From ea5b5a5b12176b1adc0caccf40c1800f9beb7e3f Mon Sep 17 00:00:00 2001 From: usamaB Date: Thu, 10 Feb 2022 18:12:03 +0100 Subject: [PATCH] feat (kafa-es): Implements SCRAM functionality and enables SCRAM-SHA512/256 SASL * add InsecureSkipVerify property Signed-off-by: Usama Kaleem --- USERS.md | 1 + api/jsonschema/schema.json | 4 + api/openapi-spec/swagger.json | 4 + common/util.go | 10 +- common/util_test.go | 48 ++--- eventsources/sources/kafka/scram_client.go | 37 ++++ eventsources/sources/kafka/start.go | 5 + go.mod | 3 + go.sum | 3 + pkg/apis/common/common.go | 3 + pkg/apis/common/generated.pb.go | 199 ++++++++++++--------- pkg/apis/common/generated.proto | 4 + pkg/apis/common/openapi_generated.go | 7 + pkg/apis/common/validate.go | 5 + pkg/apis/common/validate_test.go | 52 +++--- pkg/apis/eventsource/v1alpha1/types.go | 1 - 16 files changed, 258 insertions(+), 128 deletions(-) create mode 100644 eventsources/sources/kafka/scram_client.go diff --git a/USERS.md b/USERS.md index 2b949381c4..20d51118db 100644 --- a/USERS.md +++ b/USERS.md @@ -21,6 +21,7 @@ Organizations below are **officially** using Argo Events. Please send a PR with 1. [Helio](https://helio.exchange) 1. [InsideBoard](https://www.insideboard.com) 1. [Intuit](https://www.intuit.com/) +1. [Mobimeo GmbH](https://mobimeo.com/en/home/) 1. [OneCause](https://www.onecause.com/) 1. [Produvar](https://www.produvar.com/) 1. [ProPoint Solutions](https://supersalon.com) diff --git a/api/jsonschema/schema.json b/api/jsonschema/schema.json index 1f9a607280..63ed39aa9b 100644 --- a/api/jsonschema/schema.json +++ b/api/jsonschema/schema.json @@ -238,6 +238,10 @@ "clientKeySecret": { "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", "description": "ClientKeySecret refers to the secret that contains the client key" + }, + "insecureSkipVerify": { + "description": "If true, skips creation of TLSConfig with certs and creates an empty TLSConfig. (Defaults to false)", + "type": "boolean" } }, "type": "object" diff --git a/api/openapi-spec/swagger.json b/api/openapi-spec/swagger.json index 30369f9828..62f9764cb3 100644 --- a/api/openapi-spec/swagger.json +++ b/api/openapi-spec/swagger.json @@ -240,6 +240,10 @@ "clientKeySecret": { "description": "ClientKeySecret refers to the secret that contains the client key", "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector" + }, + "insecureSkipVerify": { + "description": "If true, skips creation of TLSConfig with certs and creates an empty TLSConfig. (Defaults to false)", + "type": "boolean" } } }, diff --git a/common/util.go b/common/util.go index 3e7cb0cf13..45f8bf07a2 100644 --- a/common/util.go +++ b/common/util.go @@ -210,12 +210,20 @@ func GenerateEnvFromConfigMapSpec(selector *v1.ConfigMapKeySelector) v1.EnvFromS } } -// GetTLSConfig returns a tls configuration for given cert and key. +// GetTLSConfig returns a tls configuration for given cert and key or skips the certs if InsecureSkipVerify is true. func GetTLSConfig(config *apicommon.TLSConfig) (*tls.Config, error) { if config == nil { return nil, errors.New("TLSConfig is nil") } + if config.InsecureSkipVerify { + tlsConfig := &tls.Config{ + InsecureSkipVerify: true, + ClientAuth: 0, + } + return tlsConfig, nil + } + var caCertPath, clientCertPath, clientKeyPath string var err error if config.CACertSecret != nil { diff --git a/common/util_test.go b/common/util_test.go index e16e845093..e9cb9b8a13 100644 --- a/common/util_test.go +++ b/common/util_test.go @@ -174,27 +174,33 @@ func TestVolumesFromSecretsOrConfigMaps(t *testing.T) { }) } -func fakeTLSConfig(t *testing.T) *apicommon.TLSConfig { +func fakeTLSConfig(t *testing.T, insecureSkipVerify bool) *apicommon.TLSConfig { t.Helper() - return &apicommon.TLSConfig{ - CACertSecret: &corev1.SecretKeySelector{ - Key: "fake-key1", - LocalObjectReference: corev1.LocalObjectReference{ - Name: "fake-name1", + if insecureSkipVerify == true { + return &apicommon.TLSConfig{ + InsecureSkipVerify: true, + } + } else { + return &apicommon.TLSConfig{ + CACertSecret: &corev1.SecretKeySelector{ + Key: "fake-key1", + LocalObjectReference: corev1.LocalObjectReference{ + Name: "fake-name1", + }, }, - }, - ClientCertSecret: &corev1.SecretKeySelector{ - Key: "fake-key2", - LocalObjectReference: corev1.LocalObjectReference{ - Name: "fake-name2", + ClientCertSecret: &corev1.SecretKeySelector{ + Key: "fake-key2", + LocalObjectReference: corev1.LocalObjectReference{ + Name: "fake-name2", + }, }, - }, - ClientKeySecret: &corev1.SecretKeySelector{ - Key: "fake-key3", - LocalObjectReference: corev1.LocalObjectReference{ - Name: "fake-name3", + ClientKeySecret: &corev1.SecretKeySelector{ + Key: "fake-key3", + LocalObjectReference: corev1.LocalObjectReference{ + Name: "fake-name3", + }, }, - }, + } } } @@ -207,7 +213,7 @@ func TestGetTLSConfig(t *testing.T) { }) t.Run("test clientKeySecret is set, clientCertSecret is empty", func(t *testing.T) { - c := fakeTLSConfig(t) + c := fakeTLSConfig(t, false) c.CACertSecret = nil c.ClientCertSecret = nil _, err := GetTLSConfig(c) @@ -216,7 +222,7 @@ func TestGetTLSConfig(t *testing.T) { }) t.Run("test only caCertSecret is set", func(t *testing.T) { - c := fakeTLSConfig(t) + c := fakeTLSConfig(t, false) c.ClientCertSecret = nil c.ClientKeySecret = nil _, err := GetTLSConfig(c) @@ -225,7 +231,7 @@ func TestGetTLSConfig(t *testing.T) { }) t.Run("test clientCertSecret and clientKeySecret are set", func(t *testing.T) { - c := fakeTLSConfig(t) + c := fakeTLSConfig(t, false) c.CACertSecret = nil _, err := GetTLSConfig(c) assert.NotNil(t, err) @@ -233,7 +239,7 @@ func TestGetTLSConfig(t *testing.T) { }) t.Run("test all of 3 are set", func(t *testing.T) { - c := fakeTLSConfig(t) + c := fakeTLSConfig(t, false) _, err := GetTLSConfig(c) assert.NotNil(t, err) assert.True(t, strings.Contains(err.Error(), "failed to read ca cert file")) diff --git a/eventsources/sources/kafka/scram_client.go b/eventsources/sources/kafka/scram_client.go new file mode 100644 index 0000000000..1657458b91 --- /dev/null +++ b/eventsources/sources/kafka/scram_client.go @@ -0,0 +1,37 @@ +package kafka + +import ( + "crypto/sha256" + "crypto/sha512" + + "github.com/xdg-go/scram" +) + +var ( + SHA256 scram.HashGeneratorFcn = sha256.New + SHA512 scram.HashGeneratorFcn = sha512.New +) + +type XDGSCRAMClient struct { + *scram.Client + *scram.ClientConversation + scram.HashGeneratorFcn +} + +func (x *XDGSCRAMClient) Begin(userName, password, authzID string) (err error) { + x.Client, err = x.HashGeneratorFcn.NewClient(userName, password, authzID) + if err != nil { + return err + } + x.ClientConversation = x.Client.NewConversation() + return nil +} + +func (x *XDGSCRAMClient) Step(challenge string) (response string, err error) { + response, err = x.ClientConversation.Step(challenge) + return +} + +func (x *XDGSCRAMClient) Done() bool { + return x.ClientConversation.Done() +} diff --git a/eventsources/sources/kafka/start.go b/eventsources/sources/kafka/start.go index 486921a3ce..4469a6d8b6 100644 --- a/eventsources/sources/kafka/start.go +++ b/eventsources/sources/kafka/start.go @@ -279,6 +279,11 @@ func getSaramaConfig(kafkaEventSource *v1alpha1.KafkaEventSource, log *zap.Sugar config.Net.SASL.Enable = true config.Net.SASL.Mechanism = sarama.SASLMechanism(kafkaEventSource.SASL.GetMechanism()) + if config.Net.SASL.Mechanism == "SCRAM-SHA-512" { + config.Net.SASL.SCRAMClientGeneratorFunc = func() sarama.SCRAMClient { return &XDGSCRAMClient{HashGeneratorFcn: SHA512} } + } else if config.Net.SASL.Mechanism == "SCRAM-SHA-256" { + config.Net.SASL.SCRAMClientGeneratorFunc = func() sarama.SCRAMClient { return &XDGSCRAMClient{HashGeneratorFcn: SHA256} } + } user, err := common.GetSecretFromVolume(kafkaEventSource.SASL.UserSecret) if err != nil { diff --git a/go.mod b/go.mod index b4edb99df7..288ebc8521 100644 --- a/go.mod +++ b/go.mod @@ -91,6 +91,8 @@ require ( github.com/felixge/httpsnoop v1.0.2 // indirect github.com/oklog/ulid v1.3.1 // indirect github.com/oliveagle/jsonpath v0.0.0-20180606110733-2e52cf6e6852 // indirect + github.com/xdg-go/pbkdf2 v1.0.0 // indirect + github.com/xdg-go/stringprep v1.0.2 // indirect ) require ( @@ -237,6 +239,7 @@ require ( github.com/valyala/fasthttp v1.9.0 // indirect github.com/valyala/gozstd v1.7.0 // indirect github.com/xanzy/ssh-agent v0.3.0 // indirect + github.com/xdg-go/scram v1.1.0 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xeipuuv/gojsonschema v1.1.0 // indirect diff --git a/go.sum b/go.sum index 202ab5d1eb..980ba60a96 100644 --- a/go.sum +++ b/go.sum @@ -1183,9 +1183,12 @@ github.com/xanzy/go-gitlab v0.54.4 h1:3CFEdQ9O+bFx3BsyuOK0gqgLPwnT2rwnPOjudV07wT github.com/xanzy/go-gitlab v0.54.4/go.mod h1:F0QEXwmqiBUxCgJm8fE9S+1veX4XC9Z4cfaAbqwk4YM= github.com/xanzy/ssh-agent v0.3.0 h1:wUMzuKtKilRgBAD1sUb8gOwwRr2FGoBVumcjoOACClI= github.com/xanzy/ssh-agent v0.3.0/go.mod h1:3s9xbODqPuuhK9JV1R321M/FlMZSBvE5aY6eAcqrDh0= +github.com/xdg-go/pbkdf2 v1.0.0 h1:Su7DPu48wXMwC3bs7MCNG+z4FhcyEuz5dlvchbq0B0c= github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI= github.com/xdg-go/scram v1.0.2/go.mod h1:1WAq6h33pAW+iRreB34OORO2Nf7qel3VV3fjBj+hCSs= +github.com/xdg-go/scram v1.1.0 h1:d70R37I0HrDLsafRrMBXyrD4lmQbCHE873t00Vr0gm0= github.com/xdg-go/scram v1.1.0/go.mod h1:1WAq6h33pAW+iRreB34OORO2Nf7qel3VV3fjBj+hCSs= +github.com/xdg-go/stringprep v1.0.2 h1:6iq84/ryjjeRmMJwxutI51F2GIPlP5BfTvXHeYjyhBc= github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6+da4O5kxM= github.com/xdg/scram v0.0.0-20180814205039-7eeb5667e42c/go.mod h1:lB8K/P019DLNhemzwFU4jHLhdvlE6uDZjXFejJXr49I= github.com/xdg/stringprep v0.0.0-20180714160509-73f8eece6fdc/go.mod h1:Jhud4/sHMO4oL310DaZAKk9ZaJ08SJfe+sJh0HrGL1Y= diff --git a/pkg/apis/common/common.go b/pkg/apis/common/common.go index 2277d4544b..32f521b773 100644 --- a/pkg/apis/common/common.go +++ b/pkg/apis/common/common.go @@ -132,6 +132,9 @@ type TLSConfig struct { ClientCertSecret *corev1.SecretKeySelector `json:"clientCertSecret,omitempty" protobuf:"bytes,2,opt,name=clientCertSecret"` // ClientKeySecret refers to the secret that contains the client key ClientKeySecret *corev1.SecretKeySelector `json:"clientKeySecret,omitempty" protobuf:"bytes,3,opt,name=clientKeySecret"` + // If true, skips creation of TLSConfig with certs and creates an empty TLSConfig. (Defaults to false) + // +optional + InsecureSkipVerify bool `json:"insecureSkipVerify,omitempty" protobuf:"varint,4,opt,name=insecureSkipVerify"` } // SASLConfig refers to SASL configuration for a client diff --git a/pkg/apis/common/generated.pb.go b/pkg/apis/common/generated.pb.go index f0b597a585..2113eb33ac 100644 --- a/pkg/apis/common/generated.pb.go +++ b/pkg/apis/common/generated.pb.go @@ -490,90 +490,91 @@ func init() { } var fileDescriptor_02aae6165a434fa7 = []byte{ - // 1316 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x96, 0xcd, 0x6e, 0xdb, 0xc6, - 0x13, 0xc0, 0x4d, 0xc9, 0x96, 0xc5, 0xb1, 0x1d, 0xfb, 0xbf, 0xc9, 0x41, 0x10, 0x10, 0xd1, 0xe0, - 0x1f, 0x2d, 0x9c, 0x36, 0xa1, 0x90, 0x0f, 0xb4, 0x49, 0x0a, 0xa4, 0x15, 0x55, 0x07, 0x75, 0x62, - 0x37, 0xc1, 0x32, 0xc9, 0x21, 0x41, 0x51, 0xac, 0xa9, 0x15, 0xcd, 0x48, 0x24, 0x05, 0x72, 0xe5, - 0x44, 0xb7, 0xf6, 0x09, 0xda, 0x37, 0xe8, 0x13, 0xf4, 0xdc, 0x57, 0xc8, 0x31, 0xe8, 0x25, 0x39, - 0xa9, 0x35, 0xfb, 0x12, 0x45, 0x4e, 0xc5, 0x7e, 0x90, 0xa2, 0x14, 0x17, 0x2d, 0x8d, 0xde, 0xa8, - 0xd9, 0x99, 0xdf, 0xec, 0xce, 0xa7, 0xe0, 0x73, 0xcf, 0x67, 0x47, 0xe3, 0x43, 0xcb, 0x8d, 0x82, - 0x36, 0x89, 0xbd, 0x68, 0x14, 0x47, 0xcf, 0xc5, 0xc7, 0x15, 0x7a, 0x4c, 0x43, 0x96, 0xb4, 0x47, - 0x03, 0xaf, 0x4d, 0x46, 0x7e, 0xd2, 0x76, 0xa3, 0x20, 0x88, 0xc2, 0xb6, 0x47, 0x43, 0x1a, 0x13, - 0x46, 0x7b, 0xd6, 0x28, 0x8e, 0x58, 0x84, 0xda, 0x33, 0x80, 0x95, 0x01, 0xc4, 0xc7, 0xb7, 0x12, - 0x60, 0x8d, 0x06, 0x9e, 0xc5, 0x01, 0x96, 0x04, 0x34, 0xaf, 0x14, 0x3c, 0x7a, 0x91, 0x17, 0xb5, - 0x05, 0xe7, 0x70, 0xdc, 0x17, 0xbf, 0xc4, 0x0f, 0xf1, 0x25, 0xf9, 0x4d, 0x73, 0x70, 0x33, 0xb1, - 0xfc, 0x88, 0xdf, 0xa1, 0xed, 0x46, 0x31, 0x6d, 0x1f, 0x5f, 0x5d, 0xbc, 0x43, 0xf3, 0xc6, 0x4c, - 0x27, 0x20, 0xee, 0x91, 0x1f, 0xd2, 0x78, 0x32, 0xbb, 0x78, 0x40, 0x19, 0x39, 0xc5, 0xca, 0xbc, - 0x04, 0xb5, 0x4e, 0x10, 0x8d, 0x43, 0x86, 0x0c, 0x58, 0x39, 0x26, 0xc3, 0x31, 0x6d, 0x68, 0xdb, - 0xda, 0xce, 0xba, 0xad, 0xa7, 0x53, 0x63, 0xe5, 0x09, 0x17, 0x60, 0x29, 0x37, 0x7f, 0xad, 0xc0, - 0xaa, 0x4d, 0xdc, 0x41, 0xd4, 0xef, 0xa3, 0x23, 0xa8, 0xf7, 0xc6, 0x31, 0x61, 0x7e, 0x14, 0x0a, - 0xfd, 0xb5, 0x6b, 0x77, 0xac, 0x92, 0x31, 0xb0, 0xf6, 0x42, 0xf6, 0xc9, 0x8d, 0x07, 0xb1, 0xc3, - 0x62, 0x3f, 0xf4, 0xec, 0xf5, 0x74, 0x6a, 0xd4, 0xbf, 0x54, 0x4c, 0x9c, 0xd3, 0xd1, 0x33, 0xa8, - 0xf5, 0x89, 0xcb, 0xa2, 0xb8, 0x51, 0x11, 0x7e, 0x3e, 0x2d, 0xed, 0x47, 0xbe, 0xcf, 0x86, 0x74, - 0x6a, 0xd4, 0xee, 0x0a, 0x14, 0x56, 0x48, 0x0e, 0x7f, 0xee, 0x33, 0x46, 0xe3, 0x46, 0xf5, 0x3f, - 0x80, 0xdf, 0x13, 0x28, 0xac, 0x90, 0xe8, 0xff, 0xb0, 0x92, 0x30, 0x3a, 0x4a, 0x1a, 0xcb, 0xdb, - 0xda, 0xce, 0x8a, 0xbd, 0xf1, 0x6a, 0x6a, 0x2c, 0xf1, 0xa0, 0x3a, 0x5c, 0x88, 0xe5, 0x99, 0xf9, - 0xb3, 0x06, 0xba, 0x4d, 0x12, 0xdf, 0xed, 0x8c, 0xd9, 0x11, 0x7a, 0x00, 0xf5, 0x71, 0x42, 0xe3, - 0x90, 0x04, 0x54, 0x85, 0xf5, 0x03, 0x4b, 0xa6, 0x95, 0x3b, 0xb5, 0x78, 0xea, 0xad, 0xe3, 0xab, - 0x96, 0x43, 0xdd, 0x98, 0xb2, 0xfb, 0x74, 0xe2, 0xd0, 0x21, 0xe5, 0x0f, 0x91, 0xd1, 0x7b, 0xac, - 0x4c, 0x71, 0x0e, 0xe1, 0xc0, 0x11, 0x49, 0x92, 0x17, 0x51, 0xdc, 0x53, 0xf1, 0x2b, 0x03, 0x7c, - 0xa8, 0x4c, 0x71, 0x0e, 0x31, 0xdf, 0x54, 0x40, 0xef, 0x46, 0x61, 0xcf, 0x17, 0xc9, 0xb9, 0x0a, - 0xcb, 0x6c, 0x32, 0x92, 0x77, 0xd5, 0xed, 0x8b, 0xea, 0x85, 0xcb, 0x8f, 0x26, 0x23, 0xfa, 0x6e, - 0x6a, 0x6c, 0xe4, 0x8a, 0x5c, 0x80, 0x85, 0x2a, 0xda, 0x87, 0x5a, 0xc2, 0x08, 0x1b, 0x27, 0xe2, - 0x3e, 0xba, 0x7d, 0x43, 0x19, 0xd5, 0x1c, 0x21, 0x7d, 0x37, 0x35, 0x4e, 0x29, 0x76, 0x2b, 0x27, - 0x49, 0x2d, 0xac, 0x18, 0xe8, 0x18, 0xd0, 0x90, 0x24, 0xec, 0x51, 0x4c, 0xc2, 0x44, 0x7a, 0xf2, - 0x03, 0xaa, 0x92, 0xf9, 0x51, 0xe1, 0xa5, 0x79, 0x47, 0xcc, 0x12, 0xc8, 0x3b, 0x82, 0xbf, 0x9d, - 0x5b, 0xd8, 0x4d, 0x75, 0x0b, 0xb4, 0xff, 0x1e, 0x0d, 0x9f, 0xe2, 0x01, 0x7d, 0x08, 0xb5, 0x98, - 0x92, 0x24, 0x0a, 0x45, 0x72, 0x75, 0xfb, 0x5c, 0xf6, 0x0a, 0x2c, 0xa4, 0x58, 0x9d, 0xa2, 0x4b, - 0xb0, 0x1a, 0xd0, 0x24, 0x21, 0x1e, 0x6d, 0xac, 0x08, 0xc5, 0x4d, 0xa5, 0xb8, 0x7a, 0x20, 0xc5, - 0x38, 0x3b, 0x37, 0x7f, 0xd0, 0x60, 0x63, 0xae, 0x25, 0xd0, 0x4e, 0x21, 0xba, 0x55, 0xfb, 0xc2, - 0x42, 0x74, 0x97, 0x0b, 0x41, 0xbd, 0x0c, 0x75, 0x9f, 0x9b, 0x3e, 0x21, 0x43, 0x11, 0xd6, 0xaa, - 0xbd, 0xa5, 0xb4, 0xeb, 0x7b, 0x4a, 0x8e, 0x73, 0x0d, 0x7e, 0xf9, 0x84, 0xc5, 0x5c, 0xb7, 0x3a, - 0x7f, 0x79, 0x47, 0x48, 0xb1, 0x3a, 0x35, 0xff, 0xac, 0x40, 0xfd, 0x80, 0x32, 0xd2, 0x23, 0x8c, - 0xa0, 0xef, 0x35, 0x58, 0x23, 0x61, 0x18, 0x31, 0xd1, 0x96, 0x49, 0x43, 0xdb, 0xae, 0xee, 0xac, - 0x5d, 0xbb, 0x57, 0xba, 0x61, 0x32, 0xa0, 0xd5, 0x99, 0xc1, 0x76, 0x43, 0x16, 0x4f, 0xec, 0xf3, - 0xea, 0x1a, 0x6b, 0x85, 0x13, 0x5c, 0xf4, 0x89, 0x02, 0xa8, 0x0d, 0xc9, 0x21, 0x1d, 0xf2, 0xda, - 0xe1, 0xde, 0x77, 0xcf, 0xee, 0x7d, 0x5f, 0x70, 0xa4, 0xe3, 0xfc, 0xfd, 0x52, 0x88, 0x95, 0x93, - 0xe6, 0x1d, 0xd8, 0x5a, 0xbc, 0x24, 0xda, 0x82, 0xea, 0x80, 0x4e, 0x64, 0xc1, 0x63, 0xfe, 0x89, - 0x2e, 0x64, 0x73, 0x53, 0xd4, 0xb3, 0x1a, 0x96, 0xb7, 0x2b, 0x37, 0xb5, 0xe6, 0x2d, 0x58, 0x2b, - 0xb8, 0x29, 0x63, 0x6a, 0x7e, 0x0c, 0x75, 0x4c, 0x93, 0x68, 0x1c, 0xbb, 0xf4, 0x9f, 0x07, 0xf3, - 0xeb, 0x15, 0x00, 0xe7, 0x7a, 0x27, 0x66, 0x3e, 0x1f, 0x6b, 0xbc, 0x18, 0x68, 0xd8, 0x1b, 0x45, - 0x7e, 0xc8, 0x54, 0x63, 0xe6, 0xc5, 0xb0, 0xab, 0xe4, 0x38, 0xd7, 0x40, 0xdf, 0x40, 0xed, 0x70, - 0xec, 0x0e, 0x28, 0x53, 0xf3, 0xe1, 0x56, 0xe9, 0x98, 0x3a, 0xd7, 0x6d, 0x01, 0x90, 0x43, 0x50, - 0x7e, 0x63, 0x05, 0x95, 0x8d, 0xe2, 0xf1, 0x35, 0x51, 0x5d, 0x6c, 0x14, 0x2e, 0xc5, 0xea, 0x54, - 0x56, 0x70, 0x42, 0xdd, 0x71, 0x4c, 0x45, 0x4b, 0xd5, 0x8b, 0x15, 0x2c, 0xe5, 0x38, 0xd7, 0x40, - 0x18, 0x74, 0xe2, 0xba, 0x34, 0x49, 0xee, 0xd3, 0x89, 0x68, 0xac, 0x7f, 0x3d, 0xd7, 0x36, 0xd2, - 0xa9, 0xa1, 0x77, 0x32, 0x5b, 0x3c, 0xc3, 0x70, 0x66, 0x92, 0xa9, 0x37, 0x6a, 0xa5, 0x99, 0xb9, - 0x18, 0xcf, 0x30, 0xc8, 0x84, 0x9a, 0x0c, 0x5a, 0x63, 0x75, 0xbb, 0xba, 0xa3, 0xcb, 0x08, 0xed, - 0x0a, 0x09, 0x56, 0x27, 0x3c, 0x01, 0x7d, 0x7f, 0xc8, 0x77, 0x50, 0xfd, 0xcc, 0x09, 0xb8, 0x2b, - 0x00, 0x6a, 0xc5, 0x89, 0x6f, 0xac, 0xa0, 0xe8, 0x05, 0xd4, 0x03, 0x55, 0xf4, 0x0d, 0x5d, 0x74, - 0xcd, 0xde, 0x19, 0x1c, 0x64, 0xc5, 0x95, 0x37, 0x90, 0xec, 0x9c, 0x3c, 0x47, 0x99, 0x18, 0xe7, - 0xce, 0x9a, 0x9f, 0xc1, 0xc6, 0x9c, 0x72, 0xa9, 0xfa, 0xbf, 0x0f, 0xf5, 0xac, 0xac, 0xd0, 0xc5, - 0x82, 0x9d, 0xbd, 0xa6, 0x3c, 0x56, 0x79, 0xa4, 0x05, 0x64, 0x1b, 0x96, 0xc5, 0xbe, 0x94, 0xeb, - 0x64, 0x3d, 0x9b, 0x92, 0x5f, 0xf3, 0x45, 0x28, 0x4e, 0xcc, 0xa7, 0x1c, 0x26, 0xc3, 0xc2, 0xeb, - 0x71, 0x14, 0xd3, 0xbe, 0xff, 0x52, 0xf1, 0xf2, 0x7a, 0x7c, 0x28, 0xa4, 0x58, 0x9d, 0x8a, 0x19, - 0x39, 0xee, 0x73, 0xbd, 0xca, 0xc2, 0x8c, 0x14, 0x52, 0xac, 0x4e, 0xcd, 0xdf, 0x34, 0x00, 0xa7, - 0xe3, 0xec, 0x77, 0xa3, 0xb0, 0xef, 0x7b, 0xa8, 0x0d, 0x7a, 0x40, 0xdd, 0x23, 0x12, 0xfa, 0x49, - 0xa0, 0x3c, 0xfc, 0x4f, 0x59, 0xea, 0x07, 0xd9, 0x01, 0x9e, 0xe9, 0xa0, 0x3d, 0x58, 0xe6, 0xcb, - 0xba, 0xdc, 0x72, 0x3e, 0x97, 0x4e, 0x0d, 0xe0, 0xdb, 0x5e, 0x1e, 0x61, 0x81, 0x40, 0x8f, 0x0b, - 0xbb, 0xbe, 0x5a, 0x06, 0x87, 0xd2, 0xa9, 0x71, 0x2e, 0xdb, 0xf5, 0x0a, 0x39, 0xdb, 0xf8, 0x3f, - 0x69, 0xb0, 0xee, 0x88, 0xb6, 0xfb, 0x8a, 0x92, 0x1e, 0x8d, 0xf3, 0x80, 0x6b, 0x7f, 0x17, 0x70, - 0x14, 0x80, 0x2e, 0x52, 0x79, 0x37, 0x8e, 0x02, 0xf5, 0xb2, 0x2f, 0x4a, 0x17, 0xdd, 0x93, 0x8c, - 0xe0, 0x88, 0x31, 0x28, 0xbb, 0x2c, 0x17, 0xe2, 0x99, 0x07, 0xf3, 0x25, 0xa8, 0x3f, 0x0f, 0x28, - 0x04, 0x70, 0xb3, 0x7f, 0x0a, 0xd9, 0x8a, 0xba, 0x5d, 0xda, 0x73, 0xfe, 0x67, 0xc3, 0x46, 0xea, - 0x71, 0x90, 0x8b, 0x12, 0x5c, 0xf0, 0x60, 0xfe, 0x52, 0x01, 0xfd, 0xd1, 0xbe, 0xa3, 0x92, 0xff, - 0x0c, 0xd6, 0x5d, 0xd2, 0xa5, 0x31, 0x93, 0x31, 0x2c, 0xf7, 0x0f, 0x6e, 0x2b, 0x9d, 0x1a, 0xeb, - 0xdd, 0xce, 0xcc, 0x1c, 0xcf, 0xc1, 0x90, 0x07, 0x5b, 0xee, 0xd0, 0xa7, 0x21, 0x2b, 0x38, 0x28, - 0x55, 0x34, 0x17, 0xd2, 0xa9, 0xb1, 0xd5, 0x5d, 0x40, 0xe0, 0xf7, 0xa0, 0xa8, 0x07, 0x9b, 0x52, - 0x26, 0x8c, 0x85, 0x9f, 0x52, 0xd5, 0x74, 0x3e, 0x9d, 0x1a, 0x9b, 0xdd, 0x79, 0x02, 0x5e, 0x44, - 0x9a, 0x6f, 0x34, 0xd8, 0x5c, 0xc8, 0x30, 0x8f, 0x5f, 0x3e, 0x3a, 0x31, 0xed, 0x9f, 0x21, 0x7e, - 0x4e, 0xc1, 0x1c, 0xcf, 0xc1, 0x90, 0x07, 0x9b, 0xae, 0x48, 0xd3, 0x01, 0x19, 0x29, 0xbe, 0x0c, - 0xdf, 0xce, 0x69, 0xfc, 0x6e, 0x41, 0x75, 0xe1, 0x65, 0xf3, 0x10, 0xbc, 0x48, 0xb5, 0x2f, 0xbf, - 0x3a, 0x69, 0x2d, 0xbd, 0x3e, 0x69, 0x2d, 0xbd, 0x3d, 0x69, 0x2d, 0x7d, 0x97, 0xb6, 0xb4, 0x57, - 0x69, 0x4b, 0x7b, 0x9d, 0xb6, 0xb4, 0xb7, 0x69, 0x4b, 0xfb, 0x3d, 0x6d, 0x69, 0x3f, 0xfe, 0xd1, - 0x5a, 0x7a, 0x5a, 0x93, 0xb5, 0xf6, 0x57, 0x00, 0x00, 0x00, 0xff, 0xff, 0x6e, 0xc4, 0x44, 0x20, - 0x7b, 0x0e, 0x00, 0x00, + // 1340 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x96, 0xdd, 0x6e, 0x1b, 0xc5, + 0x17, 0xc0, 0xb3, 0x71, 0xe2, 0x78, 0x4f, 0x92, 0x26, 0xff, 0x69, 0x2f, 0xac, 0x48, 0xb5, 0xa3, + 0xfd, 0x0b, 0x94, 0x42, 0xbb, 0x56, 0x3f, 0x04, 0x6d, 0x91, 0x0a, 0x5e, 0x93, 0x8a, 0xb4, 0x09, + 0xad, 0x66, 0xdb, 0x5c, 0xb4, 0x42, 0x68, 0xb2, 0x1e, 0x3b, 0x5b, 0x7b, 0x3f, 0x34, 0x3b, 0x4e, + 0xeb, 0x3b, 0x10, 0x0f, 0x00, 0x6f, 0xc0, 0x13, 0xf0, 0x1e, 0xbd, 0xac, 0xb8, 0x69, 0xaf, 0x0c, + 0x5d, 0x5e, 0x02, 0xf5, 0x0a, 0xcd, 0xc7, 0xae, 0xd7, 0x6e, 0x10, 0x6c, 0xc4, 0xdd, 0xfa, 0xcc, + 0x39, 0xbf, 0x33, 0x73, 0x3e, 0x0d, 0x9f, 0xf7, 0x7d, 0x7e, 0x3c, 0x3a, 0xb2, 0xbd, 0x28, 0x68, + 0x11, 0xd6, 0x8f, 0x62, 0x16, 0x3d, 0x93, 0x1f, 0x57, 0xe8, 0x09, 0x0d, 0x79, 0xd2, 0x8a, 0x07, + 0xfd, 0x16, 0x89, 0xfd, 0xa4, 0xe5, 0x45, 0x41, 0x10, 0x85, 0xad, 0x3e, 0x0d, 0x29, 0x23, 0x9c, + 0x76, 0xed, 0x98, 0x45, 0x3c, 0x42, 0xad, 0x29, 0xc0, 0xce, 0x00, 0xf2, 0xe3, 0x5b, 0x05, 0xb0, + 0xe3, 0x41, 0xdf, 0x16, 0x00, 0x5b, 0x01, 0xb6, 0xae, 0x14, 0x3c, 0xf6, 0xa3, 0x7e, 0xd4, 0x92, + 0x9c, 0xa3, 0x51, 0x4f, 0xfe, 0x92, 0x3f, 0xe4, 0x97, 0xe2, 0x6f, 0x59, 0x83, 0x9b, 0x89, 0xed, + 0x47, 0xe2, 0x0e, 0x2d, 0x2f, 0x62, 0xb4, 0x75, 0x72, 0x75, 0xfe, 0x0e, 0x5b, 0x37, 0xa6, 0x3a, + 0x01, 0xf1, 0x8e, 0xfd, 0x90, 0xb2, 0xf1, 0xf4, 0xe2, 0x01, 0xe5, 0xe4, 0x14, 0x2b, 0xeb, 0x12, + 0x54, 0xdb, 0x41, 0x34, 0x0a, 0x39, 0x6a, 0xc2, 0xf2, 0x09, 0x19, 0x8e, 0x68, 0xdd, 0xd8, 0x36, + 0x76, 0xd6, 0x1c, 0x33, 0x9d, 0x34, 0x97, 0x0f, 0x85, 0x00, 0x2b, 0xb9, 0xf5, 0xeb, 0x22, 0xac, + 0x38, 0xc4, 0x1b, 0x44, 0xbd, 0x1e, 0x3a, 0x86, 0x5a, 0x77, 0xc4, 0x08, 0xf7, 0xa3, 0x50, 0xea, + 0xaf, 0x5e, 0xbb, 0x63, 0x97, 0x8c, 0x81, 0xbd, 0x17, 0xf2, 0x4f, 0x6e, 0x3c, 0x60, 0x2e, 0x67, + 0x7e, 0xd8, 0x77, 0xd6, 0xd2, 0x49, 0xb3, 0xf6, 0xa5, 0x66, 0xe2, 0x9c, 0x8e, 0x9e, 0x42, 0xb5, + 0x47, 0x3c, 0x1e, 0xb1, 0xfa, 0xa2, 0xf4, 0xf3, 0x69, 0x69, 0x3f, 0xea, 0x7d, 0x0e, 0xa4, 0x93, + 0x66, 0xf5, 0xae, 0x44, 0x61, 0x8d, 0x14, 0xf0, 0x67, 0x3e, 0xe7, 0x94, 0xd5, 0x2b, 0xff, 0x01, + 0xfc, 0x9e, 0x44, 0x61, 0x8d, 0x44, 0xff, 0x87, 0xe5, 0x84, 0xd3, 0x38, 0xa9, 0x2f, 0x6d, 0x1b, + 0x3b, 0xcb, 0xce, 0xfa, 0xcb, 0x49, 0x73, 0x41, 0x04, 0xd5, 0x15, 0x42, 0xac, 0xce, 0xac, 0x5f, + 0x0c, 0x30, 0x1d, 0x92, 0xf8, 0x5e, 0x7b, 0xc4, 0x8f, 0xd1, 0x03, 0xa8, 0x8d, 0x12, 0xca, 0x42, + 0x12, 0x50, 0x1d, 0xd6, 0x0f, 0x6c, 0x95, 0x56, 0xe1, 0xd4, 0x16, 0xa9, 0xb7, 0x4f, 0xae, 0xda, + 0x2e, 0xf5, 0x18, 0xe5, 0xf7, 0xe9, 0xd8, 0xa5, 0x43, 0x2a, 0x1e, 0xa2, 0xa2, 0xf7, 0x58, 0x9b, + 0xe2, 0x1c, 0x22, 0x80, 0x31, 0x49, 0x92, 0xe7, 0x11, 0xeb, 0xea, 0xf8, 0x95, 0x01, 0x3e, 0xd4, + 0xa6, 0x38, 0x87, 0x58, 0xaf, 0x17, 0xc1, 0xec, 0x44, 0x61, 0xd7, 0x97, 0xc9, 0xb9, 0x0a, 0x4b, + 0x7c, 0x1c, 0xab, 0xbb, 0x9a, 0xce, 0x45, 0xfd, 0xc2, 0xa5, 0x47, 0xe3, 0x98, 0xbe, 0x9b, 0x34, + 0xd7, 0x73, 0x45, 0x21, 0xc0, 0x52, 0x15, 0xed, 0x43, 0x35, 0xe1, 0x84, 0x8f, 0x12, 0x79, 0x1f, + 0xd3, 0xb9, 0xa1, 0x8d, 0xaa, 0xae, 0x94, 0xbe, 0x9b, 0x34, 0x4f, 0x29, 0x76, 0x3b, 0x27, 0x29, + 0x2d, 0xac, 0x19, 0xe8, 0x04, 0xd0, 0x90, 0x24, 0xfc, 0x11, 0x23, 0x61, 0xa2, 0x3c, 0xf9, 0x01, + 0xd5, 0xc9, 0xfc, 0xa8, 0xf0, 0xd2, 0xbc, 0x23, 0xa6, 0x09, 0x14, 0x1d, 0x21, 0xde, 0x2e, 0x2c, + 0x9c, 0x2d, 0x7d, 0x0b, 0xb4, 0xff, 0x1e, 0x0d, 0x9f, 0xe2, 0x01, 0x7d, 0x08, 0x55, 0x46, 0x49, + 0x12, 0x85, 0x32, 0xb9, 0xa6, 0x73, 0x2e, 0x7b, 0x05, 0x96, 0x52, 0xac, 0x4f, 0xd1, 0x25, 0x58, + 0x09, 0x68, 0x92, 0x90, 0x3e, 0xad, 0x2f, 0x4b, 0xc5, 0x0d, 0xad, 0xb8, 0x72, 0xa0, 0xc4, 0x38, + 0x3b, 0xb7, 0x7e, 0x34, 0x60, 0x7d, 0xa6, 0x25, 0xd0, 0x4e, 0x21, 0xba, 0x15, 0xe7, 0xc2, 0x5c, + 0x74, 0x97, 0x0a, 0x41, 0xbd, 0x0c, 0x35, 0x5f, 0x98, 0x1e, 0x92, 0xa1, 0x0c, 0x6b, 0xc5, 0xd9, + 0xd4, 0xda, 0xb5, 0x3d, 0x2d, 0xc7, 0xb9, 0x86, 0xb8, 0x7c, 0xc2, 0x99, 0xd0, 0xad, 0xcc, 0x5e, + 0xde, 0x95, 0x52, 0xac, 0x4f, 0xad, 0x3f, 0x17, 0xa1, 0x76, 0x40, 0x39, 0xe9, 0x12, 0x4e, 0xd0, + 0xf7, 0x06, 0xac, 0x92, 0x30, 0x8c, 0xb8, 0x6c, 0xcb, 0xa4, 0x6e, 0x6c, 0x57, 0x76, 0x56, 0xaf, + 0xdd, 0x2b, 0xdd, 0x30, 0x19, 0xd0, 0x6e, 0x4f, 0x61, 0xbb, 0x21, 0x67, 0x63, 0xe7, 0xbc, 0xbe, + 0xc6, 0x6a, 0xe1, 0x04, 0x17, 0x7d, 0xa2, 0x00, 0xaa, 0x43, 0x72, 0x44, 0x87, 0xa2, 0x76, 0x84, + 0xf7, 0xdd, 0xb3, 0x7b, 0xdf, 0x97, 0x1c, 0xe5, 0x38, 0x7f, 0xbf, 0x12, 0x62, 0xed, 0x64, 0xeb, + 0x0e, 0x6c, 0xce, 0x5f, 0x12, 0x6d, 0x42, 0x65, 0x40, 0xc7, 0xaa, 0xe0, 0xb1, 0xf8, 0x44, 0x17, + 0xb2, 0xb9, 0x29, 0xeb, 0x59, 0x0f, 0xcb, 0xdb, 0x8b, 0x37, 0x8d, 0xad, 0x5b, 0xb0, 0x5a, 0x70, + 0x53, 0xc6, 0xd4, 0xfa, 0x18, 0x6a, 0x98, 0x26, 0xd1, 0x88, 0x79, 0xf4, 0x9f, 0x07, 0xf3, 0xab, + 0x65, 0x00, 0xf7, 0x7a, 0x9b, 0x71, 0x5f, 0x8c, 0x35, 0x51, 0x0c, 0x34, 0xec, 0xc6, 0x91, 0x1f, + 0x72, 0xdd, 0x98, 0x79, 0x31, 0xec, 0x6a, 0x39, 0xce, 0x35, 0xd0, 0x37, 0x50, 0x3d, 0x1a, 0x79, + 0x03, 0xca, 0xf5, 0x7c, 0xb8, 0x55, 0x3a, 0xa6, 0xee, 0x75, 0x47, 0x02, 0xd4, 0x10, 0x54, 0xdf, + 0x58, 0x43, 0x55, 0xa3, 0xf4, 0xc5, 0x9a, 0xa8, 0xcc, 0x37, 0x8a, 0x90, 0x62, 0x7d, 0xaa, 0x2a, + 0x38, 0xa1, 0xde, 0x88, 0x51, 0xd9, 0x52, 0xb5, 0x62, 0x05, 0x2b, 0x39, 0xce, 0x35, 0x10, 0x06, + 0x93, 0x78, 0x1e, 0x4d, 0x92, 0xfb, 0x74, 0x2c, 0x1b, 0xeb, 0x5f, 0xcf, 0xb5, 0xf5, 0x74, 0xd2, + 0x34, 0xdb, 0x99, 0x2d, 0x9e, 0x62, 0x04, 0x33, 0xc9, 0xd4, 0xeb, 0xd5, 0xd2, 0xcc, 0x5c, 0x8c, + 0xa7, 0x18, 0x64, 0x41, 0x55, 0x05, 0xad, 0xbe, 0xb2, 0x5d, 0xd9, 0x31, 0x55, 0x84, 0x76, 0xa5, + 0x04, 0xeb, 0x13, 0x91, 0x80, 0x9e, 0x3f, 0x14, 0x3b, 0xa8, 0x76, 0xe6, 0x04, 0xdc, 0x95, 0x00, + 0xbd, 0xe2, 0xe4, 0x37, 0xd6, 0x50, 0xf4, 0x1c, 0x6a, 0x81, 0x2e, 0xfa, 0xba, 0x29, 0xbb, 0x66, + 0xef, 0x0c, 0x0e, 0xb2, 0xe2, 0xca, 0x1b, 0x48, 0x75, 0x4e, 0x9e, 0xa3, 0x4c, 0x8c, 0x73, 0x67, + 0x5b, 0x9f, 0xc1, 0xfa, 0x8c, 0x72, 0xa9, 0xfa, 0xbf, 0x0f, 0xb5, 0xac, 0xac, 0xd0, 0xc5, 0x82, + 0x9d, 0xb3, 0xaa, 0x3d, 0x56, 0x44, 0xa4, 0x25, 0x64, 0x1b, 0x96, 0xe4, 0xbe, 0x54, 0xeb, 0x64, + 0x2d, 0x9b, 0x92, 0x5f, 0x8b, 0x45, 0x28, 0x4f, 0xac, 0x27, 0x02, 0xa6, 0xc2, 0x22, 0xea, 0x31, + 0x66, 0xb4, 0xe7, 0xbf, 0xd0, 0xbc, 0xbc, 0x1e, 0x1f, 0x4a, 0x29, 0xd6, 0xa7, 0x72, 0x46, 0x8e, + 0x7a, 0x42, 0x6f, 0x71, 0x6e, 0x46, 0x4a, 0x29, 0xd6, 0xa7, 0xd6, 0x6f, 0x06, 0x80, 0xdb, 0x76, + 0xf7, 0x3b, 0x51, 0xd8, 0xf3, 0xfb, 0xa8, 0x05, 0x66, 0x40, 0xbd, 0x63, 0x12, 0xfa, 0x49, 0xa0, + 0x3d, 0xfc, 0x4f, 0x5b, 0x9a, 0x07, 0xd9, 0x01, 0x9e, 0xea, 0xa0, 0x3d, 0x58, 0x12, 0xcb, 0xba, + 0xdc, 0x72, 0x3e, 0x97, 0x4e, 0x9a, 0x20, 0xb6, 0xbd, 0x3a, 0xc2, 0x12, 0x81, 0x1e, 0x17, 0x76, + 0x7d, 0xa5, 0x0c, 0x0e, 0xa5, 0x93, 0xe6, 0xb9, 0x6c, 0xd7, 0x6b, 0xe4, 0x74, 0xe3, 0xff, 0x6c, + 0xc0, 0x9a, 0x2b, 0xdb, 0xee, 0x2b, 0x4a, 0xba, 0x94, 0xe5, 0x01, 0x37, 0xfe, 0x2e, 0xe0, 0x28, + 0x00, 0x53, 0xa6, 0xf2, 0x2e, 0x8b, 0x02, 0xfd, 0xb2, 0x2f, 0x4a, 0x17, 0xdd, 0x61, 0x46, 0x70, + 0xe5, 0x18, 0x54, 0x5d, 0x96, 0x0b, 0xf1, 0xd4, 0x83, 0xf5, 0x02, 0xf4, 0x9f, 0x07, 0x14, 0x02, + 0x78, 0xd9, 0x3f, 0x85, 0x6c, 0x45, 0xdd, 0x2e, 0xed, 0x39, 0xff, 0xb3, 0xe1, 0x20, 0xfd, 0x38, + 0xc8, 0x45, 0x09, 0x2e, 0x78, 0xb0, 0x7e, 0xa8, 0x80, 0xf9, 0x68, 0xdf, 0xd5, 0xc9, 0x7f, 0x0a, + 0x6b, 0x1e, 0xe9, 0x50, 0xc6, 0x55, 0x0c, 0xcb, 0xfd, 0x83, 0xdb, 0x4c, 0x27, 0xcd, 0xb5, 0x4e, + 0x7b, 0x6a, 0x8e, 0x67, 0x60, 0xa8, 0x0f, 0x9b, 0xde, 0xd0, 0xa7, 0x21, 0x2f, 0x38, 0x28, 0x55, + 0x34, 0x17, 0xd2, 0x49, 0x73, 0xb3, 0x33, 0x87, 0xc0, 0xef, 0x41, 0x51, 0x17, 0x36, 0x94, 0x4c, + 0x1a, 0x4b, 0x3f, 0xa5, 0xaa, 0xe9, 0x7c, 0x3a, 0x69, 0x6e, 0x74, 0x66, 0x09, 0x78, 0x1e, 0x89, + 0xee, 0x01, 0xca, 0xa6, 0xb9, 0x3b, 0xf0, 0xe3, 0x43, 0xca, 0xfc, 0xde, 0x58, 0x4f, 0xfe, 0xfc, + 0xcf, 0xd8, 0xde, 0x7b, 0x1a, 0xf8, 0x14, 0x2b, 0xeb, 0xb5, 0x01, 0x1b, 0x73, 0xd5, 0x22, 0x72, + 0x91, 0x8f, 0x61, 0x4c, 0x7b, 0x67, 0xc8, 0x85, 0x5b, 0x30, 0xc7, 0x33, 0x30, 0xd4, 0x87, 0x0d, + 0x4f, 0xa6, 0xfc, 0x80, 0xc4, 0x9a, 0xaf, 0x52, 0xb1, 0x73, 0x1a, 0xbf, 0x53, 0x50, 0x9d, 0x8b, + 0xd2, 0x2c, 0x04, 0xcf, 0x53, 0x9d, 0xcb, 0x2f, 0xdf, 0x36, 0x16, 0x5e, 0xbd, 0x6d, 0x2c, 0xbc, + 0x79, 0xdb, 0x58, 0xf8, 0x2e, 0x6d, 0x18, 0x2f, 0xd3, 0x86, 0xf1, 0x2a, 0x6d, 0x18, 0x6f, 0xd2, + 0x86, 0xf1, 0x7b, 0xda, 0x30, 0x7e, 0xfa, 0xa3, 0xb1, 0xf0, 0xa4, 0xaa, 0xea, 0xf6, 0xaf, 0x00, + 0x00, 0x00, 0xff, 0xff, 0xba, 0x27, 0x54, 0x26, 0xc7, 0x0e, 0x00, 0x00, } func (m *Amount) Marshal() (dAtA []byte, err error) { @@ -1240,6 +1241,14 @@ func (m *TLSConfig) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + i-- + if m.InsecureSkipVerify { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x20 if m.ClientKeySecret != nil { { size, err := m.ClientKeySecret.MarshalToSizedBuffer(dAtA[:i]) @@ -1596,6 +1605,7 @@ func (m *TLSConfig) Size() (n int) { l = m.ClientKeySecret.Size() n += 1 + l + sovGenerated(uint64(l)) } + n += 2 return n } @@ -1819,6 +1829,7 @@ func (this *TLSConfig) String() string { `CACertSecret:` + strings.Replace(fmt.Sprintf("%v", this.CACertSecret), "SecretKeySelector", "v1.SecretKeySelector", 1) + `,`, `ClientCertSecret:` + strings.Replace(fmt.Sprintf("%v", this.ClientCertSecret), "SecretKeySelector", "v1.SecretKeySelector", 1) + `,`, `ClientKeySecret:` + strings.Replace(fmt.Sprintf("%v", this.ClientKeySecret), "SecretKeySelector", "v1.SecretKeySelector", 1) + `,`, + `InsecureSkipVerify:` + fmt.Sprintf("%v", this.InsecureSkipVerify) + `,`, `}`, }, "") return s @@ -4102,6 +4113,26 @@ func (m *TLSConfig) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 4: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field InsecureSkipVerify", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.InsecureSkipVerify = bool(v != 0) default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) diff --git a/pkg/apis/common/generated.proto b/pkg/apis/common/generated.proto index 9fd844f631..74df4b48de 100644 --- a/pkg/apis/common/generated.proto +++ b/pkg/apis/common/generated.proto @@ -180,6 +180,10 @@ message TLSConfig { // ClientKeySecret refers to the secret that contains the client key optional k8s.io.api.core.v1.SecretKeySelector clientKeySecret = 3; + + // If true, skips creation of TLSConfig with certs and creates an empty TLSConfig. (Defaults to false) + // +optional + optional bool insecureSkipVerify = 4; } // ValueFromSource allows you to reference keys from either a Configmap or Secret diff --git a/pkg/apis/common/openapi_generated.go b/pkg/apis/common/openapi_generated.go index 87cbaffd3d..8b4f885a43 100644 --- a/pkg/apis/common/openapi_generated.go +++ b/pkg/apis/common/openapi_generated.go @@ -506,6 +506,13 @@ func schema_argo_events_pkg_apis_common_TLSConfig(ref common.ReferenceCallback) Ref: ref("k8s.io/api/core/v1.SecretKeySelector"), }, }, + "insecureSkipVerify": { + SchemaProps: spec.SchemaProps{ + Description: "If true, skips creation of TLSConfig with certs and creates an empty TLSConfig. (Defaults to false)", + Type: []string{"boolean"}, + Format: "", + }, + }, }, }, }, diff --git a/pkg/apis/common/validate.go b/pkg/apis/common/validate.go index 69c43e0cd0..106af5dffc 100644 --- a/pkg/apis/common/validate.go +++ b/pkg/apis/common/validate.go @@ -9,6 +9,11 @@ func ValidateTLSConfig(tlsConfig *TLSConfig) error { if tlsConfig == nil { return nil } + + if tlsConfig.InsecureSkipVerify { + return nil + } + var caCertSet, clientCertSet, clientKeySet bool if tlsConfig.CACertSecret != nil { diff --git a/pkg/apis/common/validate_test.go b/pkg/apis/common/validate_test.go index cf00f53e39..7146cbefab 100644 --- a/pkg/apis/common/validate_test.go +++ b/pkg/apis/common/validate_test.go @@ -8,27 +8,31 @@ import ( corev1 "k8s.io/api/core/v1" ) -func fakeTLSConfig(t *testing.T) *TLSConfig { +func fakeTLSConfig(t *testing.T, insecureSkipVerify bool) *TLSConfig { t.Helper() - return &TLSConfig{ - CACertSecret: &corev1.SecretKeySelector{ - Key: "fake-key1", - LocalObjectReference: corev1.LocalObjectReference{ - Name: "fake-name1", + if insecureSkipVerify == true { + return &TLSConfig{InsecureSkipVerify: true} + } else { + return &TLSConfig{ + CACertSecret: &corev1.SecretKeySelector{ + Key: "fake-key1", + LocalObjectReference: corev1.LocalObjectReference{ + Name: "fake-name1", + }, }, - }, - ClientCertSecret: &corev1.SecretKeySelector{ - Key: "fake-key2", - LocalObjectReference: corev1.LocalObjectReference{ - Name: "fake-name2", + ClientCertSecret: &corev1.SecretKeySelector{ + Key: "fake-key2", + LocalObjectReference: corev1.LocalObjectReference{ + Name: "fake-name2", + }, }, - }, - ClientKeySecret: &corev1.SecretKeySelector{ - Key: "fake-key3", - LocalObjectReference: corev1.LocalObjectReference{ - Name: "fake-name3", + ClientKeySecret: &corev1.SecretKeySelector{ + Key: "fake-key3", + LocalObjectReference: corev1.LocalObjectReference{ + Name: "fake-name3", + }, }, - }, + } } } @@ -60,8 +64,14 @@ func TestValidateTLSConfig(t *testing.T) { assert.True(t, strings.Contains(err.Error(), "please configure either caCertSecret, or clientCertSecret and clientKeySecret, or both")) }) + t.Run("test insecureSkipVerify true", func(t *testing.T) { + c := &TLSConfig{InsecureSkipVerify: true} + err := ValidateTLSConfig(c) + assert.Nil(t, err) + }) + t.Run("test clientKeySecret is set, clientCertSecret is empty", func(t *testing.T) { - c := fakeTLSConfig(t) + c := fakeTLSConfig(t, false) c.CACertSecret = nil c.ClientCertSecret = nil err := ValidateTLSConfig(c) @@ -70,7 +80,7 @@ func TestValidateTLSConfig(t *testing.T) { }) t.Run("test only caCertSecret is set", func(t *testing.T) { - c := fakeTLSConfig(t) + c := fakeTLSConfig(t, false) c.ClientCertSecret = nil c.ClientKeySecret = nil err := ValidateTLSConfig(c) @@ -78,14 +88,14 @@ func TestValidateTLSConfig(t *testing.T) { }) t.Run("test clientCertSecret and clientKeySecret are set", func(t *testing.T) { - c := fakeTLSConfig(t) + c := fakeTLSConfig(t, false) c.CACertSecret = nil err := ValidateTLSConfig(c) assert.Nil(t, err) }) t.Run("test all of 3 are set", func(t *testing.T) { - c := fakeTLSConfig(t) + c := fakeTLSConfig(t, false) err := ValidateTLSConfig(c) assert.Nil(t, err) }) diff --git a/pkg/apis/eventsource/v1alpha1/types.go b/pkg/apis/eventsource/v1alpha1/types.go index fbde70e70d..acc516c66f 100644 --- a/pkg/apis/eventsource/v1alpha1/types.go +++ b/pkg/apis/eventsource/v1alpha1/types.go @@ -936,7 +936,6 @@ type BitbucketServerEventSource struct { // +optional Filter *EventSourceFilter `json:"filter,omitempty" protobuf:"bytes,11,opt,name=filter"` } - type BitbucketServerRepository struct { // ProjectKey is the key of project for which integration needs to setup ProjectKey string `json:"projectKey" protobuf:"bytes,1,opt,name=projectKey"`