clairV1.Feature) *storage.EmbeddedImageScanComponent component.Vulns = append(component.Vulns, convertedVuln) } } - - executables := make([]*storage.EmbeddedImageScanComponent_Executable, 0, len(feature.ProvidedExecutables)) - for _, path := range feature.ProvidedExecutables { - exec := &storage.EmbeddedImageScanComponent_Executable{Path: path} + executables := make([]*storage.EmbeddedImageScanComponent_Executable, 0, len(feature.Executables)) + for _, executable := range feature.Executables { + imageComponentIds := make([]string, 0, len(executable.RequiredFeatures)) + for _, f := range executable.RequiredFeatures { + imageComponentIds = append(imageComponentIds, scancomponent.ComponentID(f.GetName(), f.GetVersion())) + } + exec := &storage.EmbeddedImageScanComponent_Executable{Path: executable.Path, Dependencies: imageComponentIds} executables = append(executables, exec) } component.Executables = executables diff --git a/proto/storage/image.proto b/proto/storage/image.proto index 7eeb71054eec7..e9010a31963f4 100644 --- a/proto/storage/image.proto +++ b/proto/storage/image.proto @@ -118,7 +118,8 @@ message EmbeddedImageScanComponent { // Component version that fixes all the fixable vulnerabilities in this component. string fixed_by = 11; message Executable { - string path = 1; + string path = 1; + repeated string dependencies = 2; } // Values are cleared after moving to cache, remove them from the grpc return as well repeated Executable executables = 12 [(gogoproto.jsontag) = "-"]; diff --git a/tests/active_vuln_test.go b/tests/active_vuln_test.go index 947796a9a1c84..434575391802d 100644 --- a/tests/active_vuln_test.go +++ b/tests/active_vuln_test.go @@ -30,17 +30,17 @@ var ( { version: "1.14.0", SHA: "sha256:8b600a4d029481cc5b459f1380b30ff6cb98e27544fc02370de836e397e34030", - activeComponents: 1, + activeComponents: 5, }, { version: "1.18.0", SHA: "sha256:e90ac5331fe095cea01b121a3627174b2e33e06e83720e9a934c7b8ccc9c55a0", - activeComponents: 6, + activeComponents: 11, }, { version: "1.20.0", SHA: "sha256:ea4560b87ff03479670d15df426f7d02e30cb6340dcd3004cdfc048d6a1d54b4", - activeComponents: 6, + activeComponents: 11, }, } once sync.Once @@ -110,15 +110,15 @@ func TestActiveVulnerability_SetImage(t *testing.T) { func checkActiveVulnerability(t *testing.T, image nginxImage, deploymentID string) { waitForCondition(t, func() bool { deployment := getDeploymentActiveStates(t, deploymentID) - return image.activeComponents == getActiveComponentCount(deployment) + return image.activeComponents <= getActiveComponentCount(deployment) }, "active components populated", 5*time.Minute, 30*time.Second) fromDeployment := getDeploymentActiveStates(t, deploymentID) - assert.Equal(t, image.activeComponents, getActiveComponentCount(fromDeployment)) + assert.LessOrEqual(t, image.activeComponents, getActiveComponentCount(fromDeployment)) // The active vulns are not stable over time. But at least one vuln should exist. assert.NotZero(t, getActiveVulnCount(t, fromDeployment)) fromImage := getImageActiveStates(t, image.SHA, deploymentID) - assert.Equal(t, image.activeComponents, getActiveComponentCount(fromImage)) + assert.LessOrEqual(t, image.activeComponents, getActiveComponentCount(fromImage)) assert.Equal(t, getActiveVulnCount(t, fromDeployment), getActiveVulnCount(t, fromImage)) } From 2f940c65c491c33a28632cc3e2e782e9771ce73c Mon Sep 17 00:00:00 2001 From: RTann Date: Thu, 3 Feb 2022 17:22:29 -0800 Subject: [PATCH 054/103] Revert "Revert "update scanner version for updated proto path (#232)" (#479)" This reverts commit 25357738b49fb3ab2bfe50ccd4fd40bffd83be73. --- go.mod | 2 +- go.sum | 4 ++-- pkg/scanners/clairify/clairify.go | 2 +- pkg/scanners/clairify/convert.go | 2 +- pkg/scanners/clairify/convert_test.go | 2 +- pkg/scanners/clairify/mock/mock.go | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/go.mod b/go.mod index 43d32685c2c53..a49ef47f73c35 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.16 // CAVEAT: This introduces a circular dependency. If you change this line, you MUST change the "exclude" // directive at the bottom of the file as well. -require github.com/stackrox/scanner v0.0.0-20211214023301-55ee93adca37 +require github.com/stackrox/scanner v0.0.0-20220106020903-2744339f7e9d require ( cloud.google.com/go v0.94.1 diff --git a/go.sum b/go.sum index efbec3b0b35ac..462df34b58984 100644 --- a/go.sum +++ b/go.sum @@ -1944,8 +1944,8 @@ github.com/stackrox/k8s-istio-cve-pusher v0.0.0-20210422200002-d89f671ac4f5 h1:0 github.com/stackrox/k8s-istio-cve-pusher v0.0.0-20210422200002-d89f671ac4f5/go.mod h1:GEtZ9DYAzmOtyqQPCJCEIzXJ7NcrHbMy6ZPJbcyfmLM= github.com/stackrox/nvdtools v0.0.0-20210326191554-5daeb6395b56 h1:D2wYiy+hcKy8qZAg9SxSWfZgbvmEgD9AdV0g0lJqGZ0= github.com/stackrox/nvdtools v0.0.0-20210326191554-5daeb6395b56/go.mod h1:AIeN7k60Q/kcW9aeiMpA0PY8CU3zsrLV0UhIksolMn4= -github.com/stackrox/scanner v0.0.0-20211214023301-55ee93adca37 h1:XRSG0THUUfZojIpwEkscfc7AaU76l1CFBibzX+4Obms= -github.com/stackrox/scanner v0.0.0-20211214023301-55ee93adca37/go.mod h1:DxQRXuuHfgvLOCBkhwX67Q6qO/6MkKizEBXdnhKudkQ= +github.com/stackrox/scanner v0.0.0-20220106020903-2744339f7e9d h1:AugbkBwG2hVTam/UG0k+/GcjNMLMDd8/au9ke2NnOtY= +github.com/stackrox/scanner v0.0.0-20220106020903-2744339f7e9d/go.mod h1:DxQRXuuHfgvLOCBkhwX67Q6qO/6MkKizEBXdnhKudkQ= github.com/stackrox/tail v1.4.9-0.20210831224919-407035634f5d h1:jeM6QMtwE9BU0rfDYcmkI/aOChOUfIO18LDp/DSnZpI= github.com/stackrox/tail v1.4.9-0.20210831224919-407035634f5d/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/stackrox/yaml/v2 v2.4.1 h1:09ux+QFfvp+Lk73pwGlMTAHeZoS2pqs6CCngYaJ6EQo= diff --git a/pkg/scanners/clairify/clairify.go b/pkg/scanners/clairify/clairify.go index 7d1c32a57d8f2..23757258e84a5 100644 --- a/pkg/scanners/clairify/clairify.go +++ b/pkg/scanners/clairify/clairify.go @@ -26,7 +26,7 @@ import ( "github.com/stackrox/rox/pkg/stringutils" "github.com/stackrox/rox/pkg/urlfmt" clairV1 "github.com/stackrox/scanner/api/v1" - clairGRPCV1 "github.com/stackrox/scanner/generated/shared/api/v1" + clairGRPCV1 "github.com/stackrox/scanner/generated/scanner/api/v1" "github.com/stackrox/scanner/pkg/clairify/client" "github.com/stackrox/scanner/pkg/clairify/types" "google.golang.org/grpc" diff --git a/pkg/scanners/clairify/convert.go b/pkg/scanners/clairify/convert.go index 8cc16d46494e8..7370f978b46cb 100644 --- a/pkg/scanners/clairify/convert.go +++ b/pkg/scanners/clairify/convert.go @@ -8,7 +8,7 @@ import ( "github.com/stackrox/rox/pkg/cvss/cvssv3" "github.com/stackrox/rox/pkg/scans" "github.com/stackrox/rox/pkg/stringutils" - v1 "github.com/stackrox/scanner/generated/shared/api/v1" + v1 "github.com/stackrox/scanner/generated/scanner/api/v1" ) func convertNodeToVulnRequest(node *storage.Node) *v1.GetNodeVulnerabilitiesRequest { diff --git a/pkg/scanners/clairify/convert_test.go b/pkg/scanners/clairify/convert_test.go index a43a8546f2242..3d5d1cd1414d2 100644 --- a/pkg/scanners/clairify/convert_test.go +++ b/pkg/scanners/clairify/convert_test.go @@ -5,7 +5,7 @@ import ( "github.com/stackrox/rox/generated/storage" "github.com/stackrox/rox/pkg/scanners/clairify/mock" - v1 "github.com/stackrox/scanner/generated/shared/api/v1" + v1 "github.com/stackrox/scanner/generated/scanner/api/v1" "github.com/stretchr/testify/assert" ) diff --git a/pkg/scanners/clairify/mock/mock.go b/pkg/scanners/clairify/mock/mock.go index bcc456a39469e..313895092809e 100644 --- a/pkg/scanners/clairify/mock/mock.go +++ b/pkg/scanners/clairify/mock/mock.go @@ -2,7 +2,7 @@ package mock import ( "github.com/stackrox/rox/generated/storage" - scannerV1 "github.com/stackrox/scanner/generated/shared/api/v1" + scannerV1 "github.com/stackrox/scanner/generated/scanner/api/v1" ) // GetTestScannerVulns returns test clair vulns and also the expected converted proto vulns From ebfadeb60374ee7d21cf3690b629c2689e780063 Mon Sep 17 00:00:00 2001 From: RTann Date: Thu, 3 Feb 2022 17:27:11 -0800 Subject: [PATCH 055/103] update CHANGELOG --- CHANGELOG.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0b0eac799f1c6..3b0dbb3faa533 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,14 +6,17 @@ Please avoid adding duplicate information across this changelog and JIRA/doc inp ## [NEXT RELEASE] -## [68.0] - - Improved accuracy of active component and vulnerability and presented it with higher confidence. - Added `Active` state to list of components and list of vulnerabilities under Vulnerability Management within the scope of a specific deployment. - Added `Inactive` state: the component or vulnerability was not run in the specific deployment. - Added image scope so that the Active State can be determined in the scope of a deployment for a specific image. - The default gRPC port in Scanner's config map is changed to 8443, as that is what Scanner has actually been defaulting to this whole time. - - Note: Scanner has been ignoring the default `httpsPort` and `grpcPort` in its config map, as Scanner expects `HTTPSPort` and `GRPCPort` (and `MetricsPort`, if ever specified). + - Note: Scanner had been ignoring the default `httpsPort` and `grpcPort` in its config map, as Scanner expected `HTTPSPort` and `GRPCPort` (and `MetricsPort`, if ever specified). +- Scanner now supports Alpine 3.15. +- CVEs in Ubuntu images will no longer link to http://people.ubuntu.com/~ubuntu-security/cve/. Now it links to https://ubuntu.com/security/. + +## [68.0] + - AWS ECR integration supports AssumeRole authentication. - The default policy to detect Log4Shell vulnerability has been updated to also detect CVE-2021-45046 and the remediation has been updated to reflect the latest guidance by the Apache Logging security team. - Prior to this release, CVEs could be snoozed using global write access on `Images`. Starting this release, requests to snooze CVEs can be created only using `VulnerabilityManagementRequests` global write access and requests can be approved only using `VulnerabilityManagementApprovals` global write access. Roles with write access on `Images`, created prior to this release, are provided with both the newly added permissions. We recommend updating the roles to only include the least amount of resources required for each role. All new roles must be explicitly supplied with `VulnerabilityManagementRequests` and/or `VulnerabilityManagementApprovals` permissions in order to use CVE snoozing functionality. From 6ee9f65c6a234ef12bc87738b778df2a787c084b Mon Sep 17 00:00:00 2001 From: RTann Date: Mon, 7 Feb 2022 16:16:51 -0800 Subject: [PATCH 056/103] PR udpates --- pkg/docker/{types => config}/config.go | 2 +- pkg/images/integration/set.go | 2 +- pkg/registries/factory.go | 17 +++--- pkg/registries/factory_options.go | 25 ++------- pkg/scanners/anchore/anchore_test.go | 2 +- sensor/common/registry/registry_store.go | 53 ++++++++++--------- sensor/common/registry/singleton.go | 2 +- .../kubernetes/listener/resources/secrets.go | 8 +-- 8 files changed, 48 insertions(+), 63 deletions(-) rename pkg/docker/{types => config}/config.go (99%) diff --git a/pkg/docker/types/config.go b/pkg/docker/config/config.go similarity index 99% rename from pkg/docker/types/config.go rename to pkg/docker/config/config.go index cbb814e869130..a29ad9f2218ec 100644 --- a/pkg/docker/types/config.go +++ b/pkg/docker/config/config.go @@ -1,4 +1,4 @@ -package types +package config import ( "encoding/base64" diff --git a/pkg/images/integration/set.go b/pkg/images/integration/set.go index 1ab3f8737629b..b312fc2c8d779 100644 --- a/pkg/images/integration/set.go +++ b/pkg/images/integration/set.go @@ -23,7 +23,7 @@ type Set interface { // NewSet returns a new Set instance. func NewSet(reporter integrationhealth.Reporter) Set { - registryFactory := registries.NewFactory() + registryFactory := registries.NewFactory(registries.FactoryOptions{}) registrySet := registries.NewSet(registryFactory) scannerFactory := scanners.NewFactory(registrySet) diff --git a/pkg/registries/factory.go b/pkg/registries/factory.go index fe0eb2988f170..790aba61d3aac 100644 --- a/pkg/registries/factory.go +++ b/pkg/registries/factory.go @@ -26,9 +26,9 @@ type Factory interface { CreateRegistry(source *storage.ImageIntegration) (types.ImageRegistry, error) } -type creatorWrapper func() (string, func(integration *storage.ImageIntegration) (types.Registry, error)) +type CreatorWrapper func() (string, func(integration *storage.ImageIntegration) (types.Registry, error)) -var allCreatorFuncs = []creatorWrapper{ +var AllCreatorFuncs = []CreatorWrapper{ artifactRegistryFactory.Creator, artifactoryFactory.Creator, dockerFactory.Creator, @@ -44,19 +44,14 @@ var allCreatorFuncs = []creatorWrapper{ } // NewFactory creates a new scanner factory. -func NewFactory(opts ...FactoryOption) Factory { - var o factoryOption - for _, opt := range opts { - opt.apply(&o) - } - +func NewFactory(opts FactoryOptions) Factory { reg := &factoryImpl{ creators: make(map[string]Creator), } - creatorFuncs := allCreatorFuncs - if len(o.creatorFuncs) > 0 { - creatorFuncs = o.creatorFuncs + creatorFuncs := AllCreatorFuncs + if len(opts.CreatorFuncs) > 0 { + creatorFuncs = opts.CreatorFuncs } for _, creatorFunc := range creatorFuncs { diff --git a/pkg/registries/factory_options.go b/pkg/registries/factory_options.go index 259d9d676b81c..0252487ce4ee9 100644 --- a/pkg/registries/factory_options.go +++ b/pkg/registries/factory_options.go @@ -1,23 +1,8 @@ package registries -type factoryOption struct { - creatorFuncs []creatorWrapper -} - -// FactoryOption specifies optional configuration parameters for a registry factory. -type FactoryOption interface { - apply(*factoryOption) -} - -type factoryOptionFunc func(*factoryOption) - -func (f factoryOptionFunc) apply(opt *factoryOption) { - f(opt) -} - -// WithRegistryCreators specifies which registries to add to the factory. -func WithRegistryCreators(creatorFuncs ...creatorWrapper) FactoryOption { - return factoryOptionFunc(func(o *factoryOption) { - o.creatorFuncs = append(o.creatorFuncs, creatorFuncs...) - }) +// FactoryOptions specifies optional configuration parameters for a registry factory. +type FactoryOptions struct { + // CreatorFuncs specifies which registries to add to the factory. + // By default, AllCreatorFuncs is used. + CreatorFuncs []CreatorWrapper } diff --git a/pkg/scanners/anchore/anchore_test.go b/pkg/scanners/anchore/anchore_test.go index 0eb560dc47458..6c8aabddfb244 100644 --- a/pkg/scanners/anchore/anchore_test.go +++ b/pkg/scanners/anchore/anchore_test.go @@ -21,7 +21,7 @@ func TestAnchore(t *testing.T) { t.Skipf("Skipping Anchore integration test") } - registryFactory := registries.NewFactory() + registryFactory := registries.NewFactory(registries.FactoryOptions{}) registrySet := registries.NewSet(registryFactory) err := registrySet.UpdateImageIntegration(&storage.ImageIntegration{ diff --git a/sensor/common/registry/registry_store.go b/sensor/common/registry/registry_store.go index 92dc07335327a..22596cd6f7b3a 100644 --- a/sensor/common/registry/registry_store.go +++ b/sensor/common/registry/registry_store.go @@ -1,9 +1,11 @@ package registry import ( + "context" + "github.com/pkg/errors" "github.com/stackrox/rox/generated/storage" - "github.com/stackrox/rox/pkg/docker/types" + "github.com/stackrox/rox/pkg/docker/config" "github.com/stackrox/rox/pkg/logging" "github.com/stackrox/rox/pkg/registries" dockerFactory "github.com/stackrox/rox/pkg/registries/docker" @@ -24,25 +26,31 @@ type Store struct { mutex sync.RWMutex - // test indicates if this is a test store or not. - test bool + checkTLS CheckTLS } -// newRegistryStore creates a new registry store. -func newRegistryStore() *Store { - return &Store{ - factory: registries.NewFactory(registries.WithRegistryCreators(dockerFactory.Creator)), +// CheckTLS defines a function which checks if the given address is using TLS. +// An example implementation of this is tlscheck.CheckTLS. +type CheckTLS func(origAddr string) (bool, error) + +// NewRegistryStore creates a new registry store. +// The passed-in TLSChecker is used to check if a registry uses TLS. +// If no TLSChecker is passed in, tlscheck.CheckTLS is used by default. +func NewRegistryStore(checkTLS CheckTLS) *Store { + store := &Store{ + factory: registries.NewFactory(registries.FactoryOptions{ + CreatorFuncs: []registries.CreatorWrapper{dockerFactory.Creator}, + }), store: make(map[string]registries.Set), + + checkTLS: tlscheck.CheckTLS, } -} -// NewTestRegistryStore creates a new registry store for testing purposes. -// The main difference between this and a non-test registry store -// is that this one does not attempt to reach out to the registry to check TLS. -func NewTestRegistryStore() *Store { - rs := newRegistryStore() - rs.test = true - return rs + if checkTLS != nil { + store.checkTLS = checkTLS + } + + return store } func (rs *Store) getRegistries(namespace string) registries.Set { @@ -59,19 +67,16 @@ func (rs *Store) getRegistries(namespace string) registries.Set { } // UpsertRegistry upserts the given registry with the given credentials in the given namespace into the store. -func (rs *Store) UpsertRegistry(namespace, registry string, dce types.DockerConfigEntry) error { +func (rs *Store) UpsertRegistry(ctx context.Context, namespace, registry string, dce config.DockerConfigEntry) error { regs := rs.getRegistries(namespace) - var secure bool - if !rs.test { - var err error - secure, err = tlscheck.CheckTLS(registry) - if err != nil { - return errors.Wrapf(err, "unable to check TLS for registry %q", registry) - } + // TODO: pass a context here, as this can take time. + secure, err := rs.checkTLS(registry) + if err != nil { + return errors.Wrapf(err, "unable to check TLS for registry %q", registry) } - err := regs.UpdateImageIntegration(&storage.ImageIntegration{ + err = regs.UpdateImageIntegration(&storage.ImageIntegration{ Name: registry, Type: "docker", Categories: []storage.ImageIntegrationCategory{storage.ImageIntegrationCategory_REGISTRY}, diff --git a/sensor/common/registry/singleton.go b/sensor/common/registry/singleton.go index 402eb291f447c..5e807f7cb4ff4 100644 --- a/sensor/common/registry/singleton.go +++ b/sensor/common/registry/singleton.go @@ -10,7 +10,7 @@ var ( // Singleton returns a singleton of the registry storage. func Singleton() *Store { once.Do(func() { - rStore = newRegistryStore() + rStore = NewRegistryStore(nil) }) return rStore } diff --git a/sensor/kubernetes/listener/resources/secrets.go b/sensor/kubernetes/listener/resources/secrets.go index 4b61626c13408..207e4ce288d6e 100644 --- a/sensor/kubernetes/listener/resources/secrets.go +++ b/sensor/kubernetes/listener/resources/secrets.go @@ -11,7 +11,7 @@ import ( "github.com/cloudflare/cfssl/certinfo" "github.com/stackrox/rox/generated/internalapi/central" "github.com/stackrox/rox/generated/storage" - "github.com/stackrox/rox/pkg/docker/types" + "github.com/stackrox/rox/pkg/docker/config" "github.com/stackrox/rox/pkg/features" "github.com/stackrox/rox/pkg/protoconv" "github.com/stackrox/rox/pkg/registries/docker" @@ -133,7 +133,7 @@ func newSecretDispatcher(regStore *registry.Store) *secretDispatcher { } } -func dockerConfigToImageIntegration(registry string, dce types.DockerConfigEntry) *storage.ImageIntegration { +func dockerConfigToImageIntegration(registry string, dce config.DockerConfigEntry) *storage.ImageIntegration { registryType := docker.GenericDockerRegistryType if urlfmt.TrimHTTPPrefixes(registry) == redhatRegistryEndpoint { registryType = rhel.RedHatRegistryType @@ -155,7 +155,7 @@ func dockerConfigToImageIntegration(registry string, dce types.DockerConfigEntry } func (s *secretDispatcher) processDockerConfigEvent(secret *v1.Secret, action central.ResourceAction) []*central.SensorEvent { - var dockerConfig types.DockerConfig + var dockerConfig config.DockerConfig switch secret.Type { case v1.SecretTypeDockercfg: data, ok := secret.Data[v1.DockerConfigKey] @@ -171,7 +171,7 @@ func (s *secretDispatcher) processDockerConfigEvent(secret *v1.Secret, action ce if !ok { return nil } - var dockerConfigJSON types.DockerConfigJSON + var dockerConfigJSON config.DockerConfigJSON if err := json.Unmarshal(data, &dockerConfigJSON); err != nil { log.Error(err) return nil From 15e362fcadd203d72faaf4e002363db1bbc67388 Mon Sep 17 00:00:00 2001 From: RTann Date: Mon, 7 Feb 2022 16:43:26 -0800 Subject: [PATCH 057/103] PR udpates --- sensor/common/registry/registry_store.go | 4 +--- sensor/kubernetes/listener/resources/secrets.go | 2 ++ 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/sensor/common/registry/registry_store.go b/sensor/common/registry/registry_store.go index 22596cd6f7b3a..b25866a77cc0b 100644 --- a/sensor/common/registry/registry_store.go +++ b/sensor/common/registry/registry_store.go @@ -1,8 +1,6 @@ package registry import ( - "context" - "github.com/pkg/errors" "github.com/stackrox/rox/generated/storage" "github.com/stackrox/rox/pkg/docker/config" @@ -67,7 +65,7 @@ func (rs *Store) getRegistries(namespace string) registries.Set { } // UpsertRegistry upserts the given registry with the given credentials in the given namespace into the store. -func (rs *Store) UpsertRegistry(ctx context.Context, namespace, registry string, dce config.DockerConfigEntry) error { +func (rs *Store) UpsertRegistry(namespace, registry string, dce config.DockerConfigEntry) error { regs := rs.getRegistries(namespace) // TODO: pass a context here, as this can take time. diff --git a/sensor/kubernetes/listener/resources/secrets.go b/sensor/kubernetes/listener/resources/secrets.go index 207e4ce288d6e..d179f1a4fec97 100644 --- a/sensor/kubernetes/listener/resources/secrets.go +++ b/sensor/kubernetes/listener/resources/secrets.go @@ -197,6 +197,8 @@ func (s *secretDispatcher) processDockerConfigEvent(secret *v1.Secret, action ce if err != nil { log.Errorf("Unable to upsert registry %q into store: %v", registry, err) } + + continue } } ii := dockerConfigToImageIntegration(registry, dce) From d2687bdea3eddd21a5ca0319172e0bd1b17d4cfc Mon Sep 17 00:00:00 2001 From: RTann Date: Mon, 7 Feb 2022 17:12:02 -0800 Subject: [PATCH 058/103] style --- pkg/registries/factory.go | 2 ++ sensor/common/registry/registry_store.go | 2 +- sensor/kubernetes/listener/resources/secrets_test.go | 9 +++++++-- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/pkg/registries/factory.go b/pkg/registries/factory.go index 790aba61d3aac..13f99902435dc 100644 --- a/pkg/registries/factory.go +++ b/pkg/registries/factory.go @@ -26,8 +26,10 @@ type Factory interface { CreateRegistry(source *storage.ImageIntegration) (types.ImageRegistry, error) } +// CreatorWrapper is a wrapper around a Creator which also returns the registry's name. type CreatorWrapper func() (string, func(integration *storage.ImageIntegration) (types.Registry, error)) +// AllCreatorFuncs defines all known registry creators. var AllCreatorFuncs = []CreatorWrapper{ artifactRegistryFactory.Creator, artifactoryFactory.Creator, diff --git a/sensor/common/registry/registry_store.go b/sensor/common/registry/registry_store.go index b25866a77cc0b..c4e9b7339156c 100644 --- a/sensor/common/registry/registry_store.go +++ b/sensor/common/registry/registry_store.go @@ -39,7 +39,7 @@ func NewRegistryStore(checkTLS CheckTLS) *Store { factory: registries.NewFactory(registries.FactoryOptions{ CreatorFuncs: []registries.CreatorWrapper{dockerFactory.Creator}, }), - store: make(map[string]registries.Set), + store: make(map[string]registries.Set), checkTLS: tlscheck.CheckTLS, } diff --git a/sensor/kubernetes/listener/resources/secrets_test.go b/sensor/kubernetes/listener/resources/secrets_test.go index cfa85d36bb79e..e60031a8033ed 100644 --- a/sensor/kubernetes/listener/resources/secrets_test.go +++ b/sensor/kubernetes/listener/resources/secrets_test.go @@ -65,12 +65,17 @@ var ( } ) +// checkTLS is a dummy implementation of registry.CheckTLS +func checkTLS(_ string) (bool, error) { + return false, nil +} + func TestOpenShiftRegistrySecret_311(t *testing.T) { testutils.RunWithFeatureFlagEnabled(t, features.LocalImageScanning, testOpenShiftRegistrySecret311) } func testOpenShiftRegistrySecret311(t *testing.T) { - regStore := registry.NewTestRegistryStore() + regStore := registry.NewRegistryStore(checkTLS) d := newSecretDispatcher(regStore) _ = d.ProcessEvent(openshift311DockerConfigSecret, nil, central.ResourceAction_CREATE_RESOURCE) @@ -98,7 +103,7 @@ func TestOpenShiftRegistrySecret_4x(t *testing.T) { } func testOpenShiftRegistrySecret4x(t *testing.T) { - regStore := registry.NewTestRegistryStore() + regStore := registry.NewRegistryStore(checkTLS) d := newSecretDispatcher(regStore) _ = d.ProcessEvent(openshift4xDockerConfigSecret, nil, central.ResourceAction_CREATE_RESOURCE) From 9900b2d062b0156371da4030d8bc03b85c40cee4 Mon Sep 17 00:00:00 2001 From: RTann Date: Mon, 7 Feb 2022 17:19:20 -0800 Subject: [PATCH 059/103] add ctx and comment fixes --- sensor/common/registry/registry_store.go | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/sensor/common/registry/registry_store.go b/sensor/common/registry/registry_store.go index c4e9b7339156c..a4853820a4cf1 100644 --- a/sensor/common/registry/registry_store.go +++ b/sensor/common/registry/registry_store.go @@ -1,6 +1,8 @@ package registry import ( + "context" + "github.com/pkg/errors" "github.com/stackrox/rox/generated/storage" "github.com/stackrox/rox/pkg/docker/config" @@ -29,11 +31,11 @@ type Store struct { // CheckTLS defines a function which checks if the given address is using TLS. // An example implementation of this is tlscheck.CheckTLS. -type CheckTLS func(origAddr string) (bool, error) +type CheckTLS func(ctx context.Context, origAddr string) (bool, error) // NewRegistryStore creates a new registry store. -// The passed-in TLSChecker is used to check if a registry uses TLS. -// If no TLSChecker is passed in, tlscheck.CheckTLS is used by default. +// The passed-in CheckTLS is used to check if a registry uses TLS. +// If checkTLS is nil, tlscheck.CheckTLS is used by default. func NewRegistryStore(checkTLS CheckTLS) *Store { store := &Store{ factory: registries.NewFactory(registries.FactoryOptions{ @@ -65,11 +67,10 @@ func (rs *Store) getRegistries(namespace string) registries.Set { } // UpsertRegistry upserts the given registry with the given credentials in the given namespace into the store. -func (rs *Store) UpsertRegistry(namespace, registry string, dce config.DockerConfigEntry) error { +func (rs *Store) UpsertRegistry(ctx context.Context, namespace, registry string, dce config.DockerConfigEntry) error { regs := rs.getRegistries(namespace) - // TODO: pass a context here, as this can take time. - secure, err := rs.checkTLS(registry) + secure, err := rs.checkTLS(ctx, registry) if err != nil { return errors.Wrapf(err, "unable to check TLS for registry %q", registry) } From 05fa6c62f6e54abc53138e596ebc27f2219d59a8 Mon Sep 17 00:00:00 2001 From: RTann Date: Mon, 7 Feb 2022 17:28:21 -0800 Subject: [PATCH 060/103] style --- sensor/kubernetes/listener/resources/secrets.go | 3 ++- sensor/kubernetes/listener/resources/secrets_test.go | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/sensor/kubernetes/listener/resources/secrets.go b/sensor/kubernetes/listener/resources/secrets.go index d179f1a4fec97..57a8ef3ba9179 100644 --- a/sensor/kubernetes/listener/resources/secrets.go +++ b/sensor/kubernetes/listener/resources/secrets.go @@ -1,6 +1,7 @@ package resources import ( + "context" "encoding/base64" "encoding/json" "errors" @@ -193,7 +194,7 @@ func (s *secretDispatcher) processDockerConfigEvent(secret *v1.Secret, action ce if features.LocalImageScanning.Enabled() { if fromDefaultSA { // Store the registry credentials so Sensor can reach it. - err := s.regStore.UpsertRegistry(secret.GetNamespace(), registry, dce) + err := s.regStore.UpsertRegistry(context.Background(), secret.GetNamespace(), registry, dce) if err != nil { log.Errorf("Unable to upsert registry %q into store: %v", registry, err) } diff --git a/sensor/kubernetes/listener/resources/secrets_test.go b/sensor/kubernetes/listener/resources/secrets_test.go index e60031a8033ed..b4c67ce6bf76a 100644 --- a/sensor/kubernetes/listener/resources/secrets_test.go +++ b/sensor/kubernetes/listener/resources/secrets_test.go @@ -1,6 +1,7 @@ package resources import ( + "context" "testing" "github.com/stackrox/rox/generated/internalapi/central" @@ -66,7 +67,7 @@ var ( ) // checkTLS is a dummy implementation of registry.CheckTLS -func checkTLS(_ string) (bool, error) { +func checkTLS(_ context.Context, _ string) (bool, error) { return false, nil } From b06b40222636ce0a1ff7ada757d2e3a8ef54737c Mon Sep 17 00:00:00 2001 From: RTann Date: Mon, 7 Feb 2022 19:47:05 -0800 Subject: [PATCH 061/103] rename checkTLS for clarity --- sensor/kubernetes/listener/resources/secrets_test.go | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/sensor/kubernetes/listener/resources/secrets_test.go b/sensor/kubernetes/listener/resources/secrets_test.go index b4c67ce6bf76a..14a4f3b4d66b5 100644 --- a/sensor/kubernetes/listener/resources/secrets_test.go +++ b/sensor/kubernetes/listener/resources/secrets_test.go @@ -66,8 +66,9 @@ var ( } ) -// checkTLS is a dummy implementation of registry.CheckTLS -func checkTLS(_ context.Context, _ string) (bool, error) { +// alwaysInsecureCheckTLS is an implementation of registry.CheckTLS +// which always says the given address is insecure. +func alwaysInsecureCheckTLS(_ context.Context, _ string) (bool, error) { return false, nil } @@ -76,7 +77,7 @@ func TestOpenShiftRegistrySecret_311(t *testing.T) { } func testOpenShiftRegistrySecret311(t *testing.T) { - regStore := registry.NewRegistryStore(checkTLS) + regStore := registry.NewRegistryStore(alwaysInsecureCheckTLS) d := newSecretDispatcher(regStore) _ = d.ProcessEvent(openshift311DockerConfigSecret, nil, central.ResourceAction_CREATE_RESOURCE) @@ -104,7 +105,7 @@ func TestOpenShiftRegistrySecret_4x(t *testing.T) { } func testOpenShiftRegistrySecret4x(t *testing.T) { - regStore := registry.NewRegistryStore(checkTLS) + regStore := registry.NewRegistryStore(alwaysInsecureCheckTLS) d := newSecretDispatcher(regStore) _ = d.ProcessEvent(openshift4xDockerConfigSecret, nil, central.ResourceAction_CREATE_RESOURCE) From 9c63f53e74e5f468963dd246403c330f38c4535a Mon Sep 17 00:00:00 2001 From: RTann Date: Mon, 7 Feb 2022 19:59:56 -0800 Subject: [PATCH 062/103] update scanner version --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index da611cf7f9e36..484ea7bb87f5c 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.16 // CAVEAT: This introduces a circular dependency. If you change this line, you MUST change the "exclude" // directive at the bottom of the file as well. -require github.com/stackrox/scanner v0.0.0-20220203234025-292f3b621b6d +require github.com/stackrox/scanner v0.0.0-20220208020809-a2e8bd8173f7 require ( cloud.google.com/go/compute v0.1.0 diff --git a/go.sum b/go.sum index da55bb1761442..746e1b12972b1 100644 --- a/go.sum +++ b/go.sum @@ -1952,8 +1952,8 @@ github.com/stackrox/k8s-istio-cve-pusher v0.0.0-20210422200002-d89f671ac4f5 h1:0 github.com/stackrox/k8s-istio-cve-pusher v0.0.0-20210422200002-d89f671ac4f5/go.mod h1:GEtZ9DYAzmOtyqQPCJCEIzXJ7NcrHbMy6ZPJbcyfmLM= github.com/stackrox/nvdtools v0.0.0-20210326191554-5daeb6395b56 h1:D2wYiy+hcKy8qZAg9SxSWfZgbvmEgD9AdV0g0lJqGZ0= github.com/stackrox/nvdtools v0.0.0-20210326191554-5daeb6395b56/go.mod h1:AIeN7k60Q/kcW9aeiMpA0PY8CU3zsrLV0UhIksolMn4= -github.com/stackrox/scanner v0.0.0-20220203234025-292f3b621b6d h1:epw1k0lUSPbjdK0uCMBuIQZdXLkzOrEDTex1/EyI3n0= -github.com/stackrox/scanner v0.0.0-20220203234025-292f3b621b6d/go.mod h1:DxQRXuuHfgvLOCBkhwX67Q6qO/6MkKizEBXdnhKudkQ= +github.com/stackrox/scanner v0.0.0-20220208020809-a2e8bd8173f7 h1:N0jOU0Mz1zKQfsuYuff1rhcBtWhbDrPip+CLbas3A5o= +github.com/stackrox/scanner v0.0.0-20220208020809-a2e8bd8173f7/go.mod h1:M0xLHh7gY4YHVmtQJdQAdYHvDq3UjQhWDOqZAWGVYCU= github.com/stackrox/tail v1.4.9-0.20210831224919-407035634f5d h1:jeM6QMtwE9BU0rfDYcmkI/aOChOUfIO18LDp/DSnZpI= github.com/stackrox/tail v1.4.9-0.20210831224919-407035634f5d/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/stackrox/yaml/v2 v2.4.1 h1:09ux+QFfvp+Lk73pwGlMTAHeZoS2pqs6CCngYaJ6EQo= From 1a2e2b0c05f1ac13f452525f2514cbb71424ebcc Mon Sep 17 00:00:00 2001 From: RTann Date: Wed, 9 Feb 2022 15:27:07 -0800 Subject: [PATCH 063/103] minor updates --- sensor/common/detector/enricher.go | 7 ++++--- sensor/common/image/service_impl.go | 6 +++--- sensor/common/scannerclient/scan.go | 5 ++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/sensor/common/detector/enricher.go b/sensor/common/detector/enricher.go index f7da9767c370c..ab54378f2fae7 100644 --- a/sensor/common/detector/enricher.go +++ b/sensor/common/detector/enricher.go @@ -59,10 +59,11 @@ func scanImage(ctx context.Context, svc v1.ImageServiceClient, ci *storage.Conta }) if features.LocalImageScanning.Enabled() { + img := scannedImage.GetImage() // ScanImageInternal may return without error even if it was unable to find the image. - // Check the metadata here: if Central cannot retrieve the metadata, perhaps the - // image is stored in an internal registry which Sensor can reach. - if err == nil && scannedImage.GetImage().GetMetadata() == nil { + // Check the metadata and scan here: if Central cannot retrieve the metadata nor scan, + // perhaps the image is stored in an internal registry which Sensor can reach. + if err == nil && img.GetMetadata() == nil && img.GetScan() == nil { scannedImage.Image, err = scannerclient.ScanImage(ctx, svc, ci) } } diff --git a/sensor/common/image/service_impl.go b/sensor/common/image/service_impl.go index 43b1a30cd8349..45d6f325f5eaa 100644 --- a/sensor/common/image/service_impl.go +++ b/sensor/common/image/service_impl.go @@ -65,9 +65,9 @@ func (s *serviceImpl) GetImage(ctx context.Context, req *sensor.GetImageRequest) if features.LocalImageScanning.Enabled() { // ScanImageInternal may return without error even if it was unable to find the image. - // Check the metadata here: if Central cannot retrieve the metadata, perhaps the - // image is stored in an internal registry which Scanner can reach. - if img.GetMetadata() == nil { + // Check the metadata and scan here: if Central cannot retrieve the metadata nor scan, + // perhaps the image is stored in an internal registry which Sensor can reach. + if img.GetMetadata() == nil && img.GetScan() == nil { img, err = scannerclient.ScanImage(ctx, s.centralClient, req.GetImage()) if err != nil { return nil, errors.Wrap(err, "scanning image via local scanner") diff --git a/sensor/common/scannerclient/scan.go b/sensor/common/scannerclient/scan.go index f8bc83ef797e7..9e79c5e863f1f 100644 --- a/sensor/common/scannerclient/scan.go +++ b/sensor/common/scannerclient/scan.go @@ -27,11 +27,10 @@ func ScanImage(ctx context.Context, centralClient v1.ImageServiceClient, image * imgData, err := scannerClient.GetImageAnalysis(ctx, image) if err != nil { - return nil, errors.Wrap(err, "scanning image") + return nil, errors.Wrapf(err, "scanning image %q in namespace %q", image.GetName().GetFullName(), image.GetNamespace()) } - // If the scan did not succeed, then ignore the results. if imgData.GetStatus() != scannerV1.ScanStatus_SUCCEEDED { - return nil, nil + return nil, errors.Wrapf(err, "scan failed for image %q in namespace %q", image.GetName().GetFullName(), image.GetNamespace()) } centralResp, err := centralClient.GetImageVulnerabilitiesInternal(ctx, &v1.GetImageVulnerabilitiesInternalRequest{ From b145ebd08c92984e8afab2a773173a233346f3e3 Mon Sep 17 00:00:00 2001 From: RTann Date: Wed, 9 Feb 2022 16:12:47 -0800 Subject: [PATCH 064/103] info for now --- sensor/common/scannerclient/grpc_client.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sensor/common/scannerclient/grpc_client.go b/sensor/common/scannerclient/grpc_client.go index c0688ec8b8da0..49e3fba98e0cd 100644 --- a/sensor/common/scannerclient/grpc_client.go +++ b/sensor/common/scannerclient/grpc_client.go @@ -75,7 +75,8 @@ func (c *client) GetImageAnalysis(ctx context.Context, image *storage.ContainerI return nil, errors.Wrapf(err, "getting image metadata for %s in namespace %q", image.GetName().GetFullName(), image.GetNamespace()) } - log.Debugf("Retrieved metadata for image %s in namespace %s", image.GetName().GetFullName(), image.GetNamespace()) + // TODO: Switch to debug, but for now process signals are really bothering me + log.Infof("Retrieved metadata for image %s in namespace %s", image.GetName().GetFullName(), image.GetNamespace()) cfg := reg.Config() resp, err := c.client.GetImageComponents(ctx, &scannerV1.GetImageComponentsRequest{ From f890ecc1e3b352fefcc41030351acb4713cf60f4 Mon Sep 17 00:00:00 2001 From: RTann Date: Wed, 9 Feb 2022 16:58:12 -0800 Subject: [PATCH 065/103] fix Scanner connection issues --- sensor/common/scannerclient/grpc_client.go | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/sensor/common/scannerclient/grpc_client.go b/sensor/common/scannerclient/grpc_client.go index 49e3fba98e0cd..561f1eb911b7d 100644 --- a/sensor/common/scannerclient/grpc_client.go +++ b/sensor/common/scannerclient/grpc_client.go @@ -2,7 +2,6 @@ package scannerclient import ( "context" - "fmt" "strings" "github.com/pkg/errors" @@ -30,13 +29,8 @@ func newGRPCClient(endpoint string) (*client, error) { return nil, nil } - parts := strings.SplitN(endpoint, "://", 2) - if parts[0] != "https" { - if len(parts) != 1 { - return nil, errors.Errorf("creating client unsupported scheme %s", parts[0]) - } - - endpoint = fmt.Sprintf("https://%s", endpoint) + if hasScheme := strings.Contains(endpoint, "://"); hasScheme { + return nil, errors.Errorf("Scanner endpoint should not specify a scheme: %s", endpoint) } tlsConfig, err := clientconn.TLSConfig(mtls.ScannerSubject, clientconn.TLSConfigOptions{ From 9187cacbb94487fef98db37e2b12e7ecdffd3769 Mon Sep 17 00:00:00 2001 From: RTann Date: Wed, 9 Feb 2022 18:12:38 -0800 Subject: [PATCH 066/103] add debug logs --- sensor/common/scannerclient/grpc_client.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sensor/common/scannerclient/grpc_client.go b/sensor/common/scannerclient/grpc_client.go index 561f1eb911b7d..5f16e9628a30d 100644 --- a/sensor/common/scannerclient/grpc_client.go +++ b/sensor/common/scannerclient/grpc_client.go @@ -66,11 +66,11 @@ func (c *client) GetImageAnalysis(ctx context.Context, image *storage.ContainerI metadata, err := reg.Metadata(types.ToImage(image)) if err != nil { + log.Debugf("Failed to get image metadata: %v", err) return nil, errors.Wrapf(err, "getting image metadata for %s in namespace %q", image.GetName().GetFullName(), image.GetNamespace()) } - // TODO: Switch to debug, but for now process signals are really bothering me - log.Infof("Retrieved metadata for image %s in namespace %s", image.GetName().GetFullName(), image.GetNamespace()) + log.Debugf("Retrieved metadata for image %s in namespace %s: %v", image.GetName().GetFullName(), image.GetNamespace(), metadata) cfg := reg.Config() resp, err := c.client.GetImageComponents(ctx, &scannerV1.GetImageComponentsRequest{ From bfae643da3a98a81f745f6343bda33cc0ce2e033 Mon Sep 17 00:00:00 2001 From: RTann Date: Wed, 9 Feb 2022 18:19:29 -0800 Subject: [PATCH 067/103] minor updates --- pkg/env/sensor.go | 1 - sensor/common/detector/enricher.go | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/pkg/env/sensor.go b/pkg/env/sensor.go index 60f92f6afe7f0..c73f97590de16 100644 --- a/pkg/env/sensor.go +++ b/pkg/env/sensor.go @@ -14,6 +14,5 @@ var ( // ScannerEndpoint is used to communicate the scanner endpoint to other services in the same cluster. // This is typically used for Sensor to communicate with a local Scanner-slim's gRPC server. - // TODO: Should this not be defaulted? ScannerEndpoint = RegisterSetting("ROX_SCANNER_GRPC_ENDPOINT", WithDefault("scanner.stackrox.svc:8443")) ) diff --git a/sensor/common/detector/enricher.go b/sensor/common/detector/enricher.go index ab54378f2fae7..3fd04ffe1d121 100644 --- a/sensor/common/detector/enricher.go +++ b/sensor/common/detector/enricher.go @@ -167,7 +167,7 @@ func (e *enricher) getImages(deployment *storage.Deployment) []*storage.Image { img := container.GetImage() // Ensure the container image has its namespace populated prior to scanning. img.Namespace = deployment.GetNamespace() - e.runImageScanAsync(imageChan, idx, container.GetImage()) + e.runImageScanAsync(imageChan, idx, img) } images := make([]*storage.Image, len(deployment.GetContainers())) for i := 0; i < len(deployment.GetContainers()); i++ { From 831456a2873e79987ac70dffdbeb5e2e7b0ddc79 Mon Sep 17 00:00:00 2001 From: RTann Date: Wed, 9 Feb 2022 18:26:55 -0800 Subject: [PATCH 068/103] more updates --- sensor/common/scannerclient/grpc_client.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sensor/common/scannerclient/grpc_client.go b/sensor/common/scannerclient/grpc_client.go index 5f16e9628a30d..468e37c559c0f 100644 --- a/sensor/common/scannerclient/grpc_client.go +++ b/sensor/common/scannerclient/grpc_client.go @@ -61,13 +61,13 @@ func newGRPCClient(endpoint string) (*client, error) { func (c *client) GetImageAnalysis(ctx context.Context, image *storage.ContainerImage) (*imageData, error) { reg, err := getRegistry(image) if err != nil { - return nil, errors.Wrapf(err, "determining image registry for %s in namespace %q", image.GetName().GetFullName(), image.GetNamespace()) + return nil, errors.Wrap(err, "determining image registry") } metadata, err := reg.Metadata(types.ToImage(image)) if err != nil { - log.Debugf("Failed to get image metadata: %v", err) - return nil, errors.Wrapf(err, "getting image metadata for %s in namespace %q", image.GetName().GetFullName(), image.GetNamespace()) + log.Debugf("Failed to metadata for image %s in namespace %s: %v", image.GetName().GetFullName(), image.GetNamespace(), err) + return nil, errors.Wrap(err, "getting image metadata") } log.Debugf("Retrieved metadata for image %s in namespace %s: %v", image.GetName().GetFullName(), image.GetNamespace(), metadata) From 6d400bb02a447ec67b1ec3f5fad1c38a26b29dd2 Mon Sep 17 00:00:00 2001 From: RTann Date: Thu, 10 Feb 2022 14:14:51 -0800 Subject: [PATCH 069/103] updates --- sensor/common/scannerclient/grpc_client.go | 10 ++++++++-- sensor/kubernetes/listener/resources/secrets_test.go | 8 ++++++-- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/sensor/common/scannerclient/grpc_client.go b/sensor/common/scannerclient/grpc_client.go index 468e37c559c0f..a265a98ebeaca 100644 --- a/sensor/common/scannerclient/grpc_client.go +++ b/sensor/common/scannerclient/grpc_client.go @@ -64,13 +64,16 @@ func (c *client) GetImageAnalysis(ctx context.Context, image *storage.ContainerI return nil, errors.Wrap(err, "determining image registry") } + name := image.GetName().GetFullName() + namespace := image.GetNamespace() + metadata, err := reg.Metadata(types.ToImage(image)) if err != nil { - log.Debugf("Failed to metadata for image %s in namespace %s: %v", image.GetName().GetFullName(), image.GetNamespace(), err) + log.Debugf("Failed to get metadata for image %s in namespace %s: %v", name, namespace, err) return nil, errors.Wrap(err, "getting image metadata") } - log.Debugf("Retrieved metadata for image %s in namespace %s: %v", image.GetName().GetFullName(), image.GetNamespace(), metadata) + log.Debugf("Retrieved metadata for image %s in namespace %s: %v", name, namespace, metadata) cfg := reg.Config() resp, err := c.client.GetImageComponents(ctx, &scannerV1.GetImageComponentsRequest{ @@ -83,9 +86,12 @@ func (c *client) GetImageAnalysis(ctx context.Context, image *storage.ContainerI }, }) if err != nil { + log.Debugf("Unable to get image components from scanner for image %s in namespace %s: %v", name, namespace, err) return nil, errors.Wrap(err, "getting image components from scanner") } + log.Debugf("Got image components from scanner for image %s in namespace %s", name, namespace) + return &imageData{ Metadata: metadata, GetImageComponentsResponse: resp, diff --git a/sensor/kubernetes/listener/resources/secrets_test.go b/sensor/kubernetes/listener/resources/secrets_test.go index 14a4f3b4d66b5..6e841ecf8b6ee 100644 --- a/sensor/kubernetes/listener/resources/secrets_test.go +++ b/sensor/kubernetes/listener/resources/secrets_test.go @@ -97,7 +97,9 @@ func testOpenShiftRegistrySecret311(t *testing.T) { Autogenerated: false, } - assert.Equal(t, expectedRegConfig, regs.GetAll()[0].Config()) + reg := regs.GetAll()[0] + assert.Equal(t, "docker-registry.default.svc.cluster.local:5000", reg.Name()) + assert.Equal(t, expectedRegConfig, reg.Config()) } func TestOpenShiftRegistrySecret_4x(t *testing.T) { @@ -125,5 +127,7 @@ func testOpenShiftRegistrySecret4x(t *testing.T) { Autogenerated: false, } - assert.Equal(t, expectedRegConfig, regs.GetAll()[0].Config()) + reg := regs.GetAll()[0] + assert.Equal(t, "image-registry.openshift-image-registry.svc:5000", reg.Name()) + assert.Equal(t, expectedRegConfig, reg.Config()) } From f4e0e877ccc031428524220fdda777d000b4b726 Mon Sep 17 00:00:00 2001 From: RTann Date: Thu, 10 Feb 2022 14:36:10 -0800 Subject: [PATCH 070/103] update scanner --- go.mod | 2 +- go.sum | 22 ++-------------------- 2 files changed, 3 insertions(+), 21 deletions(-) diff --git a/go.mod b/go.mod index 34218e44bbcf1..1e9279ee479f6 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.16 // CAVEAT: This introduces a circular dependency. If you change this line, you MUST change the "exclude" // directive at the bottom of the file as well. -require github.com/stackrox/scanner v0.0.0-20220208020809-a2e8bd8173f7 +require github.com/stackrox/scanner v0.0.0-20220210173404-cc3102a65d21 require ( cloud.google.com/go/compute v0.1.0 diff --git a/go.sum b/go.sum index ec3e590497c2a..dbb665c47b8a3 100644 --- a/go.sum +++ b/go.sum @@ -530,7 +530,6 @@ github.com/containernetworking/cni v0.8.0/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ github.com/containernetworking/cni v0.8.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHVlzhJpcY6TQxn/fUyDDM= github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRDjeJr6FLK6vuiUwoH7P8= -github.com/containers/image/v5 v5.11.1/go.mod h1:HC9lhJ/Nz5v3w/5Co7H431kLlgzlVlOC+auD/er3OqE= github.com/containers/image/v5 v5.19.1 h1:g4/+XIuh1kRoRn2MfLDhfHhkNOIO9JtqhSyo55tjpfE= github.com/containers/image/v5 v5.19.1/go.mod h1:ewoo3u+TpJvGmsz64XgzbyTHwHtM94q7mgK/pX+v2SE= github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY= @@ -538,7 +537,6 @@ github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/ github.com/containers/ocicrypt v1.1.0/go.mod h1:b8AOe0YR67uU8OqfVNcznfFpAzu3rdgUV4GP9qXPfu4= github.com/containers/ocicrypt v1.1.1/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY= github.com/containers/ocicrypt v1.1.2/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY= -github.com/containers/storage v1.29.0/go.mod h1:u84RU4CCufGeJBNTRNwMB+FoE+AiFeFw4SsMoqAOeCM= github.com/containers/storage v1.38.2 h1:8bAIxnVBGKzMw5EWCivVj24bztQT6IkDp4uHiyhnzwE= github.com/containers/storage v1.38.2/go.mod h1:INP0RPLHWBxx+pTsO5uiHlDUGHDFvWZPWprAbAlQWPQ= github.com/coreos/bbolt v1.3.1-coreos.6/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= @@ -655,7 +653,6 @@ github.com/docker/docker v0.7.3-0.20190103212154-2b7e084dc98b/go.mod h1:eEKB0N0r github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v0.7.3-0.20190817195342-4760db040282/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker v1.4.2-0.20191219165747-a9416c67da9f/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v1.4.2-0.20200203170920-46ec8731fbce/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v17.12.0-ce-rc1.0.20200618181300-9dc6525e6118+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.12+incompatible h1:CEeNmFM0QZIsJCZKMkZx0ZcahTiewkrgiwfYD+dfl1U= @@ -801,14 +798,11 @@ github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6 github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4= github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E= -github.com/go-git/go-billy/v5 v5.0.0/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= github.com/go-git/go-billy/v5 v5.2.0/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= github.com/go-git/go-billy/v5 v5.3.1 h1:CPiOUAzKtMRvolEKw+bG1PLRpT7D3LIs3/3ey4Aiu34= github.com/go-git/go-billy/v5 v5.3.1/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= -github.com/go-git/go-git-fixtures/v4 v4.0.2-0.20200613231340-f56387b50c12/go.mod h1:m+ICp2rF3jDhFgEZ/8yziagdT1C+ZpZcrJjappBCDSw= github.com/go-git/go-git-fixtures/v4 v4.2.1 h1:n9gGL1Ct/yIw+nfsfr8s4+sbhT+Ncu2SubfXjIWgci8= github.com/go-git/go-git-fixtures/v4 v4.2.1/go.mod h1:K8zd3kDUAykwTdDCr+I0per6Y6vMiRR/nnVTBtavnB0= -github.com/go-git/go-git/v5 v5.2.0/go.mod h1:kh02eMX+wdqqxgNMEyq8YgwlIOsDOa9homkUq1PoTMs= github.com/go-git/go-git/v5 v5.4.2 h1:BXyZu9t0VkbiHtqrsvdq39UDhGJTl1h55VW6CSC4aY4= github.com/go-git/go-git/v5 v5.4.2/go.mod h1:gQ1kArt6d+n+BGd+/B/I74HwRTLhth2+zti4ihgckDc= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= @@ -1370,7 +1364,6 @@ github.com/jsonnet-bundler/jsonnet-bundler v0.3.1/go.mod h1:/by7P/OoohkI3q4CgSFq github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= -github.com/juju/ansiterm v0.0.0-20180109212912-720a0952cc2a/go.mod h1:UJSiEoRfvx3hP73CvoARgeLjaIOjybY9vj8PUPPFGeU= github.com/juju/ratelimit v1.0.1/go.mod h1:qapgC/Gy+xNh9UxzV13HGGl/6UXNN+ct+vwSgWNm/qk= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= @@ -1459,7 +1452,6 @@ github.com/linuxkit/virtsock v0.0.0-20201010232012-f8cee7dfc7a3/go.mod h1:3r6x7q github.com/lithammer/dedent v1.1.0/go.mod h1:jrXYCQtgg0nJiN+StA2KgR7w6CiQNv9Fd/Z9BP0jIOc= github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= github.com/lovoo/gcloud-opentracing v0.3.0/go.mod h1:ZFqk2y38kMDDikZPAK7ynTTGuyt17nSPdS3K5e+ZTBY= -github.com/lunixbochs/vtclean v0.0.0-20180621232353-2d01aacdc34a/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/lyft/protoc-gen-star v0.5.3/go.mod h1:V0xaHgaf5oCCqmcxYcWiDfTiKsZsRc87/1qhoTACD8w= github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= github.com/machinebox/graphql v0.2.2 h1:dWKpJligYKhYKO5A2gvNhkJdQMNZeChZYyBbrZkBZfo= @@ -1479,7 +1471,6 @@ github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7 github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/manifoldco/promptui v0.8.0/go.mod h1:n4zTdgP0vr0S3w7/O/g98U+e0gwLScEXGwov2nIKuGQ= github.com/manifoldco/promptui v0.9.0/go.mod h1:ka04sppxSGFAtxX0qhlYQjISsg9mR4GWtQEhdbn6Pgg= github.com/maratori/testpackage v1.0.1/go.mod h1:ddKdw+XG0Phzhx8BFDTKgpWP4i7MpApTE5fXSKAqwDU= github.com/markbates/errx v1.1.0 h1:QDFeR+UP95dO12JgW+tgi2UVfo0V8YBHiUIOaeBPiEI= @@ -1529,7 +1520,6 @@ github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzp github.com/mattn/go-runewidth v0.0.6/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= -github.com/mattn/go-runewidth v0.0.10/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk= github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU= github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o= @@ -1637,7 +1627,6 @@ github.com/mozillazg/go-cos v0.13.0/go.mod h1:Zp6DvvXn0RUOXGJ2chmWt2bLEqRAnJnS3D github.com/mozillazg/go-httpheader v0.2.1/go.mod h1:jJ8xECTlalr6ValeXYdOF8fFUISeBAdw6E61aqQma60= github.com/mschoch/smat v0.2.0 h1:8imxQsjDm8yFEAVBe7azKmKSgzSkZXDuKkSq9374khM= github.com/mschoch/smat v0.2.0/go.mod h1:kc9mz7DoBKqDyiRL7VZN8KvXQMWeTaVnttLRXOlotKw= -github.com/mtrmac/gpgme v0.1.2/go.mod h1:GYYHnGSuS7HK3zVS2n3y73y0okK/BeKzwnn5jgiVFNI= github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= @@ -1802,8 +1791,6 @@ github.com/polyfloyd/go-errorlint v0.0.0-20210722154253-910bb7978349/go.mod h1:w github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s= github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= -github.com/pquerna/ffjson v0.0.0-20181028064349-e517b90714f7/go.mod h1:YARuvh7BUWHNhzDq2OM5tzR2RiCcN2D7sapiKyCel/M= -github.com/pquerna/ffjson v0.0.0-20190813045741-dac163c6c0a9/go.mod h1:YARuvh7BUWHNhzDq2OM5tzR2RiCcN2D7sapiKyCel/M= github.com/proglottis/gpgme v0.1.1/go.mod h1:fPbW/EZ0LvwQtH8Hy7eixhp1eF3G39dtx7GUN+0Gmy0= github.com/prometheus/alertmanager v0.18.0/go.mod h1:WcxHBl40VSPuOaqWae6l6HpnEOVRIycEJ7i9iYkadEE= github.com/prometheus/alertmanager v0.20.0/go.mod h1:9g2i48FAyZW6BtbsnvHtMHQXl2aVtrORKwKVCQ+nbrg= @@ -1883,7 +1870,6 @@ github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqn github.com/remind101/migrate v0.0.0-20170729031349-52c1edff7319/go.mod h1:rhSvwcijY9wfmrBYrfCvapX8/xOTV46NAUjBRgUyJqc= github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M= github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo= -github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/robfig/cron v0.0.0-20170526150127-736158dc09e1/go.mod h1:JGuDeoQd7Z6yL4zQhZ3OPEVHB7fL6Ka6skscFHfmt2k= @@ -2040,8 +2026,8 @@ github.com/stackrox/k8s-istio-cve-pusher v0.0.0-20210422200002-d89f671ac4f5 h1:0 github.com/stackrox/k8s-istio-cve-pusher v0.0.0-20210422200002-d89f671ac4f5/go.mod h1:GEtZ9DYAzmOtyqQPCJCEIzXJ7NcrHbMy6ZPJbcyfmLM= github.com/stackrox/nvdtools v0.0.0-20210326191554-5daeb6395b56 h1:D2wYiy+hcKy8qZAg9SxSWfZgbvmEgD9AdV0g0lJqGZ0= github.com/stackrox/nvdtools v0.0.0-20210326191554-5daeb6395b56/go.mod h1:AIeN7k60Q/kcW9aeiMpA0PY8CU3zsrLV0UhIksolMn4= -github.com/stackrox/scanner v0.0.0-20220208020809-a2e8bd8173f7 h1:N0jOU0Mz1zKQfsuYuff1rhcBtWhbDrPip+CLbas3A5o= -github.com/stackrox/scanner v0.0.0-20220208020809-a2e8bd8173f7/go.mod h1:M0xLHh7gY4YHVmtQJdQAdYHvDq3UjQhWDOqZAWGVYCU= +github.com/stackrox/scanner v0.0.0-20220210173404-cc3102a65d21 h1:MO5RMc8x/XqR71PD6SLaHIcD/g2Zi1B+7CVNwXeIpPY= +github.com/stackrox/scanner v0.0.0-20220210173404-cc3102a65d21/go.mod h1:Juogn/73/TuznF3SFDDdhcaX7ASHDNmxQVxMP8XZPk4= github.com/stackrox/tail v1.4.9-0.20210831224919-407035634f5d h1:jeM6QMtwE9BU0rfDYcmkI/aOChOUfIO18LDp/DSnZpI= github.com/stackrox/tail v1.4.9-0.20210831224919-407035634f5d/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/stackrox/yaml/v2 v2.4.1 h1:09ux+QFfvp+Lk73pwGlMTAHeZoS2pqs6CCngYaJ6EQo= @@ -2148,12 +2134,10 @@ github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyC github.com/valyala/fasthttp v1.16.0/go.mod h1:YOKImeEosDdBPnxc0gy7INqi3m1zK6A+xl6TwOBhHCA= github.com/valyala/quicktemplate v1.6.3/go.mod h1:fwPzK2fHuYEODzJ9pkw0ipCPNHZ2tD5KW4lOuSdPKzY= github.com/valyala/tcplisten v0.0.0-20161114210144-ceec8f93295a/go.mod h1:v3UYOV9WzVtRmSR+PDvWpU/qWl4Wa5LApYYX4ZtKbio= -github.com/vbatts/tar-split v0.11.1/go.mod h1:LEuURwDEiWjRjwu46yU3KVGuUdVv/dcnpcEPSzR8z6g= github.com/vbatts/tar-split v0.11.2 h1:Via6XqJr0hceW4wff3QRzD5gAk/tatMw/4ZA7cTlIME= github.com/vbatts/tar-split v0.11.2/go.mod h1:vV3ZuO2yWSVsz+pfFzDG/upWH1JhjOiEaWq6kXyQ3VI= github.com/vbauerster/mpb/v4 v4.12.2 h1:TsBs1nWRYF0m8cUH13pxNhOUqY6yKcOr2PeSYxp2L3I= github.com/vbauerster/mpb/v4 v4.12.2/go.mod h1:LVRGvMch8T4HQO3eg2pFPsACH9kO/O6fT/7vhGje3QE= -github.com/vbauerster/mpb/v6 v6.0.3/go.mod h1:5luBx4rDLWxpA4t6I5sdeeQuZhqDxc+wr5Nqf35+tnM= github.com/vbauerster/mpb/v7 v7.3.2/go.mod h1:wfxIZcOJq/bG1/lAtfzMXcOiSvbqVi/5GX5WCSi+IsA= github.com/vektah/gqlparser v1.1.2/go.mod h1:1ycwN7Ij5njmMkPPAOaRFY4rET2Enx7IkVv3vaXspKw= github.com/viki-org/dnscache v0.0.0-20130720023526-c70c1f23c5d8/go.mod h1:dniwbG03GafCjFohMDmz6Zc6oCuiqgH6tGNyXTkHzXE= @@ -2358,7 +2342,6 @@ golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20200128174031-69ecbb4d6d5d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200214034016-1d94cc7ab1c6/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -2643,7 +2626,6 @@ golang.org/x/sys v0.0.0-20210816183151-1e6c022a8912/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210817190340-bfb29a6856f2/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210903071746-97244b99971b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211001092434-39dca1131b70/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= From e2b661f7e1929cf05a7cef24b7afdf845111d575 Mon Sep 17 00:00:00 2001 From: RTann Date: Thu, 10 Feb 2022 15:00:19 -0800 Subject: [PATCH 071/103] update debug logs --- sensor/common/scannerclient/grpc_client.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sensor/common/scannerclient/grpc_client.go b/sensor/common/scannerclient/grpc_client.go index a265a98ebeaca..927c5ad2f3d38 100644 --- a/sensor/common/scannerclient/grpc_client.go +++ b/sensor/common/scannerclient/grpc_client.go @@ -86,11 +86,11 @@ func (c *client) GetImageAnalysis(ctx context.Context, image *storage.ContainerI }, }) if err != nil { - log.Debugf("Unable to get image components from scanner for image %s in namespace %s: %v", name, namespace, err) + log.Debugf("Unable to get image components from local Scanner for image %s in namespace %s: %v", name, namespace, err) return nil, errors.Wrap(err, "getting image components from scanner") } - log.Debugf("Got image components from scanner for image %s in namespace %s", name, namespace) + log.Debugf("Got image components from local Scanner for image %s in namespace %s", name, namespace) return &imageData{ Metadata: metadata, From cd48d2c2a3b33cbda4d7319ad335420cd9bc174c Mon Sep 17 00:00:00 2001 From: RTann Date: Fri, 11 Feb 2022 09:44:55 -0800 Subject: [PATCH 072/103] fix sensor panic --- sensor/common/scannerclient/grpc_client.go | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/sensor/common/scannerclient/grpc_client.go b/sensor/common/scannerclient/grpc_client.go index 927c5ad2f3d38..35ea0cd9a43d9 100644 --- a/sensor/common/scannerclient/grpc_client.go +++ b/sensor/common/scannerclient/grpc_client.go @@ -101,9 +101,11 @@ func (c *client) GetImageAnalysis(ctx context.Context, image *storage.ContainerI func getRegistry(img *storage.ContainerImage) (registryTypes.Registry, error) { reg := img.GetName().GetRegistry() regs := registry.Singleton().GetAllInNamespace(img.GetNamespace()) - for _, r := range regs.GetAll() { - if r.Name() == reg { - return r, nil + if regs != nil { + for _, r := range regs.GetAll() { + if r.Name() == reg { + return r, nil + } } } From 114a19304e62d6a4924b556ee1631f40b535816c Mon Sep 17 00:00:00 2001 From: RTann Date: Fri, 11 Feb 2022 11:10:25 -0800 Subject: [PATCH 073/103] update doc --- sensor/common/registry/registry_store.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sensor/common/registry/registry_store.go b/sensor/common/registry/registry_store.go index 1fc9496b118a7..da154637d8785 100644 --- a/sensor/common/registry/registry_store.go +++ b/sensor/common/registry/registry_store.go @@ -96,7 +96,7 @@ func (rs *Store) UpsertRegistry(ctx context.Context, namespace, registry string, return nil } -// GetAllInNamespace returns all the registries within a given namespace. +// GetAllInNamespace returns all the registries within a given namespace (nil if there aren't any). func (rs *Store) GetAllInNamespace(namespace string) registries.Set { rs.mutex.RLock() defer rs.mutex.RUnlock() From bd62aec26454789ddf5085c8287571e783a36896 Mon Sep 17 00:00:00 2001 From: RTann Date: Fri, 11 Feb 2022 13:10:05 -0800 Subject: [PATCH 074/103] debugging --- sensor/common/scannerclient/grpc_client.go | 1 + sensor/kubernetes/main.go | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/sensor/common/scannerclient/grpc_client.go b/sensor/common/scannerclient/grpc_client.go index 35ea0cd9a43d9..dde3342311b55 100644 --- a/sensor/common/scannerclient/grpc_client.go +++ b/sensor/common/scannerclient/grpc_client.go @@ -35,6 +35,7 @@ func newGRPCClient(endpoint string) (*client, error) { tlsConfig, err := clientconn.TLSConfig(mtls.ScannerSubject, clientconn.TLSConfigOptions{ UseClientCert: clientconn.MustUseClientCert, + GRPCOnly: true, }) if err != nil { return nil, errors.Wrap(err, "failed to initialize Scanner TLS config") diff --git a/sensor/kubernetes/main.go b/sensor/kubernetes/main.go index e27ddfe77abee..12acf42b17c1d 100644 --- a/sensor/kubernetes/main.go +++ b/sensor/kubernetes/main.go @@ -1,19 +1,25 @@ package main import ( + "context" "os" "os/signal" + "github.com/stackrox/rox/pkg/clientconn" "github.com/stackrox/rox/pkg/devmode" "github.com/stackrox/rox/pkg/logging" "github.com/stackrox/rox/pkg/metrics" + "github.com/stackrox/rox/pkg/mtls" "github.com/stackrox/rox/pkg/premain" "github.com/stackrox/rox/pkg/utils" "github.com/stackrox/rox/pkg/version" "github.com/stackrox/rox/sensor/kubernetes/client" "github.com/stackrox/rox/sensor/kubernetes/fake" "github.com/stackrox/rox/sensor/kubernetes/sensor" + scannerV1 "github.com/stackrox/scanner/generated/scanner/api/v1" "golang.org/x/sys/unix" + "google.golang.org/grpc" + "google.golang.org/grpc/credentials" ) var ( @@ -46,6 +52,21 @@ func main() { s, err := sensor.CreateSensor(sharedClientInterface, workloadManager) utils.CrashOnError(err) + tlsConfig, err := clientconn.TLSConfig(mtls.ScannerSubject, clientconn.TLSConfigOptions{ + UseClientCert: clientconn.MustUseClientCert, + GRPCOnly: true, + }) + if err != nil { + log.Error("Creating Scanner TLS Config") + } + conn, err := grpc.Dial("scanner.stackrox.svc:8443", grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig))) + if err != nil { + log.Errorf("Dialing scanner: %v", err) + } + ping := scannerV1.NewPingServiceClient(conn) + resp, err := ping.Ping(context.Background(), new(scannerV1.Empty)) + log.Errorf("Resp from Scanner: %v, Error: %v", resp, err) + s.Start() for { From 6bea7f47cd719c479e40f85fce0d155aad2cb050 Mon Sep 17 00:00:00 2001 From: RTann Date: Fri, 11 Feb 2022 13:19:37 -0800 Subject: [PATCH 075/103] updates --- Makefile | 3 ++- scripts/k8s/{kill-central.sh => kill-pod.sh} | 4 +++- 2 files changed, 5 insertions(+), 2 deletions(-) rename scripts/k8s/{kill-central.sh => kill-pod.sh} (54%) diff --git a/Makefile b/Makefile index 5dfbf1ff17348..b8fd27338cdf0 100644 --- a/Makefile +++ b/Makefile @@ -206,7 +206,7 @@ fast-central-build: fast-central: deps @echo "+ $@" docker run --rm $(GOPATH_WD_OVERRIDES) $(LOCAL_VOLUME_ARGS) $(BUILD_IMAGE) make fast-central-build - @$(BASE_DIR)/scripts/k8s/kill-central.sh + @$(BASE_DIR)/scripts/k8s/kill-pod.sh central # fast is a dev mode options when using local dev # it will automatically restart Central if there are any changes @@ -218,6 +218,7 @@ fast-sensor: sensor-build-dockerized .PHONY: fast-sensor-kubernetes fast-sensor-kubernetes: sensor-kubernetes-build-dockerized + @$(BASE_DIR)/scripts/k8s/kill-pod.sh sensor .PHONY: fast-migrator fast-migrator: diff --git a/scripts/k8s/kill-central.sh b/scripts/k8s/kill-pod.sh similarity index 54% rename from scripts/k8s/kill-central.sh rename to scripts/k8s/kill-pod.sh index 4f8407a36dc77..36d3e8eab9f3f 100755 --- a/scripts/k8s/kill-central.sh +++ b/scripts/k8s/kill-pod.sh @@ -1,3 +1,5 @@ #! /bin/bash -kubectl -n stackrox delete po $(kubectl -n stackrox get po --selector app=central -o jsonpath='{.items[].metadata.name}') --grace-period=0 +NAME=$1 + +kubectl -n stackrox delete po $(kubectl -n stackrox get po --selector app="$NAME" -o jsonpath='{.items[].metadata.name}') --grace-period=0 From 64bc9930e1e9fa6529149addee78ce395e3027a8 Mon Sep 17 00:00:00 2001 From: RTann Date: Mon, 14 Feb 2022 13:55:38 -0800 Subject: [PATCH 076/103] PR updates --- central/image/service/service_impl.go | 2 +- sensor/common/scannerclient/scan.go | 2 +- sensor/kubernetes/main.go | 21 --------------------- 3 files changed, 2 insertions(+), 23 deletions(-) diff --git a/central/image/service/service_impl.go b/central/image/service/service_impl.go index 74d06c2d56f35..cd9fb713329e4 100644 --- a/central/image/service/service_impl.go +++ b/central/image/service/service_impl.go @@ -258,7 +258,7 @@ func (s *serviceImpl) ScanImage(ctx context.Context, request *v1.ScanImageReques // GetImageVulnerabilitiesInternal retrieves the vulnerabilities related to the image // specified by the given components and scan notes. // This is meant to be called by Sensor. -// TODO(ross): Implement me. +// TODO(ROX-9281): Implement me. func (s *serviceImpl) GetImageVulnerabilitiesInternal(ctx context.Context, request *v1.GetImageVulnerabilitiesInternalRequest) (*v1.ScanImageInternalResponse, error) { return nil, nil } diff --git a/sensor/common/scannerclient/scan.go b/sensor/common/scannerclient/scan.go index 9e79c5e863f1f..f8457aa658a97 100644 --- a/sensor/common/scannerclient/scan.go +++ b/sensor/common/scannerclient/scan.go @@ -18,7 +18,7 @@ var ( ) // ScanImage runs the pipeline required to scan an image with a local Scanner. -// TODO: add retries for rate-limiting. +// TODO(ROX-9281): add retries for rate-limiting. func ScanImage(ctx context.Context, centralClient v1.ImageServiceClient, image *storage.ContainerImage) (*storage.Image, error) { scannerClient := GRPCClientSingleton() if scannerClient == nil { diff --git a/sensor/kubernetes/main.go b/sensor/kubernetes/main.go index 12acf42b17c1d..e27ddfe77abee 100644 --- a/sensor/kubernetes/main.go +++ b/sensor/kubernetes/main.go @@ -1,25 +1,19 @@ package main import ( - "context" "os" "os/signal" - "github.com/stackrox/rox/pkg/clientconn" "github.com/stackrox/rox/pkg/devmode" "github.com/stackrox/rox/pkg/logging" "github.com/stackrox/rox/pkg/metrics" - "github.com/stackrox/rox/pkg/mtls" "github.com/stackrox/rox/pkg/premain" "github.com/stackrox/rox/pkg/utils" "github.com/stackrox/rox/pkg/version" "github.com/stackrox/rox/sensor/kubernetes/client" "github.com/stackrox/rox/sensor/kubernetes/fake" "github.com/stackrox/rox/sensor/kubernetes/sensor" - scannerV1 "github.com/stackrox/scanner/generated/scanner/api/v1" "golang.org/x/sys/unix" - "google.golang.org/grpc" - "google.golang.org/grpc/credentials" ) var ( @@ -52,21 +46,6 @@ func main() { s, err := sensor.CreateSensor(sharedClientInterface, workloadManager) utils.CrashOnError(err) - tlsConfig, err := clientconn.TLSConfig(mtls.ScannerSubject, clientconn.TLSConfigOptions{ - UseClientCert: clientconn.MustUseClientCert, - GRPCOnly: true, - }) - if err != nil { - log.Error("Creating Scanner TLS Config") - } - conn, err := grpc.Dial("scanner.stackrox.svc:8443", grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig))) - if err != nil { - log.Errorf("Dialing scanner: %v", err) - } - ping := scannerV1.NewPingServiceClient(conn) - resp, err := ping.Ping(context.Background(), new(scannerV1.Empty)) - log.Errorf("Resp from Scanner: %v, Error: %v", resp, err) - s.Start() for { From 19b50a88ea68e60fb7584a7ce0ebd3506c6a2736 Mon Sep 17 00:00:00 2001 From: RTann Date: Mon, 14 Feb 2022 14:40:29 -0800 Subject: [PATCH 077/103] bump scanner version --- SCANNER_VERSION | 2 +- go.mod | 2 +- go.sum | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/SCANNER_VERSION b/SCANNER_VERSION index d580ede4bed80..a300ac0bf0195 100644 --- a/SCANNER_VERSION +++ b/SCANNER_VERSION @@ -1 +1 @@ -2.22.0-15-gcc3102a65d +2.22.0-17-g13c0e1db02 diff --git a/go.mod b/go.mod index 176b999e4d65e..9eb66dad4ff8a 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.16 // CAVEAT: This introduces a circular dependency. If you change this line, you MUST change the "exclude" // directive at the bottom of the file as well. -require github.com/stackrox/scanner v0.0.0-20220210173404-cc3102a65d21 +require github.com/stackrox/scanner v0.0.0-20220214215744-13c0e1db0298 require ( cloud.google.com/go/compute v0.1.0 diff --git a/go.sum b/go.sum index 1f9a977c9ce4a..f1559b9a06498 100644 --- a/go.sum +++ b/go.sum @@ -2027,8 +2027,8 @@ github.com/stackrox/k8s-istio-cve-pusher v0.0.0-20210422200002-d89f671ac4f5 h1:0 github.com/stackrox/k8s-istio-cve-pusher v0.0.0-20210422200002-d89f671ac4f5/go.mod h1:GEtZ9DYAzmOtyqQPCJCEIzXJ7NcrHbMy6ZPJbcyfmLM= github.com/stackrox/nvdtools v0.0.0-20210326191554-5daeb6395b56 h1:D2wYiy+hcKy8qZAg9SxSWfZgbvmEgD9AdV0g0lJqGZ0= github.com/stackrox/nvdtools v0.0.0-20210326191554-5daeb6395b56/go.mod h1:AIeN7k60Q/kcW9aeiMpA0PY8CU3zsrLV0UhIksolMn4= -github.com/stackrox/scanner v0.0.0-20220210173404-cc3102a65d21 h1:MO5RMc8x/XqR71PD6SLaHIcD/g2Zi1B+7CVNwXeIpPY= -github.com/stackrox/scanner v0.0.0-20220210173404-cc3102a65d21/go.mod h1:Juogn/73/TuznF3SFDDdhcaX7ASHDNmxQVxMP8XZPk4= +github.com/stackrox/scanner v0.0.0-20220214215744-13c0e1db0298 h1:yE3ZX70ooJqHrKY59Ck8EFADw9Jmv3of0r+tb/Sc9Bk= +github.com/stackrox/scanner v0.0.0-20220214215744-13c0e1db0298/go.mod h1:Juogn/73/TuznF3SFDDdhcaX7ASHDNmxQVxMP8XZPk4= github.com/stackrox/tail v1.4.9-0.20210831224919-407035634f5d h1:jeM6QMtwE9BU0rfDYcmkI/aOChOUfIO18LDp/DSnZpI= github.com/stackrox/tail v1.4.9-0.20210831224919-407035634f5d/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/stackrox/yaml/v2 v2.4.1 h1:09ux+QFfvp+Lk73pwGlMTAHeZoS2pqs6CCngYaJ6EQo= From be76219824d6f9a150e800ea0ca8199df79571ce Mon Sep 17 00:00:00 2001 From: RTann Date: Mon, 14 Feb 2022 15:33:27 -0800 Subject: [PATCH 078/103] update scanner endpoint --- pkg/env/sensor.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkg/env/sensor.go b/pkg/env/sensor.go index c73f97590de16..00548a20db9cb 100644 --- a/pkg/env/sensor.go +++ b/pkg/env/sensor.go @@ -14,5 +14,7 @@ var ( // ScannerEndpoint is used to communicate the scanner endpoint to other services in the same cluster. // This is typically used for Sensor to communicate with a local Scanner-slim's gRPC server. - ScannerEndpoint = RegisterSetting("ROX_SCANNER_GRPC_ENDPOINT", WithDefault("scanner.stackrox.svc:8443")) + // There is no default, as Scanner-slim is not deployed in all environments. + // This should only be set if there is a Scanner-slim deployed to the same cluster as Sensor. + ScannerEndpoint = RegisterSetting("ROX_SCANNER_GRPC_ENDPOINT") ) From 77e685b6b3098dcbb7fd141f4725f6763ba08096 Mon Sep 17 00:00:00 2001 From: RTann Date: Tue, 15 Feb 2022 11:01:19 -0800 Subject: [PATCH 079/103] minor updates and minimize chance of panic --- sensor/common/registry/registry_store.go | 8 +++++--- sensor/common/scannerclient/grpc_client.go | 7 +++---- .../kubernetes/listener/resources/secrets_test.go | 14 ++++++++++---- 3 files changed, 18 insertions(+), 11 deletions(-) diff --git a/sensor/common/registry/registry_store.go b/sensor/common/registry/registry_store.go index da154637d8785..0244cc974a820 100644 --- a/sensor/common/registry/registry_store.go +++ b/sensor/common/registry/registry_store.go @@ -96,10 +96,12 @@ func (rs *Store) UpsertRegistry(ctx context.Context, namespace, registry string, return nil } -// GetAllInNamespace returns all the registries within a given namespace (nil if there aren't any). -func (rs *Store) GetAllInNamespace(namespace string) registries.Set { +// GetAllInNamespace returns all the registries within a given namespace. +// The second return indicates if any registry within the given namespace exists. +func (rs *Store) GetAllInNamespace(namespace string) (regs registries.Set, exists bool) { rs.mutex.RLock() defer rs.mutex.RUnlock() - return rs.store[namespace] + regs, exists = rs.store[namespace] + return regs, exists } diff --git a/sensor/common/scannerclient/grpc_client.go b/sensor/common/scannerclient/grpc_client.go index dde3342311b55..4c2c25533e0e6 100644 --- a/sensor/common/scannerclient/grpc_client.go +++ b/sensor/common/scannerclient/grpc_client.go @@ -35,7 +35,6 @@ func newGRPCClient(endpoint string) (*client, error) { tlsConfig, err := clientconn.TLSConfig(mtls.ScannerSubject, clientconn.TLSConfigOptions{ UseClientCert: clientconn.MustUseClientCert, - GRPCOnly: true, }) if err != nil { return nil, errors.Wrap(err, "failed to initialize Scanner TLS config") @@ -46,7 +45,7 @@ func newGRPCClient(endpoint string) (*client, error) { return nil, errors.Wrap(err, "failed to connect to Scanner") } - log.Infof("Connected to Scanner at %s", endpoint) + log.Infof("Connecting to Scanner at %s", endpoint) return &client{ client: scannerV1.NewImageScanServiceClient(conn), @@ -101,8 +100,8 @@ func (c *client) GetImageAnalysis(ctx context.Context, image *storage.ContainerI func getRegistry(img *storage.ContainerImage) (registryTypes.Registry, error) { reg := img.GetName().GetRegistry() - regs := registry.Singleton().GetAllInNamespace(img.GetNamespace()) - if regs != nil { + regs, exists := registry.Singleton().GetAllInNamespace(img.GetNamespace()) + if exists { for _, r := range regs.GetAll() { if r.Name() == reg { return r, nil diff --git a/sensor/kubernetes/listener/resources/secrets_test.go b/sensor/kubernetes/listener/resources/secrets_test.go index 6e841ecf8b6ee..92a5b59aefa87 100644 --- a/sensor/kubernetes/listener/resources/secrets_test.go +++ b/sensor/kubernetes/listener/resources/secrets_test.go @@ -82,10 +82,13 @@ func testOpenShiftRegistrySecret311(t *testing.T) { _ = d.ProcessEvent(openshift311DockerConfigSecret, nil, central.ResourceAction_CREATE_RESOURCE) - assert.Nil(t, regStore.GetAllInNamespace("random-ns")) + regs, exists := regStore.GetAllInNamespace("random-ns") + assert.Nil(t, regs) + assert.False(t, exists) - regs := regStore.GetAllInNamespace(openshift311DockerConfigSecret.GetNamespace()) + regs, exists = regStore.GetAllInNamespace(openshift311DockerConfigSecret.GetNamespace()) assert.NotNil(t, regs) + assert.True(t, exists) assert.Len(t, regs.GetAll(), 1) expectedRegConfig := &types.Config{ @@ -112,10 +115,13 @@ func testOpenShiftRegistrySecret4x(t *testing.T) { _ = d.ProcessEvent(openshift4xDockerConfigSecret, nil, central.ResourceAction_CREATE_RESOURCE) - assert.Nil(t, regStore.GetAllInNamespace("random-ns")) + regs, exists := regStore.GetAllInNamespace("random-ns") + assert.Nil(t, regs) + assert.False(t, exists) - regs := regStore.GetAllInNamespace(openshift4xDockerConfigSecret.GetNamespace()) + regs, exists = regStore.GetAllInNamespace(openshift4xDockerConfigSecret.GetNamespace()) assert.NotNil(t, regs) + assert.True(t, exists) assert.Len(t, regs.GetAll(), 1) expectedRegConfig := &types.Config{ From 4248573838112f1580e3a78ee30641e81fb941fc Mon Sep 17 00:00:00 2001 From: RTann Date: Tue, 15 Feb 2022 15:31:51 -0800 Subject: [PATCH 080/103] for now --- .../datastore/datastore_impl.go | 4 +- generated/api/v1/alert_service.swagger.json | 3 - .../api/v1/compliance_service.swagger.json | 3 - .../api/v1/deployment_service.swagger.json | 3 - .../api/v1/detection_service.swagger.json | 3 - .../v1/image_integration_service.swagger.json | 7 - generated/api/v1/image_service.swagger.json | 3 - generated/storage/deployment.pb.go | 473 ++++++++---------- generated/storage/image_integration.pb.go | 206 +++----- pkg/images/enricher/enricher_impl.go | 3 - pkg/images/utils/utils.go | 7 + pkg/registries/docker/docker.go | 5 - pkg/registries/types/types.go | 1 - proto/storage/deployment.proto | 2 - proto/storage/image_integration.proto | 7 +- sensor/admission-control/manager/images.go | 4 - sensor/common/detector/enricher.go | 5 +- sensor/common/registry/registry_store.go | 27 +- sensor/common/scannerclient/grpc_client.go | 20 +- sensor/common/scannerclient/scan.go | 9 +- .../listener/resources/secrets_test.go | 57 ++- sensor/kubernetes/main.go | 24 + 22 files changed, 392 insertions(+), 484 deletions(-) diff --git a/central/imageintegration/datastore/datastore_impl.go b/central/imageintegration/datastore/datastore_impl.go index a2d888ef9f9b7..84a974fe6b765 100644 --- a/central/imageintegration/datastore/datastore_impl.go +++ b/central/imageintegration/datastore/datastore_impl.go @@ -8,7 +8,6 @@ import ( v1 "github.com/stackrox/rox/generated/api/v1" "github.com/stackrox/rox/generated/storage" "github.com/stackrox/rox/pkg/sac" - "github.com/stackrox/rox/pkg/set" ) var ( @@ -45,8 +44,7 @@ func (ds *datastoreImpl) GetImageIntegrations(ctx context.Context, request *v1.G integrationSlice := integrations[:0] for _, integration := range integrations { - clusterSet := set.NewStringSet(integration.GetClusters()...) - if len(request.GetCluster()) != 0 && !clusterSet.Contains(request.GetCluster()) { + if len(request.GetCluster()) != 0 { continue } if request.GetName() != "" && request.GetName() != integration.GetName() { diff --git a/generated/api/v1/alert_service.swagger.json b/generated/api/v1/alert_service.swagger.json index ee9bc14d57a30..168e7bcf6fce0 100644 --- a/generated/api/v1/alert_service.swagger.json +++ b/generated/api/v1/alert_service.swagger.json @@ -1012,9 +1012,6 @@ }, "notPullable": { "type": "boolean" - }, - "namespace": { - "type": "string" } } }, diff --git a/generated/api/v1/compliance_service.swagger.json b/generated/api/v1/compliance_service.swagger.json index 50d9cce75e57a..4229f8063b56e 100644 --- a/generated/api/v1/compliance_service.swagger.json +++ b/generated/api/v1/compliance_service.swagger.json @@ -1424,9 +1424,6 @@ }, "notPullable": { "type": "boolean" - }, - "namespace": { - "type": "string" } } }, diff --git a/generated/api/v1/deployment_service.swagger.json b/generated/api/v1/deployment_service.swagger.json index 3d4c589022f44..4e50f89374be6 100644 --- a/generated/api/v1/deployment_service.swagger.json +++ b/generated/api/v1/deployment_service.swagger.json @@ -579,9 +579,6 @@ }, "notPullable": { "type": "boolean" - }, - "namespace": { - "type": "string" } } }, diff --git a/generated/api/v1/detection_service.swagger.json b/generated/api/v1/detection_service.swagger.json index 656f20eadd001..5b49bc06ba643 100644 --- a/generated/api/v1/detection_service.swagger.json +++ b/generated/api/v1/detection_service.swagger.json @@ -713,9 +713,6 @@ }, "notPullable": { "type": "boolean" - }, - "namespace": { - "type": "string" } } }, diff --git a/generated/api/v1/image_integration_service.swagger.json b/generated/api/v1/image_integration_service.swagger.json index 169c4ad18f979..a6d78209f8ebd 100644 --- a/generated/api/v1/image_integration_service.swagger.json +++ b/generated/api/v1/image_integration_service.swagger.json @@ -472,13 +472,6 @@ "type": { "type": "string" }, - "clusters": { - "type": "array", - "items": { - "type": "string" - }, - "description": "If a list of clusters is provided, the integration will only be accessed from the specified clusters' sensors.\nPlease use cluster_id instead." - }, "categories": { "type": "array", "items": { diff --git a/generated/api/v1/image_service.swagger.json b/generated/api/v1/image_service.swagger.json index c31ff7202a284..bf0cde2957654 100644 --- a/generated/api/v1/image_service.swagger.json +++ b/generated/api/v1/image_service.swagger.json @@ -837,9 +837,6 @@ }, "notPullable": { "type": "boolean" - }, - "namespace": { - "type": "string" } } }, diff --git a/generated/storage/deployment.pb.go b/generated/storage/deployment.pb.go index e25a954c2e0ce..d72096a50f9ea 100644 --- a/generated/storage/deployment.pb.go +++ b/generated/storage/deployment.pb.go @@ -512,7 +512,6 @@ type ContainerImage struct { Id string `protobuf:"bytes,4,opt,name=id,proto3" json:"id,omitempty" search:"Image Sha,store,hidden"` Name *ImageName `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` NotPullable bool `protobuf:"varint,10,opt,name=not_pullable,json=notPullable,proto3" json:"not_pullable,omitempty"` - Namespace string `protobuf:"bytes,11,opt,name=namespace,proto3" json:"namespace,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_sizecache int32 `json:"-"` } @@ -571,13 +570,6 @@ func (m *ContainerImage) GetNotPullable() bool { return false } -func (m *ContainerImage) GetNamespace() string { - if m != nil { - return m.Namespace - } - return "" -} - func (m *ContainerImage) MessageClone() proto.Message { return m.Clone() } @@ -2395,217 +2387,217 @@ func init() { func init() { proto.RegisterFile("storage/deployment.proto", fileDescriptor_c3884ae4621696a3) } var fileDescriptor_c3884ae4621696a3 = []byte{ - // 3357 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x5a, 0x4b, 0x73, 0xdb, 0x58, - 0x76, 0x36, 0x45, 0x4a, 0x24, 0x0f, 0x29, 0x3e, 0xae, 0x6c, 0x37, 0x4c, 0xcb, 0x06, 0x8c, 0x6e, - 0x77, 0x6b, 0x3c, 0x6e, 0xd9, 0x2d, 0xbb, 0x32, 0x1d, 0x95, 0xdd, 0x13, 0x89, 0xa2, 0xa6, 0x69, - 0x4b, 0x14, 0x1b, 0xa2, 0x7a, 0x92, 0xce, 0x02, 0x05, 0x01, 0xd7, 0x14, 0x62, 0x10, 0x17, 0x01, - 0x40, 0xc5, 0x5a, 0x66, 0x99, 0x45, 0x36, 0x59, 0xa4, 0x66, 0x9b, 0x55, 0xfe, 0x40, 0x2a, 0xbf, - 0x21, 0x55, 0xd9, 0x4c, 0x55, 0x2a, 0x5b, 0x26, 0xd5, 0xa9, 0xac, 0x92, 0x4d, 0xf8, 0x0b, 0x52, - 0xf7, 0x85, 0x07, 0x29, 0xa5, 0xdd, 0x59, 0x89, 0x38, 0xe7, 0x3b, 0x1f, 0xee, 0xe3, 0xdc, 0xf3, - 0xb8, 0x10, 0x28, 0x51, 0x4c, 0x42, 0x6b, 0x8c, 0x9f, 0x39, 0x38, 0xf0, 0xc8, 0xd5, 0x04, 0xfb, - 0xf1, 0x76, 0x10, 0x92, 0x98, 0xa0, 0xb2, 0xd0, 0x74, 0xd4, 0x31, 0x21, 0x63, 0x0f, 0x3f, 0x63, - 0xe2, 0xf3, 0xe9, 0xbb, 0x67, 0xb1, 0x3b, 0xc1, 0x51, 0x6c, 0x4d, 0x02, 0x8e, 0xec, 0xa8, 0x92, - 0xc3, 0x26, 0x7e, 0x6c, 0xb9, 0x3e, 0x0e, 0xcd, 0x70, 0xea, 0x53, 0x94, 0x00, 0xdc, 0x96, 0x00, - 0xcf, 0x3a, 0xc7, 0x5e, 0x24, 0xa4, 0x1b, 0x52, 0xea, 0x4e, 0xac, 0xf1, 0x12, 0x94, 0x12, 0xc5, - 0x12, 0x8a, 0xa4, 0x34, 0x3c, 0xb7, 0x6c, 0x89, 0x1c, 0x93, 0x31, 0x61, 0x3f, 0x9f, 0xd1, 0x5f, - 0x5c, 0xaa, 0xff, 0x27, 0x02, 0x38, 0x48, 0xa6, 0x82, 0x7e, 0x05, 0x2b, 0xae, 0xa3, 0x14, 0xb4, - 0xc2, 0x56, 0x75, 0xff, 0x8b, 0xf9, 0x4c, 0xfd, 0x34, 0xc2, 0x56, 0x68, 0x5f, 0xec, 0xea, 0x29, - 0x46, 0xeb, 0x1f, 0x3c, 0xa5, 0xf4, 0xf8, 0xe9, 0x85, 0xeb, 0x38, 0xd8, 0xd7, 0x8d, 0x15, 0xd7, - 0x41, 0x5f, 0x41, 0xc9, 0xb7, 0x26, 0x58, 0x59, 0x61, 0xa6, 0x0f, 0xe6, 0x33, 0xf5, 0xde, 0xb2, - 0x29, 0xb7, 0xd3, 0x0d, 0x06, 0x45, 0x8f, 0xa1, 0x74, 0x61, 0x45, 0x17, 0x4a, 0x47, 0x2b, 0x6c, - 0x95, 0xf6, 0xdb, 0xf3, 0x99, 0xba, 0x4e, 0x9f, 0x77, 0x75, 0x77, 0xec, 0x73, 0x18, 0x7d, 0x44, - 0xcf, 0xa1, 0x14, 0x5f, 0x05, 0x58, 0x29, 0x31, 0xe6, 0xcd, 0xf9, 0x4c, 0x55, 0xae, 0x19, 0xd4, - 0xe8, 0x2a, 0xa0, 0x16, 0x14, 0x89, 0x76, 0xa1, 0x4a, 0x5f, 0x10, 0x05, 0x96, 0x8d, 0x95, 0xd5, - 0x65, 0xb3, 0x81, 0x54, 0xca, 0xf1, 0xa4, 0x70, 0xf4, 0x0a, 0xea, 0xc9, 0x83, 0xe9, 0x3a, 0xca, - 0x27, 0xcc, 0xfc, 0xde, 0x7c, 0xa6, 0xde, 0x59, 0x32, 0xd7, 0xfa, 0x07, 0xba, 0x51, 0x4b, 0xe0, - 0x7d, 0x07, 0xfd, 0x00, 0x77, 0x49, 0x68, 0x5f, 0xe0, 0x28, 0x0e, 0xad, 0x98, 0x84, 0xa6, 0x4d, - 0x26, 0x01, 0xf1, 0xb1, 0x1f, 0x2b, 0x8f, 0xb4, 0xc2, 0x56, 0x65, 0xff, 0xd3, 0xf9, 0x4c, 0x55, - 0x25, 0xcf, 0x49, 0x06, 0xa9, 0x75, 0x25, 0x52, 0x37, 0xee, 0x64, 0x29, 0x12, 0x39, 0xfa, 0x0a, - 0x2a, 0x21, 0x0e, 0x3c, 0xd7, 0xb6, 0x22, 0x65, 0x4d, 0x2b, 0x6c, 0x15, 0xf7, 0xef, 0xcc, 0x67, - 0x6a, 0x3b, 0x20, 0x9e, 0x6b, 0x5f, 0xed, 0xea, 0x86, 0xd0, 0xe9, 0x46, 0x02, 0x43, 0xdf, 0xc1, - 0x1a, 0xf7, 0x20, 0xa5, 0xac, 0x15, 0xb7, 0x6a, 0x3b, 0xea, 0xb6, 0xf0, 0x8b, 0xed, 0x74, 0xe5, - 0xb6, 0x8f, 0x18, 0xa2, 0xe7, 0xc7, 0xe1, 0xd5, 0xbe, 0x32, 0x9f, 0xa9, 0xb7, 0xe5, 0xf8, 0x98, - 0x42, 0x2e, 0x91, 0x20, 0x42, 0x26, 0x40, 0x40, 0x1c, 0x53, 0xd0, 0x6e, 0x30, 0x5a, 0xfd, 0x3a, - 0xda, 0x21, 0x71, 0xb2, 0xcc, 0xb9, 0x0d, 0x18, 0x12, 0x47, 0xcb, 0xb1, 0x57, 0x03, 0x89, 0x46, - 0xaf, 0xa1, 0xc1, 0xc8, 0xcd, 0x08, 0x7b, 0xd8, 0x8e, 0x49, 0xa8, 0xdc, 0xd6, 0x0a, 0x5b, 0xb5, - 0x9d, 0xbb, 0xc9, 0x4b, 0x18, 0xf0, 0x54, 0x68, 0x8d, 0x75, 0x2f, 0xfb, 0x88, 0x30, 0x94, 0xed, - 0x10, 0x5b, 0x31, 0x76, 0x94, 0x0a, 0xb3, 0xeb, 0x6c, 0xf3, 0xe3, 0xb8, 0x2d, 0x8f, 0xe3, 0xf6, - 0x48, 0x1e, 0xc7, 0xfd, 0x67, 0xf3, 0x99, 0xfa, 0x4b, 0x39, 0xa8, 0x2e, 0x37, 0xcb, 0xfb, 0xb6, - 0x96, 0xf7, 0x48, 0xc9, 0x8d, 0xba, 0x00, 0xb6, 0x37, 0x8d, 0x62, 0x1c, 0x52, 0x27, 0xa9, 0x32, - 0x27, 0xf9, 0x6c, 0x3e, 0x53, 0xb5, 0x84, 0x8d, 0x6b, 0x97, 0x0f, 0x4b, 0x55, 0xd8, 0xf5, 0x1d, - 0xf4, 0x1a, 0xea, 0x92, 0x84, 0x9d, 0x1d, 0x60, 0x34, 0x9d, 0xf9, 0x4c, 0xbd, 0xbb, 0x40, 0x23, - 0xd7, 0xa9, 0x26, 0xf0, 0xd4, 0x05, 0xd1, 0x0e, 0x40, 0x12, 0x40, 0x22, 0xa5, 0xc6, 0xb6, 0x02, - 0x25, 0xab, 0xd4, 0x95, 0x2a, 0x23, 0x83, 0x42, 0x26, 0xd4, 0x2c, 0xdf, 0x27, 0xb1, 0x15, 0xbb, - 0xc4, 0x8f, 0x94, 0x06, 0x33, 0xfa, 0xec, 0xba, 0xfd, 0xdb, 0x4b, 0x61, 0x7c, 0x07, 0x3f, 0x99, - 0xcf, 0xd4, 0x0d, 0x39, 0xae, 0x54, 0xab, 0x1b, 0x59, 0x46, 0x74, 0x08, 0x95, 0x20, 0x74, 0x49, - 0xe8, 0xc6, 0x57, 0x4a, 0x93, 0x79, 0xe9, 0x93, 0xf9, 0x4c, 0xfd, 0x3c, 0xd9, 0x79, 0xa1, 0xbb, - 0x61, 0x7d, 0x13, 0x5b, 0xd4, 0x81, 0x8a, 0xeb, 0x5b, 0x76, 0xec, 0x5e, 0x62, 0xa5, 0x45, 0xcf, - 0x8e, 0x91, 0x3c, 0xa3, 0x23, 0x40, 0x2c, 0x04, 0x9a, 0xc1, 0xd4, 0xa3, 0x7e, 0x62, 0x87, 0x38, - 0x8e, 0x94, 0xb6, 0x56, 0xdc, 0xaa, 0xee, 0x3f, 0x9c, 0xcf, 0xd4, 0x8e, 0x7c, 0x5b, 0x9f, 0xa2, - 0xb4, 0xe1, 0xd4, 0xf3, 0xb4, 0x53, 0x86, 0xd2, 0x8d, 0x16, 0xb3, 0xa4, 0x22, 0x2e, 0x89, 0x50, - 0x0f, 0x9a, 0x11, 0x0e, 0x2f, 0x5d, 0x1b, 0x9b, 0x96, 0x6d, 0x93, 0xa9, 0x1f, 0x2b, 0x68, 0x39, - 0x66, 0x9c, 0x72, 0x88, 0xb6, 0xc7, 0x21, 0xba, 0xd1, 0x10, 0x46, 0x42, 0x80, 0xfe, 0xb6, 0x00, - 0xda, 0x02, 0x8f, 0x19, 0xe0, 0x70, 0xe2, 0x46, 0x91, 0x4b, 0x7c, 0xd3, 0xc3, 0x97, 0xd8, 0x53, - 0x36, 0xb5, 0xc2, 0x56, 0x63, 0x47, 0x49, 0xd6, 0x7b, 0x98, 0x00, 0x8e, 0xa8, 0x7e, 0xff, 0xc5, - 0x7c, 0xa6, 0x3e, 0xbb, 0xe1, 0x95, 0x5a, 0x0a, 0xd6, 0x18, 0x5a, 0x3a, 0xc5, 0x83, 0xfc, 0x48, - 0x16, 0x38, 0x51, 0x04, 0xaa, 0x35, 0x8d, 0xc9, 0x84, 0x8d, 0x68, 0x71, 0x84, 0x31, 0x79, 0x8f, - 0x7d, 0xe5, 0x1e, 0x0b, 0x4e, 0x4f, 0xe7, 0x33, 0x75, 0x4b, 0x86, 0x93, 0x3d, 0x69, 0xa2, 0x2d, - 0x0e, 0x63, 0x44, 0x4d, 0x74, 0x63, 0x33, 0x21, 0x3d, 0xcd, 0xbd, 0x9e, 0xa9, 0x69, 0x18, 0xbd, - 0x20, 0x51, 0x6c, 0xfa, 0x38, 0xfe, 0x0b, 0x12, 0xbe, 0x57, 0xee, 0xb0, 0x37, 0xb0, 0x30, 0x2a, - 0xdf, 0xf0, 0x2d, 0x89, 0x62, 0x6d, 0xc0, 0xf5, 0xba, 0x51, 0xa3, 0x70, 0xf1, 0x84, 0x9e, 0x43, - 0x85, 0x59, 0x07, 0xae, 0xa3, 0xa8, 0xcc, 0x32, 0x17, 0xea, 0x98, 0xe5, 0x90, 0x06, 0xdf, 0x32, - 0x85, 0x0d, 0x5d, 0x27, 0xb1, 0x70, 0x03, 0x5b, 0xd1, 0x6e, 0xb0, 0xe8, 0x0f, 0xbb, 0xc2, 0xa2, - 0x1f, 0xd8, 0xe8, 0xd7, 0xb0, 0x2e, 0x92, 0xae, 0x69, 0x7b, 0x56, 0x14, 0x29, 0x7a, 0x7a, 0xfa, - 0x92, 0x98, 0xca, 0x01, 0x5a, 0x97, 0x02, 0x74, 0xa3, 0x2e, 0x0c, 0xd8, 0x23, 0xea, 0x41, 0x2d, - 0x26, 0x1e, 0x0e, 0xc5, 0x51, 0xba, 0xcb, 0x8e, 0xd2, 0x46, 0xb2, 0xb5, 0xa3, 0x44, 0xb7, 0xdf, - 0x98, 0xcf, 0x54, 0x90, 0xbb, 0xfa, 0xa5, 0x6e, 0x64, 0xed, 0xd0, 0x6b, 0x58, 0x0d, 0x48, 0x18, - 0x47, 0x8a, 0xb2, 0x40, 0x30, 0x24, 0x61, 0xdc, 0x25, 0xfe, 0x3b, 0x77, 0xbc, 0x8f, 0xe6, 0x33, - 0xb5, 0x21, 0x07, 0x45, 0xe5, 0x91, 0x6e, 0x70, 0x2b, 0x34, 0x80, 0x66, 0x14, 0x5b, 0x31, 0x36, - 0x93, 0x22, 0x43, 0xb9, 0xcf, 0x8e, 0xdd, 0xe3, 0xf9, 0x4c, 0x7d, 0x94, 0x3b, 0x5d, 0x5a, 0x84, - 0xfd, 0x88, 0x84, 0xf9, 0x13, 0xd7, 0x60, 0xd6, 0x49, 0x48, 0x44, 0x03, 0x80, 0xd0, 0x8d, 0xde, - 0x9b, 0x91, 0x4d, 0x42, 0xac, 0x3c, 0xd0, 0x0a, 0x5b, 0x2b, 0xf9, 0x30, 0x69, 0xb8, 0xd1, 0x7b, - 0xed, 0xd4, 0xce, 0xc6, 0x48, 0x39, 0xb2, 0xa7, 0x92, 0xb4, 0x4a, 0x29, 0x18, 0x06, 0xed, 0x41, - 0x3d, 0x08, 0x89, 0x8d, 0xa3, 0xc8, 0x8c, 0xad, 0x71, 0xa4, 0x3c, 0x5c, 0x3e, 0xa5, 0x43, 0xae, - 0xd7, 0x46, 0xd6, 0x38, 0x89, 0x73, 0xc2, 0x66, 0x64, 0x8d, 0xa3, 0xce, 0x1f, 0x42, 0x2d, 0x93, - 0x49, 0x50, 0x0b, 0x8a, 0xef, 0xf1, 0x15, 0xaf, 0x51, 0x0c, 0xfa, 0x13, 0xdd, 0x86, 0xd5, 0x4b, - 0xcb, 0x9b, 0x8a, 0xe2, 0xc3, 0xe0, 0x0f, 0xbb, 0x2b, 0x5f, 0x17, 0x3a, 0xaf, 0xa0, 0x91, 0xcf, - 0x43, 0x3f, 0xcb, 0xfa, 0x1b, 0x68, 0x2d, 0x46, 0xc1, 0x9f, 0x63, 0xff, 0xa6, 0x54, 0x29, 0xb6, - 0x4a, 0x6f, 0x4a, 0x95, 0x7a, 0x6b, 0x5d, 0xff, 0x87, 0x02, 0x34, 0x92, 0x90, 0xcc, 0xe2, 0x12, - 0x7a, 0xc1, 0x6a, 0x2d, 0x5e, 0xd6, 0xe4, 0x0a, 0x03, 0x1e, 0xb6, 0x4e, 0x2f, 0xac, 0x6b, 0xea, - 0xac, 0xcf, 0x45, 0x9d, 0x55, 0x60, 0xc9, 0x2d, 0x0d, 0xf7, 0xcc, 0x86, 0xa6, 0x05, 0x51, 0x5c, - 0x3d, 0x82, 0xba, 0x4f, 0x62, 0x16, 0x21, 0xad, 0x73, 0x8f, 0xe7, 0x96, 0x8a, 0x51, 0xf3, 0x49, - 0x3c, 0x14, 0x22, 0xb4, 0x99, 0x2d, 0x93, 0x6a, 0x6c, 0xf0, 0xa9, 0x60, 0xb7, 0xf4, 0xfb, 0xbf, - 0x53, 0x6f, 0xe9, 0xff, 0x5a, 0x82, 0x6a, 0x32, 0x6c, 0xd4, 0x48, 0xab, 0x43, 0x36, 0x98, 0xe7, - 0xb0, 0x66, 0x33, 0x0f, 0x65, 0x73, 0xaf, 0x65, 0x02, 0x5b, 0x62, 0xc3, 0x3d, 0xd8, 0x10, 0x38, - 0xf4, 0x25, 0xac, 0xb2, 0x00, 0xac, 0x14, 0x99, 0xc1, 0x27, 0xcb, 0x06, 0x6c, 0x22, 0x06, 0x47, - 0xa1, 0x2e, 0xb4, 0x22, 0x6c, 0x4f, 0x69, 0x46, 0x30, 0x69, 0x16, 0xc3, 0x1f, 0x62, 0xb6, 0x60, - 0xd9, 0x57, 0x9d, 0x0a, 0x40, 0x97, 0xeb, 0x8d, 0x66, 0x94, 0x17, 0xa0, 0x5f, 0x40, 0xf9, 0x92, - 0x78, 0xd3, 0x09, 0x8e, 0x94, 0x55, 0x76, 0xc6, 0x9a, 0x89, 0xed, 0xf7, 0x4c, 0x6e, 0x48, 0x3d, - 0x7a, 0x23, 0x0f, 0xe3, 0xda, 0xcd, 0x87, 0x51, 0x9d, 0xcf, 0xd4, 0xfb, 0x8b, 0x2e, 0xaf, 0x65, - 0x8e, 0xb7, 0x38, 0x99, 0x5f, 0x41, 0x59, 0xa6, 0x26, 0x5e, 0x7d, 0xa5, 0x93, 0xed, 0x4d, 0xce, - 0xb1, 0xe3, 0x60, 0x87, 0xa7, 0x20, 0x43, 0xe2, 0xd0, 0x73, 0xa8, 0x86, 0x38, 0x22, 0xd3, 0xd0, - 0xc6, 0x91, 0x28, 0x5f, 0xd2, 0x1d, 0x36, 0xa4, 0xc6, 0x48, 0x41, 0xe8, 0x99, 0x70, 0x07, 0x5e, - 0x3a, 0xdc, 0x9f, 0xcf, 0xd4, 0x4f, 0xe4, 0xd0, 0x92, 0x15, 0xd5, 0xa8, 0x5b, 0xc8, 0xa2, 0x9b, - 0x96, 0x57, 0xee, 0x25, 0xf6, 0xe9, 0x81, 0x0c, 0x42, 0x72, 0xce, 0x77, 0x3e, 0x57, 0x5e, 0x09, - 0xf5, 0x90, 0x6a, 0x8d, 0x75, 0x2f, 0xfb, 0x88, 0xfe, 0x08, 0x9a, 0x21, 0xb6, 0x1c, 0x37, 0x63, - 0x5f, 0x5f, 0xd8, 0x49, 0x43, 0xea, 0x39, 0x41, 0x23, 0xcc, 0x3d, 0xbf, 0x29, 0x55, 0xaa, 0x2d, - 0xd0, 0xff, 0x79, 0x05, 0xaa, 0xc9, 0x84, 0xd0, 0x10, 0xda, 0x76, 0x30, 0x35, 0x69, 0xc0, 0x88, - 0xcc, 0x10, 0xff, 0xf9, 0x14, 0x47, 0x31, 0x73, 0xb3, 0x95, 0x85, 0xa2, 0x6a, 0x78, 0xa6, 0x75, - 0x29, 0x48, 0x33, 0x38, 0x48, 0xc6, 0x8b, 0xa6, 0x1d, 0x4c, 0x99, 0x42, 0xc8, 0xd1, 0x1b, 0x68, - 0xa6, 0x8c, 0x9e, 0x3b, 0x71, 0x63, 0xe6, 0xa2, 0x2b, 0xfb, 0xfa, 0x7c, 0xa6, 0x3e, 0x5c, 0xe6, - 0x3b, 0xa2, 0x10, 0xc9, 0xb6, 0x2e, 0xd9, 0x98, 0x14, 0x19, 0xd0, 0x9e, 0xe0, 0x09, 0x09, 0xaf, - 0xcc, 0xc9, 0x79, 0x32, 0xba, 0x22, 0x63, 0xfb, 0x7c, 0x3e, 0x53, 0x75, 0xc9, 0x76, 0xcc, 0x40, - 0x72, 0x68, 0xda, 0xd6, 0xf1, 0xfe, 0x2f, 0x92, 0xf1, 0x71, 0x82, 0xe3, 0x73, 0x39, 0xbe, 0x23, - 0x68, 0xa6, 0x9c, 0x7c, 0x7c, 0xa5, 0xe5, 0xf9, 0x0a, 0x46, 0x36, 0x8c, 0x1c, 0xdf, 0xba, 0xe4, - 0x63, 0x2a, 0xfd, 0xbf, 0x8a, 0xb0, 0xc6, 0x5d, 0x19, 0xed, 0x64, 0xe2, 0xc3, 0x42, 0x9c, 0xe5, - 0x08, 0xe6, 0x0d, 0xf9, 0x46, 0xec, 0x6b, 0x58, 0xe3, 0x3b, 0x21, 0xba, 0x37, 0x6d, 0x3e, 0x53, - 0x37, 0x17, 0xac, 0x4e, 0x19, 0x20, 0xe9, 0x06, 0x38, 0x1e, 0xfd, 0x06, 0x6a, 0x0e, 0x8e, 0x62, - 0xd7, 0x67, 0x21, 0x92, 0x2d, 0x4a, 0x95, 0x67, 0x9e, 0x05, 0xf3, 0x83, 0x14, 0x95, 0xc4, 0xf8, - 0x8c, 0x25, 0xfa, 0x35, 0xf5, 0x7c, 0xcb, 0x31, 0x89, 0xef, 0x5d, 0xb1, 0x95, 0xa8, 0xe4, 0x77, - 0x4a, 0xd0, 0x50, 0xdf, 0x3a, 0xf1, 0xbd, 0x2b, 0xc9, 0x51, 0x09, 0x85, 0x80, 0xce, 0x9b, 0x75, - 0x89, 0xab, 0x37, 0xce, 0x9b, 0x76, 0x88, 0xc9, 0xbc, 0x59, 0x9f, 0x38, 0x81, 0x36, 0xaf, 0x8a, - 0x82, 0x90, 0x04, 0xd6, 0x98, 0xcf, 0x61, 0x8d, 0x95, 0x68, 0xda, 0x42, 0x88, 0xd8, 0x3e, 0x66, - 0xa5, 0x55, 0x8a, 0xe3, 0xaf, 0x90, 0x67, 0xed, 0x98, 0x17, 0x68, 0xa9, 0x5a, 0x37, 0x5a, 0x93, - 0x05, 0x0b, 0xfd, 0x10, 0x5a, 0x8b, 0x2c, 0xa8, 0x02, 0xa5, 0xc1, 0xc9, 0xa0, 0xd7, 0xba, 0x85, - 0xee, 0x40, 0xfb, 0xdb, 0x93, 0xd3, 0x91, 0x39, 0x3a, 0x31, 0xbb, 0x27, 0x83, 0xd1, 0x5e, 0x7f, - 0xd0, 0x33, 0x5a, 0x05, 0xd4, 0x86, 0xf5, 0xfd, 0xfe, 0x41, 0xdf, 0xe8, 0x75, 0x47, 0xfd, 0x93, - 0xc1, 0xde, 0x51, 0x6b, 0x45, 0x1f, 0xc0, 0x7a, 0xee, 0x8c, 0xa2, 0xd7, 0x50, 0x76, 0xf0, 0x3b, - 0xd7, 0xc7, 0x3c, 0x36, 0x8b, 0x36, 0x53, 0x8e, 0x4d, 0x62, 0x35, 0x06, 0xd6, 0x0e, 0x38, 0x52, - 0x37, 0xa4, 0x8d, 0x3e, 0x84, 0x46, 0xfe, 0xcc, 0xa2, 0x6f, 0x16, 0x09, 0x99, 0x57, 0xa6, 0x9d, - 0xa6, 0x00, 0xdf, 0xc8, 0xf8, 0x6f, 0x25, 0x28, 0x0e, 0x89, 0x83, 0x9e, 0x64, 0x6e, 0x13, 0x72, - 0x6d, 0x0d, 0x6d, 0x00, 0xfb, 0x07, 0xb9, 0xc4, 0xf6, 0x3c, 0x77, 0x81, 0xb0, 0xd4, 0x2e, 0x32, - 0xaf, 0x95, 0x78, 0xee, 0xb6, 0x87, 0xb0, 0x9e, 0x5e, 0xc2, 0xd0, 0x36, 0x8c, 0xbb, 0xdf, 0xa3, - 0xf9, 0x4c, 0x7d, 0x70, 0xfd, 0xb5, 0x85, 0xb4, 0xaf, 0xa7, 0x76, 0x7d, 0x27, 0x7f, 0x5d, 0x50, - 0xfa, 0x79, 0xd7, 0x05, 0xf9, 0x3e, 0x70, 0xf5, 0xff, 0xd7, 0x07, 0xee, 0xf1, 0x98, 0x6c, 0xba, - 0x7e, 0x14, 0x5b, 0x3e, 0x8d, 0xfd, 0x3c, 0xfd, 0x74, 0xae, 0xc9, 0x8e, 0x02, 0xc2, 0xe3, 0xb2, - 0x7c, 0x8a, 0x10, 0x86, 0xdb, 0x31, 0xad, 0xfb, 0x7d, 0xda, 0x9d, 0x66, 0x88, 0xca, 0x0b, 0x0d, - 0xfa, 0x90, 0x38, 0xcb, 0x64, 0x47, 0x6e, 0x14, 0x2f, 0x15, 0xa9, 0x1b, 0x29, 0x5f, 0xfa, 0x9a, - 0x97, 0x50, 0x8e, 0x62, 0x2b, 0xfc, 0xa8, 0xee, 0xda, 0x90, 0xd0, 0xce, 0x77, 0x70, 0xe7, 0xda, - 0x77, 0xa2, 0xaf, 0xa1, 0x9a, 0x0e, 0xb5, 0xf0, 0x93, 0x73, 0x4e, 0xc1, 0xfa, 0xbf, 0x14, 0xa1, - 0xbd, 0x04, 0x40, 0xaf, 0xa1, 0x26, 0x21, 0xa6, 0x70, 0xbc, 0xda, 0xce, 0xe6, 0xcd, 0x8c, 0xfd, - 0x03, 0x03, 0xa4, 0x41, 0x9f, 0xba, 0x6b, 0x5b, 0xb4, 0xca, 0xae, 0x3f, 0x36, 0x03, 0xe2, 0x50, - 0x12, 0x5e, 0xd5, 0x35, 0x53, 0xc5, 0x90, 0x38, 0x7d, 0x07, 0x3d, 0x86, 0x46, 0x7a, 0x7b, 0xc7, - 0x1c, 0x77, 0x8d, 0x01, 0xd7, 0x13, 0x29, 0xeb, 0xd1, 0x3f, 0x85, 0x54, 0x60, 0xba, 0x41, 0xa4, - 0x14, 0x69, 0xfd, 0x6b, 0xd4, 0x13, 0x61, 0x3f, 0xc8, 0xad, 0x6a, 0xe9, 0xa3, 0x57, 0x15, 0x1d, - 0x43, 0x9d, 0x77, 0xc1, 0x8e, 0x3b, 0xa6, 0x19, 0x89, 0x3b, 0x5f, 0xae, 0xdb, 0x4e, 0x4b, 0x00, - 0x5e, 0x52, 0x1e, 0x30, 0x64, 0xe2, 0x82, 0x35, 0x66, 0xcf, 0x85, 0xe8, 0x0f, 0xa0, 0xf2, 0xce, - 0xf5, 0xdd, 0xe8, 0x02, 0x3b, 0x4a, 0xf9, 0x27, 0x47, 0x91, 0x60, 0xd1, 0x7d, 0xa8, 0xe2, 0x0f, - 0x6e, 0x6c, 0xda, 0xc4, 0xc1, 0xcc, 0x29, 0x56, 0x8d, 0x0a, 0x15, 0x74, 0x89, 0x83, 0xd1, 0x97, - 0x80, 0xa4, 0x1b, 0xd1, 0x26, 0x38, 0xc4, 0x56, 0x44, 0x7c, 0x7e, 0x5d, 0x62, 0xb4, 0x33, 0x1a, - 0x83, 0x29, 0xf4, 0xbf, 0x2c, 0xc0, 0xc6, 0x35, 0x9b, 0x84, 0x0e, 0x93, 0x8d, 0x49, 0xaf, 0x4a, - 0xd9, 0xee, 0x36, 0x76, 0xee, 0x5d, 0x73, 0xe1, 0xc1, 0x01, 0x46, 0xcb, 0x5e, 0x90, 0x88, 0xfa, - 0x75, 0x25, 0xa9, 0x5f, 0x11, 0x94, 0x7c, 0x3a, 0x6c, 0x16, 0x38, 0x0c, 0xf6, 0x5b, 0x1f, 0x43, - 0x23, 0x5f, 0x9e, 0xa1, 0x2f, 0x72, 0x29, 0x75, 0x63, 0x3e, 0x53, 0x9b, 0x69, 0x8b, 0xce, 0x6f, - 0x15, 0x78, 0x40, 0x7a, 0x0a, 0xa5, 0xc0, 0x8a, 0x2f, 0x44, 0x08, 0xcb, 0xdd, 0xa5, 0x71, 0xa0, - 0x36, 0xb4, 0xe2, 0x0b, 0xdd, 0x60, 0x28, 0xfd, 0x6f, 0x2a, 0x00, 0x69, 0x59, 0xc9, 0xc6, 0x92, - 0xbc, 0x45, 0x10, 0x7e, 0x93, 0x75, 0x32, 0x5a, 0x55, 0x32, 0xea, 0xd5, 0xfc, 0x55, 0x0c, 0xe5, - 0x48, 0x2b, 0x17, 0x09, 0xa7, 0x52, 0xf4, 0x0a, 0x2a, 0x6c, 0xef, 0x6c, 0xe2, 0x89, 0xe0, 0x98, - 0x4b, 0xed, 0x14, 0x43, 0x63, 0x38, 0x03, 0x24, 0x29, 0x55, 0x5a, 0x20, 0x07, 0x2a, 0xf8, 0x43, - 0x40, 0xa2, 0x69, 0xc8, 0xc3, 0x62, 0x63, 0xe7, 0xd1, 0x35, 0xf5, 0xf0, 0x76, 0x4f, 0x60, 0xf8, - 0x0d, 0x46, 0x2e, 0xf9, 0x1f, 0x5b, 0x1f, 0x34, 0xa9, 0xce, 0xdf, 0x59, 0x24, 0xcc, 0xe8, 0x31, - 0xd4, 0xd9, 0x6f, 0xec, 0xf0, 0x19, 0xae, 0xb2, 0x19, 0xae, 0x28, 0x05, 0xa3, 0x26, 0xe4, 0x6c, - 0x2a, 0x0e, 0x34, 0xa4, 0x89, 0xe9, 0xfa, 0xef, 0x88, 0x8c, 0x91, 0xda, 0xff, 0x35, 0xa4, 0xbe, - 0xff, 0x8e, 0xe4, 0x8b, 0xe2, 0x64, 0x34, 0x54, 0x15, 0xe9, 0xc6, 0x3a, 0xce, 0x40, 0xa3, 0xce, - 0xdf, 0x97, 0xa0, 0x9e, 0x35, 0x46, 0x3f, 0xc0, 0x2a, 0xbf, 0xb9, 0x29, 0x7c, 0xec, 0x02, 0xe4, - 0xd2, 0xcf, 0xf5, 0x93, 0xe7, 0x94, 0xe8, 0x10, 0xea, 0xf2, 0x3a, 0x26, 0x93, 0xf9, 0x72, 0x9d, - 0x20, 0xb3, 0x77, 0xfd, 0xb1, 0xbc, 0x84, 0x49, 0x6a, 0x27, 0x61, 0xc8, 0x62, 0xcc, 0x03, 0x00, - 0xc9, 0x23, 0x93, 0xa0, 0x51, 0x15, 0x92, 0xbe, 0x83, 0x9e, 0x02, 0x92, 0xea, 0x24, 0x55, 0x05, - 0x3c, 0xcf, 0x19, 0x2d, 0xa1, 0x11, 0x59, 0xaa, 0x1f, 0xa0, 0xb7, 0xe9, 0xa0, 0x32, 0xdb, 0xb1, - 0x35, 0x9f, 0xa9, 0x9f, 0xdd, 0x34, 0x28, 0x2d, 0xeb, 0x81, 0x72, 0x64, 0x6c, 0xd3, 0xf6, 0xa0, - 0x4a, 0xcf, 0x14, 0x67, 0x5a, 0x63, 0x4c, 0xb9, 0xe4, 0xd8, 0xe3, 0x1b, 0xac, 0x0d, 0x88, 0x93, - 0x67, 0xa9, 0x50, 0x33, 0x41, 0x51, 0xc7, 0x1f, 0x62, 0x1c, 0xfa, 0x96, 0xc7, 0xe2, 0x67, 0x79, - 0xf9, 0xfe, 0xa0, 0x27, 0xf4, 0x5a, 0x7f, 0x98, 0x8c, 0x42, 0xda, 0xd0, 0xf0, 0x7a, 0x0a, 0x28, - 0xa1, 0xb8, 0x20, 0x51, 0xcc, 0xb2, 0xb7, 0x52, 0x61, 0x44, 0x0b, 0xc3, 0x11, 0x44, 0xdf, 0x0a, - 0x94, 0xa4, 0x6b, 0x4b, 0x7b, 0xa9, 0x88, 0xf4, 0x33, 0x58, 0xcf, 0xed, 0x3b, 0xaa, 0xc2, 0xea, - 0xd9, 0xe0, 0xb4, 0x37, 0x6a, 0xdd, 0x42, 0x75, 0xa8, 0xf4, 0xfe, 0x78, 0xd4, 0x33, 0x68, 0xb9, - 0x56, 0xe0, 0x25, 0xde, 0x41, 0xaf, 0xb5, 0x42, 0xe5, 0xfd, 0x81, 0x90, 0x17, 0xa9, 0x9c, 0x16, - 0x7c, 0xad, 0x12, 0x35, 0x35, 0x4e, 0xce, 0x46, 0xbd, 0xd6, 0xaa, 0xfe, 0xbb, 0x55, 0x68, 0x2e, - 0xf4, 0xce, 0xe8, 0x15, 0x14, 0xb1, 0x7f, 0x29, 0xf2, 0xe3, 0x93, 0x9b, 0x5a, 0xec, 0xed, 0x9e, - 0x7f, 0xe9, 0x86, 0xc4, 0xa7, 0x45, 0x8d, 0x68, 0xba, 0xa9, 0x19, 0x52, 0xa0, 0x6c, 0x93, 0xc9, - 0xc4, 0xf2, 0x69, 0xe0, 0xa3, 0xb9, 0x47, 0x3e, 0xd2, 0x88, 0x63, 0x85, 0x63, 0x99, 0x92, 0xd8, - 0x6f, 0xb4, 0x09, 0x55, 0xc7, 0x0d, 0xd9, 0x55, 0xfa, 0x95, 0xf0, 0x91, 0x54, 0x40, 0x2d, 0xa6, - 0x11, 0x0e, 0x79, 0xaa, 0x31, 0xd8, 0x6f, 0xd4, 0x82, 0xe2, 0xd4, 0x75, 0xf8, 0x17, 0x09, 0x83, - 0xfe, 0x44, 0x7d, 0x68, 0x5b, 0x41, 0x60, 0x5a, 0xe1, 0x84, 0x84, 0xb4, 0xb4, 0x7e, 0xe7, 0x7a, - 0x98, 0xa5, 0x14, 0xf1, 0x5d, 0x28, 0xb9, 0x62, 0x0c, 0x82, 0x3d, 0x8a, 0xa1, 0x21, 0x88, 0x62, - 0x74, 0xa3, 0x69, 0x09, 0x91, 0x90, 0x74, 0xfe, 0xaa, 0x08, 0xed, 0xa5, 0x79, 0xa1, 0x97, 0x99, - 0x3b, 0x98, 0x7c, 0x9b, 0x90, 0xc1, 0x6a, 0x6f, 0x71, 0xd2, 0x26, 0xb0, 0x7b, 0x9a, 0xdd, 0xdc, - 0x3d, 0xcd, 0xc2, 0xce, 0x67, 0xec, 0xbe, 0xa7, 0xa0, 0xe4, 0xa8, 0x32, 0x13, 0xf4, 0xd7, 0x05, - 0x68, 0x60, 0xff, 0xd2, 0xbc, 0xb4, 0x42, 0x53, 0xb4, 0x4a, 0x45, 0x16, 0x10, 0x7e, 0xf5, 0xf1, - 0xdb, 0x41, 0x25, 0xdf, 0x5b, 0x21, 0x6f, 0xa4, 0xf6, 0xb7, 0xe7, 0x33, 0xf5, 0xc9, 0xf5, 0xaf, - 0x0f, 0x5d, 0xeb, 0xdc, 0x5b, 0xec, 0xb8, 0xea, 0x38, 0x63, 0xad, 0x87, 0x50, 0xcf, 0xb2, 0x65, - 0x9d, 0xaf, 0x0c, 0x45, 0x63, 0xef, 0xb7, 0xad, 0x02, 0x6a, 0x00, 0x9c, 0xf6, 0xba, 0x46, 0x6f, - 0x64, 0xbe, 0xed, 0xfd, 0x49, 0x6b, 0x05, 0x21, 0x68, 0x74, 0x4f, 0x06, 0x87, 0xfd, 0xdf, 0x98, - 0xc7, 0x7b, 0x43, 0x26, 0x2b, 0x52, 0xbb, 0xc3, 0x7e, 0xef, 0xe8, 0xa0, 0x55, 0xa2, 0x6a, 0xa3, - 0x77, 0x7a, 0x72, 0x66, 0x74, 0x7b, 0x26, 0x97, 0xad, 0xa2, 0x1a, 0x94, 0xcf, 0x06, 0x6f, 0x07, - 0x27, 0xbf, 0x1d, 0xb4, 0xd6, 0xf4, 0x7f, 0x5c, 0x83, 0xe6, 0xc2, 0x5d, 0x0b, 0x7a, 0x0d, 0x10, - 0x84, 0xee, 0xa5, 0xeb, 0xe1, 0x71, 0xd2, 0x2b, 0xe4, 0xbe, 0xfd, 0x0d, 0x13, 0xad, 0x9c, 0x48, - 0xc6, 0x00, 0xed, 0x42, 0x39, 0xc2, 0x9e, 0xeb, 0x4f, 0x3f, 0x88, 0x0b, 0x24, 0xed, 0xa6, 0x5b, - 0x9d, 0xed, 0xd3, 0xde, 0x11, 0xc5, 0x19, 0xd2, 0x00, 0x7d, 0x07, 0x6d, 0x27, 0x24, 0x81, 0x69, - 0x5b, 0x81, 0x75, 0xee, 0x7a, 0x6e, 0xec, 0x62, 0xe1, 0xca, 0xf9, 0xad, 0x3d, 0x08, 0x49, 0xa0, - 0x75, 0x33, 0x20, 0x39, 0x90, 0x16, 0x35, 0xcf, 0x2a, 0xd0, 0x00, 0x5a, 0x96, 0xe3, 0xe4, 0x19, - 0x4b, 0x8c, 0x31, 0x17, 0x94, 0xf7, 0x1c, 0xe7, 0x5a, 0xc2, 0xa6, 0xe5, 0x38, 0x39, 0xbe, 0x31, - 0xdc, 0x4b, 0x9a, 0x5a, 0x33, 0x24, 0x24, 0x36, 0xa9, 0x53, 0x47, 0x57, 0x51, 0x8c, 0x27, 0xec, - 0x0c, 0x89, 0x3b, 0xf7, 0xe4, 0x6a, 0x15, 0x5b, 0x8e, 0x46, 0xbb, 0x59, 0xcd, 0x20, 0x24, 0xd6, - 0x0e, 0x13, 0xb0, 0x7c, 0xc3, 0x5d, 0xd9, 0xee, 0x52, 0x7d, 0xaa, 0x46, 0x43, 0x68, 0x46, 0xd8, - 0xb6, 0xc9, 0x24, 0x48, 0xce, 0xdb, 0x1a, 0x5b, 0xcf, 0x2f, 0x6e, 0x5e, 0x4f, 0x8e, 0x17, 0x07, - 0xcd, 0x68, 0x44, 0xb9, 0xe7, 0xce, 0x9f, 0x42, 0x59, 0xac, 0x78, 0x72, 0xe8, 0x0b, 0x99, 0x43, - 0x8f, 0xa0, 0x14, 0x12, 0x4f, 0x5e, 0x79, 0xb2, 0xdf, 0x54, 0xc6, 0x3a, 0x70, 0x51, 0x4c, 0xb1, - 0x0e, 0xfb, 0xb6, 0x4c, 0x9f, 0x3c, 0x94, 0xf0, 0x87, 0xce, 0x7f, 0x17, 0xa0, 0x91, 0x7f, 0x3f, - 0xfa, 0x33, 0x61, 0xcc, 0xd3, 0xec, 0x8b, 0x8f, 0x1c, 0xf6, 0xb6, 0xf8, 0x4b, 0x5b, 0x7b, 0x9e, - 0x78, 0x65, 0x6c, 0x11, 0x38, 0x19, 0x5a, 0x72, 0x9f, 0x87, 0x7f, 0x09, 0x6d, 0x8f, 0xd8, 0x96, - 0xc7, 0x3f, 0x31, 0x88, 0xf5, 0xe2, 0x33, 0x69, 0x25, 0x0a, 0x19, 0x93, 0xf6, 0xa0, 0x96, 0x79, - 0x09, 0x3d, 0x54, 0x67, 0x03, 0x76, 0x8c, 0x06, 0xbd, 0x83, 0xd6, 0x2d, 0xb4, 0x01, 0x4d, 0xe3, - 0x6c, 0x30, 0xea, 0x1f, 0xf7, 0xcc, 0x83, 0xde, 0xe1, 0xde, 0xd9, 0xd1, 0xa8, 0x55, 0x40, 0xeb, - 0x50, 0x3d, 0x3a, 0xe9, 0xee, 0x1d, 0xb1, 0xf0, 0xbe, 0xa2, 0xff, 0x4f, 0x01, 0x1a, 0xb4, 0xdd, - 0xc9, 0x7c, 0x66, 0x5f, 0xbc, 0x48, 0x45, 0xe2, 0x53, 0x38, 0xad, 0x9f, 0x4b, 0xe2, 0xbb, 0x37, - 0xca, 0x36, 0xc4, 0xa2, 0x20, 0xa4, 0xc1, 0x9c, 0xa7, 0x6a, 0xb1, 0xcc, 0xf2, 0x91, 0x16, 0x01, - 0x99, 0x46, 0x54, 0x44, 0xee, 0xb4, 0xc5, 0xdc, 0x5c, 0xfa, 0x24, 0x9e, 0xed, 0x62, 0x5f, 0xa6, - 0x1f, 0x4d, 0xd7, 0x7e, 0xba, 0x01, 0x91, 0xdf, 0x40, 0x3b, 0x99, 0x4f, 0x7d, 0x65, 0x16, 0xfe, - 0x93, 0xe7, 0xfd, 0x97, 0xff, 0xf4, 0xe3, 0xc3, 0xc2, 0xef, 0x7f, 0x7c, 0x58, 0xf8, 0xf7, 0x1f, - 0x1f, 0x16, 0x7e, 0xf7, 0x1f, 0x0f, 0x6f, 0xc1, 0x3d, 0x97, 0x6c, 0x47, 0xb1, 0x65, 0xbf, 0x0f, - 0xc9, 0x07, 0x4e, 0x2b, 0x37, 0xf9, 0x07, 0xf9, 0x9f, 0x13, 0xe7, 0x6b, 0x4c, 0xfe, 0xe2, 0x7f, - 0x03, 0x00, 0x00, 0xff, 0xff, 0xa8, 0xea, 0xcc, 0x8b, 0x65, 0x21, 0x00, 0x00, + // 3347 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x5a, 0x49, 0x73, 0xdb, 0xd8, + 0x76, 0x36, 0x45, 0x4a, 0x24, 0x0f, 0x29, 0x0e, 0x57, 0x1e, 0x60, 0x7a, 0x00, 0x8c, 0x6e, 0x77, + 0xeb, 0xf9, 0xb9, 0x65, 0xb7, 0xec, 0xca, 0xeb, 0xa8, 0xec, 0x7e, 0x91, 0x28, 0xea, 0x35, 0x6d, + 0x89, 0x62, 0x43, 0x54, 0xbf, 0xa4, 0xb3, 0x40, 0x41, 0xc0, 0x35, 0x85, 0x18, 0xc4, 0x45, 0x00, + 0x50, 0xb1, 0x96, 0x59, 0x66, 0x91, 0x4d, 0x16, 0xaf, 0x7a, 0x9b, 0x55, 0xfe, 0x41, 0x7e, 0x43, + 0xaa, 0xb2, 0xe9, 0xaa, 0x54, 0xb6, 0x4c, 0xaa, 0x53, 0x59, 0x25, 0x9b, 0xf0, 0x17, 0xa4, 0xee, + 0x84, 0x81, 0x94, 0xd2, 0xee, 0xac, 0x44, 0x9c, 0xf3, 0x9d, 0x0f, 0x77, 0x38, 0xf7, 0x0c, 0x17, + 0x02, 0x25, 0x8a, 0x49, 0x68, 0x8d, 0xf1, 0x33, 0x07, 0x07, 0x1e, 0xb9, 0x9c, 0x60, 0x3f, 0xde, + 0x0a, 0x42, 0x12, 0x13, 0x54, 0x16, 0x9a, 0x8e, 0x3a, 0x26, 0x64, 0xec, 0xe1, 0x67, 0x4c, 0x7c, + 0x36, 0x7d, 0xf7, 0x2c, 0x76, 0x27, 0x38, 0x8a, 0xad, 0x49, 0xc0, 0x91, 0x1d, 0x55, 0x72, 0xd8, + 0xc4, 0x8f, 0x2d, 0xd7, 0xc7, 0xa1, 0x19, 0x4e, 0x7d, 0x8a, 0x12, 0x80, 0x9b, 0x12, 0xe0, 0x59, + 0x67, 0xd8, 0x8b, 0x84, 0x74, 0x43, 0x4a, 0xdd, 0x89, 0x35, 0x5e, 0x82, 0x52, 0xa2, 0x58, 0x42, + 0x91, 0x94, 0x86, 0x67, 0x96, 0x2d, 0x91, 0x63, 0x32, 0x26, 0xec, 0xe7, 0x33, 0xfa, 0x8b, 0x4b, + 0xf5, 0xff, 0x44, 0x00, 0xfb, 0xc9, 0x54, 0xd0, 0x6f, 0x60, 0xc5, 0x75, 0x94, 0x82, 0x56, 0xd8, + 0xac, 0xee, 0x7d, 0x3e, 0x9f, 0xa9, 0x9f, 0x44, 0xd8, 0x0a, 0xed, 0xf3, 0x1d, 0x3d, 0xc5, 0x68, + 0xfd, 0xfd, 0xa7, 0x94, 0x1e, 0x3f, 0x3d, 0x77, 0x1d, 0x07, 0xfb, 0xba, 0xb1, 0xe2, 0x3a, 0xe8, + 0x4b, 0x28, 0xf9, 0xd6, 0x04, 0x2b, 0x2b, 0xcc, 0xf4, 0xc1, 0x7c, 0xa6, 0xde, 0x5d, 0x36, 0xe5, + 0x76, 0xba, 0xc1, 0xa0, 0xe8, 0x31, 0x94, 0xce, 0xad, 0xe8, 0x5c, 0xe9, 0x68, 0x85, 0xcd, 0xd2, + 0x5e, 0x7b, 0x3e, 0x53, 0xd7, 0xe9, 0xf3, 0x8e, 0xee, 0x8e, 0x7d, 0x0e, 0xa3, 0x8f, 0xe8, 0x39, + 0x94, 0xe2, 0xcb, 0x00, 0x2b, 0x25, 0xc6, 0x7c, 0x7f, 0x3e, 0x53, 0x95, 0x2b, 0x06, 0x35, 0xba, + 0x0c, 0xa8, 0x05, 0x45, 0xa2, 0x1d, 0xa8, 0xd2, 0x17, 0x44, 0x81, 0x65, 0x63, 0x65, 0x75, 0xd9, + 0x6c, 0x20, 0x95, 0x72, 0x3c, 0x29, 0x1c, 0xbd, 0x82, 0x7a, 0xf2, 0x60, 0xba, 0x8e, 0x72, 0x87, + 0x99, 0xdf, 0x9d, 0xcf, 0xd4, 0x5b, 0x4b, 0xe6, 0x5a, 0x7f, 0x5f, 0x37, 0x6a, 0x09, 0xbc, 0xef, + 0xa0, 0xef, 0xe1, 0x36, 0x09, 0xed, 0x73, 0x1c, 0xc5, 0xa1, 0x15, 0x93, 0xd0, 0xb4, 0xc9, 0x24, + 0x20, 0x3e, 0xf6, 0x63, 0xe5, 0x91, 0x56, 0xd8, 0xac, 0xec, 0x7d, 0x32, 0x9f, 0xa9, 0xaa, 0xe4, + 0x39, 0xce, 0x20, 0xb5, 0xae, 0x44, 0xea, 0xc6, 0xad, 0x2c, 0x45, 0x22, 0x47, 0x5f, 0x42, 0x25, + 0xc4, 0x81, 0xe7, 0xda, 0x56, 0xa4, 0xac, 0x69, 0x85, 0xcd, 0xe2, 0xde, 0xad, 0xf9, 0x4c, 0x6d, + 0x07, 0xc4, 0x73, 0xed, 0xcb, 0x1d, 0xdd, 0x10, 0x3a, 0xdd, 0x48, 0x60, 0xe8, 0x5b, 0x58, 0xe3, + 0x1e, 0xa4, 0x94, 0xb5, 0xe2, 0x66, 0x6d, 0x5b, 0xdd, 0x12, 0x7e, 0xb1, 0x95, 0xae, 0xdc, 0xd6, + 0x21, 0x43, 0xf4, 0xfc, 0x38, 0xbc, 0xdc, 0x53, 0xe6, 0x33, 0xf5, 0xa6, 0x1c, 0x1f, 0x53, 0xc8, + 0x25, 0x12, 0x44, 0xc8, 0x04, 0x08, 0x88, 0x63, 0x0a, 0xda, 0x0d, 0x46, 0xab, 0x5f, 0x45, 0x3b, + 0x24, 0x4e, 0x96, 0x39, 0xb7, 0x01, 0x43, 0xe2, 0x68, 0x39, 0xf6, 0x6a, 0x20, 0xd1, 0xe8, 0x35, + 0x34, 0x18, 0xb9, 0x19, 0x61, 0x0f, 0xdb, 0x31, 0x09, 0x95, 0x9b, 0x5a, 0x61, 0xb3, 0xb6, 0x7d, + 0x3b, 0x79, 0x09, 0x03, 0x9e, 0x08, 0xad, 0xb1, 0xee, 0x65, 0x1f, 0x11, 0x86, 0xb2, 0x1d, 0x62, + 0x2b, 0xc6, 0x8e, 0x52, 0x61, 0x76, 0x9d, 0x2d, 0x7e, 0x1c, 0xb7, 0xe4, 0x71, 0xdc, 0x1a, 0xc9, + 0xe3, 0xb8, 0xf7, 0x6c, 0x3e, 0x53, 0x7f, 0x2d, 0x07, 0xd5, 0xe5, 0x66, 0x79, 0xdf, 0xd6, 0xf2, + 0x1e, 0x29, 0xb9, 0x51, 0x17, 0xc0, 0xf6, 0xa6, 0x51, 0x8c, 0x43, 0xea, 0x24, 0x55, 0xe6, 0x24, + 0x9f, 0xce, 0x67, 0xaa, 0x96, 0xb0, 0x71, 0xed, 0xf2, 0x61, 0xa9, 0x0a, 0xbb, 0xbe, 0x83, 0x5e, + 0x43, 0x5d, 0x92, 0xb0, 0xb3, 0x03, 0x8c, 0xa6, 0x33, 0x9f, 0xa9, 0xb7, 0x17, 0x68, 0xe4, 0x3a, + 0xd5, 0x04, 0x9e, 0xba, 0x20, 0xda, 0x06, 0x48, 0x02, 0x48, 0xa4, 0xd4, 0xd8, 0x56, 0xa0, 0x64, + 0x95, 0xba, 0x52, 0x65, 0x64, 0x50, 0xc8, 0x84, 0x9a, 0xe5, 0xfb, 0x24, 0xb6, 0x62, 0x97, 0xf8, + 0x91, 0xd2, 0x60, 0x46, 0x9f, 0x5e, 0xb5, 0x7f, 0xbb, 0x29, 0x8c, 0xef, 0xe0, 0x9d, 0xf9, 0x4c, + 0xdd, 0x90, 0xe3, 0x4a, 0xb5, 0xba, 0x91, 0x65, 0x44, 0x07, 0x50, 0x09, 0x42, 0x97, 0x84, 0x6e, + 0x7c, 0xa9, 0x34, 0x99, 0x97, 0x3e, 0x99, 0xcf, 0xd4, 0xcf, 0x92, 0x9d, 0x17, 0xba, 0x6b, 0xd6, + 0x37, 0xb1, 0x45, 0x1d, 0xa8, 0xb8, 0xbe, 0x65, 0xc7, 0xee, 0x05, 0x56, 0x5a, 0xf4, 0xec, 0x18, + 0xc9, 0x33, 0x3a, 0x04, 0xc4, 0x42, 0xa0, 0x19, 0x4c, 0x3d, 0xea, 0x27, 0x76, 0x88, 0xe3, 0x48, + 0x69, 0x6b, 0xc5, 0xcd, 0xea, 0xde, 0xc3, 0xf9, 0x4c, 0xed, 0xc8, 0xb7, 0xf5, 0x29, 0x4a, 0x1b, + 0x4e, 0x3d, 0x4f, 0x3b, 0x61, 0x28, 0xdd, 0x68, 0x31, 0x4b, 0x2a, 0xe2, 0x92, 0x08, 0xf5, 0xa0, + 0x19, 0xe1, 0xf0, 0xc2, 0xb5, 0xb1, 0x69, 0xd9, 0x36, 0x99, 0xfa, 0xb1, 0x82, 0x96, 0x63, 0xc6, + 0x09, 0x87, 0x68, 0xbb, 0x1c, 0xa2, 0x1b, 0x0d, 0x61, 0x24, 0x04, 0xe8, 0x0f, 0x05, 0xd0, 0x16, + 0x78, 0xcc, 0x00, 0x87, 0x13, 0x37, 0x8a, 0x5c, 0xe2, 0x9b, 0x1e, 0xbe, 0xc0, 0x9e, 0x72, 0x5f, + 0x2b, 0x6c, 0x36, 0xb6, 0x95, 0x64, 0xbd, 0x87, 0x09, 0xe0, 0x90, 0xea, 0xf7, 0x5e, 0xcc, 0x67, + 0xea, 0xb3, 0x6b, 0x5e, 0xa9, 0xa5, 0x60, 0x8d, 0xa1, 0xa5, 0x53, 0x3c, 0xc8, 0x8f, 0x64, 0x81, + 0x13, 0x45, 0xa0, 0x5a, 0xd3, 0x98, 0x4c, 0xd8, 0x88, 0x16, 0x47, 0x18, 0x93, 0xf7, 0xd8, 0x57, + 0xee, 0xb2, 0xe0, 0xf4, 0x74, 0x3e, 0x53, 0x37, 0x65, 0x38, 0xd9, 0x95, 0x26, 0xda, 0xe2, 0x30, + 0x46, 0xd4, 0x44, 0x37, 0xee, 0x27, 0xa4, 0x27, 0xb9, 0xd7, 0x33, 0x35, 0x0d, 0xa3, 0xe7, 0x24, + 0x8a, 0x4d, 0x1f, 0xc7, 0x7f, 0x45, 0xc2, 0xf7, 0xca, 0x2d, 0xf6, 0x06, 0x16, 0x46, 0xe5, 0x1b, + 0xbe, 0x21, 0x51, 0xac, 0x0d, 0xb8, 0x5e, 0x37, 0x6a, 0x14, 0x2e, 0x9e, 0xd0, 0x73, 0xa8, 0x30, + 0xeb, 0xc0, 0x75, 0x14, 0x95, 0x59, 0xe6, 0x42, 0x1d, 0xb3, 0x1c, 0xd2, 0xe0, 0x5b, 0xa6, 0xb0, + 0xa1, 0xeb, 0x24, 0x16, 0x6e, 0x60, 0x2b, 0xda, 0x35, 0x16, 0xfd, 0x61, 0x57, 0x58, 0xf4, 0x03, + 0x1b, 0xfd, 0x16, 0xd6, 0x45, 0xd2, 0x35, 0x6d, 0xcf, 0x8a, 0x22, 0x45, 0x4f, 0x4f, 0x5f, 0x12, + 0x53, 0x39, 0x40, 0xeb, 0x52, 0x80, 0x6e, 0xd4, 0x85, 0x01, 0x7b, 0x44, 0x3d, 0xa8, 0xc5, 0xc4, + 0xc3, 0xa1, 0x38, 0x4a, 0xb7, 0xd9, 0x51, 0xda, 0x48, 0xb6, 0x76, 0x94, 0xe8, 0xf6, 0x1a, 0xf3, + 0x99, 0x0a, 0x72, 0x57, 0xbf, 0xd0, 0x8d, 0xac, 0x1d, 0x7a, 0x0d, 0xab, 0x01, 0x09, 0xe3, 0x48, + 0x51, 0x16, 0x08, 0x86, 0x24, 0x8c, 0xbb, 0xc4, 0x7f, 0xe7, 0x8e, 0xf7, 0xd0, 0x7c, 0xa6, 0x36, + 0xe4, 0xa0, 0xa8, 0x3c, 0xd2, 0x0d, 0x6e, 0x85, 0x06, 0xd0, 0x8c, 0x62, 0x2b, 0xc6, 0x66, 0x52, + 0x64, 0x28, 0xf7, 0xd8, 0xb1, 0x7b, 0x3c, 0x9f, 0xa9, 0x8f, 0x72, 0xa7, 0x4b, 0x8b, 0xb0, 0x1f, + 0x91, 0x30, 0x7f, 0xe2, 0x1a, 0xcc, 0x3a, 0x09, 0x89, 0x68, 0x00, 0x10, 0xba, 0xd1, 0x7b, 0x33, + 0xb2, 0x49, 0x88, 0x95, 0x07, 0x5a, 0x61, 0x73, 0x25, 0x1f, 0x26, 0x0d, 0x37, 0x7a, 0xaf, 0x9d, + 0xd8, 0xd9, 0x18, 0x29, 0x47, 0xf6, 0x54, 0x92, 0x56, 0x29, 0x05, 0xc3, 0xa0, 0x5d, 0xa8, 0x07, + 0x21, 0xb1, 0x71, 0x14, 0x99, 0xb1, 0x35, 0x8e, 0x94, 0x87, 0xcb, 0xa7, 0x74, 0xc8, 0xf5, 0xda, + 0xc8, 0x1a, 0x27, 0x71, 0x4e, 0xd8, 0x8c, 0xac, 0x71, 0xd4, 0xf9, 0x63, 0xa8, 0x65, 0x32, 0x09, + 0x6a, 0x41, 0xf1, 0x3d, 0xbe, 0xe4, 0x35, 0x8a, 0x41, 0x7f, 0xa2, 0x9b, 0xb0, 0x7a, 0x61, 0x79, + 0x53, 0x51, 0x7c, 0x18, 0xfc, 0x61, 0x67, 0xe5, 0xab, 0x42, 0xe7, 0x15, 0x34, 0xf2, 0x79, 0xe8, + 0x17, 0x59, 0x7f, 0x0d, 0xad, 0xc5, 0x28, 0xf8, 0x4b, 0xec, 0xdf, 0x94, 0x2a, 0xc5, 0x56, 0xe9, + 0x4d, 0xa9, 0x52, 0x6f, 0xad, 0xeb, 0x7f, 0x28, 0x40, 0x23, 0x09, 0xc9, 0x2c, 0x2e, 0xa1, 0x17, + 0xac, 0xd6, 0xe2, 0x65, 0x4d, 0xae, 0x30, 0xe0, 0x61, 0xeb, 0xe4, 0xdc, 0xba, 0xa2, 0xce, 0xfa, + 0x4c, 0xd4, 0x59, 0x05, 0x96, 0xdc, 0xd2, 0x70, 0xcf, 0x6c, 0x68, 0x5a, 0x10, 0xc5, 0xd5, 0x23, + 0xa8, 0xfb, 0x24, 0x66, 0x11, 0xd2, 0x3a, 0xf3, 0x78, 0x6e, 0xa9, 0x18, 0x35, 0x9f, 0xc4, 0x43, + 0x21, 0xda, 0x29, 0xfd, 0xf8, 0xf7, 0xea, 0x0d, 0xfd, 0x5f, 0x4b, 0x50, 0x4d, 0x06, 0x86, 0x1a, + 0x69, 0xfd, 0xc7, 0x5e, 0xf7, 0x1c, 0xd6, 0x6c, 0xe6, 0x83, 0x6c, 0x76, 0xb5, 0x4c, 0xe8, 0x4a, + 0x6c, 0xb8, 0x8f, 0x1a, 0x02, 0x87, 0xbe, 0x80, 0x55, 0x16, 0x62, 0x95, 0x22, 0x33, 0xb8, 0xb3, + 0x6c, 0xc0, 0x86, 0x6a, 0x70, 0x14, 0xea, 0x42, 0x2b, 0xc2, 0xf6, 0x94, 0xc6, 0x7c, 0x93, 0xe6, + 0x29, 0xfc, 0x21, 0x66, 0x4b, 0x92, 0x7d, 0xd5, 0x89, 0x00, 0x74, 0xb9, 0xde, 0x68, 0x46, 0x79, + 0x01, 0xfa, 0x15, 0x94, 0x2f, 0x88, 0x37, 0x9d, 0xe0, 0x48, 0x59, 0x65, 0xa7, 0xa8, 0x99, 0xd8, + 0x7e, 0xc7, 0xe4, 0x86, 0xd4, 0xa3, 0x37, 0xf2, 0xb8, 0xad, 0x5d, 0x7f, 0xdc, 0xd4, 0xf9, 0x4c, + 0xbd, 0xb7, 0xe8, 0xd4, 0x5a, 0xe6, 0x00, 0x8b, 0xb3, 0xf7, 0x25, 0x94, 0x65, 0xf2, 0xe1, 0xf5, + 0x55, 0x3a, 0xd9, 0xde, 0xe4, 0x0c, 0x3b, 0x0e, 0x76, 0x78, 0x92, 0x31, 0x24, 0x0e, 0x3d, 0x87, + 0x6a, 0x88, 0x23, 0x32, 0x0d, 0x6d, 0x1c, 0x89, 0x02, 0x25, 0xdd, 0x43, 0x43, 0x6a, 0x8c, 0x14, + 0x84, 0x9e, 0x89, 0x0d, 0xe7, 0xc5, 0xc1, 0xbd, 0xf9, 0x4c, 0xbd, 0x23, 0x87, 0x96, 0xac, 0xa8, + 0x46, 0x37, 0x5e, 0x96, 0xd5, 0xb4, 0x80, 0x72, 0x2f, 0xb0, 0x4f, 0x8f, 0x5c, 0x10, 0x92, 0x33, + 0xac, 0xd4, 0x16, 0x0b, 0x28, 0xa1, 0x1e, 0x52, 0xad, 0xb1, 0xee, 0x65, 0x1f, 0xd1, 0x9f, 0x40, + 0x33, 0xc4, 0x96, 0xe3, 0x66, 0xec, 0xeb, 0x0b, 0x3b, 0x69, 0x48, 0x3d, 0x27, 0x68, 0x84, 0xb9, + 0xe7, 0x37, 0xa5, 0x4a, 0xb5, 0x05, 0xfa, 0x3f, 0xaf, 0x40, 0x35, 0x99, 0x10, 0x1a, 0x42, 0xdb, + 0x0e, 0xa6, 0x26, 0x0d, 0x09, 0x91, 0x19, 0xe2, 0xbf, 0x9c, 0xe2, 0x28, 0x66, 0x6e, 0xb6, 0xb2, + 0x50, 0x36, 0x0d, 0x4f, 0xb5, 0x2e, 0x05, 0x69, 0x06, 0x07, 0xc9, 0x88, 0xd0, 0xb4, 0x83, 0x29, + 0x53, 0x08, 0x39, 0x7a, 0x03, 0xcd, 0x94, 0xd1, 0x73, 0x27, 0x6e, 0xcc, 0x5c, 0x74, 0x65, 0x4f, + 0x9f, 0xcf, 0xd4, 0x87, 0xcb, 0x7c, 0x87, 0x14, 0x22, 0xd9, 0xd6, 0x25, 0x1b, 0x93, 0x22, 0x03, + 0xda, 0x13, 0x3c, 0x21, 0xe1, 0xa5, 0x39, 0x39, 0x4b, 0x46, 0x57, 0x64, 0x6c, 0x9f, 0xcd, 0x67, + 0xaa, 0x2e, 0xd9, 0x8e, 0x18, 0x48, 0x0e, 0x4d, 0xdb, 0x3c, 0xda, 0xfb, 0x55, 0x32, 0x3e, 0x4e, + 0x70, 0x74, 0x26, 0xc7, 0x77, 0x08, 0xcd, 0x94, 0x93, 0x8f, 0xaf, 0xb4, 0x3c, 0x5f, 0xc1, 0xc8, + 0x86, 0x91, 0xe3, 0x5b, 0x97, 0x7c, 0x4c, 0xa5, 0xff, 0x57, 0x11, 0xd6, 0xb8, 0x2b, 0xa3, 0xed, + 0x4c, 0x04, 0x58, 0x88, 0xa4, 0x1c, 0xc1, 0xbc, 0x21, 0xdf, 0x6a, 0x7d, 0x05, 0x6b, 0x7c, 0x27, + 0x44, 0x7f, 0xa6, 0xcd, 0x67, 0xea, 0xfd, 0x05, 0xab, 0x13, 0x06, 0x48, 0xea, 0x7d, 0x8e, 0x47, + 0xbf, 0x83, 0x9a, 0x83, 0xa3, 0xd8, 0xf5, 0x59, 0x10, 0x64, 0x8b, 0x52, 0xe5, 0xb9, 0x65, 0xc1, + 0x7c, 0x3f, 0x45, 0x25, 0x51, 0x3c, 0x63, 0x89, 0x7e, 0x4b, 0x3d, 0xdf, 0x72, 0x4c, 0xe2, 0x7b, + 0x97, 0x6c, 0x25, 0x2a, 0xf9, 0x9d, 0x12, 0x34, 0xd4, 0xb7, 0x8e, 0x7d, 0xef, 0x52, 0x72, 0x54, + 0x42, 0x21, 0xa0, 0xf3, 0x66, 0x7d, 0xe0, 0xea, 0xb5, 0xf3, 0xa6, 0x3d, 0x60, 0x32, 0x6f, 0xd6, + 0x09, 0x4e, 0xa0, 0xcd, 0xeb, 0x9e, 0x20, 0x24, 0x81, 0x35, 0xe6, 0x73, 0x58, 0x63, 0x45, 0x98, + 0xb6, 0x10, 0x22, 0xb6, 0x8e, 0x58, 0xf1, 0x94, 0xe2, 0xf8, 0x2b, 0xe4, 0x59, 0x3b, 0xe2, 0x25, + 0x58, 0xaa, 0xd6, 0x8d, 0xd6, 0x64, 0xc1, 0x42, 0x3f, 0x80, 0xd6, 0x22, 0x0b, 0xaa, 0x40, 0x69, + 0x70, 0x3c, 0xe8, 0xb5, 0x6e, 0xa0, 0x5b, 0xd0, 0xfe, 0xe6, 0xf8, 0x64, 0x64, 0x8e, 0x8e, 0xcd, + 0xee, 0xf1, 0x60, 0xb4, 0xdb, 0x1f, 0xf4, 0x8c, 0x56, 0x01, 0xb5, 0x61, 0x7d, 0xaf, 0xbf, 0xdf, + 0x37, 0x7a, 0xdd, 0x51, 0xff, 0x78, 0xb0, 0x7b, 0xd8, 0x5a, 0xd1, 0x07, 0xb0, 0x9e, 0x3b, 0xa3, + 0xe8, 0x35, 0x94, 0x1d, 0xfc, 0xce, 0xf5, 0x31, 0x8f, 0xcd, 0xa2, 0x91, 0x94, 0x63, 0x93, 0x58, + 0x8d, 0x81, 0xb5, 0x7d, 0x8e, 0xd4, 0x0d, 0x69, 0xa3, 0x0f, 0xa1, 0x91, 0x3f, 0xb3, 0xe8, 0xeb, + 0x45, 0x42, 0xe6, 0x95, 0x69, 0x2f, 0x29, 0xc0, 0xd7, 0x32, 0xfe, 0x5b, 0x09, 0x8a, 0x43, 0xe2, + 0xa0, 0x27, 0x99, 0xfb, 0x82, 0x5c, 0xe3, 0x42, 0x5b, 0xbc, 0xfe, 0x7e, 0x2e, 0x75, 0x3d, 0xcf, + 0x5d, 0x11, 0x2c, 0x35, 0x84, 0xcc, 0x6b, 0x25, 0x9e, 0xbb, 0xed, 0x01, 0xac, 0xa7, 0xd7, 0x2c, + 0xb4, 0xd1, 0xe2, 0xee, 0xf7, 0x68, 0x3e, 0x53, 0x1f, 0x5c, 0x7d, 0x31, 0x21, 0xed, 0xeb, 0xa9, + 0x5d, 0xdf, 0xc9, 0x5f, 0x08, 0x94, 0x7e, 0xd9, 0x85, 0x40, 0xbe, 0xd3, 0x5b, 0xfd, 0xff, 0x75, + 0x7a, 0xbb, 0x3c, 0x26, 0x9b, 0xae, 0x1f, 0xc5, 0x96, 0x4f, 0x63, 0x3f, 0x4f, 0x3f, 0x9d, 0x2b, + 0xb2, 0xa3, 0x80, 0xf0, 0xb8, 0x2c, 0x9f, 0x22, 0x84, 0xe1, 0x66, 0x4c, 0x2b, 0x7b, 0x9f, 0xf6, + 0x9f, 0x19, 0xa2, 0xf2, 0x42, 0x0b, 0x3e, 0x24, 0xce, 0x32, 0xd9, 0xa1, 0x1b, 0xc5, 0x4b, 0x65, + 0xe8, 0x46, 0xca, 0x97, 0xbe, 0xe6, 0x25, 0x94, 0xa3, 0xd8, 0x0a, 0x3f, 0xaa, 0x7f, 0x36, 0x24, + 0xb4, 0xf3, 0x2d, 0xdc, 0xba, 0xf2, 0x9d, 0xe8, 0x2b, 0xa8, 0xa6, 0x43, 0x2d, 0xfc, 0xec, 0x9c, + 0x53, 0xb0, 0xfe, 0x2f, 0x45, 0x68, 0x2f, 0x01, 0xd0, 0x6b, 0xa8, 0x49, 0x88, 0x29, 0x1c, 0xaf, + 0xb6, 0x7d, 0xff, 0x7a, 0xc6, 0xfe, 0xbe, 0x01, 0xd2, 0xa0, 0x4f, 0xdd, 0xb5, 0x2d, 0x9a, 0x61, + 0xd7, 0x1f, 0x9b, 0x01, 0x71, 0x28, 0x09, 0xaf, 0xdb, 0x9a, 0xa9, 0x62, 0x48, 0x9c, 0xbe, 0x83, + 0x1e, 0x43, 0x23, 0xbd, 0x9f, 0x63, 0x8e, 0xbb, 0xc6, 0x80, 0xeb, 0x89, 0x94, 0x75, 0xe1, 0x9f, + 0x40, 0x2a, 0x30, 0xdd, 0x20, 0x52, 0x8a, 0xb4, 0xc2, 0x35, 0xea, 0x89, 0xb0, 0x1f, 0xe4, 0x56, + 0xb5, 0xf4, 0xd1, 0xab, 0x8a, 0x8e, 0xa0, 0xce, 0xfb, 0x5c, 0xc7, 0x1d, 0xd3, 0x8c, 0xc4, 0x9d, + 0x2f, 0xd7, 0x4f, 0xa7, 0x25, 0x00, 0x2f, 0x1a, 0xf7, 0x19, 0x32, 0x71, 0xc1, 0x1a, 0xb3, 0xe7, + 0x42, 0xf4, 0x47, 0x50, 0x79, 0xe7, 0xfa, 0x6e, 0x74, 0x8e, 0x1d, 0xa5, 0xfc, 0xb3, 0xa3, 0x48, + 0xb0, 0xe8, 0x1e, 0x54, 0xf1, 0x07, 0x37, 0x36, 0x6d, 0xe2, 0x60, 0xe6, 0x14, 0xab, 0x46, 0x85, + 0x0a, 0xba, 0xc4, 0xc1, 0xe8, 0x0b, 0x40, 0xd2, 0x8d, 0x68, 0x9b, 0x1b, 0x62, 0x2b, 0x22, 0x3e, + 0xbf, 0x10, 0x31, 0xda, 0x19, 0x8d, 0xc1, 0x14, 0xfa, 0x5f, 0x17, 0x60, 0xe3, 0x8a, 0x4d, 0x42, + 0x07, 0xc9, 0xc6, 0xa4, 0x97, 0xa1, 0x6c, 0x77, 0x1b, 0xdb, 0x77, 0xaf, 0xb8, 0xd2, 0xe0, 0x00, + 0xa3, 0x65, 0x2f, 0x48, 0x44, 0xfd, 0xba, 0x92, 0xd4, 0xaf, 0x08, 0x4a, 0x3e, 0x1d, 0x36, 0x0b, + 0x1c, 0x06, 0xfb, 0xad, 0x8f, 0xa1, 0x91, 0x2f, 0xcf, 0xd0, 0xe7, 0xb9, 0x94, 0xba, 0x31, 0x9f, + 0xa9, 0xcd, 0xb4, 0x09, 0xe7, 0xf7, 0x06, 0x3c, 0x20, 0x3d, 0x85, 0x52, 0x60, 0xc5, 0xe7, 0x22, + 0x84, 0xe5, 0x6e, 0xcb, 0x38, 0x50, 0x1b, 0x5a, 0xf1, 0xb9, 0x6e, 0x30, 0x94, 0xfe, 0x77, 0x15, + 0x80, 0xb4, 0xac, 0x64, 0x63, 0x49, 0xde, 0x22, 0x08, 0xbf, 0xce, 0x3a, 0x19, 0xad, 0x2a, 0x19, + 0xf5, 0x6a, 0xfe, 0xb2, 0x85, 0x72, 0xa4, 0x95, 0x8b, 0x84, 0x53, 0x29, 0x7a, 0x05, 0x15, 0xb6, + 0x77, 0x36, 0xf1, 0x44, 0x70, 0xcc, 0xa5, 0x76, 0x8a, 0xa1, 0x31, 0x9c, 0x01, 0x92, 0x94, 0x2a, + 0x2d, 0x90, 0x03, 0x15, 0xfc, 0x21, 0x20, 0xd1, 0x34, 0xe4, 0x61, 0xb1, 0xb1, 0xfd, 0xe8, 0x8a, + 0x7a, 0x78, 0xab, 0x27, 0x30, 0xfc, 0x8e, 0x22, 0x97, 0xfc, 0x8f, 0xac, 0x0f, 0x9a, 0x54, 0xe7, + 0x6f, 0x25, 0x12, 0x66, 0xf4, 0x18, 0xea, 0xec, 0x37, 0x76, 0xf8, 0x0c, 0x57, 0xd9, 0x0c, 0x57, + 0x94, 0x82, 0x51, 0x13, 0x72, 0x36, 0x15, 0x07, 0x1a, 0xd2, 0xc4, 0x74, 0xfd, 0x77, 0x44, 0xc6, + 0x48, 0xed, 0xff, 0x1a, 0x52, 0xdf, 0x7f, 0x47, 0xf2, 0x45, 0x71, 0x32, 0x1a, 0xaa, 0x8a, 0x74, + 0x63, 0x1d, 0x67, 0xa0, 0x51, 0xe7, 0x1f, 0x4a, 0x50, 0xcf, 0x1a, 0xa3, 0xef, 0x61, 0x95, 0xdf, + 0xcd, 0x14, 0x3e, 0x76, 0x01, 0x72, 0xe9, 0xe7, 0xea, 0xc9, 0x73, 0x4a, 0x74, 0x00, 0x75, 0x79, + 0xe1, 0x92, 0xc9, 0x7c, 0xb9, 0x5e, 0x8f, 0xd9, 0xbb, 0xfe, 0x58, 0x5e, 0xb3, 0x24, 0xb5, 0x93, + 0x30, 0x64, 0x31, 0xe6, 0x01, 0x80, 0xe4, 0x91, 0x49, 0xd0, 0xa8, 0x0a, 0x49, 0xdf, 0x41, 0x4f, + 0x01, 0x49, 0x75, 0x92, 0xaa, 0x02, 0x9e, 0xe7, 0x8c, 0x96, 0xd0, 0x88, 0x2c, 0xd5, 0x0f, 0xd0, + 0xdb, 0x74, 0x50, 0x99, 0xed, 0xd8, 0x9c, 0xcf, 0xd4, 0x4f, 0xaf, 0x1b, 0x94, 0x96, 0xf5, 0x40, + 0x39, 0x32, 0xb6, 0x69, 0xbb, 0x50, 0xa5, 0x67, 0x8a, 0x33, 0xad, 0x31, 0xa6, 0x5c, 0x72, 0xec, + 0xf1, 0x0d, 0xd6, 0x06, 0xc4, 0xc9, 0xb3, 0x54, 0xa8, 0x99, 0xa0, 0xa8, 0xe3, 0x0f, 0x31, 0x0e, + 0x7d, 0xcb, 0x63, 0xf1, 0xb3, 0xbc, 0x7c, 0x43, 0xd0, 0x13, 0x7a, 0xad, 0x3f, 0x4c, 0x46, 0x21, + 0x6d, 0x68, 0x78, 0x3d, 0x01, 0x94, 0x50, 0x9c, 0x93, 0x28, 0x66, 0xd9, 0x5b, 0xa9, 0x30, 0xa2, + 0x85, 0xe1, 0x08, 0xa2, 0x6f, 0x04, 0x4a, 0xd2, 0xb5, 0xa5, 0xbd, 0x54, 0x44, 0xfa, 0x29, 0xac, + 0xe7, 0xf6, 0x1d, 0x55, 0x61, 0xf5, 0x74, 0x70, 0xd2, 0x1b, 0xb5, 0x6e, 0xa0, 0x3a, 0x54, 0x7a, + 0x7f, 0x3a, 0xea, 0x19, 0xb4, 0x5c, 0x2b, 0xf0, 0x12, 0x6f, 0xbf, 0xd7, 0x5a, 0xa1, 0xf2, 0xfe, + 0x40, 0xc8, 0x8b, 0x54, 0x4e, 0x0b, 0xbe, 0x56, 0x89, 0x9a, 0x1a, 0xc7, 0xa7, 0xa3, 0x5e, 0x6b, + 0x55, 0xff, 0x61, 0x15, 0x9a, 0x0b, 0xbd, 0x33, 0x7a, 0x05, 0x45, 0xec, 0x5f, 0x88, 0xfc, 0xf8, + 0xe4, 0xba, 0x16, 0x7b, 0xab, 0xe7, 0x5f, 0xb8, 0x21, 0xf1, 0x69, 0x51, 0x23, 0x9a, 0x6e, 0x6a, + 0x86, 0x14, 0x28, 0xdb, 0x64, 0x32, 0xb1, 0x7c, 0x1a, 0xf8, 0x68, 0xee, 0x91, 0x8f, 0x34, 0xe2, + 0x58, 0xe1, 0x58, 0xa6, 0x24, 0xf6, 0x1b, 0xdd, 0x87, 0xaa, 0xe3, 0x86, 0xec, 0xb2, 0xfc, 0x52, + 0xf8, 0x48, 0x2a, 0xa0, 0x16, 0xd3, 0x08, 0x87, 0x3c, 0xd5, 0x18, 0xec, 0x37, 0x6a, 0x41, 0x71, + 0xea, 0x3a, 0xfc, 0x9b, 0x83, 0x41, 0x7f, 0xa2, 0x3e, 0xb4, 0xad, 0x20, 0x30, 0xad, 0x70, 0x42, + 0x42, 0x5a, 0x5a, 0xbf, 0x73, 0x3d, 0xcc, 0x52, 0x8a, 0xf8, 0xf2, 0x93, 0x5c, 0x22, 0x06, 0xc1, + 0x2e, 0xc5, 0xd0, 0x10, 0x44, 0x31, 0xba, 0xd1, 0xb4, 0x84, 0x48, 0x48, 0x3a, 0x7f, 0x53, 0x84, + 0xf6, 0xd2, 0xbc, 0xd0, 0xcb, 0xcc, 0x2d, 0x4b, 0xbe, 0x4d, 0xc8, 0x60, 0xb5, 0xb7, 0x38, 0x69, + 0x13, 0xd8, 0x4d, 0xcc, 0x4e, 0xee, 0x26, 0x66, 0x61, 0xe7, 0x33, 0x76, 0xdf, 0x51, 0x50, 0x72, + 0x54, 0x99, 0x09, 0xfa, 0xdb, 0x02, 0x34, 0xb0, 0x7f, 0x61, 0x5e, 0x58, 0xa1, 0x29, 0x5a, 0xa5, + 0x22, 0x0b, 0x08, 0xbf, 0xf9, 0xf8, 0xed, 0xa0, 0x92, 0xef, 0xac, 0x90, 0x37, 0x52, 0x7b, 0x5b, + 0xf3, 0x99, 0xfa, 0xe4, 0xea, 0xd7, 0x87, 0xae, 0x75, 0xe6, 0x2d, 0x76, 0x5c, 0x75, 0x9c, 0xb1, + 0xd6, 0x43, 0xa8, 0x67, 0xd9, 0xb2, 0xce, 0x57, 0x86, 0xa2, 0xb1, 0xfb, 0xfb, 0x56, 0x01, 0x35, + 0x00, 0x4e, 0x7a, 0x5d, 0xa3, 0x37, 0x32, 0xdf, 0xf6, 0xfe, 0xac, 0xb5, 0x82, 0x10, 0x34, 0xba, + 0xc7, 0x83, 0x83, 0xfe, 0xef, 0xcc, 0xa3, 0xdd, 0x21, 0x93, 0x15, 0xa9, 0xdd, 0x41, 0xbf, 0x77, + 0xb8, 0xdf, 0x2a, 0x51, 0xb5, 0xd1, 0x3b, 0x39, 0x3e, 0x35, 0xba, 0x3d, 0x93, 0xcb, 0x56, 0x51, + 0x0d, 0xca, 0xa7, 0x83, 0xb7, 0x83, 0xe3, 0xdf, 0x0f, 0x5a, 0x6b, 0xfa, 0x3f, 0xae, 0x41, 0x73, + 0xe1, 0xae, 0x05, 0xbd, 0x06, 0x08, 0x42, 0xf7, 0xc2, 0xf5, 0xf0, 0x38, 0xe9, 0x15, 0x72, 0x5f, + 0xf7, 0x86, 0x89, 0x56, 0x4e, 0x24, 0x63, 0x80, 0x76, 0xa0, 0x1c, 0x61, 0xcf, 0xf5, 0xa7, 0x1f, + 0xc4, 0x05, 0x92, 0x76, 0xdd, 0xad, 0xce, 0xd6, 0x49, 0xef, 0x90, 0xe2, 0x0c, 0x69, 0x80, 0xbe, + 0x85, 0xb6, 0x13, 0x92, 0xc0, 0xb4, 0xad, 0xc0, 0x3a, 0x73, 0x3d, 0x37, 0x76, 0xb1, 0x70, 0xe5, + 0xfc, 0xd6, 0xee, 0x87, 0x24, 0xd0, 0xba, 0x19, 0x90, 0x1c, 0x48, 0x8b, 0x9a, 0x67, 0x15, 0x68, + 0x00, 0x2d, 0xcb, 0x71, 0xf2, 0x8c, 0x25, 0xc6, 0x98, 0x0b, 0xca, 0xbb, 0x8e, 0x73, 0x25, 0x61, + 0xd3, 0x72, 0x9c, 0x1c, 0xdf, 0x18, 0xee, 0x26, 0x4d, 0xad, 0x19, 0x12, 0x12, 0x9b, 0xd4, 0xa9, + 0xa3, 0xcb, 0x28, 0xc6, 0x13, 0x76, 0x86, 0xc4, 0xad, 0x7a, 0x72, 0x79, 0x8a, 0x2d, 0x47, 0xa3, + 0xdd, 0xac, 0x66, 0x10, 0x12, 0x6b, 0x07, 0x09, 0x58, 0xbe, 0xe1, 0xb6, 0x6c, 0x77, 0xa9, 0x3e, + 0x55, 0xa3, 0x21, 0x34, 0x23, 0x6c, 0xdb, 0x64, 0x12, 0x24, 0xe7, 0x6d, 0x8d, 0xad, 0xe7, 0xe7, + 0xd7, 0xaf, 0x27, 0xc7, 0x8b, 0x83, 0x66, 0x34, 0xa2, 0xdc, 0x73, 0xe7, 0xcf, 0xa1, 0x2c, 0x56, + 0x3c, 0x39, 0xf4, 0x85, 0xcc, 0xa1, 0x47, 0x50, 0x0a, 0x89, 0x27, 0x2f, 0x35, 0xd9, 0x6f, 0x2a, + 0x63, 0x1d, 0xb8, 0x28, 0xa6, 0x58, 0x87, 0x7d, 0x53, 0xa6, 0x4f, 0x1e, 0x4a, 0xf8, 0x43, 0xe7, + 0xbf, 0x0b, 0xd0, 0xc8, 0xbf, 0x1f, 0xfd, 0x85, 0x30, 0xe6, 0x69, 0xf6, 0xc5, 0x47, 0x0e, 0x7b, + 0x4b, 0xfc, 0xa5, 0xad, 0x3d, 0x4f, 0xbc, 0x32, 0xb6, 0x08, 0x9c, 0x0c, 0x2d, 0xb9, 0x0f, 0xc0, + 0xbf, 0x86, 0xb6, 0x47, 0x6c, 0xcb, 0xe3, 0x1f, 0x11, 0xc4, 0x7a, 0xf1, 0x99, 0xb4, 0x12, 0x85, + 0x8c, 0x49, 0xbb, 0x50, 0xcb, 0xbc, 0x84, 0x1e, 0xaa, 0xd3, 0x01, 0x3b, 0x46, 0x83, 0xde, 0x7e, + 0xeb, 0x06, 0xda, 0x80, 0xa6, 0x71, 0x3a, 0x18, 0xf5, 0x8f, 0x7a, 0xe6, 0x7e, 0xef, 0x60, 0xf7, + 0xf4, 0x70, 0xd4, 0x2a, 0xa0, 0x75, 0xa8, 0x1e, 0x1e, 0x77, 0x77, 0x0f, 0x59, 0x78, 0x5f, 0xd1, + 0xff, 0xa7, 0x00, 0x0d, 0xda, 0xee, 0x64, 0x3e, 0xa4, 0x2f, 0x5e, 0xa4, 0x22, 0xf1, 0xb1, 0x9b, + 0xd6, 0xcf, 0x25, 0xf1, 0x65, 0x1b, 0x65, 0x1b, 0x62, 0x51, 0x10, 0xd2, 0x60, 0xce, 0x53, 0xb5, + 0x58, 0x66, 0xf9, 0x48, 0x8b, 0x80, 0x4c, 0x23, 0x2a, 0x22, 0x77, 0xda, 0x62, 0xde, 0x5f, 0xfa, + 0xe8, 0x9d, 0xed, 0x62, 0x5f, 0xa6, 0x9f, 0x45, 0xd7, 0x7e, 0xbe, 0x01, 0x91, 0x5f, 0x39, 0x3b, + 0x99, 0x8f, 0x79, 0x65, 0x16, 0xfe, 0x93, 0xe7, 0xbd, 0x97, 0xff, 0xf4, 0xd3, 0xc3, 0xc2, 0x8f, + 0x3f, 0x3d, 0x2c, 0xfc, 0xfb, 0x4f, 0x0f, 0x0b, 0x3f, 0xfc, 0xc7, 0xc3, 0x1b, 0x70, 0xd7, 0x25, + 0x5b, 0x51, 0x6c, 0xd9, 0xef, 0x43, 0xf2, 0x81, 0xd3, 0xca, 0x4d, 0xfe, 0x5e, 0xfe, 0x6f, 0xc4, + 0xd9, 0x1a, 0x93, 0xbf, 0xf8, 0xdf, 0x00, 0x00, 0x00, 0xff, 0xff, 0x9b, 0xcf, 0xea, 0x43, 0x47, + 0x21, 0x00, 0x00, } func (m *Deployment) Marshal() (dAtA []byte, err error) { @@ -2988,13 +2980,6 @@ func (m *ContainerImage) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l - if len(m.Namespace) > 0 { - i -= len(m.Namespace) - copy(dAtA[i:], m.Namespace) - i = encodeVarintDeployment(dAtA, i, uint64(len(m.Namespace))) - i-- - dAtA[i] = 0x5a - } if m.NotPullable { i-- if m.NotPullable { @@ -4435,10 +4420,6 @@ func (m *ContainerImage) Size() (n int) { if m.NotPullable { n += 2 } - l = len(m.Namespace) - if l > 0 { - n += 1 + l + sovDeployment(uint64(l)) - } return n } @@ -6332,38 +6313,6 @@ func (m *ContainerImage) Unmarshal(dAtA []byte) error { } } m.NotPullable = bool(v != 0) - case 11: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowDeployment - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthDeployment - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthDeployment - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Namespace = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipDeployment(dAtA[iNdEx:]) diff --git a/generated/storage/image_integration.pb.go b/generated/storage/image_integration.pb.go index f690579a36c2e..4ef74e7245872 100644 --- a/generated/storage/image_integration.pb.go +++ b/generated/storage/image_integration.pb.go @@ -56,12 +56,9 @@ func (ImageIntegrationCategory) EnumDescriptor() ([]byte, []int) { // Next Tag: 21 type ImageIntegration struct { - Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` - Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"` - Type string `protobuf:"bytes,3,opt,name=type,proto3" json:"type,omitempty"` - // If a list of clusters is provided, the integration will only be accessed from the specified clusters' sensors. - // Please use cluster_id instead. - Clusters []string `protobuf:"bytes,5,rep,name=clusters,proto3" json:"clusters,omitempty"` // Deprecated: Do not use. + Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` + Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"` + Type string `protobuf:"bytes,3,opt,name=type,proto3" json:"type,omitempty"` Categories []ImageIntegrationCategory `protobuf:"varint,6,rep,packed,name=categories,proto3,enum=storage.ImageIntegrationCategory" json:"categories,omitempty"` // Types that are valid to be assigned to IntegrationConfig: // *ImageIntegration_Dtr @@ -293,14 +290,6 @@ func (m *ImageIntegration) GetType() string { return "" } -// Deprecated: Do not use. -func (m *ImageIntegration) GetClusters() []string { - if m != nil { - return m.Clusters - } - return nil -} - func (m *ImageIntegration) GetCategories() []ImageIntegrationCategory { if m != nil { return m.Categories @@ -425,10 +414,6 @@ func (m *ImageIntegration) Clone() *ImageIntegration { cloned := new(ImageIntegration) *cloned = *m - if m.Clusters != nil { - cloned.Clusters = make([]string, len(m.Clusters)) - copy(cloned.Clusters, m.Clusters) - } if m.Categories != nil { cloned.Categories = make([]ImageIntegrationCategory, len(m.Categories)) copy(cloned.Categories, m.Categories) @@ -1275,75 +1260,75 @@ func init() { func init() { proto.RegisterFile("storage/image_integration.proto", fileDescriptor_9e3766be4a43c581) } var fileDescriptor_9e3766be4a43c581 = []byte{ - // 1082 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xdc, 0x96, 0xdf, 0x6e, 0xe3, 0xc4, - 0x17, 0xc7, 0xeb, 0xa4, 0x4d, 0x9c, 0x93, 0x3f, 0x4d, 0xa7, 0xe9, 0xae, 0x7f, 0x95, 0x7e, 0x49, - 0xb0, 0x56, 0xab, 0x02, 0xab, 0x74, 0xb7, 0xb0, 0x5c, 0x14, 0x09, 0x29, 0xc9, 0x46, 0x25, 0x2c, - 0x14, 0xe1, 0xf6, 0x06, 0x6e, 0xac, 0xa9, 0x7d, 0xd6, 0x6b, 0x9a, 0x78, 0xc2, 0xcc, 0x78, 0x77, - 0xf3, 0x12, 0x5c, 0x23, 0xf1, 0x06, 0xdc, 0xf2, 0x00, 0x5c, 0x70, 0xc3, 0x25, 0x97, 0x48, 0xa0, - 0x0a, 0x95, 0x37, 0xe8, 0x13, 0xa0, 0xb1, 0x1d, 0xc7, 0x49, 0x69, 0x55, 0xd4, 0x5e, 0x71, 0x67, - 0x9f, 0xf9, 0x9c, 0x33, 0xdf, 0x39, 0x73, 0xce, 0xcc, 0x40, 0x4b, 0x48, 0xc6, 0xa9, 0x87, 0xbb, - 0xfe, 0x98, 0x7a, 0x68, 0xfb, 0x81, 0x44, 0x8f, 0x53, 0xe9, 0xb3, 0xa0, 0x33, 0xe1, 0x4c, 0x32, - 0x52, 0x4c, 0x80, 0xed, 0x86, 0xc7, 0x3c, 0x16, 0xd9, 0x76, 0xd5, 0x57, 0x3c, 0x6c, 0x7e, 0x5f, - 0x80, 0xfa, 0x50, 0xb9, 0x0e, 0xe7, 0x9e, 0xa4, 0x06, 0x39, 0xdf, 0x35, 0xb4, 0xb6, 0xb6, 0x53, - 0xb2, 0x72, 0xbe, 0x4b, 0x08, 0xac, 0x06, 0x74, 0x8c, 0x46, 0x2e, 0xb2, 0x44, 0xdf, 0xca, 0x26, - 0xa7, 0x13, 0x34, 0xf2, 0xb1, 0x4d, 0x7d, 0x93, 0x26, 0xe8, 0xce, 0x28, 0x14, 0x12, 0xb9, 0x30, - 0xd6, 0xda, 0xf9, 0x9d, 0x52, 0x2f, 0x67, 0x68, 0x56, 0x6a, 0x23, 0x5d, 0x00, 0x87, 0x4a, 0xf4, - 0x18, 0xf7, 0x51, 0x18, 0x85, 0x76, 0x7e, 0xa7, 0xb6, 0xf7, 0x56, 0x27, 0x11, 0xd8, 0x59, 0x96, - 0xd1, 0x8f, 0xd1, 0xa9, 0x95, 0x71, 0x22, 0x0f, 0x21, 0xef, 0x4a, 0x6e, 0x14, 0xdb, 0xda, 0x4e, - 0x79, 0x8f, 0xa4, 0xbe, 0xcf, 0x8e, 0xad, 0x3e, 0x0b, 0x5e, 0xf8, 0xde, 0xc7, 0x2b, 0x96, 0x02, - 0xc8, 0x53, 0x25, 0x85, 0xfa, 0xdc, 0x7f, 0x31, 0x35, 0xf4, 0x08, 0xbe, 0x9f, 0xc2, 0xfd, 0x64, - 0x20, 0xf5, 0x48, 0x51, 0xb2, 0x0b, 0x05, 0x97, 0x39, 0xa7, 0xc8, 0x8d, 0x52, 0xe4, 0xb4, 0x35, - 0x9f, 0x21, 0x32, 0xa7, 0x2e, 0x09, 0x46, 0xde, 0x86, 0xd5, 0x6f, 0x42, 0x3a, 0x35, 0x20, 0xc2, - 0x37, 0x53, 0xfc, 0x8b, 0x90, 0xce, 0xe3, 0x47, 0x88, 0x92, 0x8e, 0x0e, 0x37, 0xca, 0x4b, 0xd2, - 0x07, 0xfd, 0x8c, 0x74, 0x74, 0x38, 0xd9, 0x83, 0xa2, 0xc4, 0x80, 0x9e, 0x8c, 0xd0, 0xa8, 0x44, - 0xec, 0xbd, 0x94, 0x3d, 0x8e, 0xed, 0x29, 0x3f, 0x03, 0x95, 0x6e, 0x8f, 0x31, 0x6f, 0x84, 0x46, - 0x75, 0x49, 0xf7, 0x41, 0x64, 0x9e, 0xeb, 0x8e, 0x31, 0xf2, 0x08, 0xd6, 0xa2, 0x45, 0x1b, 0xb5, - 0x88, 0x6f, 0x2c, 0x26, 0x27, 0xc5, 0x63, 0x48, 0x49, 0xa2, 0x81, 0xf3, 0x92, 0x71, 0x34, 0x36, - 0x96, 0x24, 0x75, 0x63, 0xfb, 0x5c, 0x52, 0x02, 0x92, 0x0e, 0xe4, 0xfd, 0x93, 0xb1, 0xd1, 0x88, - 0xf8, 0xed, 0xf9, 0x2e, 0xf7, 0x3e, 0xb3, 0xd0, 0xf3, 0x85, 0xe4, 0xf3, 0xfc, 0x28, 0x90, 0x3c, - 0x80, 0x2a, 0x0d, 0x25, 0xf3, 0x30, 0x40, 0x4e, 0x25, 0xba, 0xc6, 0x7a, 0x5b, 0xdb, 0xd1, 0xad, - 0x45, 0x23, 0xf9, 0x3f, 0x40, 0x52, 0x4e, 0xb6, 0xef, 0x1a, 0xf5, 0xa8, 0xf8, 0x4a, 0x89, 0x65, - 0xe8, 0x92, 0x3d, 0xd8, 0x12, 0xa7, 0xfe, 0xc4, 0x96, 0x28, 0x64, 0xb6, 0x19, 0x0c, 0x12, 0x05, - 0xdb, 0x54, 0x83, 0xc7, 0x28, 0x64, 0xa6, 0xcc, 0x7a, 0x9b, 0xb0, 0x91, 0xad, 0xba, 0x48, 0xd4, - 0x27, 0xab, 0xfa, 0x66, 0xbd, 0x61, 0x7e, 0xab, 0xc1, 0xc6, 0x25, 0xc1, 0xe4, 0x53, 0xd0, 0x31, - 0x70, 0x27, 0xcc, 0x0f, 0x64, 0xdc, 0x24, 0xbd, 0xc7, 0x17, 0x67, 0xad, 0x47, 0xc2, 0xe1, 0xe1, - 0xc9, 0xbe, 0xe9, 0xe2, 0x04, 0x03, 0x17, 0x03, 0x69, 0xb6, 0x5f, 0xd1, 0x91, 0xef, 0x52, 0x89, - 0xfb, 0x66, 0xc0, 0x46, 0xcc, 0xa1, 0xa3, 0x99, 0x9b, 0x69, 0xa5, 0x11, 0xc8, 0xbb, 0x50, 0xa4, - 0x13, 0xdf, 0x3e, 0xc5, 0x69, 0xdc, 0x5f, 0x3d, 0x72, 0x71, 0xd6, 0xaa, 0x25, 0xc1, 0xe8, 0xe8, - 0x35, 0x9d, 0x0a, 0xd3, 0x2a, 0xd0, 0x89, 0xff, 0x1c, 0xa7, 0xe6, 0x0f, 0x1a, 0xc0, 0xbc, 0xb4, - 0xee, 0x58, 0xc9, 0x1e, 0x00, 0xa3, 0xa1, 0x7c, 0x79, 0xcc, 0x4e, 0x31, 0xb8, 0x46, 0x4c, 0x86, - 0x22, 0xdb, 0xa0, 0xfb, 0x81, 0x40, 0x27, 0xe4, 0xf1, 0x51, 0xa0, 0x5b, 0xe9, 0xbf, 0x89, 0x50, - 0xce, 0x54, 0x13, 0xd9, 0xbf, 0x24, 0xb6, 0x79, 0x71, 0xd6, 0xda, 0xbe, 0x91, 0xb4, 0xec, 0x34, - 0xb9, 0xa5, 0x69, 0x7e, 0xd6, 0xa0, 0xb6, 0xd8, 0xd2, 0xb7, 0x9a, 0xaa, 0x0f, 0x55, 0x8f, 0x4f, - 0x1c, 0x3b, 0x0d, 0x90, 0xbf, 0x51, 0x80, 0x8a, 0x72, 0x1a, 0xcc, 0x82, 0x3c, 0x86, 0x46, 0x10, - 0x8e, 0x6d, 0x87, 0x05, 0x4e, 0xc8, 0x39, 0x06, 0xd2, 0x16, 0x0e, 0x0d, 0x44, 0xa4, 0x7d, 0xcd, - 0x22, 0x41, 0x38, 0xee, 0xa7, 0x43, 0x47, 0x6a, 0xc4, 0xfc, 0x5d, 0x83, 0x4a, 0xf6, 0x8c, 0xb9, - 0xe3, 0xbd, 0x7d, 0x02, 0x7a, 0x28, 0x90, 0xcf, 0x8f, 0xf1, 0xde, 0xd6, 0xc5, 0x59, 0x6b, 0xe3, - 0x52, 0x34, 0x2b, 0xc5, 0x48, 0x07, 0xf4, 0x09, 0x15, 0xe2, 0x35, 0xe3, 0x6e, 0x92, 0x83, 0x7f, - 0x2a, 0x86, 0x94, 0x59, 0xd8, 0xa3, 0xd5, 0xa5, 0x3d, 0xfa, 0x29, 0x0f, 0xa5, 0xf4, 0xa0, 0x23, - 0x2d, 0x28, 0xf3, 0xa4, 0xa5, 0xec, 0xf4, 0xa2, 0x81, 0x99, 0x69, 0xe8, 0x92, 0x0f, 0xa0, 0x4a, - 0x1d, 0x07, 0x85, 0x50, 0x6d, 0xa1, 0x90, 0xab, 0x8b, 0xb1, 0x1c, 0x83, 0xcf, 0x51, 0xf9, 0x7d, - 0x04, 0x1b, 0x02, 0x1d, 0x8e, 0xd2, 0x9e, 0xbb, 0x5f, 0xa3, 0x7d, 0x3d, 0x86, 0xbb, 0xb3, 0x08, - 0xe4, 0x1e, 0x14, 0x94, 0x0a, 0x16, 0x44, 0x0b, 0x28, 0x59, 0xc9, 0x1f, 0xe9, 0x40, 0x31, 0x14, - 0x68, 0xfb, 0x74, 0x6c, 0xac, 0xa9, 0x95, 0x5d, 0x95, 0xbc, 0x42, 0x28, 0x70, 0x48, 0xc7, 0x0b, - 0x7b, 0x57, 0xb8, 0xf5, 0xde, 0x3d, 0x84, 0x75, 0x35, 0x3b, 0x15, 0x22, 0x1c, 0xa3, 0xcd, 0xd9, - 0x08, 0xa3, 0xfb, 0x4f, 0xb7, 0xaa, 0xa1, 0xc0, 0x6e, 0x64, 0xb5, 0xd8, 0x08, 0xc9, 0x03, 0xa8, - 0x65, 0x18, 0x95, 0x36, 0x3d, 0x5a, 0x45, 0x85, 0xa6, 0xcc, 0xd0, 0x25, 0x4f, 0xe1, 0x7e, 0x96, - 0xc2, 0x37, 0x52, 0xed, 0xf7, 0x48, 0xe1, 0xa5, 0x08, 0x6f, 0xcc, 0xf1, 0x41, 0x32, 0x38, 0x74, - 0xcd, 0xdf, 0x34, 0x28, 0xa5, 0xb7, 0xec, 0x42, 0x39, 0x69, 0xff, 0xbe, 0x9c, 0x72, 0x37, 0x28, - 0xa7, 0x6c, 0x0e, 0xf3, 0xb7, 0xce, 0xe1, 0x75, 0xc5, 0xf9, 0xa3, 0x06, 0x95, 0xec, 0x35, 0x79, - 0xc7, 0xad, 0xf7, 0x21, 0xac, 0x0b, 0xe4, 0xaf, 0x7c, 0x07, 0x55, 0x55, 0xb2, 0x30, 0x90, 0xd7, - 0xac, 0xbf, 0x96, 0xa0, 0xdd, 0x98, 0x24, 0x06, 0x14, 0x27, 0x9c, 0x7d, 0x8d, 0x4e, 0x92, 0x04, - 0x6b, 0xf6, 0x6b, 0x86, 0x50, 0x5d, 0x78, 0x0e, 0x90, 0x27, 0x00, 0x99, 0xaa, 0xd7, 0xae, 0x9c, - 0xa2, 0x94, 0x76, 0x8c, 0x72, 0x49, 0xfa, 0xe5, 0xfa, 0xeb, 0xa7, 0x14, 0x53, 0xea, 0x06, 0xfa, - 0x43, 0x83, 0xea, 0xc2, 0x9d, 0xff, 0x9f, 0x3a, 0xa8, 0xde, 0x39, 0x00, 0xe3, 0xaa, 0x77, 0x28, - 0xa9, 0x80, 0x6e, 0x0d, 0x0e, 0x86, 0x47, 0xc7, 0xd6, 0x97, 0xf5, 0x15, 0x52, 0x86, 0xe2, 0x51, - 0xbf, 0x7b, 0x78, 0x38, 0xb0, 0xea, 0x1a, 0xa9, 0x43, 0xe5, 0xf0, 0xf3, 0x67, 0x03, 0x7b, 0x66, - 0xc9, 0xf5, 0xde, 0xff, 0xe5, 0xbc, 0xa9, 0xfd, 0x7a, 0xde, 0xd4, 0xfe, 0x3c, 0x6f, 0x6a, 0xdf, - 0xfd, 0xd5, 0x5c, 0x81, 0xff, 0xf9, 0xac, 0x23, 0x24, 0x75, 0x4e, 0x39, 0x7b, 0x13, 0xbf, 0xbe, - 0x67, 0x8f, 0xa2, 0xaf, 0x66, 0x8f, 0xf4, 0x93, 0x42, 0x64, 0x7f, 0xef, 0xef, 0x00, 0x00, 0x00, - 0xff, 0xff, 0x09, 0x4a, 0x7a, 0xfc, 0xd7, 0x0b, 0x00, 0x00, + // 1076 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xdc, 0x96, 0xcf, 0x6f, 0xe3, 0x44, + 0x14, 0xc7, 0xeb, 0x24, 0x4d, 0x9c, 0x97, 0x1f, 0x4d, 0xa7, 0xe9, 0xae, 0xa9, 0x44, 0x53, 0xac, + 0xd5, 0xaa, 0xc0, 0x2a, 0xdd, 0x2d, 0x2c, 0x87, 0x22, 0x21, 0x25, 0xd9, 0xa8, 0xa4, 0x0b, 0x45, + 0xb8, 0xbd, 0xc0, 0xc5, 0x9a, 0xda, 0x6f, 0xbd, 0xa6, 0x89, 0x27, 0xcc, 0x8c, 0x77, 0x37, 0x7f, + 0x01, 0x37, 0xce, 0xfc, 0x0d, 0x5c, 0xf9, 0x03, 0x38, 0x70, 0xe1, 0xc8, 0x11, 0x09, 0x54, 0xa1, + 0xf2, 0x1f, 0xf4, 0x2f, 0x40, 0x63, 0x3b, 0x8e, 0x93, 0xd2, 0xaa, 0xa8, 0x3d, 0x71, 0xb3, 0xdf, + 0x7c, 0xde, 0x9b, 0xef, 0xbc, 0x79, 0x6f, 0x66, 0xa0, 0x25, 0x24, 0xe3, 0xd4, 0xc3, 0x1d, 0x7f, + 0x44, 0x3d, 0xb4, 0xfd, 0x40, 0xa2, 0xc7, 0xa9, 0xf4, 0x59, 0xd0, 0x1e, 0x73, 0x26, 0x19, 0x29, + 0x25, 0xc0, 0x46, 0xd3, 0x63, 0x1e, 0x8b, 0x6c, 0x3b, 0xea, 0x2b, 0x1e, 0x36, 0xbf, 0x2b, 0x42, + 0x63, 0xa0, 0x5c, 0x07, 0x33, 0x4f, 0x52, 0x87, 0x9c, 0xef, 0x1a, 0xda, 0x96, 0xb6, 0x5d, 0xb6, + 0x72, 0xbe, 0x4b, 0x08, 0x14, 0x02, 0x3a, 0x42, 0x23, 0x17, 0x59, 0xa2, 0x6f, 0x65, 0x93, 0x93, + 0x31, 0x1a, 0xf9, 0xd8, 0xa6, 0xbe, 0x49, 0x07, 0xc0, 0xa1, 0x12, 0x3d, 0xc6, 0x7d, 0x14, 0x46, + 0x71, 0x2b, 0xbf, 0x5d, 0xdf, 0x7d, 0xa7, 0x9d, 0x08, 0x68, 0x2f, 0x4e, 0xd3, 0x8b, 0xd1, 0x89, + 0x95, 0x71, 0x22, 0x0f, 0x21, 0xef, 0x4a, 0x6e, 0x94, 0xb6, 0xb4, 0xed, 0xca, 0x2e, 0x49, 0x7d, + 0x9f, 0x1d, 0x5b, 0x3d, 0x16, 0xbc, 0xf0, 0xbd, 0x4f, 0x97, 0x2c, 0x05, 0x90, 0xa7, 0xa0, 0x3b, + 0x43, 0xea, 0x73, 0xff, 0xc5, 0xc4, 0xd0, 0x23, 0xf8, 0x7e, 0x0a, 0xf7, 0x92, 0x81, 0xd4, 0x23, + 0x45, 0xc9, 0x0e, 0x14, 0x5d, 0xe6, 0x9c, 0x22, 0x37, 0xca, 0x91, 0xd3, 0xfa, 0x6c, 0x86, 0xc8, + 0x9c, 0xba, 0x24, 0x18, 0x79, 0x17, 0x0a, 0xdf, 0x86, 0x74, 0x62, 0x40, 0x84, 0xaf, 0xa5, 0xf8, + 0x97, 0x21, 0x9d, 0xc5, 0x8f, 0x10, 0x25, 0x1d, 0x1d, 0x6e, 0x54, 0x16, 0xa4, 0xf7, 0x7b, 0x19, + 0xe9, 0xe8, 0x70, 0xb2, 0x0b, 0x25, 0x89, 0x01, 0x3d, 0x19, 0xa2, 0x51, 0x8d, 0xd8, 0x7b, 0x29, + 0x7b, 0x1c, 0xdb, 0x53, 0x7e, 0x0a, 0x2a, 0xdd, 0x1e, 0x63, 0xde, 0x10, 0x8d, 0xda, 0x82, 0xee, + 0xfd, 0xc8, 0x3c, 0xd3, 0x1d, 0x63, 0xe4, 0x11, 0x2c, 0x47, 0x8b, 0x36, 0xea, 0x11, 0xdf, 0x9c, + 0x4f, 0x4e, 0x8a, 0xc7, 0x90, 0x92, 0x44, 0x03, 0xe7, 0x25, 0xe3, 0x68, 0xac, 0x2e, 0x48, 0xea, + 0xc4, 0xf6, 0x99, 0xa4, 0x04, 0x24, 0x6d, 0xc8, 0xfb, 0x27, 0x23, 0xa3, 0x19, 0xf1, 0x1b, 0xb3, + 0x5d, 0xee, 0x7e, 0x6e, 0xa1, 0xe7, 0x0b, 0xc9, 0x67, 0xf9, 0x51, 0x20, 0x79, 0x00, 0x35, 0x1a, + 0x4a, 0xe6, 0x61, 0x80, 0x9c, 0x4a, 0x74, 0x8d, 0x95, 0x2d, 0x6d, 0x5b, 0xb7, 0xe6, 0x8d, 0xe4, + 0x6d, 0x00, 0x67, 0x18, 0x0a, 0x89, 0xdc, 0xf6, 0x5d, 0xa3, 0x11, 0x15, 0x57, 0x39, 0xb1, 0x0c, + 0x5c, 0xb2, 0x0b, 0xeb, 0xe2, 0xd4, 0x1f, 0xdb, 0x12, 0x85, 0xcc, 0x16, 0xbb, 0x41, 0xa2, 0x60, + 0x6b, 0x6a, 0xf0, 0x18, 0x85, 0xcc, 0x94, 0x59, 0x77, 0x0d, 0x56, 0xb3, 0x55, 0x17, 0x89, 0x3a, + 0x28, 0xe8, 0x85, 0xc6, 0xf2, 0x41, 0x41, 0x5f, 0x6e, 0x14, 0x0f, 0x0a, 0xfa, 0x5a, 0xa3, 0x69, + 0x7e, 0xaf, 0xc1, 0xea, 0x25, 0xf1, 0xe4, 0x33, 0xd0, 0x31, 0x70, 0xc7, 0xcc, 0x0f, 0x64, 0xdc, + 0x10, 0xdd, 0xc7, 0x17, 0x67, 0xad, 0x47, 0xc2, 0xe1, 0xe1, 0xc9, 0x9e, 0xe9, 0xe2, 0x18, 0x03, + 0x17, 0x03, 0x69, 0x6e, 0xbd, 0xa2, 0x43, 0xdf, 0xa5, 0x12, 0xf7, 0xcc, 0x80, 0x0d, 0x99, 0x43, + 0x87, 0x53, 0x37, 0xd3, 0x4a, 0x23, 0x90, 0xf7, 0xa1, 0x44, 0xc7, 0xbe, 0x7d, 0x8a, 0x93, 0xb8, + 0x97, 0xba, 0xe4, 0xe2, 0xac, 0x55, 0x4f, 0x82, 0xd1, 0xe1, 0x6b, 0x3a, 0x11, 0xa6, 0x55, 0xa4, + 0x63, 0xff, 0x39, 0x4e, 0xcc, 0x1f, 0x35, 0x80, 0x59, 0x99, 0xdd, 0xb1, 0x92, 0x5d, 0x00, 0x46, + 0x43, 0xf9, 0xf2, 0x98, 0x9d, 0x62, 0x70, 0x8d, 0x98, 0x0c, 0x45, 0x36, 0x40, 0xf7, 0x03, 0x81, + 0x4e, 0xc8, 0xe3, 0xb6, 0xd7, 0xad, 0xf4, 0xdf, 0x44, 0xa8, 0x64, 0x2a, 0x8b, 0xec, 0x5d, 0x12, + 0xbb, 0x79, 0x71, 0xd6, 0xda, 0xb8, 0x91, 0xb4, 0xec, 0x34, 0xb9, 0x85, 0x69, 0x7e, 0xd1, 0xa0, + 0x3e, 0xdf, 0xde, 0xb7, 0x9a, 0xaa, 0x07, 0x35, 0x8f, 0x8f, 0x1d, 0x3b, 0x0d, 0x90, 0xbf, 0x51, + 0x80, 0xaa, 0x72, 0xea, 0x4f, 0x83, 0x3c, 0x86, 0x66, 0x10, 0x8e, 0x6c, 0x87, 0x05, 0x4e, 0xc8, + 0x39, 0x06, 0xd2, 0x16, 0x0e, 0x0d, 0x44, 0xa4, 0x7d, 0xd9, 0x22, 0x41, 0x38, 0xea, 0xa5, 0x43, + 0x47, 0x6a, 0xc4, 0xfc, 0x43, 0x83, 0x6a, 0xf6, 0xbc, 0xb9, 0xe3, 0xbd, 0x7d, 0x02, 0x7a, 0x28, + 0x90, 0xcf, 0x8e, 0xec, 0xee, 0xfa, 0xc5, 0x59, 0x6b, 0xf5, 0x52, 0x34, 0x2b, 0xc5, 0x48, 0x1b, + 0xf4, 0x31, 0x15, 0xe2, 0x35, 0xe3, 0x6e, 0x92, 0x83, 0x7f, 0x2b, 0x86, 0x94, 0x99, 0xdb, 0xa3, + 0xc2, 0xc2, 0x1e, 0xfd, 0x9c, 0x87, 0x72, 0x7a, 0xe8, 0x91, 0x16, 0x54, 0x78, 0xd2, 0x52, 0x76, + 0x7a, 0xa9, 0xc0, 0xd4, 0x34, 0x70, 0xc9, 0x47, 0x50, 0xa3, 0x8e, 0x83, 0x42, 0xa8, 0xb6, 0x50, + 0xc8, 0xd5, 0xc5, 0x58, 0x89, 0xc1, 0xe7, 0xa8, 0xfc, 0x3e, 0x81, 0x55, 0x81, 0x0e, 0x47, 0x69, + 0xcf, 0xdc, 0xaf, 0xd1, 0xbe, 0x12, 0xc3, 0x9d, 0x69, 0x04, 0x72, 0x0f, 0x8a, 0x4a, 0x05, 0x0b, + 0xa2, 0x05, 0x94, 0xad, 0xe4, 0x8f, 0xb4, 0xa1, 0x14, 0x0a, 0xb4, 0x7d, 0x3a, 0x32, 0x96, 0xd5, + 0xca, 0xae, 0x4a, 0x5e, 0x31, 0x14, 0x38, 0xa0, 0xa3, 0xb9, 0xbd, 0x2b, 0xde, 0x7a, 0xef, 0x1e, + 0xc2, 0x8a, 0x9a, 0x9d, 0x0a, 0x11, 0x8e, 0xd0, 0xe6, 0x6c, 0x88, 0xd1, 0x5d, 0xa8, 0x5b, 0xb5, + 0x50, 0x60, 0x27, 0xb2, 0x5a, 0x6c, 0x88, 0xe4, 0x01, 0xd4, 0x33, 0x8c, 0x4a, 0x9b, 0x1e, 0xad, + 0xa2, 0x4a, 0x53, 0x66, 0xe0, 0x92, 0xa7, 0x70, 0x3f, 0x4b, 0xe1, 0x1b, 0xa9, 0xf6, 0x7b, 0xa8, + 0xf0, 0x72, 0x84, 0x37, 0x67, 0x78, 0x3f, 0x19, 0x1c, 0xb8, 0xe6, 0xef, 0x1a, 0x94, 0xd3, 0x1b, + 0x77, 0xae, 0x9c, 0xb4, 0xff, 0x5e, 0x4e, 0xb9, 0x1b, 0x94, 0x53, 0x36, 0x87, 0xf9, 0x5b, 0xe7, + 0xf0, 0xba, 0xe2, 0xfc, 0x49, 0x83, 0x6a, 0xf6, 0xca, 0xbc, 0xe3, 0xd6, 0xfb, 0x18, 0x56, 0x04, + 0xf2, 0x57, 0xbe, 0x83, 0xaa, 0x2a, 0x59, 0x18, 0xc8, 0x6b, 0xd6, 0x5f, 0x4f, 0xd0, 0x4e, 0x4c, + 0x12, 0x03, 0x4a, 0x63, 0xce, 0xbe, 0x41, 0x27, 0x49, 0x82, 0x35, 0xfd, 0x35, 0x43, 0xa8, 0xcd, + 0x3d, 0x0d, 0xc8, 0x13, 0x80, 0x4c, 0xd5, 0x6b, 0x57, 0x4e, 0x51, 0x4e, 0x3b, 0x46, 0xb9, 0x24, + 0xfd, 0x72, 0xfd, 0xf5, 0x53, 0x8e, 0x29, 0x75, 0x03, 0xfd, 0xa9, 0x41, 0x6d, 0xee, 0xfe, 0xff, + 0x5f, 0x1d, 0x54, 0xef, 0xed, 0x83, 0x71, 0xd5, 0x9b, 0x94, 0x54, 0x41, 0xb7, 0xfa, 0xfb, 0x83, + 0xa3, 0x63, 0xeb, 0xab, 0xc6, 0x12, 0xa9, 0x40, 0xe9, 0xa8, 0xd7, 0x39, 0x3c, 0xec, 0x5b, 0x0d, + 0x8d, 0x34, 0xa0, 0x7a, 0xf8, 0xc5, 0xb3, 0xbe, 0x3d, 0xb5, 0xe4, 0xba, 0x1f, 0xfe, 0x7a, 0xbe, + 0xa9, 0xfd, 0x76, 0xbe, 0xa9, 0xfd, 0x75, 0xbe, 0xa9, 0xfd, 0xf0, 0xf7, 0xe6, 0x12, 0xbc, 0xe5, + 0xb3, 0xb6, 0x90, 0xd4, 0x39, 0xe5, 0xec, 0x4d, 0xfc, 0xd2, 0x9e, 0x3e, 0x90, 0xbe, 0x9e, 0x3e, + 0xc8, 0x4f, 0x8a, 0x91, 0xfd, 0x83, 0x7f, 0x02, 0x00, 0x00, 0xff, 0xff, 0x05, 0xed, 0xcd, 0x3d, + 0xc3, 0x0b, 0x00, 0x00, } func (m *ImageIntegration) Marshal() (dAtA []byte, err error) { @@ -1428,15 +1413,6 @@ func (m *ImageIntegration) MarshalToSizedBuffer(dAtA []byte) (int, error) { i-- dAtA[i] = 0x32 } - if len(m.Clusters) > 0 { - for iNdEx := len(m.Clusters) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.Clusters[iNdEx]) - copy(dAtA[i:], m.Clusters[iNdEx]) - i = encodeVarintImageIntegration(dAtA, i, uint64(len(m.Clusters[iNdEx]))) - i-- - dAtA[i] = 0x2a - } - } if len(m.Type) > 0 { i -= len(m.Type) copy(dAtA[i:], m.Type) @@ -2245,12 +2221,6 @@ func (m *ImageIntegration) Size() (n int) { if l > 0 { n += 1 + l + sovImageIntegration(uint64(l)) } - if len(m.Clusters) > 0 { - for _, s := range m.Clusters { - l = len(s) - n += 1 + l + sovImageIntegration(uint64(l)) - } - } if len(m.Categories) > 0 { l = 0 for _, e := range m.Categories { @@ -2784,38 +2754,6 @@ func (m *ImageIntegration) Unmarshal(dAtA []byte) error { } m.Type = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Clusters", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowImageIntegration - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthImageIntegration - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthImageIntegration - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Clusters = append(m.Clusters, string(dAtA[iNdEx:postIndex])) - iNdEx = postIndex case 6: if wireType == 0 { var v ImageIntegrationCategory diff --git a/pkg/images/enricher/enricher_impl.go b/pkg/images/enricher/enricher_impl.go index 7ddcdfe053b4b..7ff8a19ee97b5 100644 --- a/pkg/images/enricher/enricher_impl.go +++ b/pkg/images/enricher/enricher_impl.go @@ -187,9 +187,6 @@ func getRef(image *storage.Image) string { } func (e *enricherImpl) enrichImageWithRegistry(image *storage.Image, registry registryTypes.ImageRegistry) (bool, error) { - if !registry.Global() { - return false, nil - } if !registry.Match(image.GetName()) { return false, nil } diff --git a/pkg/images/utils/utils.go b/pkg/images/utils/utils.go index 4966d00df1e84..e982731075862 100644 --- a/pkg/images/utils/utils.go +++ b/pkg/images/utils/utils.go @@ -175,6 +175,13 @@ func ExtractImageDigest(imageStr string) string { return "" } +// ExtractOpenShiftProject returns the name of the OpenShift project in which the given image is stored. +// Images stored in the OpenShift Internal Registry are identified as: //:. +func ExtractOpenShiftProject(imgName *storage.ImageName) string { + // Use the image name's "remote" field, as it encapsulates /. + return stringutils.GetUpTo(imgName.GetRemote(), "/") +} + type nameHolder interface { GetName() *storage.ImageName GetId() string diff --git a/pkg/registries/docker/docker.go b/pkg/registries/docker/docker.go index b2412150b0c8a..42a2cba17a758 100644 --- a/pkg/registries/docker/docker.go +++ b/pkg/registries/docker/docker.go @@ -176,11 +176,6 @@ func (r *Registry) Match(image *storage.ImageName) bool { return r.repositoryList.Contains(image.GetRemote()) } -// Global returns whether or not this registry is available from all clusters -func (r *Registry) Global() bool { - return len(r.protoImageIntegration.GetClusters()) == 0 -} - // Metadata returns the metadata via this registries implementation func (r *Registry) Metadata(image *storage.Image) (*storage.ImageMetadata, error) { if image == nil { diff --git a/pkg/registries/types/types.go b/pkg/registries/types/types.go index 4c5daa316cd19..3257d962d2b8a 100644 --- a/pkg/registries/types/types.go +++ b/pkg/registries/types/types.go @@ -19,7 +19,6 @@ type Registry interface { Match(image *storage.ImageName) bool Metadata(image *storage.Image) (*storage.ImageMetadata, error) Test() error - Global() bool Config() *Config Name() string } diff --git a/proto/storage/deployment.proto b/proto/storage/deployment.proto index 5c75144008467..2858ae7095c28 100644 --- a/proto/storage/deployment.proto +++ b/proto/storage/deployment.proto @@ -60,8 +60,6 @@ message ContainerImage { string id = 4 [(gogoproto.moretags) = "search:\"Image Sha,store,hidden\""]; ImageName name = 1; bool not_pullable = 10; - - string namespace = 11; } message Container { diff --git a/proto/storage/image_integration.proto b/proto/storage/image_integration.proto index 02302ef7e3210..252b6dd506dc7 100644 --- a/proto/storage/image_integration.proto +++ b/proto/storage/image_integration.proto @@ -12,9 +12,10 @@ message ImageIntegration { string id = 1; string name = 2; string type = 3; - // If a list of clusters is provided, the integration will only be accessed from the specified clusters' sensors. - // Please use cluster_id instead. - repeated string clusters = 5 [deprecated = true]; + // Skipped by accident or accidentally deleted? + reserved 4; + // Previously "repeated string clusters", but it was never used. + reserved 5; repeated ImageIntegrationCategory categories = 6; oneof IntegrationConfig { diff --git a/sensor/admission-control/manager/images.go b/sensor/admission-control/manager/images.go index fa1aba49423cd..29367da709925 100644 --- a/sensor/admission-control/manager/images.go +++ b/sensor/admission-control/manager/images.go @@ -121,8 +121,6 @@ func (m *manager) getAvailableImagesAndKickOffScans(ctx context.Context, s *stat scanInline := s.GetClusterConfig().GetAdmissionControllerConfig().GetScanInline() - namespace := deployment.GetNamespace() - for idx, container := range deployment.GetContainers() { image := container.GetImage() if image.GetId() != "" || scanInline { @@ -133,8 +131,6 @@ func (m *manager) getAvailableImagesAndKickOffScans(ctx context.Context, s *stat // The cached image might be insufficient if it doesn't have a scan and we want to do inline scans. if ctx != nil && (cachedImage == nil || (scanInline && cachedImage.GetScan() == nil)) { atomic.AddInt32(&pendingCount, 1) - // Ensure the image has its Namespace field, as it may be needed when fetching. - image.Namespace = namespace go m.fetchImage(ctx, s, imgChan, &pendingCount, idx, image) } } diff --git a/sensor/common/detector/enricher.go b/sensor/common/detector/enricher.go index 3fd04ffe1d121..a997c1bb01da5 100644 --- a/sensor/common/detector/enricher.go +++ b/sensor/common/detector/enricher.go @@ -164,10 +164,7 @@ func (e *enricher) runImageScanAsync(imageChan chan<- imageChanResult, container func (e *enricher) getImages(deployment *storage.Deployment) []*storage.Image { imageChan := make(chan imageChanResult, len(deployment.GetContainers())) for idx, container := range deployment.GetContainers() { - img := container.GetImage() - // Ensure the container image has its namespace populated prior to scanning. - img.Namespace = deployment.GetNamespace() - e.runImageScanAsync(imageChan, idx, img) + e.runImageScanAsync(imageChan, idx, container.GetImage()) } images := make([]*storage.Image, len(deployment.GetContainers())) for i := 0; i < len(deployment.GetContainers()); i++ { diff --git a/sensor/common/registry/registry_store.go b/sensor/common/registry/registry_store.go index 0244cc974a820..73815b9d16d7e 100644 --- a/sensor/common/registry/registry_store.go +++ b/sensor/common/registry/registry_store.go @@ -6,9 +6,11 @@ import ( "github.com/pkg/errors" "github.com/stackrox/rox/generated/storage" "github.com/stackrox/rox/pkg/docker/config" + "github.com/stackrox/rox/pkg/images/utils" "github.com/stackrox/rox/pkg/logging" "github.com/stackrox/rox/pkg/registries" dockerFactory "github.com/stackrox/rox/pkg/registries/docker" + registryTypes "github.com/stackrox/rox/pkg/registries/types" "github.com/stackrox/rox/pkg/sync" "github.com/stackrox/rox/pkg/tlscheck" ) @@ -96,12 +98,27 @@ func (rs *Store) UpsertRegistry(ctx context.Context, namespace, registry string, return nil } -// GetAllInNamespace returns all the registries within a given namespace. -// The second return indicates if any registry within the given namespace exists. -func (rs *Store) GetAllInNamespace(namespace string) (regs registries.Set, exists bool) { +// getRegistriesInNamespace returns all the registries within a given namespace. +func (rs *Store) getRegistriesInNamespace(namespace string) registries.Set { rs.mutex.RLock() defer rs.mutex.RUnlock() - regs, exists = rs.store[namespace] - return regs, exists + return rs.store[namespace] +} + +// GetRegistryForImage returns the relevant image registry for the given image. +// An error is returned if the registry is unknown. +func (rs *Store) GetRegistryForImage(image *storage.ImageName) (registryTypes.Registry, error) { + reg := image.GetRegistry() + ns := utils.ExtractOpenShiftProject(image) + regs := rs.getRegistriesInNamespace(ns) + if regs != nil { + for _, r := range regs.GetAll() { + if r.Name() == reg { + return r, nil + } + } + } + + return nil, errors.Errorf("Unknown image registry: %q", reg) } diff --git a/sensor/common/scannerclient/grpc_client.go b/sensor/common/scannerclient/grpc_client.go index 4c2c25533e0e6..b9dfaaa2001bc 100644 --- a/sensor/common/scannerclient/grpc_client.go +++ b/sensor/common/scannerclient/grpc_client.go @@ -8,8 +8,8 @@ import ( "github.com/stackrox/rox/generated/storage" "github.com/stackrox/rox/pkg/clientconn" "github.com/stackrox/rox/pkg/images/types" + "github.com/stackrox/rox/pkg/images/utils" "github.com/stackrox/rox/pkg/mtls" - registryTypes "github.com/stackrox/rox/pkg/registries/types" "github.com/stackrox/rox/sensor/common/registry" scannerV1 "github.com/stackrox/scanner/generated/scanner/api/v1" "google.golang.org/grpc" @@ -59,13 +59,13 @@ func newGRPCClient(endpoint string) (*client, error) { // 2. Request image analysis from Scanner, directly. // 3. Return image analysis results. func (c *client) GetImageAnalysis(ctx context.Context, image *storage.ContainerImage) (*imageData, error) { - reg, err := getRegistry(image) + reg, err := registry.Singleton().GetRegistryForImage(image.GetName()) if err != nil { return nil, errors.Wrap(err, "determining image registry") } name := image.GetName().GetFullName() - namespace := image.GetNamespace() + namespace := utils.ExtractOpenShiftProject(image.GetName()) metadata, err := reg.Metadata(types.ToImage(image)) if err != nil { @@ -98,20 +98,6 @@ func (c *client) GetImageAnalysis(ctx context.Context, image *storage.ContainerI }, nil } -func getRegistry(img *storage.ContainerImage) (registryTypes.Registry, error) { - reg := img.GetName().GetRegistry() - regs, exists := registry.Singleton().GetAllInNamespace(img.GetNamespace()) - if exists { - for _, r := range regs.GetAll() { - if r.Name() == reg { - return r, nil - } - } - } - - return nil, errors.Errorf("Unknown image registry: %q", reg) -} - func (c *client) Close() error { return c.conn.Close() } diff --git a/sensor/common/scannerclient/scan.go b/sensor/common/scannerclient/scan.go index f8457aa658a97..674bf3e46db58 100644 --- a/sensor/common/scannerclient/scan.go +++ b/sensor/common/scannerclient/scan.go @@ -6,6 +6,7 @@ import ( "github.com/pkg/errors" v1 "github.com/stackrox/rox/generated/api/v1" "github.com/stackrox/rox/generated/storage" + "github.com/stackrox/rox/pkg/images/utils" "github.com/stackrox/rox/pkg/logging" scannerV1 "github.com/stackrox/scanner/generated/scanner/api/v1" ) @@ -25,12 +26,14 @@ func ScanImage(ctx context.Context, centralClient v1.ImageServiceClient, image * return nil, ErrNoLocalScanner } + namespace := utils.ExtractOpenShiftProject(image.GetName()) + imgData, err := scannerClient.GetImageAnalysis(ctx, image) if err != nil { - return nil, errors.Wrapf(err, "scanning image %q in namespace %q", image.GetName().GetFullName(), image.GetNamespace()) + return nil, errors.Wrapf(err, "scanning image %q in namespace %q", image.GetName().GetFullName(), namespace) } if imgData.GetStatus() != scannerV1.ScanStatus_SUCCEEDED { - return nil, errors.Wrapf(err, "scan failed for image %q in namespace %q", image.GetName().GetFullName(), image.GetNamespace()) + return nil, errors.Wrapf(err, "scan failed for image %q in namespace %q", image.GetName().GetFullName(), namespace) } centralResp, err := centralClient.GetImageVulnerabilitiesInternal(ctx, &v1.GetImageVulnerabilitiesInternalRequest{ @@ -41,7 +44,7 @@ func ScanImage(ctx context.Context, centralClient v1.ImageServiceClient, image * Notes: imgData.GetNotes(), }) if err != nil { - return nil, errors.Wrapf(err, "retrieving image vulnerabilities for %s in namespace %q", image.GetName().GetFullName(), image.GetNamespace()) + return nil, errors.Wrapf(err, "retrieving image vulnerabilities for %s in namespace %q", image.GetName().GetFullName(), namespace) } return centralResp.GetImage(), nil diff --git a/sensor/kubernetes/listener/resources/secrets_test.go b/sensor/kubernetes/listener/resources/secrets_test.go index 92a5b59aefa87..6b79ceed8171e 100644 --- a/sensor/kubernetes/listener/resources/secrets_test.go +++ b/sensor/kubernetes/listener/resources/secrets_test.go @@ -5,6 +5,7 @@ import ( "testing" "github.com/stackrox/rox/generated/internalapi/central" + "github.com/stackrox/rox/generated/storage" "github.com/stackrox/rox/pkg/features" "github.com/stackrox/rox/pkg/registries/types" "github.com/stackrox/rox/pkg/testutils" @@ -82,14 +83,27 @@ func testOpenShiftRegistrySecret311(t *testing.T) { _ = d.ProcessEvent(openshift311DockerConfigSecret, nil, central.ResourceAction_CREATE_RESOURCE) - regs, exists := regStore.GetAllInNamespace("random-ns") - assert.Nil(t, regs) - assert.False(t, exists) + imgName := &storage.ImageName{ + Registry: "docker-registry.default.svc.cluster.local:5000", + Remote: "dummy/nginx", + Tag: "1.18.0", + FullName: "docker-registry.default.svc.cluster.local:5000/stackrox/nginx:1.18.0", + } + + reg, err := regStore.GetRegistryForImage(imgName) + assert.Nil(t, reg) + assert.Error(t, err) + + imgName = &storage.ImageName{ + Registry: "docker-registry.default.svc.cluster.local:5000", + Remote: "test-ns/nginx", + Tag: "1.18.0", + FullName: "docker-registry.default.svc.cluster.local:5000/stackrox/nginx:1.18.0", + } - regs, exists = regStore.GetAllInNamespace(openshift311DockerConfigSecret.GetNamespace()) - assert.NotNil(t, regs) - assert.True(t, exists) - assert.Len(t, regs.GetAll(), 1) + reg, err = regStore.GetRegistryForImage(imgName) + assert.NotNil(t, reg) + assert.NoError(t, err) expectedRegConfig := &types.Config{ Username: "serviceaccount", @@ -100,7 +114,6 @@ func testOpenShiftRegistrySecret311(t *testing.T) { Autogenerated: false, } - reg := regs.GetAll()[0] assert.Equal(t, "docker-registry.default.svc.cluster.local:5000", reg.Name()) assert.Equal(t, expectedRegConfig, reg.Config()) } @@ -115,14 +128,27 @@ func testOpenShiftRegistrySecret4x(t *testing.T) { _ = d.ProcessEvent(openshift4xDockerConfigSecret, nil, central.ResourceAction_CREATE_RESOURCE) - regs, exists := regStore.GetAllInNamespace("random-ns") - assert.Nil(t, regs) - assert.False(t, exists) + imgName := &storage.ImageName{ + Registry: "image-registry.openshift-image-registry.svc:5000", + Remote: "dummy/nginx", + Tag: "1.18.0", + FullName: "image-registry.openshift-image-registry.svc:5000/stackrox/nginx:1.18.0", + } + + reg, err := regStore.GetRegistryForImage(imgName) + assert.Nil(t, reg) + assert.Error(t, err) + + imgName = &storage.ImageName{ + Registry: "image-registry.openshift-image-registry.svc:5000", + Remote: "test-ns/nginx", + Tag: "1.18.0", + FullName: "image-registry.openshift-image-registry.svc:5000/stackrox/nginx:1.18.0", + } - regs, exists = regStore.GetAllInNamespace(openshift4xDockerConfigSecret.GetNamespace()) - assert.NotNil(t, regs) - assert.True(t, exists) - assert.Len(t, regs.GetAll(), 1) + reg, err = regStore.GetRegistryForImage(imgName) + assert.NotNil(t, reg) + assert.NoError(t, err) expectedRegConfig := &types.Config{ Username: "serviceaccount", @@ -133,7 +159,6 @@ func testOpenShiftRegistrySecret4x(t *testing.T) { Autogenerated: false, } - reg := regs.GetAll()[0] assert.Equal(t, "image-registry.openshift-image-registry.svc:5000", reg.Name()) assert.Equal(t, expectedRegConfig, reg.Config()) } diff --git a/sensor/kubernetes/main.go b/sensor/kubernetes/main.go index e27ddfe77abee..bdf38f67c9691 100644 --- a/sensor/kubernetes/main.go +++ b/sensor/kubernetes/main.go @@ -1,19 +1,26 @@ package main import ( + "context" "os" "os/signal" + "github.com/stackrox/rox/pkg/clientconn" "github.com/stackrox/rox/pkg/devmode" + "github.com/stackrox/rox/pkg/env" "github.com/stackrox/rox/pkg/logging" "github.com/stackrox/rox/pkg/metrics" + "github.com/stackrox/rox/pkg/mtls" "github.com/stackrox/rox/pkg/premain" "github.com/stackrox/rox/pkg/utils" "github.com/stackrox/rox/pkg/version" "github.com/stackrox/rox/sensor/kubernetes/client" "github.com/stackrox/rox/sensor/kubernetes/fake" "github.com/stackrox/rox/sensor/kubernetes/sensor" + scannerV1 "github.com/stackrox/scanner/generated/scanner/api/v1" "golang.org/x/sys/unix" + "google.golang.org/grpc" + "google.golang.org/grpc/credentials" ) var ( @@ -46,6 +53,23 @@ func main() { s, err := sensor.CreateSensor(sharedClientInterface, workloadManager) utils.CrashOnError(err) + tlsConfig, err := clientconn.TLSConfig(mtls.ScannerSubject, clientconn.TLSConfigOptions{ + UseClientCert: clientconn.MustUseClientCert, + }) + if err != nil { + log.Error("Creating Scanner TLS Config") + } + conn, err := grpc.Dial(env.ScannerEndpoint.Setting(), grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig))) + if err != nil { + log.Errorf("Dialing scanner: %v", err) + } + pingSvc := scannerV1.NewPingServiceClient(conn) + resp, err := pingSvc.Ping(context.Background(), new(scannerV1.Empty)) + log.Errorf("Resp from Scanner ping: %v, Error: %v", resp, err) + scanSvc := scannerV1.NewImageScanServiceClient(conn) + resp2, err := scanSvc.GetImageComponents(context.Background(), new(scannerV1.GetImageComponentsRequest)) + log.Errorf("Resp from Scanner: %v, Error: %v", resp2, err) + s.Start() for { From 555481663a0b1d4e8fcba5d811a6dd4aea5f9ffb Mon Sep 17 00:00:00 2001 From: RTann Date: Tue, 15 Feb 2022 17:52:51 -0800 Subject: [PATCH 081/103] accidental commit --- central/graphql/resolvers/generated.go | 6 - .../datastore/datastore_impl.go | 4 +- .../v1/image_integration_service.swagger.json | 7 + generated/storage/image_integration.pb.go | 204 +++++++++++------- pkg/images/enricher/enricher_impl.go | 3 + pkg/registries/docker/docker.go | 5 + pkg/registries/types/types.go | 1 + proto/storage/image_integration.proto | 6 +- sensor/kubernetes/main.go | 24 --- 9 files changed, 153 insertions(+), 107 deletions(-) diff --git a/central/graphql/resolvers/generated.go b/central/graphql/resolvers/generated.go index b488e51ec4e26..d2ef02ed27c14 100644 --- a/central/graphql/resolvers/generated.go +++ b/central/graphql/resolvers/generated.go @@ -474,7 +474,6 @@ func registerGeneratedTypes(builder generator.SchemaBuilder) { utils.Must(builder.AddType("ContainerImage", []string{ "id: ID!", "name: ImageName", - "namespace: String!", "notPullable: Boolean!", })) utils.Must(builder.AddType("ContainerInstance", []string{ @@ -5005,11 +5004,6 @@ func (resolver *containerImageResolver) Name(ctx context.Context) (*imageNameRes return resolver.root.wrapImageName(value, true, nil) } -func (resolver *containerImageResolver) Namespace(ctx context.Context) string { - value := resolver.data.GetNamespace() - return value -} - func (resolver *containerImageResolver) NotPullable(ctx context.Context) bool { value := resolver.data.GetNotPullable() return value diff --git a/central/imageintegration/datastore/datastore_impl.go b/central/imageintegration/datastore/datastore_impl.go index 84a974fe6b765..a2d888ef9f9b7 100644 --- a/central/imageintegration/datastore/datastore_impl.go +++ b/central/imageintegration/datastore/datastore_impl.go @@ -8,6 +8,7 @@ import ( v1 "github.com/stackrox/rox/generated/api/v1" "github.com/stackrox/rox/generated/storage" "github.com/stackrox/rox/pkg/sac" + "github.com/stackrox/rox/pkg/set" ) var ( @@ -44,7 +45,8 @@ func (ds *datastoreImpl) GetImageIntegrations(ctx context.Context, request *v1.G integrationSlice := integrations[:0] for _, integration := range integrations { - if len(request.GetCluster()) != 0 { + clusterSet := set.NewStringSet(integration.GetClusters()...) + if len(request.GetCluster()) != 0 && !clusterSet.Contains(request.GetCluster()) { continue } if request.GetName() != "" && request.GetName() != integration.GetName() { diff --git a/generated/api/v1/image_integration_service.swagger.json b/generated/api/v1/image_integration_service.swagger.json index a6d78209f8ebd..a381d15023503 100644 --- a/generated/api/v1/image_integration_service.swagger.json +++ b/generated/api/v1/image_integration_service.swagger.json @@ -472,6 +472,13 @@ "type": { "type": "string" }, + "clusters": { + "type": "array", + "items": { + "type": "string" + }, + "description": "If a list of clusters is provided, the integration will only be accessed from the specified clusters' sensors." + }, "categories": { "type": "array", "items": { diff --git a/generated/storage/image_integration.pb.go b/generated/storage/image_integration.pb.go index 4ef74e7245872..ddc19b9b99e83 100644 --- a/generated/storage/image_integration.pb.go +++ b/generated/storage/image_integration.pb.go @@ -56,9 +56,11 @@ func (ImageIntegrationCategory) EnumDescriptor() ([]byte, []int) { // Next Tag: 21 type ImageIntegration struct { - Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` - Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"` - Type string `protobuf:"bytes,3,opt,name=type,proto3" json:"type,omitempty"` + Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` + Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"` + Type string `protobuf:"bytes,3,opt,name=type,proto3" json:"type,omitempty"` + // If a list of clusters is provided, the integration will only be accessed from the specified clusters' sensors. + Clusters []string `protobuf:"bytes,5,rep,name=clusters,proto3" json:"clusters,omitempty"` Categories []ImageIntegrationCategory `protobuf:"varint,6,rep,packed,name=categories,proto3,enum=storage.ImageIntegrationCategory" json:"categories,omitempty"` // Types that are valid to be assigned to IntegrationConfig: // *ImageIntegration_Dtr @@ -290,6 +292,13 @@ func (m *ImageIntegration) GetType() string { return "" } +func (m *ImageIntegration) GetClusters() []string { + if m != nil { + return m.Clusters + } + return nil +} + func (m *ImageIntegration) GetCategories() []ImageIntegrationCategory { if m != nil { return m.Categories @@ -414,6 +423,10 @@ func (m *ImageIntegration) Clone() *ImageIntegration { cloned := new(ImageIntegration) *cloned = *m + if m.Clusters != nil { + cloned.Clusters = make([]string, len(m.Clusters)) + copy(cloned.Clusters, m.Clusters) + } if m.Categories != nil { cloned.Categories = make([]ImageIntegrationCategory, len(m.Categories)) copy(cloned.Categories, m.Categories) @@ -1260,75 +1273,75 @@ func init() { func init() { proto.RegisterFile("storage/image_integration.proto", fileDescriptor_9e3766be4a43c581) } var fileDescriptor_9e3766be4a43c581 = []byte{ - // 1076 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xdc, 0x96, 0xcf, 0x6f, 0xe3, 0x44, - 0x14, 0xc7, 0xeb, 0x24, 0x4d, 0x9c, 0x97, 0x1f, 0x4d, 0xa7, 0xe9, 0xae, 0xa9, 0x44, 0x53, 0xac, - 0xd5, 0xaa, 0xc0, 0x2a, 0xdd, 0x2d, 0x2c, 0x87, 0x22, 0x21, 0x25, 0xd9, 0xa8, 0xa4, 0x0b, 0x45, - 0xb8, 0xbd, 0xc0, 0xc5, 0x9a, 0xda, 0x6f, 0xbd, 0xa6, 0x89, 0x27, 0xcc, 0x8c, 0x77, 0x37, 0x7f, - 0x01, 0x37, 0xce, 0xfc, 0x0d, 0x5c, 0xf9, 0x03, 0x38, 0x70, 0xe1, 0xc8, 0x11, 0x09, 0x54, 0xa1, - 0xf2, 0x1f, 0xf4, 0x2f, 0x40, 0x63, 0x3b, 0x8e, 0x93, 0xd2, 0xaa, 0xa8, 0x3d, 0x71, 0xb3, 0xdf, - 0x7c, 0xde, 0x9b, 0xef, 0xbc, 0x79, 0x6f, 0x66, 0xa0, 0x25, 0x24, 0xe3, 0xd4, 0xc3, 0x1d, 0x7f, - 0x44, 0x3d, 0xb4, 0xfd, 0x40, 0xa2, 0xc7, 0xa9, 0xf4, 0x59, 0xd0, 0x1e, 0x73, 0x26, 0x19, 0x29, - 0x25, 0xc0, 0x46, 0xd3, 0x63, 0x1e, 0x8b, 0x6c, 0x3b, 0xea, 0x2b, 0x1e, 0x36, 0xbf, 0x2b, 0x42, - 0x63, 0xa0, 0x5c, 0x07, 0x33, 0x4f, 0x52, 0x87, 0x9c, 0xef, 0x1a, 0xda, 0x96, 0xb6, 0x5d, 0xb6, - 0x72, 0xbe, 0x4b, 0x08, 0x14, 0x02, 0x3a, 0x42, 0x23, 0x17, 0x59, 0xa2, 0x6f, 0x65, 0x93, 0x93, - 0x31, 0x1a, 0xf9, 0xd8, 0xa6, 0xbe, 0x49, 0x07, 0xc0, 0xa1, 0x12, 0x3d, 0xc6, 0x7d, 0x14, 0x46, - 0x71, 0x2b, 0xbf, 0x5d, 0xdf, 0x7d, 0xa7, 0x9d, 0x08, 0x68, 0x2f, 0x4e, 0xd3, 0x8b, 0xd1, 0x89, - 0x95, 0x71, 0x22, 0x0f, 0x21, 0xef, 0x4a, 0x6e, 0x94, 0xb6, 0xb4, 0xed, 0xca, 0x2e, 0x49, 0x7d, - 0x9f, 0x1d, 0x5b, 0x3d, 0x16, 0xbc, 0xf0, 0xbd, 0x4f, 0x97, 0x2c, 0x05, 0x90, 0xa7, 0xa0, 0x3b, - 0x43, 0xea, 0x73, 0xff, 0xc5, 0xc4, 0xd0, 0x23, 0xf8, 0x7e, 0x0a, 0xf7, 0x92, 0x81, 0xd4, 0x23, - 0x45, 0xc9, 0x0e, 0x14, 0x5d, 0xe6, 0x9c, 0x22, 0x37, 0xca, 0x91, 0xd3, 0xfa, 0x6c, 0x86, 0xc8, - 0x9c, 0xba, 0x24, 0x18, 0x79, 0x17, 0x0a, 0xdf, 0x86, 0x74, 0x62, 0x40, 0x84, 0xaf, 0xa5, 0xf8, - 0x97, 0x21, 0x9d, 0xc5, 0x8f, 0x10, 0x25, 0x1d, 0x1d, 0x6e, 0x54, 0x16, 0xa4, 0xf7, 0x7b, 0x19, - 0xe9, 0xe8, 0x70, 0xb2, 0x0b, 0x25, 0x89, 0x01, 0x3d, 0x19, 0xa2, 0x51, 0x8d, 0xd8, 0x7b, 0x29, - 0x7b, 0x1c, 0xdb, 0x53, 0x7e, 0x0a, 0x2a, 0xdd, 0x1e, 0x63, 0xde, 0x10, 0x8d, 0xda, 0x82, 0xee, - 0xfd, 0xc8, 0x3c, 0xd3, 0x1d, 0x63, 0xe4, 0x11, 0x2c, 0x47, 0x8b, 0x36, 0xea, 0x11, 0xdf, 0x9c, - 0x4f, 0x4e, 0x8a, 0xc7, 0x90, 0x92, 0x44, 0x03, 0xe7, 0x25, 0xe3, 0x68, 0xac, 0x2e, 0x48, 0xea, - 0xc4, 0xf6, 0x99, 0xa4, 0x04, 0x24, 0x6d, 0xc8, 0xfb, 0x27, 0x23, 0xa3, 0x19, 0xf1, 0x1b, 0xb3, - 0x5d, 0xee, 0x7e, 0x6e, 0xa1, 0xe7, 0x0b, 0xc9, 0x67, 0xf9, 0x51, 0x20, 0x79, 0x00, 0x35, 0x1a, - 0x4a, 0xe6, 0x61, 0x80, 0x9c, 0x4a, 0x74, 0x8d, 0x95, 0x2d, 0x6d, 0x5b, 0xb7, 0xe6, 0x8d, 0xe4, - 0x6d, 0x00, 0x67, 0x18, 0x0a, 0x89, 0xdc, 0xf6, 0x5d, 0xa3, 0x11, 0x15, 0x57, 0x39, 0xb1, 0x0c, - 0x5c, 0xb2, 0x0b, 0xeb, 0xe2, 0xd4, 0x1f, 0xdb, 0x12, 0x85, 0xcc, 0x16, 0xbb, 0x41, 0xa2, 0x60, - 0x6b, 0x6a, 0xf0, 0x18, 0x85, 0xcc, 0x94, 0x59, 0x77, 0x0d, 0x56, 0xb3, 0x55, 0x17, 0x89, 0x3a, - 0x28, 0xe8, 0x85, 0xc6, 0xf2, 0x41, 0x41, 0x5f, 0x6e, 0x14, 0x0f, 0x0a, 0xfa, 0x5a, 0xa3, 0x69, - 0x7e, 0xaf, 0xc1, 0xea, 0x25, 0xf1, 0xe4, 0x33, 0xd0, 0x31, 0x70, 0xc7, 0xcc, 0x0f, 0x64, 0xdc, - 0x10, 0xdd, 0xc7, 0x17, 0x67, 0xad, 0x47, 0xc2, 0xe1, 0xe1, 0xc9, 0x9e, 0xe9, 0xe2, 0x18, 0x03, - 0x17, 0x03, 0x69, 0x6e, 0xbd, 0xa2, 0x43, 0xdf, 0xa5, 0x12, 0xf7, 0xcc, 0x80, 0x0d, 0x99, 0x43, - 0x87, 0x53, 0x37, 0xd3, 0x4a, 0x23, 0x90, 0xf7, 0xa1, 0x44, 0xc7, 0xbe, 0x7d, 0x8a, 0x93, 0xb8, - 0x97, 0xba, 0xe4, 0xe2, 0xac, 0x55, 0x4f, 0x82, 0xd1, 0xe1, 0x6b, 0x3a, 0x11, 0xa6, 0x55, 0xa4, - 0x63, 0xff, 0x39, 0x4e, 0xcc, 0x1f, 0x35, 0x80, 0x59, 0x99, 0xdd, 0xb1, 0x92, 0x5d, 0x00, 0x46, - 0x43, 0xf9, 0xf2, 0x98, 0x9d, 0x62, 0x70, 0x8d, 0x98, 0x0c, 0x45, 0x36, 0x40, 0xf7, 0x03, 0x81, - 0x4e, 0xc8, 0xe3, 0xb6, 0xd7, 0xad, 0xf4, 0xdf, 0x44, 0xa8, 0x64, 0x2a, 0x8b, 0xec, 0x5d, 0x12, - 0xbb, 0x79, 0x71, 0xd6, 0xda, 0xb8, 0x91, 0xb4, 0xec, 0x34, 0xb9, 0x85, 0x69, 0x7e, 0xd1, 0xa0, - 0x3e, 0xdf, 0xde, 0xb7, 0x9a, 0xaa, 0x07, 0x35, 0x8f, 0x8f, 0x1d, 0x3b, 0x0d, 0x90, 0xbf, 0x51, - 0x80, 0xaa, 0x72, 0xea, 0x4f, 0x83, 0x3c, 0x86, 0x66, 0x10, 0x8e, 0x6c, 0x87, 0x05, 0x4e, 0xc8, - 0x39, 0x06, 0xd2, 0x16, 0x0e, 0x0d, 0x44, 0xa4, 0x7d, 0xd9, 0x22, 0x41, 0x38, 0xea, 0xa5, 0x43, - 0x47, 0x6a, 0xc4, 0xfc, 0x43, 0x83, 0x6a, 0xf6, 0xbc, 0xb9, 0xe3, 0xbd, 0x7d, 0x02, 0x7a, 0x28, - 0x90, 0xcf, 0x8e, 0xec, 0xee, 0xfa, 0xc5, 0x59, 0x6b, 0xf5, 0x52, 0x34, 0x2b, 0xc5, 0x48, 0x1b, - 0xf4, 0x31, 0x15, 0xe2, 0x35, 0xe3, 0x6e, 0x92, 0x83, 0x7f, 0x2b, 0x86, 0x94, 0x99, 0xdb, 0xa3, - 0xc2, 0xc2, 0x1e, 0xfd, 0x9c, 0x87, 0x72, 0x7a, 0xe8, 0x91, 0x16, 0x54, 0x78, 0xd2, 0x52, 0x76, - 0x7a, 0xa9, 0xc0, 0xd4, 0x34, 0x70, 0xc9, 0x47, 0x50, 0xa3, 0x8e, 0x83, 0x42, 0xa8, 0xb6, 0x50, - 0xc8, 0xd5, 0xc5, 0x58, 0x89, 0xc1, 0xe7, 0xa8, 0xfc, 0x3e, 0x81, 0x55, 0x81, 0x0e, 0x47, 0x69, - 0xcf, 0xdc, 0xaf, 0xd1, 0xbe, 0x12, 0xc3, 0x9d, 0x69, 0x04, 0x72, 0x0f, 0x8a, 0x4a, 0x05, 0x0b, - 0xa2, 0x05, 0x94, 0xad, 0xe4, 0x8f, 0xb4, 0xa1, 0x14, 0x0a, 0xb4, 0x7d, 0x3a, 0x32, 0x96, 0xd5, - 0xca, 0xae, 0x4a, 0x5e, 0x31, 0x14, 0x38, 0xa0, 0xa3, 0xb9, 0xbd, 0x2b, 0xde, 0x7a, 0xef, 0x1e, - 0xc2, 0x8a, 0x9a, 0x9d, 0x0a, 0x11, 0x8e, 0xd0, 0xe6, 0x6c, 0x88, 0xd1, 0x5d, 0xa8, 0x5b, 0xb5, - 0x50, 0x60, 0x27, 0xb2, 0x5a, 0x6c, 0x88, 0xe4, 0x01, 0xd4, 0x33, 0x8c, 0x4a, 0x9b, 0x1e, 0xad, - 0xa2, 0x4a, 0x53, 0x66, 0xe0, 0x92, 0xa7, 0x70, 0x3f, 0x4b, 0xe1, 0x1b, 0xa9, 0xf6, 0x7b, 0xa8, - 0xf0, 0x72, 0x84, 0x37, 0x67, 0x78, 0x3f, 0x19, 0x1c, 0xb8, 0xe6, 0xef, 0x1a, 0x94, 0xd3, 0x1b, - 0x77, 0xae, 0x9c, 0xb4, 0xff, 0x5e, 0x4e, 0xb9, 0x1b, 0x94, 0x53, 0x36, 0x87, 0xf9, 0x5b, 0xe7, - 0xf0, 0xba, 0xe2, 0xfc, 0x49, 0x83, 0x6a, 0xf6, 0xca, 0xbc, 0xe3, 0xd6, 0xfb, 0x18, 0x56, 0x04, - 0xf2, 0x57, 0xbe, 0x83, 0xaa, 0x2a, 0x59, 0x18, 0xc8, 0x6b, 0xd6, 0x5f, 0x4f, 0xd0, 0x4e, 0x4c, - 0x12, 0x03, 0x4a, 0x63, 0xce, 0xbe, 0x41, 0x27, 0x49, 0x82, 0x35, 0xfd, 0x35, 0x43, 0xa8, 0xcd, - 0x3d, 0x0d, 0xc8, 0x13, 0x80, 0x4c, 0xd5, 0x6b, 0x57, 0x4e, 0x51, 0x4e, 0x3b, 0x46, 0xb9, 0x24, - 0xfd, 0x72, 0xfd, 0xf5, 0x53, 0x8e, 0x29, 0x75, 0x03, 0xfd, 0xa9, 0x41, 0x6d, 0xee, 0xfe, 0xff, - 0x5f, 0x1d, 0x54, 0xef, 0xed, 0x83, 0x71, 0xd5, 0x9b, 0x94, 0x54, 0x41, 0xb7, 0xfa, 0xfb, 0x83, - 0xa3, 0x63, 0xeb, 0xab, 0xc6, 0x12, 0xa9, 0x40, 0xe9, 0xa8, 0xd7, 0x39, 0x3c, 0xec, 0x5b, 0x0d, - 0x8d, 0x34, 0xa0, 0x7a, 0xf8, 0xc5, 0xb3, 0xbe, 0x3d, 0xb5, 0xe4, 0xba, 0x1f, 0xfe, 0x7a, 0xbe, - 0xa9, 0xfd, 0x76, 0xbe, 0xa9, 0xfd, 0x75, 0xbe, 0xa9, 0xfd, 0xf0, 0xf7, 0xe6, 0x12, 0xbc, 0xe5, - 0xb3, 0xb6, 0x90, 0xd4, 0x39, 0xe5, 0xec, 0x4d, 0xfc, 0xd2, 0x9e, 0x3e, 0x90, 0xbe, 0x9e, 0x3e, - 0xc8, 0x4f, 0x8a, 0x91, 0xfd, 0x83, 0x7f, 0x02, 0x00, 0x00, 0xff, 0xff, 0x05, 0xed, 0xcd, 0x3d, - 0xc3, 0x0b, 0x00, 0x00, + // 1077 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xdc, 0x96, 0xcf, 0x6e, 0x23, 0xc5, + 0x13, 0xc7, 0x77, 0xec, 0xc4, 0x7f, 0xca, 0x7f, 0xe2, 0x74, 0xbc, 0xbb, 0xf3, 0x8b, 0xf4, 0x8b, + 0xcd, 0x68, 0xb5, 0x0a, 0xb0, 0x72, 0x76, 0x03, 0xcb, 0x21, 0x48, 0x48, 0xb6, 0xd7, 0x0a, 0x66, + 0x21, 0x88, 0x49, 0x2e, 0x70, 0x19, 0x75, 0x66, 0x6a, 0x67, 0x87, 0xd8, 0xd3, 0xa6, 0xbb, 0x67, + 0x77, 0xfd, 0x12, 0x5c, 0xe1, 0x19, 0xb8, 0xf2, 0x00, 0x1c, 0xb8, 0x70, 0xe4, 0x88, 0x04, 0x8a, + 0x50, 0x78, 0x83, 0x3c, 0x01, 0xea, 0x9e, 0xf1, 0x78, 0xec, 0x90, 0x28, 0x28, 0x39, 0x71, 0x9b, + 0xa9, 0xfe, 0x54, 0xf5, 0xb7, 0xab, 0xab, 0xba, 0x1b, 0x5a, 0x42, 0x32, 0x4e, 0x7d, 0xdc, 0x09, + 0xc6, 0xd4, 0x47, 0x27, 0x08, 0x25, 0xfa, 0x9c, 0xca, 0x80, 0x85, 0x9d, 0x09, 0x67, 0x92, 0x91, + 0x62, 0x02, 0x6c, 0x36, 0x7d, 0xe6, 0x33, 0x6d, 0xdb, 0x51, 0x5f, 0xf1, 0xb0, 0xf5, 0x5d, 0x01, + 0x1a, 0x43, 0xe5, 0x3a, 0x9c, 0x7b, 0x92, 0x3a, 0xe4, 0x02, 0xcf, 0x34, 0xda, 0xc6, 0x76, 0xd9, + 0xce, 0x05, 0x1e, 0x21, 0xb0, 0x12, 0xd2, 0x31, 0x9a, 0x39, 0x6d, 0xd1, 0xdf, 0xca, 0x26, 0xa7, + 0x13, 0x34, 0xf3, 0xb1, 0x4d, 0x7d, 0x93, 0x4d, 0x28, 0xb9, 0xa3, 0x48, 0x48, 0xe4, 0xc2, 0x5c, + 0x6d, 0xe7, 0xb7, 0xcb, 0x76, 0xfa, 0x4f, 0xba, 0x00, 0x2e, 0x95, 0xe8, 0x33, 0x1e, 0xa0, 0x30, + 0x0b, 0xed, 0xfc, 0x76, 0x7d, 0xf7, 0xad, 0x4e, 0x22, 0xae, 0xb3, 0x2c, 0xa1, 0x1f, 0xa3, 0x53, + 0x3b, 0xe3, 0x44, 0x1e, 0x42, 0xde, 0x93, 0xdc, 0x2c, 0xb6, 0x8d, 0xed, 0xca, 0x2e, 0x49, 0x7d, + 0x9f, 0x1d, 0xd9, 0x7d, 0x16, 0xbe, 0x08, 0xfc, 0x8f, 0xef, 0xd8, 0x0a, 0x20, 0x4f, 0x95, 0x0c, + 0x1a, 0xf0, 0xe0, 0xc5, 0xd4, 0x2c, 0x69, 0xf8, 0x7e, 0x0a, 0xf7, 0x93, 0x81, 0xd4, 0x23, 0x45, + 0xc9, 0x0e, 0x14, 0x3c, 0xe6, 0x9e, 0x20, 0x37, 0xcb, 0xda, 0xe9, 0xee, 0x7c, 0x06, 0x6d, 0x4e, + 0x5d, 0x12, 0x8c, 0xbc, 0x0d, 0x2b, 0xdf, 0x44, 0x74, 0x6a, 0x82, 0xc6, 0x37, 0x52, 0xfc, 0x8b, + 0x88, 0xce, 0xe3, 0x6b, 0x44, 0x49, 0x47, 0x97, 0x9b, 0x95, 0x25, 0xe9, 0x83, 0x7e, 0x46, 0x3a, + 0xba, 0x9c, 0xec, 0x42, 0x51, 0x62, 0x48, 0x8f, 0x47, 0x68, 0x56, 0x35, 0x7b, 0x2f, 0x65, 0x8f, + 0x62, 0x7b, 0xca, 0xcf, 0x40, 0xa5, 0xdb, 0x67, 0xcc, 0x1f, 0xa1, 0x59, 0x5b, 0xd2, 0xbd, 0xaf, + 0xcd, 0x73, 0xdd, 0x31, 0x46, 0x1e, 0xc1, 0xaa, 0x5e, 0xb4, 0x59, 0xd7, 0x7c, 0x73, 0x31, 0x39, + 0x29, 0x1e, 0x43, 0x4a, 0x12, 0x0d, 0xdd, 0x97, 0x8c, 0xa3, 0xb9, 0xbe, 0x24, 0xa9, 0x1b, 0xdb, + 0xe7, 0x92, 0x12, 0x90, 0x74, 0x20, 0x1f, 0x1c, 0x8f, 0xcd, 0xa6, 0xe6, 0x37, 0xe7, 0xbb, 0xdc, + 0xfb, 0xcc, 0x46, 0x3f, 0x10, 0x92, 0xcf, 0xf3, 0xa3, 0x40, 0xf2, 0x00, 0x6a, 0x34, 0x92, 0xcc, + 0xc7, 0x10, 0x39, 0x95, 0xe8, 0x99, 0x6b, 0x6d, 0x63, 0xbb, 0x64, 0x2f, 0x1a, 0xc9, 0xff, 0x01, + 0x92, 0x72, 0x72, 0x02, 0xcf, 0x6c, 0xe8, 0xc2, 0x2b, 0x27, 0x96, 0xa1, 0x47, 0x76, 0xe1, 0xae, + 0x38, 0x09, 0x26, 0x8e, 0x44, 0x21, 0xb3, 0x8d, 0x60, 0x12, 0x1d, 0x6c, 0x43, 0x0d, 0x1e, 0xa1, + 0x90, 0x99, 0x32, 0xeb, 0x6d, 0xc0, 0x7a, 0xb6, 0xea, 0xb4, 0xa8, 0x4f, 0x56, 0x4a, 0x1b, 0x8d, + 0xa6, 0xf5, 0xad, 0x01, 0xeb, 0x17, 0x04, 0x93, 0x4f, 0xa1, 0x84, 0xa1, 0x37, 0x61, 0x41, 0x28, + 0xe3, 0x06, 0xe9, 0x3d, 0x3e, 0x3f, 0x6d, 0x3d, 0x12, 0x2e, 0x8f, 0x8e, 0xf7, 0x2c, 0x0f, 0x27, + 0x18, 0x7a, 0x18, 0x4a, 0xab, 0xfd, 0x8a, 0x8e, 0x02, 0x8f, 0x4a, 0xdc, 0xb3, 0x42, 0x36, 0x62, + 0x2e, 0x1d, 0xcd, 0xdc, 0x2c, 0x3b, 0x8d, 0x40, 0xde, 0x85, 0x22, 0x9d, 0x04, 0xce, 0x09, 0x4e, + 0xe3, 0xde, 0xea, 0x91, 0xf3, 0xd3, 0x56, 0x3d, 0x09, 0x46, 0x47, 0xaf, 0xe9, 0x54, 0x58, 0x76, + 0x81, 0x4e, 0x82, 0xe7, 0x38, 0xb5, 0x7e, 0x30, 0x00, 0xe6, 0xa5, 0x75, 0xcb, 0x4a, 0x76, 0x01, + 0x18, 0x8d, 0xe4, 0xcb, 0x23, 0x76, 0x82, 0xe1, 0x15, 0x62, 0x32, 0x94, 0x6a, 0xf7, 0x20, 0x14, + 0xe8, 0x46, 0x3c, 0x3e, 0x06, 0x4a, 0x76, 0xfa, 0x6f, 0x21, 0x54, 0x32, 0xd5, 0x44, 0xf6, 0x2e, + 0x88, 0xdd, 0x3a, 0x3f, 0x6d, 0x6d, 0x5e, 0x4b, 0x5a, 0x76, 0x9a, 0xdc, 0xd2, 0x34, 0x3f, 0x1b, + 0x50, 0x5f, 0x6c, 0xe9, 0x1b, 0x4d, 0xd5, 0x87, 0x9a, 0xcf, 0x27, 0xae, 0x93, 0x06, 0xc8, 0x5f, + 0x2b, 0x40, 0x55, 0x39, 0x0d, 0x66, 0x41, 0x1e, 0x43, 0x33, 0x8c, 0xc6, 0x8e, 0xcb, 0x42, 0x37, + 0xe2, 0x1c, 0x43, 0xe9, 0x08, 0x97, 0x86, 0x42, 0x6b, 0x5f, 0xb5, 0x49, 0x18, 0x8d, 0xfb, 0xe9, + 0xd0, 0xa1, 0x1a, 0xb1, 0x7e, 0x37, 0xa0, 0x9a, 0x3d, 0x63, 0x6e, 0x79, 0x6f, 0x9f, 0x40, 0x29, + 0x12, 0xc8, 0xe7, 0x47, 0x78, 0xef, 0xee, 0xf9, 0x69, 0x6b, 0xfd, 0x42, 0x34, 0x3b, 0xc5, 0x48, + 0x07, 0x4a, 0x13, 0x2a, 0xc4, 0x6b, 0xc6, 0xbd, 0x24, 0x07, 0xff, 0x54, 0x0c, 0x29, 0xb3, 0xb0, + 0x47, 0x2b, 0x4b, 0x7b, 0xf4, 0x53, 0x1e, 0xca, 0xe9, 0x41, 0x47, 0x5a, 0x50, 0xe1, 0x49, 0x4b, + 0x39, 0xe9, 0x25, 0x03, 0x33, 0xd3, 0xd0, 0x23, 0x1f, 0x40, 0x8d, 0xba, 0x2e, 0x0a, 0xa1, 0xda, + 0x42, 0x21, 0x97, 0x17, 0x63, 0x25, 0x06, 0x9f, 0xa3, 0xf2, 0xfb, 0x08, 0xd6, 0x05, 0xba, 0x1c, + 0xa5, 0x33, 0x77, 0xbf, 0x42, 0xfb, 0x5a, 0x0c, 0x77, 0x67, 0x11, 0xc8, 0x3d, 0x28, 0x28, 0x15, + 0x2c, 0xd4, 0x0b, 0x28, 0xdb, 0xc9, 0x1f, 0xe9, 0x40, 0x31, 0x12, 0xe8, 0x04, 0x74, 0x6c, 0xae, + 0xaa, 0x95, 0x5d, 0x96, 0xbc, 0x42, 0x24, 0x70, 0x48, 0xc7, 0x0b, 0x7b, 0x57, 0xb8, 0xf1, 0xde, + 0x3d, 0x84, 0x35, 0x35, 0x3b, 0x15, 0x22, 0x1a, 0xa3, 0xc3, 0xd9, 0x08, 0xf5, 0xfd, 0x57, 0xb2, + 0x6b, 0x91, 0xc0, 0xae, 0xb6, 0xda, 0x6c, 0x84, 0xe4, 0x01, 0xd4, 0x33, 0x8c, 0x4a, 0x5b, 0x49, + 0xaf, 0xa2, 0x4a, 0x53, 0x66, 0xe8, 0x91, 0xa7, 0x70, 0x3f, 0x4b, 0xe1, 0x1b, 0xa9, 0xf6, 0x7b, + 0xa4, 0xf0, 0xb2, 0xc6, 0x9b, 0x73, 0x7c, 0x90, 0x0c, 0x0e, 0x3d, 0xeb, 0x37, 0x03, 0xca, 0xe9, + 0x2d, 0xbb, 0x50, 0x4e, 0xc6, 0xbf, 0x2f, 0xa7, 0xdc, 0x35, 0xca, 0x29, 0x9b, 0xc3, 0xfc, 0x8d, + 0x73, 0x78, 0x55, 0x71, 0xfe, 0x68, 0x40, 0x35, 0x7b, 0x4d, 0xde, 0x72, 0xeb, 0x7d, 0x08, 0x6b, + 0x02, 0xf9, 0xab, 0xc0, 0x45, 0x55, 0x95, 0x2c, 0x0a, 0xe5, 0x15, 0xeb, 0xaf, 0x27, 0x68, 0x37, + 0x26, 0x89, 0x09, 0xc5, 0x09, 0x67, 0x5f, 0xa3, 0x9b, 0x24, 0xc1, 0x9e, 0xfd, 0x5a, 0x11, 0xd4, + 0x16, 0x9e, 0x03, 0xe4, 0x09, 0x40, 0xa6, 0xea, 0x8d, 0x4b, 0xa7, 0x28, 0xa7, 0x1d, 0xa3, 0x5c, + 0x92, 0x7e, 0xb9, 0xfa, 0xfa, 0x29, 0xc7, 0x94, 0xba, 0x81, 0xfe, 0x30, 0xa0, 0xb6, 0x70, 0xe7, + 0xff, 0xa7, 0x0e, 0xaa, 0x77, 0xf6, 0xc1, 0xbc, 0xec, 0x1d, 0x4a, 0xaa, 0x50, 0xb2, 0x07, 0xfb, + 0xc3, 0xc3, 0x23, 0xfb, 0xcb, 0xc6, 0x1d, 0x52, 0x81, 0xe2, 0x61, 0xbf, 0x7b, 0x70, 0x30, 0xb0, + 0x1b, 0x06, 0x69, 0x40, 0xf5, 0xe0, 0xf3, 0x67, 0x03, 0x67, 0x66, 0xc9, 0xf5, 0xde, 0xff, 0xe5, + 0x6c, 0xcb, 0xf8, 0xf5, 0x6c, 0xcb, 0xf8, 0xf3, 0x6c, 0xcb, 0xf8, 0xfe, 0xaf, 0xad, 0x3b, 0xf0, + 0xbf, 0x80, 0x75, 0x84, 0xa4, 0xee, 0x09, 0x67, 0x6f, 0xe2, 0x97, 0xf7, 0xec, 0x51, 0xf4, 0xd5, + 0xec, 0x81, 0x7e, 0x5c, 0xd0, 0xf6, 0xf7, 0xfe, 0x0e, 0x00, 0x00, 0xff, 0xff, 0x68, 0x0f, 0x88, + 0xa1, 0xd3, 0x0b, 0x00, 0x00, } func (m *ImageIntegration) Marshal() (dAtA []byte, err error) { @@ -1413,6 +1426,15 @@ func (m *ImageIntegration) MarshalToSizedBuffer(dAtA []byte) (int, error) { i-- dAtA[i] = 0x32 } + if len(m.Clusters) > 0 { + for iNdEx := len(m.Clusters) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.Clusters[iNdEx]) + copy(dAtA[i:], m.Clusters[iNdEx]) + i = encodeVarintImageIntegration(dAtA, i, uint64(len(m.Clusters[iNdEx]))) + i-- + dAtA[i] = 0x2a + } + } if len(m.Type) > 0 { i -= len(m.Type) copy(dAtA[i:], m.Type) @@ -2221,6 +2243,12 @@ func (m *ImageIntegration) Size() (n int) { if l > 0 { n += 1 + l + sovImageIntegration(uint64(l)) } + if len(m.Clusters) > 0 { + for _, s := range m.Clusters { + l = len(s) + n += 1 + l + sovImageIntegration(uint64(l)) + } + } if len(m.Categories) > 0 { l = 0 for _, e := range m.Categories { @@ -2754,6 +2782,38 @@ func (m *ImageIntegration) Unmarshal(dAtA []byte) error { } m.Type = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Clusters", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowImageIntegration + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthImageIntegration + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthImageIntegration + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Clusters = append(m.Clusters, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex case 6: if wireType == 0 { var v ImageIntegrationCategory diff --git a/pkg/images/enricher/enricher_impl.go b/pkg/images/enricher/enricher_impl.go index 7ff8a19ee97b5..7ddcdfe053b4b 100644 --- a/pkg/images/enricher/enricher_impl.go +++ b/pkg/images/enricher/enricher_impl.go @@ -187,6 +187,9 @@ func getRef(image *storage.Image) string { } func (e *enricherImpl) enrichImageWithRegistry(image *storage.Image, registry registryTypes.ImageRegistry) (bool, error) { + if !registry.Global() { + return false, nil + } if !registry.Match(image.GetName()) { return false, nil } diff --git a/pkg/registries/docker/docker.go b/pkg/registries/docker/docker.go index 42a2cba17a758..b2412150b0c8a 100644 --- a/pkg/registries/docker/docker.go +++ b/pkg/registries/docker/docker.go @@ -176,6 +176,11 @@ func (r *Registry) Match(image *storage.ImageName) bool { return r.repositoryList.Contains(image.GetRemote()) } +// Global returns whether or not this registry is available from all clusters +func (r *Registry) Global() bool { + return len(r.protoImageIntegration.GetClusters()) == 0 +} + // Metadata returns the metadata via this registries implementation func (r *Registry) Metadata(image *storage.Image) (*storage.ImageMetadata, error) { if image == nil { diff --git a/pkg/registries/types/types.go b/pkg/registries/types/types.go index 3257d962d2b8a..4c5daa316cd19 100644 --- a/pkg/registries/types/types.go +++ b/pkg/registries/types/types.go @@ -19,6 +19,7 @@ type Registry interface { Match(image *storage.ImageName) bool Metadata(image *storage.Image) (*storage.ImageMetadata, error) Test() error + Global() bool Config() *Config Name() string } diff --git a/proto/storage/image_integration.proto b/proto/storage/image_integration.proto index 252b6dd506dc7..052534b96cf51 100644 --- a/proto/storage/image_integration.proto +++ b/proto/storage/image_integration.proto @@ -12,10 +12,8 @@ message ImageIntegration { string id = 1; string name = 2; string type = 3; - // Skipped by accident or accidentally deleted? - reserved 4; - // Previously "repeated string clusters", but it was never used. - reserved 5; + // If a list of clusters is provided, the integration will only be accessed from the specified clusters' sensors. + repeated string clusters = 5; repeated ImageIntegrationCategory categories = 6; oneof IntegrationConfig { diff --git a/sensor/kubernetes/main.go b/sensor/kubernetes/main.go index bdf38f67c9691..e27ddfe77abee 100644 --- a/sensor/kubernetes/main.go +++ b/sensor/kubernetes/main.go @@ -1,26 +1,19 @@ package main import ( - "context" "os" "os/signal" - "github.com/stackrox/rox/pkg/clientconn" "github.com/stackrox/rox/pkg/devmode" - "github.com/stackrox/rox/pkg/env" "github.com/stackrox/rox/pkg/logging" "github.com/stackrox/rox/pkg/metrics" - "github.com/stackrox/rox/pkg/mtls" "github.com/stackrox/rox/pkg/premain" "github.com/stackrox/rox/pkg/utils" "github.com/stackrox/rox/pkg/version" "github.com/stackrox/rox/sensor/kubernetes/client" "github.com/stackrox/rox/sensor/kubernetes/fake" "github.com/stackrox/rox/sensor/kubernetes/sensor" - scannerV1 "github.com/stackrox/scanner/generated/scanner/api/v1" "golang.org/x/sys/unix" - "google.golang.org/grpc" - "google.golang.org/grpc/credentials" ) var ( @@ -53,23 +46,6 @@ func main() { s, err := sensor.CreateSensor(sharedClientInterface, workloadManager) utils.CrashOnError(err) - tlsConfig, err := clientconn.TLSConfig(mtls.ScannerSubject, clientconn.TLSConfigOptions{ - UseClientCert: clientconn.MustUseClientCert, - }) - if err != nil { - log.Error("Creating Scanner TLS Config") - } - conn, err := grpc.Dial(env.ScannerEndpoint.Setting(), grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig))) - if err != nil { - log.Errorf("Dialing scanner: %v", err) - } - pingSvc := scannerV1.NewPingServiceClient(conn) - resp, err := pingSvc.Ping(context.Background(), new(scannerV1.Empty)) - log.Errorf("Resp from Scanner ping: %v, Error: %v", resp, err) - scanSvc := scannerV1.NewImageScanServiceClient(conn) - resp2, err := scanSvc.GetImageComponents(context.Background(), new(scannerV1.GetImageComponentsRequest)) - log.Errorf("Resp from Scanner: %v, Error: %v", resp2, err) - s.Start() for { From 50fb121c908a9d240734b981a601da24d1104450 Mon Sep 17 00:00:00 2001 From: RTann Date: Tue, 15 Feb 2022 18:03:07 -0800 Subject: [PATCH 082/103] allow scheme --- sensor/common/scannerclient/grpc_client.go | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/sensor/common/scannerclient/grpc_client.go b/sensor/common/scannerclient/grpc_client.go index b9dfaaa2001bc..64365562887d1 100644 --- a/sensor/common/scannerclient/grpc_client.go +++ b/sensor/common/scannerclient/grpc_client.go @@ -29,8 +29,16 @@ func newGRPCClient(endpoint string) (*client, error) { return nil, nil } - if hasScheme := strings.Contains(endpoint, "://"); hasScheme { - return nil, errors.Errorf("Scanner endpoint should not specify a scheme: %s", endpoint) + parts := strings.SplitN(endpoint, "://", 2) + switch parts[0] { + case "http", "https": + break + default: + if len(parts) == 1 { + // There is no scheme defined, which is ok. + break + } + return nil, errors.Errorf("Scanner endpoint has unsupported scheme %s", parts[0]) } tlsConfig, err := clientconn.TLSConfig(mtls.ScannerSubject, clientconn.TLSConfigOptions{ From 5a52ee695b49b992174db599e28d1ab84a743836 Mon Sep 17 00:00:00 2001 From: RTann Date: Tue, 15 Feb 2022 18:06:16 -0800 Subject: [PATCH 083/103] only allow https as a scheme --- sensor/common/scannerclient/grpc_client.go | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/sensor/common/scannerclient/grpc_client.go b/sensor/common/scannerclient/grpc_client.go index 64365562887d1..7ad9ed6c1976a 100644 --- a/sensor/common/scannerclient/grpc_client.go +++ b/sensor/common/scannerclient/grpc_client.go @@ -29,16 +29,9 @@ func newGRPCClient(endpoint string) (*client, error) { return nil, nil } - parts := strings.SplitN(endpoint, "://", 2) - switch parts[0] { - case "http", "https": - break - default: - if len(parts) == 1 { - // There is no scheme defined, which is ok. - break - } - return nil, errors.Errorf("Scanner endpoint has unsupported scheme %s", parts[0]) + endpoint = strings.TrimPrefix(endpoint, "https://") + if strings.Contains(endpoint, "://") { + return nil, errors.Errorf("Scanner endpoint has unsupported scheme: %s", endpoint) } tlsConfig, err := clientconn.TLSConfig(mtls.ScannerSubject, clientconn.TLSConfigOptions{ From 67f6babaa76f29c1bbb18a2e0cb5f63edee175c1 Mon Sep 17 00:00:00 2001 From: RTann Date: Wed, 16 Feb 2022 09:22:31 -0800 Subject: [PATCH 084/103] for now --- pkg/images/utils/utils.go | 2 +- sensor/common/registry/registry_store.go | 1 + sensor/common/scannerclient/grpc_client.go | 14 ++++++++------ sensor/common/scannerclient/scan.go | 9 +++------ 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/pkg/images/utils/utils.go b/pkg/images/utils/utils.go index e982731075862..0a1dc09ac99b0 100644 --- a/pkg/images/utils/utils.go +++ b/pkg/images/utils/utils.go @@ -48,7 +48,7 @@ func GenerateImageFromStringWithDefaultTag(imageStr, defaultTag string) (*storag } // GenerateImageNameFromString generated an ImageName from a common string format and returns an error if there was an -// issure parsing it. +// issue parsing it. func GenerateImageNameFromString(imageStr string) (*storage.ImageName, reference.Reference, error) { name := &storage.ImageName{ FullName: imageStr, diff --git a/sensor/common/registry/registry_store.go b/sensor/common/registry/registry_store.go index 73815b9d16d7e..6e7b6c6682c2e 100644 --- a/sensor/common/registry/registry_store.go +++ b/sensor/common/registry/registry_store.go @@ -110,6 +110,7 @@ func (rs *Store) getRegistriesInNamespace(namespace string) registries.Set { // An error is returned if the registry is unknown. func (rs *Store) GetRegistryForImage(image *storage.ImageName) (registryTypes.Registry, error) { reg := image.GetRegistry() + ns := utils.ExtractOpenShiftProject(image) regs := rs.getRegistriesInNamespace(ns) if regs != nil { diff --git a/sensor/common/scannerclient/grpc_client.go b/sensor/common/scannerclient/grpc_client.go index 7ad9ed6c1976a..a6c6b3d541db3 100644 --- a/sensor/common/scannerclient/grpc_client.go +++ b/sensor/common/scannerclient/grpc_client.go @@ -2,6 +2,7 @@ package scannerclient import ( "context" + "fmt" "strings" "github.com/pkg/errors" @@ -59,16 +60,17 @@ func newGRPCClient(endpoint string) (*client, error) { // 1. Retrieve image metadata. // 2. Request image analysis from Scanner, directly. // 3. Return image analysis results. -func (c *client) GetImageAnalysis(ctx context.Context, image *storage.ContainerImage) (*imageData, error) { - reg, err := registry.Singleton().GetRegistryForImage(image.GetName()) +func (c *client) GetImageAnalysis(ctx context.Context, ci *storage.ContainerImage) (*imageData, error) { + reg, err := registry.Singleton().GetRegistryForImage(ci.GetName()) if err != nil { return nil, errors.Wrap(err, "determining image registry") } - name := image.GetName().GetFullName() - namespace := utils.ExtractOpenShiftProject(image.GetName()) + name := ci.GetName().GetFullName() + namespace := utils.ExtractOpenShiftProject(ci.GetName()) - metadata, err := reg.Metadata(types.ToImage(image)) + image := types.ToImage(ci) + metadata, err := reg.Metadata(image) if err != nil { log.Debugf("Failed to get metadata for image %s in namespace %s: %v", name, namespace, err) return nil, errors.Wrap(err, "getting image metadata") @@ -78,7 +80,7 @@ func (c *client) GetImageAnalysis(ctx context.Context, image *storage.ContainerI cfg := reg.Config() resp, err := c.client.GetImageComponents(ctx, &scannerV1.GetImageComponentsRequest{ - Image: image.GetId(), + Image: fmt.Sprintf("%s:%s", ci.GetName().GetRemote(), utils.Reference(image)), Registry: &scannerV1.RegistryData{ Url: cfg.URL, Username: cfg.Username, diff --git a/sensor/common/scannerclient/scan.go b/sensor/common/scannerclient/scan.go index 674bf3e46db58..4b79733b2d8ca 100644 --- a/sensor/common/scannerclient/scan.go +++ b/sensor/common/scannerclient/scan.go @@ -6,7 +6,6 @@ import ( "github.com/pkg/errors" v1 "github.com/stackrox/rox/generated/api/v1" "github.com/stackrox/rox/generated/storage" - "github.com/stackrox/rox/pkg/images/utils" "github.com/stackrox/rox/pkg/logging" scannerV1 "github.com/stackrox/scanner/generated/scanner/api/v1" ) @@ -26,14 +25,12 @@ func ScanImage(ctx context.Context, centralClient v1.ImageServiceClient, image * return nil, ErrNoLocalScanner } - namespace := utils.ExtractOpenShiftProject(image.GetName()) - imgData, err := scannerClient.GetImageAnalysis(ctx, image) if err != nil { - return nil, errors.Wrapf(err, "scanning image %q in namespace %q", image.GetName().GetFullName(), namespace) + return nil, errors.Wrapf(err, "scanning image %s", image.GetName().GetFullName()) } if imgData.GetStatus() != scannerV1.ScanStatus_SUCCEEDED { - return nil, errors.Wrapf(err, "scan failed for image %q in namespace %q", image.GetName().GetFullName(), namespace) + return nil, errors.Wrapf(err, "scan failed for image %s", image.GetName().GetFullName()) } centralResp, err := centralClient.GetImageVulnerabilitiesInternal(ctx, &v1.GetImageVulnerabilitiesInternalRequest{ @@ -44,7 +41,7 @@ func ScanImage(ctx context.Context, centralClient v1.ImageServiceClient, image * Notes: imgData.GetNotes(), }) if err != nil { - return nil, errors.Wrapf(err, "retrieving image vulnerabilities for %s in namespace %q", image.GetName().GetFullName(), namespace) + return nil, errors.Wrapf(err, "retrieving image vulnerabilities for %s", image.GetName().GetFullName()) } return centralResp.GetImage(), nil From 6378679b5c186f62ccaa028342cf12fc89b5599d Mon Sep 17 00:00:00 2001 From: RTann Date: Wed, 16 Feb 2022 15:11:32 -0800 Subject: [PATCH 085/103] update image sent to Scanner --- sensor/common/scannerclient/grpc_client.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/sensor/common/scannerclient/grpc_client.go b/sensor/common/scannerclient/grpc_client.go index a6c6b3d541db3..b5b6be82f3ec0 100644 --- a/sensor/common/scannerclient/grpc_client.go +++ b/sensor/common/scannerclient/grpc_client.go @@ -2,7 +2,6 @@ package scannerclient import ( "context" - "fmt" "strings" "github.com/pkg/errors" @@ -80,7 +79,7 @@ func (c *client) GetImageAnalysis(ctx context.Context, ci *storage.ContainerImag cfg := reg.Config() resp, err := c.client.GetImageComponents(ctx, &scannerV1.GetImageComponentsRequest{ - Image: fmt.Sprintf("%s:%s", ci.GetName().GetRemote(), utils.Reference(image)), + Image: utils.GetFullyQualifiedFullName(image), Registry: &scannerV1.RegistryData{ Url: cfg.URL, Username: cfg.Username, From 45ad400fa2f875438e5375d3322da4e1999fdff4 Mon Sep 17 00:00:00 2001 From: RTann Date: Wed, 16 Feb 2022 15:13:18 -0800 Subject: [PATCH 086/103] update go.sum? --- go.sum | 1 + 1 file changed, 1 insertion(+) diff --git a/go.sum b/go.sum index bc5935af8b48f..3c9fb3b6ca027 100644 --- a/go.sum +++ b/go.sum @@ -2840,6 +2840,7 @@ golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20200128174031-69ecbb4d6d5d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200214034016-1d94cc7ab1c6/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= From 86c7bcb8b77a08fb26eb07bbfdabda0e035d30a8 Mon Sep 17 00:00:00 2001 From: RTann Date: Wed, 16 Feb 2022 15:26:44 -0800 Subject: [PATCH 087/103] updates --- sensor/common/scannerclient/grpc_client.go | 4 ++-- sensor/common/scannerclient/scan.go | 2 +- sensor/common/scannerclient/singleton.go | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/sensor/common/scannerclient/grpc_client.go b/sensor/common/scannerclient/grpc_client.go index b5b6be82f3ec0..df4b7249aa507 100644 --- a/sensor/common/scannerclient/grpc_client.go +++ b/sensor/common/scannerclient/grpc_client.go @@ -22,8 +22,8 @@ type client struct { conn *grpc.ClientConn } -// newGRPCClient creates a new Scanner client. -func newGRPCClient(endpoint string) (*client, error) { +// dial Scanner and return a new client. +func dial(endpoint string) (*client, error) { if endpoint == "" { log.Info("No Scanner connection desired") return nil, nil diff --git a/sensor/common/scannerclient/scan.go b/sensor/common/scannerclient/scan.go index 4b79733b2d8ca..6089289c9cf5c 100644 --- a/sensor/common/scannerclient/scan.go +++ b/sensor/common/scannerclient/scan.go @@ -12,7 +12,7 @@ import ( var ( // ErrNoLocalScanner indicates there is no Secured Cluster-local Scanner. - ErrNoLocalScanner = errors.New("No local Scanner integrated") + ErrNoLocalScanner = errors.New("No local Scanner connection") log = logging.LoggerForModule() ) diff --git a/sensor/common/scannerclient/singleton.go b/sensor/common/scannerclient/singleton.go index d153b005f682b..763fe74a38a31 100644 --- a/sensor/common/scannerclient/singleton.go +++ b/sensor/common/scannerclient/singleton.go @@ -16,7 +16,7 @@ var ( func GRPCClientSingleton() *client { once.Do(func() { var err error - scannerClient, err = newGRPCClient(env.ScannerEndpoint.Setting()) + scannerClient, err = dial(env.ScannerEndpoint.Setting()) _ = utils.Should(err) }) return scannerClient From 8bea0c2ca924b470592db2c3054a61263ddf605d Mon Sep 17 00:00:00 2001 From: RTann Date: Wed, 16 Feb 2022 15:29:56 -0800 Subject: [PATCH 088/103] forgot to update comment --- sensor/admission-control/manager/images.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sensor/admission-control/manager/images.go b/sensor/admission-control/manager/images.go index 29367da709925..e83829b4cd74a 100644 --- a/sensor/admission-control/manager/images.go +++ b/sensor/admission-control/manager/images.go @@ -64,7 +64,7 @@ type fetchImageResult struct { func (m *manager) getImageFromSensorOrCentral(ctx context.Context, s *state, img *storage.ContainerImage) (*storage.Image, error) { // Talk to central if we know its endpoint (and the client connection is not shutting down), and if we are not // currently connected to sensor. - // Note: we do not support scanning images stored in local registries if we cannot reach Sensor. + // Note: Sensor is required to scan images in the local registry. if !m.sensorConnStatus.Get() && s.centralConn != nil && s.centralConn.GetState() != connectivity.Shutdown { // Central route resp, err := v1.NewImageServiceClient(s.centralConn).ScanImageInternal(ctx, &v1.ScanImageInternalRequest{ From a4c378bf6574e0fbaddb3576ecd1278b171e3c83 Mon Sep 17 00:00:00 2001 From: RTann Date: Wed, 16 Feb 2022 21:11:04 -0800 Subject: [PATCH 089/103] update comment --- make/protogen.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/make/protogen.mk b/make/protogen.mk index e58098c474a94..0e6285fbdd8ab 100644 --- a/make/protogen.mk +++ b/make/protogen.mk @@ -100,7 +100,7 @@ GOGO_M_STR := Mgoogle/protobuf/any.proto=github.com/gogo/protobuf/types,Mgoogle/ # Here, we instruct protoc-gen-go to import the go source for proto file $(BASE_PATH)//*.proto to # "github.com/stackrox/rox/generated/". ROX_M_ARGS = $(foreach proto,$(ALL_PROTOS_REL),M$(proto)=github.com/stackrox/rox/generated/$(patsubst %/,%,$(dir $(proto)))) -# Here, we instruct protoc-gen-go to import the go source for proto file github.com/scanner/proto//*.proto to +# Here, we instruct protoc-gen-go to import the go source for proto file github.com/stackrox/scanner/proto//*.proto to # "github.com/stackrox/scanner/generated/". SCANNER_M_ARGS = $(foreach proto,$(ALL_SCANNER_PROTOS_REL),M$(proto)=github.com/stackrox/scanner/generated/$(patsubst %/,%,$(dir $(proto)))) # Combine the *_M_ARGS. From a7029e44e76711c612583c8fd03e51cdc3fb6f8b Mon Sep 17 00:00:00 2001 From: RTann Date: Wed, 16 Feb 2022 21:23:35 -0800 Subject: [PATCH 090/103] update logs --- sensor/common/scannerclient/grpc_client.go | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/sensor/common/scannerclient/grpc_client.go b/sensor/common/scannerclient/grpc_client.go index df4b7249aa507..eddefea3a61f2 100644 --- a/sensor/common/scannerclient/grpc_client.go +++ b/sensor/common/scannerclient/grpc_client.go @@ -66,16 +66,15 @@ func (c *client) GetImageAnalysis(ctx context.Context, ci *storage.ContainerImag } name := ci.GetName().GetFullName() - namespace := utils.ExtractOpenShiftProject(ci.GetName()) image := types.ToImage(ci) metadata, err := reg.Metadata(image) if err != nil { - log.Debugf("Failed to get metadata for image %s in namespace %s: %v", name, namespace, err) + log.Debugf("Failed to get metadata for image %s: %v", name, err) return nil, errors.Wrap(err, "getting image metadata") } - log.Debugf("Retrieved metadata for image %s in namespace %s: %v", name, namespace, metadata) + log.Debugf("Retrieved metadata for image %s: %v", name, metadata) cfg := reg.Config() resp, err := c.client.GetImageComponents(ctx, &scannerV1.GetImageComponentsRequest{ @@ -88,11 +87,11 @@ func (c *client) GetImageAnalysis(ctx context.Context, ci *storage.ContainerImag }, }) if err != nil { - log.Debugf("Unable to get image components from local Scanner for image %s in namespace %s: %v", name, namespace, err) + log.Debugf("Unable to get image components from local Scanner for image %s: %v", name, err) return nil, errors.Wrap(err, "getting image components from scanner") } - log.Debugf("Got image components from local Scanner for image %s in namespace %s", name, namespace) + log.Debugf("Got image components from local Scanner for image %s", name) return &imageData{ Metadata: metadata, From 28a80c4797dea3dbb1430a71edc7f061caed236d Mon Sep 17 00:00:00 2001 From: RTann Date: Thu, 17 Feb 2022 13:12:55 -0800 Subject: [PATCH 091/103] add a new env var to indicate if we want to use a local scanner --- pkg/env/sensor.go | 9 +++++---- sensor/common/scannerclient/grpc_client.go | 5 ++--- sensor/common/scannerclient/scan.go | 2 +- sensor/common/scannerclient/singleton.go | 7 ++++++- 4 files changed, 14 insertions(+), 9 deletions(-) diff --git a/pkg/env/sensor.go b/pkg/env/sensor.go index 00548a20db9cb..9fc7d56e645a5 100644 --- a/pkg/env/sensor.go +++ b/pkg/env/sensor.go @@ -12,9 +12,10 @@ var ( // SensorEndpoint is used to communicate the sensor endpoint to other services in the same cluster. SensorEndpoint = RegisterSetting("ROX_SENSOR_ENDPOINT", WithDefault("sensor.stackrox.svc:443")) - // ScannerEndpoint is used to communicate the scanner endpoint to other services in the same cluster. + // ScannerGRPCEndpoint is used to communicate the scanner endpoint to other services in the same cluster. // This is typically used for Sensor to communicate with a local Scanner-slim's gRPC server. - // There is no default, as Scanner-slim is not deployed in all environments. - // This should only be set if there is a Scanner-slim deployed to the same cluster as Sensor. - ScannerEndpoint = RegisterSetting("ROX_SCANNER_GRPC_ENDPOINT") + ScannerGRPCEndpoint = RegisterSetting("ROX_SCANNER_GRPC_ENDPOINT", WithDefault("scanner-slim.stackrox.svc:8443")) + + // UseLocalScanner is used to specify if Sensor should attempt to scan images via a local Scanner. + UseLocalScanner = RegisterBooleanSetting("ROX_USE_LOCAL_SCANNER", false) ) diff --git a/sensor/common/scannerclient/grpc_client.go b/sensor/common/scannerclient/grpc_client.go index eddefea3a61f2..93d619fd9d513 100644 --- a/sensor/common/scannerclient/grpc_client.go +++ b/sensor/common/scannerclient/grpc_client.go @@ -25,8 +25,7 @@ type client struct { // dial Scanner and return a new client. func dial(endpoint string) (*client, error) { if endpoint == "" { - log.Info("No Scanner connection desired") - return nil, nil + return nil, errors.New("Invalid Scanner endpoint (empty)") } endpoint = strings.TrimPrefix(endpoint, "https://") @@ -46,7 +45,7 @@ func dial(endpoint string) (*client, error) { return nil, errors.Wrap(err, "failed to connect to Scanner") } - log.Infof("Connecting to Scanner at %s", endpoint) + log.Infof("Dialing Scanner at %s", endpoint) return &client{ client: scannerV1.NewImageScanServiceClient(conn), diff --git a/sensor/common/scannerclient/scan.go b/sensor/common/scannerclient/scan.go index 6089289c9cf5c..539757c07ca78 100644 --- a/sensor/common/scannerclient/scan.go +++ b/sensor/common/scannerclient/scan.go @@ -11,7 +11,7 @@ import ( ) var ( - // ErrNoLocalScanner indicates there is no Secured Cluster-local Scanner. + // ErrNoLocalScanner indicates there is no Secured Cluster local Scanner. ErrNoLocalScanner = errors.New("No local Scanner connection") log = logging.LoggerForModule() diff --git a/sensor/common/scannerclient/singleton.go b/sensor/common/scannerclient/singleton.go index 763fe74a38a31..bd9768f713f47 100644 --- a/sensor/common/scannerclient/singleton.go +++ b/sensor/common/scannerclient/singleton.go @@ -15,8 +15,13 @@ var ( // Only one client per Sensor is required. func GRPCClientSingleton() *client { once.Do(func() { + if !env.UseLocalScanner.BooleanSetting() { + log.Info("No local Scanner connection desired") + return + } + var err error - scannerClient, err = dial(env.ScannerEndpoint.Setting()) + scannerClient, err = dial(env.ScannerGRPCEndpoint.Setting()) _ = utils.Should(err) }) return scannerClient From 24e0633a8e24bf607926df276cde974c3bf6857a Mon Sep 17 00:00:00 2001 From: RTann Date: Fri, 18 Feb 2022 08:22:20 -0800 Subject: [PATCH 092/103] for now --- pkg/env/sensor.go | 4 + pkg/scannerclientconn/clientconn.go | 29 ++++++ pkg/scannerclientconn/dialoptions.go | 10 ++ pkg/scannerclientconn/manager/manager.go | 106 +++++++++++++++++++++ sensor/common/scannerclient/connect.go | 22 +++++ sensor/common/scannerclient/grpc_client.go | 2 + sensor/common/scannerconn/clientconn.go | 33 +++++++ sensor/common/scannerconn/manager.go | 13 +++ 8 files changed, 219 insertions(+) create mode 100644 pkg/scannerclientconn/clientconn.go create mode 100644 pkg/scannerclientconn/dialoptions.go create mode 100644 pkg/scannerclientconn/manager/manager.go create mode 100644 sensor/common/scannerclient/connect.go create mode 100644 sensor/common/scannerconn/clientconn.go create mode 100644 sensor/common/scannerconn/manager.go diff --git a/pkg/env/sensor.go b/pkg/env/sensor.go index 9fc7d56e645a5..d8837183be94f 100644 --- a/pkg/env/sensor.go +++ b/pkg/env/sensor.go @@ -12,6 +12,10 @@ var ( // SensorEndpoint is used to communicate the sensor endpoint to other services in the same cluster. SensorEndpoint = RegisterSetting("ROX_SENSOR_ENDPOINT", WithDefault("sensor.stackrox.svc:443")) + // ScannerEndpoint is used to communicate the scanner endpoint to other services in the same cluster. + // This is typically used for Sensor to communicate with a local Scanner-slim's HTTP server. + ScannerEndpoint = RegisterSetting("ROX_SCANNER_ENDPOINT", WithDefault("scanner-slim.stackrox.svc:8080")) + // ScannerGRPCEndpoint is used to communicate the scanner endpoint to other services in the same cluster. // This is typically used for Sensor to communicate with a local Scanner-slim's gRPC server. ScannerGRPCEndpoint = RegisterSetting("ROX_SCANNER_GRPC_ENDPOINT", WithDefault("scanner-slim.stackrox.svc:8443")) diff --git a/pkg/scannerclientconn/clientconn.go b/pkg/scannerclientconn/clientconn.go new file mode 100644 index 0000000000000..65ed6fba2b67e --- /dev/null +++ b/pkg/scannerclientconn/clientconn.go @@ -0,0 +1,29 @@ +package scannerclientconn + +import ( + "strings" + + "github.com/pkg/errors" + "google.golang.org/grpc" + "google.golang.org/grpc/credentials" + "google.golang.org/grpc/credentials/insecure" +) + +// Dial creates a client connection to Scanner at the given endpoint. +func Dial(endpoint string, dialOpts DialOptions) (*grpc.ClientConn, error) { + if endpoint == "" { + return nil, errors.New("Invalid Scanner endpoint (empty)") + } + + endpoint = strings.TrimPrefix(endpoint, "https://") + if strings.Contains(endpoint, "://") { + return nil, errors.Errorf("Scanner endpoint has unsupported scheme: %s", endpoint) + } + + creds := insecure.NewCredentials() + if dialOpts.TLSConfig != nil { + creds = credentials.NewTLS(dialOpts.TLSConfig) + } + + return grpc.Dial(endpoint, grpc.WithTransportCredentials(creds)) +} diff --git a/pkg/scannerclientconn/dialoptions.go b/pkg/scannerclientconn/dialoptions.go new file mode 100644 index 0000000000000..ce2589909ac15 --- /dev/null +++ b/pkg/scannerclientconn/dialoptions.go @@ -0,0 +1,10 @@ +package scannerclientconn + +import "crypto/tls" + +// DialOptions specifies how to configure the connection with Scanner. +type DialOptions struct { + // TLSConfig specifies the TLS configuration to use to talk to Scanner. + // If nil, then an insecure connection is used. + TLSConfig *tls.Config +} diff --git a/pkg/scannerclientconn/manager/manager.go b/pkg/scannerclientconn/manager/manager.go new file mode 100644 index 0000000000000..26172a5b00182 --- /dev/null +++ b/pkg/scannerclientconn/manager/manager.go @@ -0,0 +1,106 @@ +package manager + +import ( + "crypto/tls" + "fmt" + "net/http" + "strings" + "time" + + "github.com/cenkalti/backoff/v3" + "github.com/pkg/errors" + "github.com/stackrox/rox/pkg/clientconn" + "github.com/stackrox/rox/pkg/grpc/util" + "github.com/stackrox/rox/pkg/httputil/proxy" + "github.com/stackrox/rox/pkg/logging" + "github.com/stackrox/rox/pkg/mtls" + "github.com/stackrox/scanner/pkg/clairify/client" +) + +var ( + log = logging.LoggerForModule() +) + +type Manager struct { + httpClient *client.Clairify + gRPCEndpoint string + tlsConfig *tls.Config + + conn *util.LazyClientConn +} + +func NewManager(httpEndpoint, gRPCEndpoint string) (*Manager, error) { + if httpEndpoint == "" && gRPCEndpoint == "" { + return nil, errors.New("no Scanner endpoints configured. Require both HTTP and gRPC") + } + + if httpEndpoint == "" { + return nil, errors.New("no Scanner HTTP endpoint configured") + } + parts := strings.SplitN(httpEndpoint, "://", 2) + switch parts[0] { + case "https": + break + default: + if len(parts) == 1 { + httpEndpoint = fmt.Sprintf("https://%s", httpEndpoint) + break + } + return nil, errors.Errorf("Scanner HTTP endpoint has unsupported scheme: %s", parts[0]) + } + + if gRPCEndpoint == "" { + return nil, errors.New("no Scanner gRPC endpoint configured") + } + gRPCEndpoint = strings.TrimPrefix(gRPCEndpoint, "https://") + if strings.Contains(gRPCEndpoint, "://") { + return nil, errors.Errorf("Scanner endpoint has unsupported scheme: %s", gRPCEndpoint) + } + + tlsConfig, err := clientconn.TLSConfig(mtls.ScannerSubject, clientconn.TLSConfigOptions{ + UseClientCert: clientconn.MustUseClientCert, + }) + if err != nil { + return nil, errors.Wrap(err, "failed to initialize Scanner TLS config") + } + + + + return &Manager{ + httpClient: client.NewWithClient(httpEndpoint, &http.Client{ + Transport: &http.Transport{ + TLSClientConfig: tlsConfig, + Proxy: proxy.FromConfig(), + }, + }), + gRPCEndpoint: gRPCEndpoint, + tlsConfig: tlsConfig, + + conn: util.NewLazyClientConn(), + }, nil +} + +func (m *Manager) Start() { + go m.start() +} + +func (m *Manager) start() { + m.waitUntilScannerIsReady() +} + +func (m *Manager) waitUntilScannerIsReady() { + exponential := backoff.NewExponentialBackOff() + exponential.MaxElapsedTime = 5 * time.Minute + exponential.MaxInterval = 32 * time.Second + err := backoff.RetryNotify(func() error { + // By default, the Ping timeout is 5 seconds. + // It can be reconfigured via: + // client.PingTimeout = + return m.httpClient.Ping() + }, exponential, func(err error, d time.Duration) { + log.Infof("Check Central status failed: %s. Retrying after %s...", err, d.Round(time.Millisecond)) + }) + if err != nil { + s.stoppedSig.SignalWithErrorWrapf(err, "checking central status failed after %s", exponential.GetElapsedTime()) + } +} diff --git a/sensor/common/scannerclient/connect.go b/sensor/common/scannerclient/connect.go new file mode 100644 index 0000000000000..f8eefdddfd6be --- /dev/null +++ b/sensor/common/scannerclient/connect.go @@ -0,0 +1,22 @@ +package scannerclient + +import ( + "time" + + "github.com/cenkalti/backoff/v3" +) + +func waitUntilScannerIsReady() { + exponential := backoff.NewExponentialBackOff() + exponential.MaxElapsedTime = 5 * time.Minute + exponential.MaxInterval = 32 * time.Second + + err := backoff.RetryNotify(func() error { + return s.pollMetadata() + }, exponential, func(err error, d time.Duration) { + log.Infof("Check Central status failed: %s. Retrying after %s...", err, d.Round(time.Millisecond)) + }) + if err != nil { + s.stoppedSig.SignalWithErrorWrapf(err, "checking central status failed after %s", exponential.GetElapsedTime()) + } +} diff --git a/sensor/common/scannerclient/grpc_client.go b/sensor/common/scannerclient/grpc_client.go index 93d619fd9d513..e029f7d49e664 100644 --- a/sensor/common/scannerclient/grpc_client.go +++ b/sensor/common/scannerclient/grpc_client.go @@ -53,6 +53,8 @@ func dial(endpoint string) (*client, error) { }, nil } +func () + // GetImageAnalysis retrieves the image analysis results for the given image. // The steps are as follows: // 1. Retrieve image metadata. diff --git a/sensor/common/scannerconn/clientconn.go b/sensor/common/scannerconn/clientconn.go new file mode 100644 index 0000000000000..339c4a950a68d --- /dev/null +++ b/sensor/common/scannerconn/clientconn.go @@ -0,0 +1,33 @@ +package scannerconn + +import ( + "strings" + + "github.com/pkg/errors" + "github.com/stackrox/rox/pkg/clientconn" + "github.com/stackrox/rox/pkg/mtls" +) + +type Conn struct { + +} + +func Dial(endpoint string) (*Conn, error) { + if endpoint == "" { + return nil, errors.New("Invalid Scanner endpoint (empty)") + } + + endpoint = strings.TrimPrefix(endpoint, "https://") + if strings.Contains(endpoint, "://") { + return nil, errors.Errorf("Scanner endpoint has unsupported scheme: %s", endpoint) + } + + tlsConfig, err := clientconn.TLSConfig(mtls.ScannerSubject, clientconn.TLSConfigOptions{ + UseClientCert: clientconn.MustUseClientCert, + }) + if err != nil { + return nil, errors.Wrap(err, "failed to initialize Scanner TLS config") + } + + +} diff --git a/sensor/common/scannerconn/manager.go b/sensor/common/scannerconn/manager.go new file mode 100644 index 0000000000000..e29d89f2ed245 --- /dev/null +++ b/sensor/common/scannerconn/manager.go @@ -0,0 +1,13 @@ +package scannerconn + +type ConnManager struct { + +} + +func NewConnManager() *ConnManager { + + + return &ConnManager{} +} + + From 931b4775b87ac5aec16b5aa1741e6c33f0ad16e8 Mon Sep 17 00:00:00 2001 From: RTann Date: Mon, 21 Feb 2022 10:53:28 -0800 Subject: [PATCH 093/103] remove testing --- pkg/scannerclientconn/clientconn.go | 29 ------- pkg/scannerclientconn/dialoptions.go | 10 --- pkg/scannerclientconn/manager/manager.go | 106 ----------------------- sensor/common/scannerconn/clientconn.go | 33 ------- sensor/common/scannerconn/manager.go | 13 --- sensor/common/signal/signal_service.go | 2 +- 6 files changed, 1 insertion(+), 192 deletions(-) delete mode 100644 pkg/scannerclientconn/clientconn.go delete mode 100644 pkg/scannerclientconn/dialoptions.go delete mode 100644 pkg/scannerclientconn/manager/manager.go delete mode 100644 sensor/common/scannerconn/clientconn.go delete mode 100644 sensor/common/scannerconn/manager.go diff --git a/pkg/scannerclientconn/clientconn.go b/pkg/scannerclientconn/clientconn.go deleted file mode 100644 index 65ed6fba2b67e..0000000000000 --- a/pkg/scannerclientconn/clientconn.go +++ /dev/null @@ -1,29 +0,0 @@ -package scannerclientconn - -import ( - "strings" - - "github.com/pkg/errors" - "google.golang.org/grpc" - "google.golang.org/grpc/credentials" - "google.golang.org/grpc/credentials/insecure" -) - -// Dial creates a client connection to Scanner at the given endpoint. -func Dial(endpoint string, dialOpts DialOptions) (*grpc.ClientConn, error) { - if endpoint == "" { - return nil, errors.New("Invalid Scanner endpoint (empty)") - } - - endpoint = strings.TrimPrefix(endpoint, "https://") - if strings.Contains(endpoint, "://") { - return nil, errors.Errorf("Scanner endpoint has unsupported scheme: %s", endpoint) - } - - creds := insecure.NewCredentials() - if dialOpts.TLSConfig != nil { - creds = credentials.NewTLS(dialOpts.TLSConfig) - } - - return grpc.Dial(endpoint, grpc.WithTransportCredentials(creds)) -} diff --git a/pkg/scannerclientconn/dialoptions.go b/pkg/scannerclientconn/dialoptions.go deleted file mode 100644 index ce2589909ac15..0000000000000 --- a/pkg/scannerclientconn/dialoptions.go +++ /dev/null @@ -1,10 +0,0 @@ -package scannerclientconn - -import "crypto/tls" - -// DialOptions specifies how to configure the connection with Scanner. -type DialOptions struct { - // TLSConfig specifies the TLS configuration to use to talk to Scanner. - // If nil, then an insecure connection is used. - TLSConfig *tls.Config -} diff --git a/pkg/scannerclientconn/manager/manager.go b/pkg/scannerclientconn/manager/manager.go deleted file mode 100644 index 26172a5b00182..0000000000000 --- a/pkg/scannerclientconn/manager/manager.go +++ /dev/null @@ -1,106 +0,0 @@ -package manager - -import ( - "crypto/tls" - "fmt" - "net/http" - "strings" - "time" - - "github.com/cenkalti/backoff/v3" - "github.com/pkg/errors" - "github.com/stackrox/rox/pkg/clientconn" - "github.com/stackrox/rox/pkg/grpc/util" - "github.com/stackrox/rox/pkg/httputil/proxy" - "github.com/stackrox/rox/pkg/logging" - "github.com/stackrox/rox/pkg/mtls" - "github.com/stackrox/scanner/pkg/clairify/client" -) - -var ( - log = logging.LoggerForModule() -) - -type Manager struct { - httpClient *client.Clairify - gRPCEndpoint string - tlsConfig *tls.Config - - conn *util.LazyClientConn -} - -func NewManager(httpEndpoint, gRPCEndpoint string) (*Manager, error) { - if httpEndpoint == "" && gRPCEndpoint == "" { - return nil, errors.New("no Scanner endpoints configured. Require both HTTP and gRPC") - } - - if httpEndpoint == "" { - return nil, errors.New("no Scanner HTTP endpoint configured") - } - parts := strings.SplitN(httpEndpoint, "://", 2) - switch parts[0] { - case "https": - break - default: - if len(parts) == 1 { - httpEndpoint = fmt.Sprintf("https://%s", httpEndpoint) - break - } - return nil, errors.Errorf("Scanner HTTP endpoint has unsupported scheme: %s", parts[0]) - } - - if gRPCEndpoint == "" { - return nil, errors.New("no Scanner gRPC endpoint configured") - } - gRPCEndpoint = strings.TrimPrefix(gRPCEndpoint, "https://") - if strings.Contains(gRPCEndpoint, "://") { - return nil, errors.Errorf("Scanner endpoint has unsupported scheme: %s", gRPCEndpoint) - } - - tlsConfig, err := clientconn.TLSConfig(mtls.ScannerSubject, clientconn.TLSConfigOptions{ - UseClientCert: clientconn.MustUseClientCert, - }) - if err != nil { - return nil, errors.Wrap(err, "failed to initialize Scanner TLS config") - } - - - - return &Manager{ - httpClient: client.NewWithClient(httpEndpoint, &http.Client{ - Transport: &http.Transport{ - TLSClientConfig: tlsConfig, - Proxy: proxy.FromConfig(), - }, - }), - gRPCEndpoint: gRPCEndpoint, - tlsConfig: tlsConfig, - - conn: util.NewLazyClientConn(), - }, nil -} - -func (m *Manager) Start() { - go m.start() -} - -func (m *Manager) start() { - m.waitUntilScannerIsReady() -} - -func (m *Manager) waitUntilScannerIsReady() { - exponential := backoff.NewExponentialBackOff() - exponential.MaxElapsedTime = 5 * time.Minute - exponential.MaxInterval = 32 * time.Second - err := backoff.RetryNotify(func() error { - // By default, the Ping timeout is 5 seconds. - // It can be reconfigured via: - // client.PingTimeout = - return m.httpClient.Ping() - }, exponential, func(err error, d time.Duration) { - log.Infof("Check Central status failed: %s. Retrying after %s...", err, d.Round(time.Millisecond)) - }) - if err != nil { - s.stoppedSig.SignalWithErrorWrapf(err, "checking central status failed after %s", exponential.GetElapsedTime()) - } -} diff --git a/sensor/common/scannerconn/clientconn.go b/sensor/common/scannerconn/clientconn.go deleted file mode 100644 index 339c4a950a68d..0000000000000 --- a/sensor/common/scannerconn/clientconn.go +++ /dev/null @@ -1,33 +0,0 @@ -package scannerconn - -import ( - "strings" - - "github.com/pkg/errors" - "github.com/stackrox/rox/pkg/clientconn" - "github.com/stackrox/rox/pkg/mtls" -) - -type Conn struct { - -} - -func Dial(endpoint string) (*Conn, error) { - if endpoint == "" { - return nil, errors.New("Invalid Scanner endpoint (empty)") - } - - endpoint = strings.TrimPrefix(endpoint, "https://") - if strings.Contains(endpoint, "://") { - return nil, errors.Errorf("Scanner endpoint has unsupported scheme: %s", endpoint) - } - - tlsConfig, err := clientconn.TLSConfig(mtls.ScannerSubject, clientconn.TLSConfigOptions{ - UseClientCert: clientconn.MustUseClientCert, - }) - if err != nil { - return nil, errors.Wrap(err, "failed to initialize Scanner TLS config") - } - - -} diff --git a/sensor/common/scannerconn/manager.go b/sensor/common/scannerconn/manager.go deleted file mode 100644 index e29d89f2ed245..0000000000000 --- a/sensor/common/scannerconn/manager.go +++ /dev/null @@ -1,13 +0,0 @@ -package scannerconn - -type ConnManager struct { - -} - -func NewConnManager() *ConnManager { - - - return &ConnManager{} -} - - diff --git a/sensor/common/signal/signal_service.go b/sensor/common/signal/signal_service.go index bc7d7e40655b2..b0cc44dc69a10 100644 --- a/sensor/common/signal/signal_service.go +++ b/sensor/common/signal/signal_service.go @@ -123,10 +123,10 @@ func (s *serviceImpl) receiveMessages(stream sensorAPI.SignalService_PushSignals processSignal.ExecFilePath = stringutils.OrDefault(processSignal.GetExecFilePath(), processSignal.GetName()) if !isProcessSignalValid(processSignal) { + log.Debugf("Invalid process signal: %+v", processSignal) continue } - log.Debugf("Process Signal: %+v", processSignal) s.processPipeline.Process(processSignal) default: // Currently eat unhandled signals From 2931ca93c5f0878b461fe7088b95579251b27d69 Mon Sep 17 00:00:00 2001 From: RTann Date: Mon, 21 Feb 2022 10:57:50 -0800 Subject: [PATCH 094/103] one more --- sensor/common/scannerclient/grpc_client.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/sensor/common/scannerclient/grpc_client.go b/sensor/common/scannerclient/grpc_client.go index e029f7d49e664..93d619fd9d513 100644 --- a/sensor/common/scannerclient/grpc_client.go +++ b/sensor/common/scannerclient/grpc_client.go @@ -53,8 +53,6 @@ func dial(endpoint string) (*client, error) { }, nil } -func () - // GetImageAnalysis retrieves the image analysis results for the given image. // The steps are as follows: // 1. Retrieve image metadata. From e1f57fc7e9f3d4b4f855535cc252ca05e3556745 Mon Sep 17 00:00:00 2001 From: RTann Date: Mon, 21 Feb 2022 13:52:08 -0800 Subject: [PATCH 095/103] remove more remnants --- pkg/env/sensor.go | 4 ---- sensor/common/scannerclient/connect.go | 22 ---------------------- 2 files changed, 26 deletions(-) delete mode 100644 sensor/common/scannerclient/connect.go diff --git a/pkg/env/sensor.go b/pkg/env/sensor.go index d8837183be94f..9fc7d56e645a5 100644 --- a/pkg/env/sensor.go +++ b/pkg/env/sensor.go @@ -12,10 +12,6 @@ var ( // SensorEndpoint is used to communicate the sensor endpoint to other services in the same cluster. SensorEndpoint = RegisterSetting("ROX_SENSOR_ENDPOINT", WithDefault("sensor.stackrox.svc:443")) - // ScannerEndpoint is used to communicate the scanner endpoint to other services in the same cluster. - // This is typically used for Sensor to communicate with a local Scanner-slim's HTTP server. - ScannerEndpoint = RegisterSetting("ROX_SCANNER_ENDPOINT", WithDefault("scanner-slim.stackrox.svc:8080")) - // ScannerGRPCEndpoint is used to communicate the scanner endpoint to other services in the same cluster. // This is typically used for Sensor to communicate with a local Scanner-slim's gRPC server. ScannerGRPCEndpoint = RegisterSetting("ROX_SCANNER_GRPC_ENDPOINT", WithDefault("scanner-slim.stackrox.svc:8443")) diff --git a/sensor/common/scannerclient/connect.go b/sensor/common/scannerclient/connect.go deleted file mode 100644 index f8eefdddfd6be..0000000000000 --- a/sensor/common/scannerclient/connect.go +++ /dev/null @@ -1,22 +0,0 @@ -package scannerclient - -import ( - "time" - - "github.com/cenkalti/backoff/v3" -) - -func waitUntilScannerIsReady() { - exponential := backoff.NewExponentialBackOff() - exponential.MaxElapsedTime = 5 * time.Minute - exponential.MaxInterval = 32 * time.Second - - err := backoff.RetryNotify(func() error { - return s.pollMetadata() - }, exponential, func(err error, d time.Duration) { - log.Infof("Check Central status failed: %s. Retrying after %s...", err, d.Round(time.Millisecond)) - }) - if err != nil { - s.stoppedSig.SignalWithErrorWrapf(err, "checking central status failed after %s", exponential.GetElapsedTime()) - } -} From 7f37d68388f2ca58856b6984a425b1986a56fc80 Mon Sep 17 00:00:00 2001 From: RTann Date: Mon, 21 Feb 2022 13:55:33 -0800 Subject: [PATCH 096/103] comment dial is non-blocking --- sensor/common/scannerclient/grpc_client.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sensor/common/scannerclient/grpc_client.go b/sensor/common/scannerclient/grpc_client.go index 93d619fd9d513..8e2a9f50ca469 100644 --- a/sensor/common/scannerclient/grpc_client.go +++ b/sensor/common/scannerclient/grpc_client.go @@ -23,6 +23,7 @@ type client struct { } // dial Scanner and return a new client. +// dial is non-blocking. func dial(endpoint string) (*client, error) { if endpoint == "" { return nil, errors.New("Invalid Scanner endpoint (empty)") @@ -40,6 +41,8 @@ func dial(endpoint string) (*client, error) { return nil, errors.Wrap(err, "failed to initialize Scanner TLS config") } + // This is non-blocking. If we ever want this to block, + // then add the grpc.WithBlock() DialOption. conn, err := grpc.Dial(endpoint, grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig))) if err != nil { return nil, errors.Wrap(err, "failed to connect to Scanner") From d587c3a08d0dab0e41f9cee599861eaeb0cc8818 Mon Sep 17 00:00:00 2001 From: RTann Date: Mon, 21 Feb 2022 15:25:49 -0800 Subject: [PATCH 097/103] comment updates --- sensor/common/scannerclient/grpc_client.go | 2 +- sensor/common/scannerclient/scan.go | 3 ++- sensor/common/scannerclient/singleton.go | 1 + 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/sensor/common/scannerclient/grpc_client.go b/sensor/common/scannerclient/grpc_client.go index 8e2a9f50ca469..0e6a7f75d1fd7 100644 --- a/sensor/common/scannerclient/grpc_client.go +++ b/sensor/common/scannerclient/grpc_client.go @@ -23,7 +23,7 @@ type client struct { } // dial Scanner and return a new client. -// dial is non-blocking. +// dial is non-blocking and returns a non-nil error upon configuration error. func dial(endpoint string) (*client, error) { if endpoint == "" { return nil, errors.New("Invalid Scanner endpoint (empty)") diff --git a/sensor/common/scannerclient/scan.go b/sensor/common/scannerclient/scan.go index 539757c07ca78..4813b89c4538b 100644 --- a/sensor/common/scannerclient/scan.go +++ b/sensor/common/scannerclient/scan.go @@ -11,7 +11,8 @@ import ( ) var ( - // ErrNoLocalScanner indicates there is no Secured Cluster local Scanner. + // ErrNoLocalScanner indicates there is no Secured Cluster local Scanner connection. + // This happens if it's not desired or if there is a connection error. ErrNoLocalScanner = errors.New("No local Scanner connection") log = logging.LoggerForModule() diff --git a/sensor/common/scannerclient/singleton.go b/sensor/common/scannerclient/singleton.go index bd9768f713f47..0ac0c68e22489 100644 --- a/sensor/common/scannerclient/singleton.go +++ b/sensor/common/scannerclient/singleton.go @@ -22,6 +22,7 @@ func GRPCClientSingleton() *client { var err error scannerClient, err = dial(env.ScannerGRPCEndpoint.Setting()) + // If err is not nil, then there was a configuration error. _ = utils.Should(err) }) return scannerClient From 407a1197e6353e64b628d1d8bea92004d7345dd3 Mon Sep 17 00:00:00 2001 From: RTann Date: Mon, 21 Feb 2022 15:32:50 -0800 Subject: [PATCH 098/103] update log --- sensor/common/scannerclient/grpc_client.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sensor/common/scannerclient/grpc_client.go b/sensor/common/scannerclient/grpc_client.go index 0e6a7f75d1fd7..d86bf245c10ff 100644 --- a/sensor/common/scannerclient/grpc_client.go +++ b/sensor/common/scannerclient/grpc_client.go @@ -93,7 +93,7 @@ func (c *client) GetImageAnalysis(ctx context.Context, ci *storage.ContainerImag return nil, errors.Wrap(err, "getting image components from scanner") } - log.Debugf("Got image components from local Scanner for image %s", name) + log.Debugf("Received image components from local Scanner for image %s", name) return &imageData{ Metadata: metadata, From bb17e5dcbede92837a6211e09a5a32df508b77c1 Mon Sep 17 00:00:00 2001 From: RTann Date: Mon, 21 Feb 2022 16:20:50 -0800 Subject: [PATCH 099/103] revert timeout --- sensor/common/detector/enricher.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sensor/common/detector/enricher.go b/sensor/common/detector/enricher.go index a997c1bb01da5..7ad8cf779705a 100644 --- a/sensor/common/detector/enricher.go +++ b/sensor/common/detector/enricher.go @@ -19,7 +19,7 @@ import ( ) const ( - scanTimeout = 10 * time.Minute + scanTimeout = 6 * time.Minute ) type scanResult struct { From 6e799c1a2bd2398462f75ac95f99bfc282aa64b9 Mon Sep 17 00:00:00 2001 From: RTann Date: Tue, 22 Feb 2022 14:53:33 -0800 Subject: [PATCH 100/103] updates --- central/image/service/service_impl.go | 10 +- generated/api/v1/image_service.pb.go | 187 ++++++++++++-------- generated/api/v1/image_service.swagger.json | 6 + proto/api/v1/image_service.proto | 5 +- sensor/common/detector/enricher.go | 26 ++- sensor/common/image/service_impl.go | 38 ++-- sensor/common/imageutil/util.go | 17 ++ sensor/common/scan/scan.go | 87 +++++++++ sensor/common/scannerclient/grpc_client.go | 36 +--- sensor/common/scannerclient/scan.go | 49 ----- sensor/common/scannerclient/types.go | 11 -- 11 files changed, 274 insertions(+), 198 deletions(-) create mode 100644 sensor/common/imageutil/util.go create mode 100644 sensor/common/scan/scan.go delete mode 100644 sensor/common/scannerclient/scan.go delete mode 100644 sensor/common/scannerclient/types.go diff --git a/central/image/service/service_impl.go b/central/image/service/service_impl.go index cd9fb713329e4..7aa6dc0732eeb 100644 --- a/central/image/service/service_impl.go +++ b/central/image/service/service_impl.go @@ -111,9 +111,10 @@ func (s *serviceImpl) GetImage(ctx context.Context, request *v1.GetImageRequest) if request.GetId() == "" { return nil, errors.Wrap(errorhelpers.ErrInvalidArgs, "id must be specified") } - request.Id = types.NewDigest(request.Id).Digest() - image, exists, err := s.datastore.GetImage(ctx, request.GetId()) + id := types.NewDigest(request.GetId()).Digest() + + image, exists, err := s.datastore.GetImage(ctx, id) if err != nil { return nil, err } @@ -125,6 +126,11 @@ func (s *serviceImpl) GetImage(ctx context.Context, request *v1.GetImageRequest) // This modifies the image object utils.FilterSuppressedCVEsNoClone(image) } + if request.GetStripDescription() { + // This modifies the image object + utils.StripCVEDescriptionsNoClone(image) + } + return image, nil } diff --git a/generated/api/v1/image_service.pb.go b/generated/api/v1/image_service.pb.go index fadb539416145..b42197854b245 100644 --- a/generated/api/v1/image_service.pb.go +++ b/generated/api/v1/image_service.pb.go @@ -62,6 +62,7 @@ func (WatchImageResponse_ErrorType) EnumDescriptor() ([]byte, []int) { type GetImageRequest struct { Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` IncludeSnoozed bool `protobuf:"varint,2,opt,name=include_snoozed,json=includeSnoozed,proto3" json:"include_snoozed,omitempty"` + StripDescription bool `protobuf:"varint,3,opt,name=strip_description,json=stripDescription,proto3" json:"strip_description,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -114,6 +115,13 @@ func (m *GetImageRequest) GetIncludeSnoozed() bool { return false } +func (m *GetImageRequest) GetStripDescription() bool { + if m != nil { + return m.StripDescription + } + return false +} + func (m *GetImageRequest) MessageClone() proto.Message { return m.Clone() } @@ -1102,79 +1110,81 @@ func init() { func init() { proto.RegisterFile("api/v1/image_service.proto", fileDescriptor_b4306cfe43028263) } var fileDescriptor_b4306cfe43028263 = []byte{ - // 1152 bytes of a gzipped FileDescriptorProto + // 1176 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x56, 0xdd, 0x72, 0xdb, 0x44, - 0x14, 0xae, 0xed, 0xba, 0xb1, 0x8f, 0x5d, 0xdb, 0x59, 0x3b, 0x8e, 0xe2, 0xe6, 0xc7, 0xa3, 0x02, - 0x09, 0x61, 0x90, 0xc7, 0x66, 0xb8, 0xe9, 0x30, 0x03, 0x26, 0x71, 0x83, 0x3b, 0xb1, 0x13, 0x94, - 0x34, 0x14, 0xa6, 0x33, 0x9a, 0xad, 0xb4, 0x4d, 0x34, 0x48, 0xbb, 0xae, 0x24, 0x3b, 0xb8, 0x0c, - 0x17, 0x70, 0xc5, 0x3d, 0x37, 0xbc, 0x08, 0xef, 0xc0, 0x25, 0x33, 0xbc, 0x00, 0x13, 0x78, 0x10, - 0x46, 0xbb, 0x6b, 0x45, 0xb2, 0x5d, 0xca, 0x9d, 0xf6, 0xfc, 0x7c, 0x67, 0xcf, 0xdf, 0xb7, 0x82, - 0x06, 0x1e, 0xd9, 0xad, 0x49, 0xbb, 0x65, 0xbb, 0xf8, 0x92, 0x18, 0x3e, 0xf1, 0x26, 0xb6, 0x49, - 0xb4, 0x91, 0xc7, 0x02, 0x86, 0xd2, 0x93, 0x76, 0x63, 0xf3, 0x92, 0xb1, 0x4b, 0x87, 0xb4, 0x42, - 0x33, 0x4c, 0x29, 0x0b, 0x70, 0x60, 0x33, 0xea, 0x0b, 0x8b, 0xc6, 0x03, 0xe9, 0xed, 0x13, 0xec, - 0x99, 0x57, 0x49, 0xf7, 0x06, 0x92, 0x4a, 0xe2, 0x8e, 0x82, 0xa9, 0x94, 0x6d, 0xfb, 0x26, 0xa6, - 0x94, 0x78, 0x2d, 0xa9, 0x33, 0x99, 0x3b, 0x62, 0x94, 0xd0, 0x40, 0xea, 0x37, 0xe6, 0xf4, 0x94, - 0x05, 0x33, 0xb8, 0xaa, 0x1f, 0x30, 0x0f, 0x5f, 0x12, 0x71, 0x55, 0x29, 0x54, 0x66, 0x42, 0x8b, - 0x8c, 0x1c, 0x36, 0x75, 0x23, 0x24, 0xf5, 0x09, 0x94, 0x8f, 0x48, 0xd0, 0x0f, 0x6d, 0x75, 0xf2, - 0x6a, 0x4c, 0xfc, 0x00, 0x95, 0x20, 0x6d, 0x5b, 0x4a, 0xaa, 0x99, 0xda, 0xcb, 0xeb, 0x69, 0xdb, - 0x42, 0xbb, 0x50, 0xb6, 0xa9, 0xe9, 0x8c, 0x2d, 0x62, 0xf8, 0x94, 0xb1, 0xd7, 0xc4, 0x52, 0xd2, - 0xcd, 0xd4, 0x5e, 0x4e, 0x2f, 0x49, 0xf1, 0x99, 0x90, 0xaa, 0x9f, 0x01, 0x3a, 0xb6, 0x7d, 0x01, - 0xe6, 0xeb, 0xc4, 0x1f, 0x31, 0xea, 0x13, 0xb4, 0x0f, 0xf7, 0xf8, 0x55, 0x7c, 0x25, 0xd5, 0xcc, - 0xec, 0x15, 0x3a, 0x48, 0x93, 0x97, 0xd1, 0x22, 0x63, 0x5d, 0x5a, 0xa8, 0x1f, 0x40, 0xf5, 0x80, - 0x8d, 0xe9, 0x3c, 0x44, 0x0d, 0xb2, 0x66, 0x28, 0xe6, 0x97, 0xca, 0xea, 0xe2, 0xa0, 0x8e, 0xa0, - 0x72, 0x66, 0x62, 0x9a, 0xb8, 0xfb, 0x16, 0x80, 0x68, 0x11, 0xc5, 0x2e, 0x91, 0x39, 0xe4, 0xb9, - 0x64, 0x88, 0x5d, 0x0e, 0xf4, 0x92, 0x79, 0x26, 0x91, 0x09, 0x88, 0xc3, 0xb2, 0x04, 0x33, 0x4b, - 0x13, 0x1c, 0x81, 0x12, 0x45, 0xec, 0xd3, 0x80, 0x78, 0x14, 0x3b, 0xb3, 0xc8, 0x1f, 0x42, 0x96, - 0xc7, 0xe1, 0x41, 0x0b, 0x9d, 0xf5, 0x28, 0xcb, 0x03, 0x46, 0x03, 0x6c, 0x53, 0xe2, 0x89, 0x8b, - 0x0a, 0x2b, 0xb4, 0x03, 0x05, 0x13, 0x9b, 0x57, 0xc4, 0x32, 0x18, 0x75, 0xa6, 0x32, 0x1e, 0x08, - 0xd1, 0x09, 0x75, 0xa6, 0x4f, 0xee, 0xe6, 0xd2, 0x95, 0x8c, 0xda, 0x85, 0x8d, 0x25, 0x11, 0x65, - 0x59, 0xde, 0x49, 0x86, 0x2c, 0x45, 0x21, 0xe3, 0x91, 0xd4, 0x9f, 0xd3, 0xf0, 0xde, 0xac, 0xc5, - 0x17, 0x63, 0x87, 0x12, 0x0f, 0xbf, 0xb0, 0x1d, 0x3b, 0xb0, 0x89, 0x3f, 0x9f, 0xc3, 0x06, 0xe4, - 0x44, 0xf5, 0xa2, 0xfe, 0xaf, 0xf0, 0x73, 0xdf, 0x42, 0xed, 0x44, 0x61, 0xd3, 0x3c, 0x20, 0x4a, - 0x06, 0x0c, 0x2b, 0x1c, 0x2f, 0x76, 0x07, 0x72, 0x2e, 0x09, 0xb0, 0x85, 0x03, 0xcc, 0xf3, 0x2b, - 0x74, 0xea, 0x49, 0x87, 0x81, 0xd4, 0xea, 0x91, 0x1d, 0xfa, 0x18, 0x20, 0x9a, 0x75, 0x5f, 0xb9, - 0xcb, 0xbd, 0xd6, 0x34, 0x39, 0xed, 0x17, 0x6d, 0xed, 0x20, 0x52, 0xea, 0x31, 0x43, 0xf4, 0x2e, - 0x64, 0xc3, 0x15, 0xf0, 0x95, 0x6c, 0x33, 0xb3, 0x57, 0xea, 0x94, 0x63, 0x1e, 0x43, 0x16, 0x10, - 0x5d, 0x68, 0xd5, 0x33, 0xa8, 0x1e, 0x12, 0x87, 0x04, 0x64, 0x36, 0x5f, 0x22, 0x6d, 0x15, 0xb2, - 0xaf, 0xc6, 0xc4, 0x9b, 0xca, 0x3a, 0x16, 0xb5, 0x49, 0x5b, 0xd3, 0xf1, 0xf5, 0x97, 0xa1, 0x4c, - 0x17, 0x2a, 0xa4, 0xc0, 0x8a, 0xc9, 0xe8, 0x4b, 0xdb, 0x73, 0xe5, 0xec, 0xcc, 0x8e, 0xea, 0x29, - 0xd4, 0x92, 0xa0, 0xb2, 0x3b, 0x3b, 0x50, 0xa0, 0x63, 0xd7, 0xb0, 0xb8, 0x4e, 0xd4, 0xf3, 0xbe, - 0x0e, 0x74, 0xec, 0x0a, 0x6b, 0x0b, 0xad, 0xc3, 0x8a, 0xe5, 0x4d, 0x0d, 0x6f, 0x4c, 0x25, 0xe4, - 0x3d, 0xcb, 0x9b, 0xea, 0x63, 0xaa, 0xee, 0xc2, 0xea, 0x57, 0x38, 0x30, 0xaf, 0x12, 0x93, 0x8d, - 0xe0, 0x6e, 0x6c, 0xa6, 0xf9, 0xb7, 0xfa, 0x63, 0x1a, 0x50, 0xdc, 0x52, 0x46, 0xde, 0x85, 0x32, - 0x65, 0x9e, 0x8b, 0x1d, 0xfb, 0x35, 0xb1, 0xe2, 0x9b, 0x50, 0xba, 0x15, 0xf3, 0x0e, 0x7d, 0x0a, - 0x40, 0x3c, 0x8f, 0x79, 0x46, 0x30, 0x1d, 0x89, 0xa6, 0x96, 0x3a, 0xcd, 0x30, 0xfb, 0x45, 0x50, - 0xad, 0x17, 0x1a, 0x9e, 0x4f, 0x47, 0x44, 0xcf, 0x93, 0xd9, 0x27, 0x7a, 0x08, 0xf7, 0x05, 0x80, - 0x4b, 0x7c, 0x3f, 0x9c, 0xc4, 0x0c, 0x8f, 0x53, 0xe4, 0xc2, 0x81, 0x90, 0xa9, 0xcf, 0x21, 0x1f, - 0x39, 0xa3, 0x22, 0xe4, 0x86, 0x27, 0x46, 0x4f, 0xd7, 0x4f, 0xf4, 0xca, 0x1d, 0x54, 0x07, 0xd4, - 0x1f, 0x5e, 0x74, 0x8f, 0xfb, 0x87, 0x46, 0x7f, 0xd0, 0x3d, 0xea, 0x19, 0xc3, 0xee, 0xa0, 0x57, - 0x49, 0x21, 0x05, 0x6a, 0xc3, 0x13, 0x43, 0x2a, 0x86, 0xe7, 0xbd, 0x23, 0xbd, 0x7b, 0xde, 0x3f, - 0x19, 0x56, 0xd2, 0xa8, 0x0c, 0x85, 0xb3, 0x83, 0xee, 0xd0, 0x78, 0xdc, 0xed, 0x1f, 0xf7, 0x0e, - 0x2b, 0x19, 0xf5, 0x7d, 0xa8, 0x3e, 0xa5, 0xd7, 0xff, 0xab, 0x5c, 0xcf, 0x40, 0x39, 0x22, 0x01, - 0xcf, 0x8d, 0x58, 0x73, 0xdd, 0xfa, 0x04, 0x4a, 0xd7, 0x42, 0x61, 0x24, 0xd8, 0x6a, 0x2d, 0x1a, - 0xd9, 0xb8, 0x9f, 0x7e, 0xff, 0x3a, 0x8e, 0xa2, 0x3e, 0x82, 0xe6, 0x1b, 0xd7, 0xf4, 0x90, 0x04, - 0xd8, 0x76, 0xfc, 0x46, 0x1d, 0x6a, 0xe7, 0x8c, 0x0d, 0x30, 0x9d, 0x9e, 0x62, 0x0f, 0x3b, 0x0e, - 0x71, 0x42, 0x17, 0xbf, 0xf3, 0xdb, 0x0a, 0x14, 0xb9, 0xe3, 0x99, 0x78, 0x16, 0xd0, 0x17, 0x90, - 0x9b, 0xed, 0x2b, 0xaa, 0x86, 0xdd, 0x98, 0x23, 0xe8, 0xc6, 0xdc, 0xa2, 0xab, 0xeb, 0x3f, 0xfd, - 0xf9, 0xcf, 0x2f, 0xe9, 0x55, 0x54, 0x8e, 0x5e, 0x28, 0xbf, 0xf5, 0xbd, 0x6d, 0xfd, 0x80, 0x06, - 0x50, 0x88, 0xd1, 0x29, 0x4a, 0x0c, 0x76, 0x63, 0x3d, 0x3c, 0x2d, 0x61, 0xdb, 0x65, 0x70, 0x9c, - 0x70, 0xd1, 0x63, 0x80, 0x5b, 0x7e, 0x9f, 0x43, 0xab, 0x87, 0xa7, 0x45, 0xf6, 0x57, 0x11, 0x07, - 0x2b, 0x22, 0xb8, 0x05, 0x43, 0x03, 0xc8, 0x47, 0xd5, 0x42, 0xb5, 0xd0, 0x71, 0x9e, 0xc7, 0x17, - 0x52, 0x6c, 0x70, 0x98, 0x9a, 0x1a, 0x4f, 0x31, 0xdc, 0xf1, 0x47, 0xa9, 0x7d, 0x74, 0x0a, 0xab, - 0x0b, 0xc5, 0x47, 0x9b, 0x09, 0xd8, 0x39, 0xa2, 0x6b, 0x6c, 0xbd, 0x41, 0x2b, 0x87, 0xc1, 0x81, - 0x9d, 0xb7, 0x30, 0x26, 0xda, 0x8f, 0x37, 0xe6, 0xbf, 0x69, 0xf5, 0x6d, 0xd1, 0x9e, 0xc3, 0x4e, - 0x9f, 0x4e, 0xb0, 0x63, 0x5b, 0x38, 0x20, 0xa1, 0x59, 0x97, 0x5a, 0x3a, 0xb9, 0xb4, 0xfd, 0xc0, - 0x9b, 0x1e, 0x84, 0x0f, 0x82, 0x8f, 0xf2, 0x21, 0x42, 0x2f, 0xfc, 0x41, 0x68, 0xdc, 0x7e, 0xaa, - 0x0f, 0x79, 0x51, 0xb6, 0xd0, 0x83, 0x58, 0x51, 0xf8, 0x0b, 0xd2, 0xb2, 0x23, 0x3c, 0xf4, 0x14, - 0x8a, 0x71, 0x7a, 0x42, 0xbc, 0xed, 0x4b, 0x58, 0xb0, 0xa1, 0x2c, 0x2a, 0x92, 0x3d, 0xdc, 0x8f, - 0xf7, 0xf0, 0x6b, 0x80, 0x5b, 0x92, 0x40, 0x6b, 0xf3, 0xa4, 0x21, 0x20, 0xeb, 0xcb, 0xb9, 0x44, - 0xdd, 0xe4, 0x80, 0x75, 0x75, 0x35, 0x04, 0x94, 0x9b, 0x24, 0x70, 0xc3, 0x7e, 0x0e, 0xa0, 0x18, - 0xdf, 0x68, 0x71, 0xe3, 0x25, 0x3b, 0x1e, 0x2f, 0xc5, 0x06, 0x47, 0xac, 0xee, 0x2f, 0x22, 0xa2, - 0x0b, 0xa8, 0xcc, 0x6f, 0x7d, 0xbc, 0x9e, 0x9b, 0xb2, 0x91, 0x4b, 0x69, 0x61, 0x86, 0x8b, 0x16, - 0x71, 0x3f, 0xd7, 0x7e, 0xbf, 0xd9, 0x4e, 0xfd, 0x71, 0xb3, 0x9d, 0xfa, 0xeb, 0x66, 0x3b, 0xf5, - 0xeb, 0xdf, 0xdb, 0x77, 0x40, 0xb1, 0x99, 0xe6, 0x07, 0xd8, 0xfc, 0xd6, 0x63, 0xdf, 0x89, 0xdf, - 0x2b, 0x0d, 0x8f, 0x6c, 0x6d, 0xd2, 0xfe, 0x26, 0x3d, 0x69, 0x3f, 0xbb, 0xf3, 0xe2, 0x1e, 0x97, - 0x7d, 0xf4, 0x6f, 0x00, 0x00, 0x00, 0xff, 0xff, 0xf7, 0x46, 0xbc, 0xa2, 0x4d, 0x0a, 0x00, 0x00, + 0x14, 0xae, 0xed, 0xa6, 0x49, 0x8e, 0x5d, 0xc7, 0xd9, 0xa4, 0x89, 0xe2, 0xa6, 0x49, 0x46, 0x05, + 0x1a, 0xd2, 0x41, 0x1e, 0x9b, 0xe1, 0xa6, 0xc3, 0x0c, 0x98, 0xc4, 0x0d, 0x66, 0x6a, 0xa7, 0x28, + 0x69, 0x28, 0x4c, 0x67, 0x34, 0x5b, 0x69, 0x9b, 0x6a, 0x90, 0x76, 0x55, 0xed, 0xda, 0xc1, 0x65, + 0xb8, 0x80, 0x2b, 0xee, 0xb9, 0xe1, 0x45, 0x78, 0x07, 0x2e, 0x99, 0xe1, 0x05, 0x98, 0xc0, 0x83, + 0x30, 0xda, 0x5d, 0xcb, 0x92, 0xed, 0x52, 0xee, 0xb4, 0xe7, 0xe7, 0x3b, 0x7b, 0xfe, 0xbe, 0x15, + 0xd4, 0x71, 0xe4, 0x37, 0x86, 0xcd, 0x86, 0x1f, 0xe2, 0x0b, 0xe2, 0x70, 0x12, 0x0f, 0x7d, 0x97, + 0x58, 0x51, 0xcc, 0x04, 0x43, 0xc5, 0x61, 0xb3, 0xbe, 0x7d, 0xc1, 0xd8, 0x45, 0x40, 0x1a, 0x89, + 0x19, 0xa6, 0x94, 0x09, 0x2c, 0x7c, 0x46, 0xb9, 0xb2, 0xa8, 0xdf, 0xd6, 0xde, 0x9c, 0xe0, 0xd8, + 0x7d, 0x99, 0x77, 0xaf, 0x23, 0xad, 0x24, 0x61, 0x24, 0x46, 0x5a, 0xb6, 0xc3, 0x5d, 0x4c, 0x29, + 0x89, 0x1b, 0x5a, 0xe7, 0xb2, 0x30, 0x62, 0x94, 0x50, 0xa1, 0xf5, 0x5b, 0x53, 0x7a, 0xca, 0xc4, + 0x18, 0x6e, 0x8d, 0x0b, 0x16, 0xe3, 0x0b, 0xa2, 0xae, 0xaa, 0x85, 0xc6, 0x58, 0xe8, 0x91, 0x28, + 0x60, 0xa3, 0x30, 0x45, 0x32, 0x2f, 0x61, 0xe5, 0x98, 0x88, 0x6e, 0x62, 0x6b, 0x93, 0x57, 0x03, + 0xc2, 0x05, 0xaa, 0x42, 0xd1, 0xf7, 0x8c, 0xc2, 0x5e, 0x61, 0x7f, 0xd9, 0x2e, 0xfa, 0x1e, 0xba, + 0x07, 0x2b, 0x3e, 0x75, 0x83, 0x81, 0x47, 0x1c, 0x4e, 0x19, 0x7b, 0x4d, 0x3c, 0xa3, 0xb8, 0x57, + 0xd8, 0x5f, 0xb2, 0xab, 0x5a, 0x7c, 0xaa, 0xa4, 0xe8, 0x3e, 0xac, 0x72, 0x11, 0xfb, 0x91, 0xe3, + 0x11, 0xee, 0xc6, 0x7e, 0x94, 0x94, 0xc0, 0x28, 0x49, 0xd3, 0x9a, 0x54, 0x1c, 0x4d, 0xe4, 0xe6, + 0xa7, 0x80, 0x1e, 0xf9, 0x5c, 0x45, 0xe6, 0x36, 0xe1, 0x11, 0xa3, 0x9c, 0xa0, 0x03, 0xb8, 0x21, + 0xef, 0xcd, 0x8d, 0xc2, 0x5e, 0x69, 0xbf, 0xdc, 0x42, 0x96, 0xbe, 0xb9, 0x95, 0x1a, 0xdb, 0xda, + 0xc2, 0xbc, 0x0f, 0x6b, 0x87, 0x6c, 0x40, 0xa7, 0x21, 0xd6, 0x61, 0xc1, 0x4d, 0xc4, 0x32, 0x83, + 0x05, 0x5b, 0x1d, 0xcc, 0x08, 0x6a, 0xa7, 0x2e, 0xa6, 0xb9, 0x44, 0xef, 0x00, 0xa8, 0x7e, 0x52, + 0x1c, 0x12, 0x9d, 0xf0, 0xb2, 0x94, 0xf4, 0x71, 0x28, 0x81, 0x5e, 0xb0, 0xd8, 0x25, 0x3a, 0x5b, + 0x75, 0x98, 0x57, 0x8d, 0xd2, 0xbc, 0x6a, 0x98, 0x11, 0x18, 0x69, 0xc4, 0x2e, 0x15, 0x24, 0xa6, + 0x38, 0x18, 0x47, 0xfe, 0x00, 0x16, 0x64, 0x1c, 0x19, 0xb4, 0xdc, 0xda, 0x4c, 0xb3, 0x3c, 0x64, + 0x54, 0x60, 0x9f, 0x92, 0x58, 0x5d, 0x54, 0x59, 0xa1, 0x5d, 0x28, 0xbb, 0xd8, 0x7d, 0x49, 0x3c, + 0x87, 0xd1, 0x60, 0xa4, 0xe3, 0x81, 0x12, 0x9d, 0xd0, 0x60, 0xf4, 0xc5, 0xf5, 0xa5, 0x62, 0xad, + 0x64, 0xb6, 0x61, 0x6b, 0x4e, 0x44, 0x5d, 0x96, 0x77, 0xf2, 0x21, 0xab, 0x69, 0xc8, 0x6c, 0x24, + 0xf3, 0xe7, 0x22, 0xbc, 0x37, 0x9e, 0x87, 0xf3, 0x41, 0x40, 0x49, 0x8c, 0x9f, 0xfb, 0x81, 0x2f, + 0x7c, 0xc2, 0xa7, 0x73, 0xd8, 0x82, 0x25, 0x55, 0xbd, 0x74, 0x58, 0x16, 0xe5, 0xb9, 0xeb, 0xa1, + 0x66, 0xae, 0xb0, 0x45, 0x19, 0x10, 0xe5, 0x03, 0x26, 0x15, 0xce, 0x16, 0xbb, 0x05, 0x4b, 0x21, + 0x11, 0xd8, 0xc3, 0x02, 0xcb, 0xfc, 0xca, 0xad, 0x8d, 0xbc, 0x43, 0x4f, 0x6b, 0xed, 0xd4, 0x0e, + 0x7d, 0x04, 0x90, 0x2e, 0x06, 0x37, 0xae, 0x4b, 0xaf, 0x5b, 0x96, 0x5e, 0x8d, 0xf3, 0xa6, 0x75, + 0x98, 0x2a, 0xed, 0x8c, 0x21, 0x7a, 0x17, 0x16, 0x92, 0x7d, 0xe1, 0xc6, 0xc2, 0x5e, 0x69, 0xbf, + 0xda, 0x5a, 0xc9, 0x78, 0xf4, 0x99, 0x20, 0xb6, 0xd2, 0x9a, 0xa7, 0xb0, 0x76, 0x44, 0x02, 0x22, + 0xc8, 0x78, 0xbe, 0x54, 0xda, 0x26, 0x2c, 0xbc, 0x1a, 0x90, 0x78, 0xa4, 0xeb, 0x58, 0xb1, 0x86, + 0x4d, 0xcb, 0xc6, 0x97, 0x5f, 0x26, 0x32, 0x5b, 0xa9, 0x90, 0x01, 0x8b, 0x2e, 0xa3, 0x2f, 0xfc, + 0x38, 0xd4, 0xb3, 0x33, 0x3e, 0x9a, 0x8f, 0x61, 0x3d, 0x0f, 0xaa, 0xbb, 0xb3, 0x0b, 0x65, 0x3a, + 0x08, 0x1d, 0x4f, 0xea, 0x54, 0x3d, 0x6f, 0xda, 0x40, 0x07, 0xa1, 0xb2, 0xf6, 0xd0, 0x26, 0x2c, + 0x7a, 0xf1, 0xc8, 0x89, 0x07, 0x54, 0x43, 0xde, 0xf0, 0xe2, 0x91, 0x3d, 0xa0, 0xe6, 0x3d, 0x58, + 0xfd, 0x0a, 0x0b, 0xf7, 0x65, 0x6e, 0xb2, 0x11, 0x5c, 0xcf, 0xcc, 0xb4, 0xfc, 0x36, 0x7f, 0x2c, + 0x02, 0xca, 0x5a, 0xea, 0xc8, 0xf7, 0x60, 0x85, 0xb2, 0x38, 0xc4, 0x81, 0xff, 0x9a, 0x78, 0xd9, + 0x4d, 0xa8, 0x4e, 0xc4, 0xb2, 0x43, 0x9f, 0x00, 0x90, 0x38, 0x66, 0xb1, 0x23, 0x46, 0x91, 0x6a, + 0x6a, 0xb5, 0xb5, 0x97, 0x64, 0x3f, 0x0b, 0x6a, 0x75, 0x12, 0xc3, 0xb3, 0x51, 0x44, 0xec, 0x65, + 0x32, 0xfe, 0x44, 0x77, 0xe1, 0xa6, 0x02, 0x08, 0x09, 0xe7, 0xc9, 0x24, 0x96, 0x64, 0x9c, 0x8a, + 0x14, 0xf6, 0x94, 0xcc, 0x7c, 0x06, 0xcb, 0xa9, 0x33, 0xaa, 0xc0, 0x52, 0xff, 0xc4, 0xe9, 0xd8, + 0xf6, 0x89, 0x5d, 0xbb, 0x86, 0x36, 0x00, 0x75, 0xfb, 0xe7, 0xed, 0x47, 0xdd, 0x23, 0xa7, 0xdb, + 0x6b, 0x1f, 0x77, 0x9c, 0x7e, 0xbb, 0xd7, 0xa9, 0x15, 0x90, 0x01, 0xeb, 0xfd, 0x13, 0x47, 0x2b, + 0xfa, 0x67, 0x9d, 0x63, 0xbb, 0x7d, 0xd6, 0x3d, 0xe9, 0xd7, 0x8a, 0x68, 0x05, 0xca, 0xa7, 0x87, + 0xed, 0xbe, 0xf3, 0xb0, 0xdd, 0x7d, 0xd4, 0x39, 0xaa, 0x95, 0xcc, 0xf7, 0x61, 0xed, 0x09, 0xbd, + 0xfc, 0x5f, 0xe5, 0x7a, 0x0a, 0xc6, 0x31, 0x11, 0x32, 0x37, 0xe2, 0x4d, 0x75, 0xeb, 0x63, 0xa8, + 0x5e, 0x2a, 0x85, 0x93, 0x63, 0xab, 0x5b, 0xe9, 0xc8, 0x66, 0xfd, 0xec, 0x9b, 0x97, 0x59, 0x14, + 0xf3, 0x01, 0xec, 0xbd, 0x71, 0x4d, 0x8f, 0x88, 0xc0, 0x7e, 0xc0, 0xeb, 0x1b, 0xb0, 0x7e, 0xc6, + 0x58, 0x0f, 0xd3, 0xd1, 0x63, 0x1c, 0xe3, 0x20, 0x20, 0x41, 0xe2, 0xc2, 0x5b, 0xbf, 0x2d, 0x42, + 0x45, 0x3a, 0x9e, 0xaa, 0x37, 0x04, 0x7d, 0x0e, 0x4b, 0xe3, 0x7d, 0x45, 0x6b, 0x49, 0x37, 0xa6, + 0xd8, 0xbc, 0x3e, 0xb5, 0xe8, 0xe6, 0xe6, 0x4f, 0x7f, 0xfe, 0xf3, 0x4b, 0x71, 0x15, 0xad, 0xa4, + 0xcf, 0x19, 0x6f, 0x7c, 0xef, 0x7b, 0x3f, 0xa0, 0x1e, 0x94, 0x33, 0x74, 0x8a, 0x72, 0x83, 0x5d, + 0xdf, 0x4c, 0x4e, 0x73, 0xd8, 0x76, 0x1e, 0x9c, 0x24, 0x5c, 0xf4, 0x10, 0x60, 0xc2, 0xef, 0x53, + 0x68, 0x1b, 0xc9, 0x69, 0x96, 0xfd, 0x4d, 0x24, 0xc1, 0x2a, 0x08, 0x26, 0x60, 0xa8, 0x07, 0xcb, + 0x69, 0xb5, 0xd0, 0x7a, 0xe2, 0x38, 0xcd, 0xe3, 0x33, 0x29, 0xd6, 0x25, 0xcc, 0xba, 0x99, 0x4d, + 0x31, 0xd9, 0xf1, 0x07, 0x85, 0x03, 0xf4, 0x18, 0x56, 0x67, 0x8a, 0x8f, 0xb6, 0x73, 0xb0, 0x53, + 0x44, 0x57, 0xbf, 0xf3, 0x06, 0xad, 0x1e, 0x86, 0x00, 0x76, 0xdf, 0xc2, 0x98, 0xe8, 0x20, 0xdb, + 0x98, 0xff, 0xa6, 0xd5, 0xb7, 0x45, 0x7b, 0x06, 0xbb, 0x5d, 0x3a, 0xc4, 0x81, 0xef, 0x61, 0x41, + 0x12, 0xb3, 0x36, 0xf5, 0x6c, 0x72, 0xe1, 0x73, 0x11, 0x8f, 0x0e, 0x93, 0x07, 0x81, 0xa3, 0xe5, + 0x04, 0xa1, 0x93, 0xfc, 0x4d, 0xd4, 0x27, 0x9f, 0xe6, 0x5d, 0x59, 0x94, 0x3b, 0xe8, 0x76, 0xa6, + 0x28, 0xf2, 0x05, 0x69, 0xf8, 0x29, 0x1e, 0x7a, 0x02, 0x95, 0x2c, 0x3d, 0x21, 0xd9, 0xf6, 0x39, + 0x2c, 0x58, 0x37, 0x66, 0x15, 0xf9, 0x1e, 0x1e, 0x64, 0x7b, 0xf8, 0x35, 0xc0, 0x84, 0x24, 0xd0, + 0xad, 0x69, 0xd2, 0x50, 0x90, 0x1b, 0xf3, 0xb9, 0xc4, 0xdc, 0x96, 0x80, 0x1b, 0xe6, 0x6a, 0x02, + 0xa8, 0x37, 0x49, 0xe1, 0x26, 0xfd, 0xec, 0x41, 0x25, 0xbb, 0xd1, 0xea, 0xc6, 0x73, 0x76, 0x3c, + 0x5b, 0x8a, 0x2d, 0x89, 0xb8, 0x76, 0x30, 0x8b, 0x88, 0xce, 0xa1, 0x36, 0xbd, 0xf5, 0xd9, 0x7a, + 0x6e, 0xeb, 0x46, 0xce, 0xa5, 0x85, 0x31, 0x2e, 0x9a, 0xc5, 0xfd, 0xcc, 0xfa, 0xfd, 0x6a, 0xa7, + 0xf0, 0xc7, 0xd5, 0x4e, 0xe1, 0xaf, 0xab, 0x9d, 0xc2, 0xaf, 0x7f, 0xef, 0x5c, 0x03, 0xc3, 0x67, + 0x16, 0x17, 0xd8, 0xfd, 0x36, 0x66, 0xdf, 0xa9, 0x7f, 0x31, 0x0b, 0x47, 0xbe, 0x35, 0x6c, 0x7e, + 0x53, 0x1c, 0x36, 0x9f, 0x5e, 0x7b, 0x7e, 0x43, 0xca, 0x3e, 0xfc, 0x37, 0x00, 0x00, 0xff, 0xff, + 0xb2, 0x5f, 0x16, 0x05, 0x7a, 0x0a, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -1669,6 +1679,16 @@ func (m *GetImageRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.StripDescription { + i-- + if m.StripDescription { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x18 + } if m.IncludeSnoozed { i-- if m.IncludeSnoozed { @@ -2316,6 +2336,9 @@ func (m *GetImageRequest) Size() (n int) { if m.IncludeSnoozed { n += 2 } + if m.StripDescription { + n += 2 + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -2668,6 +2691,26 @@ func (m *GetImageRequest) Unmarshal(dAtA []byte) error { } } m.IncludeSnoozed = bool(v != 0) + case 3: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field StripDescription", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowImageService + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.StripDescription = bool(v != 0) default: iNdEx = preIndex skippy, err := skipImageService(dAtA[iNdEx:]) diff --git a/generated/api/v1/image_service.swagger.json b/generated/api/v1/image_service.swagger.json index f48483fb4c909..dacb90cfc5736 100644 --- a/generated/api/v1/image_service.swagger.json +++ b/generated/api/v1/image_service.swagger.json @@ -215,6 +215,12 @@ "in": "query", "required": false, "type": "boolean" + }, + { + "name": "stripDescription", + "in": "query", + "required": false, + "type": "boolean" } ], "tags": [ diff --git a/proto/api/v1/image_service.proto b/proto/api/v1/image_service.proto index 8353ba9d956f1..9f50549f67cbe 100644 --- a/proto/api/v1/image_service.proto +++ b/proto/api/v1/image_service.proto @@ -14,8 +14,9 @@ import "storage/deployment.proto"; package v1; message GetImageRequest { - string id = 1; - bool include_snoozed = 2; + string id = 1; + bool include_snoozed = 2; + bool strip_description = 3; } message ListImagesResponse { diff --git a/sensor/common/detector/enricher.go b/sensor/common/detector/enricher.go index 7ad8cf779705a..54cba95eb23e8 100644 --- a/sensor/common/detector/enricher.go +++ b/sensor/common/detector/enricher.go @@ -14,7 +14,8 @@ import ( "github.com/stackrox/rox/pkg/images/types" "github.com/stackrox/rox/sensor/common/detector/metrics" "github.com/stackrox/rox/sensor/common/imagecacheutils" - "github.com/stackrox/rox/sensor/common/scannerclient" + "github.com/stackrox/rox/sensor/common/imageutil" + "github.com/stackrox/rox/sensor/common/scan" "google.golang.org/grpc/status" ) @@ -54,21 +55,18 @@ func (c *cacheValue) waitAndGet() *storage.Image { func scanImage(ctx context.Context, svc v1.ImageServiceClient, ci *storage.ContainerImage) (*v1.ScanImageInternalResponse, error) { ctx, cancel := context.WithTimeout(ctx, scanTimeout) defer cancel() - scannedImage, err := svc.ScanImageInternal(ctx, &v1.ScanImageInternalRequest{ - Image: ci, - }) - - if features.LocalImageScanning.Enabled() { - img := scannedImage.GetImage() - // ScanImageInternal may return without error even if it was unable to find the image. - // Check the metadata and scan here: if Central cannot retrieve the metadata nor scan, - // perhaps the image is stored in an internal registry which Sensor can reach. - if err == nil && img.GetMetadata() == nil && img.GetScan() == nil { - scannedImage.Image, err = scannerclient.ScanImage(ctx, svc, ci) - } + + // Ask Central to scan the image if the image is not internal. + if !features.LocalImageScanning.Enabled() || !imageutil.IsInternalImage(ci.GetName()) { + return svc.ScanImageInternal(ctx, &v1.ScanImageInternalRequest{ + Image: ci, + }) } - return scannedImage, err + img, err := scan.ScanImage(ctx, svc, ci) + return &v1.ScanImageInternalResponse{ + Image: img, + }, err } func (c *cacheValue) scanAndSet(ctx context.Context, svc v1.ImageServiceClient, ci *storage.ContainerImage) { diff --git a/sensor/common/image/service_impl.go b/sensor/common/image/service_impl.go index 45d6f325f5eaa..927d9acd2bbd7 100644 --- a/sensor/common/image/service_impl.go +++ b/sensor/common/image/service_impl.go @@ -13,7 +13,8 @@ import ( grpcPkg "github.com/stackrox/rox/pkg/grpc" "github.com/stackrox/rox/pkg/grpc/authz/idcheck" "github.com/stackrox/rox/sensor/common/imagecacheutils" - "github.com/stackrox/rox/sensor/common/scannerclient" + "github.com/stackrox/rox/sensor/common/imageutil" + "github.com/stackrox/rox/sensor/common/scan" "google.golang.org/grpc" ) @@ -52,29 +53,24 @@ func (s *serviceImpl) GetImage(ctx context.Context, req *sensor.GetImageRequest) } } - // Ask Central to scan the image. - scanResp, err := s.centralClient.ScanImageInternal(ctx, &v1.ScanImageInternalRequest{ - Image: req.GetImage(), - CachedOnly: !req.GetScanInline(), - }) - if err != nil { - return nil, errors.Wrap(err, "scanning image via central") - } - - img := scanResp.GetImage() - - if features.LocalImageScanning.Enabled() { - // ScanImageInternal may return without error even if it was unable to find the image. - // Check the metadata and scan here: if Central cannot retrieve the metadata nor scan, - // perhaps the image is stored in an internal registry which Sensor can reach. - if img.GetMetadata() == nil && img.GetScan() == nil { - img, err = scannerclient.ScanImage(ctx, s.centralClient, req.GetImage()) - if err != nil { - return nil, errors.Wrap(err, "scanning image via local scanner") - } + // Ask Central to scan the image if the image is not internal. + if !features.LocalImageScanning.Enabled() || !imageutil.IsInternalImage(req.GetImage().GetName()) { + scanResp, err := s.centralClient.ScanImageInternal(ctx, &v1.ScanImageInternalRequest{ + Image: req.GetImage(), + CachedOnly: !req.GetScanInline(), + }) + if err != nil { + return nil, errors.Wrap(err, "scanning image via central") } + return &sensor.GetImageResponse{ + Image: scanResp.GetImage(), + }, nil } + img, err := scan.ScanImage(ctx, s.centralClient, req.GetImage()) + if err != nil { + return nil, errors.Wrap(err, "scanning image via local scanner") + } return &sensor.GetImageResponse{ Image: img, }, nil diff --git a/sensor/common/imageutil/util.go b/sensor/common/imageutil/util.go new file mode 100644 index 0000000000000..9490b9b4e91fa --- /dev/null +++ b/sensor/common/imageutil/util.go @@ -0,0 +1,17 @@ +package imageutil + +import ( + "github.com/stackrox/rox/generated/storage" + "github.com/stackrox/rox/sensor/common/registry" +) + +// IsInternalImage determines if the image represented by the given name +// is an "internal" image. An internal image is one which is hosted by an internal registry. +// An internal registry is on which is only accessible from within the cluster in which it lives. +func IsInternalImage(image *storage.ImageName) bool { + // If the Sensor knows about the registry in which the image is hosted, + // then the image must be "internal" to the cluster, as Sensor only tracks + // "internal" registries. + reg, err := registry.Singleton().GetRegistryForImage(image) + return reg != nil && err == nil +} diff --git a/sensor/common/scan/scan.go b/sensor/common/scan/scan.go new file mode 100644 index 0000000000000..4a0e3c1e9f9cb --- /dev/null +++ b/sensor/common/scan/scan.go @@ -0,0 +1,87 @@ +package scan + +import ( + "context" + + "github.com/pkg/errors" + v1 "github.com/stackrox/rox/generated/api/v1" + "github.com/stackrox/rox/generated/storage" + "github.com/stackrox/rox/pkg/images/types" + "github.com/stackrox/rox/pkg/logging" + "github.com/stackrox/rox/sensor/common/registry" + "github.com/stackrox/rox/sensor/common/scannerclient" + scannerV1 "github.com/stackrox/scanner/generated/scanner/api/v1" +) + +var ( + // ErrNoLocalScanner indicates there is no Secured Cluster local Scanner connection. + // This happens if it's not desired or if there is a connection error. + ErrNoLocalScanner = errors.New("No local Scanner connection") + + log = logging.LoggerForModule() +) + +// ScanImage runs the pipeline required to scan an image with a local Scanner. +// TODO(ROX-9281): add retries for rate-limiting. +func ScanImage(ctx context.Context, centralClient v1.ImageServiceClient, ci *storage.ContainerImage) (*storage.Image, error) { + // 1. Check if Central already knows about this image. + // If Central already knows about it, then return its results. + img, err := centralClient.GetImage(ctx, &v1.GetImageRequest{ + Id: ci.GetId(), + StripDescription: true, + }) + if err == nil { + return img, nil + } + + // The image either does not exist in Central yet or there was some other error when reaching out. + // Attempt to scan locally. + + // 2. Check if there is a local Scanner. + // No need to continue if there is no local Scanner. + scannerClient := scannerclient.GRPCClientSingleton() + if scannerClient == nil { + return nil, ErrNoLocalScanner + } + + // 3. Find the registry in which this image lives. + reg, err := registry.Singleton().GetRegistryForImage(ci.GetName()) + if err != nil { + return nil, errors.Wrap(err, "determining image registry") + } + + name := ci.GetName().GetFullName() + image := types.ToImage(ci) + + // 4. Retrieve the metadata for the image from the registry. + metadata, err := reg.Metadata(image) + if err != nil { + log.Debugf("Failed to get metadata for image %s: %v", name, err) + return nil, errors.Wrap(err, "getting image metadata") + } + log.Debugf("Retrieved metadata for image %s: %v", name, metadata) + + // 5. Get the image analysis from the local Scanner. + scanResp, err := scannerClient.GetImageAnalysis(ctx, image, reg.Config()) + if err != nil { + return nil, errors.Wrapf(err, "scanning image %s", image.GetName().GetFullName()) + } + if scanResp.GetStatus() != scannerV1.ScanStatus_SUCCEEDED { + return nil, errors.Wrapf(err, "scan failed for image %s", image.GetName().GetFullName()) + } + + // 6. Get the image's vulnerabilities from Central. + centralResp, err := centralClient.GetImageVulnerabilitiesInternal(ctx, &v1.GetImageVulnerabilitiesInternalRequest{ + ImageId: image.GetId(), + ImageName: image.GetName(), + Metadata: metadata, + Components: scanResp.GetComponents(), + Notes: scanResp.GetNotes(), + }) + if err != nil { + return nil, errors.Wrapf(err, "retrieving image vulnerabilities for %s", image.GetName().GetFullName()) + } + + // 7. Return the completely scanned image. + return centralResp.GetImage(), nil +} diff --git a/sensor/common/scannerclient/grpc_client.go b/sensor/common/scannerclient/grpc_client.go index d86bf245c10ff..f2466f8f94b54 100644 --- a/sensor/common/scannerclient/grpc_client.go +++ b/sensor/common/scannerclient/grpc_client.go @@ -7,15 +7,19 @@ import ( "github.com/pkg/errors" "github.com/stackrox/rox/generated/storage" "github.com/stackrox/rox/pkg/clientconn" - "github.com/stackrox/rox/pkg/images/types" "github.com/stackrox/rox/pkg/images/utils" + "github.com/stackrox/rox/pkg/logging" "github.com/stackrox/rox/pkg/mtls" - "github.com/stackrox/rox/sensor/common/registry" + "github.com/stackrox/rox/pkg/registries/types" scannerV1 "github.com/stackrox/scanner/generated/scanner/api/v1" "google.golang.org/grpc" "google.golang.org/grpc/credentials" ) +var ( + log = logging.LoggerForModule() +) + // client is a Scanner gRPC client. type client struct { client scannerV1.ImageScanServiceClient @@ -57,28 +61,9 @@ func dial(endpoint string) (*client, error) { } // GetImageAnalysis retrieves the image analysis results for the given image. -// The steps are as follows: -// 1. Retrieve image metadata. -// 2. Request image analysis from Scanner, directly. -// 3. Return image analysis results. -func (c *client) GetImageAnalysis(ctx context.Context, ci *storage.ContainerImage) (*imageData, error) { - reg, err := registry.Singleton().GetRegistryForImage(ci.GetName()) - if err != nil { - return nil, errors.Wrap(err, "determining image registry") - } - - name := ci.GetName().GetFullName() +func (c *client) GetImageAnalysis(ctx context.Context, image *storage.Image, cfg *types.Config) (*scannerV1.GetImageComponentsResponse, error) { + name := image.GetName().GetFullName() - image := types.ToImage(ci) - metadata, err := reg.Metadata(image) - if err != nil { - log.Debugf("Failed to get metadata for image %s: %v", name, err) - return nil, errors.Wrap(err, "getting image metadata") - } - - log.Debugf("Retrieved metadata for image %s: %v", name, metadata) - - cfg := reg.Config() resp, err := c.client.GetImageComponents(ctx, &scannerV1.GetImageComponentsRequest{ Image: utils.GetFullyQualifiedFullName(image), Registry: &scannerV1.RegistryData{ @@ -95,10 +80,7 @@ func (c *client) GetImageAnalysis(ctx context.Context, ci *storage.ContainerImag log.Debugf("Received image components from local Scanner for image %s", name) - return &imageData{ - Metadata: metadata, - GetImageComponentsResponse: resp, - }, nil + return resp, nil } func (c *client) Close() error { diff --git a/sensor/common/scannerclient/scan.go b/sensor/common/scannerclient/scan.go deleted file mode 100644 index 4813b89c4538b..0000000000000 --- a/sensor/common/scannerclient/scan.go +++ /dev/null @@ -1,49 +0,0 @@ -package scannerclient - -import ( - "context" - - "github.com/pkg/errors" - v1 "github.com/stackrox/rox/generated/api/v1" - "github.com/stackrox/rox/generated/storage" - "github.com/stackrox/rox/pkg/logging" - scannerV1 "github.com/stackrox/scanner/generated/scanner/api/v1" -) - -var ( - // ErrNoLocalScanner indicates there is no Secured Cluster local Scanner connection. - // This happens if it's not desired or if there is a connection error. - ErrNoLocalScanner = errors.New("No local Scanner connection") - - log = logging.LoggerForModule() -) - -// ScanImage runs the pipeline required to scan an image with a local Scanner. -// TODO(ROX-9281): add retries for rate-limiting. -func ScanImage(ctx context.Context, centralClient v1.ImageServiceClient, image *storage.ContainerImage) (*storage.Image, error) { - scannerClient := GRPCClientSingleton() - if scannerClient == nil { - return nil, ErrNoLocalScanner - } - - imgData, err := scannerClient.GetImageAnalysis(ctx, image) - if err != nil { - return nil, errors.Wrapf(err, "scanning image %s", image.GetName().GetFullName()) - } - if imgData.GetStatus() != scannerV1.ScanStatus_SUCCEEDED { - return nil, errors.Wrapf(err, "scan failed for image %s", image.GetName().GetFullName()) - } - - centralResp, err := centralClient.GetImageVulnerabilitiesInternal(ctx, &v1.GetImageVulnerabilitiesInternalRequest{ - ImageId: image.GetId(), - ImageName: image.GetName(), - Metadata: imgData.Metadata, - Components: imgData.GetComponents(), - Notes: imgData.GetNotes(), - }) - if err != nil { - return nil, errors.Wrapf(err, "retrieving image vulnerabilities for %s", image.GetName().GetFullName()) - } - - return centralResp.GetImage(), nil -} diff --git a/sensor/common/scannerclient/types.go b/sensor/common/scannerclient/types.go deleted file mode 100644 index f11d8b17cd952..0000000000000 --- a/sensor/common/scannerclient/types.go +++ /dev/null @@ -1,11 +0,0 @@ -package scannerclient - -import ( - "github.com/stackrox/rox/generated/storage" - scannerV1 "github.com/stackrox/scanner/generated/scanner/api/v1" -) - -type imageData struct { - Metadata *storage.ImageMetadata - *scannerV1.GetImageComponentsResponse -} From 64b1a40900854e4d02bb431369a600e895dadfd7 Mon Sep 17 00:00:00 2001 From: RTann Date: Tue, 22 Feb 2022 15:20:48 -0800 Subject: [PATCH 101/103] style --- sensor/common/scan/scan.go | 7 ++++--- sensor/common/scannerclient/grpc_client.go | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/sensor/common/scan/scan.go b/sensor/common/scan/scan.go index 4a0e3c1e9f9cb..1b0f31173c140 100644 --- a/sensor/common/scan/scan.go +++ b/sensor/common/scan/scan.go @@ -23,6 +23,7 @@ var ( // ScanImage runs the pipeline required to scan an image with a local Scanner. // TODO(ROX-9281): add retries for rate-limiting. +//nolint:revive func ScanImage(ctx context.Context, centralClient v1.ImageServiceClient, ci *storage.ContainerImage) (*storage.Image, error) { // 1. Check if Central already knows about this image. // If Central already knows about it, then return its results. @@ -64,10 +65,10 @@ func ScanImage(ctx context.Context, centralClient v1.ImageServiceClient, ci *sto // 5. Get the image analysis from the local Scanner. scanResp, err := scannerClient.GetImageAnalysis(ctx, image, reg.Config()) if err != nil { - return nil, errors.Wrapf(err, "scanning image %s", image.GetName().GetFullName()) + return nil, errors.Wrapf(err, "scanning image %s", name) } if scanResp.GetStatus() != scannerV1.ScanStatus_SUCCEEDED { - return nil, errors.Wrapf(err, "scan failed for image %s", image.GetName().GetFullName()) + return nil, errors.Wrapf(err, "scan failed for image %s", name) } // 6. Get the image's vulnerabilities from Central. @@ -79,7 +80,7 @@ func ScanImage(ctx context.Context, centralClient v1.ImageServiceClient, ci *sto Notes: scanResp.GetNotes(), }) if err != nil { - return nil, errors.Wrapf(err, "retrieving image vulnerabilities for %s", image.GetName().GetFullName()) + return nil, errors.Wrapf(err, "retrieving image vulnerabilities for %s", name) } // 7. Return the completely scanned image. diff --git a/sensor/common/scannerclient/grpc_client.go b/sensor/common/scannerclient/grpc_client.go index f2466f8f94b54..127d2ae4c7592 100644 --- a/sensor/common/scannerclient/grpc_client.go +++ b/sensor/common/scannerclient/grpc_client.go @@ -49,7 +49,7 @@ func dial(endpoint string) (*client, error) { // then add the grpc.WithBlock() DialOption. conn, err := grpc.Dial(endpoint, grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig))) if err != nil { - return nil, errors.Wrap(err, "failed to connect to Scanner") + return nil, errors.Wrap(err, "failed to dial Scanner") } log.Infof("Dialing Scanner at %s", endpoint) From 1c91514c08933fa1edcc8b363a0109847283e116 Mon Sep 17 00:00:00 2001 From: RTann Date: Wed, 23 Feb 2022 11:45:37 -0800 Subject: [PATCH 102/103] add protos to qa tests --- qa-tests-backend/scripts/migrate_protos.sh | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/qa-tests-backend/scripts/migrate_protos.sh b/qa-tests-backend/scripts/migrate_protos.sh index 50727277b1a55..c4a79427cc630 100755 --- a/qa-tests-backend/scripts/migrate_protos.sh +++ b/qa-tests-backend/scripts/migrate_protos.sh @@ -2,6 +2,8 @@ JAVA_PATH=src/main/proto/ +# Migrate protos from the stackrox repo. + for file in $(find ../proto/*); do if [[ -d $file ]]; then dir=${file#"../proto/"} @@ -16,3 +18,21 @@ for file in $(find ../proto/* -name '*.proto'); do sed -e 's/\[[^][]*\]//g' "$file" | sed -e 's/\[[^][]*\]//g' | sed '/gogo/d' > "${JAVA_PATH}${java_file}" fi done + +# Migrate v1 API protos from the Scanner repo + +SCANNER_DIR=$(go list -f '{{.Dir}}' -m github.com/stackrox/scanner) +SCANNER_PROTO_BASE_PATH=$SCANNER_DIR/proto + +mkdir -p "${JAVA_PATH}scanner/api/v1" +echo "${JAVA_PATH}scanner/api/v1" + +for file in $(find "$SCANNER_PROTO_BASE_PATH" -name '*.proto'); do + if [[ -f $file ]]; then + # Get relative path. Should be along the lines of scanner/api/v1/*.proto + rel_file=${file/"$SCANNER_PROTO_BASE_PATH"/""} + rel_file="${rel_file:1}" + sed -e 's/\[[^][]*\]//g' "$file" | sed -e 's/\[[^][]*\]//g' | sed '/gogo/d' > "${JAVA_PATH}${rel_file}" + fi +done + From 8b09e03ef5fb3f6034ad624f1ad5283104228411 Mon Sep 17 00:00:00 2001 From: RTann Date: Wed, 23 Feb 2022 16:06:06 -0800 Subject: [PATCH 103/103] restore go mod cache --- .circleci/config.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index 006b6954b5e4c..0628653ad16b2 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1376,6 +1376,8 @@ commands: - attach_workspace: at: /go/src/github.com/stackrox/rox + - *restoreGoModCache + - *setupRoxctl - setup-gcp - setup-dep-env: